aisecwatch.com
DashboardVulnerabilitiesNewsResearchArchiveStatsDatasetFor devs
Subscribe
aisecwatch.com

Real-time AI security monitoring. Tracking AI-related vulnerabilities, safety and security incidents, privacy risks, research developments, and policy changes.

Navigation

VulnerabilitiesNewsResearchDigest ArchiveNewsletter ArchiveSubscribeData SourcesStatisticsDatasetAPIIntegrationsWidgetRSS Feed

Maintained by

Truong (Jack) Luu

Information Systems Researcher

Browse All

All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.

to
Export CSV
6561 items

CVE-2023-45063: Cross-Site Request Forgery (CSRF) vulnerability in ReCorp AI Content Writing Assistant (Content Writer, GPT 3 & 4, ChatG

mediumvulnerability
security
Oct 12, 2023
CVE-2023-45063

A CSRF vulnerability (cross-site request forgery, where an attacker tricks a user into performing unwanted actions on a website they're logged into) was found in the ReCorp AI Content Writing Assistant plugin for WordPress in versions 1.1.5 and earlier. This flaw could allow attackers to exploit users of the plugin without their knowledge.

NVD/CVE Database

CVE-2023-44467: langchain_experimental (aka LangChain Experimental) in LangChain before 0.0.306 allows an attacker to bypass the CVE-202

criticalvulnerability
security
Oct 9, 2023
CVE-2023-44467

CVE-2023-44467 is a vulnerability in LangChain Experimental (a library for building AI applications) before version 0.0.306 that allows attackers to bypass a previous security fix and run arbitrary code (unauthorized commands) on a system using the __import__ function in Python, which the pal_chain/base.py file failed to block.

Microsoft Fixes Data Exfiltration Vulnerability in Azure AI Playground

mediumnews
security
Sep 29, 2023

LLM applications like chatbots are vulnerable to data exfiltration (unauthorized data theft) through image markdown injection, a technique where attackers embed hidden instructions in untrusted data to make the AI generate image tags that leak information. Microsoft patched this vulnerability in Azure AI Playground, though the source does not describe the specific technical details of their fix.

CVE-2023-43654: TorchServe is a tool for serving and scaling PyTorch models in production. TorchServe default configuration lacks proper

criticalvulnerability
security
Sep 28, 2023
CVE-2023-43654EPSS: 91.6%

TorchServe (a tool for running PyTorch machine learning models as web services) has a vulnerability in its default configuration that fails to validate user inputs properly, allowing attackers to download files from any URL and save them to the server's disk. This could let attackers damage the system or steal sensitive information, affecting versions 0.1.0 through 0.8.1.

Advanced Data Exfiltration Techniques with ChatGPT

mediumnews
security
Sep 28, 2023

An indirect prompt injection attack (tricking an AI into following hidden instructions in its input) can allow an attacker to steal chat data from ChatGPT users by either having the AI embed information into image URLs (image markdown injection, which embeds data into web links displayed as images) or convincing users to click malicious links. ChatGPT Plugins, which are add-ons that extend ChatGPT's functionality, create additional exfiltration risks because they have minimal security review before being deployed.

HITCON CMT 2023 - LLM Security Presentation and Trip Report

infonews
securityresearch

LLM Apps: Don't Get Stuck in an Infinite Loop! 💵💰

mediumnews
securitysafety

CVE-2023-41626: Gradio v3.27.0 was discovered to contain an arbitrary file upload vulnerability via the /upload interface.

mediumvulnerability
security
Sep 15, 2023
CVE-2023-41626

Gradio version 3.27.0 has a security flaw that allows attackers to upload any type of file through the /upload interface without proper restrictions (CWE-434, unrestricted file upload with dangerous type). This means someone could potentially upload malicious files to a system running this vulnerable version.

CVE-2023-4278: The MasterStudy LMS WordPress Plugin WordPress plugin before 3.0.18 does not have proper checks in place during registra

highvulnerability
security
Sep 11, 2023
CVE-2023-4278EPSS: 21.3%

CVE-2023-39631: An issue in LanChain-ai Langchain v.0.0.245 allows a remote attacker to execute arbitrary code via the evaluate function

criticalvulnerability
security
Sep 1, 2023
CVE-2023-39631

CVE-2023-39631 is a code injection vulnerability (a flaw where an attacker can insert malicious code into a program) in Langchain version 0.0.245 that allows a remote attacker to execute arbitrary code through the evaluate function in the numexpr library (a Python tool for fast numerical expression evaluation). The vulnerability has a CVSS severity score of 4.0, indicating low to moderate risk.

v2: make download.sh executable (#695)

infonews
industry
Sep 1, 2023

This is a minor update to the Llama repository that makes download.sh (a script file used to download files) executable and adds error handling so the script stops running if it encounters a problem. The change was submitted as a pull request to improve the reliability of the download process.

CVE-2023-38975: * Buffer Overflow vulnerability in qdrant v.1.3.2 allows a remote attacker cause a denial of service via the chucnked_ve

highvulnerability
security
Aug 29, 2023
CVE-2023-38975

A buffer overflow vulnerability (a memory safety flaw where data is written beyond allocated space) in Qdrant version 1.3.2 allows remote attackers to cause a denial of service (making the service unavailable) through the chunked_vectors component. The vulnerability has a CVSS score of 4.0, indicating moderate severity.

Video: Data Exfiltration Vulnerabilities in LLM apps (Bing Chat, ChatGPT, Claude)

highnews
security
Aug 28, 2023

A researcher discovered data exfiltration vulnerabilities (security flaws that allow unauthorized data to leak out of a system) in several popular AI chatbots including Bing Chat, ChatGPT, and Claude, and responsibly disclosed them to the companies. Microsoft, Anthropic, and a plugin vendor fixed their vulnerabilities, but OpenAI decided not to fix an image markdown injection issue (a vulnerability where hidden code in image formatting can trick the AI into revealing data).

CVE-2023-36281: An issue in langchain v.0.0.171 allows a remote attacker to execute arbitrary code via a JSON file to load_prompt. This

criticalvulnerability
security
Aug 22, 2023
CVE-2023-36281EPSS: 68.5%

LangChain version 0.0.171 has a vulnerability (CVE-2023-36281) that allows a remote attacker to execute arbitrary code (run commands they shouldn't be able to run) by sending a specially crafted JSON file to the load_prompt function. The vulnerability relates to improper control of code generation, which means the application doesn't properly validate or sanitize (clean) the input before using it to create executable code.

CVE-2023-38976: An issue in weaviate v.1.20.0 allows a remote attacker to cause a denial of service via the handleUnbatchedGraphQLReques

highvulnerability
security
Aug 21, 2023
CVE-2023-38976

Weaviate v.1.20.0 contains a vulnerability (CVE-2023-38976) in the handleUnbatchedGraphQLRequest function that allows remote attackers to cause a denial of service (making a service unavailable by overwhelming it with requests). The vulnerability has a CVSS score of 4.0 (a moderate severity rating).

CVE-2023-39659: An issue in langchain langchain-ai v.0.0.232 and before allows a remote attacker to execute arbitrary code via a crafted

criticalvulnerability
security
Aug 15, 2023
CVE-2023-39659

CVE-2023-39659 is a vulnerability in langchain (an AI library) version 0.0.232 and earlier that allows a remote attacker to execute arbitrary code (run commands they choose) by sending a specially crafted script to the PythonAstREPLTool._run component. The vulnerability is caused by improper neutralization of special elements in output (a type of injection attack where untrusted input is not properly filtered before being processed).

CVE-2023-38896: An issue in Harrison Chase langchain v.0.0.194 and before allows a remote attacker to execute arbitrary code via the fro

criticalvulnerability
security
Aug 15, 2023
CVE-2023-38896

CVE-2023-38896 is a vulnerability in langchain v.0.0.194 and earlier versions that allows a remote attacker to execute arbitrary code (run commands on a system they don't control) through the from_math_prompt and from_colored_object_prompt functions. This is an injection attack (CWE-74), where the software fails to properly filter special characters or commands that could be misused by downstream components.

CVE-2023-38860: An issue in LangChain v.0.0.231 allows a remote attacker to execute arbitrary code via the prompt parameter.

criticalvulnerability
security
Aug 15, 2023
CVE-2023-38860

LangChain version 0.0.231 has a vulnerability (CVE-2023-38860) where a remote attacker can execute arbitrary code by manipulating the prompt parameter, which is a type of code injection (CWE-94, where an attacker tricks the system into running malicious code by hiding it in input data).

CVE-2023-27506: Improper buffer restrictions in the Intel(R) Optimization for Tensorflow software before version 2.12 may allow an authe

mediumvulnerability
security
Aug 11, 2023
CVE-2023-27506

CVE-2023-27506 is a vulnerability in Intel Optimization for Tensorflow software before version 2.12 involving improper buffer restrictions (a memory safety flaw where a program doesn't properly check that it stays within allocated memory). An authenticated user with local access to a system could potentially use this flaw to escalate their privileges, gaining higher-level access than they should have.

CVE-2022-47636: A DLL hijacking vulnerability has been discovered in OutSystems Service Studio 11 11.53.30 build 61739. When a user open

highvulnerability
security
Aug 10, 2023
CVE-2022-47636

A DLL hijacking vulnerability (a type of attack where malicious files with the same name as legitimate ones are loaded instead) was found in OutSystems Service Studio 11 version 11.53.30. When a user opens a .oml file (OutSystems Modeling Language, a file format used in OutSystems development), the application loads certain DLL files (dynamic link libraries, which are collections of code that programs use) from the same directory, and an attacker could place a crafted malicious DLL there to run arbitrary code (any commands they choose) with the privileges of the logged-in user.

Previous286 / 329Next

Fix: Upgrade LangChain to version 0.0.306 or later. A patch is available at https://github.com/langchain-ai/langchain/commit/4c97a10bd0d9385cfee234a63b5bd826a295e483.

NVD/CVE Database
Embrace The Red

Fix: Upgrade to TorchServe release 0.8.2 or later, which includes a warning when the default value for allowed_urls is used. Users should also configure the allowed_urls setting and specify which model URLs are permitted.

NVD/CVE Database
Embrace The Red
Sep 18, 2023

This article is a trip report from HITCON CMT 2023, a security conference in Taiwan, where the author attended talks on various topics including LLM security, reverse engineering with AI, and application exploits. Key presentations covered indirect prompt injections (attacks where malicious instructions are hidden in data fed to an AI system), Electron app vulnerabilities, and PHP security issues. The author gave a talk on indirect prompt injections and notes this technique could become a significant attack vector for AI-integrated applications like chatbots.

Embrace The Red
Sep 16, 2023

An attacker can use indirect prompt injection (tricking an AI by hiding malicious instructions in data it reads) to make an LLM call its own tools or plugins repeatedly in a loop, potentially increasing costs or disrupting service. While ChatGPT users are mostly protected by subscription pricing, call limits, and a manual stop button, this technique demonstrates a real vulnerability in how LLM applications handle recursive tool calls.

Embrace The Red
NVD/CVE Database

The MasterStudy LMS WordPress plugin before version 3.0.18 has a registration vulnerability that allows anyone to bypass security checks and create an instructor account without proper verification. Once registered as an instructor, attackers can add courses and posts to the site, potentially compromising its content and structure.

Fix: Update the MasterStudy LMS WordPress plugin to version 3.0.18 or later.

NVD/CVE Database
NVD/CVE Database
Meta Llama Releases
NVD/CVE Database

Fix: The source mentions that Microsoft (Bing Chat), Anthropic (Claude), and a plugin vendor addressed and fixed their respective vulnerabilities. However, OpenAI's response to the reported vulnerability was "won't fix," meaning no mitigation from OpenAI is described in the source text.

Embrace The Red
NVD/CVE Database
NVD/CVE Database
NVD/CVE Database

Fix: A patch is available at https://github.com/hwchase17/langchain/pull/6003. Users should update langchain to a version after v.0.0.194.

NVD/CVE Database
NVD/CVE Database

Fix: Update Intel Optimization for Tensorflow to version 2.12 or later.

NVD/CVE Database
NVD/CVE Database