Gogs patches critical zero-day enabling remote code execution

Gogs has patched a critical security zero-day flaw that can allow attackers to compromise Internet-facing instances and ...
The Hacker News

Critical Splunk Enterprise Flaw Lets Attackers Run Code Without Authentication

Splunk issued security updates for a critical CVSS 9.8 vulnerability in Splunk Enterprise that allows unauthenticated remote ...
SecurityWeek

Hackers Exploit Langflow Vulnerability for Remote Code Execution

Hackers are exploiting CVE-2026-5027, a high-severity path traversal issue in Langflow, for remote code execution.
The Hacker News

LangGraph Flaw Chain Exposes Self-Hosted AI Agents to Remote Code Execution

Three patched LangGraph flaws could let attackers chain SQL injection and unsafe deserialization for RCE in self-hosted ...
SecurityWeek

F5 Patches Critical, High-Severity NGINX Vulnerabilities

F5 has patched multiple NGINX vulnerabilities, including critical flaws leading to unauthenticated, remote code execution.

Ivanti: Max severity Sentry flaw allows code execution as root

Ivanti has patched two critical vulnerabilities in its Sentry secure mobile gateway solution, including a maximum-severity ...

Malicious Hugging Face Models Could Trigger Remote Code Execution

A flaw in Hugging Face Transformers could allow malicious AI models to execute code, exposing credentials and highlighting AI ...