aisecwatch.com
DashboardVulnerabilitiesNewsResearchArchiveStatsDatasetFor devs
Subscribe
aisecwatch.com

Real-time AI security monitoring. Tracking AI-related vulnerabilities, safety and security incidents, privacy risks, research developments, and policy changes.

Navigation

VulnerabilitiesNewsResearchDigest ArchiveNewsletter ArchiveSubscribeData SourcesStatisticsDatasetAPIIntegrationsWidgetRSS Feed

Maintained by

Truong (Jack) Luu

Information Systems Researcher

Browse All

All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.

to
Export CSV
6558 items

CVE-2024-5565: The Vanna library uses a prompt function to present the user with visualized results, it is possible to alter the prompt

highvulnerability
security
May 31, 2024
CVE-2024-5565

The Vanna library (a tool for generating data visualizations) has a vulnerability where attackers can use prompt injection (tricking an AI by hiding instructions in its input) to alter how the library processes user requests and run arbitrary Python code instead of creating the intended visualization. This happens when external input is sent to the library's 'ask' method with visualization enabled, which is the default setting, leading to remote code execution (attackers being able to run commands on a system they don't own).

NVD/CVE Database

CVE-2024-37032: Ollama before 0.1.34 does not validate the format of the digest (sha256 with 64 hex digits) when getting the model path,

highvulnerability
security
May 31, 2024
CVE-2024-37032EPSS: 93.8%

CVE-2024-3924: A code injection vulnerability exists in the huggingface/text-generation-inference repository, specifically within the `

highvulnerability
security
May 30, 2024
CVE-2024-3924

A code injection vulnerability (injecting malicious code into a system) exists in the huggingface/text-generation-inference repository's workflow file, where user input from GitHub branch names is unsafely used to build commands. An attacker can exploit this by creating a malicious branch name and submitting a pull request, potentially executing arbitrary code on the GitHub Actions runner (the automated system that runs tests and builds for the project).

CVE-2024-3584: qdrant/qdrant version 1.9.0-dev is vulnerable to path traversal due to improper input validation in the `/collections/{n

highvulnerability
security
May 30, 2024
CVE-2024-3584

Qdrant version 1.9.0-dev has a path traversal vulnerability (a security flaw where an attacker manipulates file paths to access unintended locations) in its snapshot upload endpoint that allows attackers to write files anywhere on the server by encoding special characters in the request. This could lead to complete system compromise through arbitrary file upload and overwriting.

CVE-2024-5185: The EmbedAI application is susceptible to security issues that enable Data Poisoning attacks. This weakness could result

highvulnerability
security
May 29, 2024
CVE-2024-5185

EmbedAI has a security flaw that allows data poisoning attacks (injecting false or harmful information into an AI system) through a CSRF vulnerability (cross-site request forgery, where an attacker tricks a user into performing unwanted actions on a website they're logged into). An attacker can direct users to a malicious webpage that exploits weak session management and CORS policies (which control what external websites can access the application), tricking them into uploading bad data that corrupts the application's language model.

Automatic Tool Invocation when Browsing with ChatGPT - Threats and Mitigations

mediumnews
securitysafety

CVE-2024-5397: A vulnerability classified as critical was found in itsourcecode Online Student Enrollment System 1.0. Affected by this

mediumvulnerability
security
May 27, 2024
CVE-2024-5397

CVE-2024-5397 is a critical vulnerability in itsourcecode Online Student Enrollment System 1.0 that allows SQL injection (an attack where malicious code is inserted into database queries through user input). The flaw exists in the instructorSubjects.php file where the instructorId parameter is not properly protected, and an attacker can exploit it remotely with valid user credentials.

CVE-2024-4858: The Testimonial Carousel For Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a

mediumvulnerability
security
May 25, 2024
CVE-2024-4858

The Testimonial Carousel For Elementor WordPress plugin (versions up to 10.2.0) has a missing authorization check in the 'save_testimonials_option_callback' function, allowing unauthenticated attackers to modify data like OpenAI API keys without permission. This vulnerability is classified as CWE-862 (missing authorization, where a system doesn't verify that a user has permission to perform an action).

Robust governance for the AI Act: Insights and highlights from Novelli et al. (2024)

inforegulatory
policy
May 24, 2024

This overview discusses the European AI Act and the governance framework needed to implement it, focusing on the European Commission's responsibilities and the AI Office. Key tasks include establishing guidelines for classifying high-risk AI systems, defining what counts as significant modifications (changes that alter a system's risk level), and setting standards for transparency and enforcement across EU member states.

ChatGPT: Hacking Memories with Prompt Injection

mediumnews
securitysafety

CVE-2024-0453: The AI ChatBot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check

mediumvulnerability
security
May 22, 2024
CVE-2024-0453

The AI ChatBot plugin for WordPress (up to version 5.3.4) has a security flaw where a function called openai_file_delete_callback lacks a capability check (verification that a user has permission to perform an action). This allows any authenticated user with subscriber-level access or higher to delete files from a connected OpenAI account without proper authorization.

CVE-2024-0452: The AI ChatBot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check

mediumvulnerability
security
May 22, 2024
CVE-2024-0452

The AI ChatBot plugin for WordPress (up to version 5.3.4) has a missing capability check (a missing authorization check that verifies user permissions) in its file upload function, allowing authenticated users with basic subscriber access to upload files to a connected OpenAI account without proper permission verification. This vulnerability affects all versions through 5.3.4 and could let low-privilege attackers modify data on the linked OpenAI account.

CVE-2024-0451: The AI ChatBot plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on th

mediumvulnerability
security
May 22, 2024
CVE-2024-0451

The AI ChatBot plugin for WordPress has a security flaw in versions up to 5.3.4 where a function lacks a capability check (a security control that verifies a user has permission to perform an action). This allows authenticated users with subscriber-level access or higher to view files stored in a connected OpenAI account without authorization.

CVE-2023-52828: In the Linux kernel, the following vulnerability has been resolved: bpf: Detect IP == ksym.end as part of BPF program

mediumvulnerability
security
May 21, 2024
CVE-2023-52828

A vulnerability in the Linux kernel's BPF (Berkeley Packet Filter, a technology for running safe programs in the kernel) subsystem occurs when a BPF program ends with a call to bpf_throw (a function that terminates execution), causing the instruction pointer to point just past the program's boundary. This breaks stack unwinding (the process of tracking where an error originated across function calls), potentially causing a panic (system crash). The fix makes the kernel treat instruction pointers at the program boundary (IP == ksym.end) as part of the program, allowing reliable stack unwinding in these cases.

CVE-2021-47231: In the Linux kernel, the following vulnerability has been resolved: can: mcba_usb: fix memory leak in mcba_usb Syzbot

mediumvulnerability
security
May 21, 2024
CVE-2021-47231

A memory leak was found in the Linux kernel's SocketCAN driver for Microchip CAN BUS Analyzer Tool, where 20 USB coherent buffers (memory blocks allocated for direct USB communication) were allocated in the mcba_usb_start() function but never freed, causing memory to be wasted when the device disconnected. The issue occurred because the disconnect function simply stopped the USB requests without properly deallocating the coherent buffers.

Machine Learning Attack Series: Backdooring Keras Models and How to Detect It

infonews
securityresearch

CVE-2024-35791: In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Flush pages under kvm->lock to fix UAF in

highvulnerability
security
May 17, 2024
CVE-2024-35791

A use-after-free vulnerability (UAF, a bug where code tries to access memory that has already been freed) was found in the Linux kernel's KVM (virtual machine software) SVM (a CPU virtualization technology) module in the svm_register_enc_region() function. The vulnerability occurred because a cache flush operation was happening after releasing a lock, allowing another part of the program to delete the region data before the flush completed.

CVE-2024-4263: A broken access control vulnerability exists in mlflow/mlflow versions before 2.10.1, where low privilege users with onl

mediumvulnerability
security
May 16, 2024
CVE-2024-4263

MLflow (a tool for managing machine learning experiments) versions before 2.10.1 have a broken access control vulnerability where users with only EDIT permissions can delete artifacts (saved files or data from experiments) they shouldn't be able to delete. The bug happens because the system doesn't properly check permissions when users request to delete artifacts, even though the documentation says EDIT users should only be able to read and update, not delete.

CVE-2024-3848: A path traversal vulnerability exists in mlflow/mlflow version 2.11.0, identified as a bypass for the previously address

highvulnerability
security
May 16, 2024
CVE-2024-3848EPSS: 78.7%

CVE-2024-4318: The Tutor LMS plugin for WordPress is vulnerable to time-based SQL Injection via the ‘question_id’ parameter in versions

highvulnerability
security
May 16, 2024
CVE-2024-4318

The Tutor LMS plugin for WordPress (versions up to 2.7.0) has a time-based SQL injection vulnerability (a technique where attackers sneak malicious database commands into user input to extract data) in the 'question_id' parameter because the plugin doesn't properly clean user input or prepare its database queries. Attackers with Instructor-level permissions or higher can exploit this to extract sensitive information from the database.

Previous279 / 328Next

Ollama versions before 0.1.34 have a security flaw where they don't properly check the format of digests (sha256 hashes that should be exactly 64 hexadecimal digits) when looking up model file paths. This allows attackers to bypass security checks by using invalid digest formats, such as ones with too few digits, too many digits, or paths starting with '../' (a path traversal technique that accesses files outside the intended directory).

Fix: Update Ollama to version 0.1.34 or later. The fix is available in the release notes at https://github.com/ollama/ollama/compare/v0.1.33...v0.1.34 and was implemented in pull request #4175.

NVD/CVE Database

Fix: This issue was fixed in version 2.0.0. Users should update to version 2.0.0 or later.

NVD/CVE Database

Fix: The issue is fixed in version 1.9.0. Users should upgrade to this version or later.

NVD/CVE Database
NVD/CVE Database
May 28, 2024

ChatGPT's browsing tool can be tricked into automatically invoking other tools (like image creation or memory management) when users visit websites containing hidden instructions, a vulnerability known as prompt injection (tricking an AI by hiding instructions in its input). While OpenAI added some protections, minor prompting tricks can bypass them, and this issue affects other AI applications as well.

Fix: For custom GPTs with AI Actions, creators can use the x-openai-isConsequential flag as a mitigation to put users in control, though the source notes this approach 'still lacks a great user experience, like better visualization to understand what the action is about to do.'

Embrace The Red
NVD/CVE Database
NVD/CVE Database

Fix: The source suggests that the Commission should adopt 'predetermined change management plans akin to those in medicine' to assess modifications to AI systems. These plans would be documents outlining anticipated changes (such as performance adjustments or shifts in intended use) and the methods for evaluating whether those changes substantially alter the system's risk level. The source also recommends that standard fine-tuning of foundation models (training adjustments to pre-existing AI models) should not be considered a significant modification unless safety layers are removed or other actions clearly increase risk.

EU AI Act Updates
May 22, 2024

ChatGPT's new memory feature, which lets the AI remember information across different chat sessions for a more personalized experience, can be exploited through indirect prompt injection (tricking an AI by hiding malicious instructions in its input). Attackers could manipulate ChatGPT into storing false information, biases, or unwanted instructions by injecting commands through connected apps like Google Drive, uploaded documents, or web browsing features.

Embrace The Red
NVD/CVE Database
NVD/CVE Database

Fix: A patch is available at https://plugins.trac.wordpress.org/changeset/3089461/chatbot/trunk/includes/openai/qcld-bot-openai.php. Users should update their AI ChatBot plugin to a version after 5.3.4.

NVD/CVE Database

Fix: Make bpf_prog_ksym_find treat IP == ksym.end as part of the BPF program, so that is_bpf_text_address returns true when such a case occurs, allowing reliable unwinding when the final instruction ends up being a call instruction.

NVD/CVE Database

Fix: All allocated buffers should be freed with usb_free_coherent() explicitly. The source notes that the same correct pattern for allocating and freeing coherent buffers is used in drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c.

NVD/CVE Database
May 18, 2024

This post examines how attackers can insert hidden malicious code into machine learning models (a technique called backdooring) through supply chain attacks, specifically targeting Keras models (a popular framework for building AI systems). The authors demonstrate this attack and then explore tools that can detect when a model has been compromised in this way.

Embrace The Red

Fix: Do the cache flush of converted pages in svm_register_enc_region() before dropping kvm->lock (release the lock only after the flush is complete, not before). This ensures the region and its page array cannot be freed by another task while the flush is still in progress.

NVD/CVE Database

Fix: Update mlflow to version 2.10.1 or later.

NVD/CVE Database

MLflow version 2.11.0 has a path traversal vulnerability (a security flaw where an attacker can access files outside intended directories) that bypasses a previous fix. An attacker can use a '#' character in artifact URLs to skip validation and read sensitive files like SSH keys and cloud credentials from the server's filesystem. The vulnerability exists because the application doesn't properly validate the fragment portion (the part after '#') of URLs before converting them to filesystem paths.

NVD/CVE Database
NVD/CVE Database