AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
1,604
AI/ML CVEs Tracked
225
Critical
79
New This Week
16
In CISA KEV
Latest AI Security Threats
Showing 20 of 160 results — Critical severity, Active exploitation Severity CVE ID Summary CVSS EPSS Package Date
CRIT E CVE-2026-41276 Flowise is a drag & drop user interface to build... 9.8 0.2% flowise Apr 23 CRIT E CVE-2026-41268 Flowise is a drag & drop user interface to build... 9.8 0.7% flowise Apr 23 CRIT E CVE-2026-41267 Flowise is a drag & drop user interface to build... 9.8 0.3% flowise Apr 23 CRIT E CVE-2026-41265 Flowise is a drag & drop user interface to build... 9.8 0.2% flowise Apr 23 CRIT E CVE-2026-41264 Flowise: CSV Agent Prompt Injection Remote Code... 9.8 0.3% flowise-components Apr 21 CRIT E CVE-2026-40933 Flowise: RCE via MCP stdio command injection 9.9 0.0% flowise-components Apr 16 CRIT E CVE-2025-61260 OpenAI Codex CLI: RCE via malicious MCP config files 9.8 0.1% @openai/codex Apr 14 CRIT E CVE-2026-40157 PraisonAI: path traversal allows arbitrary file write via recipe unpack — 0.1% PraisonAI Apr 10 CRIT E CVE-2026-40154 PraisonAI: supply chain RCE via unverified template exec 9.3 0.0% PraisonAI Apr 10 CRIT E CVE-2026-1115 lollms: Stored XSS enables wormable account takeover 9.6 0.0% lollms Apr 10 CRIT E CVE-2026-40111 PraisonAI: RCE via shell injection in memory hooks executor — 0.0% praisonaiagents Apr 9 CRIT E CVE-2026-39890 PraisonAI: YAML deserialization enables unauthenticated RCE 9.8 0.5% praisonai Apr 8 CRIT E CVE-2026-35615 PraisonAI: path traversal exposes full filesystem via agent tools — 0.1% PraisonAI Apr 6 CRIT E CVE-2026-39305 PraisonAI: path traversal enables arbitrary file write/RCE 9.0 0.1% PraisonAI Apr 6 CRIT E CVE-2026-35022 Claude Code: OS command injection, credential theft 9.8 0.5% — Apr 6 CRIT E CVE-2026-35216 Budibase: Unauthenticated RCE as root via webhook 9.1 0.6% — Apr 4 CRIT E CVE-2026-0545 MLflow: auth bypass in job API enables unauthenticated RCE 9.1 5.5% mlflow Apr 3 CRIT E CVE-2026-34938 praisonaiagents: sandbox bypass enables full host RCE 10.0 0.0% praisonaiagents Apr 1 CRIT E CVE-2026-0596 MLflow: command injection via model_uri in mlserver mode 9.6 0.2% — Mar 31 CRIT E CVE-2025-15379 MLflow: RCE via unsanitized model dependency specs 10.0 0.2% mlflow Mar 30 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial