All news

CVE

(5 articles)
Flowise RCE CVE: 12,000+ Instances Under Attack

April 7, 2026

Flowise RCE CVE: 12,000+ Instances Under Attack

A CVSS 10.0 RCE flaw in Flowise AI Agent Builder is being actively exploited. Over 12,000 exposed instances face full remote takeover. Here's what you need to know.

Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials

April 2, 2026

Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials

Attackers exploited CVE-2025-55182 to compromise 766 Next.js hosts and harvest credentials. Here's what happened and how to protect your app.

CISA: New Langflow Flaw Actively Exploited to Hijack AI Workflows

March 26, 2026

CISA: New Langflow Flaw Actively Exploited to Hijack AI Workflows

CVE-2026-33017 in Langflow is being actively exploited for RCE - attackers went from advisory to full exploitation in under 24 hours. Here's what you need to know.

Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager

March 21, 2026

Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager

Oracle patches CVE-2026-21992, a critical unauthenticated RCE flaw in Identity Manager. Here's what happened and how to protect your stack now.

CISA Flags Apple, Craft CMS, Laravel Bugs in KEV, Orders Patching by April 3, 2026

March 21, 2026

CISA Flags Apple, Craft CMS, Laravel Bugs in KEV, Orders Patching by April 3, 2026

CISA added Apple, Craft CMS, and Laravel vulnerabilities to its KEV catalog, mandating federal agencies patch by April 3, 2026.