6 articles tagged with "Remote Code Execution"
CISA added CVE-2025-53521 to its KEV catalog after F5 reclassified the BIG-IP APM vulnerability from DoS to remote code execution. CVSS 9.8—federal deadline is March 30.
CVE-2026-33017 (CVSS 9.3) lets attackers execute arbitrary Python code on Langflow AI pipelines without authentication. Exploitation began before any PoC existed.
CISA added Microsoft SharePoint CVE-2026-20963 to the KEV catalog after confirming active exploitation. Federal agencies must patch by March 21.
CVE-2026-32746 in GNU InetUtils telnetd allows unauthenticated root RCE via buffer overflow. CVSS 9.8, no patch available, over 200K servers exposed.
CISA renews warnings about CVE-2025-47812, a CVSS 10.0 vulnerability in Wing FTP Server that grants attackers root/SYSTEM access. Over 8,000 servers remain exposed.
CVE-2025-20265 in Cisco Secure Firewall Management Center allows unauthenticated attackers to execute commands as root via RADIUS authentication. Patch immediately.