AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
AI/ML CVEs Tracked
Critical
New This Week
In CISA KEV
Latest AI Security Threats
Showing 20 of 360 results — High severity, Active exploitation, no patchFlowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the text-to-speech generation endpoint (POST...
CVE-2026-41279 Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the GET /api/v1/public-chatflows/:id endpoint returns...
CVE-2026-41278 Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Mass Assignment vulnerability in the DocumentStore...
CVE-2026-41277 Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the password reset functionality on...
CVE-2026-41275 Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, Flowise contains an authentication bypass...
CVE-2026-41273 Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the core security wrappers (secureAxiosRequest and...
CVE-2026-41272 Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Server-Side Request Forgery (SSRF) vulnerability...
CVE-2026-41271 Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Server-Side Request Forgery (SSRF) protection bypass...
CVE-2026-41270 Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the Chatflow configuration file upload settings can be...
CVE-2026-41269 Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, /api/v1/public-chatbotConfig/:id ep exposes sensitive...
CVE-2026-41266 Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, there is a remote code execution vulnerability in...
CVE-2026-41138 Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, The CSVAgent allows providing a custom Pandas CSV read...
CVE-2026-41137 LiteLLM: RCE via bytecode rewriting in guardrails API
CVE-2026-40217 PraisonAI: unauth WebSocket drains OpenAI API credits
CVE-2026-40116 PraisonAI: arg injection injects env vars into Cloud Run
CVE-2026-40113 text-generation-webui: unauthenticated path traversal file read
CVE-2026-35485 Claude Code CLI: shell injection enables RCE
CVE-2026-35021 Claude Code CLI: OS command injection via TERMINAL env
CVE-2026-35020 mobile-mcp: intent injection enables device control via AI agent
CVE-2026-35394 awesome-llm-apps MCP Agent: cross-session credential theft
CVE-2026-29872 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial