AI Threat Alert
Attack Type
Auth Bypass
Authentication bypass vulnerabilities in AI platforms allow attackers to access protected APIs, model endpoints, or admin interfaces without valid credentials.
309
Total CVEs
16
Pages
Page 6 of 16
Current
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| HIGH | CVE-2024-47084 | Gradio: CORS bypass exposes local instances to credential theft | gradio | 8.3 |
| MEDIUM | CVE-2024-47164 | Gradio: path traversal bypasses directory access controls | gradio | 6.5 |
| MEDIUM | CVE-2024-47165 | Gradio: CORS null origin bypass leaks auth tokens | gradio | 5.4 |
| CRITICAL | CVE-2024-47167 | Gradio: unauthenticated SSRF in /queue/join, internal pivot | gradio | 9.8 |
| MEDIUM | CVE-2024-47168 | Gradio: monitoring endpoint bypass leaks app analytics | gradio | 4.3 |
| LOW | CVE-2024-47869 | Gradio: timing attack exposes analytics dashboard auth | gradio | 3.7 |
| HIGH | CVE-2024-47870 | Gradio: race condition enables backend URL hijacking | gradio | 8.1 |
| UNKNOWN | CVE-2024-10707 | ChuanhuChatGPT: path traversal exposes server files unauthed | chuanhuchatgpt | - |
| HIGH | CVE-2024-11030 | GPT Academic: SSRF via unsanitized HotReload plugin | gpt_academic | 7.5 |
| HIGH | CVE-2024-11031 | GPT Academic: SSRF in Markdown plugin leaks credentials | gpt_academic | 7.5 |
| MEDIUM | CVE-2024-12217 | Gradio: NTFS ADS bypass exposes blocked file paths | gradio | 5.3 |
| MEDIUM | CVE-2024-8021 | Gradio: open redirect exposes AI demo users to phishing | gradio | 6.1 |
| LOW | CVE-2025-5320 | Gradio: CORS origin bypass in ML UI handler | gradio | 3.7 |
| CRITICAL | CVE-2024-41118 | streamlit-geospatial: blind SSRF via WMS URL input | streamlit-geospatial | 9.8 |
| CRITICAL | CVE-2024-41120 | streamlit-geospatial: blind SSRF via unvalidated URL input | streamlit-geospatial | 9.8 |
| MEDIUM | CVE-2024-42474 | Streamlit: path traversal leaks Windows NTLM hash | streamlit | 6.5 |
| UNKNOWN | CVE-2025-66479 | Anthropic: Protection Bypass circumvents security controls | - | |
| UNKNOWN | CVE-2025-55012 | Zed Agent Panel: AI agent RCE via permissions bypass | - | |
| MEDIUM | CVE-2025-11844 | smolagents: security flaw enables exploitation | smolagents | 5.4 |
| MEDIUM | CVE-2025-63390 | anythingllm: Missing Auth allows unauthenticated access | 5.3 |