All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
CVE-2025-0649 is a bug in Google's TensorFlow Serving (a tool that runs machine learning models as a service) versions up to 2.18.0 where incorrect handling of JSON input can cause unbounded recursion (a program calling itself repeatedly without stopping), leading to server crashes. This vulnerability has a CVSS score (a 0-10 rating of how severe a vulnerability is) of 8.9, indicating high severity. The issue relates to out-of-bounds writes (writing data to unintended memory locations) and stack-based buffer overflow (overflowing a memory region meant for temporary data).
Fix: A patch is available at https://github.com/tensorflow/serving/commit/6cb013167d13f2ed3930aabb86dbc2c8c53f5adf (identified by Google Inc. as the official patch for this vulnerability).
NVD/CVE DatabaseCVE-2025-30165 is a vulnerability in vLLM (a system for running large language models) that affects multi-node deployments using the V0 engine. The vulnerability exists because vLLM deserializes (converts from storage format back into usable data) incoming network messages using pickle, an unsafe method that allows attackers to execute arbitrary code on secondary hosts. This could let an attacker compromise an entire vLLM deployment if they control the primary host or use network-level attacks like ARP cache poisoning (redirecting network traffic to a malicious server).
CVE-2025-25014 is a prototype pollution vulnerability (a type of bug where an attacker modifies the basic template that objects are built from) in Kibana that allows attackers to execute arbitrary code (run commands they shouldn't be able to run) by sending specially crafted HTTP requests (malicious web requests) to machine learning and reporting endpoints. The vulnerability affects multiple versions of Kibana and was identified by Elastic.
The Terraform WinDNS Provider (a tool for managing Windows DNS servers through Terraform, an infrastructure automation tool) had a security flaw before version 1.0.5 where the `windns_record` resource didn't properly validate user input, allowing authenticated command injection (an attack where malicious commands are sneaked into legitimate input to execute unauthorized code in the underlying PowerShell command prompt). This vulnerability only affects users who already have authentication access to the system.
A vulnerability (CVE-2025-4287) was found in PyTorch 2.6.0+cu124 in a function that handles GPU communication, which can be exploited to cause a denial of service (making a system or service stop working) by someone with local access to the computer. The vulnerability has been publicly disclosed and rated as medium severity.
Retrieval-based-Voice-Conversion-WebUI (a framework for changing voices using AI) in version 2.2.231006 and earlier has a critical vulnerability where user input is passed unsafely to a function that loads model files using torch.load (a Python tool that can execute code from files). An attacker could exploit this by providing a malicious model file path, leading to RCE (remote code execution, where an attacker can run commands on the system).
Retrieval-based-Voice-Conversion-WebUI, a voice changing framework, has a vulnerability in versions 2.2.231006 and earlier where user input (like a file path) is passed directly to torch.load (a function that reads model files). This unsafe deserialization (loading untrusted data that could contain malicious code) allows attackers to execute arbitrary commands on the system running the software.
Retrieval-based-Voice-Conversion-WebUI is a voice changing tool that has a security flaw in versions 2.2.231006 and earlier. The vulnerability allows unsafe deserialization (loading untrusted data that could contain malicious code) when the program takes user input for a model file path and loads it using torch.load, which could let attackers run arbitrary code on the system.
Retrieval-based-Voice-Conversion-WebUI, a voice changing tool, has a vulnerability in versions 2.2.231006 and earlier where unsafe deserialization (loading data in a way that can execute malicious code) allows attackers to run code remotely. The problem occurs because the software takes user input for model file paths and loads them using torch.load without proper safety checks, enabling RCE (remote code execution, where attackers can run commands on the affected system).
Retrieval-based-Voice-Conversion-WebUI, a voice-changing tool, has a vulnerability in versions 2.2.231006 and earlier where user input for model file paths is passed unsafely to torch.load (a function that loads saved AI models). This unsafe deserialization (loading data from untrusted sources without checking it first) can allow attackers to run arbitrary code on the system.
Retrieval-based-Voice-Conversion-WebUI, a voice-changing framework, has a critical vulnerability in versions 2.2.231006 and earlier where unsafe deserialization (loading data from untrusted sources without checking it first) can occur. An attacker can exploit this by providing a malicious file path that gets loaded using torch.load, which can lead to RCE (remote code execution, where an attacker runs commands on a system they don't own).
Retrieval-based-Voice-Conversion-WebUI, a voice changing tool based on VITS (a voice synthesis model), has a vulnerability in versions 2.2.231006 and earlier where user-supplied file paths are loaded directly using torch.load (a function that can execute code when loading files), allowing attackers to run arbitrary code on the system. This happens because the ckpt_path1 variable accepts untrusted input and passes it unsafely to a model-loading function.
A vulnerability in the Linux kernel on s390 systems caused a use-after-free bug (accessing memory after it has been freed) in PCI resources when individual functions on multi-function devices were hot-unplugged and then re-added. The bug occurred because the system kept stale references to freed memory resources, which could be incorrectly claimed when the device reappeared.
CVE-2023-53043 is a bug in the Linux kernel where a PCIe controller (a hardware component that manages data transfer between a computer and devices connected via PCIe, a high-speed connection standard) was not marked as cache coherent (meaning the system wasn't told that data in the fast-access memory matches data in main memory). This could cause data corruption when the kernel tried to manage memory operations. The fix marks the PCIe node with the dma-coherent flag to tell the system that PCIe devices maintain cache coherency.
AI regulatory sandboxes are controlled testing environments where companies can develop and test AI systems with guidance from regulators before releasing them to the public, as required by the EU AI Act (EU's new rules for artificial intelligence). These sandboxes help companies understand what regulations they must follow, protect them from fines if they follow official guidance, and make it easier for small startups to enter the market. Each EU Member State must create at least one sandbox by August 2, 2026, though different countries are taking different approaches to organizing them.
CVE-2025-46567 is a critical vulnerability in LLaMA-Factory (a tool for fine-tuning large language models) that exists before version 1.0.0. The vulnerability is in the `llamafy_baichuan2.py` script, which unsafely loads user-supplied files using `torch.load()` (a function that deserializes, or reconstructs, Python objects from saved data), allowing attackers to execute arbitrary commands by crafting a malicious file.
A deadlock (a situation where the system gets stuck because two parts of code are waiting for each other) was discovered in the Linux kernel's VLAN (virtual LAN, a way to create multiple logical networks on one physical device) handling code. The problem occurred when virtual network devices tried to acquire the same lock twice during network interface initialization, causing the system to hang. The fix changes when certain network flags are propagated, moving them from the device open process to the flag change process instead.
vLLM (a system for running large language models efficiently) versions 0.8.0 through 0.8.4 have a critical performance bug in how it processes multimodal input (text, images, audio). The bug uses an inefficient algorithm (quadratic time complexity, meaning it slows down exponentially as input size grows) when replacing placeholder tokens (special markers like <|audio_|> that get expanded into repeated tokens), which allows attackers to crash or freeze the system by sending specially crafted malicious inputs.
Fix: The maintainers recommend that users ensure their environment is on a secure network. Additionally, the V0 engine has been off by default since v0.8.0, and the V1 engine is not affected by this issue.
NVD/CVE DatabaseFix: A security update is available from Elastic for Kibana versions 8.17.6, 8.18.1, or 9.0.1, as referenced in the Elastic vendor advisory at https://discuss.elastic.co/t/kibana-8-17-6-8-18-1-or-9-0-1-security-update-esa-2025-07/377868.
NVD/CVE DatabaseFix: Update to version 1.0.5, which contains a fix for the issue.
NVD/CVE DatabaseFix: Apply the patch identified as commit 5827d2061dcb4acd05ac5f8e65d8693a481ba0f5, which is recommended to fix this issue.
NVD/CVE DatabaseChatGPT has two memory features: saved memories (which users can manage) and chat history (a newer feature that builds a profile over time without user visibility or control). The chat history feature doesn't search past conversations but maintains recent chat history and learns user preferences, though the implementation details are not publicly documented, and users cannot inspect or modify what the system learns about them unless they use prompt hacking (manipulating the AI's instructions to reveal hidden information).
Fix: The fix introduces a new function called pci_bus_remove_resource() to remove individual resources from the PCI bus's resource list when a PCI function is hot-unplugged, while leaving other functions' resources untouched. Additionally, the MMIO resources (memory-mapped I/O addresses that allow software to communicate with hardware) are no longer added to the struct zpci_bus's resource list, and instead the zpci_bar_struct's resource pointer is used directly.
NVD/CVE DatabaseThe Model Context Protocol (MCP) is a system that lets AI applications discover and use external tools from servers at runtime (while the program is running). However, MCP has a security weakness: because servers can send instructions through the tool descriptions, they can perform prompt injection (tricking an AI by hiding instructions in its input) to control the AI client, making servers more powerful than they should be.
Fix: Mark the PCIe node as dma-coherent in the device tree configuration. Patches are available at: https://git.kernel.org/stable/c/267b899375bf38944d915c9654d6eb434edad0ce, https://git.kernel.org/stable/c/8a63441e83724fee1ef3fd37b237d40d90780766, and https://git.kernel.org/stable/c/e43bba938e2c9104bb4f8bc417ac4d7bb29755e1
NVD/CVE DatabaseFix: This issue has been patched in version 1.0.0. Users should upgrade to version 1.0.0 or later. A patch is available at: https://github.com/hiyouga/LLaMA-Factory/commit/2989d39239d2f46e584c1e1180ba46b9768afb2a
NVD/CVE DatabaseFix: Propagate allmulti (receiving all multicast traffic) and promisc (promiscuous mode, receiving all traffic) flags on flags change, not on the open operation. This prevents the recursive locking issue by avoiding the need to re-acquire the same lock during device initialization.
NVD/CVE DatabaseFix: This issue has been patched in version 0.8.5.
NVD/CVE Database