AI Security Threat Feed

Marked Vulnerable to OOM Denial of Service via Infinite Recursion in marked Tokenizer

A security flaw has been discovered in langflow-ai langflow up to 1.1.0. This issue affects the function create_upload_file of the file...

Keras: safe_mode bypass allows RCE via model deserialization

PraisonAI: unauthenticated SSRF via unvalidated webhook_url

praisonaiagents: SSRF in web_crawl exposes cloud metadata

PraisonAI: auto tools.py load enables local RCE

PraisonAI: AST sandbox bypass enables host RCE

praisonaiagents: env var expansion exposes production secrets

PraisonAI: auth bypass disables agent safety controls

PraisonAIAgents: SSRF exposes cloud metadata via web_crawl

praisonai: SSTI enables RCE via agent instructions

PraisonAI: recipe registry path traversal file write

PraisonAI: recipe path traversal allows arbitrary file write

PraisonAI: Zip Slip enables arbitrary file write / RCE

BentoML: malicious bento archive RCE via Jinja2 SSTI

BentoML: cmd injection RCE on cloud build infra

praisonaiagents: SSRF leaks cloud IAM credentials

PraisonAI: sandbox escape via shell=True blocklist bypass

PraisonAI: SSRF via api_base steals cloud IAM credentials

PraisonAI: OS command injection via run_python() shell escape