SDxCentral

VU#148244: PandasAI interactive prompt function can be exploited to run arbitrary Python code through prompt injection, which can lead to remote code execution (RCE)

PandasAI, an open source project by SinaptikAI, has been found vulnerable to Prompt Injection attacks. An attacker with access to the chat prompt can craft malicious input that is interpreted as code, ...
InfoWorld

13 new critical holes in JavaScript sandbox allow execution of arbitrary code

Thirteen critical vulnerabilities have been found in the vm2 JavaScript sandbox package that could allow an attacker’s code ...
TechRepublic

arbitrary code execution

Apple urges users to update after patching CVE-2026-20700, a zero-day flaw exploited in sophisticated targeted attacks across multiple devices. Google released a Chrome security update fixing two high ...

Critical vm2 sandbox bug lets attackers execute code on hosts

A critical vulnerability in the popular Node.js sandboxing library vm2 allows escaping the sandbox and executing arbitrary ...
Bleeping Computer

CISA warns of actively exploited Git code execution flaw

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) is warning of hackers exploiting an arbitrary code execution flaw in the Git distributed version control system. The agency has added the ...
CSO Online

Critical Cursor bug could turn routine Git into RCE

A flaw in Cursor’s AI agent lets malicious repositories trigger arbitrary code execution through routine Git operations, now patched in version 2.5.