AI Threat Alert
ATLAS Landscape
AML.T0043.003
Manual Modification
Adversaries may manually modify the input data to craft adversarial data. They may use their knowledge of the target model to modify parts of the data they suspect helps the model in performing its task. The adversary may use trial and error until they are able to verify they have a working adversarial input.
22 CVEs mapped
View on MITRE ATLAS →
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| CRITICAL | CVE-2026-22778 | vllm: security flaw enables exploitation | vllm | 9.8 |
| HIGH | CVE-2021-29607 | TensorFlow: heap OOB write in SparseAdd op | tensorflow | 7.8 |
| HIGH | CVE-2021-29537 | TensorFlow: heap overflow in QuantizedResizeBilinear op | tensorflow | 7.8 |
| HIGH | CVE-2021-29529 | TensorFlow: heap buffer overflow in quantized image resize | tensorflow | 7.8 |
| HIGH | CVE-2021-29514 | TensorFlow: heap buffer overflow in RaggedBincount op | tensorflow | 7.8 |
| HIGH | CVE-2022-36001 | TensorFlow: DoS via type confusion in DrawBoundingBoxes | tensorflow | 7.5 |
| HIGH | CVE-2020-5215 | TensorFlow: type confusion DoS crashes eager mode inference | tensorflow | 7.5 |
| HIGH | CVE-2026-44549 | open-webui: XSS via XLSX preview enables session hijack | open-webui | 7.3 |
| MEDIUM | CVE-2026-44222 | vLLM: token injection DoS via multimodal placeholders | vllm | 6.5 |
| MEDIUM | CVE-2022-23584 | TensorFlow: use-after-free in PNG decode causes DoS | tensorflow | 6.5 |
| MEDIUM | CVE-2022-23583 | TensorFlow: SavedModel type confusion triggers DoS crash | tensorflow | 6.5 |
| MEDIUM | CVE-2022-23557 | TensorFlow TFLite: DoS via divide-by-zero in BiasAndClamp | tensorflow | 6.5 |
| MEDIUM | CVE-2026-34760 | vLLM: audio downmix mismatch enables adversarial input | 5.9 | |
| MEDIUM | CVE-2026-40190 | langsmith: prototype pollution enables auth bypass, RCE | langsmith | 5.6 |
| MEDIUM | CVE-2022-29211 | TensorFlow: NaN input crashes histogram op (CPU DoS) | tensorflow | 5.5 |
| MEDIUM | CVE-2021-29519 | TensorFlow SparseCross: type confusion DoS | tensorflow | 5.5 |
| MEDIUM | CVE-2022-29192 | TensorFlow: DoS via QuantizeAndDequantize input validation | tensorflow | 5.5 |
| MEDIUM | GHSA-26jh-r8g2-6fpr | Gradio: Dropdown validation bypass enables arbitrary input | gradio | 5.3 |
| MEDIUM | CVE-2025-46148 | PyTorch: PairwiseDistance silent miscalculation, integrity risk | pytorch | 5.3 |
| LOW | CVE-2025-25183 | vLLM: hash collision enables prefix cache poisoning | vllm | 2.6 |
| LOW | CVE-2026-7845 | Langchain-Chatchat: weak image hash allows integrity bypass | langchain-chatchat | 2.6 |
| MEDIUM | CVE-2024-52524 | Giskard: ReDoS in text perturbation causes DoS | — |