AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
AI/ML CVEs Tracked
Critical
New This Week
In CISA KEV
Latest AI Security Threats
Showing 20 of 1625 resultsn8n: SQL injection in SeaTable node leaks restricted rows
CVE-2026-42229 n8n: MCP OAuth open redirect enables phishing
CVE-2026-42230 n8n: SQL injection in Oracle node allows data exfiltration
CVE-2026-42233 n8n: SQL injection in Snowflake/MySQL nodes bypasses fix
CVE-2026-42237 Ollama: path traversal + unsigned update = silent RCE
CVE-2026-42249 Ollama: silent auto-update bypasses signature check on Windows
CVE-2026-42248 vllm: uninitialized KV cache memory leaks inference data
CVE-2026-7141 Ollama: path traversal in tensor model transfer handler
CVE-2026-7020 openclaw: config guard bypass, persistent settings mutation
GHSA-7jm2-g593-4qrc openclaw: tool policy bypass via bundled MCP/LSP tools
GHSA-qrp5-gfw2-gxv4 OpenClaw: env injection exposes MiniMax API key
GHSA-h2vw-ph2c-jvwf openclaw: SSRF policy bypass in CDP browser profile creation
GHSA-j4c5-89f5-f3pm OpenClaw: auth bypass enables cross-device session hijack
GHSA-xrq9-jm7v-g9h7 openclaw: SSRF in QQBot media upload bypasses validation
GHSA-c4qg-j8jg-42q5 openclaw: env var injection via MCP stdio config
GHSA-mj59-h3q9-ghfh openclaw: trust-label bypass amplifies prompt injection
GHSA-57r2-h2wj-g887 openclaw: env namespace injection steers agent runtime
GHSA-hxvm-xjvf-93f3 openclaw: DM policy bypass via Feishu card-action callbacks
GHSA-72q8-jcmc-97wx OpenClaw: auth scope bypass exposes assistant-media files
GHSA-v8qf-fr4g-28p2 openclaw: session key auth bypass in webhook routing
GHSA-2xcp-x87w-q377 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial