AI security incident: CVE-2026-22793 (NVD)
Incident date: January 21, 2026 | Published: February 14, 2026
5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.
ASR AI Security Radar
Recent AI Security Incidents
This archive includes all published incident pages. Page 15 of 16.
Each page is intended to help a security team answer three questions quickly: why the issue is AI-relevant, what part of the workflow may be exposed, and what actions should happen first.
Selection criteria and correction policy are documented in Methodology & Editorial Policy.
AI security incident: VU#481830: Libheif uncompressed codec lacks bounds check leading to application crash
Incident date: January 20, 2026 | Published: February 25, 2026
Overview An out-of-bounds memory access vulnerability exists in the uncompressed decoder component of libheif .
AI security incident: VU#458022: Open5GS WebUI uses a hard-coded secrets including JSON Web Token signing key
Incident date: January 20, 2026 | Published: February 25, 2026
Overview The Open5GS WebUI component contains default hardcoded secrets used for security-sensitive operations, including JSON Web Token (JWT) signing.
AI security incident: VU#271649: Stack-based buffer overflow in libtasn1 versions v4.20.0 and earlier
Incident date: January 20, 2026 | Published: February 25, 2026
Overview A stack-based buffer overflow vulnerability exists in GNU libtasn1, a low-level ASN.1 parsing library. The issue is caused by unsafe string concatenation in the asn1_expand_octet_string function located in decoding.c .
AI security incident: VU#818729: Safetica contains a kernel driver vulnerability
Incident date: January 20, 2026 | Published: February 25, 2026
Overview Kernel driver ProcessMonitorDriver.sys in Safetica's endpoint client x64, versions 10.5.75.0 and 11.11.4.0, allows for an unprivileged user to abuse an IOCTL path and terminate protected system processes.
AI security incident: VU#244846: Server-Side Template Injection (SSTI) vulnerability exist in Genshi
Incident date: January 20, 2026 | Published: February 25, 2026
Overview A Server-Side Template Injection (SSTI) vulnerability exists in the Genshi template engine due to unsafe evaluation of template expressions.
AI security incident: VU#924114: dr_flac contains an integer overflow vulnerability that allows for DoS whe...
Incident date: January 20, 2026 | Published: February 25, 2026
Overview dr_flac , an open-source FLAC audio decoder, part of the dr_libs audio decoder toolset, contains an integer overflow vulnerability allowing for denial of service (DoS) when provided a specific crafted file.
AI security incident: CVE-2026-23523 (NVD)
Incident date: January 16, 2026 | Published: February 25, 2026
Dive is an open-source MCP Host Desktop Application that enables integration with function-calling LLMs. Prior to 0.13.
AI security incident: VU#650657: Livewire Filemanager contains an insecure .php component that allows for u...
Incident date: January 16, 2026 | Published: February 25, 2026
Overview A vulnerability, tracked as CVE-2025-14894, has been discovered within Livewire Filemanager, a tool designed for usage within Laravel applications.
AI security incident: VU#472136: Information Leak and DoS Vulnerabilities in Redmi Buds 3 Pro through 6 Pro
Incident date: January 15, 2026 | Published: February 25, 2026
Overview Redmi Buds , a series of Bluetooth earbuds produced and sold by Xiaomi , contain an Information Leak vulnerability and a Denial of Service (DoS) vulnerability in versions 3 Pro through 6 Pro.