AI Security Threat Feed

Code Execution Auth Bypass Framework RAG Plugin

CWE-427 5 ATLAS

Data Extraction Model Poisoning Code Execution Framework RAG Model

mlflow: Path Traversal enables file access

mlflow Patch: 3.8.0rc0 CWE-22 624 11 ATLAS

google-cloud-aiplatform: XSS enables session hijacking

CVE-2026-2472

EPSS 0.1%

Code Execution Data Extraction Supply Chain Framework API

CWE-79 8 ATLAS

MEDIUM EXPLOIT AVAIL

ray: Missing Auth allows unauthenticated access

Auth Bypass DoS Framework Inference

ray Patch: 2.54.0 CWE-306 847 4 ATLAS

LOW

fickling: Allowlist Bypass evades input filtering

GHSA-83pf-v6qq-pwmr

Supply Chain Code Execution Data Extraction Framework Model Training Data

fickling Patch: 0.1.8 CWE-184 57 6 ATLAS

Prompt Injection Data Extraction Code Execution Agent

OpenClaw: prompt injection via unsanitized workspace path

openclaw CWE-77 4 5 ATLAS 1 incident

Code Execution Data Leakage Agent Plugin

OpenClaw: path traversal allows arbitrary file write

openclaw CWE-22 4 3 ATLAS 1 incident

Data Extraction Prompt Injection Privacy Violation Agent Plugin

OpenClaw: path traversal enables local file exfiltration

openclaw CWE-22 4 5 ATLAS 1 incident

Social Engineering Code Execution Agent

OpenClaw: UI deception enables arbitrary command execution

openclaw CWE-451 4 5 ATLAS 1 incident

HIGH EXPLOIT AVAIL

sillytavern: SSRF allows internal network access

Data Extraction Code Execution Social Engineering Framework RAG Agent

CWE-918 9 ATLAS

CRITICAL

semantic-kernel: Code Injection enables RCE

Code Execution Supply Chain Auth Bypass Framework Agent RAG

semantic-kernel Patch: 1.39.4 CWE-94 18 5 ATLAS

LOW EXPLOIT AVAIL

OpenClaw: indirect prompt injection via Slack metadata

Prompt Injection Data Extraction Agent Plugin

openclaw CWE-74 4 3 ATLAS 1 incident

Code Execution Auth Bypass DoS Framework RAG Model

ffmpeg: security flaw enables exploitation

5 ATLAS

picklescan: Allowlist Bypass evades input filtering

GHSA-97f8-7cmv-76j2

Code Execution Supply Chain Model Framework

picklescan Patch: 1.0.3 CWE-184 3 7 ATLAS

CRITICAL EXPLOIT AVAIL

smolagents: SSRF allows internal network access

Code Execution Data Extraction Auth Bypass Agent Framework Plugin

smolagents CWE-918 88 6 ATLAS

Data Extraction Code Execution Framework RAG API

keras: File Control enables path manipulation

keras CWE-73 1.5K 8 ATLAS

Data Extraction Framework RAG Agent

langchain_community: SSRF allows internal network access

langchain_community CWE-918 2.6K 8 ATLAS

LOW

langchain-core: SSRF allows internal network access

Data Extraction Framework RAG Agent

langchain_core CWE-918 2.6K 6 ATLAS