CVE-2026-5752 CVSS 9.3 flaw in Terrarium enables root code execution via Pyodide prototype traversal, risking container ...

A design choice in the MCP SDKs allows remote code execution across the AI supply chain.

CVE-2026-5760 (CVSS 9.8) exposes SGLang via /v1/rerank endpoint, enabling RCE through malicious GGUF models, risking server ...

The CVSS‑9.3 vulnerability allows unauthenticated remote code execution on exposed Marimo servers and was exploited in the wild shortly after disclosure, Sysdig says.

The GIGABYTE Control Center is vulnerable to an arbitrary file-write flaw that could allow a remote, unauthenticated attacker to access files on vulnerable hosts. The hardware maker says that ...

Anthropic’s Model Context Protocol, a fast-growing standard used to connect AI models with external tools and data, has come ...

Tencent Cloud's Cube Sandbox goes fully open source with five technical breakthroughs, providing a production-grade ...

Unsafe defaults in MCP configurations open servers to possible remote code execution, according to security researchers who ...

The Ruby vulnerability is not easy to exploit, but allows an attacker to read sensitive data, start code, and install ...

Hackers are exploiting a maximum-severity vulnerability, tracked as CVE-2025-59528, in the open-source platform Flowise for building custom LLM apps and agentic systems to execute arbitrary code. The ...

An unpatched vulnerability in Anthropic's Model Context Protocol creates a channel for attackers, forcing banks to manage the ...

A design flaw – or expected behavior based on a bad design choice, depending on who is telling the story – baked into ...