The Open Web Application Security Project (OWASP) has unveiled its eighth edition of the Top 10, a cornerstone guide for developers, security pros, and organizations tackling web application risks.
This 2025 update reflects evolving threats in a landscape dominated by complex supply chains, cloud-native...
Developers rely on lightweight libraries to handle complex tasks like evaluating mathematical expressions within user inputs.
A newly disclosed vulnerability in the popular npm package expr-eval, however, could turn these tools into gateways for remote code execution, putting AI-driven applications at serious risk.
The expr-eval...
A high-severity remote code execution (RCE) vulnerability has been disclosed in the LangGraph checkpointing library.
Published by Eugene Yurtsev, a key contributor at LangChain AI, the advisory (GHSA-wwqv-p2pp-99h55) highlights a flaw in the JsonPlusSerializer that could allow attackers to execute arbitrary Python code.
Affecting...
Elastic Security has issued a critical update addressing a high-severity vulnerability in its Elastic Defend endpoint protection software for Windows, which could enable attackers to delete arbitrary system files and potentially escalate privileges to the highest level.
Tracked as CVE-2025-37735 under Elastic Security Advisory...
Three critical vulnerabilities in runc the default runtime for Docker and Kubernetes have been disclosed, potentially allowing attackers to escape container boundaries and compromise host systems.
Disclosed on November 5, 2025, by SUSE researcher Aleksa Sarai, these flaws (CVE-2025-31133, CVE-2025-52565, and CVE-2025-52881) exploit race...
Security researchers have uncovered a critical remote code execution (RCE) flaw in Monsta FTP, a popular web-based file transfer client, now actively exploited in the wild.
Tracked as CVE-2025-34299, this unauthenticated vulnerability allows attackers to upload malicious files and execute arbitrary code on affected...