This archive includes all published incident pages. Page 14 of 16.
Each page is intended to help a security team answer three questions quickly: why the issue is AI-relevant, what part of the workflow may be exposed, and what actions should happen first.
Selection criteria and correction policy are documented in Methodology & Editorial Policy.
Incident date: February 12, 2026 | Published: February 25, 2026
Summary The arrayLimit option in qs does not enforce limits for comma-separated values when comma: true is enabled, allowing attackers to cause denial-of-service via memory exhaustion.
Incident date: February 12, 2026 | Published: February 25, 2026
Impact It's possible using comments to inject CSS that would transform the full wiki in a link area leading to a malicious page. All versions of XWiki are impacted by this kind of attack.
Incident date: February 12, 2026 | Published: February 25, 2026
Summary FrankenPHP’s CGI path splitting logic improperly handles Unicode characters during case conversion. The logic computes the split index (for finding .
Incident date: February 12, 2026 | Published: February 25, 2026
Summary An attacker can cause unbounded memory consumption repeatedly creating and closing many WebTransport streams. Closed streams were not removed from an internal session map, preventing garbage collection of their resources.
Incident date: February 12, 2026 | Published: February 25, 2026
Summary An attacker can cause excessive memory consumption in webtransport-go's session implementation by sending a WT_CLOSE_SESSION capsule containing an excessively large Application Error Message.
Incident date: February 12, 2026 | Published: February 25, 2026
Notepad++ Notepad++ - Notepad++ when using the WinGUp updater, contains a download of code without integrity check vulnerability that could allow an attacker to intercept or redirect update traffic to download and execute an...
Incident date: February 10, 2026 | Published: February 25, 2026
Overview A prototype pollution vulnerability present in CASL Ability versions 2.4.0 through 6.7.4 is triggered through the rulesToFields() function in the extra module.
Incident date: February 5, 2026 | Published: February 14, 2026
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.32, there is a DoS vulnerability in ReadRSSFeedBlock.
Incident date: February 5, 2026 | Published: February 25, 2026
SmarterTools SmarterMail - SmarterTools SmarterMail contains a missing authentication for critical function vulnerability in the ConnectToHub API method.
Incident date: January 26, 2026 | Published: February 25, 2026
SmarterTools SmarterMail - SmarterTools SmarterMail contains an authentication bypass using an alternate path or channel vulnerability in the password reset API.