Weekly Metasploit Update: Exploits for FlowiseAI CSV Agent and MacOS Package Kit
More AI, more software, more bugs! AI, it's all you hear about nowadays and everyone's got an opinion on it. Here at Metasploit, we care less about those opinions and more about the growing attack…
Read the full articleYou might also wanna read
Langflow RCE Exploited to Deploy Monero Miner on Exposed AI App Endpoints
Threat actors are continuing to exploit a critical Langflow vulnerability as part of fresh attacks designed to deliver a Monero cryptocurren

WAF - WAF Release - 2025-09-29
This week highlights four important vendor- and component-specific issues: an authentication bypass in SimpleHelp (CVE-2024-57727), an infor

WAF - WAF Release - 2025-05-19
This week's analysis covers four vulnerabilities, with three rated critical due to their Remote Code Execution (RCE) potential. One targets

WAF - WAF Release - 2025-08-18
This week's update This week, a series of critical vulnerabilities were discovered impacting core enterprise and open-source infrastructure.
CVE-2026-61444: Improper Control of Generation of Code ('Code Injection') in MervinPraison PraisonAI
PraisonAI versions before 4.6.78 have a critical code injection vulnerability in deploy/api.py. The vulnerability arises because the agents_

WAF - WAF Release - 2026-04-07
This week's release introduces new detections for a critical Remote Code Execution (RCE) vulnerability in MCP Server (CVE-2026-23744), along

Comments
Sign in to join the conversation.
No comments yet. Be the first.