Search: model poisoning | AI Threat Alert

CVE MEDIUM CVE-2024-3099

2024-06-06

intended model, as it will open a different model each time. Additionally, an attacker can exploit this vulnerability to perform data model poisoning by creating a model with the same

CVSS 5.4 mlflow View details

CVE HIGH CVE-2026-54499

2026-06-19

Stanza: Remote Code Execution via Unsafe Pickle Deserialization in Model

CVSS 7.5 torch View details

CVE MEDIUM GHSA-6556-fwc2-fg2p

2025-12-30

Picklescan is vulnerable to RCE through missing detection when calling

picklescan View details

CVE HIGH GHSA-rrxm-2pvv-m66x

2025-12-30

Picklescan is vulnerable to RCE via missing detection when calling

picklescan View details

CVE HIGH CVE-2025-7647

2025-09-27

llama-index-core insecurely handles temporary files

CVSS 7.3 llama-index-core View details

CVE HIGH CVE-2026-28788

2026-03-27

Open WebUI's process_files_batch() endpoint missing ownership check

CVSS 7.1 open-webui View details

CVE MEDIUM CVE-2026-45397

2026-05-14

Open WebUI Vulnerable to Unauthenticated RAG Configuration Disclosure

CVSS 5.3 open-webui View details

CVE HIGH CVE-2026-45398

2026-05-14

Open WebUI Vulnerable to IDOR: Retrieval API Bypasses Knowledge Base

CVSS 7.5 open-webui View details

CVE HIGH CVE-2026-44552

2026-05-08

Open WebUI: Redis Cache Keys tool_servers and terminal_servers

CVSS 8.7 open-webui View details

CVE HIGH CVE-2025-30165

2025-05-06

vLLM is an inference and serving engine for large language

CVSS 8.0 vllm View details

CVE CRITICAL CVE-2026-44336

2026-05-11

PraisonAI MCP `tools/call` path-traversal => RCE via Python `.pth` injection

CVSS 9.6 PraisonAI View details