All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
vLLM is a tool that runs large language models and serves them to users. In versions 0.5.5 through 0.11.0, two API endpoints accept a parameter called chat_template_kwargs that isn't properly checked before being used, allowing attackers to send specially crafted requests that freeze the server and prevent other users' requests from being processed.
Fix: Update to vLLM version 0.11.1 or later, where this issue has been patched.
NVD/CVE DatabasevLLM (an inference and serving engine for large language models) versions 0.5.5 through 0.11.0 have a vulnerability where users can crash the engine by sending multimodal embedding inputs (data that combines multiple types of information, like images and text) with incorrect shape parameters, even if the model doesn't support such inputs. This bug has a CVSS score of 8.3 (a 0-10 scale measuring vulnerability severity), indicating it's a high-severity issue.
vLLM versions 0.10.2 through 0.11.0 have a vulnerability in how they process user-supplied prompt embeddings (numerical representations of text). An attacker can craft malicious data that bypasses safety checks and causes memory corruption (writing data to the wrong location in computer memory), which can crash the system or potentially allow remote code execution (RCE, where an attacker runs commands on the server).
Claude Code is an agentic coding tool (a program that can write code automatically) that had a vulnerability before version 2.0.31 where a mistake in how it parsed sed commands (a tool for editing text) allowed attackers to bypass safety checks and write files anywhere on a computer system. This vulnerability has been fixed.
CVE-2025-64660 is a vulnerability in GitHub Copilot and Visual Studio Code that involves improper access control (a flaw in how the software checks who is allowed to do what), allowing an authorized attacker to execute code over a network. The vulnerability has a CVSS 4.0 severity rating (a 0-10 scale measuring how serious a vulnerability is). This means someone with legitimate access to these tools could potentially run malicious code remotely.
Claude Code, an agentic coding tool (software that can write and execute code), had a vulnerability before version 1.0.39 where it could run code from yarn plugins (add-ons for the Yarn package manager) before asking the user for permission, but only on machines with Yarn 3.0 or newer. This attack required tricking a user into opening Claude Code in an untrusted directory (a folder with malicious code).
Nagios Log Server versions before 2026R1.0.1 have a command injection vulnerability (a flaw where attackers can insert malicious commands into input fields) in its experimental Natural Language Queries feature. An authenticated user (someone with a valid login) can exploit this by entering crafted values in the Global Settings page to run arbitrary commands on the server as the 'www-data' user (the account the web server runs under), potentially taking over the entire Log Server.
Slither-MCP is a new tool that connects LLMs (large language models) with Slither's static analysis engine (a tool that examines code without running it to find bugs), making it easier for AI systems to analyze and audit smart contracts written in Solidity (a programming language for blockchain). Instead of using basic search tools, LLMs can now directly ask Slither to find function implementations and security issues more accurately and efficiently.
Trail of Bits released open-source Go implementations of ML-DSA and SLH-DSA, two NIST-standardized post-quantum signature algorithms (cryptographic methods designed to resist attacks from quantum computers). The team engineered these libraries to be constant-time, meaning they execute in the same amount of time regardless of input values, to prevent side-channel attacks (security breaches that exploit physical characteristics like timing or power consumption rather than the algorithm itself) like the KyberSlash vulnerability that affected earlier Kyber implementations.
The LifterLMS WordPress plugin has a privilege escalation vulnerability (CVE-2025-11923) where the plugin fails to properly verify user identity before allowing role changes through the REST API (a standard way for programs to communicate and exchange data). This allows attackers with student-level access to promote themselves to administrator by sending a specially crafted request to modify their own role. The vulnerability affects multiple versions of the plugin ranging from 3.5.3 through 9.1.0.
PyTorch versions 2.5 and 2.7.1 have a bug where forgetting to call profiler.stop() can cause torch.profiler.profile (a Python tool that measures code performance) to crash or hang, resulting in a Denial of Service (DoS, where a system becomes unavailable). The underlying issue involves improper locking (a mechanism that controls how multiple processes access shared resources).
A flaw in the Observability Operator allows an attacker with limited namespace-level permissions to escalate their access to the entire cluster by creating a MonitorStack resource and then impersonating a highly-privileged ServiceAccount (a Kubernetes identity that the Operator automatically creates). This privilege escalation (gaining unauthorized higher-level access) could let an attacker take control of the entire Kubernetes cluster.
The WP Import – Ultimate CSV XML Importer plugin for WordPress has a security flaw in versions up to 7.33 where the showsetting() function is missing an authorization check (a verification that the person accessing it has permission). This allows authenticated attackers with Author-level access or higher to extract sensitive information, including OpenAI API keys (secret credentials used to access the OpenAI service) that are configured through the plugin's admin interface.
CVE-2025-33202 is a stack overflow vulnerability (a memory safety bug where a program writes too much data into a reserved area of memory) in NVIDIA's Triton Inference Server for Linux and Windows. An attacker could exploit this by sending extremely large data payloads, potentially crashing the service and making it unavailable to users (denial of service).
CVE-2025-62453 is a vulnerability in GitHub Copilot and Visual Studio Code where improper validation of generative AI output (not properly checking what the AI generates) allows an authorized attacker to bypass a security feature on their local computer. The vulnerability is classified as a protection mechanism failure (CWE-693, a flaw in how security controls are designed).
A path traversal vulnerability (CWE-22, where an attacker manipulates file paths to access files outside their intended directory) was discovered in Visual Studio Code's CoPilot Chat Extension that allows an authorized attacker to bypass a security feature on their local computer. The vulnerability is tracked as CVE-2025-62449 and was reported by Microsoft Corporation.
CVE-2025-62222 is a command injection vulnerability (where an attacker tricks software into running unintended commands) in the Visual Studio Code CoPilot Chat Extension that allows an unauthorized attacker to execute code over a network. The vulnerability stems from improper neutralization of special elements in commands and inadequate input validation (checking that data is safe before using it).
Milvus, an open-source vector database (a specialized database that stores and searches data based on similarity patterns, used in AI applications), has a critical vulnerability in older versions that allows attackers to skip authentication and gain full admin control over the database without needing a password. This means attackers could read, change, or delete any data and perform administrative tasks like managing databases.
This release notes document describes version updates across multiple llama-index (a framework for building AI applications with language models) components, including fixes for bugs like a ReActOutputParser (a tool that interprets AI agent outputs) getting stuck, improved support for multiple AI model providers like OpenAI and Google Gemini, and updates to various integrations with external services. The updates span from core functionality fixes to documentation improvements and SDK compatibility updates across dozens of sub-packages.
Fix: This issue has been patched in version 0.11.1. Users should upgrade to vLLM version 0.11.1 or later.
NVD/CVE DatabaseFix: Update to vLLM version 0.11.1 or later. The source states: 'This issue has been patched in version 0.11.1.'
NVD/CVE DatabaseFix: Update to version 2.0.31 or later. The issue has been patched in version 2.0.31.
NVD/CVE DatabaseFix: Update Claude Code to version 1.0.39 or later. The source states: 'This issue has been patched in version 1.0.39.'
NVD/CVE DatabaseFix: Update Nagios Log Server to version 2026R1.0.1 or later.
NVD/CVE DatabaseFix: The source describes a technique for removing branches (conditional decision points) from cryptographic code using bit masking, two's complement, and XOR (exclusive OR, a logical operation) to perform both sides of a condition and then use a constant-time conditional swap based on the condition to obtain the correct result. However, the source does not provide a complete, production-ready solution—it only shows partial code examples and states they are 'Not secure -- DO NOT USE.' The source does not mention specific updates, patches, or versions that users should apply.
Trail of Bits BlogThis research paper argues that the real problem with machine learning classifiers isn't that robustness (resistance to adversarial attacks, where small malicious changes trick the AI) and accuracy are fundamentally opposed, but rather that continuous functions (smooth mathematical functions without jumps or breaks) cannot achieve both properties simultaneously. The authors propose that effective robust and accurate classifiers should use discontinuous functions (functions with breaks or sudden changes) instead, and show that understanding this continuity property is crucial for building, analyzing, and testing modern machine learning models.
Fix: Upgrade to Milvus versions 2.4.24, 2.5.21, or 2.6.5. Alternatively, if upgrading immediately is not possible, remove the sourceID header from all incoming requests at the gateway, API gateway, or load balancer level before requests reach the Milvus Proxy component. This prevents attackers from exploiting the authentication bypass.
NVD/CVE Database