Hackaday

Arbitrary Code Execution Over Radio

Computers connected to networks are constantly threatened by attackers who seek to exploit vulnerabilities wherever they can find them. This risk is particularly high for machines connected to the ...
SecurityWeek

‘PackageGate’ Flaws Open JavaScript Ecosystem to Supply Chain Attacks

Vulnerabilities in the NPM, PNPM, VLT, and Bun package managers could lead to protection bypasses and arbitrary code ...
Hackaday

Bluetooth Vulnerability: Arbitrary Code Execution On The ESP32, Among Others

Bluetooth has become widely popular since its introduction in 1999. However, it’s also had its fair share of security problems over the years. Just recently, a research group from the Singapore ...
Threat Post

Lexmark Printers Open to Arbitrary Code-Execution Zero-Day

“No remedy available as of June 21, 2021,” according to the researcher who discovered the easy-to-exploit, no-user-action-required bug. Lexmark printers – those ubiquitous, inky office workhorses that ...
Computerworld

LibreOffice 3.5.5 addresses multiple arbitrary code execution vulnerabilities

Version 3.5.5 of the LibreOffice free personal productivity suite contains fixes for multiple security vulnerabilities that could be exploited to execute arbitrary code with the privileges of the ...
SecurityWeek

Anthropic MCP Server Flaws Lead to Code Execution, Data Exposure

Vulnerabilities in Anthropic MCP server could be exploited via prompt injections to execute arbitrary code and read/delete arbitrary files.
Threat Post

Critical Magento Flaws Allow Code Execution

Adobe has released patches for critical and important-severity flaws in its popular Magento e-commerce platform. Critical flaws in Adobe’s Magento e-commerce platform – which is commonly targeted by ...
The Hacker News

CERT/CC Warns binary-parser Bug Allows Node.js Privilege-Level Code Execution

A flaw in the binary-parser npm package before version 2.3.0 lets attackers execute arbitrary JavaScript via unsanitized parser input.
9to5Mac

Apple says iOS 14.5.1 and macOS 11.3.1 patch WebKit flaws that may have been actively exploited

Apple released updates for iPhone, iPad, Mac, and Apple Watch today with multiple security updates. The patched flaws involved malicious web content that could lead to arbitrary code execution – and ...
ZDNet

Adobe tackles critical code execution vulnerabilities in Acrobat, Reader

On Tuesday, the company issued its standard monthly round of fixes, the majority of which relate to the popular PDF viewing and editing software. In total, 26 vulnerabilities have been resolved, 11 of ...
SDxCentral

VU#148244: PandasAI interactive prompt function can be exploited to run arbitrary Python code through prompt injection, which can lead to remote code execution (RCE)

PandasAI, an open source project by SinaptikAI, has been found vulnerable to Prompt Injection attacks. An attacker with access to the chat prompt can craft malicious input that is interpreted as code, ...
The Hacker News

Fortinet Fixes Critical FortiSIEM Flaw Allowing Unauthenticated Remote Code Execution

Fortinet patches a critical FortiSIEM vulnerability (CVE-2025-64155) that allows unauthenticated remote code execution via ...