Tag: rce
-
Cisco Confirms Active Exploitation of Secure ASA and FTD RCE Vulnerability
Cisco has issued a critical warning about ongoing attacks targeting a severe remote code execution vulnerability affecting its Secure Firewall, Adaptive Security Appliance, and Threat Defense Software. The company updated its security advisory on November 5, 2025, revealing that threat actors have discovered a new attack variant capable of fully compromising devices on unpatched systems.…
-
Google Issues Emergency Chrome Update to Fix Critical RCE Flaw
Google has released an emergency security update for Chrome across all platforms, rolling out version 142.0.7444.134 and 142.0.7444.135 to address five critical and medium-severity vulnerabilities. The update addresses urgent security concerns identified in the browser’s WebGPU implementation and other core components that could expose users to remote code execution attacks. The emergency release came on…
-
Severe React Native Flaw Exposes Developer Systems to Remote Attacks
JFrog researchers found a critical RCE vulnerability (CVE-2025-11953) in the popular React Native CLI. Developers using versions 4.8.0-20.0.0-alpha.2 must update to patch the flaw. First seen on hackread.com Jump to article: hackread.com/react-native-flaw-exposes-developer-remote-attacks/
-
Critical RCE Bug in Leading React Native NPM Module Could Allow Full System Compromise
A severe security vulnerability has been discovered in a widely used React Native development package, potentially exposing millions of developers to remote attacks. Security researchers from JFrog recently uncovered CVE-2025-11953, a critical remote code execution flaw affecting the @react-native-community/cli NPM package, which receives approximately two million weekly downloads. The vulnerability carries a maximum CVSS score…
-
Global Spies Use ZipperDown and Android Zero-Days for 1-Click Email Client RCE and Account Takeover
The post Global Spies Use ZipperDown and Android Zero-Days for 1-Click Email Client RCE and Account Takeover appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/global-spies-use-zipperdown-and-android-zero-days-for-1-click-email-client-rce-and-account-takeover/
-
Ubiquiti Unifi Access mit Schwachstelle CVE-2025-52665 (CVSS 10.0)
Unschöne Überraschung für Nutzer und Administratoren der Zutrittskontrolllösung Unifi Access von Ubiquiti. Sicherheitsexperten sind auf eine RCE-Schwachstelle (CVE-2025-52665) gestoßen, die mit dem maximalen CVSS 3.1 Score von 10.0 bewertet wurde. Der Hersteller bietet seit dem 23. Oktober 2025 ein Update … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/11/04/ubiquiti-unify-access-mit-schwachstelle-cve-2025-52665-cvss-10-0/
-
Android Hit by 0-Click RCE Vulnerability in Core System Component
Google has released an urgent security alert addressing a critical remote code execution vulnerability affecting Android devices worldwide. The vulnerability, tracked as CVE-2025-48593, exists in Android’s System component and requires no user interaction for exploitation, making it an exceptionally dangerous threat. The flaw affects Android versions 13 through 16 and demands immediate attention from device…
-
Ubiquiti Unify Access mit Schwachstelle CVE-2025-52665 (CVSS 10.0)
Unschöne Überraschung für Nutzer und Administratoren der Zutrittskontrolllösung Unify Access von Ubiquiti. Sicherheitsexperten sind auf eine RCE-Schwachstelle (CVE-2025-52665) gestoßen, die mit dem maximalen CVSS 3.1 Score von 10.0 bewertet wurde. Der Hersteller bietet seit dem 23. Oktober 2025 ein Update … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/11/04/ubiquiti-unify-access-mit-schwachstelle-cve-2025-52665-cvss-10-0/
-
Sketchy Graphics: Windows GDI Flaws Open RCE and Data Loss
Check Point finds Windows GDI bugs enabling RCE and data leaks. Learn how Microsoft patched and how to protect your systems. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/news/windows-gdi-vulnerabilities/
-
Unauthenticated RCE in WSUS Puts Organizations at Risk
Microsoft patches WSUS RCE flaw letting attackers gain SYSTEM access. Learn how to secure servers and prevent exploitation. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/news/wsus-vulnerability/
-
Unauthenticated RCE in WSUS Puts Organizations at Risk
Microsoft patches WSUS RCE flaw letting attackers gain SYSTEM access. Learn how to secure servers and prevent exploitation. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/news/wsus-vulnerability/
-
Unauthenticated RCE in WSUS Puts Organizations at Risk
Microsoft patches WSUS RCE flaw letting attackers gain SYSTEM access. Learn how to secure servers and prevent exploitation. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/news/wsus-vulnerability/
-
FreePBX Endpoint mit kritischer RCE-Schwachstelle CVE-2025-57819
Es gibt eine Schwachstelle CVE-2025-57819 in FreePX Endpoint. Eine nicht authentifizierte SQL-Injection-Möglichkeit kann zur Remote Code Execution (RCE) in dieser Software, die aus Teams-Ersatz verwendet wird, führen. Hier ein Übersicht über das Problem, welche mir die Tage untergekommen ist. Was … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/11/01/freepbx-endpoint-mit-kritischer-rce-schwachstelle-cve-2025-57819/
-
FreePBX Endpoint mit kritischer RCE-Schwachstelle CVE-2025-57819
Es gibt eine Schwachstelle CVE-2025-57819 in FreePX Endpoint. Eine nicht authentifizierte SQL-Injection-Möglichkeit kann zur Remote Code Execution (RCE) in dieser Software, die aus Teams-Ersatz verwendet wird, führen. Hier ein Übersicht über das Problem, welche mir die Tage untergekommen ist. Was … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/11/01/freepbx-endpoint-mit-kritischer-rce-schwachstelle-cve-2025-57819/
-
Critical RediShell RCE Vulnerability Threatens 8,500+ Redis Deployments Worldwide
A critical security vulnerability in Redis’s Lua scripting engine has left thousands of database instances vulnerable to remote code execution attacks. The RediShell RCE vulnerability, tracked as CVE-2025-49844, was publicly disclosed in early October 2025 by cloud security firm Wiz, revealing a use-after-free memory corruption issue that enables attackers to escape the Lua sandbox and…
-
Critical RediShell RCE Vulnerability Threatens 8,500+ Redis Deployments Worldwide
A critical security vulnerability in Redis’s Lua scripting engine has left thousands of database instances vulnerable to remote code execution attacks. The RediShell RCE vulnerability, tracked as CVE-2025-49844, was publicly disclosed in early October 2025 by cloud security firm Wiz, revealing a use-after-free memory corruption issue that enables attackers to escape the Lua sandbox and…
-
Critical RediShell RCE Vulnerability Threatens 8,500+ Redis Deployments Worldwide
A critical security vulnerability in Redis’s Lua scripting engine has left thousands of database instances vulnerable to remote code execution attacks. The RediShell RCE vulnerability, tracked as CVE-2025-49844, was publicly disclosed in early October 2025 by cloud security firm Wiz, revealing a use-after-free memory corruption issue that enables attackers to escape the Lua sandbox and…
-
PoC verfügbar – Notfall-Update für kritische RCE-Sicherheitslücke in WSUS
First seen on security-insider.de Jump to article: www.security-insider.de/microsoft-notfall-patch-kritische-wsus-sicherheitsluecke-a-d338bab93ebc2563e1999cae18f17e00/
-
Kaspersky Exposes Chrome Zero-Day RCE (CVE-2025-2783) Delivering Memento Labs Spyware in ForumTroll Campaign
The post Kaspersky Exposes Chrome Zero-Day RCE (CVE-2025-2783) Delivering Memento Labs Spyware in ForumTroll Campaign appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/kaspersky-exposes-chrome-zero-day-rce-cve-2025-2783-delivering-memento-labs-spyware-in-forumtroll-campaign/
-
Wordfence blocks 8.7M attacks exploiting old GutenKit and Hunk Companion flaws
Hackers exploited old RCE flaws in WordPress GutenKit and Hunk Companion plugins. Wordfence firm blocked 8.7M attacks in two days. In September and October 2024, submissions revealed Arbitrary Plugin Installation vulnerabilities in GutenKit and Hunk Companion WordPress plugins, with 40,000 and 8,000+ installs, respectively. These flaws allow unauthenticated attackers to install plugins and achieve RCE.…
-
Wordfence blocks 8.7M attacks exploiting old GutenKit and Hunk Companion flaws
Hackers exploited old RCE flaws in WordPress GutenKit and Hunk Companion plugins. Wordfence firm blocked 8.7M attacks in two days. In September and October 2024, submissions revealed Arbitrary Plugin Installation vulnerabilities in GutenKit and Hunk Companion WordPress plugins, with 40,000 and 8,000+ installs, respectively. These flaws allow unauthenticated attackers to install plugins and achieve RCE.…
-
CISA Beware! Hackers Are Actively Exploiting Windows Server Update Services RCE Flaw in the Wild
Tags: attack, cisa, cve, cyber, cybersecurity, exploit, flaw, hacker, microsoft, rce, remote-code-execution, service, update, vulnerability, windowsCybersecurity researchers are sounding the alarm after discovering that hackers are actively exploiting a critical remote code execution (RCE) vulnerability in Microsoft’s Windows Server Update Services (WSUS). The flaw, tracked as CVE-2025-59287, allows unauthenticated attackers to run arbitrary code on vulnerable servers, and evidence suggests that these attacks are being carried out manually, a technique…
-
CVE-2025-59287: Microsoft fixes critical WSUS flaw under active attack
Microsoft released urgent updates to address the critical WSUS RCE vulnerability CVE-2025-59287, which is under active attack.. Microsoft released an out-of-band fix for CVE-2025-59287, a critical WSUS RCE flaw (CVSS 9.8) that is under active exploitation. Researchers MEOW and Markus Wulftange of CODE WHITE GmbH reported the vulnerability. >>To comprehensively address CVE-2025-59287, Microsoft has released…
-
Microsoft Releases Urgent Fix for Windows Server Update Services RCE FLaw
Microsoft has released a critical security patch to address a severe remote code execution vulnerability affecting Windows Server Update Services (WSUS). The flaw, tracked as CVE-2025-59287, poses an immediate threat to organizations managing Windows updates across their infrastructure. Attribute Details CVE ID CVE-2025-59287 Released October 14, 2025 Last Updated October 23, 2025 Vulnerability Type Remote…
-
Active Exploits Target Magento and Adobe Commerce RCE, Attackers Inject Webshells
Unauthenticated attackers are actively exploiting a critical vulnerability affecting Adobe Commerce and Magento platforms worldwide. The flaw, tracked as CVE-2025-54236 and dubbedSessionReaper, enables remote code execution and customer account takeover on thousands of online stores. CVE ID Vulnerability Name Affected Products Type CVSS 3.1 CVE-2025-54236 SessionReaper Adobe Commerce & Magento (all versions) Unauthenticated RCE, Account…
-
Active Exploits Target Magento and Adobe Commerce RCE, Attackers Inject Webshells
Unauthenticated attackers are actively exploiting a critical vulnerability affecting Adobe Commerce and Magento platforms worldwide. The flaw, tracked as CVE-2025-54236 and dubbedSessionReaper, enables remote code execution and customer account takeover on thousands of online stores. CVE ID Vulnerability Name Affected Products Type CVSS 3.1 CVE-2025-54236 SessionReaper Adobe Commerce & Magento (all versions) Unauthenticated RCE, Account…
-
RCE Vulnerability (CVE-2025-62518) Discovered in Popular Rust Library async-tar and Its Forks
A critical flaw has been identified in a Rust library that demands immediate attention from developers and IT decision-makers leveraging the Rust ecosystem. The vulnerability, tracked as CVE”‘2025″‘62518, exposes serious remote code execution (RCE) risks in the widely used async tar library ecosystem. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/cve%e2%80%912025%e2%80%9162518-rce-flaw-in-async-tar/
-
Active Exploits Target Magento and Adobe Commerce RCE, Attackers Inject Webshells
Unauthenticated attackers are actively exploiting a critical vulnerability affecting Adobe Commerce and Magento platforms worldwide. The flaw, tracked as CVE-2025-54236 and dubbedSessionReaper, enables remote code execution and customer account takeover on thousands of online stores. CVE ID Vulnerability Name Affected Products Type CVSS 3.1 CVE-2025-54236 SessionReaper Adobe Commerce & Magento (all versions) Unauthenticated RCE, Account…
-
TARmageddon Security Flaw in Rust Library Could Lead to Config Tampering and RCE
The Edera security team has discovered a critical vulnerability in the async-tar Rust library and its descendants, including the widely-used tokio-tar. Dubbed TARmageddon and assigned CVE-2025-62518, this flaw carries a CVSS score of 8.1 (High) and enables attackers to execute remote code by overwriting configuration files and hijacking critical build systems. Field Details CVE ID CVE-2025-62518 Vulnerability…
-
TARmageddon Security Flaw in Rust Library Could Lead to Config Tampering and RCE
The Edera security team has discovered a critical vulnerability in the async-tar Rust library and its descendants, including the widely-used tokio-tar. Dubbed TARmageddon and assigned CVE-2025-62518, this flaw carries a CVSS score of 8.1 (High) and enables attackers to execute remote code by overwriting configuration files and hijacking critical build systems. Field Details CVE ID CVE-2025-62518 Vulnerability…