AI Threat Alert
Attack Type
Data Extraction
Data extraction attacks target AI/ML systems to exfiltrate training data, model weights, user conversations, or other sensitive information. These vulnerabilities are critical in multi-tenant AI deployments.
400
Total CVEs
20
Pages
Page 8 of 20
Current
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| MEDIUM | CVE-2023-6568 | MLflow: reflected XSS via Content-Type header injection | mlflow | 6.1 |
| HIGH | CVE-2023-6709 | MLflow: SSTI enables RCE in ML experiment tracking | mlflow | 8.8 |
| HIGH | CVE-2023-6753 | MLflow: path traversal exposes arbitrary file read/write | mlflow | 8.8 |
| HIGH | CVE-2023-6909 | MLflow: path traversal exposes arbitrary files (no auth) | mlflow | 7.5 |
| CRITICAL | CVE-2024-27132 | MLflow: XSS in recipes enables client-side RCE | mlflow | 9.6 |
| HIGH | CVE-2024-1483 | MLflow: path traversal exposes arbitrary server files | mlflow | 7.5 |
| HIGH | CVE-2024-1558 | MLflow: path traversal enables arbitrary file read | mlflow | 7.5 |
| HIGH | CVE-2024-1593 | MLflow: path traversal via ';' smuggling exposes files | mlflow | 7.5 |
| HIGH | CVE-2024-1594 | MLflow: path traversal via URI fragment reads arbitrary files | mlflow | 7.5 |
| CRITICAL | CVE-2024-3573 | MLflow: LFI via URI parsing allows arbitrary file read | mlflow | 9.3 |
| HIGH | CVE-2024-3848 | MLflow: URL fragment bypass leaks SSH and cloud keys | mlflow | 7.5 |
| HIGH | CVE-2024-2928 | MLflow: URI fragment LFI exposes arbitrary files | mlflow | 7.5 |
| HIGH | CVE-2024-8859 | MLflow: path traversal allows arbitrary file read via DBFS | mlflow | 7.5 |
| HIGH | CVE-2025-1473 | MLflow: CSRF in signup allows rogue account creation | mlflow | 7.1 |
| MEDIUM | CVE-2025-52967 | MLflow: unauthenticated SSRF in gateway proxy | mlflow | 5.8 |
| CRITICAL | CVE-2025-11200 | mlflow: security flaw enables exploitation | mlflow | 9.8 |
| HIGH | CVE-2025-14279 | mlflow: security flaw enables exploitation | mlflow | 8.1 |
| CRITICAL | CVE-2026-2654 | smolagents: SSRF allows internal network access | smolagents | 9.8 |
| HIGH | CVE-2025-33213 | NVIDIA: Deserialization enables RCE | 8.8 | |
| LOW | CVE-2025-46570 | vLLM: timing side-channel leaks prompt cache data | vllm | 2.6 |