Cybernews

Vincent AI phishing vulnerability found, 200K+ law firms at risk of credential and data theft

VLex's Vincent AI assistant, used by thousands of law firms worldwide, is vulnerable to AI phishing attacks that can steal ...
The Hacker News

Critical n8n Flaw (CVSS 9.9) Enables Arbitrary Code Execution Across Thousands of Instances

Critical n8n flaw CVE-2025-68613 (CVSS 9.9) lets authenticated users run arbitrary code; versions 0.211.0–1.120.4 affected, ...

Apache Commons Text: Code injection vulnerability in older versions

Apache Commons Text is used for processing character strings in Java apps. A critical vulnerability allows the injection of ...
CSOonline

Open source vulnerability scanner found with a serious vulnerability in its own code

The flaw could allow attackers to bypass Nuclei’s template signature verification process to inject malicious codes into host systems. A widely popular open-source tool, Nuclei, used for scanning ...

HPE OneView: Critical vulnerability allows code smuggling from the network

In HPE's OneView, malicious actors can inject malicious code from the network without authentication. An update is available.