Tag: remote-code-execution
-
OpenSSL issued security updates to fix 12 flaws, including Remote Code Execution
OpenSSL released security updates that address 12 flaws, including a high-severity remote code execution vulnerability. OpenSSL issued security updates fixing 12 vulnerabilities in the open-source cryptographic library, including a high-severity remote code execution flaw. Cybersecurity firm Aisle discovered the twelve vulnerabilities. The addressed issues are mainly tied to memory safety, parsing robustness, and resource handling.…
-
SolarWinds fixes critical Web Help Desk RCE vulnerabilities, upgrade ASAP!
SolarWinds has fixed six critical and high-severity vulnerabilities in its popular Web Help Desk (WHD) support ticketing and asset management solution, and is urging customers … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/29/solarwinds-web-help-desk-rce-vulnerabilities/
-
SolarWinds Fixes Four Critical Web Help Desk Flaws With Unauthenticated RCE and Auth Bypass
SolarWinds has released security updates to address multiple security vulnerabilities impacting SolarWinds Web Help Desk, including four critical vulnerabilities that could result in authentication bypass and remote code execution (RCE).The list of vulnerabilities is as follows -CVE-2025-40536 (CVSS score: 8.1) – A security control bypass vulnerability that could allow an unauthenticated First seen on thehackernews.com…
-
SolarWinds, again: Critical RCE bugs reopen old wounds for enterprise security teams
Tags: access, attack, authentication, awareness, breach, cisco, control, credentials, cve, cybersecurity, data, exploit, flaw, fortinet, infrastructure, malicious, programming, radius, rce, remote-code-execution, software, threat, update, vulnerabilityRemote code execution and data deserialization vulnerabilities CVE-2025-40551 (critical) and CVE-2025-40553 (critical);Authentication and bypass security flaws CVE-2025-40552 (critical), CVE-2025-40554 (critical), CVE-2025-40536 (high), and CVE-2025-40537 (high).CVE-2025-40551 and CVE-2025-40553 make WHD susceptible to untrusted data deseralization that could allow attackers to run commands on the host machine. The flaw could be exploited without authentication.The other two critical…
-
OpenSSL Vulnerabilities Cause Risk of Remote Code Execution
OpenSSL patched 12 flaws found by AISLE, including a high-severity bug that could enable remote code execution. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/openssl-vulnerabilities-cause-risk-of-remote-code-execution/
-
New sandbox escape flaw exposes n8n instances to RCE attacks
Two vulnerabilities in the n8n workflow automation platform could allow attackers to fully compromise affected instances, access sensitive data, and execute arbitrary code on the underlying host. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-sandbox-escape-flaw-exposes-n8n-instances-to-rce-attacks/
-
CVE-2025-56005: Python PLY Flaw Enables Remote Code Execution
CVE-2025-56005 allows remote code execution in Python PLY via unsafe pickle deserialization during startup. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/cve-2025-56005-python-ply-flaw-enables-remote-code-execution/
-
Critical and High Severity n8n Sandbox Flaws Allow RCE
Two critical security flaws in n8n have exposed sandboxing vulnerabilities, enabling remote code execution for attackers First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/n8n-sandbox-flaws-allow-rce/
-
SolarWinds warns of critical Web Help Desk RCE, auth bypass flaws
SolarWinds has released security updates to patch critical authentication bypass and remote command execution vulnerabilities in its Web Help Desk IT help desk software. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/solarwinds-warns-of-critical-web-help-desk-rce-auth-bypass-flaws/
-
Gemini MCP Tool 0-Day Vulnerability Exposes Systems to Remote Code Execution
A critical zero-day vulnerability has been disclosed in the Gemini MCP Tool, enabling unauthenticated remote attackers to execute arbitrary code on vulnerable installations without requiring user interaction or authentication. The vulnerability, tracked as CVE-2026-0755 with a CVSS score of 9.8, represents a severe risk to systems utilizing this tool in production environments. Vulnerability Overview The…
-
Critical IDIS IP Camera Vulnerability Allows Full Computer Compromise with One-Click Exploit
Tags: cctv, cloud, computer, cyber, exploit, remote-code-execution, software, vulnerability, windowsA critical vulnerability in IDIS Cloud Manager (ICM) Viewer exposes organizations using IDIS IP cameras to one-click remote code execution (RCE), potentially allowing attackers to compromise Windows systems used to monitor video surveillance fully. IDIS, a South Koreabased global video surveillance vendor, offers an end-to-end ecosystem comprising IP cameras, NVRs, video management software, and a…
-
Two High-Severity n8n Flaws Allow Authenticated Remote Code Execution
Cybersecurity researchers have disclosed two new security flaws in the n8n workflow automation platform, including a crucial vulnerability that could result in remote code execution.The weaknesses, discovered by the JFrog Security Research team, are listed below -CVE-2026-1470 (CVSS score: 9.9) – An eval injection vulnerability that could allow an authenticated user to bypass the Expression…
-
Pyodide Sandbox Escape Enables Remote Code Execution in Grist-Core
Critical sandbox escape vulnerability in Grist-Core enables remote code execution via a malicious formula First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/pyodide-sandbox-escape-rce-grist/
-
Critical vm2 Flaw Lets Attackers Bypass Sandbox and Execute Arbitrary Code in Node.js
A critical vulnerability in the vm2 JavaScript sandbox library (versions ≤ 3.10.0) enables attackers to bypass sandbox protections and execute arbitrary code with full system privileges. The flaw exploits improper sanitization of Promise callback functions, allowing remote code execution without authentication or user interaction. Vulnerability Overview The vm2 library, deployed across 273,000 projects on npm,…
-
Over 6,000 SmarterMail Servers Exposed to Actively Exploited RCE Vulnerability
Tags: cve, cyber, data-breach, detection, email, exploit, rce, remote-code-execution, threat, vulnerabilityApproximately 6,000 vulnerable SmarterTools SmarterMail installations globally are all exposed to an actively exploited remote code execution vulnerability. The vulnerability, tracked as CVE-2026-23760, poses an immediate threat to organisations relying on SmarterMail for email and collaboration services. The Shadowserver Foundation integrated CVE-2026-23760 detection into their daily vulnerable HTTP scans, flagging susceptible servers based on version…
-
Attackers Exploit React2Shell Vulnerability to Target IT Sector Systems
Active exploitation of a critical vulnerability in React Server Components, tracked as CVE”‘2025″‘55182 (React2Shell), targeting companies across multiple industry sectors worldwide. React2Shell affects the Flight protocol, which facilitates client-server communication for React Server Components. The vulnerability stems from insecure deserialization servers accept client data without proper verification, enabling remote code execution under specific conditions. The…
-
Critical Grist-Core Vulnerability Allows RCE Attacks via Spreadsheet Formulas
A critical security flaw has been disclosed in Grist”‘Core, an open-source, self-hosted version of the Grist relational spreadsheet-database, that could result in remote code execution.The vulnerability, tracked as CVE-2026-24002 (CVSS score: 9.1), has been codenamed Cellbreak by Cyera Research Labs.”One malicious formula can turn a spreadsheet into a Remote Code Execution (RCE) beachhead,” First seen…
-
CISA Flags Actively Exploited VMware vCenter RCE Flaw in KEV Catalog
Tags: cisa, cybersecurity, exploit, flaw, infrastructure, kev, rce, remote-code-execution, vcenter, vmware, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting VMware vCenter Server to its Known Exploited Vulnerabilities (KEV) catalog, confirming that the flaw is being actively exploited in real-world attacks. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/vmware-vcenter-cve-2024-37079-exploited/
-
NetSupport Manager 0-Day Vulnerabilities Enable Remote Code Execution
Two critical 0-day vulnerabilities in NetSupport Manager that, when chained, allow unauthenticated remote code execution (RCE). The vulnerabilities were discovered during routine security assessments of operational technology (OT) environments and affect version 14.10.4.0 and earlier, with fixes implemented in version 14.12.0000 released on July 29th, 2025. The two vulnerabilities tracked as CVE-2025-34164 and CVE-2025-34165 reside…
-
PoC Released for GNU InetUtils telnetd RCE as 800K+ Exposed Instances Remain Online
A proof-of-concept exploit for CVE-2026-24061, a critical remote code execution vulnerability in the GNU Inetutils telnetd, has surfaced, with security researchers warning that over 800,000 vulnerable instances remain publicly accessible on the internet. The vulnerability allows unauthenticated attackers to execute arbitrary commands on affected systems running vulnerable versions of the telnetd service. Vulnerability Overview CVE-2026-24061…
-
CISA says critical VMware RCE flaw now actively exploited
CISA has flagged a critical VMware vCenter Server vulnerability as actively exploited and ordered U.S. federal agencies to secure their servers within three weeks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-says-critical-vmware-rce-flaw-now-actively-exploited/
-
Week in review: Fully patched FortiGate firewalls are getting compromised, attackers probe Cisco RCE flaw
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Review: AI Strategy and Security AI Strategy and Security is a guide for … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/25/week-in-review-fully-patched-fortigate-firewalls-are-getting-compromised-attackers-probe-cisco-rce-flaw/
-
Zero-Day Flaw in Cisco Unified Communications Being Targeted
Vendor Ships Emergency Fixes, Warning Flaw Facilitates Full System Compromise. Attackers are targeting a zero-day vulnerability in Cisco’s Unified Communications and Webex products that facilitates remote code execution and root-level access to the underlying operating system, risking full system compromise. Cisco has released patches, warning that no workarounds exist. First seen on govinfosecurity.com Jump to…
-
Cisco Unified CM Zero-Day RCE Under Attack, CISA Issues Warning
Tags: attack, cisa, cisco, communications, cve, cyber, exploit, flaw, kev, rce, remote-code-execution, service, vulnerability, zero-dayCISA has added CVE-2026-20045, a critical zero-day remote code execution (RCE) vulnerability in Cisco Unified Communications Manager (Unified CM), to its Known Exploited Vulnerabilities (KEV) catalog. Added on January 21, 2026, this flaw affects multiple Cisco Unified Communications products, including Unified CM, Unified CM Session Management Edition (SME), Unified CM IM & Presence Service, Cisco…
-
ThreatsDay Bulletin: Pixel Zero-Click, Redis RCE, China C2s, RAT Ads, Crypto Scams & 15+ Stories
Most of this week’s threats didn’t rely on new tricks. They relied on familiar systems behaving exactly as designed, just in the wrong hands. Ordinary files, routine services, and trusted workflows were enough to open doors without forcing them.What stands out is how little friction attackers now need. Some activity focused on quiet reach and…
-
Zoom and GitLab Patch RCE, DoS, and 2FA Bypass Vulnerabilities
Tags: 2fa, business, dos, flaw, gitlab, infrastructure, programming, rce, remote-code-execution, software, update, vulnerabilityBoth platforms serve as backbone infrastructure for remote work and software development, making these flaws particularly dangerous for business continuity. The post Zoom and GitLab Patch RCE, DoS, and 2FA Bypass Vulnerabilities appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-zoom-gitlab-security-flaws-patched/
-
Cisco Unified Communications Zero-Day RCE Flaw Actively Exploited For Root Shell Access
Tags: access, cisco, communications, cve, cyber, exploit, flaw, rce, remote-code-execution, service, vulnerability, zero-dayCisco has warned customers of a critical zero-day vulnerability affecting several of its Unified Communications products, including Cisco Unified Communications Manager (Unified CM), Unified Communications Manager Session Management Edition (Unified CM SME), Unified Communications Manager IM & Presence Service (IM&P), Cisco Unity Connection, and Cisco Webex Calling Dedicated Instance. Tracked as CVE-2026-20045, the vulnerability carries…
-
RCE flaw in Cisco enterprise communications products probed by attackers (CVE-2026-20045)
Cisco has fixed a critical remote code execution vulnerability (CVE-2026-20045) in some of its unified communications solutions that’s being targeted by attackers in the … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/21/cisco-enterprise-communications-cve-2026-20045/
-
Zoom and GitLab Release Security Updates Fixing RCE, DoS, and 2FA Bypass Flaws
Zoom and GitLab have released security updates to resolve a number of security vulnerabilities that could result in denial-of-service (DoS) and remote code execution.The most severe of the lot is a critical security flaw impacting Zoom Node Multimedia Routers (MMRs) that could permit a meeting participant to conduct remote code execution attacks. The vulnerability, tracked…
-
Critical Zoom Vulnerability Enables Remote Code Execution via Command Injection
A critical command injection vulnerability in Zoom Node Multimedia Routers (MMRs) has been disclosed, potentially allowing meeting participants to execute arbitrary code on vulnerable systems. The flaw affects Zoom Node Meetings Hybrid and Meeting Connector deployments, requiring immediate patching across enterprise environments. Vulnerability Overview Zoom Offensive Security identified a command injection flaw in Zoom Node…