AI Threat Alert
Attack Type
Auth Bypass
Authentication bypass vulnerabilities in AI platforms allow attackers to access protected APIs, model endpoints, or admin interfaces without valid credentials.
308
Total CVEs
16
Pages
Page 3 of 16
Current
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| CRITICAL | CVE-2025-59434 | Flowise Cloud: cross-tenant env var exposure leaks API keys | 9.6 | |
| MEDIUM | CVE-2025-60511 | Moodle: IDOR enables unauthorized data access | 4.3 | |
| MEDIUM | CVE-2025-12360 | Better: security flaw enables exploitation | 4.3 | |
| MEDIUM | CVE-2025-11972 | AI component: SQL Injection exposes database | 4.9 | |
| MEDIUM | CVE-2025-12732 | AI component: Info Disclosure leaks sensitive data | 4.3 | |
| MEDIUM | CVE-2025-13354 | taxopress: Missing Auth allows unauthorized operations | 4.3 | |
| MEDIUM | CVE-2025-13922 | AI component: SQL Injection exposes database | 6.5 | |
| MEDIUM | CVE-2025-14371 | AI component: Missing Auth allows unauthorized operations | 4.3 | |
| MEDIUM | CVE-2025-14980 | BetterDocs: Info Disclosure leaks sensitive data | 6.5 | |
| HIGH | CVE-2025-65098 | typebot: XSS enables session hijacking | 7.4 | |
| HIGH | CVE-2025-66404 | mcp-server-kubernetes: Command Injection enables RCE | 8.8 | |
| CRITICAL | CVE-2023-25823 | Gradio: hardcoded SSH key leaks via share=True demos | gradio | 9.8 |
| CRITICAL | CVE-2023-34239 | Gradio: path traversal + SSRF exposes model files & infra | gradio | 9.1 |
| HIGH | CVE-2025-23042 | Gradio: ACL bypass via path case manipulation | gradio | 7.5 |
| CRITICAL | CVE-2023-6014 | MLflow: auth bypass allows arbitrary account creation | mlflow | 9.8 |
| HIGH | CVE-2023-43472 | MLflow: unauth REST API leaks sensitive ML data | mlflow | 7.5 |
| MEDIUM | CVE-2023-6568 | MLflow: reflected XSS via Content-Type header injection | mlflow | 6.1 |
| HIGH | CVE-2024-1483 | MLflow: path traversal exposes arbitrary server files | mlflow | 7.5 |
| HIGH | CVE-2024-1560 | MLflow: path traversal allows arbitrary directory deletion | mlflow | 8.1 |
| HIGH | CVE-2024-1593 | MLflow: path traversal via ';' smuggling exposes files | mlflow | 7.5 |