The Hacker News

Critical LangChain Core Vulnerability Exposes Secrets via Serialization Injection

A critical LangChain Core vulnerability (CVE-2025-68664, CVSS 9.3) allows secret theft and prompt injection through unsafe ...
The Hacker News

CISA Flags Actively Exploited Digiever NVR Vulnerability Allowing Remote Code Execution

CISA adds an actively exploited Digiever DS-2105 Pro NVR vulnerability to KEV, warning of botnet attacks and urging ...
IEEE

LLM Agentic Workflow for Automated Vulnerability Detection and Remediation in Infrastructure-as-Code

Abstract: This paper presents a multi-agent, AI-driven strategy employing Large Language Models (LLMs), retrieval-augmented generation, and a continuously updated knowledge base for the detection and ...
GitHub

cx-harsh-gokani/VulnerableCodes

Vulnerable Code Samples This repository contains a collection of intentionally vulnerable applications written in various programming languages. These samples are designed to demonstrate common ...
IEEE

Contrastive Analysis: Extracting Discriminative Features From Highly Similar Vulnerable-Patched Codes for Vulnerability Detection

Currently, deep learning-based software vulnerability detection methods often perform poorly in real-world applications. Through an analysis of 13 real-world projects and 4 open-source vulnerability ...
GitHub

SiYuan vulnerable to RCE via zip slip and Command Injection via PandocBin

This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System (CVSS). Attack Vector: This metric reflects the context by which vulnerability ...