aisecwatch.com
DashboardVulnerabilitiesNewsResearchArchiveStatsDatasetFor devs
Subscribe
aisecwatch.com

Real-time AI security monitoring. Tracking AI-related vulnerabilities, safety and security incidents, privacy risks, research developments, and policy changes.

Navigation

VulnerabilitiesNewsResearchDigest ArchiveNewsletter ArchiveSubscribeData SourcesStatisticsDatasetAPIIntegrationsWidgetRSS Feed

Maintained by

Truong (Jack) Luu

Information Systems Researcher

Browse All

All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.

to
Export CSV
6426 items

EFF Statement on ICE and CBP Violence

infonews
policy
Jan 26, 2026

This statement describes how U.S. Immigration and Customs Enforcement (ICE) and Customs and Border Protection (CBP) have conducted surveillance and violated constitutional rights, including facial recognition scanning and warrantless home searches. The document argues these violations are systemic problems, citing recent deaths during enforcement actions and a leaked memo allowing searches based on administrative warrants (warrants issued by agency officials rather than judges) without judicial review.

Fix: Congress must vote to reject any further funding of ICE and CBP, and rebuild the immigration enforcement system from the ground up to respect human rights and ensure real accountability for individual officers, their leadership, and the agency as a whole.

EFF Deeplinks Blog

Goal-Oriented Dynamic Weight Optimization for Multi-Object Navigation

inforesearchPeer-Reviewed
research

Adversarial Imitation Learning With General Function Approximation: Theoretical Analysis and Practical Algorithms

inforesearchPeer-Reviewed
research

CVE-2025-13374: The Kalrav AI Agent plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in

criticalvulnerability
security
Jan 24, 2026
CVE-2025-13374

The Kalrav AI Agent plugin for WordPress (versions up to 2.3.3) has a vulnerability in its file upload feature that fails to check what type of file is being uploaded. This allows attackers without user accounts to upload malicious files to the server, potentially leading to RCE (remote code execution, where an attacker can run commands on a system they don't own).

CVE-2026-24399: ChatterMate is a no-code AI chatbot agent framework. In versions 1.0.8 and below, the chatbot accepts and executes malic

criticalvulnerability
security
Jan 23, 2026
CVE-2026-24399

ChatterMate, a no-code AI chatbot framework (software that lets people build chatbots without writing code), has a security flaw in versions 1.0.8 and earlier where it accepts and runs malicious HTML/JavaScript code from user chat input. An attacker could send specially crafted code (like an iframe with a javascript: link) that executes in the user's browser and steals sensitive data such as localStorage tokens and cookies, which are used to keep users logged in.

Search Engines, AI, And The Long Fight Over Fair Use

inforegulatory
policyresearch

A Survey of Progress in LLM Alignment From the Perspective of Reward Design

inforesearchPeer-Reviewed
research

The Rise of Miniapps: A New Frontier with Security Challenges in Mobile Apps

inforesearchPeer-Reviewed
security

CVE-2026-0772: Langflow Disk Cache Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows rem

highvulnerability
security
Jan 23, 2026
CVE-2026-0772

Langflow contains a remote code execution (RCE, where an attacker can run commands on a system they don't own) vulnerability in its disk cache service that allows authenticated attackers to execute arbitrary code by sending maliciously crafted data that the system deserializes (converts from stored format back into usable objects) without proper validation. The flaw exploits insufficient checking of user-supplied input, letting attackers run code with the permissions of the service account.

CVE-2026-0771: Langflow PythonFunction Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers t

criticalvulnerability
security
Jan 23, 2026
CVE-2026-0771

Langflow, a workflow automation tool, has a vulnerability where attackers can inject malicious Python code into Python function components and execute it on the server (RCE, or remote code execution). The severity and how it can be exploited depend on how Langflow is configured.

CVE-2026-0770: Langflow exec_globals Inclusion of Functionality from Untrusted Control Sphere Remote Code Execution Vulnerability. This

criticalvulnerability
security
Jan 23, 2026
CVE-2026-0770EPSS: 10.0%

Langflow contains a remote code execution vulnerability (RCE, where an attacker can run commands on a system they don't own) in how it handles the exec_globals parameter at the validate endpoint, allowing unauthenticated attackers to execute arbitrary code with root-level privileges. The flaw stems from including functionality from an untrusted source without proper validation.

CVE-2026-0769: Langflow eval_custom_component_code Eval Injection Remote Code Execution Vulnerability. This vulnerability allows remote

criticalvulnerability
security
Jan 23, 2026
CVE-2026-0769

Langflow contains a vulnerability in its eval_custom_component_code function that allows attackers to execute arbitrary code (RCE, or remote code execution) without needing to log in. The flaw occurs because the function doesn't properly validate user input before executing it as Python code, letting attackers run any commands they want on the affected system.

CVE-2026-0768: Langflow code Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute

criticalvulnerability
security
Jan 23, 2026
CVE-2026-0768

Langflow has a critical vulnerability where attackers can execute arbitrary code (commands) on the server without needing to log in, by sending malicious input to the validate endpoint. The flaw occurs because the code parameter is not properly checked before being run as Python code, allowing an attacker to run commands with root-level permissions (the highest system access level).

CVE-2025-15063: Ollama MCP Server execAsync Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote atta

criticalvulnerability
security
Jan 23, 2026
CVE-2025-15063

Ollama MCP Server contains a command injection vulnerability (a flaw where an attacker can insert malicious commands into user input that gets executed) in its execAsync method that allows unauthenticated attackers to run arbitrary code on the affected system. The vulnerability exists because the server doesn't properly validate user input before passing it to system commands, letting attackers execute code with the same privileges as the service running the server.

CVE-2026-0757: MCP Manager for Claude Desktop execute-command Command Injection Sandbox Escape Vulnerability. This vulnerability allows

criticalvulnerability
security
Jan 22, 2026
CVE-2026-0757

MCP Manager for Claude Desktop has a vulnerability where attackers can inject malicious commands into MCP config objects (configuration files that tell Claude how to use external tools) that aren't properly checked before being run as system commands. By tricking a user into visiting a malicious website or opening a malicious file, an attacker can break out of the sandbox (the restricted environment that limits what Claude can access) and run arbitrary code (any commands they want) on the computer.

CVE-2026-0755: gemini-mcp-tool execAsync Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attack

criticalvulnerability
security
Jan 22, 2026
CVE-2026-0755

A vulnerability in gemini-mcp-tool's execAsync method allows attackers to run arbitrary code (RCE, or remote code execution) on systems using this tool without needing to log in. The flaw occurs because the tool doesn't properly check user input before running system commands, letting attackers inject malicious commands.

CVE-2026-24307: Improper validation of specified type of input in M365 Copilot allows an unauthorized attacker to disclose information o

criticalvulnerability
security
Jan 22, 2026
CVE-2026-24307

CVE-2026-24307 is a vulnerability in Microsoft 365 Copilot where improper validation of input (failure to check that data matches what the system expects) allows an attacker to access and disclose information over a network without authorization. The vulnerability has a CVSS score of 4.0 (a moderate severity rating on a 0-10 scale).

CVE-2026-21521: Improper neutralization of escape, meta, or control sequences in Copilot allows an unauthorized attacker to disclose inf

highvulnerability
security
Jan 22, 2026
CVE-2026-21521

CVE-2026-21521 is a vulnerability in Microsoft Copilot where improper handling of escape sequences (special characters used to control how text is displayed or interpreted) allows an attacker to disclose information over a network without authorization. The vulnerability is classified as CWE-150 (improper neutralization of escape, meta, or control sequences) and was reported by Microsoft Corporation.

CVE-2026-21520: Exposure of Sensitive Information to an Unauthorized Actor in Copilot Studio allows a unauthenticated attacker to view s

highvulnerability
security
Jan 22, 2026
CVE-2026-21520

CVE-2026-21520 is a vulnerability in Microsoft Copilot Studio that allows an unauthenticated attacker to view sensitive information through a network-based attack. The vulnerability stems from improper handling of special characters in commands (command injection, where attackers manipulate input to execute unintended commands), and affects Copilot Studio's hosted service.

CVE-2025-65098: Typebot is an open-source chatbot builder. In versions prior to 3.13.2, client-side script execution in Typebot allows s

highvulnerability
securityprivacy
Previous221 / 322Next
Jan 26, 2026

This research addresses multi-object navigation (MON), where an AI agent must find multiple targets in unknown environments by balancing immediate actions with long-term planning. Current methods focus too much on local path optimization, causing slow learning and getting stuck in trap states. The researchers propose GDWO (Goal-oriented Dynamic Weight Optimization), an algorithm that dynamically adjusts how much each target task contributes to the overall optimization by using gradient-based updates (mathematical techniques that improve decisions step-by-step) and normalizing weights based on navigation success rates, which improves learning efficiency and path planning.

IEEE Xplore (Security & AI Journals)
Jan 26, 2026

Adversarial imitation learning (AIL, a technique where an AI learns to mimic expert behavior by competing against a discriminator network) has worked well in practice but lacked solid theoretical foundations except in oversimplified settings. This paper introduces OPT-AIL (optimization-based adversarial imitation learning), a new framework that works with general function approximation (flexible neural network models rather than simple lookup tables), and proves it can learn expert-level policies efficiently while remaining practical to implement.

IEEE Xplore (Security & AI Journals)
NVD/CVE Database

Fix: Update to version 1.0.9, where this issue has been fixed. The patch is available at https://github.com/chattermate/chattermate.chat/releases/tag/v1.0.9.

NVD/CVE Database
Jan 23, 2026

This article argues that training AI models on copyrighted works should be protected as fair use (the legal right to use copyrighted material without permission for certain purposes like research or analysis), just as courts have previously allowed for search engines and other information technologies. The article contends that AI training is transformative because it extracts patterns from works rather than replacing them, and that expanding copyright restrictions on AI training could harm legitimate research practices in science and medicine.

EFF Deeplinks Blog
safety
Jan 23, 2026

This survey examines how rewards (scoring systems that guide AI behavior) are designed to align LLMs (large language models, or AI systems trained on massive amounts of text) with what humans want them to do. The review organizes the field by asking how rewards are mathematically defined, how they are built using different data sources and methods, how they work with different training approaches like reinforcement learning from human feedback (RLHF, a technique where humans rate AI outputs to improve performance), and how they are tested for safety and effectiveness.

IEEE Xplore (Security & AI Journals)
Jan 23, 2026

Mobile super apps (large platforms that host smaller third-party applications, called miniapps, which share the same underlying services) create new security risks because multiple apps can access shared resources and data. Researchers studied how these ecosystems work, identified security vulnerabilities and potential abuses, and developed recommendations to make super app platforms safer while keeping them easy to use.

IEEE Xplore (Security & AI Journals)
NVD/CVE Database
NVD/CVE Database
NVD/CVE Database
NVD/CVE Database
NVD/CVE Database
NVD/CVE Database
NVD/CVE Database
NVD/CVE Database
NVD/CVE Database
NVD/CVE Database
NVD/CVE Database
Jan 22, 2026
CVE-2025-65098

Typebot, an open-source chatbot builder, has a vulnerability in versions before 3.13.2 where malicious chatbots can execute JavaScript (code that runs in a user's browser) to steal stored credentials like OpenAI API keys and passwords. The vulnerability exists because an API endpoint returns plaintext credentials without checking if the person requesting them actually owns them.

Fix: Update to Typebot version 3.13.2, which fixes the issue.

NVD/CVE Database