AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

New This Week

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited

Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 684 results — High severity

HIGH EXPLOIT AVAIL

Flowise: mass assignment enables cross-workspace IDOR

Auth Bypass Data Extraction Model Poisoning Agent RAG Framework

flowise CWE-284 4 ATLAS

HIGH EXPLOIT AVAIL

Flowise: HTTP password reset link allows MITM takeover

Auth Bypass Data Extraction Agent Framework

flowise CWE-319 4 ATLAS

HIGH EXPLOIT AVAIL

Flowise: auth bypass exposes OAuth 2.0 tokens

Auth Bypass Data Extraction Agent Framework

flowise CWE-306 5 ATLAS

HIGH EXPLOIT AVAIL

Flowise: SSRF bypass via DNS rebinding exposes internal networks

Auth Bypass Data Extraction Agent Framework

flowise 5 ATLAS

HIGH EXPLOIT AVAIL

Flowise: SSRF via prompt template injection in API Chain

Prompt Injection Data Extraction Agent Framework

flowise CWE-918 5 ATLAS

HIGH EXPLOIT AVAIL

Flowise: SSRF bypass exposes cloud metadata services

Auth Bypass Data Extraction Privacy Violation Framework Agent Plugin

flowise CWE-284 5 ATLAS

HIGH EXPLOIT AVAIL

Flowise: unrestricted file upload enables persistent RCE

Code Execution Auth Bypass Data Extraction Agent Framework

flowise CWE-434 6 ATLAS

HIGH EXPLOIT AVAIL

Flowise: unauthenticated API key exposure via chatbot config

Auth Bypass Data Extraction Data Leakage Agent Framework API

flowise CWE-200 6 ATLAS

HIGH EXPLOIT AVAIL

Flowise: RCE via unsanitized input in AirtableAgent

Code Execution Prompt Injection Agent Framework

flowise CWE-94 4 ATLAS

HIGH EXPLOIT AVAIL

Flowise: RCE via CSVAgent unsanitized code injection

Code Execution Data Extraction Agent Framework

flowise 4 ATLAS

HIGH

engramx: CSRF injects persistent prompts into AI agents

GHSA-2r2p-4cgf-hv7h

2w ago

Prompt Injection Data Extraction Auth Bypass Agent Plugin

CWE-306 5 ATLAS

HIGH

InstructLab: RCE via hardcoded trust_remote_code flag

Supply Chain Code Execution Model Training Data

CWE-829 5 ATLAS

HIGH

Claude Code: sandbox escape via symlink allows arbitrary write

CVE-2026-39861

EPSS 0.2%

2w ago

Code Execution Prompt Injection Auth Bypass Agent

@anthropic-ai/claude-code Patch: 2.1.64 CWE-22 5 ATLAS

HIGH EXPLOIT AVAIL

Langflow: unauthenticated file upload allows RCE

Code Execution Auth Bypass Framework Agent

langflow-base Patch: 1.9.1 CWE-284 4 ATLAS

HIGH

openclaw: path traversal leaks files and NTLM credentials

GHSA-mr34-9552-qr95

3w ago

Data Extraction Data Leakage Agent Plugin

openclaw Patch: 2026.4.15 CWE-22 4 4 ATLAS 1 incident

HIGH

OpenClaw: auth bypass lets DM senders run room commands

GHSA-2gvc-4f3c-2855

3w ago

Auth Bypass Code Execution Agent

openclaw Patch: 2026.4.15 CWE-863 4 3 ATLAS 1 incident

HIGH

OpenClaw: stale bearer token survives SecretRef rotation

GHSA-xmxx-7p24-h892

3w ago

Auth Bypass Agent API

openclaw Patch: 2026.4.15 CWE-324 4 3 ATLAS 1 incident

HIGH

PraisonAI: SQL injection across 9 DB backends

GHSA-rg3h-x3jw-7jm5

8.1

3w ago

Data Extraction Code Execution Data Leakage Framework Agent

praisonaiagents Patch: 1.6.8 CWE-89 11 4 ATLAS

HIGH

openclaw: path traversal exposes host files via media tags

GHSA-66r7-m7xm-v49h

3w ago

Data Extraction Data Leakage Privacy Violation Agent

openclaw Patch: 2026.4.10 CWE-22 4 4 ATLAS 1 incident

HIGH

openclaw: exec approval bypass via opaque multi-call binaries

GHSA-2cq5-mf3v-mx44

3w ago

Auth Bypass Code Execution Supply Chain Agent Plugin

openclaw Patch: 2026.4.12 CWE-863 4 5 ATLAS 1 incident

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial

AI Security Threat Feed

Weekly CISO Take + top threats

Latest AI Security Threats

Need deeper analysis?