AI Threat Alert
Attack Type
Code Execution
Remote code execution (RCE) vulnerabilities in AI frameworks allow attackers to execute arbitrary code on servers running ML inference, training pipelines, or AI agent frameworks.
637
Total CVEs
32
Pages
Page 16 of 32
Current
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| CRITICAL | CVE-2025-32444 | vLLM: RCE via pickle deserialization on ZeroMQ | vllm | 9.8 |
| HIGH | CVE-2025-30165 | vLLM: pickle RCE in multi-node inference deployments | vllm | 8.0 |
| HIGH | CVE-2025-66448 | vllm: Code Injection enables RCE | vllm | 8.8 |
| CRITICAL | CVE-2026-22807 | vllm: Code Injection enables RCE | vllm | 9.8 |
| CRITICAL | CVE-2026-22778 | vllm: security flaw enables exploitation | vllm | 9.8 |
| HIGH | CVE-2024-37032 | Ollama: path traversal enables RCE via model blob API | ollama | 8.8 |
| HIGH | CVE-2024-39720 | Ollama: OOB read in GGUF parser enables remote DoS | ollama | 8.2 |
| UNKNOWN | CVE-2025-15063 | Ollama: Command Injection enables RCE | - | |
| CRITICAL | CVE-2024-37014 | Langflow: unauthenticated RCE via custom component API | langflow | 9.8 |
| HIGH | CVE-2024-7297 | Langflow: mass assignment grants super admin access | langflow | 8.8 |
| CRITICAL | CVE-2024-42835 | Langflow: Unauthenticated RCE via PythonCodeTool | langflow | 9.8 |
| CRITICAL | CVE-2024-48061 | Langflow: RCE via unsandboxed code component execution | langflow | 9.8 |
| CRITICAL | CVE-2025-3248 | Langflow: Unauth RCE via code injection endpoint | langflow | 9.8 |
| HIGH | CVE-2025-57760 | Langflow: privilege escalation to full superuser via CLI | langflow | 8.8 |
| HIGH | CVE-2025-34291 | langflow: security flaw enables exploitation | langflow | 8.8 |
| HIGH | CVE-2025-68478 | langflow: File Control enables path manipulation | langflow | 7.1 |
| UNKNOWN | CVE-2026-0768 | langflow: Code Injection enables RCE | langflow | - |
| UNKNOWN | CVE-2026-0769 | langflow: Code Injection enables RCE | langflow | - |
| HIGH | CVE-2026-0770 | langflow: security flaw enables exploitation | langflow | - |
| UNKNOWN | CVE-2026-0771 | langflow: Code Injection enables RCE | langflow | - |