The Hacker News

Critical vm2 Node.js Flaw Allows Sandbox Escape and Arbitrary Code Execution

A critical vm2 Node.js vulnerability (CVE-2026-22709, CVSS 9.8) allows sandbox escape via Promise handler bypass.
SecurityWeek

‘PackageGate’ Flaws Open JavaScript Ecosystem to Supply Chain Attacks

Vulnerabilities in the NPM, PNPM, VLT, and Bun package managers could lead to protection bypasses and arbitrary code ...
Hackaday

Arbitrary Code Execution Over Radio

Computers connected to networks are constantly threatened by attackers who seek to exploit vulnerabilities wherever they can find them. This risk is particularly high for machines connected to the ...

New sandbox escape flaw exposes n8n instances to RCE attacks

Two vulnerabilities in the n8n workflow automation platform could allow attackers to fully compromise affected instances, ...
Infosecurity Magazine

Critical and High Severity n8n Sandbox Flaws Allow RCE

Two critical security flaws in n8n have exposed sandboxing vulnerabilities, enabling remote code execution for attackers ...
Hackaday

Bluetooth Vulnerability: Arbitrary Code Execution On The ESP32, Among Others

Bluetooth has become widely popular since its introduction in 1999. However, it’s also had its fair share of security problems over the years. Just recently, a research group from the Singapore ...
Threat Post

Lexmark Printers Open to Arbitrary Code-Execution Zero-Day

“No remedy available as of June 21, 2021,” according to the researcher who discovered the easy-to-exploit, no-user-action-required bug. Lexmark printers – those ubiquitous, inky office workhorses that ...
9to5Mac

Apple says iOS 14.5.1 and macOS 11.3.1 patch WebKit flaws that may have been actively exploited

Apple released updates for iPhone, iPad, Mac, and Apple Watch today with multiple security updates. The patched flaws involved malicious web content that could lead to arbitrary code execution – and ...
Threat Post

Critical Magento Flaws Allow Code Execution

Adobe has released patches for critical and important-severity flaws in its popular Magento e-commerce platform. Critical flaws in Adobe’s Magento e-commerce platform – which is commonly targeted by ...
Computerworld

LibreOffice 3.5.5 addresses multiple arbitrary code execution vulnerabilities

Version 3.5.5 of the LibreOffice free personal productivity suite contains fixes for multiple security vulnerabilities that could be exploited to execute arbitrary code with the privileges of the ...
SDxCentral

VU#148244: PandasAI interactive prompt function can be exploited to run arbitrary Python code through prompt injection, which can lead to remote code execution (RCE)

PandasAI, an open source project by SinaptikAI, has been found vulnerable to Prompt Injection attacks. An attacker with access to the chat prompt can craft malicious input that is interpreted as code, ...
ZDNet

Adobe tackles critical code execution vulnerabilities in Acrobat, Reader

On Tuesday, the company issued its standard monthly round of fixes, the majority of which relate to the popular PDF viewing and editing software. In total, 26 vulnerabilities have been resolved, 11 of ...