AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
AI/ML CVEs Tracked
Critical
New This Week
In CISA KEV
Latest AI Security Threats
Showing 20 of 570 results — Medium severityOpenClaw: SSRF in marketplace fetch hits internal AI infra
GHSA-9q7v-8mr7-g23p vLLM: audio downmix mismatch enables adversarial input
CVE-2026-34760 ONNX: symlink traversal reads host files via model loading
CVE-2026-34447 ONNX: hardlink path traversal leaks sensitive files
CVE-2026-34446 Anthropic SDK: TOCTOU symlink escape in async memory tool
CVE-2026-34452 anthropic-ai/sdk: memory tool path traversal escape
CVE-2026-34451 anthropic-sdk: insecure file perms expose agent memory
CVE-2026-34450 OpenClaw: HTTP scope bypass enables model enumeration
GHSA-68f8-9mhj-h2mp openclaw: webhook rate-limit bypass enables token brute-force
CVE-2026-35646 openclaw: unauthenticated webhook parsing enables DoS
CVE-2026-35640 openclaw: auth bypass exposes agent session history via HTTP
CVE-2026-35657 DOMPurify: mXSS bypass achieves XSS via parse-context switch
GHSA-h8r8-wccr-v5f2 n8n: stored XSS via malicious OAuth2 Authorization URL
GHSA-364x-8g5j-x2pr n8n: Stored XSS in Chat Trigger via CSS injection
GHSA-3c7f-5hgj-h279 n8n: stored XSS enables phishing via Form Node
GHSA-w673-8fjw-457c n8n: Stored XSS in Form Trigger enables phishing
GHSA-q4fm-pjq6-m63g smolagents: code injection via incomplete sandbox fix
CVE-2026-4963 open-webui: missing authz allows cross-KB file deletion
CVE-2026-29070 Open WebUI: path traversal leaks server filesystem path
CVE-2026-28786 Streamlit: SSRF leaks NTLMv2 creds via UNC path
CVE-2026-33682 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial