{ "version": "https://jsonfeed.org/version/1.1", "title": "VulnWatch — AI Security Tracker", "description": "Curated AI/ML security vulnerabilities, advisories, and breach disclosures.", "home_page_url": "https://vulnwatch.ai", "feed_url": "https://vulnwatch.ai/feed/json", "language": "en-US", "authors": [{ "name": "VulnWatch" } ], "items": [{ "id": "https://vulnwatch.ai/019db659-6d25-71cf-b245-1f0a4461153a", "title": "CVE-2026-35366: The printenv utility in uutils coreutils fails to display environment variables containing invalid UTF-8 byte sequences.", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35366", "content_html": "The printenv utility in uutils coreutils fails to display environment variables containing invalid UTF-8 byte sequences. While POSIX permits arbitrary bytes in environment strings, the uutils implementation silently skips these entries rather than printing the raw bytes. This vulnerability allows malicious environment variables (e.g., adversarial LD_PRELOAD values) to evade inspection by administrators or security auditing tools, potentially allowing library injection or other environment-based attacks to go undetected.", "summary": "The printenv utility in uutils coreutils fails to display environment variables containing invalid UTF-8 byte sequences. While POSIX permits arbitrary bytes in environment strings, the uutils implementation silently skips these entries rather than printing the raw bytes. This vulnerability allows malicious environment variables (e.g., adversarial LD_PRELOAD values) to evade inspection by administrators or security auditing tools, potentially allowing library injection or other environment-based attacks to go undetected.", "date_published": "2026-04-22T18:00:07+00:00", "date_modified": "2026-04-22T18:00:07+00:00", "authors": [{ "name": "VulnWatch" }], "tags": [ ] }, { "id": "https://vulnwatch.ai/019db659-6d1f-72cd-8d00-60df79e372c3", "title": "CVE-2026-6859: A flaw was found in InstructLab. The `linux_train.py` script hardcodes `trust_remote_code=True` when loading models from", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6859", "content_html": "A flaw was found in InstructLab. The `linux_train.py` script hardcodes `trust_remote_code=True` when loading models from HuggingFace. This allows a remote attacker to achieve arbitrary Python code execution by convincing a user to run `ilab train\/download\/generate` with a specially crafted malicious model from the HuggingFace Hub. This vulnerability can lead to complete system compromise.", "summary": "A flaw was found in InstructLab. The `linux_train.py` script hardcodes `trust_remote_code=True` when loading models from HuggingFace. This allows a remote attacker to achieve arbitrary Python code execution by convincing a user to run `ilab train\/download\/generate` with a specially crafted malicious model from the HuggingFace Hub. This vulnerability can lead to complete system compromise.", "date_published": "2026-04-22T18:00:07+00:00", "date_modified": "2026-04-22T18:00:07+00:00", "authors": [{ "name": "VulnWatch" }], "tags": [ ] }, { "id": "https://vulnwatch.ai/019db659-6d14-724a-89f1-01df2fbe497c", "title": "CVE-2026-31507: In the Linux kernel, the following vulnerability has been resolved:\n\nnet\/smc: fix double-free of smc_spd_priv when tee()", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31507", "content_html": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet\/smc: fix double-free of smc_spd_priv when tee() duplicates splice pipe buffer\n\nsmc_rx_splice() allocates one smc_spd_priv per pipe_buffer and stores\nthe pointer in pipe_buffer.private. The pipe_buf_operations for these\nbuffers used .get = generic_pipe_buf_get, which only increments the page\nreference count when tee(2) duplicates a pipe buffer. The smc_spd_priv\npointer itself was not handled, so after tee() both the original and the\ncloned pipe_buffer share the same smc_spd_priv *.\n\nWhen both pipes are subsequently released, smc_rx_pipe_buf_release() is\ncalled twice against the same object:\n\n 1st call: kfree(priv) sock_put(sk) smc_rx_update_cons() [correct]\n 2nd call: kfree(priv) sock_put(sk) smc_rx_update_cons() [UAF]\n\nKASAN reports a slab-use-after-free in smc_rx_pipe_buf_release(), which\nthen escalates to a NULL-pointer dereference and kernel panic via\nsmc_rx_update_consumer() when it chases the freed priv->smc pointer:\n\n BUG: KASAN: slab-use-after-free in smc_rx_pipe_buf_release+0x78\/0x2a0\n Read of size 8 at addr ffff888004a45740 by task smc_splice_tee_\/74\n Call Trace:\n \n dump_stack_lvl+0x53\/0x70\n print_report+0xce\/0x650\n kasan_report+0xc6\/0x100\n smc_rx_pipe_buf_release+0x78\/0x2a0\n free_pipe_info+0xd4\/0x130\n pipe_release+0x142\/0x160\n __fput+0x1c6\/0x490\n __x64_sys_close+0x4f\/0x90\n do_syscall_64+0xa6\/0x1a0\n entry_SYSCALL_64_after_hwframe+0x77\/0x7f\n <\/TASK>\n\n BUG: kernel NULL pointer dereference, address: 0000000000000020\n RIP: 0010:smc_rx_update_consumer+0x8d\/0x350\n Call Trace:\n \n smc_rx_pipe_buf_release+0x121\/0x2a0\n free_pipe_info+0xd4\/0x130\n pipe_release+0x142\/0x160\n __fput+0x1c6\/0x490\n __x64_sys_close+0x4f\/0x90\n do_syscall_64+0xa6\/0x1a0\n entry_SYSCALL_64_after_hwframe+0x77\/0x7f\n <\/TASK>\n Kernel panic - not syncing: Fatal exception\n\nBeyond the memory-safety problem, duplicating an SMC splice buffer is\nsemantically questionable: smc_rx_update_cons() would advance the\nconsumer cursor twice for the same data, corrupting receive-window\naccounting. A refcount on smc_spd_priv could fix the double-free, but\nthe cursor-accounting issue would still need to be addressed separately.\n\nThe .get callback is invoked by both tee(2) and splice_pipe_to_pipe()\nfor partial transfers; both will now return -EFAULT. Users who need\nto duplicate SMC socket data must use a copy-based read path.", "summary": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet\/smc: fix double-free of smc_spd_priv when tee() duplicates splice pipe buffer\n\nsmc_rx_splice() allocates one smc_spd_priv per pipe_buffer and stores\nthe pointer in pipe_buffer.private. The pipe_buf_operations for these\nbuffers used .get = generic_pipe_buf_get, which only increments the page\nreference count when tee(2) duplicates a pipe buffer. The smc_spd_priv\npointer itself was not handled, so after tee() both the original and the\ncloned pipe_buffer share the same smc_spd_priv *.\n\nWhen both pipes are subsequently released, smc_rx_pipe_buf_release() is\ncalled twice against the same object:\n\n 1st call: kfree(priv) sock_put(sk) smc_rx_update_cons() [correct]\n 2nd call: kfree(priv) sock_put(sk) smc_rx_update_cons() [UAF]\n\nKASAN reports a slab-use-after-free in smc_rx_pipe_buf_release(), which\nthen escalates to a NULL-pointer dereference and kernel panic via\nsmc_rx_update_consumer() when it chases the freed priv->smc pointer:\n\n BUG: KASAN: slab-use-after-free in smc_rx_pipe_buf_release+0x78\/0x2a0\n Read of size 8 at addr ffff888004a45740 by task smc_splice_tee_\/74\n Call Trace:\n \n dump_stack_lvl+0x53\/0x70\n print_report+0xce\/0x650\n kasan_report+0xc6\/0x100\n smc_rx_pipe_buf_release+0x78\/0x2a0\n free_pipe_info+0xd4\/0x130\n pipe_release+0x142\/0x160\n __fput+0x1c6\/0x490\n __x64_sys_close+0x4f\/0x90\n do_syscall_64+0xa6\/0x1a0\n entry_SYSCALL_64_after_hwframe+0x77\/0x7f\n <\/TASK>\n\n BUG: kernel NULL pointer dereference, address: 0000000000000020\n RIP: 0010:smc_rx_update_consumer+0x8d\/0x350\n Call Trace:\n \n smc_rx_pipe_buf_release+0x121\/0x2a0\n free_pipe_info+0xd4\/0x130\n pipe_release+0x142\/0x160\n __fput+0x1c6\/0x490\n __x64_sys_close+0x4f\/0x90\n do_syscall_64+0xa6\/0x1a0\n entry_SYSCALL_64_after_hwframe+0x77\/0x7f\n <\/TASK>\n Kernel panic - not syncing: Fatal exception\n\nBeyond the memory-safety problem, duplicating an SMC splice buffer is\nsemantically questionable: smc_rx_update_cons() would advance the\nconsumer cursor twice for the same data, corrupting receive-window\naccounting. A refcount on smc_spd_priv could fix the double-free, but\nthe cursor-accounting issue would still need to be addressed separately.\n\nThe .get callback is invoked by both tee(2) and splice_pipe_to_pipe()\nfor partial transfers; both will now return -EFAULT. Users who need\nto duplicate SMC socket data must use a copy-based read path.", "date_published": "2026-04-22T18:00:07+00:00", "date_modified": "2026-04-22T18:00:07+00:00", "authors": [{ "name": "VulnWatch" }], "tags": [ ] }, { "id": "https://vulnwatch.ai/019db659-6d0c-7140-848f-0b4a5ce15f65", "title": "CVE-2026-31504: In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix fanout UAF in packet_release() via NETDEV_", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31504", "content_html": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix fanout UAF in packet_release() via NETDEV_UP race\n\n`packet_release()` has a race window where `NETDEV_UP` can re-register a\nsocket into a fanout group's `arr[]` array. The re-registration is not\ncleaned up by `fanout_release()`, leaving a dangling pointer in the fanout\narray.\n`packet_release()` does NOT zero `po->num` in its `bind_lock` section.\nAfter releasing `bind_lock`, `po->num` is still non-zero and `po->ifindex`\nstill matches the bound device. A concurrent `packet_notifier(NETDEV_UP)`\nthat already found the socket in `sklist` can re-register the hook.\nFor fanout sockets, this re-registration calls `__fanout_link(sk, po)`\nwhich adds the socket back into `f->arr[]` and increments `f->num_members`,\nbut does NOT increment `f->sk_ref`.\n\nThe fix sets `po->num` to zero in `packet_release` while `bind_lock` is\nheld to prevent NETDEV_UP from linking, preventing the race window.\n\nThis bug was found following an additional audit with Claude Code based\non CVE-2025-38617.", "summary": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix fanout UAF in packet_release() via NETDEV_UP race\n\n`packet_release()` has a race window where `NETDEV_UP` can re-register a\nsocket into a fanout group's `arr[]` array. The re-registration is not\ncleaned up by `fanout_release()`, leaving a dangling pointer in the fanout\narray.\n`packet_release()` does NOT zero `po->num` in its `bind_lock` section.\nAfter releasing `bind_lock`, `po->num` is still non-zero and `po->ifindex`\nstill matches the bound device. A concurrent `packet_notifier(NETDEV_UP)`\nthat already found the socket in `sklist` can re-register the hook.\nFor fanout sockets, this re-registration calls `__fanout_link(sk, po)`\nwhich adds the socket back into `f->arr[]` and increments `f->num_members`,\nbut does NOT increment `f->sk_ref`.\n\nThe fix sets `po->num` to zero in `packet_release` while `bind_lock` is\nheld to prevent NETDEV_UP from linking, preventing the race window.\n\nThis bug was found following an additional audit with Claude Code based\non CVE-2025-38617.", "date_published": "2026-04-22T18:00:07+00:00", "date_modified": "2026-04-22T18:00:07+00:00", "authors": [{ "name": "VulnWatch" }], "tags": [ ] }, { "id": "https://vulnwatch.ai/019db659-6d04-722d-8374-27f7ad664062", "title": "CVE-2026-31464: In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ibmvfc: Fix OOB access in ibmvfc_discover_tar", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31464", "content_html": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ibmvfc: Fix OOB access in ibmvfc_discover_targets_done()\n\nA malicious or compromised VIO server can return a num_written value in the\ndiscover targets MAD response that exceeds max_targets. This value is\nstored directly in vhost->num_targets without validation, and is then used\nas the loop bound in ibmvfc_alloc_targets() to index into disc_buf[], which\nis only allocated for max_targets entries. Indices at or beyond max_targets\naccess kernel memory outside the DMA-coherent allocation. The\nout-of-bounds data is subsequently embedded in Implicit Logout and PLOGI\nMADs that are sent back to the VIO server, leaking kernel memory.\n\nFix by clamping num_written to max_targets before storing it.", "summary": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ibmvfc: Fix OOB access in ibmvfc_discover_targets_done()\n\nA malicious or compromised VIO server can return a num_written value in the\ndiscover targets MAD response that exceeds max_targets. This value is\nstored directly in vhost->num_targets without validation, and is then used\nas the loop bound in ibmvfc_alloc_targets() to index into disc_buf[], which\nis only allocated for max_targets entries. Indices at or beyond max_targets\naccess kernel memory outside the DMA-coherent allocation. The\nout-of-bounds data is subsequently embedded in Implicit Logout and PLOGI\nMADs that are sent back to the VIO server, leaking kernel memory.\n\nFix by clamping num_written to max_targets before storing it.", "date_published": "2026-04-22T18:00:07+00:00", "date_modified": "2026-04-22T18:00:07+00:00", "authors": [{ "name": "VulnWatch" }], "tags": [ ] }, { "id": "https://vulnwatch.ai/019db659-6cff-7030-b780-278b1da7e95a", "title": "CVE-2026-31436: In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: fix possible wrong descriptor comp", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31436", "content_html": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: fix possible wrong descriptor completion in llist_abort_desc()\n\nAt the end of this function, d is the traversal cursor of flist, but the\ncode completes found instead. This can lead to issues such as NULL pointer\ndereferences, double completion, or descriptor leaks.\n\nFix this by completing d instead of found in the final\nlist_for_each_entry_safe() loop.", "summary": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: fix possible wrong descriptor completion in llist_abort_desc()\n\nAt the end of this function, d is the traversal cursor of flist, but the\ncode completes found instead. This can lead to issues such as NULL pointer\ndereferences, double completion, or descriptor leaks.\n\nFix this by completing d instead of found in the final\nlist_for_each_entry_safe() loop.", "date_published": "2026-04-22T18:00:07+00:00", "date_modified": "2026-04-22T18:00:07+00:00", "authors": [{ "name": "VulnWatch" }], "tags": [ ] }, { "id": "https://vulnwatch.ai/019db659-55d5-729f-a424-fb21b39cd6b3", "title": "Claude Mythos Finds 271 Firefox Vulnerabilities", "url": "https://www.securityweek.com/claude-mythos-finds-271-firefox-vulnerabilities/", "content_html": "All the flaws could have also been found by an elite human researcher, according to Mozilla.\nThe post Claude Mythos Finds 271 Firefox Vulnerabilities appeared first on SecurityWeek.", "summary": "All the flaws could have also been found by an elite human researcher, according to Mozilla.\nThe post Claude Mythos Finds 271 Firefox Vulnerabilities appeared first on SecurityWeek.", "date_published": "2026-04-22T18:00:01+00:00", "date_modified": "2026-04-22T18:00:01+00:00", "authors": [{ "name": "VulnWatch" }], "tags": [ ] }, { "id": "https://vulnwatch.ai/019db659-548b-7270-b071-135e41f12672", "title": "Toxic Combinations: When Cross-App Permissions Stack into Risk", "url": "https://thehackernews.com/2026/04/toxic-combinations-when-cross-app.html", "content_html": "On January 31, 2026, researchers disclosed that Moltbook, a social network built for AI agents, had left its database wide open, exposing 35,000 email addresses and 1.5 million agent API tokens across 770,000 active agents.\nThe more worrying part sat inside the private messages. Some of those conversations held plaintext third-party credentials, including OpenAI API keys shared between agents,", "summary": "On January 31, 2026, researchers disclosed that Moltbook, a social network built for AI agents, had left its database wide open, exposing 35,000 email addresses and 1.5 million agent API tokens across 770,000 active agents.\nThe more worrying part sat inside the private messages. Some of those conversations held plaintext third-party credentials, including OpenAI API keys shared between agents,", "date_published": "2026-04-22T18:00:00+00:00", "date_modified": "2026-04-22T18:00:00+00:00", "authors": [{ "name": "VulnWatch" }], "tags": [ ] }, { "id": "https://vulnwatch.ai/019db659-5493-7163-9c43-e520cd5e1c7f", "title": "Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution, Container Escape", "url": "https://thehackernews.com/2026/04/cohere-ai-terrarium-sandbox-flaw.html", "content_html": "A critical security vulnerability has been disclosed in a Python-based sandbox called Terrarium that could result in arbitrary code execution.\nThe vulnerability, tracked as CVE-2026-5752, is rated 9.3 on the CVSS scoring system.\n\"Sandbox escape vulnerability in Terrarium allows arbitrary code execution with root privileges on a host process via JavaScript prototype chain traversal,\" according to", "summary": "A critical security vulnerability has been disclosed in a Python-based sandbox called Terrarium that could result in arbitrary code execution.\nThe vulnerability, tracked as CVE-2026-5752, is rated 9.3 on the CVSS scoring system.\n\"Sandbox escape vulnerability in Terrarium allows arbitrary code execution with root privileges on a host process via JavaScript prototype chain traversal,\" according to", "date_published": "2026-04-22T18:00:00+00:00", "date_modified": "2026-04-22T18:00:00+00:00", "authors": [{ "name": "VulnWatch" }], "tags": [ ] }, { "id": "https://vulnwatch.ai/019db659-6cf1-722f-b2a2-3c7bb859a477", "title": "CVE-2026-40933: Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, due to unsafe s", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40933", "content_html": "Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, due to unsafe serialization of stdio commands in the MCP adapter, an authenticated attacker can add an MCP stdio server with an arbitrary command, achieving command execution. The vulnerability lies in a bug in the input sanitization from the \u201cCustom MCP\u201d configuration in http:\/\/localhost:3000\/canvas - where any user can add a new MCP, when doing so - adding a new MCP using stdio, the user can add any command, even though your code have input sanitization checks such as validateCommandInjection and validateArgsForLocalFileAccess, and a list of predefined specific safe commands - these commands, for example \"npx\" can be combined with code execution arguments (\"-c touch \/tmp\/pwn\") that enable direct code execution on the underlying OS. This vulnerability is fixed in 3.1.0.", "summary": "Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, due to unsafe serialization of stdio commands in the MCP adapter, an authenticated attacker can add an MCP stdio server with an arbitrary command, achieving command execution. The vulnerability lies in a bug in the input sanitization from the \u201cCustom MCP\u201d configuration in http:\/\/localhost:3000\/canvas - where any user can add a new MCP, when doing so - adding a new MCP using stdio, the user can add any command, even though your code have input sanitization checks such as validateCommandInjection and validateArgsForLocalFileAccess, and a list of predefined specific safe commands - these commands, for example \"npx\" can be combined with code execution arguments (\"-c touch \/tmp\/pwn\") that enable direct code execution on the underlying OS. This vulnerability is fixed in 3.1.0.", "date_published": "2026-04-22T18:00:07+00:00", "date_modified": "2026-04-22T18:00:07+00:00", "authors": [{ "name": "VulnWatch" }], "tags": [ ] }, { "id": "https://vulnwatch.ai/019db659-6ce6-71fa-a02b-9f7ace7646c4", "title": "CVE-2026-22016: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22016", "content_html": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:N\/A:N).", "summary": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:N\/A:N).", "date_published": "2026-04-22T18:00:07+00:00", "date_modified": "2026-04-22T18:00:07+00:00", "authors": [{ "name": "VulnWatch" }], "tags": [ ] }, { "id": "https://vulnwatch.ai/019db659-6cd2-7149-859d-3068916da959", "title": "CVE-2026-40608: Next AI Draw.io is a next.js web application that integrates AI capabilities with draw.io diagrams. Prior to 0.4.15, the", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40608", "content_html": "Next AI Draw.io is a next.js web application that integrates AI capabilities with draw.io diagrams. Prior to 0.4.15, the embedded HTTP sidecar contains three POST handlers (\/api\/state, \/api\/restore, and \/api\/history-svg) that process incoming requests by accumulating the entire request body into a JavaScript string without any size limitations. Node.js buffers the entire payload in the V8 heap. Sending a sufficiently large body (e.g., 500 MiB or more) will exhaust the process heap memory, leading to an Out-of-Memory (OOM) error that crashes the MCP server. This vulnerability is fixed in 0.4.15.", "summary": "Next AI Draw.io is a next.js web application that integrates AI capabilities with draw.io diagrams. Prior to 0.4.15, the embedded HTTP sidecar contains three POST handlers (\/api\/state, \/api\/restore, and \/api\/history-svg) that process incoming requests by accumulating the entire request body into a JavaScript string without any size limitations. Node.js buffers the entire payload in the V8 heap. Sending a sufficiently large body (e.g., 500 MiB or more) will exhaust the process heap memory, leading to an Out-of-Memory (OOM) error that crashes the MCP server. This vulnerability is fixed in 0.4.15.", "date_published": "2026-04-22T18:00:07+00:00", "date_modified": "2026-04-22T18:00:07+00:00", "authors": [{ "name": "VulnWatch" }], "tags": [ ] }, { "id": "https://vulnwatch.ai/019db659-5499-70df-8c58-cb37c873c953", "title": "Google Patches Antigravity IDE Flaw Enabling Prompt Injection Code Execution", "url": "https://thehackernews.com/2026/04/google-patches-antigravity-ide-flaw.html", "content_html": "Cybersecurity researchers have discovered a vulnerability in Google's agentic integrated development environment (IDE), Antigravity, that could be exploited to achieve code execution.\nThe flaw, since patched, combines Antigravity's permitted file-creation capabilities with an insufficient input sanitization in Antigravity's native file-searching tool, find_by_name, to bypass the program's Strict", "summary": "Cybersecurity researchers have discovered a vulnerability in Google's agentic integrated development environment (IDE), Antigravity, that could be exploited to achieve code execution.\nThe flaw, since patched, combines Antigravity's permitted file-creation capabilities with an insufficient input sanitization in Antigravity's native file-searching tool, find_by_name, to bypass the program's Strict", "date_published": "2026-04-22T18:00:00+00:00", "date_modified": "2026-04-22T18:00:00+00:00", "authors": [{ "name": "VulnWatch" }], "tags": [ ] }, { "id": "https://vulnwatch.ai/019db659-5686-730e-be44-43976ff812aa", "title": "QIMMA \u0642\u0650\u0645\u0651\u0629 \u26f0: A Quality-First Arabic LLM Leaderboard", "url": "https://huggingface.co/blog/tiiuae/qimma-arabic-leaderboard", "content_html": "", "summary": "", "date_published": "2026-04-22T18:00:01+00:00", "date_modified": "2026-04-22T18:00:01+00:00", "authors": [{ "name": "VulnWatch" }], "tags": [ ] }, { "id": "https://vulnwatch.ai/019db659-549d-73d4-8494-aff8fcbe47a0", "title": "SGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model Files", "url": "https://thehackernews.com/2026/04/sglang-cve-2026-5760-cvss-98-enables.html", "content_html": "A critical security vulnerability has been disclosed in SGLang that, if successfully exploited, could result in remote code execution on susceptible systems.\nThe vulnerability, tracked as CVE-2026-5760, carries a CVSS score of 9.8 out of 10.0. It has been described as a case of command injection leading to the execution of arbitrary code.\nSGLang is a high-performance, open-source serving", "summary": "A critical security vulnerability has been disclosed in SGLang that, if successfully exploited, could result in remote code execution on susceptible systems.\nThe vulnerability, tracked as CVE-2026-5760, carries a CVSS score of 9.8 out of 10.0. It has been described as a case of command injection leading to the execution of arbitrary code.\nSGLang is a high-performance, open-source serving", "date_published": "2026-04-22T18:00:00+00:00", "date_modified": "2026-04-22T18:00:00+00:00", "authors": [{ "name": "VulnWatch" }], "tags": [ ] }, { "id": "https://vulnwatch.ai/019db659-54a0-739a-a5c9-f82b1d3e142b", "title": "Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain", "url": "https://thehackernews.com/2026/04/anthropic-mcp-design-vulnerability.html", "content_html": "Cybersecurity researchers have discovered a critical \"by design\" weakness in the Model Context Protocol's (MCP) architecture that could pave the way for remote code execution and have a cascading effect on the artificial intelligence (AI) supply chain.\n\"This flaw enables Arbitrary Command Execution (RCE) on any system running a vulnerable MCP implementation, granting attackers direct access to", "summary": "Cybersecurity researchers have discovered a critical \"by design\" weakness in the Model Context Protocol's (MCP) architecture that could pave the way for remote code execution and have a cascading effect on the artificial intelligence (AI) supply chain.\n\"This flaw enables Arbitrary Command Execution (RCE) on any system running a vulnerable MCP implementation, granting attackers direct access to", "date_published": "2026-04-22T18:00:00+00:00", "date_modified": "2026-04-22T18:00:00+00:00", "authors": [{ "name": "VulnWatch" }], "tags": [ ] }, { "id": "https://vulnwatch.ai/019db659-54a4-7080-9fbb-0db4ad46ebf1", "title": "[Webinar] Eliminate Ghost Identities Before They Expose Your Enterprise Data", "url": "https://thehackernews.com/2026/04/webinar-find-and-eliminate-orphaned-non.html", "content_html": "In 2024, compromised service accounts and forgotten API keys were behind 68% of cloud breaches. Not\u00a0phishing. Not\u00a0weak passwords. Unmanaged non-human identities that nobody was\u00a0watching.\nFor every employee in your org, there are 40 to 50 automated credentials: service accounts, API tokens, AI agent connections,\u00a0and OAuth grants. When\u00a0projects end or employees leave, most", "summary": "In 2024, compromised service accounts and forgotten API keys were behind 68% of cloud breaches. Not\u00a0phishing. Not\u00a0weak passwords. Unmanaged non-human identities that nobody was\u00a0watching.\nFor every employee in your org, there are 40 to 50 automated credentials: service accounts, API tokens, AI agent connections,\u00a0and OAuth grants. When\u00a0projects end or employees leave, most", "date_published": "2026-04-22T18:00:00+00:00", "date_modified": "2026-04-22T18:00:00+00:00", "authors": [{ "name": "VulnWatch" }], "tags": [ ] }, { "id": "https://vulnwatch.ai/019db659-5689-70b0-8885-eb40ae6e6646", "title": "Training and Finetuning Multimodal Embedding & Reranker Models with Sentence Transformers", "url": "https://huggingface.co/blog/train-multimodal-sentence-transformers", "content_html": "", "summary": "", "date_published": "2026-04-22T18:00:01+00:00", "date_modified": "2026-04-22T18:00:01+00:00", "authors": [{ "name": "VulnWatch" }], "tags": [ ] }, { "id": "https://vulnwatch.ai/019db659-568c-707f-8385-64aaad165cad", "title": "Inside VAKRA: Reasoning, Tool Use, and Failure Modes of Agents", "url": "https://huggingface.co/blog/ibm-research/vakra-benchmark-analysis", "content_html": "", "summary": "", "date_published": "2026-04-22T18:00:01+00:00", "date_modified": "2026-04-22T18:00:01+00:00", "authors": [{ "name": "VulnWatch" }], "tags": [ ] }, { "id": "https://vulnwatch.ai/019db659-54a9-738a-ba45-9247e36a8c7a", "title": "Deterministic + Agentic AI: The Architecture Exposure Validation Requires", "url": "https://thehackernews.com/2026/04/deterministic-agentic-ai-architecture.html", "content_html": "Few technologies have moved from experimentation to boardroom mandate as quickly as AI. Across\u00a0industries, leadership teams have embraced its broader potential, and boards, investors, and executives are already pushing organizations to adopt it across operational and security functions.\u00a0Pentera\u2019s AI Security and Exposure Report\u00a02026 reflects that\u00a0momentum: every CISO surveyed", "summary": "Few technologies have moved from experimentation to boardroom mandate as quickly as AI. Across\u00a0industries, leadership teams have embraced its broader potential, and boards, investors, and executives are already pushing organizations to adopt it across operational and security functions.\u00a0Pentera\u2019s AI Security and Exposure Report\u00a02026 reflects that\u00a0momentum: every CISO surveyed", "date_published": "2026-04-22T18:00:00+00:00", "date_modified": "2026-04-22T18:00:00+00:00", "authors": [{ "name": "VulnWatch" }], "tags": [ ] }, { "id": "https://vulnwatch.ai/019db659-54ad-7006-9014-49334244793f", "title": "OpenAI Launches GPT-5.4-Cyber with Expanded Access for Security Teams", "url": "https://thehackernews.com/2026/04/openai-launches-gpt-54-cyber-with.html", "content_html": "OpenAI on Tuesday\u00a0unveiled GPT-5.4-Cyber, a variant of its latest flagship\u00a0model, GPT\u20115.4, that's specifically optimized for defensive cybersecurity use cases, days after rival Anthropic unveiled its own frontier\u00a0model, Mythos.\n\"The progressive use of AI accelerates defenders \u2013 those responsible for keeping systems, data, and users safe \u2013 enabling them to find and fix problems", "summary": "OpenAI on Tuesday\u00a0unveiled GPT-5.4-Cyber, a variant of its latest flagship\u00a0model, GPT\u20115.4, that's specifically optimized for defensive cybersecurity use cases, days after rival Anthropic unveiled its own frontier\u00a0model, Mythos.\n\"The progressive use of AI accelerates defenders \u2013 those responsible for keeping systems, data, and users safe \u2013 enabling them to find and fix problems", "date_published": "2026-04-22T18:00:00+00:00", "date_modified": "2026-04-22T18:00:00+00:00", "authors": [{ "name": "VulnWatch" }], "tags": [ ] }, { "id": "https://vulnwatch.ai/019db659-568f-723b-b177-3cb261feb7e2", "title": "Multimodal Embedding & Reranker Models with Sentence Transformers", "url": "https://huggingface.co/blog/multimodal-sentence-transformers", "content_html": "", "summary": "", "date_published": "2026-04-22T18:00:01+00:00", "date_modified": "2026-04-22T18:00:01+00:00", "authors": [{ "name": "VulnWatch" }], "tags": [ ] }, { "id": "https://vulnwatch.ai/019db659-5692-71ac-a887-4a33cb9f1c34", "title": "Safetensors is Joining the PyTorch Foundation", "url": "https://huggingface.co/blog/safetensors-joins-pytorch-foundation", "content_html": "", "summary": "", "date_published": "2026-04-22T18:00:01+00:00", "date_modified": "2026-04-22T18:00:01+00:00", "authors": [{ "name": "VulnWatch" }], "tags": [ ] }, { "id": "https://vulnwatch.ai/019db659-5694-7263-97c0-fe083307d93a", "title": "State of Open Source on Hugging Face: Spring 2026", "url": "https://huggingface.co/blog/huggingface/state-of-os-hf-spring-2026", "content_html": "", "summary": "", "date_published": "2026-04-22T18:00:01+00:00", "date_modified": "2026-04-22T18:00:01+00:00", "authors": [{ "name": "VulnWatch" }], "tags": [ ] }, { "id": "https://vulnwatch.ai/019db659-5697-730f-b9be-2f747276985d", "title": "Introducing Storage Buckets on the Hugging Face Hub", "url": "https://huggingface.co/blog/storage-buckets", "content_html": "", "summary": "", "date_published": "2026-04-22T18:00:01+00:00", "date_modified": "2026-04-22T18:00:01+00:00", "authors": [{ "name": "VulnWatch" }], "tags": [ ] }, { "id": "https://vulnwatch.ai/019db659-569d-737b-80f7-1eb7f9695f86", "title": "Introducing Modular Diffusers - Composable Building Blocks for Diffusion Pipelines", "url": "https://huggingface.co/blog/modular-diffusers", "content_html": "", "summary": "", "date_published": "2026-04-22T18:00:01+00:00", "date_modified": "2026-04-22T18:00:01+00:00", "authors": [{ "name": "VulnWatch" }], "tags": [ ] }, { "id": "https://vulnwatch.ai/019db659-56a0-7181-9265-6a329b831e9f", "title": "Mixture of Experts (MoEs) in Transformers", "url": "https://huggingface.co/blog/moe-transformers", "content_html": "", "summary": "", "date_published": "2026-04-22T18:00:01+00:00", "date_modified": "2026-04-22T18:00:01+00:00", "authors": [{ "name": "VulnWatch" }], "tags": [ ] }, { "id": "https://vulnwatch.ai/019db659-56a5-70ce-afa3-dec8cb81b78e", "title": "GGML and llama.cpp join HF to ensure the long-term progress of Local AI", "url": "https://huggingface.co/blog/ggml-joins-hf", "content_html": "", "summary": "", "date_published": "2026-04-22T18:00:01+00:00", "date_modified": "2026-04-22T18:00:01+00:00", "authors": [{ "name": "VulnWatch" }], "tags": [ ] }, { "id": "https://vulnwatch.ai/019db659-56a2-72b9-9bf7-232637c22647", "title": "Train AI models with Unsloth and Hugging Face Jobs for FREE", "url": "https://huggingface.co/blog/unsloth-jobs", "content_html": "", "summary": "", "date_published": "2026-04-22T18:00:01+00:00", "date_modified": "2026-04-22T18:00:01+00:00", "authors": [{ "name": "VulnWatch" }], "tags": [ ] }, { "id": "https://vulnwatch.ai/019db659-56a7-7358-ba50-8fc3145ba24f", "title": "Custom Kernels for All from Codex and Claude", "url": "https://huggingface.co/blog/custom-cuda-kernels-agent-skills", "content_html": "", "summary": "", "date_published": "2026-04-22T18:00:01+00:00", "date_modified": "2026-04-22T18:00:01+00:00", "authors": [{ "name": "VulnWatch" }], "tags": [ ] }, { "id": "https://vulnwatch.ai/019db659-56aa-71d7-ae93-1d39743f5b72", "title": "Transformers.js v4: Now Available on NPM!", "url": "https://huggingface.co/blog/transformersjs-v4", "content_html": "", "summary": "", "date_published": "2026-04-22T18:00:01+00:00", "date_modified": "2026-04-22T18:00:01+00:00", "authors": [{ "name": "VulnWatch" }], "tags": [ ] }, { "id": "https://vulnwatch.ai/019db659-56ac-70e0-b0e1-ed52dc15ae7a", "title": "The Future of the Global Open-Source AI Ecosystem: From DeepSeek to AI+", "url": "https://huggingface.co/blog/huggingface/one-year-since-the-deepseek-moment-blog-3", "content_html": "", "summary": "", "date_published": "2026-04-22T18:00:01+00:00", "date_modified": "2026-04-22T18:00:01+00:00", "authors": [{ "name": "VulnWatch" }], "tags": [ ] }, { "id": "https://vulnwatch.ai/019db659-56af-7296-a59b-0498fa53ba1a", "title": "We Got Claude to Build CUDA Kernels and teach open models!", "url": "https://huggingface.co/blog/upskill", "content_html": "", "summary": "", "date_published": "2026-04-22T18:00:01+00:00", "date_modified": "2026-04-22T18:00:01+00:00", "authors": [{ "name": "VulnWatch" }], "tags": [ ] }, { "id": "https://vulnwatch.ai/019db659-56b1-7222-9624-ce87ac68ddbc", "title": "Architectural Choices in China's Open-Source AI Ecosystem: Building Beyond DeepSeek\u00a0", "url": "https://huggingface.co/blog/huggingface/one-year-since-the-deepseek-moment-blog-2", "content_html": "", "summary": "", "date_published": "2026-04-22T18:00:01+00:00", "date_modified": "2026-04-22T18:00:01+00:00", "authors": [{ "name": "VulnWatch" }], "tags": [ ] }, { "id": "https://vulnwatch.ai/019db659-56b4-7167-b422-020374432667", "title": "Alyah \u2b50\ufe0f: Toward Robust Evaluation of Emirati Dialect Capabilities in Arabic LLMs", "url": "https://huggingface.co/blog/tiiuae/emirati-benchmarks", "content_html": "", "summary": "", "date_published": "2026-04-22T18:00:01+00:00", "date_modified": "2026-04-22T18:00:01+00:00", "authors": [{ "name": "VulnWatch" }], "tags": [ ] }, { "id": "https://vulnwatch.ai/019db659-56b6-7179-8909-10643a2d5823", "title": "Unlocking Agentic RL Training for GPT-OSS: A Practical Retrospective", "url": "https://huggingface.co/blog/LinkedIn/gpt-oss-agentic-rl", "content_html": "", "summary": "", "date_published": "2026-04-22T18:00:01+00:00", "date_modified": "2026-04-22T18:00:01+00:00", "authors": [{ "name": "VulnWatch" }], "tags": [ ] }, { "id": "https://vulnwatch.ai/019db659-56b9-7200-9d3e-6b27c0ed68be", "title": "AssetOpsBench: Bridging the Gap Between AI Agent Benchmarks and Industrial Reality", "url": "https://huggingface.co/blog/ibm-research/assetopsbench-playground-on-hugging-face", "content_html": "", "summary": "", "date_published": "2026-04-22T18:00:01+00:00", "date_modified": "2026-04-22T18:00:01+00:00", "authors": [{ "name": "VulnWatch" }], "tags": [ ] }, { "id": "https://vulnwatch.ai/019db659-56bb-7149-9a11-3c8eda7e4fab", "title": "One Year Since the \u201cDeepSeek Moment\u201d", "url": "https://huggingface.co/blog/huggingface/one-year-since-the-deepseek-moment", "content_html": "", "summary": "", "date_published": "2026-04-22T18:00:01+00:00", "date_modified": "2026-04-22T18:00:01+00:00", "authors": [{ "name": "VulnWatch" }], "tags": [ ] } ] }