AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
AI/ML CVEs Tracked
Critical
New This Week
In CISA KEV
Latest AI Security Threats
Showing 20 of 29 results — Critical severity, Active exploitation, has patchFlowise: CSV Agent Prompt Injection Remote Code Execution Vulnerability
CVE-2026-41264 Flowise: RCE via MCP stdio command injection
CVE-2026-40933 PraisonAI: path traversal allows arbitrary file write via recipe unpack
CVE-2026-40157 PraisonAI: supply chain RCE via unverified template exec
CVE-2026-40154 lollms: Stored XSS enables wormable account takeover
CVE-2026-1115 PraisonAI: RCE via shell injection in memory hooks executor
CVE-2026-40111 PraisonAI: YAML deserialization enables unauthenticated RCE
CVE-2026-39890 PraisonAI: path traversal exposes full filesystem via agent tools
CVE-2026-35615 PraisonAI: path traversal enables arbitrary file write/RCE
CVE-2026-39305 praisonaiagents: sandbox bypass enables full host RCE
CVE-2026-34938 MLflow: RCE via unsanitized model dependency specs
CVE-2025-15379 MLflow: path traversal enables sandbox escape, file overwrite
CVE-2025-15036 langflow: Path Traversal enables file access
CVE-2026-33309 mlflow: Path Traversal enables file access
CVE-2025-15031 mcp-atlassian: Path Traversal enables file access
CVE-2026-27825 ray: Code Injection enables RCE
CVE-2025-62593 keras: Path Traversal enables file access
CVE-2025-12060 keras: Deserialization enables RCE
CVE-2025-49655 ExecuTorch: OOB read in model loader enables RCE
CVE-2025-54950 llama_index: SQL injection in vector store integrations
CVE-2025-1793 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial