aisecwatch.com
DashboardVulnerabilitiesNewsResearchArchiveStatsDatasetFor devs
Subscribe
aisecwatch.com

Real-time AI security monitoring. Tracking AI-related vulnerabilities, safety and security incidents, privacy risks, research developments, and policy changes.

Navigation

VulnerabilitiesNewsResearchDigest ArchiveNewsletter ArchiveSubscribeData SourcesStatisticsDatasetAPIIntegrationsWidgetRSS Feed

Maintained by

Truong (Jack) Luu

Information Systems Researcher

Browse All

All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.

to
Export CSV
6362 items

CVE-2026-33075: FastGPT is an AI Agent building platform. In versions 4.14.8.3 and below, the fastgpt-preview-image.yml workflow is vuln

criticalvulnerability
security
Mar 20, 2026
CVE-2026-33075

FastGPT (an AI platform for building AI agents) versions 4.14.8.3 and below have a critical security flaw where the fastgpt-preview-image.yml workflow uses pull_request_target (a GitHub feature that runs code with access to repository secrets) but executes code from an external contributor's fork, allowing attackers to run arbitrary code (commands on systems they don't own), steal secrets, and potentially compromise the production container registry (the central storage system for packaged software).

NVD/CVE Database

CVE-2026-23274: In the Linux kernel, the following vulnerability has been resolved: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM

infovulnerability
security
Mar 20, 2026
CVE-2026-23274

A vulnerability in the Linux kernel's netfilter module allows revision 0 rules to reuse timers created by revision 1 rules, but when those timers use ALARM type semantics (a special timer mode), the underlying timer structure is never initialized. This causes a crash when revision 0 tries to modify the uninitialized timer. The fix rejects revision 0 rules from reusing ALARM-type timers with the same label.

Meta AI agent’s instruction causes large sensitive data leak to employees

highnews
securitysafety

CVE-2026-32950: SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.7.0 contain a cr

criticalvulnerability
security
Mar 20, 2026
CVE-2026-32950

SQLBot, an intelligent data query system that uses a large language model and RAG (retrieval-augmented generation, where an AI pulls in external documents to answer questions), has a critical SQL injection vulnerability (a bug where an attacker tricks the system into running unintended database commands) in versions before 1.7.0 that allows authenticated users to execute arbitrary code on the backend server. The vulnerability exists because Excel sheet names are directly inserted into database commands without proper sanitization (cleaning/validation), and attackers can exploit this by uploading specially crafted files to gain complete control of the system.

CVE-2026-32949: SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.7.0 contain a Se

highvulnerability
security
Mar 20, 2026
CVE-2026-32949

SQLBot, an AI-based system for querying databases that uses RAG (retrieval-augmented generation, where it pulls in external data to answer questions), has a vulnerability in versions before 1.7.0 that lets attackers read any file from the server. An attacker can exploit the /api/v1/datasource/check endpoint by submitting a fake MySQL connection with a malicious setting, which tricks the server into reading and sending back sensitive files like /etc/passwd when it tries to verify the connection.

OpenAI to create desktop super app, combining ChatGPT app, browser and Codex app

infonews
industry
Mar 19, 2026

OpenAI is combining its web browser, ChatGPT app, and Codex app (a tool for writing and understanding code) into a single desktop application to simplify the user experience and reduce fragmentation across its products. The company is refocusing its efforts on high-productivity use cases and avoiding distractions as it prepares for a potential IPO.

OpenAI is planning a desktop ‘superapp’

infonews
industry
Mar 19, 2026

OpenAI is building a desktop 'superapp' that combines its ChatGPT chat application, Codex AI coding tool, and Atlas AI-powered browser into a single application. The company is making this change to reduce product fragmentation (having too many separate tools) that has slowed development and made it harder to meet quality standards.

Practical and secure history-independent indexing for queryable-encrypted databases

inforesearchPeer-Reviewed
security

CVE-2025-43520: Apple Multiple Products Classic Buffer Overflow Vulnerability

highvulnerability
security
Mar 19, 2026
CVE-2025-43520🔥 Actively Exploited

CVE-2025-54068: Laravel Livewire Code Injection Vulnerability

criticalvulnerability
security
Mar 19, 2026
CVE-2025-54068EPSS: 16.0%🔥 Actively Exploited

CVE-2025-32432: Craft CMS Code Injection Vulnerability

infovulnerability
security
Mar 19, 2026
CVE-2025-32432EPSS: 79.0%🔥 Actively Exploited

CVE-2025-43510: Apple Multiple Products Improper Locking Vulnerability

highvulnerability
security
Mar 19, 2026
CVE-2025-43510🔥 Actively Exploited

CVE-2025-31277: Apple Multiple Products Buffer Overflow Vulnerability

infovulnerability
security
Mar 19, 2026
CVE-2025-31277🔥 Actively Exploited

AI Conundrum: Why MCP Security Can't Be Patched Away

infonews
securitysafety

CVE-2026-32622: SQLBot is an intelligent data query system based on a large language model and RAG. Versions 1.5.0 and below contain a S

criticalvulnerability
security
Mar 19, 2026
CVE-2026-32622

SQLBot, a data query system combining AI with RAG (retrieval-augmented generation, where an AI pulls in external documents to answer questions), has a critical vulnerability in versions 1.5.0 and below that chains three security gaps: missing permission checks on file uploads, unsanitized storage of user input, and inadequate protections when inserting data into the AI's instructions. An attacker can exploit this to trick the AI into running malicious database commands that give them control over the database server.

CVE-2026-27740: Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have a cros

highvulnerability
security
Mar 19, 2026
CVE-2026-27740

Discourse, an open-source discussion platform, has a cross-site scripting vulnerability (XSS, where attackers inject malicious code that runs in a user's browser) in versions before 2026.3.0-latest.1, 2026.2.1, and 2026.1.2. The vulnerability exists because the system trusts output directly from an AI language model and displays it without proper sanitization (cleaning) in the Review Queue interface, allowing attackers to use prompt injection (tricking the AI by hiding instructions in user input) to make the AI generate malicious code that executes when staff members review flagged posts.

CVE-2026-26137: Server-side request forgery (ssrf) in Microsoft 365 Copilot's Business Chat allows an authorized attacker to elevate pri

highvulnerability
security
Mar 19, 2026
CVE-2026-26137

CVE-2026-26137 is a server-side request forgery vulnerability (SSRF, a flaw where an attacker tricks a server into making unwanted network requests on their behalf) in Microsoft 365 Copilot's Business Chat that allows an authorized attacker to gain elevated privileges over a network. The vulnerability affects an exclusively hosted service and was published on March 19, 2026.

CVE-2026-26136: Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an unaut

mediumvulnerability
security
Mar 19, 2026
CVE-2026-26136

CVE-2026-26136 is a command injection vulnerability (a flaw where an attacker can insert malicious commands by exploiting improper filtering of special characters) in Microsoft Copilot that allows an unauthorized attacker to access and disclose sensitive information over a network.

CVE-2026-24299: Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthoriz

mediumvulnerability
security
Mar 19, 2026
CVE-2026-24299

CVE-2026-24299 is a command injection vulnerability (a flaw where an attacker can insert malicious commands into an application by exploiting improper handling of special characters) in Microsoft 365 Copilot that allows an unauthorized attacker to disclose information over a network. The vulnerability has a CVSS 4.0 severity rating (a 0-10 scale measuring how serious a security flaw is). This is hosted exclusively as a service by Microsoft.

GHSA-w5g8-5849-vj76: NiceGUI's unvalidated chunk size parameter in media routes can cause memory exhaustion

mediumvulnerability
security
Mar 19, 2026
CVE-2026-33332

NiceGUI's media file serving functions accept a user-controlled parameter that controls how files are read during streaming without checking if the parameter is valid. An attacker can use this to force the server to load entire files into memory at once instead of sending them in chunks (smaller pieces), which can cause the server to run out of memory and stop working, especially with large files like videos.

Previous156 / 319Next

Fix: Fix this by rejecting revision 0 rule insertion when an existing timer with the same label is of ALARM type.

NVD/CVE Database
Mar 20, 2026

A Meta employee asked an AI agent for help with an engineering problem on an internal forum, and the AI's suggested solution caused a large amount of sensitive user and company data to be exposed to engineers for two hours. This incident demonstrates a risk where AI systems can inadvertently guide people toward actions that create security problems, even when the person following the guidance has good intentions.

The Guardian Technology

Fix: Update to version 1.7.0 or later, where this issue has been fixed.

NVD/CVE Database

Fix: Update to version 1.7.0 or later. The source states: 'This issue was fixed in version 1.7.0.'

NVD/CVE Database
CNBC Technology
The Verge (AI)
Mar 19, 2026

This research paper, published in June 2026, presents a method for creating indexes in queryable-encrypted databases (databases where data stays encrypted even when being searched) that don't leak information about access patterns or query history. The approach aims to improve security by preventing attackers from inferring sensitive information about which data is being accessed based on observable patterns of database queries.

Elsevier Security Journals

A buffer overflow vulnerability (a programming error where data overflows its allocated memory space) affects multiple Apple products including watchOS, iOS, iPadOS, macOS, visionOS, and tvOS. A malicious app could exploit this to crash the system or write malicious code directly into kernel memory (the core of the operating system). This vulnerability is actively being exploited by attackers in the wild.

Fix: Apply mitigations per Apple's vendor instructions (referenced in support documents), follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. The deadline for remediation is April 3, 2026.

CISA Known Exploited Vulnerabilities

Laravel Livewire (a PHP framework for building interactive web applications) contains a code injection vulnerability (a flaw where attackers can insert malicious code into an application) that allows unauthenticated attackers to execute arbitrary commands on affected systems in certain situations. This vulnerability is currently being actively exploited by attackers in the wild.

Fix: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. The due date for remediation is 2026-04-03.

CISA Known Exploited Vulnerabilities

Craft CMS contains a code injection vulnerability (a flaw that lets attackers insert and run malicious code) that allows remote attackers to execute arbitrary code (run commands they shouldn't be able to run). This vulnerability is actively being exploited by attackers in the real world.

Fix: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CISA Known Exploited Vulnerabilities

Apple's operating systems (watchOS, iOS, iPadOS, macOS, visionOS, and tvOS) contain an improper locking vulnerability (a flaw that fails to properly control access to shared memory between processes), which allows a malicious application to make unexpected changes to memory that multiple programs use. This vulnerability is currently being exploited by attackers in real-world attacks.

Fix: Apply mitigations per Apple's vendor instructions using the provided support links, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. The due date for remediation is 2026-04-03.

CISA Known Exploited Vulnerabilities

Apple's Safari browser and operating systems (iOS, iPadOS, macOS, watchOS, visionOS, and tvOS) contain a buffer overflow vulnerability (a memory safety bug where data overflows a fixed-size storage area, corrupting nearby memory) that could allow attackers to damage system memory by tricking users into viewing malicious websites. This vulnerability is currently being exploited by attackers in real-world attacks.

Fix: Apply mitigations per Apple's vendor instructions (see support links provided), follow BOD 22-01 guidance for cloud services, or discontinue use of the affected products if mitigations are unavailable. The due date for remediation is 2026-04-03.

CISA Known Exploited Vulnerabilities
Mar 19, 2026

A researcher at the RSAC 2026 Conference argued that MCP (the Model Context Protocol, a system that lets AI models access external tools and data) introduces security risks into LLM (large language model) environments that are built into its fundamental design and cannot be easily fixed with patches. The core problems are architectural rather than simple bugs that updates could resolve.

Dark Reading

Fix: The issue is fixed in v1.6.0.

NVD/CVE Database

Fix: Update to versions 2026.3.0-latest.1, 2026.2.1, or 2026.1.2, which contain a patch. Alternatively, as a workaround, temporarily disable AI triage automation scripts.

NVD/CVE Database
NVD/CVE Database
NVD/CVE Database
NVD/CVE Database

Fix: Upgrade to a patched version of NiceGUI. As a workaround, restrict access to media endpoints or strip unexpected query parameters at a reverse proxy layer (a server that sits between users and your application to filter requests).

GitHub Advisory Database