The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has urgently added a critical vulnerability in CrushFTP, a widely used enterprise file transfer platform, to its Known Exploited Vulnerabilities (KEV) catalog. Tracked as CVE-2025-31161, the flaw is under active exploitation, prompting organizations to patch immediately. Severe Remote Code Execution (RCE) ThreatRated 9.8/10 (Critical) on the CVSS…

Disclosure Date: April 9, 2025Affected Product: Langflow AI (versions prior to 1.3.0)CVSS 3.1 Score: 9.8 (Critical) Overview CVE-2025-3248 is a critical code injection vulnerability in Langflow, a popular open-source framework for building AI-driven workflows. The flaw allows unauthenticated attackers to execute arbitrary code on vulnerable servers by exploiting improper handling of Python’s exec() function in…

A newly discovered vulnerability, CVE-2025-23120, that enables remote code execution (RCE) for domain users is making waves in the cybersecurity community, posing a severe threat to organizations worldwide. “The attack method grants adversaries administrative-level privileges once they establish a foothold through a compromised user account,” c/side security analyst Himanshu Anand said in a new analysis.…