Tag: remote-code-execution
-
TARmageddon Flaw in Async-Tar Rust Library Could Enable Remote Code Execution
Cybersecurity researchers have disclosed details of a high-severity flaw impacting the popular async-tar Rust library and its forks, including tokio-tar, that could result in remote code execution under certain conditions.The vulnerability, tracked as CVE-2025-62518 (CVSS score: 8.1), has been codenamed TARmageddon by Edera, which discovered the issue in late August 2025. It impacts several First…
-
Windows Server Update Service (WSUS) Remote Code Execution Vulnerability (CVE-2025-59287) Notice
Overview Recently, NSFOCUS CERT detected that Microsoft released a security update that fixed the Windows Server Update Service (WSUS) remote code execution vulnerability (CVE-2025-59287); Because WSUS’s GetCookie does not perform type verification when processing objects, an unauthenticated attacker can achieve remote code execution by deserializing malicious data to control the target server. The CVSS score…The…
-
Windows Server Update Service (WSUS) Remote Code Execution Vulnerability (CVE-2025-59287) Notice
Overview Recently, NSFOCUS CERT detected that Microsoft released a security update that fixed the Windows Server Update Service (WSUS) remote code execution vulnerability (CVE-2025-59287); Because WSUS’s GetCookie does not perform type verification when processing objects, an unauthenticated attacker can achieve remote code execution by deserializing malicious data to control the target server. The CVSS score…The…
-
TP-Link Patches Four Omada Gateway Flaws, Two Allow Remote Code Execution
TP-Link has released security updates to address four security flaws impacting Omada gateway devices, including two critical bugs that could result in arbitrary code execution.The vulnerabilities in question are listed below -CVE-2025-6541 (CVSS score: 8.6) – An operating system command injection vulnerability that could be exploited by an attacker who can log in to the…
-
Researchers uncover remote code execution flaw in abandoned Rust code library
The high-severity defect affects a widely used, but largely hidden, archive tool that spans many forks. First seen on cyberscoop.com Jump to article: cyberscoop.com/async-tar-rust-open-source-vulnerability/
-
Over 71,000 WatchGuard Devices Exposed to Remote Code Execution Attacks
The cybersecurity community has raised a serious alarm following the recent daily reporting of vulnerable WatchGuard devices impacted by a major security flaw. According to new data published on October 18, 2025, security researchers at Shadowserver observed over 71,000 WatchGuard devices part of a global exposure that could allow remote code execution attacks. This surge…
-
LANSCOPE Endpoint Manager Flaw Allows Remote Code Execution
A critical security flaw has been found in the on-premise edition of LANSCOPE Endpoint Manager that could let attackers run malicious code on vulnerable machines. The issue, tracked as CVE-2025-61932, involves a remote code execution vulnerability in two core components: the Client Program (MR) and the Detection Agent (DA). Customers have already seen attempts to…
-
Critical WatchGuard Fireware OS Flaw Enables Remote Code Execution
A critical out-of-bounds write flaw (CVE-2025-9242) in WatchGuard Fireware OS could allow remote code execution First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/watchguard-fireware-os-flaw/
-
LANSCOPE Endpoint Manager Flaw Allows Remote Code Execution
A critical security flaw has been found in the on-premise edition of LANSCOPE Endpoint Manager that could let attackers run malicious code on vulnerable machines. The issue, tracked as CVE-2025-61932, involves a remote code execution vulnerability in two core components: the Client Program (MR) and the Detection Agent (DA). Customers have already seen attempts to…
-
Over 75,000 WatchGuard security devices vulnerable to critical RCE
Nearly 76,000 WatchGuard Firebox network security appliances are exposed on the public web and still vulnerable to a critical issue (CVE-2025-9242) that could allow a remote attacker to execute code without authentication. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/over-75-000-watchguard-security-devices-vulnerable-to-critical-rce/
-
Network security devices endanger orgs with ’90s era flaws
Tags: access, application-security, apt, authentication, breach, cisa, cisco, citrix, cloud, control, cve, cyber, cybersecurity, dos, email, endpoint, exploit, finance, firewall, firmware, flaw, government, group, incident response, infrastructure, injection, ivanti, jobs, linux, mitigation, mobile, network, open-source, penetration-testing, programming, regulation, remote-code-execution, reverse-engineering, risk, risk-management, router, service, software, threat, tool, vpn, vulnerability, zero-day2024 networking and security device zero-day flaws Product CVE Flaw type CVSS Check Point Quantum Security Gateways and CloudGuard Network Security CVE-2024-24919 Path traversal leading to information disclosure 8.6 (High) Cisco Adaptive Security Appliance CVE-2024-20359 Arbitrary code execution 6.6 (Medium) Cisco Adaptive Security Appliance CVE-2024-20353 Denial of service 8.6 (High) Cisco Adaptive Security Appliance …
-
CISA Warns of Critical Vulnerability in Adobe Experience Manager Forms
CISA urges immediate patching of Adobe Experience Manager Forms to fix a critical remote code execution flaw. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/cisa-warns-of-critical-vulnerability-in-adobe-experience-manager-forms/
-
CISA Warns of Critical Vulnerability in Adobe Experience Manager Forms
CISA urges immediate patching of Adobe Experience Manager Forms to fix a critical remote code execution flaw. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/cisa-warns-of-critical-vulnerability-in-adobe-experience-manager-forms/
-
Microsoft’s Patch Tuesday: 172 Flaws Fixed
The tech titan is addressing 172 security flaws, including six zero-day vulnerabilities. Among these, eight are rated “Critical,” consisting of five remote code execution bugs and three elevation of privilege issues. The post Microsoft’s Patch Tuesday: 172 Flaws Fixed appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-microsoft-patch-tuesday-october-2025/
-
Critical Cisco IOS and IOS XE Flaws Allow Remote Code Execution
Cisco has disclosed a serious security vulnerability affecting its IOS and IOS XE Software that could allow attackers to execute remote code or crash affected devices. The flaw, tracked as CVE-2025-20352, resides in the Simple Network Management Protocol (SNMP) subsystem and carries a CVSS score of 7.7, marking it as a high-severity threat. Overview of…
-
Hackers exploit Cisco SNMP flaw to deploy rootkit on switches
Threat actors exploited a recently patched remote code execution vulnerability (CVE-2025-20352) in older, unprotected Cisco networking devices to deploy a Linux rootkit and gain persistent access. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-exploit-cisco-snmp-flaw-to-deploy-rootkit-on-switches/
-
Google Fixes Critical Chrome Bug Enabling Remote Code Execution
Google patches a Chrome Safe Browsing flaw (CVE-2025-11756) that lets attackers execute code remotely. Users urged to update immediately. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/chrome-critical-rce-cve-2025-11756/
-
Google Fixes Critical Chrome Bug Enabling Remote Code Execution
Google patches a Chrome Safe Browsing flaw (CVE-2025-11756) that lets attackers execute code remotely. Users urged to update immediately. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/chrome-critical-rce-cve-2025-11756/
-
Microsoft Patch Tuesday Oct 2025 Fixs 175 Vulnerabilities including 3 Zero-Days
Tags: exploit, flaw, microsoft, rce, remote-code-execution, update, vulnerability, windows, zero-dayOctober’s Microsoft Patch Tuesday fixes 170+ flaws, including 3 actively exploited zero-days and critical WSUS RCE (CVSS 9.8). Immediate patching is mandatory. Final free updates for Windows 10. First seen on hackread.com Jump to article: hackread.com/microsoft-patch-tuesday-oct-vulnerabilities-3-zero-days/
-
Kritischer Exploit für Remote-Code-Execution bedroht Redis-Instanzen
Der führende Anbieter für Cloud- und Containersicherheit Sysdig warnt vor einer neu entdeckten, kritischen Sicherheitslücke in Redis, dem weit verbreiteten Open-Source-In-Memory-Datenspeicher. Die Schwachstelle CVE-2025-49844, auch bekannt als ‘RediShell”, ermöglicht die Ausführung von Remote-Code (RCE) und wurde mit der höchsten CVSS-Risikobewertung von 10,0 eingestuft. 13 Jahre alte Schwachstelle ermöglicht vollständige Systemübernahme Die Lücke besteht seit rund…
-
Critical Veeam Backup RCE Flaws Allow Remote Execution of Malicious Code
Tags: backup, cyber, flaw, infrastructure, malicious, rce, remote-code-execution, update, veeam, vulnerabilityVeeam has released an urgent security patch to address multiple critical remote code execution (RCE) vulnerabilities in Veeam Backup & Replication version 12. These flaws could allow authenticated domain users to run malicious code on backup servers and infrastructure hosts. With attackers likely to reverse-engineer the patch, organizations must apply the update without delay to…
-
Hackers Target ICTBroadcast Servers via Cookie Exploit to Gain Remote Shell Access
Tags: access, cve, cybersecurity, exploit, flaw, hacker, remote-code-execution, software, vulnerabilityCybersecurity researchers have disclosed that a critical security flaw impacting ICTBroadcast, an autodialer software from ICT Innovations, has come under active exploitation in the wild.The vulnerability, assigned the CVE identifier CVE-2025-2611 (CVSS score: 9.3), relates to improper input validation that can result in unauthenticated remote code execution due to the fact that the call center…
-
Hackers Target ICTBroadcast Servers via Cookie Exploit to Gain Remote Shell Access
Tags: access, cve, cybersecurity, exploit, flaw, hacker, remote-code-execution, software, vulnerabilityCybersecurity researchers have disclosed that a critical security flaw impacting ICTBroadcast, an autodialer software from ICT Innovations, has come under active exploitation in the wild.The vulnerability, assigned the CVE identifier CVE-2025-2611 (CVSS score: 9.3), relates to improper input validation that can result in unauthenticated remote code execution due to the fact that the call center…
-
CVE-2025-61882: Imperva Customers Protected Against Critical Oracle EBS Zero-Day RCE
TL;DR: In early October 2025, Oracle released an emergency security alert addressing CVE-2025-61882, a high-severity unauthenticated remote code execution (RCE) vulnerability in the Concurrent Processing / BI Publisher Integration component of Oracle E-Business Suite (EBS) versions 12.2.3 through 12.2.14. Multiple threat actors (most prominently Cl0p and related groups) are already exploiting it in the wild……
-
Happy DOM Security Flaw (CVE-2025-61927) Enables VM Context Escape and Remote Code Execution
A critical security flaw has been identified in Happy DOM, a widely used JavaScript library primarily employed for server-side rendering and testing frameworks. The vulnerability, cataloged as CVE-2025-61927, allows attackers to escape the library’s virtual machine (VM) context, leading to potential remote code execution on vulnerable systems. This flaw threatens millions of applications that depend…
-
Ivanti Patches 13 Endpoint Manager Flaws Allowing Remote Code Execution
Tags: cyber, endpoint, exploit, flaw, injection, ivanti, mitigation, remote-code-execution, sql, vulnerabilityIvanti has disclosed 13 vulnerabilities in Ivanti Endpoint Manager (EPM), including two high-severity issues that could enable privilege escalation and remote code execution, and eleven medium-severity SQL injection flaws. While there is no evidence of in-the-wild exploitation, Ivanti urges customers to move to the latest supported release and apply recommended mitigations as patches are still…
-
Ivanti Patches 13 Endpoint Manager Flaws Allowing Remote Code Execution
Tags: cyber, endpoint, exploit, flaw, injection, ivanti, mitigation, remote-code-execution, sql, vulnerabilityIvanti has disclosed 13 vulnerabilities in Ivanti Endpoint Manager (EPM), including two high-severity issues that could enable privilege escalation and remote code execution, and eleven medium-severity SQL injection flaws. While there is no evidence of in-the-wild exploitation, Ivanti urges customers to move to the latest supported release and apply recommended mitigations as patches are still…
-
Happy DOM Flaw Allows Remote Code Execution Affecting 2.7 Million Users
A critical security vulnerability has been discovered in Happy DOM, a popular JavaScript library used for server-side rendering and testing frameworks. The flaw, tracked as CVE-2025-61927, enables attackers to escape the virtual machine context and execute arbitrary code on affected systems, potentially compromising millions of applications worldwide. Critical VM Context Escape Vulnerability Happy DOM versions 19…