Skip to main content

AI / ML

379 CVEs product

Monthly

CVE-2025-14384 MEDIUM This Month

The All in One SEO - Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the `/aioseo/v1/ai/credits` REST route in all versions up to, and including, 4.9.2. [CVSS 4.3 MEDIUM]

WordPress AI / ML PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-65368 MEDIUM POC This Month

SparkyFitness v0.15.8.2 is vulnerable to Cross Site Scripting (XSS) via user input and LLM output. [CVSS 6.1 MEDIUM]

XSS AI / ML Sparkyfitness
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-22708 CRITICAL Act Now

Cursor AI code editor before 2.3 allows prompt injection to bypass the Agent's Allowlist mode. Shell built-ins can execute without appearing in the allowlist, enabling environment poisoning and arbitrary command execution.

Code Injection AI / ML Cursor
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-68492 PyPI MEDIUM PATCH This Month

Chainlit versions up to 2.8.5 is affected by authorization bypass through user-controlled key (CVSS 4.2).

Authentication Bypass AI / ML
NVD GitHub
CVSS 3.0
4.2
EPSS
0.0%
CVE-2026-22686 npm CRITICAL POC PATCH Act Now

enclave-vm JavaScript sandbox (before 2.7.0) has a critical sandbox escape. When a tool invocation fails, a host-side Error object is exposed to sandboxed code, which can use its prototype chain to access the host Node.js runtime. Maximum CVSS 10.0 with scope change. PoC available, patch available.

Node.js AI / ML Enclave
NVD GitHub
CVSS 3.1
10.0
EPSS
0.2%
CVE-2026-22871 PyPI CRITICAL PATCH Act Now

GuardDog security scanner before 2.7.1 has a path traversal in safe_extract() that allows malicious PyPI packages to write files outside the extraction directory. Ironic vulnerability in a tool designed to detect malicious packages. Patch available.

RCE Path Traversal AI / ML Guarddog
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2026-22870 PyPI HIGH POC PATCH This Week

GuardDog versions prior to 2.7.1 fail to validate decompressed file sizes when extracting Python package archives, enabling denial of service attacks through zip bomb payloads that can consume gigabytes of disk space from minimal compressed data. Public exploit code exists for this vulnerability, affecting users who rely on GuardDog to scan PyPI packages for malicious content. Upgrade to version 2.7.1 or later to remediate this flaw.

Denial Of Service AI / ML Guarddog
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-22869 CRITICAL POC PATCH Act Now

Eigent multi-agent workflow CI pipeline (ci.yml) uses pull_request_target with checkout of untrusted PR code, enabling arbitrary code execution with repository write permissions from fork PRs. PoC available, patch available.

Github AI / ML Eigent
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-22813 npm MEDIUM POC PATCH This Month

OpenCode's markdown renderer fails to sanitize HTML input in LLM responses, allowing attackers who control the chat output to inject arbitrary JavaScript that executes in the localhost:4096 origin without Content Security Policy protections. Public exploit code exists for this cross-site scripting vulnerability, affecting users of the AI coding agent through versions prior to 1.1.10. An attacker can achieve session compromise or local code execution by manipulating LLM responses to inject malicious scripts.

XSS AI / ML Opencode
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-22812 npm HIGH POC PATCH This Week

Opencode versions up to 1.0.216 is affected by missing authentication for critical function (CVSS 8.8).

Authentication Bypass RCE AI / ML Opencode
NVD GitHub
CVSS 3.1
8.8
EPSS
2.6%
CVE-2025-12420 CRITICAL Act Now

ServiceNow AI Platform has a user impersonation vulnerability allowing unauthenticated attackers to impersonate any user and perform their authorized actions. ServiceNow has deployed patches to hosted instances and self-hosted updates are available.

Privilege Escalation AI / ML Virtual Agent Api Now Assist Ai Agents
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-22252 CRITICAL POC PATCH Act Now

LibreChat before v0.8.2-rc2 allows any authenticated user to execute shell commands as root inside the container through the MCP stdio transport. A single API request is sufficient for root code execution. PoC available, patch available.

Authentication Bypass AI / ML Librechat
NVD GitHub
CVSS 3.1
9.1
EPSS
0.0%
CVE-2025-68472 PyPI HIGH POC PATCH GHSA This Week

MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 25.11.1, an unauthenticated path traversal in the file upload API lets any caller read arbitrary files from the server filesystem and move them into MindsDB’s storage, exposing sensitive data. [CVSS 8.1 HIGH]

Path Traversal AI / ML Mindsdb
NVD GitHub
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-22773 PyPI MEDIUM POC PATCH This Month

Vllm versions up to 0.12.0 is affected by allocation of resources without limits or throttling (CVSS 6.5).

Denial Of Service AI / ML Vllm Red Hat
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-22688 Go CRITICAL POC PATCH Act Now

WeKnora LLM framework (before 0.2.5) allows authenticated users to inject MCP stdio commands that the server executes as subprocesses. PoC available, patch available.

Command Injection AI / ML Weknora Suse
NVD GitHub
CVSS 3.1
9.9
EPSS
0.3%
CVE-2026-22687 Go MEDIUM POC PATCH This Month

WeKnora versions before 0.2.5 allow unauthenticated attackers to bypass database query restrictions through prompt injection techniques when the Agent service is enabled, enabling unauthorized access to sensitive data. Public exploit code exists for this vulnerability, which affects the framework's document understanding and semantic retrieval capabilities. A patch is available in version 0.2.5 and later.

SQLi AI / ML Weknora Suse
NVD GitHub
CVSS 3.1
5.6
EPSS
0.1%
CVE-2026-22612 PyPI HIGH PATCH This Week

Fickling versions prior to 0.1.7 fail to properly detect malicious pickle payloads due to inadequate handling of the "builtins" module, allowing attackers to bypass security analysis and potentially execute arbitrary code. This vulnerability affects Python environments using vulnerable versions of Fickling for pickle inspection and static analysis. An attacker can craft specially designed pickle files that evade detection mechanisms, compromising the integrity of pickle validation workflows.

Python AI / ML Fickling
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-22609 PyPI HIGH POC PATCH This Week

Fickling's static analyzer before version 0.1.7 fails to detect several dangerous Python modules in pickled objects, enabling attackers to craft malicious pickles that bypass safety checks and achieve arbitrary code execution. This vulnerability affects users relying on Fickling to validate untrusted serialized Python objects for safety. Public exploit code exists for this HIGH severity vulnerability, though a patch is available in version 0.1.7 and later.

Python Deserialization AI / ML Fickling
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-22608 PyPI HIGH PATCH This Week

Fickling before version 0.1.7 allows local attackers to achieve arbitrary code execution through Python pickle deserialization by chaining unblocked ctypes and pydoc modules, bypassing the tool's safety scanner which incorrectly reports malicious files as LIKELY_SAFE. An attacker with user interaction can exploit this vulnerability to execute code with the privileges of the Python process. A patch is available in version 0.1.7 and later.

Python RCE Deserialization AI / ML Fickling
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-22607 PyPI HIGH POC PATCH This Week

Fickling's static analyzer through version 0.1.6 fails to properly classify the cProfile module as unsafe during pickle analysis, causing malicious pickles leveraging cProfile.run() to be marked as SUSPICIOUS rather than OVERTLY_MALICIOUS. Organizations using Fickling as a security gate for deserialization decisions may be deceived into executing attacker-controlled code. Public exploit code exists for this vulnerability, and patches are available in version 0.1.7 and later.

Python Deserialization AI / ML Fickling
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-22606 PyPI HIGH POC PATCH This Week

Fickling's incomplete pickle analysis allows attackers to bypass security checks by using Python's runpy module to execute arbitrary code. Versions through 0.1.6 misclassify dangerous runpy-based payloads as merely suspicious rather than malicious, enabling code execution on systems that rely on Fickling to validate pickle safety. Public exploit code exists for this vulnerability, though a patch is available in version 0.1.7.

Python Deserialization AI / ML Fickling
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-13781 MEDIUM This Month

GitLab has remediated an issue in GitLab EE affecting all versions from 18.5 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to modify instance-wide AI feature provider settings by exploiting missing authorization checks in GraphQL mutations. [CVSS 6.5 MEDIUM]

Gitlab AI / ML
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-14980 MEDIUM This Month

The BetterDocs plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.3 via the scripts() function. [CVSS 6.5 MEDIUM]

WordPress Information Disclosure AI / ML PHP
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-21869 HIGH POC This Week

Llama.cpp server endpoints fail to validate the n_discard parameter from JSON input, allowing negative values that trigger out-of-bounds memory writes when the context buffer fills. This memory corruption vulnerability affects LLM inference operations and can be exploited remotely without authentication to crash the service or achieve code execution; public exploit code exists and no patch is currently available.

RCE Memory Corruption Denial Of Service AI / ML Llama.Cpp +2
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2026-21851 PyPI MEDIUM POC PATCH This Month

MONAI versions up to 1.5.1 contain a path traversal vulnerability in the `_download_from_ngc_private()` function that fails to validate extracted archive contents, allowing attackers to write files outside the intended directory during package extraction. An attacker with user interaction can exploit this via a malicious ZIP file to overwrite arbitrary files on the system. Public exploit code exists for this vulnerability, and a patch is available in commit 4014c8475626f20f158921ae0cf98ed259ae4d59.

Path Traversal AI / ML Monai
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-69222 CRITICAL POC PATCH Act Now

LibreChat 0.8.1-rc2 has SSRF in the Actions feature that allows authenticated users to make the server perform requests to internal networks. By configuring agents with malicious OpenAPI specifications, attackers can scan internal infrastructure and access internal services. PoC available, patch available.

Docker SSRF AI / ML Librechat
NVD GitHub
CVSS 3.1
9.1
EPSS
0.2%
CVE-2025-69221 MEDIUM POC PATCH This Month

LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 does not enforce proper access control when querying agent permissions. [CVSS 4.3 MEDIUM]

Authentication Bypass AI / ML Librechat
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-69220 HIGH POC PATCH This Week

LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 does not enforce proper access control for file uploads to an agents file context and file search. [CVSS 7.1 HIGH]

Authentication Bypass AI / ML Librechat
NVD GitHub
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-67366 HIGH POC This Week

Filesystem-Mcp versions up to 0.5.8 contains a vulnerability that allows attackers to bypass directory restrictions by leveraging symlinks within the allowed director (CVSS 7.5).

Path Traversal AI / ML Filesystem Mcp
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-67364 npm HIGH POC This Week

fast-filesystem-mcp version 3.4.0 contains a critical path traversal vulnerability in its file operation tools including fast_read_file. This vulnerability arises from improper path validation that fails to resolve symbolic links to their actual physical paths. [CVSS 7.5 HIGH]

Path Traversal AI / ML Fast Filesystem Mcp
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-62327 MEDIUM This Month

Hcl Devops Deploy versions up to 8.1.2.3 is affected by insufficiently protected credentials (CVSS 4.9).

Authentication Bypass AI / ML Hcl Devops Deploy
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2025-13722 MEDIUM This Month

The Fluent Forms - Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.1.7. This is due to missing capability checks on the `fluentform_ai_create_form` AJAX action. [CVSS 5.3 MEDIUM]

WordPress AI / ML PHP
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-14438 MEDIUM This Month

The Xagio SEO - AI Powered SEO plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.1.0.30 via the 'pixabayDownloadImage' function. [CVSS 6.4 MEDIUM]

WordPress SSRF AI / ML PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-67732 MEDIUM POC This Month

Dify is an open-source LLM app development platform. Prior to version 1.11.0, the API key is exposed in plaintext to the frontend, allowing non-administrator users to view and reuse it. [CVSS 6.5 MEDIUM]

Authentication Bypass Information Disclosure AI / ML Dify
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-67303 PyPI HIGH POC PATCH GHSA This Week

An issue in ComfyUI-Manager prior to version 3.38 allowed remote attackers to potentially manipulate its configuration and critical data. This was due to the application storing its files in an insufficiently protected location that was accessible via the web interface [CVSS 7.5 HIGH]

Information Disclosure AI / ML Comfyui Manager
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-15240 HIGH This Week

QOCA aim AI Medical Cloud Platform developed by Quanta Computer has an Arbitrary File Upload vulnerability, allowing authenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server. [CVSS 8.8 HIGH]

File Upload RCE AI / ML Qoca Aim
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-15239 MEDIUM This Month

QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents. [CVSS 6.5 MEDIUM]

SQLi AI / ML Qoca Aim
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-15238 MEDIUM This Month

QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents. [CVSS 6.5 MEDIUM]

SQLi AI / ML Qoca Aim
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-15237 MEDIUM This Month

QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a Path Traversal vulnerability, allowing authenticated remote attackers to read folder names under the specified path by exploiting an Absolute Path Traversal vulnerability. [CVSS 4.3 MEDIUM]

Path Traversal AI / ML Qoca Aim
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-15236 MEDIUM This Month

QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a Path Traversal vulnerability, allowing authenticated remote attackers to read folder names under the specified path by exploiting an Absolute Path Traversal vulnerability. [CVSS 4.3 MEDIUM]

Path Traversal AI / ML Qoca Aim
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-15235 MEDIUM This Month

QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a Missing Authorization vulnerability, allowing authenticated remote attackers to modify specific network packet parameters, enabling certain system functions to access other users' files. [CVSS 6.5 MEDIUM]

Authentication Bypass AI / ML Qoca Aim
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-21484 MEDIUM POC PATCH This Month

AnythingLLM's password recovery endpoint leaks information about valid usernames through differential error messages, enabling account enumeration attacks. Public exploit code exists for this low-complexity network vulnerability that requires no authentication. The issue has been patched as of commit e287fab56089cf8fcea9ba579a3ecdeca0daa313.

Information Disclosure AI / ML Anythingllm
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-21445 PyPI CRITICAL POC PATCH Act Now

Langflow before 1.7.0.dev45 exposes multiple API endpoints without authentication, allowing unauthenticated access to user conversations, transaction data, and message deletion. Critical for AI workflow platforms that handle sensitive prompt data.

Authentication Bypass AI / ML Langflow
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-67511 PyPI CRITICAL POC PATCH Act Now

A critical command injection vulnerability exists in the Cybersecurity AI (CAI) framework versions 0.5.9 and below, allowing attackers to execute arbitrary commands through unsanitized SSH parameters (username, host, port) in the run_ssh_command_with_credentials() function accessible to AI agents. The vulnerability has a publicly available proof-of-concept exploit and enables remote code execution with potential for complete system compromise, though real-world exploitation probability remains relatively low at 0.12% EPSS score despite the high CVSS rating of 9.6.

Command Injection SSH AI / ML RCE Cybersecurity Ai
NVD GitHub VulDB
CVSS 3.1
9.6
EPSS
0.1%
CVE-2025-65106 PyPI HIGH PATCH This Month

LangChain is a framework for building agents and LLM-powered applications. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Python Ssti Langchain AI / ML +1
NVD GitHub
CVSS 4.0
8.3
EPSS
0.1%
CVE-2025-62164 PyPI HIGH PATCH This Month

vLLM is an inference and serving engine for large language models (LLMs). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow RCE Vllm Pytorch AI / ML +1
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-55560 PyPI HIGH PATCH This Week

An issue in pytorch v2.7.0 can lead to a Denial of Service (DoS) when a PyTorch model consists of torch.Tensor.to_sparse() and torch.Tensor.to_dense() and is compiled by Inductor. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Pytorch AI / ML Red Hat
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-55559 HIGH POC This Month

An issue was discovered TensorFlow v2.18.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Tensorflow AI / ML Red Hat Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-55558 PyPI HIGH PATCH This Week

A buffer overflow occurs in pytorch v2.7.0 when a PyTorch model consists of torch.nn.Conv2d, torch.nn.functional.hardshrink, and torch.Tensor.view-torch.mv() and is compiled by Inductor, leading to a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Buffer Overflow Pytorch AI / ML Red Hat
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-55557 PyPI HIGH PATCH This Week

A Name Error occurs in pytorch v2.7.0 when a PyTorch model consists of torch.cummin and is compiled by Inductor, leading to a Denial of Service (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Pytorch AI / ML Red Hat Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-55556 MEDIUM POC This Week

TensorFlow v2.18.0 was discovered to output random results when compiling Embedding, leading to unexpected behavior in the application. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Tensorflow AI / ML Red Hat
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-55554 PyPI MEDIUM PATCH This Month

pytorch v2.8.0 was discovered to contain an integer overflow in the component torch.nan_to_num-.long(). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Integer Overflow Pytorch AI / ML Red Hat +1
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-55553 PyPI HIGH PATCH This Week

A syntax error in the component proxy_tensor.py of pytorch v2.7.0 allows attackers to cause a Denial of Service (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Pytorch AI / ML Red Hat Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-55552 PyPI HIGH PATCH This Month

pytorch v2.8.0 was discovered to display unexpected behavior when the components torch.rot90 and torch.randn_like are used together. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Integer Overflow Pytorch AI / ML Red Hat +1
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-55551 PyPI HIGH PATCH This Month

An issue in the component torch.linalg.lu of pytorch v2.8.0 allows attackers to cause a Denial of Service (DoS) when performing a slice operation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Pytorch AI / ML Red Hat
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-46153 PyPI MEDIUM PATCH This Month

PyTorch before 3.7.0 has a bernoulli_p decompose function in decompositions.py even though it lacks full consistency with the eager CPU implementation, negatively affecting nn.Dropout1d,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Pytorch AI / ML Red Hat Suse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-46152 PyPI MEDIUM PATCH This Month

In PyTorch before 2.7.0, bitwise_right_shift produces incorrect output for certain out-of-bounds values of the "other" argument. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Pytorch AI / ML Red Hat
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-46150 PyPI MEDIUM PATCH This Month

In PyTorch before 2.7.0, when torch.compile is used, FractionalMaxPool2d has inconsistent results. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Pytorch AI / ML Red Hat Suse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-46149 PyPI MEDIUM PATCH This Month

In PyTorch before 2.7.0, when inductor is used, nn.Fold has an assertion error. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Pytorch AI / ML Red Hat Suse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-46148 PyPI MEDIUM PATCH This Month

In PyTorch through 2.6.0, when eager is used, nn.PairwiseDistance(p=2) produces incorrect results. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Pytorch AI / ML Red Hat Suse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-10155 PyPI CRITICAL POC PATCH GHSA Act Now

An Improper Input Validation vulnerability in the scanning logic of mmaitre314 picklescan versions up to and including 0.0.30 allows a remote attacker to bypass pickle files security checks by. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Picklescan Pytorch AI / ML
NVD GitHub
CVSS 4.0
9.3
EPSS
0.0%
CVE-2025-58177 npm MEDIUM PATCH This Month

n8n is an open source workflow automation platform. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Information Disclosure XSS N8n Langchain AI / ML
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-6051 PyPI MEDIUM POC PATCH This Month

A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically within the `normalize_numbers()` method of the `EnglishNormalizer`. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Transformers Hugging Face AI / ML Red Hat
NVD GitHub
CVSS 3.0
5.3
EPSS
0.0%
CVE-2025-9556 CRITICAL This Week

Langchaingo supports the use of jinja2 syntax when parsing prompts, which is in turn parsed using the gonja library v1.5.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Langchain AI / ML
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-6638 PyPI HIGH POC PATCH This Month

A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically affecting the MarianTokenizer's `remove_language_code()` method. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Transformers Hugging Face AI / ML Red Hat
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-6984 PyPI HIGH POC PATCH This Week

The langchain-ai/langchain project, specifically the EverNoteLoader component, is vulnerable to XML External Entity (XXE) attacks due to insecure XML parsing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Information Disclosure Langchain AI / ML Red Hat
NVD
CVSS 3.0
7.5
EPSS
1.9%
CVE-2025-44779 LIB MEDIUM PATCH This Month

An issue in Ollama v0.1.33 allows attackers to delete arbitrary files via sending a crafted packet to the endpoint /api/pull. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ollama AI / ML Suse
NVD GitHub
CVSS 3.1
6.6
EPSS
0.0%
CVE-2025-5197 PyPI MEDIUM POC PATCH This Month

A Regular Expression Denial of Service (ReDoS) vulnerability exists in the Hugging Face Transformers library, specifically in the `convert_tf_weight_name_to_pt_weight_name()` function. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Transformers Tensorflow AI / ML Pytorch +3
NVD GitHub
CVSS 3.0
5.3
EPSS
0.0%
CVE-2025-3933 PyPI MEDIUM POC PATCH This Month

A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically within the DonutProcessor class's `token2json()` method. This vulnerability affects versions 4.50.3 and earlier, and is fixed in version 4.52.1. The issue arises from the regex pattern `<s_(.*?)>` which can be exploited to cause excessive CPU consumption through crafted input strings due to catastrophic backtracking. This vulnerability can lead to service disruption, resource exhaustion, and potential API service vulnerabilities, impacting document processing tasks using the Donut model.

Denial Of Service Transformers Hugging Face AI / ML Red Hat
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-3777 PyPI LOW POC PATCH Monitor

Hugging Face Transformers versions up to 4.49.0 are affected by an improper input validation vulnerability in the `image_utils.py` file. The vulnerability arises from insecure URL validation using the `startswith()` method, which can be bypassed through URL username injection. This allows attackers to craft URLs that appear to be from YouTube but resolve to malicious domains, potentially leading to phishing attacks, malware distribution, or data exfiltration. The issue is fixed in version 4.52.1.

Authentication Bypass Hugging Face AI / ML
NVD GitHub
CVSS 3.0
3.5
EPSS
0.0%
CVE-2025-3264 PyPI MEDIUM POC PATCH This Month

A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically in the `get_imports()` function within `dynamic_module_utils.py`. This vulnerability affects versions 4.49.0 and is fixed in version 4.51.0. The issue arises from a regular expression pattern `\s*try\s*:.*?except.*?:` used to filter out try/except blocks from Python code, which can be exploited to cause excessive CPU consumption through crafted input strings due to catastrophic backtracking. This vulnerability can lead to remote code loading disruption, resource exhaustion in model serving, supply chain attack vectors, and development pipeline disruption.

Python Denial Of Service Transformers Hugging Face AI / ML +1
NVD GitHub
CVSS 3.0
5.3
EPSS
0.0%
CVE-2025-3263 PyPI MEDIUM POC PATCH This Month

A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically in the `get_configuration_file()` function within the `transformers.configuration_utils` module. The affected version is 4.49.0, and the issue is resolved in version 4.51.0. The vulnerability arises from the use of a regular expression pattern `config\.(.*)\.json` that can be exploited to cause excessive CPU consumption through crafted input strings, leading to catastrophic backtracking. This can result in model serving disruption, resource exhaustion, and increased latency in applications using the library.

Denial Of Service Transformers Hugging Face AI / ML Red Hat
NVD GitHub
CVSS 3.0
5.3
EPSS
0.0%
CVE-2025-2828 PyPI CRITICAL POC PATCH Act Now

A remote code execution vulnerability in langchain-ai/langchain (CVSS 10.0). Risk factors: public PoC available. Vendor patch is available.

Microsoft SSRF Langchain Red Hat AI / ML
NVD GitHub
CVSS 3.1
10.0
EPSS
0.1%
CVE-2025-52967 PyPI MEDIUM PATCH This Month

gateway_proxy_handler in MLflow before 3.1.0 lacks gateway_path validation.

SSRF Mlflow AI / ML
NVD GitHub
CVSS 3.1
5.8
EPSS
0.1%
CVE-2025-47277 PyPI CRITICAL POC PATCH Act Now

vLLM, an inference and serving engine for large language models (LLMs), has an issue in versions 0.6.5 through 0.8.4 that ONLY impacts environments using the `PyNcclPipe` KV cache transfer. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Deserialization Vllm Pytorch AI / ML Red Hat
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2025-1975 LIB HIGH POC PATCH GHSA This Week

A vulnerability in the Ollama server version 0.5.11 allows a malicious user to cause a Denial of Service (DoS) attack by customizing the manifest content and spoofing a service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Ollama AI / ML Red Hat Suse
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2025-0649 HIGH PATCH This Week

Incorrect JSON input stringification in Google's Tensorflow serving versions up to 2.18.0 allows for potentially unbounded recursion leading to server crash. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Buffer Overflow Stack Overflow Tensorflow Serving Tensorflow +1
NVD GitHub
CVSS 4.0
8.9
EPSS
0.1%
CVE-2025-4287 MEDIUM This Month

A vulnerability was found in PyTorch 2.6.0+cu124. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Pytorch AI / ML Suse
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-29446 LOW POC Monitor

open-webui v0.5.16 is vulnerable to SSRF in routers/ollama.py in function verify_connection. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

SSRF Open Webui Ollama AI / ML
NVD GitHub VulDB
CVSS 3.1
3.3
EPSS
0.1%
CVE-2025-32434 PyPI CRITICAL POC PATCH Act Now

PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Deserialization Pytorch AI / ML
NVD GitHub
CVSS 4.0
9.3
EPSS
1.2%
CVE-2025-3730 PyPI MEDIUM POC PATCH This Month

A vulnerability, which was classified as problematic, was found in PyTorch 2.6.0. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Pytorch AI / ML
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-3136 PyPI MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0.cuda.memory.caching_allocator_delete of the file c10/cuda/CUDACachingAllocator.cpp. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Pytorch AI / ML Suse
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-3121 PyPI MEDIUM POC This Month

A vulnerability classified as problematic has been found in PyTorch 2.6.0. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Pytorch AI / ML Suse
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-3001 PyPI MEDIUM PATCH This Month

A vulnerability classified as critical was found in PyTorch 2.6.0. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Pytorch AI / ML Suse
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.2%
CVE-2025-3000 PyPI MEDIUM This Month

A vulnerability classified as critical has been found in PyTorch 2.6.0. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Pytorch AI / ML Suse
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-2999 PyPI MEDIUM PATCH This Month

A vulnerability was found in PyTorch 2.6.0. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Pytorch AI / ML Suse
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-2998 PyPI MEDIUM This Month

A vulnerability was found in PyTorch 2.6.0. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Pytorch AI / ML Suse
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-2953 PyPI MEDIUM POC PATCH This Month

A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0+cu124. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Pytorch AI / ML Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.2%
CVE-2025-1474 PyPI MEDIUM POC PATCH This Month

In mlflow/mlflow version 2.18, an admin is able to create a new user account without setting a password. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Brute Force Authentication Bypass Mlflow AI / ML
NVD GitHub
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-1473 PyPI HIGH POC PATCH This Month

A Cross-Site Request Forgery (CSRF) vulnerability exists in the Signup feature of mlflow/mlflow versions 2.17.0 to 2.20.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Mlflow AI / ML
NVD GitHub
CVSS 3.1
7.1
EPSS
0.1%
EPSS 0% CVSS 4.3
MEDIUM This Month

The All in One SEO - Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the `/aioseo/v1/ai/credits` REST route in all versions up to, and including, 4.9.2. [CVSS 4.3 MEDIUM]

WordPress AI / ML PHP
NVD
EPSS 0% CVSS 6.1
MEDIUM POC This Month

SparkyFitness v0.15.8.2 is vulnerable to Cross Site Scripting (XSS) via user input and LLM output. [CVSS 6.1 MEDIUM]

XSS AI / ML Sparkyfitness
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

Cursor AI code editor before 2.3 allows prompt injection to bypass the Agent's Allowlist mode. Shell built-ins can execute without appearing in the allowlist, enabling environment poisoning and arbitrary command execution.

Code Injection AI / ML Cursor
NVD GitHub
EPSS 0% CVSS 4.2
MEDIUM PATCH This Month

Chainlit versions up to 2.8.5 is affected by authorization bypass through user-controlled key (CVSS 4.2).

Authentication Bypass AI / ML
NVD GitHub
EPSS 0% CVSS 10.0
CRITICAL POC PATCH Act Now

enclave-vm JavaScript sandbox (before 2.7.0) has a critical sandbox escape. When a tool invocation fails, a host-side Error object is exposed to sandboxed code, which can use its prototype chain to access the host Node.js runtime. Maximum CVSS 10.0 with scope change. PoC available, patch available.

Node.js AI / ML Enclave
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

GuardDog security scanner before 2.7.1 has a path traversal in safe_extract() that allows malicious PyPI packages to write files outside the extraction directory. Ironic vulnerability in a tool designed to detect malicious packages. Patch available.

RCE Path Traversal AI / ML +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

GuardDog versions prior to 2.7.1 fail to validate decompressed file sizes when extracting Python package archives, enabling denial of service attacks through zip bomb payloads that can consume gigabytes of disk space from minimal compressed data. Public exploit code exists for this vulnerability, affecting users who rely on GuardDog to scan PyPI packages for malicious content. Upgrade to version 2.7.1 or later to remediate this flaw.

Denial Of Service AI / ML Guarddog
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC PATCH Act Now

Eigent multi-agent workflow CI pipeline (ci.yml) uses pull_request_target with checkout of untrusted PR code, enabling arbitrary code execution with repository write permissions from fork PRs. PoC available, patch available.

Github AI / ML Eigent
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM POC PATCH This Month

OpenCode's markdown renderer fails to sanitize HTML input in LLM responses, allowing attackers who control the chat output to inject arbitrary JavaScript that executes in the localhost:4096 origin without Content Security Policy protections. Public exploit code exists for this cross-site scripting vulnerability, affecting users of the AI coding agent through versions prior to 1.1.10. An attacker can achieve session compromise or local code execution by manipulating LLM responses to inject malicious scripts.

XSS AI / ML Opencode
NVD GitHub
EPSS 3% CVSS 8.8
HIGH POC PATCH This Week

Opencode versions up to 1.0.216 is affected by missing authentication for critical function (CVSS 8.8).

Authentication Bypass RCE AI / ML +1
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

ServiceNow AI Platform has a user impersonation vulnerability allowing unauthenticated attackers to impersonate any user and perform their authorized actions. ServiceNow has deployed patches to hosted instances and self-hosted updates are available.

Privilege Escalation AI / ML Virtual Agent Api +1
NVD
EPSS 0% CVSS 9.1
CRITICAL POC PATCH Act Now

LibreChat before v0.8.2-rc2 allows any authenticated user to execute shell commands as root inside the container through the MCP stdio transport. A single API request is sufficient for root code execution. PoC available, patch available.

Authentication Bypass AI / ML Librechat
NVD GitHub
EPSS 0% CVSS 8.1
HIGH POC PATCH This Week

MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 25.11.1, an unauthenticated path traversal in the file upload API lets any caller read arbitrary files from the server filesystem and move them into MindsDB’s storage, exposing sensitive data. [CVSS 8.1 HIGH]

Path Traversal AI / ML Mindsdb
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

Vllm versions up to 0.12.0 is affected by allocation of resources without limits or throttling (CVSS 6.5).

Denial Of Service AI / ML Vllm +1
NVD GitHub
EPSS 0% CVSS 9.9
CRITICAL POC PATCH Act Now

WeKnora LLM framework (before 0.2.5) allows authenticated users to inject MCP stdio commands that the server executes as subprocesses. PoC available, patch available.

Command Injection AI / ML Weknora +1
NVD GitHub
EPSS 0% CVSS 5.6
MEDIUM POC PATCH This Month

WeKnora versions before 0.2.5 allow unauthenticated attackers to bypass database query restrictions through prompt injection techniques when the Agent service is enabled, enabling unauthorized access to sensitive data. Public exploit code exists for this vulnerability, which affects the framework's document understanding and semantic retrieval capabilities. A patch is available in version 0.2.5 and later.

SQLi AI / ML Weknora +1
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Fickling versions prior to 0.1.7 fail to properly detect malicious pickle payloads due to inadequate handling of the "builtins" module, allowing attackers to bypass security analysis and potentially execute arbitrary code. This vulnerability affects Python environments using vulnerable versions of Fickling for pickle inspection and static analysis. An attacker can craft specially designed pickle files that evade detection mechanisms, compromising the integrity of pickle validation workflows.

Python AI / ML Fickling
NVD GitHub
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

Fickling's static analyzer before version 0.1.7 fails to detect several dangerous Python modules in pickled objects, enabling attackers to craft malicious pickles that bypass safety checks and achieve arbitrary code execution. This vulnerability affects users relying on Fickling to validate untrusted serialized Python objects for safety. Public exploit code exists for this HIGH severity vulnerability, though a patch is available in version 0.1.7 and later.

Python Deserialization AI / ML +1
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Fickling before version 0.1.7 allows local attackers to achieve arbitrary code execution through Python pickle deserialization by chaining unblocked ctypes and pydoc modules, bypassing the tool's safety scanner which incorrectly reports malicious files as LIKELY_SAFE. An attacker with user interaction can exploit this vulnerability to execute code with the privileges of the Python process. A patch is available in version 0.1.7 and later.

Python RCE Deserialization +2
NVD GitHub
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

Fickling's static analyzer through version 0.1.6 fails to properly classify the cProfile module as unsafe during pickle analysis, causing malicious pickles leveraging cProfile.run() to be marked as SUSPICIOUS rather than OVERTLY_MALICIOUS. Organizations using Fickling as a security gate for deserialization decisions may be deceived into executing attacker-controlled code. Public exploit code exists for this vulnerability, and patches are available in version 0.1.7 and later.

Python Deserialization AI / ML +1
NVD GitHub
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

Fickling's incomplete pickle analysis allows attackers to bypass security checks by using Python's runpy module to execute arbitrary code. Versions through 0.1.6 misclassify dangerous runpy-based payloads as merely suspicious rather than malicious, enabling code execution on systems that rely on Fickling to validate pickle safety. Public exploit code exists for this vulnerability, though a patch is available in version 0.1.7.

Python Deserialization AI / ML +1
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

GitLab has remediated an issue in GitLab EE affecting all versions from 18.5 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to modify instance-wide AI feature provider settings by exploiting missing authorization checks in GraphQL mutations. [CVSS 6.5 MEDIUM]

Gitlab AI / ML
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

The BetterDocs plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.3 via the scripts() function. [CVSS 6.5 MEDIUM]

WordPress Information Disclosure AI / ML +1
NVD
EPSS 0% CVSS 8.8
HIGH POC This Week

Llama.cpp server endpoints fail to validate the n_discard parameter from JSON input, allowing negative values that trigger out-of-bounds memory writes when the context buffer fills. This memory corruption vulnerability affects LLM inference operations and can be exploited remotely without authentication to crash the service or achieve code execution; public exploit code exists and no patch is currently available.

RCE Memory Corruption Denial Of Service +4
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM POC PATCH This Month

MONAI versions up to 1.5.1 contain a path traversal vulnerability in the `_download_from_ngc_private()` function that fails to validate extracted archive contents, allowing attackers to write files outside the intended directory during package extraction. An attacker with user interaction can exploit this via a malicious ZIP file to overwrite arbitrary files on the system. Public exploit code exists for this vulnerability, and a patch is available in commit 4014c8475626f20f158921ae0cf98ed259ae4d59.

Path Traversal AI / ML Monai
NVD GitHub
EPSS 0% CVSS 9.1
CRITICAL POC PATCH Act Now

LibreChat 0.8.1-rc2 has SSRF in the Actions feature that allows authenticated users to make the server perform requests to internal networks. By configuring agents with malicious OpenAPI specifications, attackers can scan internal infrastructure and access internal services. PoC available, patch available.

Docker SSRF AI / ML +1
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM POC PATCH This Month

LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 does not enforce proper access control when querying agent permissions. [CVSS 4.3 MEDIUM]

Authentication Bypass AI / ML Librechat
NVD GitHub
EPSS 0% CVSS 7.1
HIGH POC PATCH This Week

LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 does not enforce proper access control for file uploads to an agents file context and file search. [CVSS 7.1 HIGH]

Authentication Bypass AI / ML Librechat
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC This Week

Filesystem-Mcp versions up to 0.5.8 contains a vulnerability that allows attackers to bypass directory restrictions by leveraging symlinks within the allowed director (CVSS 7.5).

Path Traversal AI / ML Filesystem Mcp
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC This Week

fast-filesystem-mcp version 3.4.0 contains a critical path traversal vulnerability in its file operation tools including fast_read_file. This vulnerability arises from improper path validation that fails to resolve symbolic links to their actual physical paths. [CVSS 7.5 HIGH]

Path Traversal AI / ML Fast Filesystem Mcp
NVD GitHub
EPSS 0% CVSS 4.9
MEDIUM This Month

Hcl Devops Deploy versions up to 8.1.2.3 is affected by insufficiently protected credentials (CVSS 4.9).

Authentication Bypass AI / ML Hcl Devops Deploy
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

The Fluent Forms - Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.1.7. This is due to missing capability checks on the `fluentform_ai_create_form` AJAX action. [CVSS 5.3 MEDIUM]

WordPress AI / ML PHP
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

The Xagio SEO - AI Powered SEO plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.1.0.30 via the 'pixabayDownloadImage' function. [CVSS 6.4 MEDIUM]

WordPress SSRF AI / ML +1
NVD
EPSS 0% CVSS 6.5
MEDIUM POC This Month

Dify is an open-source LLM app development platform. Prior to version 1.11.0, the API key is exposed in plaintext to the frontend, allowing non-administrator users to view and reuse it. [CVSS 6.5 MEDIUM]

Authentication Bypass Information Disclosure AI / ML +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

An issue in ComfyUI-Manager prior to version 3.38 allowed remote attackers to potentially manipulate its configuration and critical data. This was due to the application storing its files in an insufficiently protected location that was accessible via the web interface [CVSS 7.5 HIGH]

Information Disclosure AI / ML Comfyui Manager
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH This Week

QOCA aim AI Medical Cloud Platform developed by Quanta Computer has an Arbitrary File Upload vulnerability, allowing authenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server. [CVSS 8.8 HIGH]

File Upload RCE AI / ML +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents. [CVSS 6.5 MEDIUM]

SQLi AI / ML Qoca Aim
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents. [CVSS 6.5 MEDIUM]

SQLi AI / ML Qoca Aim
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a Path Traversal vulnerability, allowing authenticated remote attackers to read folder names under the specified path by exploiting an Absolute Path Traversal vulnerability. [CVSS 4.3 MEDIUM]

Path Traversal AI / ML Qoca Aim
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a Path Traversal vulnerability, allowing authenticated remote attackers to read folder names under the specified path by exploiting an Absolute Path Traversal vulnerability. [CVSS 4.3 MEDIUM]

Path Traversal AI / ML Qoca Aim
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a Missing Authorization vulnerability, allowing authenticated remote attackers to modify specific network packet parameters, enabling certain system functions to access other users' files. [CVSS 6.5 MEDIUM]

Authentication Bypass AI / ML Qoca Aim
NVD
EPSS 0% CVSS 5.3
MEDIUM POC PATCH This Month

AnythingLLM's password recovery endpoint leaks information about valid usernames through differential error messages, enabling account enumeration attacks. Public exploit code exists for this low-complexity network vulnerability that requires no authentication. The issue has been patched as of commit e287fab56089cf8fcea9ba579a3ecdeca0daa313.

Information Disclosure AI / ML Anythingllm
NVD GitHub
EPSS 0% CVSS 9.1
CRITICAL POC PATCH Act Now

Langflow before 1.7.0.dev45 exposes multiple API endpoints without authentication, allowing unauthenticated access to user conversations, transaction data, and message deletion. Critical for AI workflow platforms that handle sensitive prompt data.

Authentication Bypass AI / ML Langflow
NVD GitHub
EPSS 0% CVSS 9.6
CRITICAL POC PATCH Act Now

A critical command injection vulnerability exists in the Cybersecurity AI (CAI) framework versions 0.5.9 and below, allowing attackers to execute arbitrary commands through unsanitized SSH parameters (username, host, port) in the run_ssh_command_with_credentials() function accessible to AI agents. The vulnerability has a publicly available proof-of-concept exploit and enables remote code execution with potential for complete system compromise, though real-world exploitation probability remains relatively low at 0.12% EPSS score despite the high CVSS rating of 9.6.

Command Injection SSH AI / ML +2
NVD GitHub VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Month

LangChain is a framework for building agents and LLM-powered applications. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Python Ssti +3
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Month

vLLM is an inference and serving engine for large language models (LLMs). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow RCE Vllm +3
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

An issue in pytorch v2.7.0 can lead to a Denial of Service (DoS) when a PyTorch model consists of torch.Tensor.to_sparse() and torch.Tensor.to_dense() and is compiled by Inductor. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Pytorch AI / ML +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC This Month

An issue was discovered TensorFlow v2.18.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Tensorflow AI / ML +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

A buffer overflow occurs in pytorch v2.7.0 when a PyTorch model consists of torch.nn.Conv2d, torch.nn.functional.hardshrink, and torch.Tensor.view-torch.mv() and is compiled by Inductor, leading to a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Buffer Overflow Pytorch +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

A Name Error occurs in pytorch v2.7.0 when a PyTorch model consists of torch.cummin and is compiled by Inductor, leading to a Denial of Service (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Pytorch AI / ML +2
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC This Week

TensorFlow v2.18.0 was discovered to output random results when compiling Embedding, leading to unexpected behavior in the application. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Tensorflow AI / ML +1
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

pytorch v2.8.0 was discovered to contain an integer overflow in the component torch.nan_to_num-.long(). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Integer Overflow Pytorch +3
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

A syntax error in the component proxy_tensor.py of pytorch v2.7.0 allows attackers to cause a Denial of Service (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Pytorch AI / ML +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Month

pytorch v2.8.0 was discovered to display unexpected behavior when the components torch.rot90 and torch.randn_like are used together. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Integer Overflow Pytorch +3
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Month

An issue in the component torch.linalg.lu of pytorch v2.8.0 allows attackers to cause a Denial of Service (DoS) when performing a slice operation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Pytorch AI / ML +1
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

PyTorch before 3.7.0 has a bernoulli_p decompose function in decompositions.py even though it lacks full consistency with the eager CPU implementation, negatively affecting nn.Dropout1d,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Pytorch AI / ML +2
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

In PyTorch before 2.7.0, bitwise_right_shift produces incorrect output for certain out-of-bounds values of the "other" argument. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Pytorch +2
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

In PyTorch before 2.7.0, when torch.compile is used, FractionalMaxPool2d has inconsistent results. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Pytorch AI / ML +2
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

In PyTorch before 2.7.0, when inductor is used, nn.Fold has an assertion error. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Pytorch AI / ML +2
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

In PyTorch through 2.6.0, when eager is used, nn.PairwiseDistance(p=2) produces incorrect results. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Pytorch AI / ML +2
NVD GitHub
EPSS 0% CVSS 9.3
CRITICAL POC PATCH Act Now

An Improper Input Validation vulnerability in the scanning logic of mmaitre314 picklescan versions up to and including 0.0.30 allows a remote attacker to bypass pickle files security checks by. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Picklescan Pytorch +1
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

n8n is an open source workflow automation platform. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Information Disclosure XSS N8n +2
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM POC PATCH This Month

A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically within the `normalize_numbers()` method of the `EnglishNormalizer`. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Transformers Hugging Face +2
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL This Week

Langchaingo supports the use of jinja2 syntax when parsing prompts, which is in turn parsed using the gonja library v1.5.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Langchain AI / ML
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC PATCH This Month

A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically affecting the MarianTokenizer's `remove_language_code()` method. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Transformers Hugging Face +2
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

The langchain-ai/langchain project, specifically the EverNoteLoader component, is vulnerable to XML External Entity (XXE) attacks due to insecure XML parsing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Information Disclosure Langchain +2
NVD
EPSS 0% CVSS 6.6
MEDIUM PATCH This Month

An issue in Ollama v0.1.33 allows attackers to delete arbitrary files via sending a crafted packet to the endpoint /api/pull. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ollama AI / ML +1
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM POC PATCH This Month

A Regular Expression Denial of Service (ReDoS) vulnerability exists in the Hugging Face Transformers library, specifically in the `convert_tf_weight_name_to_pt_weight_name()` function. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Transformers Tensorflow +5
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM POC PATCH This Month

A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically within the DonutProcessor class's `token2json()` method. This vulnerability affects versions 4.50.3 and earlier, and is fixed in version 4.52.1. The issue arises from the regex pattern `<s_(.*?)>` which can be exploited to cause excessive CPU consumption through crafted input strings due to catastrophic backtracking. This vulnerability can lead to service disruption, resource exhaustion, and potential API service vulnerabilities, impacting document processing tasks using the Donut model.

Denial Of Service Transformers Hugging Face +2
NVD GitHub
EPSS 0% CVSS 3.5
LOW POC PATCH Monitor

Hugging Face Transformers versions up to 4.49.0 are affected by an improper input validation vulnerability in the `image_utils.py` file. The vulnerability arises from insecure URL validation using the `startswith()` method, which can be bypassed through URL username injection. This allows attackers to craft URLs that appear to be from YouTube but resolve to malicious domains, potentially leading to phishing attacks, malware distribution, or data exfiltration. The issue is fixed in version 4.52.1.

Authentication Bypass Hugging Face AI / ML
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM POC PATCH This Month

A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically in the `get_imports()` function within `dynamic_module_utils.py`. This vulnerability affects versions 4.49.0 and is fixed in version 4.51.0. The issue arises from a regular expression pattern `\s*try\s*:.*?except.*?:` used to filter out try/except blocks from Python code, which can be exploited to cause excessive CPU consumption through crafted input strings due to catastrophic backtracking. This vulnerability can lead to remote code loading disruption, resource exhaustion in model serving, supply chain attack vectors, and development pipeline disruption.

Python Denial Of Service Transformers +3
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM POC PATCH This Month

A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically in the `get_configuration_file()` function within the `transformers.configuration_utils` module. The affected version is 4.49.0, and the issue is resolved in version 4.51.0. The vulnerability arises from the use of a regular expression pattern `config\.(.*)\.json` that can be exploited to cause excessive CPU consumption through crafted input strings, leading to catastrophic backtracking. This can result in model serving disruption, resource exhaustion, and increased latency in applications using the library.

Denial Of Service Transformers Hugging Face +2
NVD GitHub
EPSS 0% CVSS 10.0
CRITICAL POC PATCH Act Now

A remote code execution vulnerability in langchain-ai/langchain (CVSS 10.0). Risk factors: public PoC available. Vendor patch is available.

Microsoft SSRF Langchain +2
NVD GitHub
EPSS 0% CVSS 5.8
MEDIUM PATCH This Month

gateway_proxy_handler in MLflow before 3.1.0 lacks gateway_path validation.

SSRF Mlflow AI / ML
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

vLLM, an inference and serving engine for large language models (LLMs), has an issue in versions 0.6.5 through 0.8.4 that ONLY impacts environments using the `PyNcclPipe` KV cache transfer. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Deserialization Vllm Pytorch +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

A vulnerability in the Ollama server version 0.5.11 allows a malicious user to cause a Denial of Service (DoS) attack by customizing the manifest content and spoofing a service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Ollama AI / ML +2
NVD
EPSS 0% CVSS 8.9
HIGH PATCH This Week

Incorrect JSON input stringification in Google's Tensorflow serving versions up to 2.18.0 allows for potentially unbounded recursion leading to server crash. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Buffer Overflow Stack Overflow +3
NVD GitHub
EPSS 0% CVSS 4.8
MEDIUM This Month

A vulnerability was found in PyTorch 2.6.0+cu124. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Pytorch AI / ML +1
NVD GitHub VulDB
EPSS 0% CVSS 3.3
LOW POC Monitor

open-webui v0.5.16 is vulnerable to SSRF in routers/ollama.py in function verify_connection. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

SSRF Open Webui Ollama +1
NVD GitHub VulDB
EPSS 1% CVSS 9.3
CRITICAL POC PATCH Act Now

PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Deserialization Pytorch +1
NVD GitHub
EPSS 0% CVSS 4.8
MEDIUM POC PATCH This Month

A vulnerability, which was classified as problematic, was found in PyTorch 2.6.0. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Pytorch AI / ML
NVD GitHub VulDB
EPSS 0% CVSS 4.8
MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0.cuda.memory.caching_allocator_delete of the file c10/cuda/CUDACachingAllocator.cpp. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Pytorch AI / ML +1
NVD GitHub VulDB
EPSS 0% CVSS 4.8
MEDIUM POC This Month

A vulnerability classified as problematic has been found in PyTorch 2.6.0. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Pytorch AI / ML +1
NVD GitHub VulDB
EPSS 0% CVSS 4.8
MEDIUM PATCH This Month

A vulnerability classified as critical was found in PyTorch 2.6.0. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Pytorch AI / ML +1
NVD GitHub VulDB
EPSS 0% CVSS 4.8
MEDIUM This Month

A vulnerability classified as critical has been found in PyTorch 2.6.0. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Pytorch AI / ML +1
NVD GitHub VulDB
EPSS 0% CVSS 4.8
MEDIUM PATCH This Month

A vulnerability was found in PyTorch 2.6.0. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Pytorch AI / ML +1
NVD GitHub VulDB
EPSS 0% CVSS 4.8
MEDIUM This Month

A vulnerability was found in PyTorch 2.6.0. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Pytorch AI / ML +1
NVD GitHub VulDB
EPSS 0% CVSS 4.8
MEDIUM POC PATCH This Month

A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0+cu124. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Pytorch AI / ML +2
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

In mlflow/mlflow version 2.18, an admin is able to create a new user account without setting a password. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Brute Force Authentication Bypass Mlflow +1
NVD GitHub
EPSS 0% CVSS 7.1
HIGH POC PATCH This Month

A Cross-Site Request Forgery (CSRF) vulnerability exists in the Signup feature of mlflow/mlflow versions 2.17.0 to 2.20.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Mlflow AI / ML
NVD GitHub
Prev Page 4 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy