The DuneSlide vulnerabilities enable zero-click prompt injection attacks that escape Cursor's sandbox and execute arbitrary code on the underlying operating system.
Researchers have discovered two vulnerabilities in the widely used Cursor AI-enabled integrated development environment (IDE) ...
A critical vulnerability in the FFmpeg media processing framework allows attackers to execute arbitrary code via malicious ...
F5 issued an emergency out-of-band security advisory on June 17, 2026, covering two critical vulnerabilities in NGINX — the web server and reverse proxy software running on approximately 38% of all ...
Cybersecurity researchers have disclosed details of three now-patched security flaws impacting LangGraph, including a critical vulnerability chain that could result in remote code execution. LangGraph ...
A new Microsoft Defender zero-day called RoguePlanet reportedly grants SYSTEM privileges on fully patched Windows 10 and Windows 11 devices.
Gogs has patched a critical security zero-day flaw that can allow attackers to compromise Internet-facing instances and access any repositories (including private ones). This argument injection ...
A flaw in Hugging Face Transformers could allow malicious AI models to execute code, exposing credentials and highlighting AI supply chain risks.
CTP allows devices connected via Bluetooth or USB to send commands to the speaker, such as changing LED colors and equalizer settings. CTP also allows the connected devices to receive responses from ...
An unpatched zero-day vulnerability in the Gogs self-hosted Git service can allow attackers to gain remote code execution (RCE) on Internet-facing instances. Designed as an alternative to GitHub ...
The ChromaToast vulnerability can be exploited by forcing the ChromaDB API server to fetch and load maliciously crafted AI models before authentication is checked. Researchers have published details ...