AI Threat Alert
Attack Type
Data Extraction
Data extraction attacks target AI/ML systems to exfiltrate training data, model weights, user conversations, or other sensitive information. These vulnerabilities are critical in multi-tenant AI deployments.
397
Total CVEs
20
Pages
Page 6 of 20
Current
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| HIGH | CVE-2024-6587 | LiteLLM: SSRF leaks OpenAI API key to attacker | litellm | 7.5 |
| MEDIUM | CVE-2024-6845 | ChatGPT WP Plugin: OpenAI API key leak via unauth REST | 5.3 | |
| CRITICAL | CVE-2024-52384 | Sage AI Plugin: unrestricted upload → web shell RCE | 9.9 | |
| HIGH | CVE-2024-32965 | Lobe Chat: pre-auth SSRF leaks OpenAI API keys | 8.6 | |
| MEDIUM | CVE-2024-11896 | WP Text Prompter: Stored XSS in OpenAI shortcode plugin | 6.4 | |
| UNKNOWN | CVE-2024-56516 | free-one-api: MD5 hashing allows credential cracking | - | |
| MEDIUM | CVE-2024-13698 | Jobify WP: missing authz allows OpenAI key abuse, SSRF | 6.5 | |
| UNKNOWN | CVE-2024-11037 | gpt_academic: path traversal exposes LLM API keys | gpt_academic | - |
| UNKNOWN | CVE-2024-12775 | Dify: SSRF via custom tool URL enables credential theft | - | |
| HIGH | CVE-2024-7959 | Open-WebUI: SSRF via unchecked OpenAI URL leaks internal secrets | open-webui | 7.7 |
| HIGH | CVE-2025-5018 | Hive Support WP: OpenAI key theft + prompt hijack | 7.1 | |
| MEDIUM | CVE-2025-53621 | DSpace: XXE injection enables server file disclosure | 6.9 | |
| MEDIUM | CVE-2025-7780 | WordPress AI Engine: SSRF leaks files via OpenAI API | 6.5 | |
| HIGH | CVE-2025-7725 | WP Contest Gallery: Stored XSS exposes OpenAI API creds | 7.2 | |
| CRITICAL | CVE-2025-53767 | Azure OpenAI: SSRF EoP, no auth required (CVSS 10) | azure_openai | 10.0 |
| CRITICAL | CVE-2025-59434 | Flowise Cloud: cross-tenant env var exposure leaks API keys | 9.6 | |
| MEDIUM | CVE-2025-60511 | Moodle: IDOR enables unauthorized data access | 4.3 | |
| MEDIUM | CVE-2025-11972 | AI component: SQL Injection exposes database | 4.9 | |
| MEDIUM | CVE-2025-12732 | AI component: Info Disclosure leaks sensitive data | 4.3 | |
| HIGH | CVE-2025-12973 | AI component: Arbitrary File Upload enables RCE | 7.2 |