Tag: rce
-
NHS Warns of PoC Exploit for 7-Zip Symbolic LinkBased RCE Vulnerability
Update: The NHS England Digital, in an updated advisory on November 20, 2025, said it has not observed in-the-wild exploitation of CVE-2025-11001, but noted that it’s “aware of a public proof-of-concept exploit.” It has since removed what it said were “erroneous references” to active exploitation.The original story follows below -A recently disclosed security flaw impacting…
-
Critical WSUS RCE (CVE-2025-59287) Actively Exploited to Deploy ShadowPad Backdoor
The post Critical WSUS RCE (CVE-2025-59287) Actively Exploited to Deploy ShadowPad Backdoor appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/critical-wsus-rce-cve-2025-59287-actively-exploited-to-deploy-shadowpad-backdoor/
-
CVE-2025-50165: Critical Flaw in Windows Graphics Component
IntroductionIn May 2025, Zscaler ThreatLabz discovered CVE-2025-50165, a critical remote code execution (RCE) vulnerability with a CVSS score of 9.8 that impacts the Windows Graphics Component. The vulnerability lies within windowscodecs.dll, and any application that uses this library as a dependency is vulnerable to compromise, such as a Microsoft Office document. For example, attackers can exploit the…
-
D-Link warns of new RCE flaws in end-of-life DIR-878 routers
D-Link is warning of three remotely exploitable command execution vulnerabilities that affect all models and hardware revisions of its DIR-878 router, which has reached end-of-service but is still available in several markets. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/d-link-warns-of-new-rce-flaws-in-end-of-life-dir-878-routers/
-
7-Zip RCE Vulnerability Actively Exploited by Hackers
Tags: cve, cvss, cyber, cybersecurity, exploit, flaw, hacker, malicious, rce, remote-code-execution, risk, software, vulnerabilityCybersecurity researchers have reported active exploitation of a critical vulnerability in 7-Zip, the popular file compression software used by millions worldwide. The flaw, tracked as CVE-2025-11001, poses serious risks as attackers are leveraging it to execute malicious code remotely on vulnerable systems. Vulnerability Details CVE ID Vulnerability Type CVSS Score Affected Product CVE-2025-11001 File Parsing…
-
Fortinet ‘fesses up to second 0-day within a week
Attackers may be joining the dots to enable unauthenticated RCE First seen on theregister.com Jump to article: www.theregister.com/2025/11/19/fortinet_confirms_second_fortiweb_0day/
-
7-Zip RCE flaw (CVE-2025-11001) actively exploited in attacks in the wild
A remote code execution vulnerability, tracked as CVE-2025-11001, in the 7-Zip software is under active exploitation. A new 7-Zip flaw tracked as CVE-2025-11001 (CVSS score of 7.0) is now being actively exploited in the wild, NHS England warns. Remote attackers can trigger the vulnerability to execute arbitrary code on affected installations of 7-Zip. >>Active exploitation…
-
Hackers Actively Exploiting 7-Zip Symbolic LinkBased RCE Vulnerability (CVE-2025-11001)
A recently disclosed security flaw impacting 7-Zip has come under active exploitation in the wild, according to an advisory issued by the U.K. NHS England Digital on Tuesday.The vulnerability in question is CVE-2025-11001 (CVSS score: 7.0), which allows remote attackers to execute arbitrary code. It has been addressed in 7-Zip version 25.00 released in July…
-
RCE Vulnerability in glob CLI Poses Major CI/CD Security Risk
A glob CLI flaw lets attackers run commands via malicious filenames, putting CI/CD pipelines at risk. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/rce-vulnerability-in-glob-cli-poses-major-ci-cd-security-risk/
-
RCE Vulnerability in glob CLI Poses Major CI/CD Security Risk
A glob CLI flaw lets attackers run commands via malicious filenames, putting CI/CD pipelines at risk. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/rce-vulnerability-in-glob-cli-poses-major-ci-cd-security-risk/
-
W3 Total Cache Security Vulnerability Exposes One Million WordPress Sites to RCE
A critical security flaw has been discovered in the widely used W3 Total Cache WordPress plugin, putting over 1 million websites at serious risk. The vulnerability allows attackers to take complete control of affected websites without needing any login credentials. Field Value CVE ID CVE-2025-9501 Plugin Name W3 Total Cache Affected Versions Before 2.8.13 Fixed…
-
W3 Total Cache Security Vulnerability Exposes One Million WordPress Sites to RCE
A critical security flaw has been discovered in the widely used W3 Total Cache WordPress plugin, putting over 1 million websites at serious risk. The vulnerability allows attackers to take complete control of affected websites without needing any login credentials. Field Value CVE ID CVE-2025-9501 Plugin Name W3 Total Cache Affected Versions Before 2.8.13 Fixed…
-
Critical RCE Flaws in AI Inference Engines Expose Meta, Nvidia, and Microsoft Frameworks
Tags: ai, cve, cyber, flaw, framework, infrastructure, microsoft, nvidia, open-source, rce, remote-code-execution, technology, vulnerabilitySecurity researchers at Oligo Security have uncovered a series of critical Remote Code Execution vulnerabilities affecting widely deployed AI inference servers from major technology companies. The flaws affect frameworks developed by Meta, NVIDIA, Microsoft, and open-source projects such as vLLM, SGLang, and Modular, potentially exposing enterprise AI infrastructure to serious security risks. CVE ID Affected…
-
RondoDox expands botnet by exploiting XWiki RCE bug left unpatched since February 2025
RondoDox botnet exploits unpatched XWiki flaw CVE-2025-24893 to gain RCE and infect more servers, despite fixes released in February 2025. RondoDox is targeting unpatched XWiki servers via critical RCE flaw CVE-2025-24893 (CVSS score of 9.8), pulling more devices into its botnet despite patches released in Feb 2025. The XWiki Platform is a generic wiki framework…
-
Imunify360 Zero-Day Leaves Millions of Websites Open to RCE
A critical flaw in Imunify360 allowed attacker code to run during scans, putting millions of websites at risk. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/imunify360-zero-day-leaves-millions-of-websites-open-to-rce/
-
Critical Imunify360 Vulnerability Exposes Millions of Linux-Hosted Sites to RCE Attacks
A critical Remote Code Execution vulnerability has been patched in Imunify360 AV, a security product protecting approximately 56 million websites worldwide. Hosting companies must apply the patch immediately to prevent potential server compromises. The vulnerability details began circulating in late October 2024, prompting urgent recommendations for affected hosting providers to verify the integrity of their…
-
RCE flaw in ImunifyAV puts millions of Linux-hosted sites at risk
The ImunifyAV malware scanner for Linux server, used by tens of millions of websites, is vulnerable to a remote code execution vulnerability that could be exploited to compromise the hosting environment. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/rce-flaw-in-imunifyav-puts-millions-of-linux-hosted-sites-at-risk/
-
BeeStation RCE Zero-Day Puts Synology Devices at High Risk
A critical BeeStation OS flaw lets attackers run remote code on unpatched Synology devices. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/beestation-rce-zero-day-puts-synology-devices-at-high-risk/
-
CISA Issues Alert on Samsung 0-Day RCE Flaw Actively Exploited in Attacks
Tags: attack, cisa, cve, cyber, cybersecurity, exploit, flaw, infrastructure, kev, mobile, rce, remote-code-execution, vulnerability, zero-dayThe Cybersecurity and Infrastructure Security Agency (CISA) has added a critical remote code execution vulnerability affecting Samsung mobile devices to its Known Exploited Vulnerabilities (KEV) catalog, signaling active exploitation in the wild. Tracked as CVE-2025-21042, this zero-day flaw resides in Samsung’s libimagecodec library. It could allow attackers to bypass security protections and execute arbitrary code…
-
CISA Issues Alert on Samsung 0-Day RCE Flaw Actively Exploited in Attacks
Tags: attack, cisa, cve, cyber, cybersecurity, exploit, flaw, infrastructure, kev, mobile, rce, remote-code-execution, vulnerability, zero-dayThe Cybersecurity and Infrastructure Security Agency (CISA) has added a critical remote code execution vulnerability affecting Samsung mobile devices to its Known Exploited Vulnerabilities (KEV) catalog, signaling active exploitation in the wild. Tracked as CVE-2025-21042, this zero-day flaw resides in Samsung’s libimagecodec library. It could allow attackers to bypass security protections and execute arbitrary code…
-
Popular JavaScript library expr-eval vulnerable to RCE flaw
A critical vulnerability in the popular expr-eval JavaScript library, with over 800,000 weekly downloads on NPM, can be exploited to execute code remotely through maliciously crafted input. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/popular-javascript-library-expr-eval-vulnerable-to-rce-flaw/
-
Popular npm Library Used in AI and NLP Projects Exposes Systems to RCE
A critical remote code execution vulnerability has been discovered in the widely used JavaScript library expr-eval, affecting thousands of projects that rely on it for mathematical expression evaluation and natural language processing. The vulnerability, tracked as CVE-2025-12735, poses significant risks to server environments and to AI-powered applications that process user input. Identifier Value CVE ID…
-
Claude Desktop Hit by Critical RCE Flaws Allowing Remote Code Execution
Security researchers have uncovered severe remote code execution vulnerabilities in three official Claude Desktop extensions developed and published by Anthropic. The Chrome, iMessage, and Apple Notes connectors, which collectively boast over 350,000 downloads and occupy prominent positions in Claude Desktop’s extension marketplace, all contained the same critical security flaw: unsanitized command injection. The vulnerabilities, confirmed…
-
Cisco Confirms Active Exploitation of Secure ASA and FTD RCE Vulnerability
Cisco has issued a critical warning about ongoing attacks targeting a severe remote code execution vulnerability affecting its Secure Firewall, Adaptive Security Appliance, and Threat Defense Software. The company updated its security advisory on November 5, 2025, revealing that threat actors have discovered a new attack variant capable of fully compromising devices on unpatched systems.…
-
Google Issues Emergency Chrome Update to Fix Critical RCE Flaw
Google has released an emergency security update for Chrome across all platforms, rolling out version 142.0.7444.134 and 142.0.7444.135 to address five critical and medium-severity vulnerabilities. The update addresses urgent security concerns identified in the browser’s WebGPU implementation and other core components that could expose users to remote code execution attacks. The emergency release came on…
-
Severe React Native Flaw Exposes Developer Systems to Remote Attacks
JFrog researchers found a critical RCE vulnerability (CVE-2025-11953) in the popular React Native CLI. Developers using versions 4.8.0-20.0.0-alpha.2 must update to patch the flaw. First seen on hackread.com Jump to article: hackread.com/react-native-flaw-exposes-developer-remote-attacks/
-
Critical RCE Bug in Leading React Native NPM Module Could Allow Full System Compromise
A severe security vulnerability has been discovered in a widely used React Native development package, potentially exposing millions of developers to remote attacks. Security researchers from JFrog recently uncovered CVE-2025-11953, a critical remote code execution flaw affecting the @react-native-community/cli NPM package, which receives approximately two million weekly downloads. The vulnerability carries a maximum CVSS score…
-
Global Spies Use ZipperDown and Android Zero-Days for 1-Click Email Client RCE and Account Takeover
The post Global Spies Use ZipperDown and Android Zero-Days for 1-Click Email Client RCE and Account Takeover appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/global-spies-use-zipperdown-and-android-zero-days-for-1-click-email-client-rce-and-account-takeover/
-
Ubiquiti Unifi Access mit Schwachstelle CVE-2025-52665 (CVSS 10.0)
Unschöne Überraschung für Nutzer und Administratoren der Zutrittskontrolllösung Unifi Access von Ubiquiti. Sicherheitsexperten sind auf eine RCE-Schwachstelle (CVE-2025-52665) gestoßen, die mit dem maximalen CVSS 3.1 Score von 10.0 bewertet wurde. Der Hersteller bietet seit dem 23. Oktober 2025 ein Update … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/11/04/ubiquiti-unify-access-mit-schwachstelle-cve-2025-52665-cvss-10-0/