SDxCentral

VU#148244: PandasAI interactive prompt function can be exploited to run arbitrary Python code through prompt injection, which can lead to remote code execution (RCE)

PandasAI, an open source project by SinaptikAI, has been found vulnerable to Prompt Injection attacks. An attacker with access to the chat prompt can craft malicious input that is interpreted as code, ...

A critical n8n flaw has been discovered - here's how to stay safe

A patch and workarounds are available.
DataBreachToday

Flaw in AI Libraries Exposes Models to Remote Code Execution

Researchers discovered remote code execution vulnerabilities in three AI libraries from Apple, Salesforce and Nvidia used by ...
CSOonline

Critical flaw in AI agent dev tool Langflow under active exploitation

Researchers from security firm Trend Micro warn that a critical remote code execution vulnerability patched in April in the Langflow AI agent framework is being exploited to deploy botnet malware. The ...

Popular Python libraries used in Hugging Face models subject to poisoned metadata attack

The open-source libraries were created by Salesforce, Nvidia, and Apple with a Swiss group Vulnerabilities in popular AI and ...