Critical Gogs RCE Vulnerability Allows Arbitrary Code Execution

A serious vulnerability in Gogs, an open-source Git service, enables authenticated users to execute arbitrary code, raising significant security concerns.

A serious vulnerability in Gogs, an open-source Git service, enables authenticated users to execute arbitrary code, raising significant security concerns.

A critical vulnerability in the Funnel Builder plugin for WordPress is being actively exploited, allowing attackers to inject malicious JavaScript into WooCommerce checkout pages to steal payment data.

A significant security flaw in the Ollama framework could allow attackers to leak sensitive process memory from over 300,000 servers worldwide.

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding a vulnerability in GrassMarlin, an NSA-developed tool, which could allow attackers to access sensitive information.

A severe security flaw in SGLang, identified as CVE-2026-5760, poses significant risks of remote code execution through malicious model files.

A design flaw in Anthropic's Model Context Protocol (MCP) has been identified, potentially exposing 200,000 servers to significant security risks, according to researchers from Ox.

A recent exploit targeting Chrome's V8 engine was created using Anthropic's Opus AI model, highlighting potential risks for users of affected applications.

A serious security flaw in nginx-ui, an open-source management tool for Nginx, has been disclosed and is currently being exploited. This vulnerability allows attackers to take control of Nginx servers without authentication.

OpenAI has patched significant vulnerabilities in ChatGPT and Codex that could lead to data exfiltration and GitHub token compromise, according to recent reports.

The U.S. Cybersecurity and Infrastructure Security Agency has added a critical vulnerability affecting F5 BIG-IP APM to its Known Exploited Vulnerabilities catalog, following evidence of active exploitation.