Tag: remote-code-execution
-
Veeam Patches 7 Critical Backup & Replication Flaws Allowing Remote Code Execution
Veeam has released security updates to address multiple critical vulnerabilities in its Backup & Replication software that, if successfully exploited, could result in remote code execution.The vulnerabilities are as follows -CVE-2026-21666 (CVSS score: 9.9) – A vulnerability that allows an authenticated domain user to perform remote code execution on the Backup Server.CVE-2026-21667 ( First seen…
-
Veeam warns of critical flaws exposing backup servers to RCE attacks
Data protection company Veeam Software has patched multiple flaws in its Backup & Replication solution, including four critical remote code execution (RCE) vulnerabilities. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/veeam-warns-of-critical-flaws-exposing-backup-servers-to-rce-attacks/
-
CISA orders feds to patch n8n RCE flaw exploited in attacks
Tags: attack, cisa, cybersecurity, exploit, flaw, government, infrastructure, rce, remote-code-execution, updateThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered government agencies on Wednesday to patch their systems against an actively exploited n8n vulnerability. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-n8n-rce-flaw-exploited-in-attacks/
-
Critical n8n Flaws Allow Remote Code Execution and Exposure of Stored Credentials
Cybersecurity researchers have disclosed details of two now-patched security flaws in the n8n workflow automation platform, including two critical bugs that could result in arbitrary command execution.The vulnerabilities are listed below -CVE-2026-27577 (CVSS score: 9.4) – Expression sandbox escape leading to remote code execution (RCE)CVE-2026-27493 (CVSS score: 9.5) – Unauthenticated First seen on thehackernews.com Jump…
-
Critical Vulnerability in Microsoft Office Allows Malicious Code to Run Remotely
Tags: cve, cvss, cyber, flaw, malicious, microsoft, office, remote-code-execution, threat, vulnerabilityMicrosoft has disclosed a critical security flaw in its Microsoft Office suite, officially tracked as CVE-2026-26110. Released on March 10, 2026, this Remote Code Execution (RCE) vulnerability poses a significant threat to organizations and individuals relying on the widely used productivity software. With a base CVSS score of 8.4, the flaw demands immediate attention from…
-
Critical flaw in HPE Aruba CX switches lets attackers seize admin control without credentials
Tags: access, advisory, cisa, control, credentials, data, endpoint, exploit, firewall, flaw, infrastructure, kev, remote-code-execution, software, switch, update, vulnerabilityExposure spans campus to data center switching: The vulnerabilities affect AOS-CX software across four active version branches, spanning entry-level campus switches to data center-class hardware. Versions that reached the end of support before the advisory’s publication are also expected to be vulnerable, the advisory said. Organizations running AOS-CX 10.17.0001 and below, 10.16.1020 and below, 10.13.1160…
-
Microsoft Patches 84 Flaws in March Patch Tuesday, Including Two Public Zero-Days
Microsoft on Tuesday released patches for a set of 84 new security vulnerabilities affecting various software components, including two that have been listed as publicly known.Of these, eight are rated Critical, and 76 are rated Important in severity. Forty-six of the patched vulnerabilities relate to privilege escalation, followed by 18 remote code execution, 10 information…
-
Microsoft Patch Tuesday March 2026: Two Zero-Days and Critical RCE Bugs Fixed
The Microsoft Patch Tuesday March 2026 release introduces security updates addressing 79 vulnerabilities, including two publicly disclosed zero-day vulnerabilities and several high-risk issues tied to remote code execution. The monthly security rollout includes fixes across multiple Microsoft products such as SQL Server, .NET, Microsoft Office, SharePoint Server, and Azure services. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/microsoft-patch-tuesday-march-2026/
-
Microsoft patches zero-days in .NET and SQL Server
Zero-days in .NET and SQL Server, and a handful of critical RCE bugs, form the nucleus of Microsoft’s March Patch Tuesday update. First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366639784/Microsoft-patches-zero-days-in-NET-and-SQL-Server
-
Microsoft’s March 2026 Patch Tuesday Addresses 83 CVEs (CVE-2026-21262, CVE-2026-26127)
8Critical 75Important 0Moderate 0Low Microsoft addresses 83 CVEs including two vulnerabilities that were publicly disclosed prior to a patch being released. Microsoft patched 83 CVEs in its March 2026 Patch Tuesday release, with eight rated critical and 75 rated as important. Our counts omitted one CVE (CVE-2026-26030) assigned by GitHub. This month’s update includes patches…
-
SAP Releases Patches for Security Flaws Allowing Remote Code Execution
On March 10, 2026, SAP released its monthly Security Patch Day updates, addressing multiple vulnerabilities across its enterprise software products. Maintaining a structured patch management cycle aligned with this monthly schedule remains a foundational practice for enterprise SAP security. This month’s rollout includes 15 new security notes, with no updates to previously issued patches. Administrators…
-
Cisco Firewall Management Flaw Enables Remote Code Execution
Cisco disclosed a critical firewall management flaw that allows unauthenticated remote code execution. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/cisco-firewall-management-flaw-enables-remote-code-execution/
-
Zero-Click FreeScout Bug Enables Remote Code Execution
Ox Security warns that Mail2Shell could enable threat actors to hijack FreeScout systems without user interaction First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/zeroclick-freescout-bug-remote/
-
FreeScout vulnerability enables unauthenticated, zero-click RCE via email (CVE-2026-28289)
A newly discovered vulnerability (CVE-2026-28289) in the open-source help desk platform FreeScout could allow attackers to take over vulnerable servers by sending a specially … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/05/freescout-vulnerability-cve-2026-28289/
-
FreeScout vulnerability enables unauthenticated, zero-click RCE via email (CVE-2026-28289)
A newly discovered vulnerability (CVE-2026-28289) in the open-source help desk platform FreeScout could allow attackers to take over vulnerable servers by sending a specially … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/05/freescout-vulnerability-cve-2026-28289/
-
Cisco Secure Firewall Management Flaw Allows Remote Code Execution
Cisco recently disclosed a critical security vulnerability affecting its Secure Firewall Management Centre (FMC) software. This severe flaw carries a maximum severity score of 10.0 and allows unauthenticated, remote attackers to execute arbitrary code with root privileges. CVE ID CVSS Score Vulnerability Type CWE CVE-2026-20131 10.0 (Critical) Remote Code Execution CWE-502 The root cause of…
-
14 old software bugs that took way too long to squash
Tags: access, api, attack, authentication, automation, bug-bounty, communications, computer, control, credentials, cve, cvss, cyber, data, data-breach, dns, dos, encryption, exploit, flaw, hacker, Hardware, infosec, infrastructure, Internet, kaspersky, linux, malicious, malware, microsoft, mitigation, network, nist, open-source, password, programming, remote-code-execution, risk, service, software, stuxnet, supply-chain, technology, theft, threat, tool, update, usa, vulnerability, windows, zero-dayAge: 30 yearsDate introduced: 1995Date fixed: February 2026Researchers unearthed a legacy flaw in the widely used libpng open-source library that had existed since the technology was first released more than 30 years ago.The heap buffer overflow vulnerability (CVE-2026-25646) meant that applications using the flawed software would crash when presented with a maliciously constructed PNG raster…
-
14 old software bugs that took way too long to squash
Tags: access, api, attack, authentication, automation, bug-bounty, communications, computer, control, credentials, cve, cvss, cyber, data, data-breach, dns, dos, encryption, exploit, flaw, hacker, Hardware, infosec, infrastructure, Internet, kaspersky, linux, malicious, malware, microsoft, mitigation, network, nist, open-source, password, programming, remote-code-execution, risk, service, software, stuxnet, supply-chain, technology, theft, threat, tool, update, usa, vulnerability, windows, zero-dayAge: 30 yearsDate introduced: 1995Date fixed: February 2026Researchers unearthed a legacy flaw in the widely used libpng open-source library that had existed since the technology was first released more than 30 years ago.The heap buffer overflow vulnerability (CVE-2026-25646) meant that applications using the flawed software would crash when presented with a maliciously constructed PNG raster…
-
Mail2Shell zero-click attack lets hackers hijack FreeScout mail servers
A maximum severity vulnerability in the FreeScout helpdesk platform allows hackers to achieve remote code execution without any user interaction or authentication. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/mail2shell-zero-click-attack-lets-hackers-hijack-freescout-mail-servers/
-
MS-Agent Flaw Enables Remote Code Execution via AI Agents
A critical MS-Agent flaw could allow attackers to use prompt injection to execute system commands through AI agents. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/ms-agent-flaw-enables-remote-code-execution-via-ai-agents/
-
Microsoft’s February Security Update of High-Risk Vulnerability Notice for Multiple Products
Tags: cyber, microsoft, network, office, remote-code-execution, risk, update, vulnerability, windowsOverview On February 11, 2026, NSFOCUS CERT monitored Microsoft’s release of its February security update patches, addressing 59 security issues across widely used products such as Windows, Azure, Microsoft Office, and Visual Studio Code. These vulnerabilities include privilege escalation, remote code execution, and other high-risk vulnerabilities. In this monthly update, 5 vulnerabilities are rated as…The…
-
CISA flags VMware Aria Operations RCE flaw as exploited in attacks
Tags: attack, cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, rce, remote-code-execution, vmware, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a VMware Aria Operations vulnerability tracked as CVE-2026-22719 to its Known Exploited Vulnerabilities catalog, flagging the flaw as exploited in attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-flags-vmware-aria-operations-rce-flaw-as-exploited-in-attacks/
-
NDSS 2025 Be Careful Of What You Embed: Demystifying OLE Vulnerabilities
Tags: conference, cve, data, detection, exploit, Internet, malicious, microsoft, network, office, remote-code-execution, risk, tool, vulnerability, windowsSession 14C: Vulnerability Detection Authors, Creators & Presenters: Yunpeng Tian (Huazhong University of Science and Technology), Feng Dong (Huazhong University of Science and Technology), Haoyi Liu (Huazhong University of Science and Technology), Meng Xu (University of Waterloo), Zhiniang Peng (Huazhong University of Science and Technology; Sangfor Technologies Inc.), Zesen Ye (Sangfor Technologies Inc.), Shenghui Li…
-
Hackerbot-Claw Bot Exploits GitHub Actions CI/CD Flaw to Attack Microsoft and DataDog
Tags: ai, attack, automation, cyber, exploit, flaw, github, microsoft, open-source, remote-code-executionHackerbot-claw, an autonomous AI bot, has launched a week-long campaign abusing GitHub Actions misconfigurations to hit CI/CD pipelines at Microsoft, DataDog, and other major open-source projects, achieving remote code execution (RCE) and even full repo compromise in some cases. The attacks highlight how unsafe pull_request_target workflows and shell interpolation bugs can turn routine automation into…
-
Pixel Perfect Browser Extension Exploited for Stealth Script Injection and Security Header Stripping
A popular Chrome add-on, “QuickLens Search Screen with Google Lens,” has quietly morphed from a legitimate productivity tool into a full”‘fledged remote code-execution platform that abuses browser trust, security headers, and silent auto”‘updates. What began as a simple Google Lens wrapper ended in a covert C2″‘driven campaign capable of injecting arbitrary scripts into any […]…
-
Trend Micro Patches Critical Apex One RCE Flaws
Trend Micro has fixed critical Apex One flaws that could enable remote code execution. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/trend-micro-patches-critical-apex-one-rce-flaws/
-
Juniper issues emergency patch for critical PTX router RCE
Juniper released an emergency patch for Junos OS Evolved to fix CVE-2026-21902, a critical RCE flaw affecting PTX routers. Juniper Networks issued an out-of-band security update for Junos OS Evolved to address a critical remote code execution vulnerability, tracked as CVE-2026-21902 (CVSS score of 9.3), impacting PTX routers. The company urges customers to apply the…
-
Trend Micro fixes two critical flaws in Apex One
Trend Micro fixed two critical Apex One flaws enabling remote code execution on vulnerable Windows systems and urged immediate updates. Trend Micro has addressed two critical vulnerabilities in Apex One that could allow attackers to achieve remote code execution on affected Windows systems. The company released security updates and strongly urged customers to apply the…