Bleeping Computer

Max-severity flaw in ChromaDB for AI apps allows server hijacking

A max-severity vulnerability in the latest Python FastAPI version of the ChromaDB project allows unauthenticated attackers to run arbitrary code on exposed servers. The flaw is tracked as ...

Millions of AI agents imperiled by critical vulnerability in open source package

Millions of AI agents and tools around the world have been imperiled by a critical vulnerability that can allow hackers to breach the servers running them and make off with sensitive data and ...
CSO Online

FastAPI-based AI tools exposed to authentication bypass by flaw in Starlette framework

Researchers who found the bug warn that its Moderate rating understates a threat reaching across LLM gateways, MCP servers and agent infrastructure.
GitHub

Srinivas0527/fastapi-modular-template

Authentication, JWT, Redis, and RBAC are excluded from this template. They are designed to be plugged in later without structural changes. See Adding Authentication below.
The Hacker News

ThreatsDay Bulletin: Linux Rootkits, Router 0-Day, AI Intrusions, Scam Kits and 25 New Stories

A token leaks. A bad package slips in. A login trick works. An old tool shows up again. At first, it feels like the usual mess. Then you see the pattern: attackers are not always breaking in. They are ...
GitHub

wayn111/fastapi-ai-chat-demo

一个基于FastAPI和多AI提供商的智能聊天应用,支持连续多轮对话、流式响应、图片理解等功能。 fastapi-ai-chat-demo/ ├── main.py # 主应用文件 ├── config.py # 配置管理 ├── start_server.py # 启动脚本 ...