SecurityWeek

Hackers Exploit Langflow Vulnerability for Remote Code Execution

Hackers are exploiting CVE-2026-5027, a high-severity path traversal issue in Langflow, for remote code execution.
SecurityWeek

OpenSSL Patches High-Severity Vulnerability Found With AI

The latest OpenSSL releases patch 18 vulnerabilities, including a high-severity issue that could allow remote code execution.
The Hacker News

Ivanti, Fortinet, and SAP Release Patches for Multiple Critical Vulnerabilities

Fortinet, Ivanti, and SAP patched critical flaws up to CVSS 10.0, reducing RCE, admin takeover, and data exposure risks.
The Hacker News

Critical Splunk Enterprise Flaw Lets Attackers Run Code Without Authentication

Splunk issued security updates for a critical CVSS 9.8 vulnerability in Splunk Enterprise that allows unauthenticated remote ...
Morning Overview on MSN

A one-click flaw just surfaced in self-hosted Flowise servers — letting attackers run arbitrary code by tricking a user into importing a single malicious chatflow

It takes one file. A single chatflow import, the kind Flowise users share routinely, can give an attacker full command ...
Security Boulevard

Microsoft’s Security Update in June of High-Risk Vulnerability Notice for Multiple Products

Overview On June 9, NSFOCUS CERT detected that Microsoft released a security update patch for June, fixing 206 security issues involving widely used products such as Windows, Microsoft Office, ...

Malicious Hugging Face Models Could Trigger Remote Code Execution

A flaw in Hugging Face Transformers could allow malicious AI models to execute code, exposing credentials and highlighting AI ...
SDxCentral

VU#148244: PandasAI interactive prompt function can be exploited to run arbitrary Python code through prompt injection, which can lead to remote code execution (RCE)

PandasAI, an open source project by SinaptikAI, has been found vulnerable to Prompt Injection attacks. An attacker with access to the chat prompt can craft malicious input that is interpreted as code, ...