This WebUI vulnerability allows remote code execution - here's how to stay safe

Open WebUI, an open-source, self-hosted web interface for interacting with local or remote AI language models, carried a high ...
The Hacker News

New n8n Vulnerability (9.9 CVSS) Lets Authenticated Users Execute System Commands

Critical n8n flaw CVE-2025-68668 allows authenticated users to run system commands via workflows; affects versions 1.0.0 to ...
Dark Reading

Critical 'MongoBleed' Bug Under Attack, Patch Now

The memory leak security vulnerability allows unauthenticated attackers to extract passwords and tokens from MongoDB servers.
The Hacker News

CSA Issues Alert on Critical SmarterMail Bug Allowing Remote Code Execution

Singapore’s CSA warns of a CVSS 10.0 SmarterMail vulnerability allowing unauthenticated remote code execution via file upload ...
Communications of the ACM

Exposing Common Vulnerabilities

Common vulnerabilities and exposures (CVEs) include all types of subversive entry-points discovered in programs, along with a ...

Are Copilot prompt injection flaws vulnerabilities or AI limits?

Microsoft has pushed back against claims that multiple prompt injection and sandbox-related issues raised by a security ...
CSO Online

React2Shell: Anatomy of a max-severity flaw that sent shockwaves through the web

The explosive, easy-to-trigger vulnerability was exploited within hours of disclosure, exposing the risks of default ...
SecurityWeek

Critical Dolby Vulnerability Patched in Android

The flaw is tracked as CVE-2025-54957 and its existence came to light in October 2025 after it was discovered by Google ...
eWeek

LangChain AI Vulnerability Exposes Millions of Apps

A critical LangChain AI vulnerability exposes millions of apps to theft and code injection, prompting urgent patching and ...

Patchday: Dolby Digital security vulnerability in Android closed

Anyone who owns an Android device that is still supported should ensure that the current patch level 2026-01-05 is installed.
SecurityWeek

RondoDox Botnet Exploiting React2Shell Vulnerability

December 2025, the RondoDox botnet operators have been targeting Next.js servers impacted by the React2Shell vulnerability.

IBM warns of critical API Connect auth bypass vulnerability

IBM urged customers to patch a critical authentication bypass vulnerability in its API Connect enterprise platform that could ...