AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
AI/ML CVEs Tracked
Critical
New This Week
In CISA KEV
Latest AI Security Threats
Showing 20 of 1625 resultsOpenClaw: path traversal → host file exfiltration via QQ Bot
GHSA-846p-hgpv-vphc openclaw: path traversal enables remote dir overwrite
GHSA-m34q-h93w-vg5x OpenClaw: cross-account webhook event suppression
GHSA-fqrj-m88p-qf3v OpenClaw: pairing DoS blocks account onboarding
GHSA-wwfp-w96m-c6x8 OpenClaw: pre-auth signature bypass enables pairing DoS
GHSA-h43v-27wg-5mf9 OpenClaw: exec allowlist bypass via shell init-file options
GHSA-wpc6-37g7-8q4w openclaw: sandbox escape via mirror mode hook execution
GHSA-42mx-vp8m-j7qh openclaw: operator.write escalates to admin Telegram config + cron
GHSA-767m-xrhc-fxm7 openclaw: auth bypass exposes agent session visibility
GHSA-fwjq-xwfj-gv75 openclaw: privilege escalation to admin voice config persistence
GHSA-3q42-xmxv-9vfr openclaw: env var injection via workspace config
GHSA-vfw7-6rhc-6xxg openclaw: SSRF in marketplace plugin download
GHSA-vjx8-8p7h-82gr openclaw: media download bypass exhausts disk storage
GHSA-4g5x-2jfc-xm98 openclaw: operator scope bypass in phone arm/disarm cmds
GHSA-h2v7-xc88-xx8c text-generation-webui: unauthenticated path traversal file read
CVE-2026-35485 MLflow: auth bypass exposes model artifacts across experiments
CVE-2026-33866 MLflow: stored XSS via MLmodel YAML artifact upload
CVE-2026-33865 HuggingFace Transformers: RCE via malicious checkpoint load
CVE-2026-1839 PraisonAI: path traversal exposes full filesystem via agent tools
CVE-2026-35615 PraisonAI: recipe registry path traversal file write
CVE-2026-39308 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial