Actively exploited CVE-2026-5027 lets attackers write files to arbitrary locations on vulnerable Langflow servers, creating a path to remote code execution and full system compromise.

Data protection company Veeam Software has patched multiple flaws in its Backup & Replication solution, including four critical remote code execution (RCE) vulnerabilities. VBR is enterprise data ...

Veeam released security updates to patch multiple security flaws in its Backup & Replication software, including a critical remote code execution (RCE) vulnerability. Tracked as CVE-2025-59470, this ...

A misconfigured default in the MCP inspector tool allows attackers to execute arbitrary commands via CSRF and legacy browser flaws, posing serious risks to AI developers and enterprise systems. A ...

Microsoft earlier today released emergency patches for a remote code execution security vulnerability on all supported Windows Server versions. Remote Code execution (RCE) attacks are a fairly ...

Vulnerability research firm WatchTowr has detected seven vulnerabilities in Sitecore, a popular content management system (CMS) provider used by HSBC, United Airlines, P&G and L’Oréal. In its first ...

A Microsoft scripting engine vulnerability has been exploited as a zero-day in the wild, leading to unauthenticated attackers achieving remote code execution (RCE). Microsoft hasn’t released any ...

Just months after Microsoft added Markdown support to Notepad, researchers have found the feature can be abused to achieve remote code execution (RCE).… Tracked as CVE-2026-20841 (8.8), the ...