23 articles tagged with "Rce"
CVE-2025-40540 is a critical type confusion vulnerability in SolarWinds Serv-U with CVSS 9.1. Attackers with admin access can execute arbitrary code.
New n8n RCE flaw bypasses December patch through type confusion. CVSS 9.4 vulnerability enables unauthenticated command execution via malicious workflows.
CVE-2026-21643 allows unauthenticated attackers to chain SQL injection with command execution in FortiClient EMS. CVSS 9.8 affects version 7.4.4—upgrade to 7.4.5 immediately.
CVE-2026-1731 allows unauthenticated remote code execution on BeyondTrust Remote Support and Privileged Remote Access products. CVSS 9.9 vulnerability affects 11,000+ exposed instances.
CVE-2026-22778 chains a heap leak and buffer overflow in vLLM's video processing to achieve full RCE on AI inference servers. Patch to 0.14.1 now.
CVE-2026-25049 bypasses n8n's previous sandbox fix to enable system command execution. Four additional vulnerabilities disclosed simultaneously.
Tenable discloses 'LookOut' vulnerabilities in Google Looker enabling remote code execution and full database theft. Self-hosted deployments at 60,000+ organizations exposed.
CVE-2025-8110 allows authenticated attackers to achieve RCE on self-hosted Git servers via path traversal. Over 700 instances already compromised.
JFrog researchers develop working remote code execution exploit for CVE-2025-62507, a stack buffer overflow in Redis discovered by Google's AI security agent.
Deserialization bugs and authentication bypasses enable unauthenticated RCE. Attackers have targeted WHD vulnerabilities before.
CVE-2025-15467 allows attackers to crash or compromise systems by sending malicious CMS messages. All AI-discovered in OpenSSL's largest coordinated security release.
JFrog discloses CVE-2026-1470 and CVE-2026-0863 in workflow automation platform. Both vulnerabilities enable authenticated remote code execution.
CVE-2026-22844 allowed meeting participants to execute arbitrary code on Zoom's on-premises multimedia routers. No active exploitation reported yet.
CVE-2025-68668 bypasses Python code restrictions in workflow automation platform. CVSS 9.9 flaw affects versions 1.0.0 through 1.x.
CVE-2025-64155 in Fortinet's SIEM product enables unauthenticated command injection via phMonitor service. CVSS 9.4, patches now available.
Five critical vulnerabilities in the self-hosting platform allow authenticated users to execute arbitrary commands as root. Over 52,000 instances are exposed globally.
CVE-2026-21858 scores CVSS 10.0 and requires no credentials to exploit. Attackers can read files, forge admin sessions, and execute commands.
CVE-2026-0625 allows unauthenticated remote code execution on legacy DSL routers. Affected models reached end-of-life in 2020 and won't receive fixes.
CVE-2025-66398 lets unauthenticated attackers achieve code execution on boat navigation servers. CVSS 9.6 vulnerability affects all versions before 2.19.0.
Singapore's CSA warns of a critical SmarterMail vulnerability allowing remote code execution through file upload without authentication. Patch immediately.
CVE-2025-68613 in the workflow automation platform scores CVSS 9.9 with public PoC code now available. Patch to version 1.122.0 immediately.
CVE-2025-55182 exploitation escalates as Weaxor ransomware operators use critical React Server Components flaw for initial access across 60+ organizations.
CVE-2025-37164 allows unauthenticated remote code execution against HPE OneView infrastructure management platforms running versions prior to 11.00.