ServiceNow Patches Critical AI Platform Flaw Allowing Unauthenticated User Impersonation

ServiceNow has disclosed details of a now-patched critical security flaw impacting its ServiceNow artificial intelligence AI Platform that could enable an unauthenticated user to impersonate another user and perform arbitrary actions as that user. The vulnerability, tracked as CVE-2025-12420 ,...

CVE-2025-11449

ServiceNow has addressed a reflected cross-site scripting vulnerability that was identified in the ServiceNow AI Platform. This vulnerability could result in arbitrary code being executed within the browsers of ServiceNow users who click on a specially crafted link. ServiceNow has addressed this...

CVE-2025-11450

ServiceNow has addressed a reflected cross-site scripting vulnerability that was identified in the ServiceNow AI Platform. This vulnerability could result in arbitrary code being executed within the browsers of ServiceNow users who click on a specially crafted link. ServiceNow has addressed this...

CVE-2025-11449

The CVE-2025-11449 entry describes a reflected cross-site scripting vulnerability in the ServiceNow AI Platform. The flaw could allow arbitrary code execution in a user’s browser when a person clicks a specially crafted link. Documentation consistently states that ServiceNow has deployed security...

PT-2025-41499

Name of the Vulnerable Software and Affected Versions ServiceNow affected versions not specified Description A reflected cross-site scripting issue exists in the ServiceNow AI Platform. Successful exploitation could allow for the execution of arbitrary code within the browsers of ServiceNow users...

Important: Red Hat Security Advisory: Red Hat Enterprise Linux AI 1.5 (NVIDIA)

Red Hat Enterprise Linux AI 1.5 NVIDIA is now available. Red Hat® Enterprise Linux® AI is a foundation model platform to seamlessly develop, test, and run Granite family large language models LLMs for enterprise applications...

PT-2025-32683 · Servicenow · Servicenow

Name of the Vulnerable Software and Affected Versions: ServiceNow affected versions not specified Description: A Broken Access Control vulnerability was identified in the ServiceNow AI Platform. This vulnerability could allow a low privileged user to bypass access controls and perform actions...

Zoom Workplace Cross-Site Scripting Vulnerability

Zoom Workplace is an AI-first collaboration platform from Zoom that integrates core features such as team communication, meetings, document collaboration, and a built-in AI Companion smart assistant to boost productivity. Zoom Workplace suffers from a cross-site scripting vulnerability that can b...

CVE-2025-46571

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.6.6, low privileged users can upload HTML files which contain JavaScript code via the /api/v1/files/ backend endpoint. This endpoint returns a file id, which can be used to open t...

AkiraBot Targets 420,000 Sites with OpenAI-Generated Spam, Bypassing CAPTCHA Protections

Cybersecurity researchers have disclosed details of an artificial intelligence AI powered platform called AkiraBot that's used to spam website chats, comment sections, and contact forms to promote dubious search engine optimization SEO services such as Akira and ServicewrapGO. "AkiraBot has...