Morning Overview on MSN

A one-click flaw just surfaced in self-hosted Flowise servers — letting attackers run arbitrary code by tricking a user into importing a single malicious chatflow

It takes one file. A single chatflow import, the kind Flowise users share routinely, can give an attacker full command ...
SecurityWeek

Adobe Patches 123 Vulnerabilities

Adobe’s latest Patch Tuesday updates fix 123 vulnerabilities across 11 of the software giant's products, including critical flaws.
SecurityWeek

Everest Forms Vulnerability Exploited to Hack WordPress Sites

Hackers have been exploiting a remote code execution vulnerability in the Everest Forms Pro plugin to take over WordPress ...
The Hacker News

Critical Gogs RCE Vulnerability Lets Any Authenticated User Execute Arbitrary Code

A critical security vulnerability has been disclosed in Gogs, a popular open-source self-hosted Git service, that allows an ...
Dark Reading

What You Need to Know About Arbitrary Code Execution Vulnerabilities

They're serious. Notices about arbitrary code execution (ACE) vulnerabilities appear just about every week in alerts from US-CERT — the United States Computer Emergency Readiness Team, a part of the ...
Threat Post

Firefox, Chrome Bugs Allow Arbitrary Code-Execution

Multiple critical memory safety bugs in Firefox 69 and Firefox ESR 68.1 in particular affect medium and large government entities and enterprises. Critical vulnerabilities have been discovered in the ...