AI Threat Alert
Attack Type
Code Execution
Remote code execution (RCE) vulnerabilities in AI frameworks allow attackers to execute arbitrary code on servers running ML inference, training pipelines, or AI agent frameworks.
643
Total CVEs
33
Pages
Page 20 of 33
Current
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| HIGH | CVE-2024-43598 | LightGBM: heap buffer overflow enables network RCE | lightgbm | 8.1 |
| CRITICAL | CVE-2024-2912 | BentoML: RCE via insecure deserialization (CVSS 10) | 10.0 | |
| CRITICAL | CVE-2024-9070 | BentoML: unauthenticated RCE via runner deserialization | bentoml | 9.8 |
| CRITICAL | CVE-2025-27520 | BentoML: unauthenticated RCE via insecure deserialization | bentoml | 9.8 |
| CRITICAL | CVE-2025-32375 | BentoML: RCE via insecure deserialization in runner | bentoml | 9.8 |
| HIGH | CVE-2025-5173 | label-studio-ml: PyTorch .pt deserialization RCE in YOLO loader | label-studio-ml | 7.8 |
| HIGH | CVE-2023-27563 | n8n: privilege escalation exposes full workflow admin | n8n | 8.8 |
| MEDIUM | CVE-2025-46343 | n8n: stored XSS enables account takeover | n8n | 5.4 |
| MEDIUM | CVE-2025-52478 | n8n: Stored XSS enables full account takeover | n8n | 5.4 |
| CRITICAL | CVE-2025-55526 | n8n-workflows: path traversal in download_workflow endpoint | fastapi | 9.1 |
| HIGH | CVE-2025-56265 | n8n: unrestricted file upload RCE via Chat Trigger | n8n | 8.8 |
| HIGH | CVE-2025-62726 | n8n: security flaw enables exploitation | n8n | 8.8 |
| HIGH | CVE-2025-65964 | n8n: security flaw enables exploitation | n8n | 8.8 |
| HIGH | CVE-2025-68613 | n8n: security flaw enables exploitation | n8n | 8.8 |
| MEDIUM | CVE-2025-61914 | n8n: XSS enables session hijacking | n8n | 5.4 |
| CRITICAL | CVE-2025-68668 | n8n: Protection Bypass circumvents security controls | n8n | 9.9 |
| MEDIUM | CVE-2025-68697 | n8n: security flaw enables exploitation | n8n | 5.4 |
| CRITICAL | CVE-2026-21858 | n8n: Input Validation flaw enables exploitation | n8n | 10.0 |
| CRITICAL | CVE-2026-21877 | n8n: Code Injection enables RCE | n8n | 9.9 |
| MEDIUM | CVE-2026-21894 | n8n: security flaw enables exploitation | n8n | 6.5 |