AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

New This Week

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited

Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 910 results — Active exploitation

MEDIUM EXPLOIT AVAIL

praisonaiagents: glob traversal leaks filesystem metadata

Data Extraction Privacy Violation Agent Plugin

praisonaiagents Patch: 1.5.128 CWE-22 11 5 ATLAS

HIGH EXPLOIT AVAIL

praisonaiagents: env var expansion exposes production secrets

Data Extraction Prompt Injection Data Leakage Agent Plugin

praisonaiagents Patch: 1.5.128 CWE-526 11 5 ATLAS

MEDIUM EXPLOIT AVAIL

PraisonAI: unauthenticated agent config and system prompt disclosure

Data Extraction Auth Bypass Agent API

PraisonAI Patch: 4.5.128 CWE-200 1 6 ATLAS

HIGH EXPLOIT AVAIL

PraisonAI: auth bypass disables agent safety controls

Auth Bypass Code Execution Agent Framework

PraisonAI Patch: 4.5.128 CWE-306 1 4 ATLAS

MEDIUM EXPLOIT AVAIL

PraisonAI: unbounded body read enables local DoS

DoS Auth Bypass Agent Framework

PraisonAI Patch: 4.5.128 CWE-770 1 3 ATLAS

HIGH EXPLOIT AVAIL

LiteLLM: RCE via bytecode rewriting in guardrails API

Code Execution Data Extraction Inference Framework API

litellm CWE-420 4 4 ATLAS

CRITICAL EXPLOIT AVAIL

lollms: Stored XSS enables wormable account takeover

Code Execution Auth Bypass Data Extraction Framework API

lollms Patch: 2.2.0 CWE-79 5 ATLAS

MEDIUM EXPLOIT AVAIL

OpenClaw: SSRF via web-fetch enables internal network pivot

Data Extraction Privacy Violation Agent Plugin

openclaw Patch: 2026.1.29 CWE-918 4 4 ATLAS 1 incident

HIGH EXPLOIT AVAIL

PraisonAIAgents: SSRF exposes cloud metadata via web_crawl

Data Extraction Prompt Injection Privacy Violation Agent Plugin

praisonaiagents Patch: 1.5.128 CWE-918 11 5 ATLAS

MEDIUM EXPLOIT AVAIL

PraisonAI: arbitrary file read via unguarded skill tool

Prompt Injection Data Extraction Data Leakage Agent Plugin

praisonaiagents Patch: 1.5.128 CWE-862 11 5 ATLAS

HIGH EXPLOIT AVAIL

PraisonAI: unauth WebSocket drains OpenAI API credits

Auth Bypass DoS Agent API

praisonai CWE-770 1 5 ATLAS

HIGH EXPLOIT AVAIL

PraisonAI: arg injection injects env vars into Cloud Run

Code Execution Supply Chain Auth Bypass Agent Framework

praisonai CWE-88 1 4 ATLAS

MEDIUM EXPLOIT AVAIL

PraisonAI: XSS via no-op HTML sanitizer in agent output

Prompt Injection Code Execution Data Extraction Agent Framework RAG

praisonai CWE-79 1 4 ATLAS

CRITICAL EXPLOIT AVAIL

PraisonAI: RCE via shell injection in memory hooks executor

CVE-2026-40111

EPSS 0.0%

4w ago

Code Execution Prompt Injection Agent Framework

praisonaiagents Patch: 1.5.128 CWE-78 11 5 ATLAS

MEDIUM EXPLOIT AVAIL

openai-realtime-ui: SSRF in API proxy endpoint

Data Extraction Auth Bypass API

CWE-918 3 ATLAS

HIGH EXPLOIT AVAIL

praisonai: SSTI enables RCE via agent instructions

Code Execution Prompt Injection Data Extraction Agent Framework Plugin

praisonai Patch: 4.5.115 CWE-94 1 5 ATLAS

CRITICAL EXPLOIT AVAIL

PraisonAI: YAML deserialization enables unauthenticated RCE

Code Execution Supply Chain Agent Framework

praisonai Patch: 4.5.115 CWE-502 1 5 ATLAS

MEDIUM EXPLOIT AVAIL

LobeChat: auth bypass via forged XOR obfuscated header

Auth Bypass Data Extraction DoS API Inference

@lobehub/lobehub Patch: 2.1.48 CWE-287 3.5K 5 ATLAS

MEDIUM EXPLOIT AVAIL

lollms: sessions persist after password reset

Auth Bypass Data Extraction API Agent

lollms CWE-613 3 ATLAS

HIGH EXPLOIT AVAIL

text-generation-webui: unauthenticated path traversal file read

Data Extraction Auth Bypass Inference Framework

gradio CWE-22 674 3 ATLAS

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial

AI Security Threat Feed

Weekly CISO Take + top threats

Latest AI Security Threats

Need deeper analysis?