The Hacker News

LiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to Unauthenticated RCE

CISA added CVE-2026-42271, a high-severity LiteLLM command injection flaw, to its KEV catalog after evidence of active ...
SecurityWeek

Critical Command Execution Vulnerability Patched in Cisco ISE

Cisco has patched a critical-severity ISE and ISE-PIC vulnerability that could allow attackers to gain root access to the ...
Bleeping Computer

New macOS zero-day bug lets attackers run commands remotely

Security researchers disclosed today a new vulnerability in Apple's macOS Finder, which makes it possible for attackers to run commands on Macs running any macOS version up to the latest release, Big ...
Hosted on MSN

A one-click flaw just surfaced in self-hosted Flowise servers — letting attackers run arbitrary code by tricking a user into importing a single malicious chatflow

It takes one file. A single chatflow import, the kind Flowise users share routinely, can give an attacker full command execution on the server running the application. The vulnerability, tracked as ...

UpdraftPlus Vulnerability Exposes 3 Million WordPress Sites

Attackers can bypass WordPress authentication, run commands as an administrator, and then install malicious plugins on ...

Critical UniFi OS bug lets hackers gain root without authentication

Attackers can chain three already fixed vulnerabilities in the Ubiquiti UniFi OS server to execute remote code with root ...