All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
This paper proposes CQT-AKA, a security method for mobile devices that combines cancelable biometrics (fingerprints or facial features that can be regenerated if compromised) with quantum-resistant encryption (protection against future powerful computers) to securely exchange encryption keys between devices. The approach is more secure than traditional methods that rely on passwords or smart cards alone, and it works well on resource-limited devices because it requires less storage and computing power.
Codex CLI (a coding tool from OpenAI that runs on your computer) versions 0.2.0 to 0.38.0 had a sandbox bug that allowed the AI model to trick the system into writing files and running commands outside the intended workspace folder. The sandbox (a restricted area meant to contain the tool's actions) wasn't properly checking where it should allow file access, which bypassed security boundaries, though network restrictions still worked.
Flowise is a tool with a visual interface for building customized AI workflows. Before August 2025, free-tier users on Flowise Cloud could access sensitive secrets (like API keys for OpenAI, AWS, and Google Cloud) belonging to other users through a Custom JavaScript Function node, exposing data across different user accounts. This cross-tenant data exposure vulnerability has been patched in the August 2025 update.
Flowise version 3.0.5 has a remote code execution (RCE, where an attacker can run commands on a system they don't own) vulnerability in its CustomMCP node. When users input configuration settings, the software unsafely executes the input as JavaScript code using the Function() constructor without checking if it's safe, allowing attackers to access dangerous system functions like running programs or reading files.
Flowise version 3.0.5 contains a Server-Side Request Forgery vulnerability (SSRF, a flaw that lets attackers trick the server into making requests to internal networks on their behalf) in the /api/v1/fetch-links endpoint, allowing attackers to use the Flowise server as a proxy to access and explore internal web services. This vulnerability was patched in version 3.0.6.
A vulnerability (CVE-2025-10772) was found in huggingface LeRobot versions up to 0.3.3 in the ZeroMQ Socket Handler (a tool for sending messages between programs), which allows attackers to bypass authentication (verification of who you are) when accessing the system from within a local network. The vendor was notified but did not respond with a fix.
A memory leak (wasted memory that isn't freed) occurs in the Linux kernel's PPP (Point-to-Point Protocol, a networking method) compression code when memory allocation fails. The function pad_compress_skb() returns NULL without freeing the old network packet, and the calling code then loses track of that packet, preventing it from being properly cleaned up.
A vulnerability in Keras (a machine learning library) allows attackers to run arbitrary code on a system by creating a malicious .keras model file that tricks the load_model function into disabling its safety protections, even when safe_mode is enabled. The attacker does this by embedding a command in the model's configuration file that turns off safe mode, then hiding executable code in a Lambda layer (a Keras feature that can contain custom Python code), allowing the malicious code to run when the model is loaded.
A vulnerability exists in Keras' Model.load_model method where specially crafted .h5 or .hdf5 model files (archive formats that store trained AI models) can execute arbitrary code on a system, even when safe_mode is enabled to prevent this. The attack works by embedding malicious pickled code (serialized Python code) in a Lambda layer, a Keras feature that allows custom Python functions, which bypasses the intended security protection.
Lobe Chat, an open-source AI chat framework, has a cross-site scripting vulnerability (XSS, where attackers inject malicious code into web pages) in versions before 1.129.4. When the app renders certain chat messages containing SVG images, it uses a method called dangerouslySetInnerHTML that doesn't filter the content, allowing attackers who can inject code into chat messages (through malicious websites, compromised servers, or tool integrations) to potentially run commands on the user's computer.
CVE-2025-23336 is a vulnerability in NVIDIA Triton Inference Server (software that runs AI models on Windows and Linux) where an attacker could cause a denial of service (making the system unavailable) by loading a misconfigured model. The vulnerability stems from improper input validation (the system not properly checking whether data is safe before using it).
CVE-2025-23329 is a vulnerability in NVIDIA Triton Inference Server (a tool used to run AI models efficiently) on Windows and Linux where an attacker could damage data in memory by accessing a shared memory region used by the Python backend, potentially causing the service to crash. The vulnerability involves improper access control (failing to properly restrict who can access certain resources) and out-of-bounds writing (writing data to memory locations it shouldn't).
CVE-2025-23328 is a vulnerability in NVIDIA Triton Inference Server (software that runs AI models on Windows and Linux) where an attacker could send specially crafted input to cause an out-of-bounds write (writing data outside the intended memory location), potentially causing a denial of service (making the service unavailable). The vulnerability has a CVSS score of 4.0, indicating moderate severity.
NVIDIA Triton Inference Server for Windows and Linux has a vulnerability in its Python backend that allows attackers to execute arbitrary code remotely by manipulating the model name parameter in model control APIs (functions that manage AI models). This vulnerability could lead to remote code execution (RCE, where an attacker runs commands on a system they don't own), denial of service (making the system unavailable), information disclosure (exposing sensitive data), and data tampering (modifying stored information).
NVIDIA Triton Inference Server has a vulnerability in its DALI backend (a component that processes data) where improper input validation (the failure to check if data is safe before using it) allows attackers to execute code on the system. The issue is classified as CWE-20, a common weakness type related to input validation problems.
picklescan is a tool that checks if pickle files (a Python format for storing objects) are safe before loading them, but versions up to 0.0.30 have a vulnerability where attackers can bypass these safety checks by giving a malicious pickle file a PyTorch-related file extension. When the tool incorrectly marks this file as safe and it gets loaded, the attacker's malicious code can run on the system.
n8n, an open source workflow automation platform, has a stored XSS vulnerability (cross-site scripting, where malicious code is saved and runs in users' browsers) in versions 1.24.0 through 1.106.x. An authorized user can inject harmful JavaScript into the initialMessages field of the LangChain Chat Trigger node, and if public access is enabled, this code runs in the browsers of anyone visiting the public chat link, potentially allowing attackers to steal cookies or sensitive data through phishing.
CVE-2022-50326 is a memory leak (unused memory that is never freed) in the Linux kernel's airspy media driver. A previous update moved a variable called buf from the stack (temporary memory) to the heap (longer-term memory), but the code only freed this memory when errors occurred, not when the function succeeded, leaving memory wasted.
Recommender systems (platforms that suggest products or services to users) are vulnerable to data poisoning attacks (malicious manipulation of the data the system learns from to make it behave incorrectly). This paper presents METT, a detection method that identifies these attacks even when they are carefully hidden or small-scale, using techniques like causality inference (analyzing cause-and-effect relationships in user behavior) and a disturbance tolerance mechanism (a way to distinguish real attack patterns from false alarms).
Fix: Update to Codex CLI 0.39.0 or later, which fixes the sandbox boundary validation. The patch now checks that the sandbox boundaries are based on where the user started the session, not on paths generated by the model. If using the Codex IDE extension, update immediately to version 0.4.12. Users on 0.38.0 or earlier should update via their package manager or reinstall the latest version.
NVD/CVE DatabaseFix: Update to the August 2025 Cloud-Hosted Flowise version or later, which includes the patch for this vulnerability.
NVD/CVE DatabaseFix: This issue has been patched in version 3.0.6.
NVD/CVE DatabaseFix: Update to version 3.0.6, which contains the patch for this vulnerability.
NVD/CVE DatabaseThis research presents a self-supervised learning (SSL, a training method where an AI learns patterns from unlabeled data without human annotations) framework to help soft robots understand their own body position and movement. The key innovation is that the approach uses large amounts of unannotated data to train an initial model, then fine-tunes it with just a small set of labeled examples, requiring only about 5% of the annotated data that traditional supervised learning methods need while achieving better results.
Fix: Align pad_compress_skb() semantics with realloc() (a memory function that only frees old data if new allocation succeeds). Only free the old skb (socket buffer, a data structure holding a network packet) if allocation and compression succeed. At the call site, use the new_skb variable so the original skb is not lost when pad_compress_skb() fails.
NVD/CVE DatabaseFix: Update to Lobe Chat version 1.129.4 or later, where this vulnerability is fixed.
NVD/CVE DatabaseFix: Update to version 1.107.0 or later. As a workaround, the affected chatTrigger node can be disabled.
NVD/CVE DatabaseFix: Fix this by freeing buf in the success path since this variable does not have any references in other code. The patch is available at: https://git.kernel.org/stable/c/23bc5eb55f8c9607965c20d9ddcc13cb1ae59568 and https://git.kernel.org/stable/c/f4285dd02b6b2ca3435b65fb62c053dd9408fd71
NVD/CVE Database