Tag: remote-code-execution
-
Unpatched flaws turn Ollama’s auto-updater into a persistent RCE vector, researchers say
Researchers at Striga have disclosed two vulnerabilities (CVE-2026-42248, CVE-2026-42249) in Ollama’s Windows auto-updater that, when chained together, may allow an … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/05/ollama-windows-vulnerabilities-cve-2026-42248-cve-2026-42249/
-
Android Zero-Click RCE Vulnerability Enables Remote Shell Access
A patched Android RCE flaw allows nearby attackers to gain zero-click remote shell access. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/android-zero-click-rce-vulnerability-enables-remote-shell-access/
-
Critical Weaver E-cology RCE Exploit Raises Alarm for Enterprise Systems
Tags: automation, cve, cvss, cyber, exploit, flaw, office, rce, remote-code-execution, vulnerabilityA critical unauthenticated remote code execution vulnerability in Weaver (Fanwei) E-cology is being actively exploited in the wild, with real-world intrusion activity traced back to mid-March 2026, weeks before public awareness. Tracked as CVE-2026-22679 with a CVSS score of 9.8, this flaw exposes enterprise office automation systems to full OS-level compromise without requiring any authentication. Vulnerability Overview CVE-2026-22679…
-
MetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution Attacks
Tags: attack, cve, exploit, flaw, injection, open-source, remote-code-execution, threat, vulnerabilityThreat actors are actively exploiting a critical security flaw impacting an open-source content management system (CMS) known as MetInfo, according to new findings from VulnCheck.The vulnerability in question is CVE-2026-29014 (CVSS score: 9.8), a code injection flaw that could result in arbitrary code execution.”MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP code…
-
AI finds 20-year-old bugs in PostgreSQL and MariaDB
Tags: ai, breach, credentials, cve, exploit, flaw, github, injection, nist, rce, remote-code-execution, sql, vulnerabilityInadequate JSON parsing allowed RCE on the MariaDB server: In MariaDB, a buffer overflow bug, tracked as CVE-2026-32710, was found in the JSON_SCHEMA_VALID() function using Xint Code. The vulnerability allows an authenticated user to trigger a crash, which, under controlled conditions, could be escalated into remote code execution.Compared to the PostgreSQL flaws, exploitation here is…
-
Qualcomm Chipset Vulnerabilities Raise Alarm Over Remote Code Execution Risk
Tags: cyber, exploit, Internet, open-source, remote-code-execution, risk, software, threat, vulnerabilityQualcomm Technologies has released its May 2026 security bulletin, addressing a sweeping array of vulnerabilities across its proprietary and open-source software ecosystems. Threat actors could exploit these security gaps to compromise smartphones, automotive systems, and industrial Internet of Things devices without requiring user interaction. The semiconductor giant is strongly urging original equipment manufacturers to deploy…
-
Weaver E-cology RCE Flaw CVE-2026-22679 Actively Exploited via Debug API
A critical security vulnerability in Weaver (Fanwei) E-cology, an enterprise office automation (OA) and collaboration platform, has come under active exploitation in the wild.The vulnerability (CVE-2026-22679, CVSS score: 9.8) relates to a case of unauthenticated remote code execution affecting Weaver E-cology 10.0 versions prior to 20260312. The issue resides in the “/papi/esearch/data/devops/ First seen on…
-
Critical MajorDoMo RCE (CVE-2026-27174): Unauthenticated Remote Code Execution Analysis
First seen on resecurity.com Jump to article: www.resecurity.com/blog/article/critical-majordomo-rce-cve-2026-27174-unauthenticated-remote-code-execution-analysis
-
Apache HTTP Server Vulnerability Exposes Millions to Remote Code Execution Threats
Tags: apache, cve, cyber, flaw, malicious, remote-code-execution, software, threat, update, vulnerabilityThe Apache Software Foundation has released an urgent security update for the Apache HTTP Server to patch a severe vulnerability. Tracked as CVE-2026-23918, this flaw could allow attackers to execute malicious code remotely on affected web servers, putting millions of websites at risk. Understanding the Vulnerability The newly discovered security flaw is classified as a…
-
âš¡ Weekly Recap: AI-Powered Phishing, Android Spying Tool, Linux Exploit, GitHub RCE & More
This week, the shadows moved faster than the patches.While most teams were still triaging last month’s alerts, attackers had already turned control panels into kill switches, kernels into open doors, and open-source pipelines into silent delivery systems.The game has shifted from breach to occupation. They’re living inside SaaS sessions, pushing code with trusted commits, and…
-
How CISOs should utilize data security posture management to inform risk
Tags: access, ai, automation, business, ciso, compliance, control, cyber, data, detection, finance, iam, incident response, monitoring, open-source, remote-code-execution, risk, service, siem, software, tool, update, vulnerabilityApplying the principles at any maturity level: Whether you’re working with a full DSPM platform, a lightweight open-source scanner or even manual data inventories, CISOs can use this thinking to apply quantification (or at least an order of magnitude) to risk decisions. For example, you may have a written policy in place that a database…
-
FreeBSD Systems at Risk From DHCP Client RCE Vulnerability
The FreeBSD Project has issued a critical security advisory (FreeBSD-SA-26:12.dhclient) to address a severe Remote Code Execution (RCE) vulnerability in its default IPv4 DHCP client. Tracked as CVE-2026-42511, this flaw allows local network attackers to execute arbitrary code with root privileges. Discovered by Joshua Rogers of the AISLE Research Team, the vulnerability affects all supported…
-
Breach Roundup: US Cyber Command Flags Election Threats
Also, HexDex Arrest, Black Axe Crackdown, LeRobot RCE Flaw. This week, election threats resurfaced. A prolific hacker arrested. Black Axe network disrupted. China-linked disinformation targets Tibet. Exploited ScreenConnect and Windows flaws raise alarms. Minecraft gamers hit with stealer malware. A critical AI framework bug enables remote code execution. First seen on govinfosecurity.com Jump to article:…
-
Google’s fix for critical Gemini CLI bug might break your CI/CD pipelines
This CVSS 10.0 RCE vuln has been patched, automatically for some, so better check those workflows First seen on theregister.com Jump to article: www.theregister.com/2026/04/30/googles_fix_for_critical_gemini/
-
Max-severity RCE flaw found in Google Gemini CLI
The behavior is now fixed: Google has addressed the issue by removing implicit workspace trust in headless environments and enforcing stricter tool controls, effectively changing how Gemini CLI behaves in CI/CD pipelines.The patched versions (0.39.1 and 0.40.0-preview.3) now require explicit trust decisions before loading workspace configurations, aligning non-interactive execution with the same safeguards expected in…
-
PoC Disclosed for Critical Root ASUSTOR ADM RCE Flaw
A critical vulnerability, tracked as CVE-2026-6644, has been uncovered in ASUSTOR’s ADM (ASUSTOR Data Master) operating system. Specifically, the flaw exists within the PPTP VPN Client feature. Carrying a CVSS v4.0 score of 9.4, this OS command injection vulnerability allows an authenticated administrator to execute arbitrary commands with root privileges. ASUSTOR has since addressed the…
-
Qinglong Task Scheduler RCE Flaws Exploited in the Wild
Tags: authentication, cyber, exploit, flaw, hacker, malware, open-source, rce, remote-code-execution, vulnerabilityHackers are actively exploiting two severe authentication bypass vulnerabilities in Qinglong, a popular open-source task scheduling platform. These flaws allow attackers to execute arbitrary code and deploy resource-draining cryptomining malware on vulnerable servers. Qinglong is a self-hosted task management platform used by developers to automate background tasks using Python, JavaScript, Shell, and TypeScript scripts. With…
-
Google Fixes CVSS 10 Gemini CLI CI RCE and Cursor Flaws Enable Code Execution
Google has addressed a maximum severity security flaw in Gemini CLI — the “@google/gemini-cli” npm package and the “google-github-actions/run-gemini-cli” GitHub Actions workflow — that could have allowed attackers to execute arbitrary commands on host systems.”The vulnerability allowed an unprivileged external attacker to force their own malicious content to load as Gemini configuration,” First seen on…
-
ProFTPD SQL Injection Flaw Opens Door To Remote Code Execution Attacks
A newly disclosed flaw in ProFTPD is drawing urgent attention because it can let attackers move from a simple SQL injection bug to authentication bypass, privilege escalation, and in some environments even remote code execution. Tracked as CVE-2026-42167, the issue was found in ProFTPD’s mod_sql extension by ZeroPath Research, and MITRE assigned it a CVSS…
-
Hackers exploit RCE flaws in Qinglong task scheduler for cryptomining
Tags: authentication, exploit, flaw, hacker, open-source, rce, remote-code-execution, tool, vulnerabilityHackers are exploiting two authentication bypass vulnerabilities in the Qinglong open-source task scheduling tool to deploy cryptominers on developers’ servers. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-exploit-rce-flaws-in-qinglong-task-scheduler-for-cryptomining/
-
GitHub Flaw Enables Remote Code Execution With a Single Git Push
A GitHub flaw (CVE-2026-3854) enabled backend code execution via a single git push, risking exposure of repositories and secrets. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/github-flaw-enables-remote-code-execution-with-a-single-git-push/
-
GitHub Flaw Enables Remote Code Execution With a Single Git Push
A GitHub flaw (CVE-2026-3854) enabled backend code execution via a single git push, risking exposure of repositories and secrets. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/github-flaw-enables-remote-code-execution-with-a-single-git-push/
-
GitHub Flaw Enables Remote Code Execution With a Single Git Push
A GitHub flaw (CVE-2026-3854) enabled backend code execution via a single git push, risking exposure of repositories and secrets. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/github-flaw-enables-remote-code-execution-with-a-single-git-push/
-
AI Finds 38 Security Flaws in Electronic Health Record Platform
Flaws in OpenEMR’s platform, used by more than 100,000 healthcare providers, enabled database compromise, remote code execution, and data theft. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/ai-finds-38-security-flaws-openemr
-
88% of self-hosted GitHub servers exposed to RCE, researchers warn (CVE-2026-3854)
When researchers at Wiz reported an easily exploitable GitHub remote code execution flaw (CVE-2026-3854) on March 4, the company confirmed it within 40 minutes and pushed a … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/29/cve-2026-3854-github-rce-vulnerability/
-
GitHub fixes RCE flaw that gave access to millions of private repos
In early March, GitHub patched a critical remote code execution vulnerability (CVE-2026-3854) that could have allowed attackers to access millions of private repositories. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/github-fixes-rce-flaw-that-gave-access-to-millions-of-private-repos/
-
GitHub fixes RCE flaw that gave access to millions of private repos
In early March, GitHub patched a critical remote code execution vulnerability (CVE-2026-3854) that could have allowed attackers to access millions of private repositories. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/github-fixes-rce-flaw-that-gave-access-to-millions-of-private-repos/
-
GitHub fixes RCE flaw that gave access to millions of private repos
In early March, GitHub patched a critical remote code execution vulnerability (CVE-2026-3854) that could have allowed attackers to access millions of private repositories. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/github-fixes-rce-flaw-that-gave-access-to-millions-of-private-repos/