AI Threat Alert
Attack Type
Data Extraction
Data extraction attacks target AI/ML systems to exfiltrate training data, model weights, user conversations, or other sensitive information. These vulnerabilities are critical in multi-tenant AI deployments.
401
Total CVEs
21
Pages
Page 15 of 21
Current
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| HIGH | CVE-2026-22219 | chainlit: SSRF allows internal network access | chainlit | 7.7 |
| HIGH | CVE-2026-22033 | label-studio: XSS enables session hijacking | label-studio | - |
| HIGH | GHSA-9726-w42j-3qjr | picklescan: Path Traversal enables file access | picklescan | - |
| MEDIUM | CVE-2025-67743 | local-deep-research: SSRF allows internal network access | 6.3 | |
| HIGH | CVE-2025-67644 | langgraph-checkpoint-sqlite: SQL Injection exposes database | langgraph-checkpoint-sqlite | 7.3 |
| HIGH | CVE-2025-65958 | open-webui: SSRF allows internal network access | open-webui | 8.5 |
| CRITICAL | CVE-2025-33244 | NVIDIA: Deserialization enables RCE | 9.0 | |
| HIGH | CVE-2025-64495 | Open WebUI: XSS-to-RCE via malicious prompt injection | open-webui | 8.7 |
| HIGH | CVE-2025-64104 | langgraph-checkpoint-sqlite: SQL Injection exposes database | langgraph-checkpoint-sqlite | 7.3 |
| UNKNOWN | CVE-2026-33401 | Wallos: SSRF allows internal network access | - | |
| HIGH | CVE-2025-7647 | llama-index-core: insecure /tmp dir, model theft risk | llama-index-core | 7.3 |
| MEDIUM | CVE-2025-51481 | Dagster: path traversal exposes arbitrary file read via gRPC | 6.6 | |
| HIGH | CVE-2025-6209 | llama_index: path traversal allows arbitrary file read | llama-index-core | 7.5 |
| HIGH | CVE-2025-6386 | lollms: timing attack enables credential enumeration | lollms | 7.5 |
| MEDIUM | CVE-2025-6210 | llama-index Obsidian reader: hardlink path traversal leaks files | llama-index-readers-obsidian | 6.2 |
| HIGH | CVE-2025-3046 | LlamaIndex Obsidian: symlink traversal exposes host files | llama-index-readers-obsidian | 7.5 |
| CRITICAL | CVE-2025-1793 | llama_index: SQL injection in vector store integrations | llama-index | 9.8 |
| HIGH | CVE-2025-30167 | jupyter_core: config hijack enables cross-user code exec | 7.3 | |
| CRITICAL | CVE-2024-11958 | llama-index DuckDB retriever: SQLi enables RCE | llama-index-retrievers-duckdb-retriever | 9.8 |
| CRITICAL | CVE-2025-47241 | browser-use: URL allowlist bypass enables SSRF in agents | browser-use | 9.3 |