CVE-2026-0041

In multiple functions of ubsanthrowingruntime.cpp, there is a possible UBSan failure due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0039

CVE-2026-0039 describes a persistent DoS via an integer overflow in multiple functions of ubsan_throwing_runtime.cpp. Affected: GrapheneOS (prior to 2026030200) and likely other components cited in NVD/NVD-derived feeds. Exploitation would be remote, with no user interaction required, and could i...

CVE-2026-45803

A flaw was found in GitHub CLI. A remote attacker who can influence GitHub Actions workflow log output could inject terminal escape sequences into workflow logs. When a user views these logs using gh run view --log or gh run view --log-failed, the injected sequences may be replayed by the user's...

PT-2026-45581

Name of the Vulnerable Software and Affected Versions Android affected versions not specified Description A logic error in multiple functions within ubsan throwing runtime.cpp can lead to a permanent local denial of service. This issue allows an attacker to cause the system to become unavailable...

PT-2026-45590

In multiple functions of ubsan throwing runtime.cpp, there is a possible way to cause a crash due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

PT-2026-45575

In multiple functions of ubsan throwing runtime.cpp, there is a possible way to cause a crash due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

PT-2026-45589

Name of the Vulnerable Software and Affected Versions ubsan throwing runtime.cpp affected versions not specified Description An integer overflow in multiple functions of ubsan throwing runtime.cpp can lead to a persistent local denial of service. This issue can be exploited without requiring...

ASB-A-470966318

In multiple functions of ubsanthrowingruntime.cpp, there is a possible persistent denial of service due to an integer overflow. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

SkillGuard: A Permission Framework for Agent Skills

Agent skills extend LLM agents with reusable instructions, scripts, tool bindings, and contextual dependencies. However, current skill ecosystems largely rely on trust-based loading and static inspection, leaving a gap between what a skill can inject into an agent's context and what it can cause...

PT-2026-45375

Name of the Vulnerable Software and Affected Versions Apache Airflow versions prior to 3.2.2 Description The Log server authorizes JWT tokens against Dag IDs by applying the str.lstrip function to the requested path segment when verifying the sub claim. Because str.lstrip removes any character fr...

PT-2026-45574

In multiple functions of ubsan throwing runtime.cpp, there is a possible way to cause a system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

ASB-A-461790658

In multiple functions of ubsanthrowingruntime.cpp, there is a possible way to cause a system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

ASB-A-470967228

In multiple functions of ubsanthrowingruntime.cpp, there is a possible way to cause a permanent denial of service due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

ASB-A-467994310

In multiple functions of ubsanthrowingruntime.cpp, there is a possible UBSan failure due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

Malicious Package

Overview @cloudplatform-single-spa/ml-inference is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization...

CVE-2026-10044

Usagi-org ai-goofish-monitor contains an unauthenticated arbitrary file read vulnerability in the GET /api/prompts/filename endpoint on Windows deployments that allows unauthenticated remote attackers to read arbitrary files by supplying absolute Windows paths or backslash-based traversal...

CVE-2026-46527

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, When the server has called Server::settrustedproxies with a non-empty trusted-proxy list, an attacker can send an HTTP request that includes an X-Forwarded-For header whose value parses to no valid ...

CVE-2026-46527 cpp-httplib: Malicious `X-Forwarded-For` Under Trusted-Proxy Configuration Triggers Empty `vector::front()`, Leading to Undefined Behavior and Server Crash

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, When the server has called Server::settrustedproxies with a non-empty trusted-proxy list, an attacker can send an HTTP request that includes an X-Forwarded-For header whose value parses to no valid ...

CVE-2026-46527

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, When the server has called Server::settrustedproxies with a non-empty trusted-proxy list, an attacker can send an HTTP request that includes an X-Forwarded-For header whose value parses to no valid ...

EUVD-2026-33074

In OpenStack Neutron before 28.0.1, the tagging controller enforces plural policy action names on single-tag write operations while the defined policy rules use singular names. The mismatched names evaluate as allowed under the default policy, permitting a project reader to create and update tags...