AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
AI/ML CVEs Tracked
Critical
New This Week
In CISA KEV
Latest AI Security Threats
Showing 20 of 199 results — High severity, has patchFlowise: SSRF bypass exposes cloud IAM credentials
GHSA-xhmj-rg95-44hv Flowise: MIME bypass enables persistent Node.js web shell RCE
GHSA-rh7v-6w34-w2rr Flowise: unauthenticated RCE via FILE-STORAGE bypass
GHSA-cvrr-qhgw-2mm6 Flowise: unauth API exposes plaintext API keys and tokens
GHSA-4jpm-cgx2-8h37 Flowise: Mass Assignment allows cross-tenant org takeover
GHSA-48m6-ch88-55mj Flowise: prompt injection RCE via AirtableAgent
GHSA-f228-chmx-v6j6 Keras: safe_mode bypass allows RCE via model deserialization
CVE-2026-1462 n8n-mcp: unauthenticated HTTP endpoints enable DoS + recon
GHSA-75hx-xj24-mqrw PraisonAI: untrusted tools.py import enables RCE
GHSA-g985-wjh9-qxxc PraisonAI: unauthenticated SSRF via unvalidated webhook_url
CVE-2026-40114 praisonaiagents: SSRF in web_crawl exposes cloud metadata
CVE-2026-40160 praisonaiagents: CORS bypass enables silent agent RCE
GHSA-x462-jjpc-q4q4 PraisonAI: auto tools.py load enables local RCE
CVE-2026-40156 PraisonAI: hardcoded approval bypass enables RCE
GHSA-qwgj-rrpj-75xm PraisonAI: AST sandbox bypass enables host RCE
CVE-2026-40158 praisonaiagents: env var expansion exposes production secrets
CVE-2026-40153 PraisonAI: auth bypass disables agent safety controls
CVE-2026-40149 PraisonAIAgents: SSRF exposes cloud metadata via web_crawl
CVE-2026-40150 OpenClaw: unsafe body replay on cross-origin redirect
GHSA-qx8j-g322-qj6m openclaw: auth bypass enables exec escalation on reconnect
GHSA-5wj5-87vq-39xm Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial