SecurityWeek

Critical Vulnerabilities Patched in Fortinet, Ivanti Products

Two OS command injection flaws can be exploited remotely, without authentication, for arbitrary code execution.
The Hacker News

LiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to Unauthenticated RCE

CISA added CVE-2026-42271, a high-severity LiteLLM command injection flaw, to its KEV catalog after evidence of active ...

Critical UniFi OS bug lets hackers gain root without authentication

Attackers can chain three already fixed vulnerabilities in the Ubiquiti UniFi OS server to execute remote code with root ...
Guru3D.com

Ubiquiti Urges Immediate Updates Following Root Access Exploit Discovery

Security researchers have disclosed a critical vulnerability chain affecting Ubiquiti's UniFi OS Server platform that could allow attackers to bypass authentication controls, execute arbitrary ...
Bleeping Computer

New macOS zero-day bug lets attackers run commands remotely

Security researchers disclosed today a new vulnerability in Apple's macOS Finder, which makes it possible for attackers to run commands on Macs running any macOS version up to the latest release, Big ...
CSOonline

Cisco patches max-severity flaw allowing arbitrary command execution

Cisco (Nasdaq:CSCO) is urging customers to patch for a maximum-severity flaw affecting its IOS XE Software for Wireless controllers. The flaw, tracked as CVE-2025-20188, received a severity rating of ...

Critical command injection vulnerability discovered in Universal Robots PolyScope 5

Universal Robots urges users to update PolyScope software following critical vulnerability ...