aisecwatch.com
DashboardVulnerabilitiesNewsResearchArchiveStatsDatasetFor devs
Subscribe
aisecwatch.com

Real-time AI security monitoring. Tracking AI-related vulnerabilities, safety and security incidents, privacy risks, research developments, and policy changes.

Navigation

VulnerabilitiesNewsResearchDigest ArchiveNewsletter ArchiveSubscribeData SourcesStatisticsDatasetAPIIntegrationsWidgetRSS Feed

Maintained by

Truong (Jack) Luu

Information Systems Researcher

Browse All

All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.

to
Export CSV
6335 items

CVE-2026-3055: Citrix NetScaler Out-of-Bounds Read Vulnerability

infovulnerability
security
Mar 29, 2026
CVE-2026-3055🔥 Actively Exploited

Citrix NetScaler contains an out-of-bounds read vulnerability (a memory access bug where software reads past the boundaries of allocated memory) in its SAML IDP (SAML identity provider, which authenticates users) component, potentially exposing sensitive data. This vulnerability is currently being actively exploited by attackers in the wild. The vulnerability affects multiple NetScaler products including NetScaler ADC, NetScaler Gateway, and their FIPS and NDcPP variants.

Fix: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Consult the Citrix Security Bulletin (CTX696300) for detailed patching information.

CISA Known Exploited Vulnerabilities

Helping disaster response teams turn AI into action across Asia

infonews
industry
Mar 29, 2026

OpenAI and partner organizations held an 'AI Jam' workshop in Bangkok with 50 disaster management leaders from 13 Asian countries to explore practical ways AI can improve emergency response. The workshop focused on building custom GPTs (generalized pre-trained transformer models, or AI tools trained on broad data) and workflows for tasks like situation reporting and needs assessment, addressing how disaster response teams in resource-constrained environments with fragmented data can work faster and more effectively.

Bluesky’s new app is an AI for customizing your feed

infonews
industry
Mar 29, 2026

Bluesky has released Attie, a new AI assistant powered by Claude (Anthropic's language model) that helps users create custom feeds using natural language instructions instead of traditional algorithmic settings. Users can describe what content they want to see, like 'posts about folklore, mythology, and traditional music, especially Celtic traditions,' and Attie builds a personalized feed based on that description, with plans to integrate it into Bluesky and other apps built on the AT Protocol (Bluesky's underlying technical foundation).

GHSA-wprj-9cvc-5w37: AVideo: Unauthenticated Access to Payment Log DataTables Endpoints Exposes Transaction Data, PayPal Tokens, and User Financial Records

highvulnerability
security
Mar 29, 2026

AVideo's payment plugins have a critical vulnerability where `list.json.php` endpoints (which retrieve payment transaction records) lack authentication checks, allowing anyone to access sensitive financial data including PayPal tokens, Authorize.Net webhook details, Bitcoin transaction records, and user IDs without logging in. This is the same type of vulnerability that was previously fixed in the Scheduler plugin, but the fix was not applied to 21 other vulnerable endpoints across the codebase.

CVE-2026-5002: A vulnerability has been found in PromtEngineer localGPT up to 4d41c7d1713b16b216d8e062e51a5dd88b20b054. The impacted el

highvulnerability
security
Mar 28, 2026
CVE-2026-5002

A vulnerability (CVE-2026-5002) was discovered in PromtEngineer localGPT that allows injection attacks (inserting malicious code into input) through the LLM Prompt Handler component in the backend/server.py file. An attacker can exploit this vulnerability remotely, and the exploit code has been publicly released. The vendor has not responded to disclosure attempts, and because the product uses rolling releases (continuous updates without traditional version numbers), specific patch information is unavailable.

TikTok’s policy for AI ads isn’t working

infonews
policysafety

RanDS: A Large-Scale Open Dataset of Raw Binaries and Extracted Features for Ransomware Research

inforesearchPeer-Reviewed
research

The Iran war is defense tech's chance to shine, but few systems and weapons are ready

infonews
industry
Mar 28, 2026

The Iran war is driving demand for lower-cost military technology, particularly drones and counter-drone systems, as the U.S. military realizes it cannot afford expensive responses to cheap threats. Defense tech companies like Anduril, Palantir, and others are gaining Pentagon contracts to develop systems such as LUCAS (a low-cost drone costing about $35,000) and laser counter-drone technology, though these tools currently represent less than 1% of overall defense spending.

Why OpenAI killed Sora

infonews
industry
Mar 28, 2026

OpenAI discontinued its Sora video-generation app and canceled plans to add video generation to ChatGPT, also ending a $1 billion deal with Disney. The company made these decisions because Sora was consuming large amounts of computational resources without generating enough revenue to justify the expense, as OpenAI focuses on becoming profitable.

‘They feel true’: political deepfakes are growing in influence – even if people know they aren’t real

infonews
safetypolicy

CVE-2026-4993: A vulnerability has been found in wandb OpenUI up to 0.0.0.0/1.0. This impacts an unknown function of the file backend/o

lowvulnerability
security
Mar 28, 2026
CVE-2026-4993

A vulnerability (CVE-2026-4993) was found in wandb OpenUI up to version 1.0 where manipulating the LITELLM_MASTER_KEY argument in the backend/openui/config.py file can expose hard-coded credentials (passwords stored directly in the code). This vulnerability requires local access to exploit and has already been publicly disclosed, though the vendor did not respond to early notification.

GHSA-frv4-x25r-588m: Giskard Agents have Server-side template injection via ChatWorkflow.chat() using non-sandboxed Jinja2 Environment

highvulnerability
security
Mar 27, 2026
CVE-2026-34172

Giskard Agents contain a server-side template injection vulnerability in the `ChatWorkflow.chat()` method, which treats user input as Jinja2 template code (a templating language that processes special syntax) instead of plain text. If a developer passes user-provided data directly to this method, an attacker can execute arbitrary code on the server by embedding malicious Jinja2 syntax in their input.

STADLER reshapes knowledge work at a 230-year-old company

infonews
industry
Mar 27, 2026

STADLER, a 230-year-old recycling equipment company, embedded ChatGPT (an AI language model that generates human-like text) across its workforce to speed up knowledge work like drafting, summarizing, and translating. The company achieved 30-40% time savings on common tasks, 2.5x faster first drafts, and 85% daily active usage by providing company-wide access, training, and clear guardrails while encouraging bottom-up experimentation.

CVE-2026-33873: Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.9.0, the Agentic Assis

criticalvulnerability
security
Mar 27, 2026
CVE-2026-33873

Langflow, a tool for building AI-powered agents and workflows, had a vulnerability in versions before 1.9.0 where the Agentic Assistant feature would execute Python code generated by an LLM (large language model) on the server. An attacker who could access this feature and control what the model outputs could run arbitrary code (malicious commands) on the server itself.

GHSA-m2h6-4xpq-qw3m: A Fleet team maintainer can transfer hosts from any team via missing source team authorization

mediumvulnerability
security
Mar 27, 2026
CVE-2026-29180

Fleet's host transfer API has a broken access control vulnerability (a flaw where permission checks don't work properly) that lets a team maintainer steal hosts from other teams by transferring them without authorization checks. Once stolen, the attacker can control the devices and run scripts with root privileges (the highest permission level), breaking team isolation in multi-tenant deployments (systems serving multiple separate organizations).

CVE-2026-33654: nanobot is a personal AI assistant. Prior to version 0.1.6, an indirect prompt injection vulnerability exists in the ema

highvulnerability
security
Mar 27, 2026
CVE-2026-33654

Nanobot, a personal AI assistant, had a vulnerability in its email module that allowed attackers to send malicious prompts via email, which the bot would automatically process as trusted commands without the owner's knowledge. This is a type of indirect prompt injection (tricking an AI by hiding instructions in its input) that could let attackers run arbitrary system tools through the bot. Version 0.1.6 fixes this flaw.

CVE-2026-31951: LibreChat is a ChatGPT clone with additional features. In versions 0.8.2-rc1 through 0.8.3-rc1, user-created MCP (Model

mediumvulnerability
security
Mar 27, 2026
CVE-2026-31951

LibreChat versions 0.8.2-rc1 through 0.8.3-rc1 have a vulnerability where user-created MCP (Model Context Protocol, a system for connecting AI models to external tools) servers can steal OAuth tokens (security credentials used for authentication). An attacker can create a malicious MCP server with special headers that trick LibreChat into substituting sensitive tokens, which are then leaked when victims use tools on that server.

CVE-2026-31950: LibreChat is a ChatGPT clone with additional features. In versions 0.8.2-rc2 through 0.8.2-rc3, the SSE streaming endpoi

mediumvulnerability
security
Mar 27, 2026
CVE-2026-31950

LibreChat (a ChatGPT alternative with extra features) versions 0.8.2-rc2 through 0.8.2-rc3 have a security flaw in the SSE streaming endpoint (a real-time data connection) at `/api/agents/chat/stream/:streamId` that fails to check if a user actually owns a chat stream. This means any logged-in user can guess or obtain another user's stream ID and read their live conversations, including messages and AI responses, without permission.

CVE-2026-31945: LibreChat is a ChatGPT clone with additional features. Versions 0.8.2-rc2 through 0.8.2 are vulnerable to a server-side

highvulnerability
security
Mar 27, 2026
CVE-2026-31945

LibreChat (a ChatGPT alternative with extra features) versions 0.8.2-rc2 through 0.8.2 have a vulnerability that allows attackers to access internal systems through SSRF (server-side request forgery, where an attacker tricks a server into making requests to resources it shouldn't access). Even though a previous SSRF fix was applied, it only checked domain names and didn't verify whether those names actually point to private IP addresses (internal network addresses), leaving the system exposed.

CVE-2026-31943: LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.3, `isPrivateIP()` in `packages/api/src/auth

highvulnerability
security
Mar 27, 2026
CVE-2026-31943

LibreChat, a ChatGPT alternative with extra features, has a security flaw in versions before 0.8.3 where a function called `isPrivateIP()` fails to recognize IPv4-mapped IPv6 addresses (IPv6 addresses that contain IPv4 address information) in a certain format, allowing logged-in users to bypass SSRF protection (SSRF is server-side request forgery, where an attacker tricks a server into making requests to internal networks it shouldn't access). This could let attackers access sensitive internal resources like cloud metadata services and private networks.

Previous143 / 317Next
OpenAI Blog
The Verge (AI)
GitHub Advisory Database
NVD/CVE Database
Mar 28, 2026

Companies like Samsung are posting ads on TikTok that appear to be made with generative AI (AI systems that create images or videos from text descriptions), but they're not adding the required AI disclosure labels that TikTok's advertising policies demand. This means users can't easily tell whether the ads they see are AI-generated or made by humans, even though the companies creating them know the truth.

The Verge (AI)
Mar 28, 2026

RanDS is a new large-scale dataset containing raw binary files (the compiled machine code of programs) and extracted features designed to help researchers study and detect ransomware (malicious software that encrypts victims' files and demands payment). This resource aims to support the development and testing of machine learning models that can identify ransomware threats more effectively.

Elsevier Security Journals
CNBC Technology
The Verge (AI)
Mar 28, 2026

AI researchers report that online creators are using generative AI (artificial intelligence that creates images or videos from text descriptions) to produce fake images and videos of real political figures and entirely fabricated people, sometimes in military or sexualized contexts, to earn money and spread propaganda. These deepfakes (AI-generated fake media of people) are influential in shaping public perception of political figures, even when viewers know the content is not real.

The Guardian Technology
NVD/CVE Database

Fix: Update to giskard-agents version 0.3.4 (stable branch) or 1.0.2b1 (pre-release branch). The fix replaces the unsandboxed Jinja2 Environment with SandboxedEnvironment, which blocks access to attributes starting with underscores and prevents the class traversal attacks that enable remote code execution.

GitHub Advisory Database
OpenAI Blog

Fix: Update to version 1.9.0, which fixes the issue.

NVD/CVE Database

Fix: Upgrade to a patched version of Fleet. The source states: 'There is no workaround for this issue short of upgrading to a patched version.' As a precaution, organizations should audit host transfer activity in their Fleet logs for unexpected team reassignments.

GitHub Advisory Database

Fix: Update nanobot to version 0.1.6 or later, which patches the vulnerability in the email channel processing module.

NVD/CVE Database

Fix: Update to version 0.8.3-rc2, which fixes the issue.

NVD/CVE Database

Fix: Version 0.8.2 patches the issue.

NVD/CVE Database

Fix: Update to version 0.8.3-rc1, which contains a patch for this vulnerability.

NVD/CVE Database

Fix: Update LibreChat to version 0.8.3, which fixes the issue.

NVD/CVE Database