Topic: remote code execution
-
BeyondTrust Patches Critical Pre-Auth RCE Flaw in Remote Access Tools
A critical security flaw (CVE-2026-1731) in BeyondTrust's self-hosted remote access software allows unauthenticated attackers to execute arbitrary OS commands, posing a severe risk of complete system compromise. The vulnerability impacts specific versions of Remote Support and Privileged Remote A...
Read More » -
Microsoft Silent as Hackers Exploit WSUS Server Bug
A critical Windows Server Update Services (WSUS) vulnerability (CVE-2025-59287) is being actively exploited, allowing attackers to execute arbitrary code and take full control of affected systems. Microsoft issued an emergency patch after an initial fix failed, but security researchers have alrea...
Read More » -
Critical VoIP Phone Bug Enables Stealthy Eavesdropping (CVE-2026-2329)
A critical security flaw (CVE-2026-2329) in Grandstream GXP1600 series VoIP phones allows unauthenticated attackers to gain full remote control via a buffer overflow in the web interface. Successful exploitation enables attackers to steal credentials and, most alarmingly, reconfigure the phone to...
Read More » -
Critical RCE Flaw Found in BeyondTrust Remote Support Software
A critical pre-authentication command injection flaw (CVE-2026-1731) in BeyondTrust's Remote Support and Privileged Remote Access software allows unauthenticated attackers to remotely execute arbitrary commands. The vulnerability, impacting thousands of on-premises instances, requires immediate m...
Read More » -
GitHub Codespaces RCE Flaw Exposed
A critical vulnerability in GitHub Codespaces allows attackers to execute remote code by embedding malicious commands in configuration files, which run automatically when a developer opens a compromised repository or pull request. The attack exploits three main vectors: automatic tasks in `.vscod...
Read More » -
Critical n8n Vulnerabilities Exposed with Public Exploits
Critical vulnerabilities (CVE-2026-25049) in the n8n workflow platform allow users with workflow edit permissions to execute arbitrary code and fully compromise the host server, including stealing credentials. The flaws stem from incomplete AST-based sandboxing and a type-confusion vulnerability ...
Read More » -
Critical FortiSIEM Flaw Patched: Remote Code Execution Risk
A critical, unauthenticated OS command injection vulnerability (CVE-2025-64155) in Fortinet's FortiSIEM platform allows remote attackers to execute arbitrary code and take full control of systems. The flaw, found in the phMonitor service, involves a two-stage attack: unauthenticated argument inje...
Read More » -
Critical RCE Flaw in Trend Micro Apex Central: Patch Now
A critical vulnerability (CVE-2025-69258) in Trend Micro's Apex Central console allows unauthenticated attackers to remotely execute malicious code with the highest SYSTEM privileges. The flaw, discovered by Tenable, is exploited by sending a crafted message to a specific port, forcing the system...
Read More » -
Critical WatchGuard Firebox Flaw Actively Exploited in Attacks
A critical, unauthenticated remote code execution vulnerability (CVE-2025-14733) in WatchGuard Firebox firewalls is being actively exploited, requiring urgent patching. The flaw impacts numerous Firebox models and specific Fireware OS versions, primarily affecting systems using IKEv2 VPN, with a ...
Read More » -
Critical 'React2Shell' Vulnerability Exposes React.js
A critical vulnerability (CVE-2025-55182) in React.js and Next.js, dubbed React2Shell, allows unauthenticated remote code execution with a severity score of 10.0, posing a severe risk to servers. The flaw, exploitable via a simple HTTP request, impacts React Server Function endpoints and default ...
Read More » -
Critical React & Node.js Flaw Patched: Update Now (CVE-2025-55182)
A critical remote code execution vulnerability (CVE-2025-55182) affects React versions 19.0.0 through 19.2.0, requiring an immediate update to version 19.2.1. The flaw involves unsafe deserialization in React Server Components, impacting not only React but also major dependent frameworks like Nex...
Read More » -
Urgent: Actively Exploited WSUS Bug Now on CISA KEV List
A critical security flaw (CVE-2025-59287) in Windows Server Update Services (WSUS) allows unauthenticated attackers to execute remote code with system privileges by exploiting the GetCookie() endpoint. The vulnerability is under active exploitation, prompting urgent patching by Microsoft and incl...
Read More » -
Urgent Microsoft WSUS Flaw Actively Exploited After Patch
A severe security vulnerability (CVE-2025-59287) in Microsoft's WSUS allows unauthenticated remote code execution with SYSTEM privileges, prompting an urgent out-of-band patch due to incomplete initial fixes. The flaw arises from unsafe deserialization via BinaryFormatter in the `GetCookie()` end...
Read More » -
Critical Redis Flaw Exposes Thousands of Instances
A critical security vulnerability (CVE-2025-49844) in Redis allows authenticated attackers to execute remote code via a use-after-free flaw in Lua scripting, posing a severe risk to systems. The flaw affects a vast number of organizations due to Redis's widespread use in cloud environments, and i...
Read More » -
Critical RCE Flaw in Western Digital My Cloud NAS (CVE-2025-30247)
Western Digital has released a critical firmware update (version 5.31.108) to fix a severe remote code execution vulnerability (CVE-2025-30247) in multiple My Cloud NAS models, urging immediate installation to prevent unauthorized access and system takeover. The vulnerability is an OS command inj...
Read More » -
SolarWinds Issues Urgent Patch for Critical Web Help Desk Flaw
SolarWinds has released an urgent hotfix for a critical, unauthenticated remote code execution vulnerability (CVE-2025-26399) in its Web Help Desk software, which poses a severe risk to affected systems. The flaw is a patch bypass for a previous vulnerability and stems from unsafe deserialization...
Read More » -
Critical Security Flaw in Commvault Backup Suite Allows Remote Code Execution
A critical security vulnerability in on-premises Commvault deployments allows unauthenticated attackers to execute remote code by chaining four distinct flaws (CVE-2025-57788, CVE-2025-57789, CVE-2025-57790, and CVE-2025-57791). These vulnerabilities impact essential components like the Web Serve...
Read More » -
CISA Urges Immediate Patch for Critical Windows Server Flaw
A critical remote code execution vulnerability (CVE-2025-59287) in Windows Server Update Services (WSUS) allows attackers to gain full SYSTEM-level control without user interaction, posing a severe threat to organizational networks. CISA has mandated federal agencies to patch the flaw within thre...
Read More » -
Pyodide Sandbox Escape Leads to Grist-Core RCE Vulnerability
A critical vulnerability in Grist-Core allowed remote code execution via a malicious spreadsheet formula, enabling attackers to compromise the host system. The flaw involved escaping the Python sandbox to execute arbitrary commands, turning a spreadsheet into an active attack tool, especially ris...
Read More » -
CISA Alerts: SmarterMail RCE Flaw Actively Exploited in Ransomware
A critical, unauthenticated remote code execution flaw (CVE-2026-24423) in SmarterMail is being actively exploited by ransomware groups, prompting urgent warnings from CISA. The vulnerability, stemming from a missing authentication check, allows attackers to take control of unpatched systems, and...
Read More » -
Sitecore Zero-Day Exploit Actively Attacked (CVE-2025-53690)
A critical zero-day vulnerability (CVE-2025-53690) in Sitecore on-premises deployments is being actively exploited, allowing unauthorized access and remote code execution. Attackers leverage a known sample ASP.NET machine key to exploit ViewState deserialization, enabling them to deploy malware, ...
Read More » -
CISA Warns: BeyondTrust RCE Flaw Actively Exploited by Ransomware
A critical, unauthenticated remote code execution flaw (CVE-2026-1731) in BeyondTrust's remote support software is being actively exploited by ransomware groups, prompting urgent federal warnings. The vulnerability was a zero-day threat exploited before public disclosure, and its inclusion in CIS...
Read More » -
Critical Windows Notepad Flaw (CVE-2026-20841) Enables RCE via Markdown
A critical vulnerability (CVE-2026-20841) in Windows Notepad, stemming from its new Markdown support, allowed remote code execution via malicious links in Markdown files. Exploitation required user interaction, such as clicking a crafted link, but was made easier as Markdown files are often perce...
Read More » -
Windows 11 Notepad Bug Executes Files Via Markdown Links
A high-severity vulnerability in Windows 11 Notepad allowed attackers to execute malicious code remotely by tricking users into clicking a malicious link within a Markdown file. The flaw exploited the app's Markdown preview feature, where specially crafted links using non-standard protocols could...
Read More » -
Notepad's Markdown Update Comes With a Critical RCE Flaw
A high-severity vulnerability (CVE-2026-20841) in Microsoft Notepad's Markdown feature allows remote code execution if a user opens a malicious file and clicks an embedded link. Microsoft has patched the flaw, noting no current active exploits, but its impact is significant due to Notepad's ubiqu...
Read More » -
Over 40,000 OpenClaw Instances Found Exposed Online
Over 40,000 publicly exposed OpenClaw AI instances have been discovered, granting attackers the same access to systems and data as the AI agent itself. Exploitation is active, with many instances linked to prior breaches and vulnerabilities, including critical remote code execution flaws that all...
Read More » -
6,000+ SmarterMail Servers Vulnerable to Hijacking
A critical authentication bypass vulnerability (CVE-2026-23760) in SmarterMail email servers allows attackers to reset administrator passwords and take full control of unpatched systems. Security researchers have identified thousands of vulnerable servers, with evidence of widespread, automated e...
Read More » -
Cisco Flaw (CVE-2026-20045) Actively Exploited for RCE Attacks
A critical code injection vulnerability (CVE-2026-20045) in Cisco's unified communications products is being actively exploited, allowing attackers to execute malicious code and gain full system control. The flaw impacts several core enterprise collaboration platforms, including Cisco Unified Com...
Read More » -
CISA Mandates Urgent Patch for Actively Exploited Gogs Flaw
A critical remote code execution flaw (CVE-2025-8110) in Gogs is being actively exploited, allowing attackers to run arbitrary commands by manipulating Git configuration files. CISA has mandated all federal agencies to patch the vulnerability by February 2026, as over 1,400 public Gogs servers ar...
Read More » -
Patch Now: Critical MongoDB RCE Flaw Demands Immediate Action
A critical, high-severity vulnerability (CVE-2025-14847) in MongoDB allows unauthenticated attackers to remotely execute code by exploiting a flaw in the zlib compression implementation. Administrators must immediately upgrade to specific patched versions (e.g., MongoDB 8.2.3) or, as a workaround...
Read More » -
Urgent: WatchGuard Firewalls Targeted by Critical Attack (CVE-2025-14733)
Over 115,000 WatchGuard Firebox firewalls are actively being targeted via a critical, unauthenticated remote code execution flaw (CVE-2025-14733) in the Fireware OS's IKED process. The U.S. CISA has mandated patching due to active exploitation, requiring an immediate upgrade to specific fixed Fir...
Read More » -
Microsoft Patches 3 Zero-Days, 57 Flaws in December Update
Microsoft's December 2025 Patch Tuesday addressed 57 vulnerabilities, including three critical remote code execution flaws and three zero-day issues. One zero-day (CVE-2025-62221) is actively exploited, allowing local privilege escalation, while two others were publicly disclosed before patching....
Read More » -
RondoDox Botnet Exploits Critical XWiki Server Flaw
The RondoDox botnet malware is actively exploiting a critical remote code execution vulnerability (CVE-2025-24893) in XWiki Platform, as confirmed by U.S. cybersecurity authorities and VulnCheck. This malware uses manipulated HTTP requests to inject and execute malicious code, downloading scripts...
Read More » -
Urgent: Critical Web Panel Flaw Actively Exploited (CVE-2025-48703)
A critical security vulnerability (CVE-2025-48703) in Control Web Panel (CWP) is being actively exploited, posing a severe threat to web hosting environments and prompting its addition to CISA's Known Exploited Vulnerabilities catalog. The flaw is an OS command injection that allows unauthenticat...
Read More » -
Skuld Infostealer Exploits WSUS Flaw (CVE-2025-59287)
A critical remote code execution vulnerability (CVE-2025-59287) in Windows Server Update Services (WSUS) is being actively exploited, allowing attackers to install information-stealing malware on unpatched systems. The flaw stems from unsafe deserialization of untrusted data, enabling unauthentic...
Read More » -
Abandoned Rust Library Flaw Sparks RCE Attack Risk
A critical security vulnerability (CVE-2025-62518) in the abandoned async-tar and tokio-tar Rust libraries allows remote code execution via desynchronization during TAR archive extraction, enabling attackers to insert malicious entries without authentication. The flaw, named TARmageddon, arises f...
Read More » -
Active Attacks Exploit Critical WSUS Flaw in Windows Server
Actively exploited critical vulnerabilities (CVE-2025-59287) in Windows Server Update Services (WSUS) allow remote code execution and system takeover, requiring immediate emergency patching. Microsoft has released out-of-band security updates for all affected Windows Server versions and recommend...
Read More » -
Microsoft Fixes Critical WSUS Flaw Under Active Attack
Microsoft has released an emergency patch for a critical, actively exploited vulnerability (CVE-2025-59287) in Windows Server Update Services, allowing unauthorized remote code execution without user interaction. The flaw is wormable and could enable attackers to take control of WSUS servers, pot...
Read More » -
Urgent WSUS Vulnerability: Patch Windows Server Now
A critical security flaw (CVE-2025-59287) in Microsoft's WSUS allows unauthorized remote code execution with system-level privileges, affecting multiple Windows Server versions. The vulnerability stems from the deserialization of untrusted data, enabling attackers to fully compromise servers, pro...
Read More » -
Microsoft Patches 6 Zero-Day Exploits in Critical October Update
Microsoft's October 2025 Patch Tuesday addresses 172 vulnerabilities, including six actively exploited zero-days and eight critical-rated flaws, with a focus on remote code execution and privilege escalation risks. Windows 10 has reached its end of support, requiring users to enroll in Extended S...
Read More » -
SolarWinds Patches Critical RCE Flaw in Web Help Desk
SolarWinds has released a critical update for its Web Help Desk software to patch CVE-2025-26399, an unauthenticated remote code execution vulnerability requiring immediate action to prevent system compromise. The flaw, located in the AjaxProxy class, allows remote attackers to execute arbitrary ...
Read More » -
WatchGuard Issues Critical Firewall Vulnerability Alert
WatchGuard has disclosed a critical remote code execution vulnerability (CVE-2025-9242) in its Firebox firewalls, allowing unauthenticated attackers to run arbitrary code on affected devices. The flaw impacts Fireware OS versions 11.x, 12.x, and 2025.1, specifically when IKEv2 VPN is configured, ...
Read More » -
AI-Powered Cursor IDE at Risk of Prompt Injection Attacks
A critical security flaw (CVE-2025-54135) in Cursor IDE, dubbed CurXecute, allows remote code execution via manipulated AI prompts, risking unauthorized system access. Attackers can exploit the Model Context Protocol (MCP) by injecting malicious prompts through third-party servers (e.g., Slack), ...
Read More » -
Patch Now: FortiWeb Pre-Auth RCE Exploits Released
A critical vulnerability (CVE-2025-25257, 9.8/10 severity) in Fortinet's FortiWeb WAF allows unauthenticated remote code execution via SQL injection, requiring immediate patching. Exploits leverage improper SQL sanitization in the Fabric Connector, enabling attackers to inject malicious commands ...
Read More » -
Active Exploits Target Critical Wing FTP Server Flaw (CVE-2025-47812)
A critical remote code execution flaw (CVE-2025-47812) in Wing FTP Server is being actively exploited, allowing unauthenticated attackers to execute arbitrary system commands with elevated privileges. The vulnerability stems from improper input validation in Wing FTP's web interfaces, enabling Lu...
Read More » -
Telegram Channels Reveal SmarterMail Exploits in the Wild
Threat actors are rapidly weaponizing critical vulnerabilities in SmarterMail (CVE-2026-24423 and CVE-2026-23760), sharing exploit code and credentials to enable server takeover and ransomware campaigns. These flaws have already been exploited in real-world incidents, including a breach at Smarte...
Read More » -
Urgent: CISA Confirms Active Attacks Exploiting Critical Microsoft SCCM Flaw
A critical SQL injection vulnerability (CVE-2024-43468) in Microsoft Configuration Manager is now being actively exploited, allowing unauthenticated attackers to execute arbitrary code with the highest privileges. The Cybersecurity and Infrastructure Security Agency (CISA) has mandated federal ag...
Read More » -
SolarWinds Help Desk Flaw Under Active Attack
A critical vulnerability (CVE-2025-40551) in SolarWinds Web Help Desk is under active attack, allowing unauthenticated attackers to execute remote code and gain administrative control, prompting urgent patching orders from US authorities. The flaw is one of four critical vulnerabilities, all with...
Read More » -
SmarterMail Flaw Lets Attackers Hijack Admin Accounts
A critical authentication bypass flaw in SmarterMail's 'force-reset-password' API endpoint allows attackers to hijack administrator accounts and gain full server control. Threat actors began exploiting the vulnerability just two days after the patch was released, suggesting they reverse-engineere...
Read More » -
Unpatched Gogs Bug Actively Exploited, CISA Warns
A critical vulnerability (CVE-2025-8110) in the Gogs platform is being actively exploited, allowing authenticated users to achieve remote code execution by overwriting files via a symbolic link flaw. Over 700 Gogs instances have already been compromised, with no official patch yet available, thou...
Read More »