AI Threat Alert
Attack Type
Data Leakage
Data leakage vulnerabilities allow unauthorized access to sensitive data processed by AI systems — including PII in training data, API keys in prompts, or confidential information in model responses.
128
Total CVEs
7
Pages
Page 4 of 7
Current
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| MEDIUM | CVE-2024-47168 | Gradio: monitoring endpoint bypass leaks app analytics | gradio | 4.3 |
| HIGH | CVE-2024-47868 | Gradio: path traversal leaks arbitrary server files | gradio | 7.5 |
| CRITICAL | CVE-2024-47871 | Gradio: cleartext MITM exposes ML demo data via share=True | gradio | 9.1 |
| MEDIUM | CVE-2024-51751 | Gradio: path traversal exposes arbitrary server files | gradio | 6.5 |
| UNKNOWN | CVE-2024-12065 | LLaVA: path traversal allows arbitrary file read | - | |
| MEDIUM | CVE-2024-12217 | Gradio: NTFS ADS bypass exposes blocked file paths | gradio | 5.3 |
| MEDIUM | CVE-2022-35918 | Streamlit: path traversal leaks server filesystem | streamlit | 6.5 |
| MEDIUM | CVE-2023-27494 | Streamlit: reflected XSS enables session hijacking | streamlit | 6.1 |
| MEDIUM | CVE-2024-42474 | Streamlit: path traversal leaks Windows NTLM hash | streamlit | 6.5 |
| UNKNOWN | CVE-2025-34072 | Slack MCP: zero-click exfiltration via link unfurling | - | |
| HIGH | CVE-2026-21852 | claude_code: Weak Credentials allow account compromise | claude_code | 7.5 |
| MEDIUM | CVE-2026-26972 | OpenClaw: path traversal allows arbitrary file write | openclaw | 6.7 |
| HIGH | CVE-2024-36420 | Flowise: unauthenticated arbitrary file read via API | flowise | 7.5 |
| HIGH | CVE-2024-36421 | Flowise: CORS wildcard enables file read and data theft | flowise | 7.5 |
| MEDIUM | CVE-2024-36422 | Flowise: reflected XSS enables session hijack and file read | flowise | 6.1 |
| HIGH | CVE-2025-61687 | Flowise: unrestricted file upload enables persistent RCE | flowise | 8.8 |
| MEDIUM | CVE-2024-5206 | scikit-learn: TfidfVectorizer leaks training data tokens | scikit-learn | 4.7 |
| HIGH | CVE-2023-27564 | n8n: unauthenticated info disclosure exposes credentials | n8n | 7.5 |
| MEDIUM | CVE-2025-52478 | n8n: Stored XSS enables full account takeover | n8n | 5.4 |
| MEDIUM | CVE-2025-68697 | n8n: security flaw enables exploitation | n8n | 5.4 |