Collector
Giriş Yap
Unpatched Langflow Flaw CVE-2026-5027 Exploited for Unauthenticated RCE | Collector
Unpatched Langflow Flaw CVE-2026-5027 Exploited for Unauthenticated RCE
The Hacker News

Unpatched Langflow Flaw CVE-2026-5027 Exploited for Unauthenticated RCE

A high-severity unpatched security flaw in Langflow, an open-source low-code platform to build artificial intelligence (AI) applications, has come under active exploitation in the wild, according to findings from VulnCheck. The vulnerability in question is CVE-2026-5027 (CVSS score: 8.8), a case of path traversal that could allow an attacker to write files to arbitrary locations. "The 'POST /

Go to News Site
Google Play Google Play App Store App Store
New AI Research Offers Warning as US Embraces Its
Bloomberg Tech
New AI Research Offers Warning as US Embraces Its Use in Warfare
 Pixel stuck in a bootloop after installing a recen
Android Authority
Pixel stuck in a bootloop after installing a recent update? Google finally has a fix
 Xbox is considering new business models for its ne
Android Headlines
Xbox is considering new business models for its next console
 Stop buying 8GB laptops for your sanity: The best
TechRadar
Stop buying 8GB laptops for your sanity: The best $500 picks with 16GB RAM
 Signal President Threatens to Pull Messaging App O
Bloomberg Tech
Signal President Threatens to Pull Messaging App Out of UK
 iOS 27 just broke 15 years of muscle memory on iPh
9to5Mac
iOS 27 just broke 15 years of muscle memory on iPhone and iPad
The Hacker News
China-Linked JDY Botnet Expands to 1,500+ Devices for Cyber
The Hacker News
China-Linked JDY Botnet Expands to 1,500+ Devices for Cyber Reconnaissance
 Ivanti, Fortinet, and SAP Release Patches for Multiple Criti
The Hacker News
Ivanti, Fortinet, and SAP Release Patches for Multiple Critical Vulnerabilities
 CISA Adds Cisco, Chrome, and Arista Flaws to KEV Catalog Ami
The Hacker News
CISA Adds Cisco, Chrome, and Arista Flaws to KEV Catalog Amid Active Exploitation
 Your Automated Pentest Looks Clean. See What It Missed in Th
The Hacker News
Your Automated Pentest Looks Clean. See What It Missed in This Expert Webinar
 Microsoft Patches Record 206 Flaws, Including Three Zero-Day
The Hacker News
Microsoft Patches Record 206 Flaws, Including Three Zero-Days and Critical RCE Bugs
 Anthropic Releases Claude Fable 5, Its Most Powerful AI Yet,
The Hacker News
Anthropic Releases Claude Fable 5, Its Most Powerful AI Yet, With Cyber Safeguards
 ServiceNow Flaw Exploited to Gain Unauthorized Access to Cus
The Hacker News
ServiceNow Flaw Exploited to Gain Unauthorized Access to Customer Instances
 Microsoft Defender RoguePlanet Zero-Day Grants SYSTEM Access
The Hacker News
Microsoft Defender RoguePlanet Zero-Day Grants SYSTEM Access on Updated Windows
 Six Proto6 Vulnerabilities in protobuf.js Expose Node.js App
The Hacker News
Six Proto6 Vulnerabilities in protobuf.js Expose Node.js Apps to RCE and DoS
 Meta to Use Off-Site Business Data for Feed and AI Personali
The Hacker News
Meta to Use Off-Site Business Data for Feed and AI Personalization
 Veeam Backup & Replication RCE Flaw Lets Domain Users Run Re
The Hacker News
Veeam Backup & Replication RCE Flaw Lets Domain Users Run Remote Code
 Microsoft Restores Some GitHub Repos, Keeps Others Offline a
The Hacker News
Microsoft Restores Some GitHub Repos, Keeps Others Offline as Miasma Probe Continues
 WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Ste
The Hacker News
WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Stealers in Ukraine
 Researchers Build Self-Replicating AI Worm That Operates Ent
The Hacker News
Researchers Build Self-Replicating AI Worm That Operates Entirely on Local, Open-Weight Models
 Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild - Pa
The Hacker News
Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild - Patch Now
 The Hidden Security Risk in Modern Networks: The Work Betwee
The Hacker News
The Hidden Security Risk in Modern Networks: The Work Between Tools
 New FROST Attack Lets Websites Track What Sites and Apps You
The Hacker News
New FROST Attack Lets Websites Track What Sites and Apps You Open via SSD Timing
 Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Cred
The Hacker News
Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer
 LiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to
The Hacker News
LiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to Unauthenticated RCE
 One-Character Linux Kernel Flaw Enables Local Root Access, E
The Hacker News
One-Character Linux Kernel Flaw Enables Local Root Access, Exploits Now Public
 Meta Blocks NSO Group's New WhatsApp Phishing Attack, Files
The Hacker News
Meta Blocks NSO Group's New WhatsApp Phishing Attack, Files Contempt Order
 Critical Check Point VPN Flaw Exploited to Bypass Passwords
The Hacker News
Critical Check Point VPN Flaw Exploited to Bypass Passwords in IKEv1 Setups
 ⚡ Weekly Recap: Instagram Account Hacks, Android Zero-Day, G
The Hacker News
⚡ Weekly Recap: Instagram Account Hacks, Android Zero-Day, GitHub Worm and More
 AI Phishing Is Crushing SOCs with Alert Volume: How to Reduc
The Hacker News
AI Phishing Is Crushing SOCs with Alert Volume: How to Reduce Tier 1 Overload
 The Hardest Fork
The Hacker News
The Hardest Fork
 VerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux App
The Hacker News
VerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux Appliances
 UNC3753 Used Vishing and Physical Intrusions in U.S. Data Th
The Hacker News
UNC3753 Used Vishing and Physical Intrusions in U.S. Data Theft Extortion Campaign
 VS Code Adds 2-Hour Extension Auto-Update Delay to Limit Sup
The Hacker News
VS Code Adds 2-Hour Extension Auto-Update Delay to Limit Supply Chain Attacks
 New ChatGPT Lockdown Mode Limits Tools That Could Enable Dat
The Hacker News
New ChatGPT Lockdown Mode Limits Tools That Could Enable Data Exfiltration
 Free Apps Are Quietly Turning Smart TVs Into Web-Scraping Pr
The Hacker News
Free Apps Are Quietly Turning Smart TVs Into Web-Scraping Proxies for AI
 CISA Adds Actively Exploited SolarWinds Serv-U DoS Flaw to K
The Hacker News
CISA Adds Actively Exploited SolarWinds Serv-U DoS Flaw to KEV Catalog
 AI Agent Uncovers 21 Zero-Days in FFmpeg; Chrome Patches Rec
The Hacker News
AI Agent Uncovers 21 Zero-Days in FFmpeg; Chrome Patches Record 429 Bugs
 Miasma Worm Hits 73 Microsoft GitHub Repositories in Major S
The Hacker News
Miasma Worm Hits 73 Microsoft GitHub Repositories in Major Supply Chain Attack
 Cisco Catalyst SD-WAN Manager CVE-2026-20245 Flaw Actively E
The Hacker News
Cisco Catalyst SD-WAN Manager CVE-2026-20245 Flaw Actively Exploited – No Patch Available
 IronWorm and New Miasma Worm Variant Hit npm in Supply Chain
The Hacker News
IronWorm and New Miasma Worm Variant Hit npm in Supply Chain Attacks
 Android Spyware Asin Targets Arabic Users via Fake News, PDF
The Hacker News
Android Spyware Asin Targets Arabic Users via Fake News, PDF and War Map Apps
 New Threat Cluster OP-512 Targets Microsoft IIS Servers with
The Hacker News
New Threat Cluster OP-512 Targets Microsoft IIS Servers with Custom Web Shell Framework
 Only 10% of SOCs Say They’re Getting Excellent Value From AI
The Hacker News
Only 10% of SOCs Say They’re Getting Excellent Value From AI. Here’s What the Second Wave Has to Deliver
 Hackers Exploit Critical Everest Forms Pro WordPress Plugin
The Hacker News
Hackers Exploit Critical Everest Forms Pro WordPress Plugin Flaw to Take Over Sites
 FIFA World Cup 2026 Scams Are Already Live: Fake Sites, Bank
The Hacker News
FIFA World Cup 2026 Scams Are Already Live: Fake Sites, Banking Malware, and Stolen Logins