AI Security Threat Feed

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, this vulnerability allows remote attackers to bypass...

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, Flowise is vulnerable to a critical unauthenticated...

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, an improper mass assignment (JSON injection)...

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the specific flaw exists within the run method of the...

Flowise: CSV Agent Prompt Injection Remote Code Execution Vulnerability

Flowise: RCE via MCP stdio command injection

OpenAI Codex CLI: RCE via malicious MCP config files

PraisonAI: path traversal allows arbitrary file write via recipe unpack

PraisonAI: supply chain RCE via unverified template exec

lollms: Stored XSS enables wormable account takeover

PraisonAI: RCE via shell injection in memory hooks executor

PraisonAI: YAML deserialization enables unauthenticated RCE

PraisonAI: path traversal exposes full filesystem via agent tools

PraisonAI: path traversal enables arbitrary file write/RCE

Claude Code: OS command injection, credential theft

Budibase: Unauthenticated RCE as root via webhook

MLflow: auth bypass in job API enables unauthenticated RCE

praisonaiagents: sandbox bypass enables full host RCE

MLflow: command injection via model_uri in mlserver mode

MLflow: RCE via unsanitized model dependency specs