Obsidian publishes PoC for a 1-click Flowise RCE that can fully compromise self-hosted servers
Tag: selfhosted
AI, Apps, Exploits, Global Security News, Risk Management
Flowise’s MCP implementation can run ghost commands
Enterprises using the lightweight, open-source Flowise platform to power self-hosted AI workloads have a new near-max severity issue to worry about. Researchers at Obsidian Security have detailed a one-click remote code execution (RCE) vulnerability affecting self-hosted Flowise deployments through its implementation of Model Context Protocol (MCP) stdio servers. The problem is essentially a sandboxing failure…
AI, Global Security News
Critical Gogs RCE Vulnerability Lets Any Authenticated User Execute Arbitrary Code
A critical security vulnerability has been disclosed in Gogs, a popular open-source self-hosted Git service, that allows an authenticated user to execute arbitrary code under certain conditions. The security flaw, per Rapid7, is rated 9.4 on the CVSS scoring system. It does not have a CVE identifier. “The vulnerability allows any authenticated user to achieve…
AI, Global Security News
New Gogs zero-day flaw lets hackers get remote code execution
An unpatched zero-day vulnerability in the Gogs self-hosted Git service can allow attackers to gain remote code execution (RCE) on Internet-facing instances. […]
AI, Cybersecurity, Global Security News
Gitea Vulnerability Exposes Private Container Images without Authentication
Cybersecurity researchers have disclosed a security flaw in Gitea, an open-source, self-hosted platform for version control, that allows unauthenticated remote attackers to pull private container images from Gitea deployments without requiring an account, password, or other credentials. The vulnerability, tracked as CVE-2026-27771 (CVSS score: N/A), affects all versions of Gitea prior to 1.26.2
AI, Apps, Cybersecurity, Endpoint, Exploits, Global Security News, Network Security
Critical bug in CrowdStrike LogScale let attackers access files
CrowdStrike fixed CVE-2026-40050 in LogScale self-hosted, a critical flaw allowing unauthenticated file access via path traversal. CrowdStrike recently disclosed a critical vulnerability, tracked as CVE-2026-40050, affecting its LogScale self-hosted product. The flaw enables unauthenticated path traversal, which could allow a remote attacker to read arbitrary files from the server filesystem. “CrowdStrike has released security updates…
Exploits, Global Security News
Critical Zero-Click Flaw in n8n Allows Full Server Compromise
The critical vulnerability affecting both cloud and self-hosted n8n instances requires no authentication or even n8n account to be exploited
AI, china, Data Breaches, Exploits, Global Security News, Network Security, Remote Access Security, Security, Vulnerabilities
BeyondTrust fixes critical RCE flaw in remote access tools
Companies using self-hosted versions of BeyondTrust Remote Support (RS) or Privileged Remote Access (PRA) should deploy patches for a critical vulnerability that allows attacks to execute OS commands without authentication. “Successful exploitation requires no authentication or user interaction and may lead to system compromise, including unauthorized access, data exfiltration, and service disruption,” BeyondTrust said in…