AI Threat Alert
All CVEs Papers
Severity:
Critical High Medium Low
118 results in 53ms
CVE HIGH GHSA-cvrr-qhgw-2mm6

Flowise: Parameter Override Bypass Remote Command Execution

CVSS 7.7 flowise-components View details
CVE CRITICAL CVE-2025-9556

files, which leads to a server side template injection vulnerability within langchaingo, allowing an attacker to insert a statement into a prompt to read the "etc/passwd" file

CVSS 9.8 View details
CVE MEDIUM CVE-2026-54009

Open WebUI: Cross-user file disclosure via /api/chat/completions image_url

CVSS 6.5 open-webui View details
CVE MEDIUM CVE-2026-44222

vLLM Vulnerable to Remote DoS via Special-Token Placeholders

CVSS 6.5 vllm View details
CVE HIGH GHSA-xqmj-j6mv-4862

LiteLLM: Server-Side Template Injection in /prompts/test endpoint

litellm View details
CVE MEDIUM CVE-2026-55249

@rtk-ai/rtk-rewrite transparently rewrites shell commands executed via OpenClaw

CVSS 6.3 openclaw View details
CVE HIGH CVE-2026-44246

nnU-Net is a semantic segmentation framework that automatically adapts

CVSS 7.2 claude-code View details
CVE HIGH CVE-2025-64496

Open WebUI Affected by an External Model Server (Direct Connections

CVSS 7.3 open-webui View details
CVE CRITICAL GHSA-4869-x4pr-q22x

PraisonAI: Unauthenticated RCE via Jobs API + Approval Bypass

CVSS 9.8 praisonaiagents View details
CVE HIGH GHSA-vjv9-7m7j-h833

npm PraisonAI SandboxExecutor allowedCommands bypass via shell chaining

CVSS 8.8 praisonai View details
CVE MEDIUM CVE-2026-44899

Mistune Image Directive CSS Injection Vulnerability

CVSS 4.7 mistune View details
CVE HIGH GHSA-5jv7-2mjm-h6qj

npm PraisonAI utility shell safe-command wrapper allowlist bypass via

CVSS 8.8 praisonai View details
CVE HIGH CVE-2026-47417

praisonai-platform: Comment endpoints accept any issue_id without workspace

CVSS 8.1 praisonai-platform View details
CVE HIGH GHSA-63v4-w882-g4x2

PraisonAI: HTTPApproval dashboard renders tool arguments as raw HTML, allowing

CVSS 8.8 praisonai View details
CVE CRITICAL CVE-2026-25481

Langroid has WAF Bypass Leading to RCE in TableChatAgent

langroid View details
CVE MEDIUM CVE-2026-52816

Gogs's Unauthenticated Jupyter Notebook (ipynb) Sanitizer allows arbitrary data

gogs.io/gogs View details
CVE HIGH CVE-2026-47406

praisonai-platform: IDOR in dependency endpoints allows cross-workspace issue

CVSS 8.1 praisonai-platform View details
CVE HIGH CVE-2026-44569

Open WebUI's Insecure Message Access Breaks Authorization

CVSS 7.1 open-webui View details
Previous Page 6 of 6