aisecwatch.com
DashboardVulnerabilitiesNewsResearchArchiveStatsDatasetFor devs
Subscribe
aisecwatch.com

Real-time AI security monitoring. Tracking AI-related vulnerabilities, safety and security incidents, privacy risks, research developments, and policy changes.

Navigation

VulnerabilitiesNewsResearchDigest ArchiveNewsletter ArchiveSubscribeData SourcesStatisticsDatasetAPIIntegrationsWidgetRSS Feed

Maintained by

Truong (Jack) Luu

Information Systems Researcher

AI & LLM Vulnerabilities

Security vulnerabilities, privacy incidents, safety concerns, and policy updates affecting LLMs and AI agents.

to
Export CSV
2161 items

CVE-2024-51743: MarkUs is a web application for the submission and grading of student assignments. In versions prior to 2.4.8, an arbitr

highvulnerability
security
Nov 18, 2024
CVE-2024-51743

MarkUs (a web application for student assignment submission and grading) has a vulnerability in versions before 2.4.8 that allows authenticated instructors to write files anywhere on the web server, potentially leading to remote code execution (the ability to run commands on a system from a distance). This happens because the file upload methods don't properly restrict where files can be saved.

Fix: Upgrade to MarkUs v2.4.8 or later. The source states: 'MarkUs v2.4.8 has addressed this issue' and notes that 'no known workarounds are available at the application level aside from upgrading.'

NVD/CVE Database

CVE-2024-52384: Unrestricted Upload of File with Dangerous Type vulnerability in Sage AI Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles,

criticalvulnerability
security
Nov 14, 2024
CVE-2024-52384

A WordPress plugin called Sage AI (which provides chatbots, GPT-4 article generation, and image creation features) has a vulnerability (CVE-2024-52384) that allows unrestricted uploading of dangerous file types, enabling attackers to upload web shells (malicious scripts that give attackers control of a web server). This vulnerability affects all versions up to and including version 2.4.9.

CVE-2024-52383: Missing Authorization vulnerability in KCT Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One a

highvulnerability
security
Nov 14, 2024
CVE-2024-52383

CVE-2024-52383 is a missing authorization vulnerability (a flaw where the software fails to check if a user has permission to perform an action) in the KCT Ai Auto Tool Content Writing Assistant plugin for WordPress, affecting versions up to 2.1.2. This vulnerability allows attackers to exploit incorrectly configured access control (permission settings) to gain unauthorized access.

CVE-2024-21799: Path traversal for some Intel(R) Extension for Transformers software before version 1.5 may allow an authenticated user

highvulnerability
security
Nov 13, 2024
CVE-2024-21799

CVE-2024-21799 is a path traversal vulnerability (a bug where an attacker can access files outside intended directories) in Intel Extension for Transformers software versions before 1.5 that allows authenticated users (those with login access) to escalate their privileges through local access. The vulnerability has a CVSS score (severity rating) of 6.9, rated as medium severity.

CVE-2024-51751: Gradio is an open-source Python package designed to enable quick builds of a demo or web application. If File or UploadB

mediumvulnerability
security
Nov 6, 2024
CVE-2024-51751

Gradio is an open-source Python package for building web applications, but versions before 5.5.0 have a vulnerability in the File and UploadButton components that allows attackers to read any files from the application server by exploiting path traversal (a technique where attackers use file paths like '../../../' to access files outside their intended directory). This happens when these components are used to preview file content.

CVE-2024-48061: langflow <=1.0.18 is vulnerable to Remote Code Execution (RCE) as any component provided the code functionality and the

criticalvulnerability
security
Nov 4, 2024
CVE-2024-48061EPSS: 10.2%

Langflow version 1.0.18 and earlier has a remote code execution vulnerability (RCE, where an attacker can run commands on a system they don't own) because components with code functionality execute on the local machine instead of in a sandbox (an isolated environment that limits what code can access). This allows any component to potentially execute arbitrary code.

CVE-2024-48052: In gradio <=4.42.0, the gr.DownloadButton function has a hidden server-side request forgery (SSRF) vulnerability. The re

mediumvulnerability
security
Nov 4, 2024
CVE-2024-48052

Gradio version 4.42.0 and earlier contain a server-side request forgery vulnerability (SSRF, a flaw where a server can be tricked into making requests to unintended targets) in the gr.DownloadButton function. The issue exists because the save_url_to_cache function doesn't validate URLs properly, allowing attackers to download local files and access sensitive information from the server.

CVE-2024-39722: An issue was discovered in Ollama before 0.1.46. It exposes which files exist on the server on which it is deployed via

highvulnerability
security
Oct 31, 2024
CVE-2024-39722EPSS: 54.4%

CVE-2024-39721: An issue was discovered in Ollama before 0.1.34. The CreateModelHandler function uses os.Open to read a file until compl

highvulnerability
security
Oct 31, 2024
CVE-2024-39721

Ollama before version 0.1.34 has a vulnerability where the CreateModelHandler function improperly reads user-controlled file paths without limits, allowing an attacker to specify a blocking file like /dev/random, which causes a goroutine (a lightweight process in Go) to run infinitely and consume resources even after the user cancels their request. This is a resource exhaustion (CWE-404: Improper Resource Shutdown or Release) issue that can disrupt service availability.

CVE-2024-39720: An issue was discovered in Ollama before 0.1.46. An attacker can use two HTTP requests to upload a malformed GGUF file c

highvulnerability
security
Oct 31, 2024
CVE-2024-39720

A vulnerability in Ollama before version 0.1.46 allows an attacker to crash the application by uploading a malformed GGUF file (a model format file) using two HTTP requests and then referencing it in a custom Modelfile. This causes a segmentation fault (a type of crash where the program tries to access memory it shouldn't), making the application unavailable.

CVE-2024-39719: An issue was discovered in Ollama through 0.3.14. File existence disclosure can occur via api/create. When calling the C

highvulnerability
security
Oct 31, 2024
CVE-2024-39719

Ollama versions through 0.3.14 have a vulnerability where the api/create endpoint leaks information about which files exist on the server. When someone calls the CreateModel route with a path that doesn't exist, the server returns an error message saying 'File does not exist', which allows attackers to probe the server's file system.

CVE-2024-42835: langflow v1.0.12 was discovered to contain a remote code execution (RCE) vulnerability via the PythonCodeTool component.

criticalvulnerability
security
Oct 31, 2024
CVE-2024-42835EPSS: 12.6%

CVE-2024-48063: In PyTorch <=2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by multiple parties because this is

criticalvulnerability
security
Oct 29, 2024
CVE-2024-48063EPSS: 18.5%

CVE-2024-8309: A vulnerability in the GraphCypherQAChain class of langchain-ai/langchain version 0.2.5 allows for SQL injection through

criticalvulnerability
security
Oct 29, 2024
CVE-2024-8309

A vulnerability in langchain version 0.2.5's GraphCypherQAChain class allows attackers to use prompt injection (tricking an AI by hiding instructions in its input) to perform SQL injection attacks on databases. This can let attackers steal data, delete information, disrupt services, or access data they shouldn't have access to, especially in systems serving multiple users.

CVE-2024-7774: A path traversal vulnerability exists in the `getFullPath` method of langchain-ai/langchainjs version 0.2.5. This vulner

criticalvulnerability
security
Oct 29, 2024
CVE-2024-7774

CVE-2024-7774 is a path traversal vulnerability (a security flaw where attackers can access files outside the intended directory) in langchain-ai/langchainjs version 0.2.5 that allows attackers to save, overwrite, read, and delete files anywhere on a system. The vulnerability exists in the `getFullPath` method and related functions because they do not properly filter or validate user input before handling file paths.

CVE-2024-7042: A vulnerability in the GraphCypherQAChain class of langchain-ai/langchainjs versions 0.2.5 and all versions with this cl

criticalvulnerability
security
Oct 29, 2024
CVE-2024-7042

A vulnerability exists in the GraphCypherQAChain class of langchain-ai/langchainjs versions 0.2.5 that allows prompt injection (tricking an AI by hiding instructions in its input), which can lead to SQL injection (inserting malicious database commands). This vulnerability could allow attackers to manipulate data, steal sensitive information, delete data to cause service outages, or breach security in systems serving multiple users.

CVE-2024-48142: A prompt injection vulnerability in the chatbox of Butterfly Effect Limited Monica ChatGPT AI Assistant v2.4.0 allows at

highvulnerability
security
Oct 24, 2024
CVE-2024-48142

CVE-2024-48142 is a prompt injection vulnerability (a technique where attackers hide malicious instructions in text sent to an AI) in Monica ChatGPT AI Assistant v2.4.0 that lets attackers steal all chat messages between a user and the AI through a specially crafted message.

CVE-2024-48140: A prompt injection vulnerability in the chatbox of Butterfly Effect Limited Monica Your AI Copilot powered by ChatGPT4 v

highvulnerability
security
Oct 24, 2024
CVE-2024-48140

A prompt injection vulnerability (tricking an AI by hiding instructions in its input) was found in Monica Your AI Copilot v6.3.0, a ChatGPT-powered browser extension. Attackers can exploit this flaw by sending a specially crafted message to access and steal all chat data between the user and the AI assistant, both from past conversations and future ones.

CVE-2024-48145: A prompt injection vulnerability in the chatbox of Netangular Technologies ChatNet AI Version v1.0 allows attackers to a

criticalvulnerability
security
Oct 24, 2024
CVE-2024-48145

CVE-2024-48145 is a prompt injection vulnerability (a type of attack where malicious instructions are hidden in text input to an AI system) in Netangular Technologies ChatNet AI Version v1.0 that allows attackers to steal all chat data between users and the AI by sending a specially crafted message. The vulnerability is classified under CWE-77 (improper neutralization of special elements used in commands), meaning the system fails to properly filter dangerous input before processing it.

CVE-2024-48144: A prompt injection vulnerability in the chatbox of Fusion Chat Chat AI Assistant Ask Me Anything v1.2.4.0 allows attacke

criticalvulnerability
security
Oct 24, 2024
CVE-2024-48144

CVE-2024-48144 is a prompt injection vulnerability (tricking an AI by hiding instructions in its input) in Fusion Chat Chat AI Assistant Ask Me Anything v1.2.4.0 that allows attackers to craft a malicious message in the chatbox to steal all previous and future conversations between the user and the AI assistant. The vulnerability is caused by improper handling of special elements in user input (CWE-77, a weakness in command injection prevention).

Previous72 / 109Next
NVD/CVE Database
NVD/CVE Database

Fix: Update Intel Extension for Transformers to version 1.5 or later.

NVD/CVE Database

Fix: Upgrade to Gradio release version 5.5.0 or later. The source explicitly states: 'This issue has been addressed in release version 5.5.0 and all users are advised to upgrade.'

NVD/CVE Database
NVD/CVE Database
NVD/CVE Database

Ollama before version 0.1.46 has a security flaw where attackers can use path traversal (a technique that manipulates file paths to access files outside their intended directory) in the api/push route to discover which files exist on the server. This allows an attacker to learn information about the server's file system that should be private.

Fix: Update Ollama to version 0.1.46 or later.

NVD/CVE Database

Fix: Update Ollama to version 0.1.34 or later.

NVD/CVE Database

Fix: Update Ollama to version 0.1.46 or later.

NVD/CVE Database
NVD/CVE Database

Langflow v1.0.12 contains a remote code execution vulnerability (RCE, where an attacker can run commands on a system they don't own) in its PythonCodeTool component. This flaw allows attackers to execute arbitrary code through the tool. The vulnerability was publicly disclosed in October 2024.

NVD/CVE Database

PyTorch versions 2.4.1 and earlier contain a vulnerability in RemoteModule that allows RCE (remote code execution, where an attacker can run commands on a system they don't own) through deserialization of untrusted data. However, multiple parties dispute whether this is actually a security flaw, arguing it is intended behavior in PyTorch's distributed computing features (tools for running AI computations across multiple machines).

NVD/CVE Database
NVD/CVE Database

Fix: A patch is available at https://github.com/langchain-ai/langchainjs/commit/a0fad77d6b569e5872bd4a9d33be0c0785e538a9

NVD/CVE Database
NVD/CVE Database
NVD/CVE Database
NVD/CVE Database
NVD/CVE Database
NVD/CVE Database