AI Threat Alert
Attack Type
Social Engineering
Social engineering attacks leverage AI systems to enhance phishing, impersonation, or deception — including deepfakes, AI-generated spear phishing, and automated social manipulation.
28
Total CVEs
2
Pages
Page 1 of 2
Current
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| CRITICAL | CVE-2026-27495 | n8n: Code Injection enables RCE | n8n | 9.9 |
| CRITICAL | CVE-2026-27577 | n8n: Code Injection enables RCE | n8n | 9.9 |
| MEDIUM | CVE-2025-58177 | n8n: stored XSS in LangChain chat trigger (public) | n8n | 5.4 |
| MEDIUM | CVE-2025-7021 | OpenAI Operator: fullscreen spoofing captures credentials | operator | 6.5 |
| MEDIUM | CVE-2021-28796 | Qiita::Markdown: XSS in transformer components | 6.1 | |
| LOW | CVE-2025-3777 | Transformers: URL validation bypass exposes image pipeline | transformers | 3.5 |
| MEDIUM | CVE-2024-4940 | Gradio: open redirect enables phishing against ML users | gradio | 6.1 |
| MEDIUM | CVE-2024-8021 | Gradio: open redirect exposes AI demo users to phishing | gradio | 6.1 |
| MEDIUM | CVE-2026-26320 | OpenClaw: UI deception enables arbitrary command execution | openclaw | 6.5 |
| MEDIUM | CVE-2024-37146 | Flowise: reflected XSS enables credential theft | flowise | 6.1 |
| HIGH | CVE-2026-26286 | sillytavern: SSRF allows internal network access | 8.5 | |
| MEDIUM | CVE-2025-49592 | n8n: open redirect enables phishing via login flow | n8n | 5.4 |
| HIGH | CVE-2026-21893 | n8n: Input Validation flaw enables exploitation | n8n | 7.2 |
| MEDIUM | CVE-2026-25631 | n8n: Input Validation flaw enables exploitation | n8n | 6.5 |
| CRITICAL | CVE-2025-62593 | ray: Code Injection enables RCE | ray | - |
| HIGH | CVE-2025-64496 | open-webui: Code Injection enables RCE | open-webui | 7.3 |
| LOW | CVE-2025-50736 | pdf2zh: security flaw enables exploitation | - | |
| LOW | CVE-2025-59842 | JupyterLab: missing noopener enables reverse tabnabbing | - | |
| HIGH | CVE-2025-47783 | Label Studio: XSS enables unauthorized actions via CSRF | label-studio | - |
| MEDIUM | GHSA-564p-rx2q-4c8v | BentoML: open redirect exposes ML teams to phishing | bentoml | 6.1 |
Page 1 of 2