AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
AI/ML CVEs Tracked
Critical
New This Week
In CISA KEV
Latest AI Security Threats
Showing 20 of 1625 resultsopenclaw: insufficient authz allows agent config persistence
GHSA-f3h5-h452-vp3j openclaw: CDP relay exposes browser DevTools on 0.0.0.0
GHSA-525j-hqq2-66r4 openclaw: trust bypass loads untrusted workspace plugins
GHSA-82qx-6vj7-p8m2 openclaw: path traversal bypasses workspace filesystem guard
GHSA-jf25-7968-h2h5 openclaw: Browser SSRF exposes internal services by default
GHSA-53vx-pmqw-863c openclaw: DNS rebinding bypasses browser SSRF protection
GHSA-xq94-r468-qwgj openclaw: QQBot SSRF leaks internal service responses
GHSA-2767-2q9v-9326 openclaw: .env injection hijacks agent runtime config
GHSA-7wv4-cc7p-jhxc openclaw: path traversal bypasses media sandbox
GHSA-c9h3-5p7r-mrjh openclaw: auth bypass via empty approver list
GHSA-49cg-279w-m73x openclaw: trust escalation via unsanitized agent hook events
GHSA-7g8c-cfr3-vqqr openclaw: env denylist bypass enables code exec in agents
GHSA-vfp4-8x56-j7c5 openclaw: OS command injection via shell env-argv bypass
GHSA-j6c7-3h5x-99g9 openclaw: auth bypass enables persistent memory config change
GHSA-5gjc-grvm-m88j openclaw: auth bypass in Teams SSO invoke handler
GHSA-gc9r-867r-j85f openclaw: group policy bypass in delivery queue recovery
GHSA-r77c-2cmr-7p47 openclaw: privilege retention via async exec completion miss
GHSA-g375-h3v6-4873 openclaw: WebSocket DoS via oversized frame ingestion
GHSA-vw3h-q6xq-jjm5 openclaw: auth bypass preserves owner-level agent execution
GHSA-g2hm-779g-vm32 openclaw: SSRF bypass exposes internal pages in browser tool
GHSA-c4qm-58hj-j6pj Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial