[webapps] LangChain Core 1.2.4 - SSTI/RCE
LangChain Core 1.2.
Vulnerability Disclosure
20 articles
Cisco Identity Services Engine Remote Code Execution and Path Traversal Vulnerabilities
Multiple vulnerabilities in Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote atta...
NSA GRASSMARLIN
View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to disclose sensitive information. The following versions of NSA GRAS...
ZDI-26-305: (0Day) OpenAI Codex Sandbox Escape Vulnerability
This vulnerability allows remote attackers to bypass the sandbox on affected installations of OpenAI Codex. User interaction is required to exploit this vuln...
As the NVD scales back CVE enrichment, here’s what Tenable customers need to know
NIST’s shift toward selective CVE enrichment creates significant visibility gaps for teams relying solely on the National Vulnerability Database. As AI accel...
Metasploit Wrap-Up 04/25/2026
Check Method Visibility Metasploit has supported check methods for many years now. It’s not always desirable to jump straight into exploiting a vulnerability...
Cisco ACI Multi-Site CloudSec Encryption Information Disclosure Vulnerability
A vulnerability in the Cisco ACI Multi-Site CloudSec encryption feature of Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an unauthenticated...
PhantomRPC: A new privilege escalation technique in Windows RPC
Kaspersky researcher discovered a vulnerability in RPC architecture that enables an attacker to create a fake RPC server and escalate their privileges.
Wordfence Intelligence Weekly WordPress Vulnerability Report (April 13, 2026 to April 19, 2026)
Last week, there were disclosed in and that have been added to the Wordfence Intelligence Vulnerability Database, and there were that contributed to WordPres...
AI is Changing Vulnerability Discovery and your Software Supply Chain Strategy has to Change with it
Wade Woolwine is Senior Director, Product Security at Rapid7. The headlines around Glasswing have focused on how quickly AI can surface vulnerabilities, whic...
Cisco Integrated Management Controller Cross-Site Scripting Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow a remote attacker to conduct a cro...
Cisco Integrated Management Controller Command Injection and Remote Code Execution Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker ...
AI Hype vs. Reality: Is AI Really Rewriting the Vulnerability Equation?
AI vulnerability research and discovery capabilities are improving, but they have not changed the fundamentals of vulnerability management.
[local] Throttlestop Kernel Driver - Kernel Out-of-Bounds Write Privilege Escalation
Throttlestop Kernel Driver - Kernel Out-of-Bounds Write Privilege Escalation
ZDI-26-295: (0Day) PublicCMS getXml Server-Side Request Forgery Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of PublicCMS. Authentication is not required to exploi...
ZDI-26-294: (0Day) Microsoft Windows library-ms NTLM Response Information Disclosure Vulnerability
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Microsoft Windows. User interaction is re...
ZDI-26-293: (0Day) Microsoft Office URI Handler NTLM Response Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose NTLM responses on affected installations of Microsoft Office. User interaction is required to exploit ...
Project Glasswing and the Next Challenge for Defenders: Turning Faster Discovery into Faster Action
Anthropic’s Project Glasswing has sparked plenty of discussion about what AI might soon do for vulnerability discovery, but the more useful question for most...
Metasploit Wrap-Up 04/17/2026
Happy Friday - Seven New Metasploit Modules We’re happy to announce that Metasploit Framework had a big week, landing seven new modules alongside various bug...
Commercial AI Models Show Rapid Gains in Vulnerability Research
AI models are making rapid gains in vulnerability research and exploit development, raising new cybersecurity risks, a Forescout study finds