CVE-2026-3854 (CVSS 8.7) enabled GitHub RCE via git push, risking cross-tenant access to millions of repositories.

GitHub employees fixed a critical remote code execution vulnerability in less than six hours last month. Wiz Research used AI ...

In early March, GitHub patched a critical remote code execution vulnerability (CVE-2026-3854) that could have allowed ...

IT之家4 月 16 日消息，网络安全公司 OX Security 昨日（4 月 15 日）发布报告，披露 Anthropic 的 MCP（模型上下文协议）存在设计缺陷，可导致远程代码执行。 该设计缺陷影响范围极广，导致超过 20 万台 AI 服务器面临远程代码执行风险。 IT之家注：MCP 全称为 Model Context Protocol，是 Anthropic 公司于 2024 年 11 ...

Microsoft-owned open source code hosting platform GitHub has acknowledged and patched a critical vulnerability that allowed ...

The now‑patched flaw allowed authenticated users to execute arbitrary code via crafted git push requests, affecting ...

A critical remote code execution and supply chain vulnerability was recently discovered by researchers in Gemini CLI.

Proof-of-Concept (PoC) exploits for the Apache web server zero-day surfaced on the internet revealing that the vulnerability is far more critical than originally disclosed. These exploits show that ...

Flaws in OpenEMR's platform — used by more than 100,000 healthcare providers — enabled database compromise, remote code ...

CVE-2026-5760 (CVSS 9.8) exposes SGLang via /v1/rerank endpoint, enabling RCE through malicious GGUF models, risking server ...