An authenticated attacker (using the account created in step 1) can execute arbitrary OS commands as root via crafted HTTP requests. By combining these two vulnerabilities, an attacker can go from ...

The code injection flaws allow for unauthenticated remote code execution on Ivanti Endpoint Manager Mobile deployments, but also endanger connected Ivanti Sentry mobile traffic gateways. IT software ...

A JavaScript sandbox bug rated CVSS 9.9 enables attackers to bypass AST‑based protections, while a Python execution bypass affects internal‑mode deployments common in enterprise setups. Two critical ...

The two bugs impacted n8n’s sandbox mechanism and could be exploited via weaknesses in the AST sanitization logic. Two critical- and high-severity vulnerabilities in the n8n AI workflow automation ...

Two vulnerabilities in the n8n workflow automation platform could allow attackers to fully compromise affected instances, access sensitive data, and execute arbitrary code on the underlying host.

A critical sandbox escape vulnerability has been disclosed in the popular vm2 Node.js library that, if successfully exploited, could allow attackers to run arbitrary code on the underlying operating ...

Abstract: The current study presents a safe and scalable web-based codes execution system which is the first to combine containerized code isolation, locally hosted AI support, and reverse-proxied ...

A security vulnerability has been disclosed in the popular binary-parser npm library that, if successfully exploited, could result in the execution of arbitrary JavaScript. The vulnerability, tracked ...

New research from Cyata reveals that flaws in the servers connecting LLMs to local data via Anthropic’s MCP can be exploited to achieve remote code execution and unauthorized file access. All three ...

Abstract: Aiming at the low parcel sorting efficiency at terminal logistics sites, a lightweight recognition method for three-segment codes on express waybill is proposed. To quickly and accurately ...

Anthropic PBC’s official Git Model Context Protocol server has several security vulnerabilities that can lead to arbitrary file access and, in some scenarios, full remote code execution triggered ...