AI Threat Alert
Attack Type
Data Extraction
Data extraction attacks target AI/ML systems to exfiltrate training data, model weights, user conversations, or other sensitive information. These vulnerabilities are critical in multi-tenant AI deployments.
401
Total CVEs
21
Pages
Page 14 of 21
Current
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| CRITICAL | CVE-2026-25049 | n8n: security flaw enables exploitation | n8n | 9.9 |
| MEDIUM | CVE-2026-25051 | n8n: XSS enables session hijacking | n8n | 5.4 |
| CRITICAL | CVE-2026-25052 | n8n: security flaw enables exploitation | n8n | 9.9 |
| CRITICAL | CVE-2026-25053 | n8n: Command Injection enables RCE | n8n | 9.9 |
| MEDIUM | CVE-2026-25054 | n8n: XSS enables session hijacking | n8n | 5.4 |
| HIGH | CVE-2026-25056 | n8n: Arbitrary File Upload enables RCE | n8n | 8.8 |
| CRITICAL | CVE-2026-25115 | n8n: Protection Bypass circumvents security controls | n8n | 9.9 |
| MEDIUM | CVE-2025-45809 | LiteLLM: SQL injection in key management API | litellm | 5.4 |
| UNKNOWN | CVE-2025-11203 | LiteLLM: Info Disclosure leaks sensitive data | - | |
| CRITICAL | CVE-2026-33475 | langflow: security flaw enables exploitation | langflow | 9.1 |
| HIGH | CVE-2026-33484 | langflow: Access Control bypass enables privilege escalation | langflow | 7.5 |
| HIGH | CVE-2026-33497 | langflow: Path Traversal enables file access | langflow | 7.5 |
| MEDIUM | GHSA-5cxw-w2xg-2m8h | fickling: Allowlist Bypass evades input filtering | fickling | - |
| MEDIUM | GHSA-r48f-3986-4f9c | fickling: Allowlist Bypass evades input filtering | fickling | - |
| HIGH | CVE-2026-27826 | mcp-atlassian: SSRF allows internal network access | mcp-atlassian | 8.2 |
| HIGH | GHSA-5r2p-pjr8-7fh7 | sagemaker: Allowlist Bypass evades input filtering | sagemaker | - |
| LOW | GHSA-83pf-v6qq-pwmr | fickling: Allowlist Bypass evades input filtering | fickling | - |
| HIGH | CVE-2026-2472 | google-cloud-aiplatform: XSS enables session hijacking | - | |
| HIGH | CVE-2026-1777 | sagemaker: security flaw enables exploitation | sagemaker | 7.2 |
| LOW | CVE-2026-25211 | llama-stack: security flaw enables exploitation | 3.2 |