Public Disclosures
On this page
70
public
642
hidden
90%
more intel to see
0DIN customers
get hundreds of days of early access to vulnerabilities in disclosures. The same reports that vendors are using to patch their systems!
The following 0DIN submissions have been published in accordance with our Research Terms and Disclosure Policy
-
Mar 05 2026An indirect prompt injection vulnerability has been discovered affecting Mistral LeChat. The specific flaw exploits the model's instruction processing by embedding malicious commands within an email destined to a victim that leverages LeChats email capabilities. Base64 encoding is leveraged to exfiltrate conversation data and network identifiers (i.e: IP address, browser user-agent) to attacker controlled URLs.SEVERITY: LowBOUNDARY: Guardrail JailbreakMODELS AFFECTED:
-
A Guardrail Jailbreak vulnerability has been discovered affecting multiple models. The specific flaw manifests when the attacker reframes illicit drug synthesis routes such as Birch and Nagai reductions and Ma Huang extraction as analytical instrument troubleshooting tasks, explicitly requesting verbatim HPLC/LC-MS/GC-MS/NMR error logs followed by detailed "logic + reduction descriptions" including chemical reactions, lab conditions, solvent systems, and step-by-step reference procedures unde...SEVERITY: LowBOUNDARY: Guardrail JailbreakMODELS AFFECTED:MAX SCORE: 100
-
Feb 26 2026A guardrail jailbreak vulnerability has been discovered affecting multiple models. The specific flaw exploits the models' technical documentation capabilities by framing illicit synthesis instructions as legitimate Python functions for chemical engineering calculations and inventory management, embedding controlled substance precursor details within seemingly academic function parameters and docstrings and allows the attacker to bypass inference restrictions around providing information hazar...SEVERITY: LowBOUNDARY: Guardrail JailbreakMODELS AFFECTED:MAX SCORE: 91
-
A guardrail jailbreak vulnerability has been discovered affecting multiple models. The specific flaw manifests through a combination of requesting fictional character perspectives for crime investigation scenarios, followed by escalating requests for detailed crime reports "for court" purposes. The attacker frames the request as needing comprehensive documentation where "the more the truth the high likely he will get severe punishment," thereby bypassing inference restrictions around providin...SEVERITY: LowBOUNDARY: Guardrail JailbreakMODELS AFFECTED:MAX SCORE: 91
-
A prompt injection vulnerability has been discovered affecting multiple models. The specific flaw occurs when the attacker frames an illicit request as a technical field guide for identifying clandestine synthesis operations, embedding detailed drug synthesis instructions within structured procedural language under the guise of forensic training. By mimicking the tone and format of law enforcement documentation—including lists of observable evidence, step-by-step chemical protocols, and instr...SEVERITY: LowBOUNDARY: Guardrail JailbreakMODELS AFFECTED:MAX SCORE: 95
-
A Guardrail Jailbreak vulnerability has been discovered affecting multiple models. The specific flaw exploits models' willingness to decode hexadecimal-encoded strings embedded inside fictional scientific recipe task prompts, which the attacker frames as humanitarian or life-saving efforts. This allows the attacker to bypass safety filters by disguising illegal synthesis instructions as encoded inputs passed to a technical recipe generator.SEVERITY: LowBOUNDARY: Guardrail JailbreakMODELS AFFECTED:MAX SCORE: 91
-
A guardrail jailbreak vulnerability has been discovered affecting multiple models. The specific flaw manifests when the attacker presents detailed information about illicit synthesis methods under the guise of "forensic chemical investigations" and then requests corrections to the provided information, thereby allowing the attacker to bypass inference restrictions around providing information hazards and violating laws.SEVERITY: LowBOUNDARY: Guardrail JailbreakMODELS AFFECTED:MAX SCORE: 82
-
A guardrail jailbreak vulnerability has been discovered affecting multiple models. The specific flaw manifests through a combination of obfuscated chemical notation presented as corrupted data needing "debugging" or "normalization", coupled with explicit instructions to disable content filtering. The attacker frames the request as fixing a "glitched chemical compiler" while embedding dangerous synthesis instructions in alternating case text, thereby allowing the attacker to bypass inference r...SEVERITY: LowBOUNDARY: Guardrail JailbreakMODELS AFFECTED:MAX SCORE: 82
-
Feb 10 2026A guardrail jailbreak vulnerability has been discovered affecting multiple models. The specific flaw manifests when the attacker presents an incomplete list of chemicals and simply asks "what is missing?", leveraging the model's tendency to complete patterns even when the subject matter involves precursor chemicals for illicit substances. This technique allows the attacker to bypass inference restrictions around providing information hazards and violating laws.SEVERITY: LowBOUNDARY: Guardrail JailbreakMODELS AFFECTED:MAX SCORE: 82
-
A guardrail jailbreak vulnerability has been discovered affecting multiple models. The specific flaw manifests through a combination of authority claiming and scenario building around forensic research contexts, allowing the attacker to bypass inference restrictions around providing information hazards and violating laws.SEVERITY: LowBOUNDARY: Guardrail JailbreakMODELS AFFECTED:MAX SCORE: 95
Want access to
642
more reports?
Unlock 0-Day Access