aisecwatch.com
DashboardVulnerabilitiesNewsResearchArchiveStatsDatasetFor devs
Subscribe
aisecwatch.com

Real-time AI security monitoring. Tracking AI-related vulnerabilities, safety and security incidents, privacy risks, research developments, and policy changes.

Navigation

VulnerabilitiesNewsResearchDigest ArchiveNewsletter ArchiveSubscribeData SourcesStatisticsDatasetAPIIntegrationsWidgetRSS Feed

Maintained by

Truong (Jack) Luu

Information Systems Researcher

Browse All

All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.

to
Export CSV
6556 items

Breaking Instruction Hierarchy in OpenAI's gpt-4o-mini

mediumnews
securitysafety
Jul 22, 2024

OpenAI released gpt-4o-mini with safety improvements aimed at strengthening 'instruction hierarchy,' which is supposed to prevent users from tricking the AI into ignoring its built-in rules through commands like 'ignore all previous instructions.' However, researchers have already demonstrated bypasses of this protection, and analysis shows that system instructions (the AI's core rules) still cannot be fully trusted as a security boundary (a hard limit that stops attackers).

Embrace The Red

CVE-2024-5973: The MasterStudy LMS WordPress Plugin WordPress plugin before 3.3.24 does not prevent students from creating instructor

highvulnerability
security
Jul 22, 2024
CVE-2024-5973

The MasterStudy LMS WordPress Plugin (a learning management system add-on for WordPress) before version 3.3.24 has a security flaw where students can create instructor accounts, giving them access to features they shouldn't be able to use. This vulnerability allows unauthorized privilege escalation (gaining higher-level permissions than intended).

CVE-2024-6960: The H2O machine learning platform uses "Iced" classes as the primary means of moving Java Objects around the cluster. Th

highvulnerability
security
Jul 21, 2024
CVE-2024-6960

CVE-2024-6960 is a vulnerability in the H2O machine learning platform where the Iced format (a system for moving Java objects across a computer cluster) allows deserialization of any Java class without restrictions. An attacker can create a malicious model using Java gadgets (pre-built code snippets that can be chained together for attacks) that executes arbitrary code when imported into H2O.

CVE-2024-35199: TorchServe is a flexible and easy-to-use tool for serving and scaling PyTorch models in production. In affected versions

highvulnerability
security
Jul 19, 2024
CVE-2024-35199

TorchServe (a tool for running PyTorch machine learning models in production) has a security flaw where two communication ports, 7070 and 7071, are exposed to all network interfaces instead of being restricted to localhost (the local machine only). This means anyone on a network could potentially access these ports. The vulnerability has been fixed and is available in TorchServe version 0.11.0.

CVE-2024-35198: TorchServe is a flexible and easy-to-use tool for serving and scaling PyTorch models in production. TorchServe 's check

criticalvulnerability
security
Jul 19, 2024
CVE-2024-35198

TorchServe (a tool for running machine learning models in production) has a security flaw where its allowed_urls check (a restriction on which websites models can be downloaded from) can be bypassed using special characters like ".." in the URL. Once a model file is downloaded through this bypass, it can be used again without the security check, effectively removing the protection.

CVE-2024-21513: Versions of the package langchain-experimental from 0.0.15 and before 0.0.21 are vulnerable to Arbitrary Code Execution

highvulnerability
security
Jul 15, 2024
CVE-2024-21513EPSS: 10.2%

Sorry, ChatGPT Is Under Maintenance: Persistent Denial of Service through Prompt Injection and Memory Attacks

mediumnews
securitysafety

CVE-2024-25639: Khoj is an application that creates personal AI agents. The Khoj Obsidian, Desktop and Web clients inadequately sanitize

mediumvulnerability
security
Jul 8, 2024
CVE-2024-25639

Khoj, an application that creates personal AI agents, has a vulnerability in its Obsidian, Desktop, and Web clients where user inputs and AI responses are not properly cleaned (sanitized). This allows attackers to inject malicious code through prompt injection (tricking the AI by hiding instructions in its input) via untrusted documents, which can trigger XSS (cross-site scripting, where malicious code runs in a user's browser when they view a webpage).

CVE-2024-40594: The OpenAI ChatGPT app before 2024-07-05 for macOS opts out of the sandbox, and stores conversations in cleartext in a l

lowvulnerability
securityprivacy

An Introduction to the Code of Practice for General-Purpose AI

inforegulatory
policy
Jul 3, 2024

The EU AI Act Code of Practice is a voluntary set of guidelines published in July 2025 to help general-purpose AI (GPAI, large AI models used across many applications) model providers comply with new EU AI regulations during the gap period before formal European standards take effect in 2027 or later. The Code, developed by the EU AI Office and many stakeholders, covers three areas: Transparency and Copyright (for all GPAI providers) and Safety and Security (for providers of GPAI models with systemic risk, meaning those that could cause widespread harm). Though not legally binding, the Commission and EU AI Board confirmed the Code adequately demonstrates compliance with the AI Act's requirements.

CVE-2024-39236: Gradio v4.36.1 was discovered to contain a code injection vulnerability via the component /gradio/component_meta.py. Thi

criticalvulnerability
security
Jul 1, 2024
CVE-2024-39236

Gradio v4.36.1 contains a code injection vulnerability (CWE-94, improper control of code generation) in the /gradio/component_meta.py file that can be triggered by crafted input. The vulnerability supplier disputes the report, arguing it describes a user attacking their own system rather than a genuine security flaw.

CVE-2024-37146: Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, a

mediumvulnerability
security
Jul 1, 2024
CVE-2024-37146

Flowise version 1.4.3 has a reflected cross-site scripting vulnerability (XSS, a type of attack where malicious code is injected into a webpage) in its `/api/v1/credentials/id` endpoint that allows attackers to inject harmful JavaScript into user sessions, potentially stealing information or redirecting users to malicious websites. The vulnerability is especially dangerous because it can be exploited without authentication in the default configuration and can be combined with other attacks to read files from the Flowise server.

CVE-2024-37145: Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, a

mediumvulnerability
security
Jul 1, 2024
CVE-2024-37145

Flowise version 1.4.3 has a reflected cross-site scripting vulnerability (XSS, where an attacker injects malicious code into web pages shown to users) in its `/api/v1/chatflows-streaming/id` endpoint. If using default settings without authentication, an attacker can craft a malicious URL that runs JavaScript in a user's browser, potentially stealing information, showing fake popups, or redirecting users to other websites.

CVE-2024-36423: Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, a

mediumvulnerability
security
Jul 1, 2024
CVE-2024-36423

Flowise version 1.4.3 has a reflected cross-site scripting vulnerability (XSS, a type of attack where malicious code is injected into a webpage) in its `/api/v1/public-chatflows/id` endpoint. An attacker can craft a malicious URL that injects JavaScript code into a user's session, potentially stealing information, showing fake popups, or redirecting users to other websites. This vulnerability is especially dangerous because the vulnerability exists in an unauthenticated endpoint (one that doesn't require a login) and can potentially be combined with other attacks to read files from the server.

CVE-2024-36422: Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, a

mediumvulnerability
security
Jul 1, 2024
CVE-2024-36422

Flowise version 1.4.3 contains a reflected cross-site scripting vulnerability (XSS, a type of attack where malicious code is injected into a webpage to compromise user sessions) in its chatflow endpoint that allows attackers to steal information or redirect users to other sites if the default unauthenticated configuration is used. The vulnerability occurs because when a chatflow ID is not found, the invalid ID is displayed in the error page without proper protection, letting attackers inject arbitrary JavaScript code. This XSS flaw can potentially be combined with path injection attacks (exploiting how the system handles file paths) to read files from the Flowise server.

CVE-2024-36421: Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, A

highvulnerability
security
Jul 1, 2024
CVE-2024-36421

Flowise version 1.4.3 has a CORS misconfiguration (a security setting that controls which websites can access the application), which allows any website to connect to it and steal user information. Attackers could potentially combine this flaw with another vulnerability to read files directly from the Flowise server without needing to log in.

CVE-2024-36420: Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, th

highvulnerability
security
Jul 1, 2024
CVE-2024-36420

Flowise version 1.4.3 has a vulnerability in its `/api/v1/openai-assistants-file` endpoint that allows arbitrary file read attacks (reading files on a system without permission) because the `fileName` parameter is not properly sanitized (cleaned of malicious input). This is caused by improper input validation, which is a common security weakness in software.

CVE-2024-38514: NextChat is a cross-platform ChatGPT/Gemini UI. There is a Server-Side Request Forgery (SSRF) vulnerability due to a lac

highvulnerability
security
Jun 28, 2024
CVE-2024-38514EPSS: 72.6%

CVE-2023-47803: A vulnerability regarding improper limitation of a pathname to a restricted directory ('Path Traversal') is found in the

mediumvulnerability
security
Jun 28, 2024
CVE-2023-47803

CVE-2023-47803 is a path traversal vulnerability (a flaw where attackers bypass directory restrictions to access files they shouldn't) found in the Language Settings feature of certain Synology camera models. The vulnerability allows remote attackers to read non-sensitive files through unspecified methods, affecting BC500 and TC500 camera models running firmware versions before 1.0.7-0298.

CVE-2024-5826: In the latest version of vanna-ai/vanna, the `vanna.ask` function is vulnerable to remote code execution due to prompt i

highvulnerability
security
Jun 27, 2024
CVE-2024-5826

CVE-2024-5826 is a remote code execution vulnerability in the vanna-ai/vanna library's `vanna.ask` function, caused by prompt injection (tricking an AI by hiding instructions in its input) without code sandboxing. An attacker can manipulate the code executed by the `exec` function to gain full control of the app's backend server.

Previous276 / 328Next

Fix: Update the MasterStudy LMS WordPress Plugin to version 3.3.24 or later.

NVD/CVE Database
NVD/CVE Database

Fix: Upgrade to TorchServe release 0.11.0, which includes the fix for this vulnerability. The fix was implemented in pull request #3083.

NVD/CVE Database

Fix: The issue has been fixed by validating the URL without characters such as ".." before downloading (see PR #3082). TorchServe release 0.11.0 includes the fix. Users are advised to upgrade.

NVD/CVE Database

Versions 0.0.15 through 0.0.20 of langchain-experimental contain a vulnerability where the code uses 'eval' (a function that runs Python code from text) on database values, allowing attackers to execute arbitrary code if they can control the input prompt and the server uses VectorSQLDatabaseChain (a component that connects language models to SQL databases). An attacker with low privileges could exploit this to break out of the application and access files or make unauthorized network connections.

Fix: Update langchain-experimental to version 0.0.21 or later.

NVD/CVE Database
Jul 8, 2024

Attackers can use prompt injection (tricking an AI by hiding malicious instructions in its input) to create fake memories in ChatGPT's memory tool, causing the AI to refuse all future responses with a maintenance message that persists across chat sessions. This creates a denial of service attack (making a service unavailable to users) that lasts until the user manually fixes it.

Fix: Users can recover by opening the memory tool, locating and removing suspicious memories created by the attacker. Additionally, users can entirely disable the memory feature to prevent this type of attack.

Embrace The Red

Fix: This vulnerability is fixed in version 1.13.0. Users should update to this version or later.

NVD/CVE Database
Jul 6, 2024
CVE-2024-40594

The OpenAI ChatGPT app for macOS before July 5, 2024 had two security problems: it disabled the sandbox (a security boundary that limits what an app can access) and stored conversations in cleartext (unencrypted plain text) in a location that other apps could read. This meant user conversations were exposed to other programs on the same computer.

NVD/CVE Database
EU AI Act Updates
NVD/CVE Database
NVD/CVE Database
NVD/CVE Database
NVD/CVE Database
NVD/CVE Database
NVD/CVE Database
NVD/CVE Database

NextChat, a user interface for ChatGPT and Gemini, has a Server-Side Request Forgery vulnerability (SSRF, a flaw that lets attackers trick the server into making requests to unintended destinations) in its WebDav API endpoint because the `endpoint` parameter is not validated. An attacker could use this to make unauthorized HTTPS requests from the vulnerable server or inject malicious JavaScript code into users' browsers.

Fix: This vulnerability has been patched in version 2.12.4. Users should update to this version or later.

NVD/CVE Database

Fix: Update Synology Camera Firmware to version 1.0.7-0298 or later for affected BC500 and TC500 models.

NVD/CVE Database
NVD/CVE Database