AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
AI/ML CVEs Tracked
Critical
New This Week
In CISA KEV
Latest AI Security Threats
Showing 20 of 435 results — High severity, Active exploitationMarked Vulnerable to OOM Denial of Service via Infinite Recursion in marked Tokenizer
CVE-2026-41680 Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the text-to-speech generation endpoint (POST...
CVE-2026-41279 Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the GET /api/v1/public-chatflows/:id endpoint returns...
CVE-2026-41278 Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Mass Assignment vulnerability in the DocumentStore...
CVE-2026-41277 Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the password reset functionality on...
CVE-2026-41275 Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, Flowise contains an authentication bypass...
CVE-2026-41273 Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the core security wrappers (secureAxiosRequest and...
CVE-2026-41272 Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Server-Side Request Forgery (SSRF) vulnerability...
CVE-2026-41271 Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Server-Side Request Forgery (SSRF) protection bypass...
CVE-2026-41270 Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the Chatflow configuration file upload settings can be...
CVE-2026-41269 Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, /api/v1/public-chatbotConfig/:id ep exposes sensitive...
CVE-2026-41266 Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, there is a remote code execution vulnerability in...
CVE-2026-41138 Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, The CSVAgent allows providing a custom Pandas CSV read...
CVE-2026-41137 A security flaw has been discovered in langflow-ai langflow up to 1.1.0. This issue affects the function create_upload_file of the file...
CVE-2026-6596 Keras: safe_mode bypass allows RCE via model deserialization
CVE-2026-1462 PraisonAI: unauthenticated SSRF via unvalidated webhook_url
CVE-2026-40114 praisonaiagents: SSRF in web_crawl exposes cloud metadata
CVE-2026-40160 PraisonAI: auto tools.py load enables local RCE
CVE-2026-40156 PraisonAI: AST sandbox bypass enables host RCE
CVE-2026-40158 praisonaiagents: env var expansion exposes production secrets
CVE-2026-40153 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial