This archive includes all published incident pages. Page 7 of 16.
Each page is intended to help a security team answer three questions quickly: why the issue is AI-relevant, what part of the workflow may be exposed, and what actions should happen first.
Selection criteria and correction policy are documented in Methodology & Editorial Policy.
Incident date: February 23, 2026 | Published: February 25, 2026
Summary A SQL LIKE wildcard injection vulnerability in the /api/token/search endpoint allows authenticated users to cause Denial of Service through resource exhaustion by crafting malicious search patterns.
Incident date: February 20, 2026 | Published: February 25, 2026
Vulnerability The ACP bridge accepted very large prompt text blocks and could assemble oversized prompt payloads before forwarding them to chat.send .
Incident date: February 20, 2026 | Published: February 25, 2026
Vulnerability Type Stored Cross-Site Scripting (XSS) — CWE-79. ## Affected Product/Versions AVideo 18.0. ## Root Cause Summary AVideo allows Markdown in video comments and uses Parsedown (v1.7.4) without Safe Mode enabled.
Incident date: February 20, 2026 | Published: February 25, 2026
Summary A Timing-based username enumeration in Basic Authentication vulnerability due to early response on invalid usernames could allow attackers to identify valid users and focus their efforts on targeted brute-force or...
Incident date: February 19, 2026 | Published: February 20, 2026
OpenClaw is a personal AI assistant. Prior to OpenClaw version 2026.2.14, the Feishu extension previously allowed sendMediaFeishu to treat attacker-controlled mediaUrl values as local filesystem paths and read them directly.
Incident date: February 19, 2026 | Published: February 25, 2026
An information disclosure vulnerability in OpenClaw's tools.exec.safeBins approval flow allowed a file-existence oracle.
Incident date: February 19, 2026 | Published: February 25, 2026
Description The zumba/json-serializer library allows deserialization of PHP objects from JSON using a special @type field. Prior to version 3.2.
Incident date: February 19, 2026 | Published: February 25, 2026
Summary Dagu's default configuration ships with authentication completely disabled. The POST /api/v2/dag-runs endpoint accepts an inline YAML spec and executes its shell commands immediately — no credentials, no token, nothing.
Incident date: February 19, 2026 | Published: February 25, 2026
Summary In affected versions, when apply_patch was enabled and the agent ran without filesystem sandbox containment, crafted paths could cause file writes/deletes outside the configured workspace directory.
Incident date: February 19, 2026 | Published: February 25, 2026
The origin validation uses startsWith() for comparison, allowing attackers to bypass the check by registering a domain that shares a common prefix with an allowed origin.