SecurityWeek

Hackers Exploit Langflow Vulnerability for Remote Code Execution

Hackers are exploiting CVE-2026-5027, a high-severity path traversal issue in Langflow, for remote code execution.
SecurityWeek

OpenSSL Patches High-Severity Vulnerability Found With AI

The latest OpenSSL releases patch 18 vulnerabilities, including a high-severity issue that could allow remote code execution.
The Hacker News

Ivanti, Fortinet, and SAP Release Patches for Multiple Critical Vulnerabilities

Fortinet, Ivanti, and SAP patched critical flaws up to CVSS 10.0, reducing RCE, admin takeover, and data exposure risks.

Malicious Hugging Face Models Could Trigger Remote Code Execution

A flaw in Hugging Face Transformers could allow malicious AI models to execute code, exposing credentials and highlighting AI ...
The Hacker News

Critical Splunk Enterprise Flaw Lets Attackers Run Code Without Authentication

Splunk issued security updates for a critical CVSS 9.8 vulnerability in Splunk Enterprise that allows unauthenticated remote ...
Morning Overview on MSN

A one-click flaw just surfaced in self-hosted Flowise servers — letting attackers run ...

It takes one file. A single chatflow import, the kind Flowise users share routinely, can give an attacker full command ...
Morning Overview on MSN

Hackers are exploiting a maximum-severity bug in a WordPress form plugin on thousands of ...

Thousands of WordPress sites running the Kali Forms plugin are exposed to attackers who can execute arbitrary code on web ...
SDxCentral

VU#148244: PandasAI interactive prompt function can be exploited to run arbitrary Python ...

PandasAI, an open source project by SinaptikAI, has been found vulnerable to Prompt Injection attacks. An attacker with access to the chat prompt can craft malicious input that is interpreted as code, ...