SecurityWeek

First-Ever Exploitation of PTC Windchill Vulnerability Discovered in the Wild

Hackers exploited a vulnerability in PTC Windchill in the wild, marking the first confirmed real-world abuse of the PLM ...
SecurityWeek

GitLab Patches Code Execution, Information Disclosure Vulnerabilities

GitLab CE/EE security updates resolve 13 vulnerabilities, including high-severity code execution and information disclosure ...
Hosted on MSN

A one-click flaw just surfaced in self-hosted Flowise servers — letting attackers run arbitrary code by tricking a user into importing a single malicious chatflow

It takes one file. A single chatflow import, the kind Flowise users share routinely, can give an attacker full command execution on the server running the application. The vulnerability, tracked as ...

Microsoft fixes AutoGen Studio flaw that enabled code execution

A vulnerability chain dubbed AutoJack in Microsoft's AutoGen Studio interface for prototyping AI agents could let attackers ...

Microsoft warns AI agents are being 'AutoJack'-ed to deliver RCE payloads

Three minor vulnerabilities chained together can cause a lot of trouble but Microsoft fixed it on time.
SDxCentral

VU#148244: PandasAI interactive prompt function can be exploited to run arbitrary Python code through prompt injection, which can lead to remote code execution (RCE)

PandasAI, an open source project by SinaptikAI, has been found vulnerable to Prompt Injection attacks. An attacker with access to the chat prompt can craft malicious input that is interpreted as code, ...
CSO Online

Langflow RCE under active attack months after a patch was shipped

Actively exploited CVE-2026-5027 lets attackers write files to arbitrary locations on vulnerable Langflow servers, creating a path to remote code execution and full system compromise.
SDxCentral

VU#529659: Howyar Reloader UEFI bootloader vulnerable to unsigned software execution

The Howyar UEFI Application “Reloader” (32-bit and 64-bit), distributed as part of SysReturn prior to version 10.2.02320240919, is vulnerable to the execution of arbitrary software from a hard-coded ...