AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
AI/ML CVEs Tracked
Critical
New This Week
In CISA KEV
Latest AI Security Threats
Showing 20 of 1625 resultspraisonai: SSTI enables RCE via agent instructions
CVE-2026-39891 PraisonAI: unauth A2U stream leaks all agent activity
CVE-2026-39889 praisonaiagents: sandbox escape enables host RCE
CVE-2026-39888 PraisonAI: YAML deserialization enables unauthenticated RCE
CVE-2026-39890 LobeChat: auth bypass via forged XOR obfuscated header
CVE-2026-39411 lollms: sessions persist after password reset
CVE-2026-1163 Langflow: deserialization RCE via FAISS component default
CVE-2026-3357 openclaw-claude-bridge: sandbox bypass exposes CLI tools
CVE-2026-39398 LiteLLM: auth bypass chain enables full privilege escalation
GHSA-69x8-hrgq-fjj8 MONAI: pickle deserialization RCE in Auto3DSeg
GHSA-89gg-p5r5-q6r4 OpenClaw: cleartext WebSocket exposes gateway credentials
GHSA-83f3-hh45-vfw9 openclaw: timing side-channel leaks shared-secret length
GHSA-jj6q-rrrf-h66h OpenClaw: Zalo webhook dedup collision silently drops events
GHSA-rxmx-g7hr-8mx4 OpenClaw: CDP host bypass exposes localhost browser state
GHSA-fh32-73r9-rgh5 openclaw: script swap bypasses pnpm dlx approval
GHSA-w6wx-jq6j-6mcj OpenClaw: approval bypass via env key normalization gap
GHSA-98ch-45wp-ch47 OpenClaw: info disclosure exposes host filesystem paths
GHSA-2f7j-rp58-mr42 OpenClaw: untrusted plugin RCE via workspace channel setup
GHSA-2qrv-rc5x-2g2h OpenClaw: read-only scope bypass kills agent sessions
GHSA-5hff-46vh-rxmw openclaw: iOS bridge bypass enables unauthorized agent runs
GHSA-4p4f-fc8q-84m3 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial