SecurityWeek

CISA Warns of Attacks Exploiting Recent SharePoint Vulnerability

The SharePoint remote code execution vulnerability CVE-2026-20963, which Microsoft patched in January, has been exploited in ...
The Hacker News

Critical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of Disclosure

Langflow CVE-2026-33017 exploited in 20 hours after disclosure, enabling RCE via exec(), exposing systems before patching ...
Security Boulevard

CVE-2026-20963: SharePoint Deserialization Remote Code Execution Vulnerability

Microsoft SharePoint, a core platform for enterprise collaboration, is facing active exploitation through a newly confirmed ...
TechRepublic

arbitrary code execution

Apple urges users to update after patching CVE-2026-20700, a zero-day flaw exploited in sophisticated targeted attacks across multiple devices. Google released a Chrome security update fixing two high ...
SDxCentral

VU#148244: PandasAI interactive prompt function can be exploited to run arbitrary Python code through prompt injection, which can lead to remote code execution (RCE)

PandasAI, an open source project by SinaptikAI, has been found vulnerable to Prompt Injection attacks. An attacker with access to the chat prompt can craft malicious input that is interpreted as code, ...
Infosecurity Magazine

'CursorJack’ Attack Path Exposes Code Execution Risk in AI Development Environment

A method that could enable code execution through manipulated installation links in an AI development environment has been ...
CSOonline

A pickle in Meta’s LLM code could allow RCE attacks

AI frameworks, including Meta’s Llama, are prone to automatic Python deserialization by pickle that could lead to remote code execution. Meta’s large language model (LLM) framework, Llama, suffers a ...