Tag: rce
-
Week in review: 74k Fortinet firewall credentials stolen, Splunk Enterprise RCE under active attack
Tags: attack, backdoor, breach, credentials, firewall, fortinet, Hardware, network, rce, remote-code-execution, WeeklyReviewHere’s an overview of some of last week’s most interesting news, articles, interviews and videos: A hardware neural network backdoor that hides in plain sight Deep learning … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/21/week-in-review-74k-fortinet-firewall-credentials-stolen-splunk-enterprise-rce-under-active-attack/
-
AutoJack Exploit Chain Hits Microsoft AutoGen Studio With Zero-Click RCE Attack
A critical exploit chain dubbed AutoJack that allows a single malicious web page to hijack Microsoft’s AutoGen Studio browsing agent and silently execute arbitrary code on the host machine, requiring no user interaction beyond submitting a URL. AutoJack targets AutoGen Studio, Microsoft Research’s open-source prototyping UI for multi-agent AI systems. The technique weaponizes the agent’s built-in web-browsing capabilities…
-
Unauthenticated RCE in Splunk Enterprise under active attack (CVE-2026-20253)
CISA has added CVE-2026-20253, a critical, remotely exploitable vulnerability in Splunk Enterprise, to its Known Exploited Vulnerabilities catalog, and ordered US federal … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/19/splunk-vulnerability-cve-2026-20253-exploited/
-
Jenkins RCE Flaw Exploited by Attackers in the Wild
A remote code execution (RCE) vulnerability in Jenkins, tracked as CVE-2026-53435, is now actively exploited in the wild. The flaw, stemming from insecure deserialization during Jenkins’ config.xml processing, allows unauthenticated or low-privileged attackers to execute arbitrary code on vulnerable instances, posing a severe risk to organizations that rely on the popular CI/CD automation server. Jenkins RCE Flaw…
-
Jenkins RCE Flaw Exploited by Attackers in the Wild
A remote code execution (RCE) vulnerability in Jenkins, tracked as CVE-2026-53435, is now actively exploited in the wild. The flaw, stemming from insecure deserialization during Jenkins’ config.xml processing, allows unauthenticated or low-privileged attackers to execute arbitrary code on vulnerable instances, posing a severe risk to organizations that rely on the popular CI/CD automation server. Jenkins RCE Flaw…
-
Critical Splunk Enterprise Pre-Auth RCE Chain Exposes Databases
Tags: api, authentication, cve, cvss, cyber, flaw, rce, remote-code-execution, service, vulnerabilityA critical pre-authentication remote code execution (RCE) vulnerability in Splunk Enterprise has been disclosed, carrying a near-perfect CVSS score of 9.8. Tracked asCVE-2026-20253, the flaw was published by Splunk on June 10, 2026, and affects thePostgreSQL Sidecar Serviceintroduced in Splunk version 10. The root cause of CVE-2026-20253 lies in the PostgreSQL Sidecar Service’s HTTP API…
-
Critical Splunk Enterprise Pre-Auth RCE Chain Exposes Databases
Tags: api, authentication, cve, cvss, cyber, flaw, rce, remote-code-execution, service, vulnerabilityA critical pre-authentication remote code execution (RCE) vulnerability in Splunk Enterprise has been disclosed, carrying a near-perfect CVSS score of 9.8. Tracked asCVE-2026-20253, the flaw was published by Splunk on June 10, 2026, and affects thePostgreSQL Sidecar Serviceintroduced in Splunk version 10. The root cause of CVE-2026-20253 lies in the PostgreSQL Sidecar Service’s HTTP API…
-
Oracle PeopleSoft RCE Flaw Used as Zero-Day in Ongoing ShinyHunters Campaign
Tags: advisory, breach, exploit, flaw, google, group, intelligence, mandiant, oracle, rce, remote-code-execution, threat, update, vulnerability, zero-dayShinyHunters exploited a critical Oracle PeopleSoft zero-day to breach over 100 organizations, mostly universities, before a patch was available. Mandiant and Google’s Threat Intelligence Group published an analysis of an active ShinyHunters campaign on June 11, one day after Oracle finally issued an advisory for the vulnerability being exploited. The gap matters: the activity ran…
-
Oracle PeopleSoft RCE Flaw Used as Zero-Day in Ongoing ShinyHunters Campaign
Tags: advisory, breach, exploit, flaw, google, group, intelligence, mandiant, oracle, rce, remote-code-execution, threat, update, vulnerability, zero-dayShinyHunters exploited a critical Oracle PeopleSoft zero-day to breach over 100 organizations, mostly universities, before a patch was available. Mandiant and Google’s Threat Intelligence Group published an analysis of an active ShinyHunters campaign on June 11, one day after Oracle finally issued an advisory for the vulnerability being exploited. The gap matters: the activity ran…
-
Oracle PeopleSoft Zero-Day RCE Vulnerability Exploited by ShinyHunters
Tags: cve, cvss, cyber, exploit, flaw, google, group, intelligence, mandiant, oracle, rce, remote-code-execution, threat, vulnerability, zero-dayA newly disclosed zero-day vulnerability in Oracle PeopleSoft is being actively exploited by the ShinyHunters threat group, according to a joint investigation by Mandiant and Google Threat Intelligence Group (GTIG). Tracked as CVE-2026-35273 with a critical CVSS score of 9.8, the flaw affects the Environment Management component and enables unauthenticated remote code execution. Researchers confirmed…
-
Langflow Vulnerability CVE-2026-5027 Exploited for Unauthenticated RCE
A high-severity security flaw in Langflow, an open-source low-code platform to build artificial intelligence (AI) applications, has come under active exploitation in the wild, according to findings from VulnCheck.The vulnerability in question is CVE-2026-5027 (CVSS score: 8.8), a case of path traversal that could allow an attacker to write files to arbitrary locations.”The ‘POST /api/v2/…
-
From SQLi to RCE Exploiting LangGraph’s Checkpointer
y Yarden Porat AI agents need memory. Frameworks like LangGraph provide it through checkpointers persistence layers that store execution state. But what happens when that persistence layer isn’t locked down? Key Points Background LangGraph is an open-source framework for building stateful, multi-agent AI systems with built-in persistence. It’s an extension of LangChain, with over […]…
-
From SQLi to RCE Exploiting LangGraph’s Checkpointer
y Yarden Porat AI agents need memory. Frameworks like LangGraph provide it through checkpointers persistence layers that store execution state. But what happens when that persistence layer isn’t locked down? Key Points Background LangGraph is an open-source framework for building stateful, multi-agent AI systems with built-in persistence. It’s an extension of LangChain, with over […]…
-
Critical Veeam RCE Flaw Lets Low-Privilege Users Take Over Backup Servers
Veeam addressed a critical RCE vulnerability flaw in Backup & Replication that lets low-privileged domain users take control of backup servers. Veeam has patched a critical remote code execution vulnerability, tracked as CVE-2026-44963 (CVSS v4 Score of 9.4), affecting Backup & Replication version 12.x. The flaw could allow a low-privileged domain user to execute code on…
-
Veeam Backup & Replication RCE Flaw Lets Domain Users Run Remote Code
Veeam has released security patches to address a critical flaw in its Backup & Replication software that could result in remote code execution.Tracked as CVE-2026-44963, the vulnerability carries a CVSS score of 9.4 out of a maximum of 10.0.”A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user,” Veeam…
-
New Veeam vulnerability exposes backup servers to RCE attacks
Veeam has released security updates to patch a critical Backup & Replication security flaw that can be exploited to gain remote code execution (RCE) on domain-joined backup servers. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-veeam-vulnerability-exposes-backup-servers-to-rce-attacks/
-
LiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to Unauthenticated RCE
Tags: cve, cybersecurity, exploit, flaw, infrastructure, injection, kev, rce, remote-code-execution, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity flaw impacting BerriAI LiteLLM to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.The vulnerability, tracked as CVE-2026-42271 (CVSS score: 8.7), is a command injection vulnerability that could allow any authenticated user to run arbitrary commands on the First seen…
-
Internet Explorer WebBrowser Control Abuse Lets Attackers Convert Clicks Into RCE
Internet Explorer’s legacy WebBrowser control can be abused to turn seemingly harmless user clicks into full remote code execution (RCE), even on systems that no longer use Internet Explorer as a standalone browser. Although Microsoft officially ended support for IE, the Trident engine and WebBrowser ActiveX control remain embedded in numerous Windows applications built with…
-
Critical UniFi OS RCE Chain Grants Root Access Without Credentials
Tags: access, advisory, authentication, credentials, cyber, flaw, injection, rce, remote-code-execution, update, vulnerabilitySecurity Advisory Bulletin 064 describing a critical chain of vulnerabilities in UniFi OS Server that allows unauthenticated remote code execution and full root takeover. The issue combines an authentication-gateway bypass, a path-traversal mismatch, and a command-injection sink in the package-update service. When chained, these flaws let an attacker send a single crafted HTTP request to…
-
Critical UniFi OS Auth Bypass Flaws Lead to Unauthenticated Root RCE
Ubiquiti has addressed three critical vulnerabilities within the UniFi OS Server that attackers can chain together to achieve unauthenticated remote code execution (RCE) with root privileges. Disclosed on May 21, 2026, via Security Advisory Bulletin 064 (SAB-064), the flaws are tracked as CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910. Each vulnerability carries a maximum CVSS 3.1 severity score…
-
Six protobuf.js Vulnerabilities Expose RCE and DoS Risks
Six protobuf.js vulnerabilities could enable RCE, DoS attacks, and software supply chain compromise across enterprise environments. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/six-protobuf-js-vulnerabilities-expose-rce-and-dos-risks/
-
Hugging Face Vulnerability Allows Remote Code Execution
Hugging Face flaw allows RCE from malicious AI models. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/hugging-face-vulnerability-allows-remote-code-execution/
-
CVE-2026-45659 nutzt Deserialisierungsfehler in SharePoint aus – SharePoint RCE-Lücke funktioniert mit einfachem Benutzerkonto
First seen on security-insider.de Jump to article: www.security-insider.de/cve-2026-45659-sharepoint-rce-deserialisierung-benutzerkonto-a-5f30a8cda8b234615bd275711560a4cf/
-
Everest Forms Pro Vulnerability Allows Remote Code Execution on WordPress Sites
Critical Everest Forms Pro RCE flaw exploited to create rogue WordPress admin accounts First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/everest-forms-pro-rce-actively/
-
CISA Adds Exploited Magento RCE Flaw CVE-2026-45247 to KEV Catalog
Tags: cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, rce, remote-code-execution, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical flaw impacting Mirasvit Cache Warmer, a popular Magento full-page cache extension, to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation in the wild.The vulnerability, tracked as CVE-2026-45247 (CVSS score: 9.8), is a case of deserialization of untrusted First seen…
-
Autonomous AI Tool Finds 2-Year-Old RCE Flaw in Redis (CVE-2026-23479)
Redis has patched a use-after-free in its blocking-client code that lets an authenticated user run arbitrary OS commands on the machine hosting the database. The flaw was found by an autonomous AI tool built to hunt bugs in large codebases.Tracked as CVE-2026-23479, the flaw was introduced in Redis 7.2.0 and remained in every stable branch…
-
Why an HP Poly VoIP Phones Bug Could Become an Enterprise Foothold
Rapid7 details a critical unauthenticated overflow in HP Poly VoIP phones that can lead to root RCE, with patches available for affected models. Rapid7’s latest disclosure on CVE-2026-0826 should get serious attention from anyone running HP Poly VoIP phones in an enterprise setting. It’s a critical unauthenticated stack-based buffer overflow that can give a remote…
-
Windows Netlogon RCE exploited, domain controllers at risk (CVE-2026-41089)
CVE-2026-41089, a critical Windows Netlogon RCE flaw that allows remote code execution, is now actively exploited in the wild, the Centre for Cybersecurity Belgium (CCB) … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/01/windows-netlogon-rce-exploited-cve-2026-41089/
-
Critical Flowise Flaw Gives Attackers Full Server Control
Obsidian publishes PoC for a 1-click Flowise RCE that can fully compromise self-hosted servers First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/flowise-mcp-rce-poc/
-
Critical Windows Netlogon RCE flaw now exploited in attacks
Tags: attack, country, cybersecurity, exploit, flaw, rce, remote-code-execution, threat, vulnerability, windowsThe Centre for Cybersecurity Belgium (CCB), the country’s national authority for cybersecurity, warned on Friday that threat actors are now exploiting a recently patched critical Windows Netlogon vulnerability in attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/critical-windows-netlogon-remote-code-execution-flaw-now-exploited-in-attacks/