Tag
#cve
10 posts tagged cve.
- deep-dive
The Gentlemen Ransomware: AI-Assisted Development, 332 Victims, and the OSINT Trail That Exposed a Russian Admin
Security researchers have identified the suspected administrator of The Gentlemen, the world's second-most-active RaaS by victim count, as a Russian
- disclosure
Machine Learning Security: Attack Taxonomy, CVEs, and Defenses
A technical overview of machine learning security threats in 2026: NIST's adversarial ML taxonomy, MITRE ATLAS attack classes, the CVE-2025-62164 vLLM
- disclosure
OpenAI Security: Bug Bounties, CVE Disclosure, Mixpanel Breach
A practitioner's overview of OpenAI security in 2026: their bug bounty program, CNA status, the November 2025 Mixpanel breach, and what security teams
- analysis
CISA's KEV Catalog: What It Tells Us About AI/ML Security
The CISA KEV catalog tracks vulnerabilities with confirmed active exploitation. Examining KEV entries for AI/ML-adjacent components reveals which parts of
- cve-roundup
CVE Roundup: AI/ML Infrastructure Vulnerabilities — Q1 2026
A quarterly review of critical CVEs disclosed in Q1 2026 affecting model serving infrastructure: vLLM, NVIDIA Triton Inference Server, Gradio, LangChain
- cve
CVE-2026-7845: Hash Collision in Langchain-Chatchat
A weak-hash flaw in Langchain-Chatchat up to 0.3.1.3 lets an adjacent attacker overwrite pasted images by colliding MD5 hashes computed from PIL.Image.
- cve-roundup
AI/ML CVE Roundup: May 2026 — What Got Patched
A summary of AI and ML-adjacent CVEs disclosed in early–mid 2026 across model serving frameworks, LLM API gateways, agent SDKs, and ML training libraries.
- cve
MetInfo CMS CVE-2026-29014 Exploited in the Wild for RCE
A critical unauthenticated PHP code injection flaw in MetInfo CMS 7.9–8.1 (CVSS 9.8) is under active exploitation. Patch to the April 7 release immediately.
- cve
CISA Adds Exploited Linux Kernel LPE CVE-2026-31431 to KEV
A local privilege escalation flaw in the Linux kernel's AEAD crypto interface has been added to CISA's KEV catalog after active exploitation.
- cve
CVE-2026-7669: Deserialization Flaw in SGLang's Tokenizer Loader
A medium-severity deserialization bug in SGLang's get_tokenizer routine affects all releases up to 0.5.9. The vendor has not responded to the disclosure