AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
AI/ML CVEs Tracked
Critical
New This Week
In CISA KEV
Latest AI Security Threats
Showing 20 of 1625 resultsLiteLLM: RCE via bytecode rewriting in guardrails API
CVE-2026-40217 lollms: Stored XSS enables wormable account takeover
CVE-2026-1115 OpenClaw: SSRF via web-fetch enables internal network pivot
CVE-2026-6011 PraisonAIAgents: SSRF exposes cloud metadata via web_crawl
CVE-2026-40150 PraisonAI: arbitrary file read via unguarded skill tool
CVE-2026-40117 PraisonAI: unauth WebSocket drains OpenAI API credits
CVE-2026-40116 PraisonAI: arg injection injects env vars into Cloud Run
CVE-2026-40113 PraisonAI: XSS via no-op HTML sanitizer in agent output
CVE-2026-40112 PraisonAI: RCE via shell injection in memory hooks executor
CVE-2026-40111 openclaw: git env var injection enables host redirect
GHSA-cm8v-2vh9-cxf3 LangChain: template injection leaks object attributes
CVE-2026-40087 openclaw: base64 pre-alloc bypass causes resource exhaustion
GHSA-ccx3-fw7q-rr2r openclaw: no integrity check on ClawHub plugin installs
GHSA-3vvq-q2qc-7rmp OpenClaw: unsafe body replay on cross-origin redirect
GHSA-qx8j-g322-qj6m openclaw: env var injection enables host exec hijacking
GHSA-w9j9-w4cp-6wgr OpenClaw: SSRF bypass via Playwright redirect handling
GHSA-w8g9-x8gx-crmm OpenClaw: gateway auth expands read to write privilege
GHSA-4f8g-77mw-3rxc OpenClaw: SSRF bypass via interaction-triggered navigation
GHSA-vr5g-mmx7-h897 OpenClaw: scope misconfiguration enables unauthorized node pairing
GHSA-67mf-f936-ppxf OpenClaw: local file read bypasses workspace policy
GHSA-5fc7-f62m-8983 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial