This archive includes all published incident pages. Page 14 of 18.
Each page is intended to help a security team answer three questions quickly: why the issue is AI-relevant, what part of the workflow may be exposed, and what actions should happen first.
Selection criteria and correction policy are documented in Methodology & Editorial Policy.
Incident date: February 17, 2026 | Published: February 25, 2026
Impact Indico makes outgoing requests to user-provides URLs in various places. This is mostly intentional and part of Indico's functionality, but of course it is never intended to let you access "special" targets such as localhost or...
Incident date: February 17, 2026 | Published: February 25, 2026
Security Advisory:Unauthenticated File Upload in Gogs Vulnerability Type: Unauthenticated File Upload Date: Aug 5, 2025 Discoverer: OpenAI Security Research ## Summary Gogs exposes unauthenticated file upload endpoints by default.
Incident date: February 17, 2026 | Published: February 25, 2026
Summary An access control bypass vulnerability in Gogs web interface allows any repository collaborator with Write permissions to delete protected branches (including the default branch) by sending a direct POST request, completely...
Incident date: February 17, 2026 | Published: February 25, 2026
**Summary** A broken access control vulnerability in Gogs allows authenticated users with write access to any repository to modify labels belonging to other repositories. The UpdateLabel function in the Web UI ( internal/route/repo/issue.
Incident date: February 13, 2026 | Published: February 14, 2026
Summary A Critical Broken Authentication vulnerability exists in Known 1.6.2. The application leaks the password reset token within a hidden HTML input field on the password reset page.
Incident date: February 13, 2026 | Published: February 14, 2026
Summary A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the AI Playground's OAuth callback handler.
Incident date: February 13, 2026 | Published: February 25, 2026
Impact A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks...
Incident date: February 13, 2026 | Published: February 14, 2026
Cursor is a code editor built for programming with AI. Sandbox escape via writing .git configuration was possible in versions prior to 2.5. A malicious agent (ie prompt injection) could write to improperly protected .
Incident date: February 13, 2026 | Published: February 25, 2026
Summary A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the AI Playground's OAuth callback handler.
Incident date: February 13, 2026 | Published: February 25, 2026
BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) - BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)contain an OS command injection vulnerability.