AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
AI/ML CVEs Tracked
Critical
New This Week
In CISA KEV
Latest AI Security Threats
Showing 20 of 435 results — High severity, Active exploitationawesome-llm-apps MCP Agent: cross-session credential theft
CVE-2026-29872 langchain-core: path traversal exposes host secrets via prompt config
CVE-2026-34070 @mobilenext/mobile-mcp: path traversal via AI agent tool
CVE-2026-33989 MLflow: broken access control exposes experiment traces
CVE-2025-15381 Open WebUI: BOLA enables RAG poisoning via file overwrite
CVE-2026-28788 BentoML: command injection in bentofile.yaml containerize
CVE-2026-33744 langflow: Path Traversal enables file access
CVE-2026-33497 langflow: Access Control bypass enables privilege escalation
CVE-2026-33484 nltk: Path Traversal enables file access
CVE-2026-33236 deepdiff: DoS causes service disruption
CVE-2026-33155 mlflow: Code Injection enables RCE
CVE-2025-14287 Flowise: SSRF via HTTP Node exposes internal network
CVE-2026-31829 mcp-atlassian: SSRF allows internal network access
CVE-2026-27826 Flowise: header spoof auth bypass exposes admin API & creds
CVE-2026-30820 bentoml: security flaw enables exploitation
CVE-2026-27905 gradio: SSRF allows internal network access
CVE-2026-28416 gradio: security flaw enables exploitation
CVE-2026-28414 sillytavern: SSRF allows internal network access
CVE-2026-26286 pydantic-ai: SSRF allows internal network access
CVE-2026-25580 lollms: Access Control bypass enables privilege escalation
CVE-2026-1117 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial