The Hacker News

vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution

CVE-2026-44009 (CVSS score: 9.8) - A vulnerability that allows sandbox escape via a null proto exception and permits an ...
来自MSN

Gemini CLI flaw posed critical supply chain attack risk

A critical vulnerability in the open source Gemini CLI tool could have enabled attackers to execute arbitrary commands and compromise the software supply chain, according to Pillar Security. The flaw ...
Morning Overview on MSN

GitHub’s critical flaw let anyone with push access execute code on servers holding ...

A single git push command. That is all it would have taken for someone with write access to a repository on GitHub Enterprise ...
Bleeping Computer

Cisco bugs allow creating admin accounts, executing commands as root

Cisco has fixed critical SD-WAN vManage and HyperFlex HX software security flaws that could enable remote attackers to execute commands as root or create rogue admin accounts. The company also issued ...
Dark Reading

Zimbra RCE Vuln Under Attack Needs Immediate Patching

Attackers are actively targeting a severe remote code execution vulnerability that Zimbra recently disclosed in its SMTP server, heightening the urgency for affected organizations to patch vulnerable ...
Dark Reading

Attackers Exploit Zero-Day in End-of-Life D-Link Routers

Attackers are actively exploiting a zero-day vulnerability in multiple discontinued D-Link DSL gateway devices to execute arbitrary shell commands on affected products. Most of the gateways under ...