AI Threat Alert
Attack Type
Auth Bypass
Authentication bypass vulnerabilities in AI platforms allow attackers to access protected APIs, model endpoints, or admin interfaces without valid credentials.
308
Total CVEs
16
Pages
Page 2 of 16
Current
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| CRITICAL | CVE-2023-3686 | QuickAI: unauthenticated SQLi exposes OpenAI API keys | quickai_openai | 9.8 |
| MEDIUM | CVE-2024-0451 | wpbot: missing auth exposes OpenAI account files | wpbot | 5.0 |
| HIGH | CVE-2024-0452 | WordPress AI ChatBot: auth bypass enables OpenAI file upload | wpbot | 7.7 |
| HIGH | CVE-2024-0453 | WordPress ChatBot: missing authz deletes OpenAI files | wpbot | 7.7 |
| MEDIUM | CVE-2024-4858 | WP Testimonial Carousel: OpenAI API key hijack, no auth | 5.3 | |
| HIGH | CVE-2024-6587 | LiteLLM: SSRF leaks OpenAI API key to attacker | litellm | 7.5 |
| MEDIUM | CVE-2024-6845 | ChatGPT WP Plugin: OpenAI API key leak via unauth REST | 5.3 | |
| HIGH | CVE-2024-7714 | AYS ChatGPT WP Plugin: auth bypass disables AI service | 7.5 | |
| CRITICAL | CVE-2024-52384 | Sage AI Plugin: unrestricted upload → web shell RCE | 9.9 | |
| HIGH | CVE-2024-32965 | Lobe Chat: pre-auth SSRF leaks OpenAI API keys | 8.6 | |
| UNKNOWN | CVE-2024-56516 | free-one-api: MD5 hashing allows credential cracking | - | |
| MEDIUM | CVE-2024-13698 | Jobify WP: missing authz allows OpenAI key abuse, SSRF | 6.5 | |
| UNKNOWN | CVE-2024-11037 | gpt_academic: path traversal exposes LLM API keys | gpt_academic | - |
| UNKNOWN | CVE-2024-12775 | Dify: SSRF via custom tool URL enables credential theft | - | |
| HIGH | CVE-2024-7959 | Open-WebUI: SSRF via unchecked OpenAI URL leaks internal secrets | open-webui | 7.7 |
| MEDIUM | CVE-2025-31843 | OpenAI WP Plugin: broken access control on AI settings | 4.3 | |
| HIGH | CVE-2025-5018 | Hive Support WP: OpenAI key theft + prompt hijack | 7.1 | |
| MEDIUM | CVE-2025-7780 | WordPress AI Engine: SSRF leaks files via OpenAI API | 6.5 | |
| MEDIUM | CVE-2025-54558 | OpenAI Codex CLI: sandbox bypass via ripgrep flag abuse | 4.1 | |
| CRITICAL | CVE-2025-53767 | Azure OpenAI: SSRF EoP, no auth required (CVSS 10) | azure_openai | 10.0 |