This archive includes all published incident pages. Page 4 of 16.
Each page is intended to help a security team answer three questions quickly: why the issue is AI-relevant, what part of the workflow may be exposed, and what actions should happen first.
Selection criteria and correction policy are documented in Methodology & Editorial Policy.
Incident date: March 4, 2026 | Published: March 4, 2026
A vulnerability in NLTK versions up to and including 3.9.2 allows arbitrary file read via path traversal in multiple CorpusReader classes, including WordListCorpusReader, TaggedCorpusReader, and BracketParseCorpusReader.
Incident date: Unknown | Published: March 4, 2026
On 25 February 2026, Cisco released security advisories addressing multiple high and critical severity vulnerabilities in Cisco Catalyst SD-WAN controllers and Cisco SD-WAN Manager.
Incident date: Unknown | Published: March 4, 2026
On December 17, 2025, Cisco released a security advisory for a critical vulnerability affecting Cisco Secure Email Gateway and Cisco Secure Email and Web Manager products.
Incident date: Unknown | Published: March 4, 2026
On October 23, 2025, Microsoft released an out-of-band update to address a critical vulnerability in Windows Server Update Service (WSUS).
Incident date: Unknown | Published: March 4, 2026
On October 15, 2025, F5 disclosed that a sophisticated nation-state actor breached its systems and maintained long-term persistent access into F5's infrastructure.
Incident date: Unknown | Published: March 4, 2026
On September 25, 2025, Cisco released several security advisories addressing 3 vulnerabilities, 2 of which are critical.
Incident date: February 26, 2026 | Published: February 26, 2026
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.8.0, the CSV Agent node in Langflow hardcodes allow dangerous code=True, which automatically exposes LangChain’s Python REPL tool (python...
Incident date: February 25, 2026 | Published: February 25, 2026
Assessment It is believed that the analysis pass works as intended, REDUCE and BUILD are not at fault here. The few potentially unsafe modules have been added to the blocklist (https://github.
Incident date: February 24, 2026 | Published: February 25, 2026
Assessment The interpreter so it behaves closer to CPython when dealing with OBJ , NEWOBJ , and NEWOBJ_EX opcodes (https://github.com/trailofbits/fickling/commit/ff423dade2bb1f72b2b48586c022fac40cbd9a4a).
Incident date: February 24, 2026 | Published: February 25, 2026
Impact An attacker may leverage a vulnerability in the password reset feature to capture a user's token and reset the password on their behalf.