Open WebUI carried CVE-2025-64496, a high-severity code injection flaw in Direct Connection features Exploitation could enable account takeover and RCE via malicious model URLs and Functions API ...

A flaw in the binary-parser npm package before version 2.3.0 lets attackers execute arbitrary JavaScript via unsanitized ...

Business-grade email server software SmarterMail just patched a maximum-severity vulnerability that allowed threat actors to engage in remote code execution (RCE) attacks.

Anthropic’s official Git MCP server hit by chained flaws that enable file access and code execution - SiliconANGLE ...

Microsoft has released its August 2025 Patch package, a cumulative set of updates addressing more than 100 vulnerabilities across a host of its products. Microsoft’s SharePoint Server Remote Code ...

CISA warns that hackers are actively exploiting a high-severity flaw in Gogs that can lead to remote code execution; no patch ...

CISA’s Known Exploited Vulnerabilities (KEV) catalog includes four weaknesses found in the product in recent years, including ...

Overview On January 14, NSFOCUS CERT detected that Microsoft released the January Security Update patch, which fixed 112 security issues involving widely used products such as Windows, Microsoft ...

The popular tool for creating no-code workflows has four critical vulnerabilities, one with the highest score. Admins should ...

Apache has fixed a critical security vulnerability in its open-source OFBiz (Open For Business) software, which could allow attackers to execute arbitrary code on vulnerable Linux and Windows servers.