AI Threat Alert
Attack Type
Code Execution
Remote code execution (RCE) vulnerabilities in AI frameworks allow attackers to execute arbitrary code on servers running ML inference, training pipelines, or AI agent frameworks.
643
Total CVEs
33
Pages
Page 18 of 33
Current
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| CRITICAL | CVE-2024-41119 | streamlit-geospatial: RCE via eval() on vis_params input | streamlit-geospatial | 9.8 |
| HIGH | CVE-2024-45848 | MindsDB: RCE via eval() injection in ChromaDB INSERT | 8.8 | |
| UNKNOWN | CVE-2025-66479 | Anthropic: Protection Bypass circumvents security controls | - | |
| UNKNOWN | CVE-2025-55012 | Zed Agent Panel: AI agent RCE via permissions bypass | - | |
| MEDIUM | CVE-2025-12695 | dspy: security flaw enables exploitation | 5.9 | |
| CRITICAL | CVE-2025-67511 | cai-framework: Command Injection enables RCE | 9.6 | |
| CRITICAL | CVE-2025-13374 | Kalrav: Arbitrary File Upload enables RCE | 9.8 | |
| MEDIUM | CVE-2026-25640 | pydantic-ai: Path Traversal enables file access | pydantic-ai-slim | 5.4 |
| CRITICAL | CVE-2026-25592 | semantic-kernel: Path Traversal enables file access | semantic-kernel | 9.9 |
| MEDIUM | CVE-2026-26320 | OpenClaw: UI deception enables arbitrary command execution | openclaw | 6.5 |
| MEDIUM | CVE-2026-26972 | OpenClaw: path traversal allows arbitrary file write | openclaw | 6.7 |
| HIGH | CVE-2026-27001 | OpenClaw: prompt injection via unsanitized workspace path | openclaw | 7.8 |
| HIGH | CVE-2026-24780 | agpt: Code Injection enables RCE | 8.8 | |
| CRITICAL | CVE-2024-31224 | gpt_academic: deserialization RCE, no auth required | gpt_academic | 9.8 |
| MEDIUM | CVE-2024-36423 | Flowise: reflected XSS in chatflow API enables session hijack | flowise | 6.1 |
| MEDIUM | CVE-2024-37145 | Flowise: reflected XSS enables file read chain via chatflow | flowise | 6.1 |
| CRITICAL | CVE-2024-52803 | LlamaFactory: RCE via OS command injection in training | llamafactory | 9.8 |
| HIGH | CVE-2025-46567 | LLaMA-Factory: RCE via torch.load() unsafe deserialization | llamafactory | 7.8 |
| CRITICAL | CVE-2025-53002 | LLaMA-Factory: RCE via unsafe checkpoint deserialization | llamafactory | 9.8 |
| CRITICAL | CVE-2025-59528 | Flowise: Unauthenticated RCE via MCP config injection | flowise | 10.0 |