AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
AI/ML CVEs Tracked
Critical
New This Week
In CISA KEV
Latest AI Security Threats
Showing 20 of 220 results — Medium severity, has patchpraisonaiagents: agent context leak + path traversal
GHSA-766v-q9x3-g744 LobeChat: auth bypass via forged XOR obfuscated header
CVE-2026-39411 OpenClaw: cleartext WebSocket exposes gateway credentials
GHSA-83f3-hh45-vfw9 openclaw: timing side-channel leaks shared-secret length
GHSA-jj6q-rrrf-h66h OpenClaw: Zalo webhook dedup collision silently drops events
GHSA-rxmx-g7hr-8mx4 OpenClaw: CDP host bypass exposes localhost browser state
GHSA-fh32-73r9-rgh5 openclaw: script swap bypasses pnpm dlx approval
GHSA-w6wx-jq6j-6mcj OpenClaw: approval bypass via env key normalization gap
GHSA-98ch-45wp-ch47 OpenClaw: info disclosure exposes host filesystem paths
GHSA-2f7j-rp58-mr42 OpenClaw: untrusted plugin RCE via workspace channel setup
GHSA-2qrv-rc5x-2g2h OpenClaw: read-only scope bypass kills agent sessions
GHSA-5hff-46vh-rxmw openclaw: iOS bridge bypass enables unauthorized agent runs
GHSA-4p4f-fc8q-84m3 OpenClaw: path traversal → host file exfiltration via QQ Bot
GHSA-846p-hgpv-vphc openclaw: path traversal enables remote dir overwrite
GHSA-m34q-h93w-vg5x OpenClaw: pairing DoS blocks account onboarding
GHSA-wwfp-w96m-c6x8 OpenClaw: pre-auth signature bypass enables pairing DoS
GHSA-h43v-27wg-5mf9 OpenClaw: exec allowlist bypass via shell init-file options
GHSA-wpc6-37g7-8q4w openclaw: sandbox escape via mirror mode hook execution
GHSA-42mx-vp8m-j7qh openclaw: auth bypass exposes agent session visibility
GHSA-fwjq-xwfj-gv75 openclaw: privilege escalation to admin voice config persistence
GHSA-3q42-xmxv-9vfr Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial