N-able N-central, a popular remote monitoring and management (RMM) platform used by enterprises and managed service providers (MSPs), faces severe vulnerabilities that allow unauthenticated attackers to bypass authentication, write files, and disclose sensitive information via XML External Entity (XXE) injection.
These flaws, uncovered by...
Twonky Server version 8.5.2 contains two serious flaws that allow attackers to bypass authentication and steal admin credentials on Linux and Windows systems.
These issues, tracked as CVE-2025-13315 and CVE-2025-13316, allow remote attackers to extract encrypted admin passwords from logs and crack them using...
Ollama versions before 0.7.0 contain parsing flaws that allow attackers to execute arbitrary code by loading a crafted GGUF model through the API, and users should update immediately.
The issue stems from unsafe handling of untrusted metadata during model load, which enables an out-of-bounds...
A critical vulnerability in 7-Zip, tracked as CVE-2025-11001, has raised alarms in the cybersecurity community due to its potential for remote code execution through mishandled symbolic links in ZIP files.
This flaw affects all versions of the popular open-source file archiver before 25.00, allowing...
Earlier this year, cybersecurity researcher Aaron Costello uncovered a critical flaw in ServiceNow's Now Assist AI platform that enables hackers to perform second-order prompt-injection attacks.
These attacks exploit default settings, allowing malicious actors to trick AI agents into executing unauthorized actions, such as reading...
AI coding assistants like Cline Bot promise to boost developer productivity. However, recent research reveals serious security gaps that could turn these tools into attack vectors.
Security firm Mindgard uncovered four vulnerabilities in the open-source Cline extension during a short audit in August 2025,...