Tag: remote-code-execution
-
Critical vLLM Flaw Exposes Millions of AI Servers to Remote Code Execution
A newly disclosed security flaw has placed millions of AI servers at risk after researchers identified a critical vulnerability in vLLM, a widely deployed Python package for serving large language models. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/cve-2026-22778-vllm-rce-malicious-video-link/
-
OpenClaw Bug Enables One-Click Remote Code Execution via Malicious Link
A high-severity security flaw has been disclosed in OpenClaw (formerly referred to as Clawdbot and Moltbot) that could allow remote code execution (RCE) through a crafted malicious link.The issue, which is tracked as CVE-2026-25253 (CVSS score: 8.8), has been addressed in version 2026.1.29 released on January 30, 2026. It has been described as a token…
-
Ivanti Issues Urgent Fix for Critical Zero-Day Flaws Under Active Attack
Ivanti has disclosed two critical remote code execution (RCE) flaws (CVE-2026-1281 CVE-2026-1340) in its EPMM software. First seen on hackread.com Jump to article: hackread.com/ivanti-urgent-fix-critical-zero-day-vulnerabilities/
-
Ivanti Issues Urgent Fix for Critical Zero-Day Flaws Under Active Attack
Ivanti has disclosed two critical remote code execution (RCE) flaws (CVE-2026-1281 CVE-2026-1340) in its EPMM software. First seen on hackread.com Jump to article: hackread.com/ivanti-urgent-fix-critical-zero-day-vulnerabilities/
-
OpenClaw patches one-click RCE as security Whac-A-Mole continues
Researchers disclose rapid exploit chain that let attackers run code via a single malicious web page First seen on theregister.com Jump to article: www.theregister.com/2026/02/02/openclaw_security_issues/
-
Schwerwiegende Schwachstelle in IDIS-Videoüberwachungssystemen ermöglicht Spear-Phishing-Angriffe
Die Sicherheitsforscher von Team82, der Forschungsabteilung des Spezialisten für die Sicherheit von cyberphysischen Systemen (CPS) Claroty, haben eine 1-Click-Remote-Code-Execution-Schwachstelle (CVE-2025-12556) im IDIS-Cloud-Manager-Viewer entdeckt. Es reicht also ein einziger unbedachter Klick des Opfers aus, um Schadcode direkt auf dem Gerät auszuführen, auf dem der ICM-Viewer gehostet wird. IDIS empfiehlt allen Nutzern des ICM-Viewers dringend, ihre Geräte…
-
1-Click Flaw in ClawDBot Allows Remote Code Execution
A high-severity authentication bypass vulnerability has been discovered in ClawDBot, a popular npm package, enabling attackers to achieve remote code execution through a single malicious link. The flaw stems from the insufficient validation of the gateway URL parameter, combined with automatic connection behaviour that exposes authentication tokens to unauthorised actors. Vulnerability Overview The vulnerability, identified…
-
Ivanti Fixes Actively Exploited RCE Flaws in Endpoint Manager Mobile
Ivanti patched actively exploited EPMM flaws that enable unauthenticated remote code execution. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/ivanti-fixes-actively-exploited-rce-flaws-in-endpoint-manager-mobile/
-
Second Round of Critical RCE Bugs in n8n Spikes Corporate Risk
A new around of vulnerabilities in the popular AI automation platform could let attackers hijack servers and steal credentials, allowing full takeover. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/critical-flaws-n8n-compromise-customer-security
-
Ivanti Endpoint Manager Vulnerability Allows Remote Code Execution,
Ivanti has disclosed two critical vulnerabilities affecting Endpoint Manager Mobile (EPMM) that could allow attackers to achieve unauthenticated remote code execution. The flaws, tracked as CVE-2026-1281 and CVE-2026-1340, both stem from code injection issues and carry a maximum CVSS severity score of 9.8, indicating critical risk to affected deployments. Vulnerability Overview Both vulnerabilities enable attackers…
-
SmarterMail Fixes Critical Unauthenticated RCE Flaw with CVSS 9.3 Score
SmarterTools has addressed two more security flaws in SmarterMail email software, including one critical security flaw that could result in arbitrary code execution.The vulnerability, tracked as CVE-2026-24423, carries a CVSS score of 9.3 out of 10.0.”SmarterTools SmarterMail versions prior to build 9511 contain an unauthenticated remote code execution vulnerability in the ConnectToHub API First seen…
-
Two Ivanti EPMM Zero-Day RCE Flaws Actively Exploited, Security Updates Released
Tags: attack, cve, cybersecurity, endpoint, exploit, flaw, infrastructure, ivanti, kev, mobile, rce, remote-code-execution, update, vulnerability, zero-dayIvanti has rolled out security updates to address two security flaws impacting Ivanti Endpoint Manager Mobile (EPMM) that have been exploited in zero-day attacks, one of which has been added by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to its Known Exploited Vulnerabilities (KEV) catalog.The critical-severity vulnerabilities are listed below -CVE-2026-1281 (CVSS score: First…
-
SolarWinds addressed four critical Web Help Desk flaws
SolarWinds patched six Web Help Desk vulnerabilities, including four critical flaws exploitable without authentication for RCE or auth bypass. SolarWinds released security updates to address six Web Help Desk vulnerabilities, including four critical bugs that allow unauthenticated remote code execution or authentication bypass. The three critical flaws found by watchTowr, and specifically by researcher Piotr…
-
ThreatsDay Bulletin: New RCEs, Darknet Busts, Kernel Bugs & 25+ More Stories
This week’s updates show how small changes can create real problems. Not loud incidents, but quiet shifts that are easy to miss until they add up. The kind that affects systems people rely on every day.Many of the stories point to the same trend: familiar tools being used in unexpected ways. Security controls are being…
-
Critical RCE bugs expose the n8n automation platform to host”‘level compromise
Python code node escape breaks isolation: JFrog also identified a separate sandbox escape affecting n8n’s Python Code node when the platform is configured to use its “Internal” execution mode. In this case, restrictions intended to contain Python code execution can be bypassed, again allowing authenticated users to run arbitrary code outside the sandbox.The second issue,…
-
OpenSSL issued security updates to fix 12 flaws, including Remote Code Execution
OpenSSL released security updates that address 12 flaws, including a high-severity remote code execution vulnerability. OpenSSL issued security updates fixing 12 vulnerabilities in the open-source cryptographic library, including a high-severity remote code execution flaw. Cybersecurity firm Aisle discovered the twelve vulnerabilities. The addressed issues are mainly tied to memory safety, parsing robustness, and resource handling.…
-
SolarWinds fixes critical Web Help Desk RCE vulnerabilities, upgrade ASAP!
SolarWinds has fixed six critical and high-severity vulnerabilities in its popular Web Help Desk (WHD) support ticketing and asset management solution, and is urging customers … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/29/solarwinds-web-help-desk-rce-vulnerabilities/
-
SolarWinds Fixes Four Critical Web Help Desk Flaws With Unauthenticated RCE and Auth Bypass
SolarWinds has released security updates to address multiple security vulnerabilities impacting SolarWinds Web Help Desk, including four critical vulnerabilities that could result in authentication bypass and remote code execution (RCE).The list of vulnerabilities is as follows -CVE-2025-40536 (CVSS score: 8.1) – A security control bypass vulnerability that could allow an unauthenticated First seen on thehackernews.com…
-
SolarWinds, again: Critical RCE bugs reopen old wounds for enterprise security teams
Tags: access, attack, authentication, awareness, breach, cisco, control, credentials, cve, cybersecurity, data, exploit, flaw, fortinet, infrastructure, malicious, programming, radius, rce, remote-code-execution, software, threat, update, vulnerabilityRemote code execution and data deserialization vulnerabilities CVE-2025-40551 (critical) and CVE-2025-40553 (critical);Authentication and bypass security flaws CVE-2025-40552 (critical), CVE-2025-40554 (critical), CVE-2025-40536 (high), and CVE-2025-40537 (high).CVE-2025-40551 and CVE-2025-40553 make WHD susceptible to untrusted data deseralization that could allow attackers to run commands on the host machine. The flaw could be exploited without authentication.The other two critical…
-
OpenSSL Vulnerabilities Cause Risk of Remote Code Execution
OpenSSL patched 12 flaws found by AISLE, including a high-severity bug that could enable remote code execution. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/openssl-vulnerabilities-cause-risk-of-remote-code-execution/
-
New sandbox escape flaw exposes n8n instances to RCE attacks
Two vulnerabilities in the n8n workflow automation platform could allow attackers to fully compromise affected instances, access sensitive data, and execute arbitrary code on the underlying host. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-sandbox-escape-flaw-exposes-n8n-instances-to-rce-attacks/
-
CVE-2025-56005: Python PLY Flaw Enables Remote Code Execution
CVE-2025-56005 allows remote code execution in Python PLY via unsafe pickle deserialization during startup. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/cve-2025-56005-python-ply-flaw-enables-remote-code-execution/
-
Critical and High Severity n8n Sandbox Flaws Allow RCE
Two critical security flaws in n8n have exposed sandboxing vulnerabilities, enabling remote code execution for attackers First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/n8n-sandbox-flaws-allow-rce/
-
SolarWinds warns of critical Web Help Desk RCE, auth bypass flaws
SolarWinds has released security updates to patch critical authentication bypass and remote command execution vulnerabilities in its Web Help Desk IT help desk software. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/solarwinds-warns-of-critical-web-help-desk-rce-auth-bypass-flaws/
-
Gemini MCP Tool 0-Day Vulnerability Exposes Systems to Remote Code Execution
A critical zero-day vulnerability has been disclosed in the Gemini MCP Tool, enabling unauthenticated remote attackers to execute arbitrary code on vulnerable installations without requiring user interaction or authentication. The vulnerability, tracked as CVE-2026-0755 with a CVSS score of 9.8, represents a severe risk to systems utilizing this tool in production environments. Vulnerability Overview The…
-
Critical IDIS IP Camera Vulnerability Allows Full Computer Compromise with One-Click Exploit
Tags: cctv, cloud, computer, cyber, exploit, remote-code-execution, software, vulnerability, windowsA critical vulnerability in IDIS Cloud Manager (ICM) Viewer exposes organizations using IDIS IP cameras to one-click remote code execution (RCE), potentially allowing attackers to compromise Windows systems used to monitor video surveillance fully. IDIS, a South Koreabased global video surveillance vendor, offers an end-to-end ecosystem comprising IP cameras, NVRs, video management software, and a…
-
Two High-Severity n8n Flaws Allow Authenticated Remote Code Execution
Cybersecurity researchers have disclosed two new security flaws in the n8n workflow automation platform, including a crucial vulnerability that could result in remote code execution.The weaknesses, discovered by the JFrog Security Research team, are listed below -CVE-2026-1470 (CVSS score: 9.9) – An eval injection vulnerability that could allow an authenticated user to bypass the Expression…
-
Pyodide Sandbox Escape Enables Remote Code Execution in Grist-Core
Critical sandbox escape vulnerability in Grist-Core enables remote code execution via a malicious formula First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/pyodide-sandbox-escape-rce-grist/
-
Over 6,000 SmarterMail Servers Exposed to Actively Exploited RCE Vulnerability
Tags: cve, cyber, data-breach, detection, email, exploit, rce, remote-code-execution, threat, vulnerabilityApproximately 6,000 vulnerable SmarterTools SmarterMail installations globally are all exposed to an actively exploited remote code execution vulnerability. The vulnerability, tracked as CVE-2026-23760, poses an immediate threat to organisations relying on SmarterMail for email and collaboration services. The Shadowserver Foundation integrated CVE-2026-23760 detection into their daily vulnerable HTTP scans, flagging susceptible servers based on version…