AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

New This Week

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited

Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 144 results — Active exploitation, has patch

HIGH EXPLOIT AVAIL

PraisonAI: auth bypass disables agent safety controls

Auth Bypass Code Execution Agent Framework

PraisonAI Patch: 4.5.128 CWE-306 1 4 ATLAS

MEDIUM EXPLOIT AVAIL

PraisonAI: unbounded body read enables local DoS

DoS Auth Bypass Agent Framework

PraisonAI Patch: 4.5.128 CWE-770 1 3 ATLAS

CRITICAL EXPLOIT AVAIL

lollms: Stored XSS enables wormable account takeover

Code Execution Auth Bypass Data Extraction Framework API

lollms Patch: 2.2.0 CWE-79 5 ATLAS

MEDIUM EXPLOIT AVAIL

OpenClaw: SSRF via web-fetch enables internal network pivot

Data Extraction Privacy Violation Agent Plugin

openclaw Patch: 2026.1.29 CWE-918 4 4 ATLAS 1 incident

HIGH EXPLOIT AVAIL

PraisonAIAgents: SSRF exposes cloud metadata via web_crawl

Data Extraction Prompt Injection Privacy Violation Agent Plugin

praisonaiagents Patch: 1.5.128 CWE-918 11 5 ATLAS

MEDIUM EXPLOIT AVAIL

PraisonAI: arbitrary file read via unguarded skill tool

Prompt Injection Data Extraction Data Leakage Agent Plugin

praisonaiagents Patch: 1.5.128 CWE-862 11 5 ATLAS

CRITICAL EXPLOIT AVAIL

PraisonAI: RCE via shell injection in memory hooks executor

CVE-2026-40111

EPSS 0.0%

4w ago

Code Execution Prompt Injection Agent Framework

praisonaiagents Patch: 1.5.128 CWE-78 11 5 ATLAS

HIGH EXPLOIT AVAIL

praisonai: SSTI enables RCE via agent instructions

Code Execution Prompt Injection Data Extraction Agent Framework Plugin

praisonai Patch: 4.5.115 CWE-94 1 5 ATLAS

CRITICAL EXPLOIT AVAIL

PraisonAI: YAML deserialization enables unauthenticated RCE

Code Execution Supply Chain Agent Framework

praisonai Patch: 4.5.115 CWE-502 1 5 ATLAS

MEDIUM EXPLOIT AVAIL

LobeChat: auth bypass via forged XOR obfuscated header

Auth Bypass Data Extraction DoS API Inference

@lobehub/lobehub Patch: 2.1.48 CWE-287 3.5K 5 ATLAS

MEDIUM EXPLOIT AVAIL

MLflow: stored XSS via MLmodel YAML artifact upload

CVE-2026-33865

EPSS 0.0%

1mo ago

Code Execution Auth Bypass Data Extraction Framework Model

mlflow Patch: 3.11.1 CWE-79 624 4 ATLAS

MEDIUM EXPLOIT AVAIL

HuggingFace Transformers: RCE via malicious checkpoint load

Code Execution Supply Chain Framework Training Data

transformers Patch: 5.0.0rc3 CWE-502 7.8K 3 ATLAS

CRITICAL EXPLOIT AVAIL

PraisonAI: path traversal exposes full filesystem via agent tools

CVE-2026-35615

EPSS 0.1%

1mo ago

Data Extraction Code Execution Agent Framework

PraisonAI Patch: 1.5.113 CWE-22 1 5 ATLAS

HIGH EXPLOIT AVAIL

PraisonAI: recipe registry path traversal file write

Supply Chain Code Execution Agent Framework

PraisonAI Patch: 4.5.113 CWE-22 1 4 ATLAS

HIGH EXPLOIT AVAIL

PraisonAI: recipe path traversal allows arbitrary file write

Supply Chain Code Execution Agent Framework

PraisonAI Patch: 4.5.113 CWE-22 1 6 ATLAS

CRITICAL EXPLOIT AVAIL

PraisonAI: path traversal enables arbitrary file write/RCE

Code Execution Prompt Injection Supply Chain Agent Framework

PraisonAI Patch: 4.5.113 1 5 ATLAS

HIGH EXPLOIT AVAIL

PraisonAI: Zip Slip enables arbitrary file write / RCE

Supply Chain Code Execution Agent Framework

PraisonAI Patch: 4.5.113 CWE-23 1 5 ATLAS

HIGH EXPLOIT AVAIL

BentoML: malicious bento archive RCE via Jinja2 SSTI

Supply Chain Code Execution Framework

bentoml Patch: 1.4.38 CWE-1336 22 5 ATLAS

HIGH EXPLOIT AVAIL

BentoML: cmd injection RCE on cloud build infra

Supply Chain Code Execution Framework

bentoml Patch: 1.4.38 CWE-78 22 5 ATLAS

UNKNOWN EXPLOIT AVAIL

LiteLLM: auth bypass allows RCE and full takeover

CVE-2026-35029

EPSS 14.9%

1mo ago

Auth Bypass Code Execution Data Extraction Framework API Inference

litellm Patch: 1.83.0 CWE-863 4 6 ATLAS

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial

AI Security Threat Feed

Weekly CISO Take + top threats

Latest AI Security Threats

Need deeper analysis?