AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
AI/ML CVEs Tracked
Critical
New This Week
In CISA KEV
Latest AI Security Threats
Showing 20 of 512 results — has patchPraisonAI: SQL injection via table_prefix exposes DB
GHSA-x783-xp3g-mqhp PraisonAI: unauthenticated SSRF via unvalidated webhook_url
CVE-2026-40114 PraisonAI: tool approval bypass leaks env credentials
GHSA-ffp3-3562-8cv3 praisonaiagents: SSRF in web_crawl exposes cloud metadata
CVE-2026-40160 praisonaiagents: CORS bypass enables silent agent RCE
GHSA-x462-jjpc-q4q4 PraisonAI: MCP env inheritance exposes API keys
CVE-2026-40159 PraisonAI: path traversal allows arbitrary file write via recipe unpack
CVE-2026-40157 PraisonAI: auto tools.py load enables local RCE
CVE-2026-40156 PraisonAI: decompression bomb causes disk exhaustion
CVE-2026-40148 PraisonAI: supply chain RCE via unverified template exec
CVE-2026-40154 PraisonAI: hardcoded approval bypass enables RCE
GHSA-qwgj-rrpj-75xm PraisonAI: AST sandbox bypass enables host RCE
CVE-2026-40158 praisonaiagents: glob traversal leaks filesystem metadata
CVE-2026-40152 praisonaiagents: env var expansion exposes production secrets
CVE-2026-40153 PraisonAI: unauthenticated agent config and system prompt disclosure
CVE-2026-40151 PraisonAI: auth bypass disables agent safety controls
CVE-2026-40149 PraisonAI: unbounded body read enables local DoS
CVE-2026-40115 lollms: Stored XSS enables wormable account takeover
CVE-2026-1115 OpenClaw: SSRF via web-fetch enables internal network pivot
CVE-2026-6011 PraisonAIAgents: SSRF exposes cloud metadata via web_crawl
CVE-2026-40150 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial