aisecwatch.com
DashboardVulnerabilitiesNewsResearchArchiveStatsDatasetFor devs
Subscribe
aisecwatch.com

Real-time AI security monitoring. Tracking AI-related vulnerabilities, safety and security incidents, privacy risks, research developments, and policy changes.

Navigation

VulnerabilitiesNewsResearchDigest ArchiveNewsletter ArchiveSubscribeData SourcesStatisticsDatasetAPIIntegrationsWidgetRSS Feed

Maintained by

Truong (Jack) Luu

Information Systems Researcher

AI & LLM Vulnerabilities

Security vulnerabilities, privacy incidents, safety concerns, and policy updates affecting LLMs and AI agents.

to
Export CSV
2161 items

CVE-2024-12606: The AI Scribe – SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin Ch

mediumvulnerability
security
Jan 10, 2025
CVE-2024-12606

The AI Scribe WordPress plugin (versions up to 2.3) has a vulnerability where it fails to check user permissions before allowing changes to plugin settings. This means that attackers with basic Subscriber-level access can modify the plugin's configuration without proper authorization.

NVD/CVE Database

CVE-2024-12473: The AI Scribe – SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin Ch

mediumvulnerability
security
Jan 10, 2025
CVE-2024-12473

The AI Scribe WordPress plugin (version 2.3 and earlier) has a SQL injection vulnerability (a flaw where attackers can insert malicious database commands) in its article builder feature that allows authenticated users with Contributor-level access to extract sensitive information from the website's database. The vulnerability exists because the plugin doesn't properly clean up user input before using it in database queries.

CVE-2024-12605: The AI Scribe – SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin Ch

mediumvulnerability
security
Jan 9, 2025
CVE-2024-12605

The AI Scribe WordPress plugin (versions up to 2.3) has a CSRF vulnerability (cross-site request forgery, where an attacker tricks a logged-in admin into unknowingly making changes to the site). Because the plugin fails to properly validate nonces (security tokens that prevent forged requests), an attacker can trick a site administrator into clicking a malicious link that changes the plugin's settings without the admin's knowledge.

CVE-2024-55459: An issue in keras 3.7.0 allows attackers to write arbitrary files to the user's machine via downloading a crafted tar fi

mediumvulnerability
security
Jan 8, 2025
CVE-2024-55459

Keras version 3.7.0 has a vulnerability where attackers can write arbitrary files (files placed anywhere on your system) to a user's machine by tricking the get_file function (a tool that downloads files) into downloading a malicious tar file (a compressed file format). This happens because the function doesn't properly verify that downloaded files are legitimate before using them.

CVE-2024-12471: The Post Saint: ChatGPT, GPT4, DALL-E, Stable Diffusion, Pexels, Dezgo AI Text & Image Generator plugin for WordPress is

highvulnerability
security
Jan 7, 2025
CVE-2024-12471EPSS: 64.4%

CVE-2025-21604: LangChain4j-AIDeepin is a Retrieval enhancement generation (RAG) project. Prior to 3.5.0, LangChain4j-AIDeepin uses MD5

mediumvulnerability
security
Jan 6, 2025
CVE-2025-21604

LangChain4j-AIDeepin, a RAG (retrieval-augmented generation, where an AI pulls in external documents to answer questions) project, uses MD5 (a weak cryptographic hashing function) to hash files in versions before 3.5.0, which can cause file upload conflicts when different files produce the same hash value. This vulnerability has a CVSS score (a 0-10 rating of how severe a vulnerability is) of 6.9 and is classified as medium severity.

CVE-2024-56137: MaxKB, which stands for Max Knowledge Base, is an open source knowledge base question-answering system based on a large

mediumvulnerability
security
Jan 2, 2025
CVE-2024-56137

CVE-2024-56137 is a remote command execution vulnerability (a flaw that lets attackers run system commands from a distance) in MaxKB, an open source knowledge base system that uses RAG (retrieval-augmented generation, where an AI pulls in external documents to answer questions). Before version 1.9.0, privileged users could execute operating system commands through custom scripts, but this weakness has been patched in the newer version.

CVE-2024-56516: free-one-api allows users to access large language model reverse engineering libraries through the standard OpenAI API f

highvulnerability
security
Dec 30, 2024
CVE-2024-56516

free-one-api, a tool that lets users access large language model reverse engineering libraries (code or techniques to understand how AI models work) through OpenAI's API format, uses MD5 (a password hashing algorithm, or mathematical function to scramble passwords) to protect user passwords in versions 1.0.1 and earlier. MD5 is cryptographically broken (mathematically compromised and no longer secure), making it vulnerable to collision attacks (where attackers can forge different inputs that produce the same hash) and easy to crack with modern computers, putting user credentials at risk.

CVE-2024-56800: Firecrawl is a web scraper that allows users to extract the content of a webpage for a large language model. Versions pr

highvulnerability
security
Dec 30, 2024
CVE-2024-56800

Firecrawl, a web scraper that extracts webpage content for large language models, had a server-side request forgery vulnerability (SSRF, a flaw where an attacker tricks a server into making unwanted requests to internal networks) in versions before 1.1.1 that could expose local network resources. The cloud service was patched on December 27th, 2024, and the open-source version was patched on December 29th, 2024, with no user data exposed.

CVE-2024-11896: The Text Prompter – Unlimited chatgpt text prompts for openai tasks plugin for WordPress is vulnerable to Stored Cross-S

mediumvulnerability
security
Dec 24, 2024
CVE-2024-11896

A WordPress plugin called Text Prompter is vulnerable to stored cross-site scripting (XSS, a type of attack where harmful code is hidden in web pages and runs when users visit them) in all versions up to 1.0.7. Attackers with contributor-level access or higher can inject malicious scripts through the plugin's shortcode feature because the plugin does not properly filter or secure user input.

CVE-2024-54306: Cross-Site Request Forgery (CSRF) vulnerability in KCT AIKCT Engine Chatbot, ChatGPT, Gemini, GPT-4o Best AI Chatbot all

mediumvulnerability
security
Dec 13, 2024
CVE-2024-54306

A CSRF vulnerability (cross-site request forgery, where an attacker tricks a user into making unwanted requests on a website they're logged into) was found in the KCT AIKCT Engine Chatbot plugin affecting versions up to 1.6.2. The vulnerability allows attackers to perform unauthorized actions by exploiting this weakness in how the chatbot handles user requests.

CVE-2024-12236: A security issue exists in Vertex Gemini API for customers using VPC-SC. By utilizing a custom crafted file URI for imag

mediumvulnerability
security
Dec 10, 2024
CVE-2024-12236

A security vulnerability in Google's Vertex Gemini API (a generative AI service) affects customers using VPC-SC (VPC Service Controls, a security tool that restricts data leaving a virtual private network). An attacker could craft a malicious file path that tricks the API into sending image data outside the security perimeter, bypassing the intended protections.

CVE-2024-32965: Lobe Chat is an open-source, AI chat framework. Versions of lobe-chat prior to 1.19.13 have an unauthorized ssrf vulnera

highvulnerability
security
Nov 26, 2024
CVE-2024-32965

Lobe Chat, an open-source AI chat framework, has a vulnerability in versions before 1.19.13 that allows attackers to perform SSRF (server-side request forgery, where an attacker tricks a server into making unauthorized requests to other systems) without logging in. Attackers can exploit this to scan internal networks and steal sensitive information like API keys stored in authentication headers.

CVE-2024-49038: Improper neutralization of input during web page generation ('Cross-site Scripting') in Copilot Studio by an unauthorize

criticalvulnerability
security
Nov 26, 2024
CVE-2024-49038

CVE-2024-49038 is a cross-site scripting (XSS, a type of attack where malicious code is injected into a webpage to trick users) vulnerability in Microsoft Copilot Studio that allows an unauthorized attacker to gain elevated privileges over a network by exploiting improper handling of user input during webpage generation.

CVE-2024-53258: Autolab is a course management service that enables auto-graded programming assignments. From Autolab versions v.3.0.0 o

mediumvulnerability
security
Nov 25, 2024
CVE-2024-53258

Autolab is a course management system that automatically grades programming assignments. A vulnerability in versions 3.0.0 and later allows any logged-in student to download all submissions from other students or even instructor test files using the download_all_submissions feature, potentially exposing private coursework to unauthorized people.

CVE-2024-27134: Excessive directory permissions in MLflow leads to local privilege escalation when using spark_udf. This behavior can be

highvulnerability
security
Nov 25, 2024
CVE-2024-27134

MLflow has a vulnerability (CVE-2024-27134) where directories have overly permissive access settings, allowing a local attacker to gain elevated permissions through a ToCToU attack (a race condition where an attacker exploits the gap between when a program checks permissions and when it uses a resource). This only affects code using the spark_udf() MLflow API.

CVE-2024-11394: Hugging Face Transformers Trax Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnera

highvulnerability
security
Nov 22, 2024
CVE-2024-11394EPSS: 59.4%

CVE-2024-11393: Hugging Face Transformers MaskFormer Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This v

highvulnerability
security
Nov 22, 2024
CVE-2024-11393EPSS: 76.1%

CVE-2024-11392: Hugging Face Transformers MobileViTV2 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulner

highvulnerability
security
Nov 22, 2024
CVE-2024-11392EPSS: 53.1%

CVE-2024-52803: LLama Factory enables fine-tuning of large language models. A critical remote OS command injection vulnerability has bee

highvulnerability
security
Nov 21, 2024
CVE-2024-52803

LLama Factory, a tool for fine-tuning large language models (AI systems trained on specific tasks or data), has a critical vulnerability that lets attackers run arbitrary commands on the computer running it. The flaw comes from unsafe handling of user input, specifically using a Python function called `Popen` with `shell=True` (a setting that interprets input as system commands) without checking or cleaning the input first.

Previous71 / 109Next
NVD/CVE Database
NVD/CVE Database
NVD/CVE Database

A WordPress plugin called 'The Post Saint' (used to generate AI text and images) has a security flaw in versions up to 1.3.1 where it fails to check user permissions and validate file types when uploading files. This allows attackers with basic user accounts to upload malicious files that could let them execute arbitrary code (RCE, running unauthorized commands) on the website.

NVD/CVE Database

Fix: Update to version 3.5.0 or later. According to the source, 'This issue is fixed in 3.5.0.'

NVD/CVE Database

Fix: The vulnerability has been fixed in v1.9.0.

NVD/CVE Database
NVD/CVE Database

Fix: All open-source Firecrawl users should upgrade to v1.1.1. For the unpatched playwright services, users should configure a secure proxy by setting the `PROXY_SERVER` environment variable and ensure the proxy is configured to block all traffic to link-local IP addresses (see documentation for setup instructions).

NVD/CVE Database
NVD/CVE Database
NVD/CVE Database

Fix: Google Cloud Platform implemented a fix to return an error message when a media file URL is specified in the fileUri parameter and VPC Service Controls is enabled. No further fix actions are needed.

NVD/CVE Database

Fix: Upgrade to lobe-chat version 1.19.13 or later. According to the source, 'This issue has been addressed in release version 1.19.13 and all users are advised to upgrade.' There are no known workarounds for this vulnerability.

NVD/CVE Database
NVD/CVE Database

Fix: The issue has been patched in commit `1aa4c769`, which is expected to be included in version 3.0.3. Users can either manually patch their installation or wait for version 3.0.3 to be released. As an immediate temporary workaround, administrators can disable the download_all_submissions feature.

NVD/CVE Database

Fix: A patch is available at https://github.com/mlflow/mlflow/pull/10874, though the source does not specify which MLflow version contains the fix.

NVD/CVE Database

A security flaw in Hugging Face Transformers allows attackers to run arbitrary code (RCE, remote code execution) on a user's computer by tricking them into opening a malicious file or visiting a malicious webpage. The vulnerability happens because the software doesn't properly validate data when loading model files, allowing untrusted data to be deserialized (converted from storage format back into a running program).

NVD/CVE Database

A vulnerability in Hugging Face Transformers' MaskFormer model allows attackers to run arbitrary code (RCE, or remote code execution) on a user's computer if they visit a malicious webpage or open a malicious file. The flaw occurs because the model file parser doesn't properly validate user-supplied data before deserializing it (converting saved data back into working code), allowing attackers to inject and execute malicious code.

NVD/CVE Database

Hugging Face Transformers MobileViTV2 has a vulnerability where attackers can execute arbitrary code (running commands they choose) by tricking users into visiting malicious pages or opening malicious files that contain specially crafted configuration files. The flaw happens because the software doesn't properly check (validate) data before deserializing it (converting it from stored format back into usable code), allowing untrusted data to be executed.

NVD/CVE Database

Fix: This vulnerability is fixed in version 0.9.1.

NVD/CVE Database