This archive includes all published incident pages. Page 13 of 16.
Each page is intended to help a security team answer three questions quickly: why the issue is AI-relevant, what part of the workflow may be exposed, and what actions should happen first.
Selection criteria and correction policy are documented in Methodology & Editorial Policy.
Incident date: February 13, 2026 | Published: February 14, 2026
Summary A Critical Broken Authentication vulnerability exists in Known 1.6.2. The application leaks the password reset token within a hidden HTML input field on the password reset page.
Incident date: February 13, 2026 | Published: February 14, 2026
Summary A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the AI Playground's OAuth callback handler.
Incident date: February 13, 2026 | Published: February 25, 2026
Impact A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks...
Incident date: February 13, 2026 | Published: February 14, 2026
Cursor is a code editor built for programming with AI. Sandbox escape via writing .git configuration was possible in versions prior to 2.5. A malicious agent (ie prompt injection) could write to improperly protected .
Incident date: February 13, 2026 | Published: February 25, 2026
Summary A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the AI Playground's OAuth callback handler.
Incident date: February 13, 2026 | Published: February 25, 2026
BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) - BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)contain an OS command injection vulnerability.
Incident date: February 12, 2026 | Published: February 25, 2026
Description MagicLink stores serialized action objects in the magic_links.action database column and deserializes them without integrity validation or class allowlisting in [src/MagicLink.php](src/MagicLink.
Incident date: February 12, 2026 | Published: February 25, 2026
Arbitrary WASM Code Execution via AnnotationOverrideFlight Injection in Yoke ATC This vulnerability exists in the Air Traffic Controller (ATC) component of Yoke, a Kubernetes deployment tool.
Incident date: February 12, 2026 | Published: February 25, 2026
Unauthenticated Admission Webhook Endpoints in Yoke ATC This vulnerability exists in the Air Traffic Controller (ATC) component of Yoke, a Kubernetes deployment tool.
Incident date: February 12, 2026 | Published: February 25, 2026
A vulnerability in CediPay allows attackers to bypass input validation in the transaction API. Affected users: All deployments running versions prior to the patched release.