Threat actors have begun exploiting a high-severity vulnerability in the popular low-code AI development platform Langflow, according to VulnCheck. Tracked as CVE-2026-5027 (CVSS score of 8.8), the ...
Researchers at Cyera found six vulnerabilities in protobuf.js, including a flaw that can turn attacker-controlled schema data into executable code and expose downstream software supply chains. A ...
Two flaws in the widely used open-source editor can be triggered through manipulated configuration files, prompting security updates from the project's maintainers. Two arbitrary code execution ...
A Claude Code plugin that delegates reviews and coding tasks to the Pi coding agent. 1:1 fork of codex-plugin-cc, runtime swapped from Codex to Pi. The hard ...
A critical vulnerability affecting certain configurations of the Exim open-source mail transfer agent could be exploited by an unauthenticated remote attacker to execute arbitrary code. Identified as ...
Pokemon GOis hosting an Anniversary All Out event to celebrate the Pokemon franchise's 30th anniversary, with a Kalos Tour event also occurring this weekend. Details were revealed during the Pokemon ...
A dozen critical security vulnerabilities have been disclosed in the vm2 Node.js library that could be exploited by bad actors to break out of the sandbox and execute arbitrary code on susceptible ...
Developers using the latest versions of AI coding tools like Claude Code, Cursor CLI, Gemini CLI, and CoPilot CLI could inadvertently execute malicious code on their systems with a single keypress, or ...
Thirteen critical vulnerabilities have been found in the vm2 JavaScript sandbox package that could allow an attacker’s code to escape the container and do nasty things to IT environments. As a result, ...