This archive includes all published incident pages. Page 5 of 18.
Each page is intended to help a security team answer three questions quickly: why the issue is AI-relevant, what part of the workflow may be exposed, and what actions should happen first.
Selection criteria and correction policy are documented in Methodology & Editorial Policy.
Incident date: March 4, 2026 | Published: March 4, 2026
locutus call user func array vulnerable to Remote Code Execution (RCE) due to Code Injection Details A Remote Code Execution (RCE) flaw was discovered in the locutus project (v2.0.
Incident date: March 4, 2026 | Published: March 4, 2026
Vaultwarden has Privilege Escalation via Bulk Permission Update to Unauthorized Collections by Manager Summary A Manager account (access all=false) was able to escalate privileges by directly invoking the bulk-access API against...
Incident date: March 4, 2026 | Published: March 4, 2026
OpenClaw Vulnerable to Local File Exfiltration via MCP Tool Result MEDIA: Directive Injection Summary A malicious or compromised MCP (Model Context Protocol) tool server can exfiltrate arbitrary local files from the host system by...
Incident date: March 4, 2026 | Published: March 4, 2026
OpenClaw: Hardlink alias checks could bypass workspace-only file boundaries in specific configurations Summary In certain workspace-restricted configurations, OpenClaw could follow hardlink aliases inside the workspace that reference...
Incident date: March 4, 2026 | Published: March 4, 2026
A vulnerability in NLTK versions up to and including 3.9.2 allows arbitrary file read via path traversal in multiple CorpusReader classes, including WordListCorpusReader, TaggedCorpusReader, and BracketParseCorpusReader.
Incident date: Unknown | Published: March 4, 2026
On 25 February 2026, Cisco released security advisories addressing multiple high and critical severity vulnerabilities in Cisco Catalyst SD-WAN controllers and Cisco SD-WAN Manager.
Incident date: Unknown | Published: March 4, 2026
On December 17, 2025, Cisco released a security advisory for a critical vulnerability affecting Cisco Secure Email Gateway and Cisco Secure Email and Web Manager products.
Incident date: Unknown | Published: March 4, 2026
On October 23, 2025, Microsoft released an out-of-band update to address a critical vulnerability in Windows Server Update Service (WSUS).
Incident date: Unknown | Published: March 4, 2026
On October 15, 2025, F5 disclosed that a sophisticated nation-state actor breached its systems and maintained long-term persistent access into F5's infrastructure.
Incident date: Unknown | Published: March 4, 2026
On September 25, 2025, Cisco released several security advisories addressing 3 vulnerabilities, 2 of which are critical.