This archive includes all published incident pages. Page 17 of 18.
Each page is intended to help a security team answer three questions quickly: why the issue is AI-relevant, what part of the workflow may be exposed, and what actions should happen first.
Selection criteria and correction policy are documented in Methodology & Editorial Policy.
Incident date: January 20, 2026 | Published: February 25, 2026
Overview dr_flac , an open-source FLAC audio decoder, part of the dr_libs audio decoder toolset, contains an integer overflow vulnerability allowing for denial of service (DoS) when provided a specific crafted file.
Incident date: January 16, 2026 | Published: February 25, 2026
Dive is an open-source MCP Host Desktop Application that enables integration with function-calling LLMs. Prior to 0.13.
Incident date: January 16, 2026 | Published: February 25, 2026
Overview A vulnerability, tracked as CVE-2025-14894, has been discovered within Livewire Filemanager, a tool designed for usage within Laravel applications.
Incident date: January 15, 2026 | Published: February 25, 2026
Overview Redmi Buds , a series of Bluetooth earbuds produced and sold by Xiaomi , contain an Information Leak vulnerability and a Denial of Service (DoS) vulnerability in versions 3 Pro through 6 Pro.
Incident date: January 12, 2026 | Published: February 22, 2026
OpenCode is an open source AI coding agent. The markdown renderer used for LLM responses will insert arbitrary HTML into the DOM.
Incident date: January 12, 2026 | Published: February 14, 2026
MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 25.11.1, an unauthenticated path traversal in the file upload API lets any caller read arbitrary files from the server filesystem and move...
Incident date: January 8, 2026 | Published: February 14, 2026
llama.cpp is an inference of several LLM models in C/C++. In commits 55d4206c8 and prior, the n_discard parameter is parsed directly from JSON input in the llama.
Incident date: January 6, 2026 | Published: February 25, 2026
Overview A vulnerability in the Forcepoint One DLP Client allows bypass of the vendor-implemented Python restrictions designed to prevent arbitrary code execution.
Incident date: January 5, 2026 | Published: February 14, 2026
Dify is an open-source LLM app development platform. Prior to version 1.11.0, the API key is exposed in plaintext to the frontend, allowing non-administrator users to view and reuse it.
Incident date: December 23, 2025 | Published: February 14, 2026
5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. In versions 0.15.2 and prior, an RCE vulnerability exists in useMarkdown.