Tag: remote-code-execution
-
New Veeam vulnerability exposes backup servers to RCE attacks
Veeam has released security updates to patch a critical Backup & Replication security flaw that can be exploited to gain remote code execution (RCE) on domain-joined backup servers. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-veeam-vulnerability-exposes-backup-servers-to-rce-attacks/
-
LiteLLM Vulnerability Allows Attackers to Execute Arbitrary Commands on Servers
Tags: ai, authentication, control, cve, cyber, data-breach, infrastructure, remote-code-execution, risk, vulnerabilityA critical vulnerability chain affecting LiteLLM has been identified, enabling unauthenticated remote code execution (RCE) on exposed servers. Tracked as CVE-2026-42271 and chained to CVE-2026-48710, the issue allows attackers to bypass authentication controls and execute arbitrary system commands, posing a severe risk to AI infrastructure that relies on LiteLLM deployments. LiteLLM Vulnerability CVE-2026-42271 is a…
-
LiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to Unauthenticated RCE
Tags: cve, cybersecurity, exploit, flaw, infrastructure, injection, kev, rce, remote-code-execution, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity flaw impacting BerriAI LiteLLM to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.The vulnerability, tracked as CVE-2026-42271 (CVSS score: 8.7), is a command injection vulnerability that could allow any authenticated user to run arbitrary commands on the First seen…
-
Gogs patches critical zero-day enabling remote code execution
Gogs has patched a critical security zero-day flaw that can allow attackers to compromise Internet-facing instances and access any repositories (including private ones). First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/gogs-patches-critical-zero-day-enabling-remote-code-execution/
-
Google Fixes 429 Chrome Vulnerabilities, Including 22 Critical Bugs
Google has released Chrome 149 to the stable channel, addressing a significant batch of 429 security vulnerabilities across Windows, macOS, and Linux, including 22 critical flaws that could enable remote code execution, memory corruption, and sandbox escapes. The update, version 149.0.7827.53/54, is being rolled out gradually and includes fixes across multiple components, including ANGLE, GPU,…
-
Google Fixes 429 Chrome Vulnerabilities, Including 22 Critical Bugs
Google has released Chrome 149 to the stable channel, addressing a significant batch of 429 security vulnerabilities across Windows, macOS, and Linux, including 22 critical flaws that could enable remote code execution, memory corruption, and sandbox escapes. The update, version 149.0.7827.53/54, is being rolled out gradually and includes fixes across multiple components, including ANGLE, GPU,…
-
Internet Explorer WebBrowser Control Abuse Lets Attackers Convert Clicks Into RCE
Internet Explorer’s legacy WebBrowser control can be abused to turn seemingly harmless user clicks into full remote code execution (RCE), even on systems that no longer use Internet Explorer as a standalone browser. Although Microsoft officially ended support for IE, the Trident engine and WebBrowser ActiveX control remain embedded in numerous Windows applications built with…
-
Critical Redis Vulnerability Could Let Attackers Execute Code and Hijack Servers
A critical vulnerability in Redis, tracked as CVE-2026-23631 and dubbed “DarkReplica,” exposes authenticated deployments to remote code execution (RCE) through a complex use-after-free (UAF) condition in the replication subsystem. Discovered by security researcher Yoni Sherez during the ZeroDay. In the Cloud 2025 competition, the flaw demonstrates how Redis’s internal Lua execution model and replication logic…
-
Critical UniFi OS RCE Chain Grants Root Access Without Credentials
Tags: access, advisory, authentication, credentials, cyber, flaw, injection, rce, remote-code-execution, update, vulnerabilitySecurity Advisory Bulletin 064 describing a critical chain of vulnerabilities in UniFi OS Server that allows unauthenticated remote code execution and full root takeover. The issue combines an authentication-gateway bypass, a path-traversal mismatch, and a command-injection sink in the package-update service. When chained, these flaws let an attacker send a single crafted HTTP request to…
-
Malicious Hugging Face Models Could Trigger Remote Code Execution
A flaw in Hugging Face Transformers could allow malicious AI models to execute code, exposing credentials and highlighting AI supply chain risks. The post Malicious Hugging Face Models Could Trigger Remote Code Execution appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-hugging-face-transformers-rce-flaw/
-
Critical UniFi OS Auth Bypass Flaws Lead to Unauthenticated Root RCE
Ubiquiti has addressed three critical vulnerabilities within the UniFi OS Server that attackers can chain together to achieve unauthenticated remote code execution (RCE) with root privileges. Disclosed on May 21, 2026, via Security Advisory Bulletin 064 (SAB-064), the flaws are tracked as CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910. Each vulnerability carries a maximum CVSS 3.1 severity score…
-
Critical Redis vulnerability CVE-2026-23479 allows remote code execution
First seen on scworld.com Jump to article: www.scworld.com/brief/critical-redis-vulnerability-cve-2026-23479-allows-remote-code-execution
-
Six protobuf.js Vulnerabilities Expose RCE and DoS Risks
Six protobuf.js vulnerabilities could enable RCE, DoS attacks, and software supply chain compromise across enterprise environments. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/six-protobuf-js-vulnerabilities-expose-rce-and-dos-risks/
-
Hugging Face Vulnerability Allows Remote Code Execution
Hugging Face flaw allows RCE from malicious AI models. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/hugging-face-vulnerability-allows-remote-code-execution/
-
Hugging Face Transformers Security Flaw Allows Remote Code Execution
A critical security flaw in Hugging Face Transformers, tracked as CVE-2026-4372, has exposed millions of machine learning workflows to silent remote code execution (RCE) through a malicious model configuration. Discovered by Pluto Security researcher Yotam Perkal, the issue allows attackers to execute arbitrary code on a victim’s system simply by tricking them into loading a…
-
Hackers Exploit Critical Everest Forms Pro WordPress Plugin Flaw to Take Over Sites
Threat actors are actively exploiting a critical security flaw in Everest Forms Pro, a WordPress plugin with about 4,000 active installations, to execute arbitrary code, leading to a complete site compromise.The vulnerability in question is CVE-2026-3300 (CVSS score: 9.8), a remote code execution bug impacting all versions of the plugin up to, and including, 1.9.12.…
-
Hackers Exploit Critical Everest Forms Pro WordPress Plugin Flaw to Take Over Sites
Threat actors are actively exploiting a critical security flaw in Everest Forms Pro, a WordPress plugin with about 4,000 active installations, to execute arbitrary code, leading to a complete site compromise.The vulnerability in question is CVE-2026-3300 (CVSS score: 9.8), a remote code execution bug impacting all versions of the plugin up to, and including, 1.9.12.…
-
CVE-2026-45659 nutzt Deserialisierungsfehler in SharePoint aus – SharePoint RCE-Lücke funktioniert mit einfachem Benutzerkonto
First seen on security-insider.de Jump to article: www.security-insider.de/cve-2026-45659-sharepoint-rce-deserialisierung-benutzerkonto-a-5f30a8cda8b234615bd275711560a4cf/
-
Everest Forms Pro Vulnerability Allows Remote Code Execution on WordPress Sites
Critical Everest Forms Pro RCE flaw exploited to create rogue WordPress admin accounts First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/everest-forms-pro-rce-actively/
-
CISA Adds Exploited Magento RCE Flaw CVE-2026-45247 to KEV Catalog
Tags: cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, rce, remote-code-execution, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical flaw impacting Mirasvit Cache Warmer, a popular Magento full-page cache extension, to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation in the wild.The vulnerability, tracked as CVE-2026-45247 (CVSS score: 9.8), is a case of deserialization of untrusted First seen…
-
Autonomous AI Tool Finds 2-Year-Old RCE Flaw in Redis (CVE-2026-23479)
Redis has patched a use-after-free in its blocking-client code that lets an authenticated user run arbitrary OS commands on the machine hosting the database. The flaw was found by an autonomous AI tool built to hunt bugs in large codebases.Tracked as CVE-2026-23479, the flaw was introduced in Redis 7.2.0 and remained in every stable branch…
-
Microsoft MSRC Allegedly Declines Action on Dependency Confusion Vulnerability
Microsoft is facing scrutiny after reportedly declining to treat a critical dependency confusion vulnerability affecting Azure Portal assets as a security issue, despite a proof-of-concept exploit demonstrating remote code execution (RCE). Security researcher Wahid Fayad identified the issue while analyzing JavaScript assets served via portal.azure.com. The investigation revealed an internal Node.js dependency, FxInternal/NetDiagnostics, that was not…
-
Why an HP Poly VoIP Phones Bug Could Become an Enterprise Foothold
Rapid7 details a critical unauthenticated overflow in HP Poly VoIP phones that can lead to root RCE, with patches available for affected models. Rapid7’s latest disclosure on CVE-2026-0826 should get serious attention from anyone running HP Poly VoIP phones in an enterprise setting. It’s a critical unauthenticated stack-based buffer overflow that can give a remote…
-
Threat Actors Target Critical Windows Netlogon Flaw CVE-2026-41089
A critical Windows Netlogon vulnerability, tracked as CVE-2026-41089, has emerged as a significant security concern after authorities warned that threat actors are actively attempting to exploit the flaw to gain remote code execution capabilities on vulnerable systems. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/cve-2026-41089-windows-netlogon-vulnerability/
-
Windows Netlogon RCE exploited, domain controllers at risk (CVE-2026-41089)
CVE-2026-41089, a critical Windows Netlogon RCE flaw that allows remote code execution, is now actively exploited in the wild, the Centre for Cybersecurity Belgium (CCB) … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/01/windows-netlogon-rce-exploited-cve-2026-41089/
-
Critical Flowise Flaw Gives Attackers Full Server Control
Obsidian publishes PoC for a 1-click Flowise RCE that can fully compromise self-hosted servers First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/flowise-mcp-rce-poc/
-
Critical Windows Netlogon RCE flaw now exploited in attacks
Tags: attack, country, cybersecurity, exploit, flaw, rce, remote-code-execution, threat, vulnerability, windowsThe Centre for Cybersecurity Belgium (CCB), the country’s national authority for cybersecurity, warned on Friday that threat actors are now exploiting a recently patched critical Windows Netlogon vulnerability in attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/critical-windows-netlogon-remote-code-execution-flaw-now-exploited-in-attacks/
-
Critical Magento Cache Plugin Vulnerability Enables Remote Code Execution Attacks
A critical security vulnerability in a widely used Magento extension is exposing thousands of online stores to remote code execution (RCE) attacks. The vulnerability, tracked as CVE-2026-45247 and rated 9.8 on the CVSS scale, allows attackers to execute arbitrary code on affected servers without authentication. The vulnerability stems from improper handling of user-controlled input within…
-
Windows Netlogon 0-Click RCE Vulnerability Under Active Exploitation
Tags: cve, cyber, exploit, microsoft, rce, remote-code-execution, risk, update, vulnerability, windowsMicrosoft’s May 2026 Patch Tuesday release has taken a critical turn after security researchers confirmed that a high-risk Windows Netlogon vulnerability is now being actively exploited in the wild. Tracked as CVE-2026-41089, the vulnerability allows unauthenticated attackers to execute remote code against domain controllers without any user interaction, making it one of the most dangerous…
-
ConnectWise Automate Vulnerability Could Allow Security Check Bypass and RCE
ConnectWise disclosed an Automate vulnerability that could enable integrity check bypass and remote code execution. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/connectwise-automate-vulnerability-could-allow-security-check-bypass-and-rce/