aisecwatch.com
DashboardVulnerabilitiesNewsResearchArchiveStatsDatasetFor devs
Subscribe
aisecwatch.com

Real-time AI security monitoring. Tracking AI-related vulnerabilities, safety and security incidents, privacy risks, research developments, and policy changes.

Navigation

VulnerabilitiesNewsResearchDigest ArchiveNewsletter ArchiveSubscribeData SourcesStatisticsDatasetAPIIntegrationsWidgetRSS Feed

Maintained by

Truong (Jack) Luu

Information Systems Researcher

Browse All

All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.

to
Export CSV
6543 items

CVE-2024-8309: A vulnerability in the GraphCypherQAChain class of langchain-ai/langchain version 0.2.5 allows for SQL injection through

criticalvulnerability
security
Oct 29, 2024
CVE-2024-8309

A vulnerability in langchain version 0.2.5's GraphCypherQAChain class allows attackers to use prompt injection (tricking an AI by hiding instructions in its input) to perform SQL injection attacks on databases. This can let attackers steal data, delete information, disrupt services, or access data they shouldn't have access to, especially in systems serving multiple users.

NVD/CVE Database

CVE-2024-7774: A path traversal vulnerability exists in the `getFullPath` method of langchain-ai/langchainjs version 0.2.5. This vulner

criticalvulnerability
security
Oct 29, 2024
CVE-2024-7774

CVE-2024-7774 is a path traversal vulnerability (a security flaw where attackers can access files outside the intended directory) in langchain-ai/langchainjs version 0.2.5 that allows attackers to save, overwrite, read, and delete files anywhere on a system. The vulnerability exists in the `getFullPath` method and related functions because they do not properly filter or validate user input before handling file paths.

CVE-2024-7042: A vulnerability in the GraphCypherQAChain class of langchain-ai/langchainjs versions 0.2.5 and all versions with this cl

criticalvulnerability
security
Oct 29, 2024
CVE-2024-7042

A vulnerability exists in the GraphCypherQAChain class of langchain-ai/langchainjs versions 0.2.5 that allows prompt injection (tricking an AI by hiding instructions in its input), which can lead to SQL injection (inserting malicious database commands). This vulnerability could allow attackers to manipulate data, steal sensitive information, delete data to cause service outages, or breach security in systems serving multiple users.

CVE-2024-47158: N-LINE 2.0.6 and prior versions contain a code injection vulnerability. If this vulnerability is exploited, arbitrary co

mediumvulnerability
security
Oct 25, 2024
CVE-2024-47158

N-LINE version 2.0.6 and earlier contain a code injection vulnerability (CWE-94, a flaw where an attacker can insert malicious code into an application), which could allow attackers to execute arbitrary code on an instructor's browser or redirect them to a malicious website. The vulnerability was reported by JPCERT/CC and assigned CVE-2024-47158 on October 25, 2024.

ZombAIs: From Prompt Injection to C2 with Claude Computer Use

mediumnews
securitysafety

CVE-2024-48142: A prompt injection vulnerability in the chatbox of Butterfly Effect Limited Monica ChatGPT AI Assistant v2.4.0 allows at

highvulnerability
security
Oct 24, 2024
CVE-2024-48142

CVE-2024-48142 is a prompt injection vulnerability (a technique where attackers hide malicious instructions in text sent to an AI) in Monica ChatGPT AI Assistant v2.4.0 that lets attackers steal all chat messages between a user and the AI through a specially crafted message.

CVE-2024-48140: A prompt injection vulnerability in the chatbox of Butterfly Effect Limited Monica Your AI Copilot powered by ChatGPT4 v

highvulnerability
security
Oct 24, 2024
CVE-2024-48140

A prompt injection vulnerability (tricking an AI by hiding instructions in its input) was found in Monica Your AI Copilot v6.3.0, a ChatGPT-powered browser extension. Attackers can exploit this flaw by sending a specially crafted message to access and steal all chat data between the user and the AI assistant, both from past conversations and future ones.

CVE-2024-48145: A prompt injection vulnerability in the chatbox of Netangular Technologies ChatNet AI Version v1.0 allows attackers to a

criticalvulnerability
security
Oct 24, 2024
CVE-2024-48145

CVE-2024-48145 is a prompt injection vulnerability (a type of attack where malicious instructions are hidden in text input to an AI system) in Netangular Technologies ChatNet AI Version v1.0 that allows attackers to steal all chat data between users and the AI by sending a specially crafted message. The vulnerability is classified under CWE-77 (improper neutralization of special elements used in commands), meaning the system fails to properly filter dangerous input before processing it.

CVE-2024-48144: A prompt injection vulnerability in the chatbox of Fusion Chat Chat AI Assistant Ask Me Anything v1.2.4.0 allows attacke

criticalvulnerability
security
Oct 24, 2024
CVE-2024-48144

CVE-2024-48144 is a prompt injection vulnerability (tricking an AI by hiding instructions in its input) in Fusion Chat Chat AI Assistant Ask Me Anything v1.2.4.0 that allows attackers to craft a malicious message in the chatbox to steal all previous and future conversations between the user and the AI assistant. The vulnerability is caused by improper handling of special elements in user input (CWE-77, a weakness in command injection prevention).

CVE-2024-48141: A prompt injection vulnerability in the chatbox of Zhipu AI CodeGeeX v2.17.0 allows attackers to access and exfiltrate a

highvulnerability
security
Oct 24, 2024
CVE-2024-48141

CVE-2024-48141 is a prompt injection vulnerability (a technique where an attacker hides malicious instructions in text sent to an AI) in Zhipu AI CodeGeeX version 2.17.0's chatbox. An attacker can craft a message to trick the AI into leaking all previous and future chat conversations between the user and the assistant.

CVE-2024-48139: A prompt injection vulnerability in the chatbox of Blackbox AI v1.3.95 allows attackers to access and exfiltrate all pre

highvulnerability
security
Oct 24, 2024
CVE-2024-48139

CVE-2024-48139 is a prompt injection vulnerability (a technique where attackers hide malicious instructions in messages sent to an AI) in Blackbox AI version 1.3.95 that allows attackers to steal all chat messages between a user and the AI by sending a specially crafted message. This vulnerability is classified as a command injection flaw (where attackers manipulate input to execute unintended commands).

CVE-2024-48919: Cursor is a code editor built for programming with AI. Prior to Sep 27, 2024, if a user generated a terminal command via

highvulnerability
security
Oct 22, 2024
CVE-2024-48919

Cursor is a code editor that uses AI to help with programming. Before September 27, 2024, attackers could trick Cursor's command generation feature into running harmful commands if a user imported a malicious website into the prompt and the attacker used prompt injection (hidden instructions in text that manipulate AI behavior) on that website. A server-side patch was released quickly to block dangerous characters, and Cursor version 0.42 added client-side protections and a new preview box setting that requires manual approval before commands run.

CVE-2022-49005: In the Linux kernel, the following vulnerability has been resolved: ASoC: ops: Fix bounds check for _sx controls For _

mediumvulnerability
security
Oct 21, 2024
CVE-2022-49005

A bug in the Linux kernel's audio sound system (ASoC) incorrectly checked the maximum value for _sx controls (special volume controls where the max field means the number of steps, not the maximum value itself). The bounds check in snd_soc_put_volsw_sx() (a function that validates input values) needed to be fixed to properly check against the actual maximum value instead.

CVE-2024-47728: In the Linux kernel, the following vulnerability has been resolved: bpf: Zero former ARG_PTR_TO_{LONG,INT} args in case

mediumvulnerability
security
Oct 21, 2024
CVE-2024-47728

A vulnerability in the Linux kernel's BPF (Berkeley Packet Filter, a system for running safe code inside the kernel) subsystem could leak memory when certain helper functions encounter errors. The fix ensures that pointer arguments are zeroed out when errors occur, preventing sensitive kernel data from being accidentally exposed.

CVE-2024-49326: Unrestricted Upload of File with Dangerous Type vulnerability in Vasilis Kerasiotis Affiliator allows Upload a Web Shell

criticalvulnerability
security
Oct 20, 2024
CVE-2024-49326

A vulnerability in Affiliator (a WordPress plugin) version 2.1.3 and earlier allows attackers to upload dangerous file types, specifically web shells (malicious scripts that give attackers control of a server). This happens because the plugin does not properly restrict what kinds of files users can upload.

CVE-2024-49361: ACON is a widely-used library of tools for machine learning that focuses on adaptive correlation optimization. A potenti

highvulnerability
security
Oct 18, 2024
CVE-2024-49361

CVE-2024-49361 is a vulnerability in ACON, a machine learning library that performs adaptive correlation optimization. The vulnerability exists in how ACON validates input data, which could allow an attacker to bypass these checks and execute arbitrary code (run commands they shouldn't be able to run) on systems using ACON. Machine learning applications that accept user-provided data are at the highest risk, especially those running on production servers (live systems serving real users).

CVE-2024-47872: Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves **Cross-Site Scripti

mediumvulnerability
security
Oct 10, 2024
CVE-2024-47872

Gradio, an open-source Python package for building user interfaces, has a cross-site scripting vulnerability (XSS, where malicious code hidden in files runs in users' browsers) that affects servers allowing file uploads. Attackers can upload harmful HTML, JavaScript, or SVG files that execute when other users view or download them, potentially stealing data or compromising accounts.

CVE-2024-47871: Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves **insecure communica

criticalvulnerability
security
Oct 10, 2024
CVE-2024-47871

Gradio, an open-source Python package for building demos, has a vulnerability where the connection between the FRP client and server (fast reverse proxy, a tool that exposes local applications to the internet) isn't encrypted when the `share=True` option is used. This means attackers can intercept and read files uploaded to the server or modify data being sent, putting sensitive information at risk for users sharing Gradio demos publicly online.

CVE-2024-47870: Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a **race condition**

highvulnerability
security
Oct 10, 2024
CVE-2024-47870

Gradio, an open-source Python package for building AI demos, has a race condition (a bug where two operations interfere with each other due to timing) in its configuration function that lets attackers change the backend URL. This could redirect users to a fake server to steal login credentials or uploaded files, especially affecting Gradio servers accessible over the internet.

CVE-2024-47869: Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a **timing attack**

lowvulnerability
security
Oct 10, 2024
CVE-2024-47869

Gradio, an open-source Python package for building prototypes, has a timing attack vulnerability (a security flaw where an attacker measures how long the system takes to respond to guess different values) in its analytics dashboard hash comparison. An attacker could exploit this by sending many requests and timing the responses to gradually figure out the correct hash and gain unauthorized access to the dashboard.

Previous271 / 328Next

Fix: A patch is available at https://github.com/langchain-ai/langchainjs/commit/a0fad77d6b569e5872bd4a9d33be0c0785e538a9

NVD/CVE Database
NVD/CVE Database
NVD/CVE Database
Oct 24, 2024

Claude Computer Use is a new AI tool from Anthropic that lets Claude take screenshots and run commands on computers autonomously. The feature carries serious security risks because of prompt injection (tricking an AI by hiding malicious instructions in its input), which could allow attackers to make Claude execute unwanted commands on machines it controls.

Embrace The Red
NVD/CVE Database
NVD/CVE Database
NVD/CVE Database
NVD/CVE Database
NVD/CVE Database
NVD/CVE Database

Fix: A server-side patch released on September 27, 2024 prevents newlines or control characters from being streamed back. Cursor 0.42 includes client-side mitigations that block newlines or control characters from entering the terminal directly. Users can enable the setting `"cursor.terminal.usePreviewBox"` and set it to `true` to stream responses into a preview box that must be manually accepted before inserting into the terminal. The patch is applied server-side, so no additional action is needed on older versions. Additionally, Cursor's maintainers recommend only including trusted context in prompts as a best practice.

NVD/CVE Database

Fix: Multiple patches were released to fix this issue. The patches are available at the following kernel.org URLs: 325d94d16e3131b54bdf07356e4cd855e0d853fc, 46bab25cc0230df60d1c02b651cc5640a14b08df, 4a95a49f26308782b4056401989ecd7768fda8fa, 698813ba8c580efb356ace8dbf55f61dac6063a8, 73dce3c1d48c4662bdf3ccbde1492c2cb4bfd8ce, 98b15c706644bebc19d2e77ccc360cc51444f6d0, b50c9641897274c3faef5f95ac852f54b94be2e8, and e46adadf19248d59af3aa6bc52e09115bf479bf7.

NVD/CVE Database

Fix: The kernel now zeros the value of former ARG_PTR_TO_{LONG,INT} arguments (pointers to long or integer values) when non-tracing helpers return errors. Additionally, for MTU helper functions, the *mtu_len pointer value is cleared on the error path to prevent uninitialized memory from being readable.

NVD/CVE Database
NVD/CVE Database
NVD/CVE Database

Fix: Upgrade to gradio>=5. As a workaround, restrict uploads to non-executable file types (like images or text) and implement server-side validation to sanitize or reject HTML, JavaScript, and SVG files before they are stored or displayed to users.

NVD/CVE Database

Fix: Users should upgrade to `gradio>=5` to fix this issue. As an alternative, users can avoid using `share=True` in production environments and instead host their Gradio applications on servers with HTTPS enabled (a secure protocol that encrypts communication) to ensure safe data transmission.

NVD/CVE Database

Fix: Upgrade to gradio>=5 (version 5 or newer). The source notes there are no known workarounds for this issue.

NVD/CVE Database

Fix: Upgrade to gradio>4.44. Alternatively, before upgrading, developers can manually patch the analytics_dashboard to use a constant-time comparison function (a method that takes the same amount of time regardless of whether the input is correct) for comparing sensitive values like hashes, or disable access to the analytics dashboard entirely.

NVD/CVE Database