11 articles tagged with "Remote Code Execution"
CVE-2026-45185 is a use-after-free in Exim affecting GnuTLS builds with BDAT support. Unauthenticated attackers can achieve remote code execution via crafted SMTP traffic.
IBM discloses CVE-2026-8644, CVE-2026-9311, and CVE-2026-9319 affecting WebSphere 8.5 and 9.0. Attackers can chain identity spoofing with RCE for full server compromise.
SAP's May 2026 security update addresses 15 vulnerabilities, including CVE-2026-34260 SQL injection in S/4HANA and CVE-2026-34263 unauthenticated RCE in Commerce Cloud.
CVE-2026-3854 allowed authenticated attackers to execute code on GitHub servers via a single git push. 88% of Enterprise Server instances remain unpatched.
Security researcher Valentin Lobstein discovers CVSS 9.8 pickle deserialization vulnerabilities in LeRobot, ktransformers, and LightLLM. ML frameworks using pickle for network serialization create widespread attack surface.
CISA added CVE-2025-53521 to its KEV catalog after F5 reclassified the BIG-IP APM vulnerability from DoS to remote code execution. CVSS 9.8—federal deadline is March 30.
CVE-2026-33017 (CVSS 9.3) lets attackers execute arbitrary Python code on Langflow AI pipelines without authentication. Exploitation began before any PoC existed.
CISA added Microsoft SharePoint CVE-2026-20963 to the KEV catalog after confirming active exploitation. Federal agencies must patch by March 21.
CVE-2026-32746 in GNU InetUtils telnetd allows unauthenticated root RCE via buffer overflow. CVSS 9.8, no patch available, over 200K servers exposed.
CISA renews warnings about CVE-2025-47812, a CVSS 10.0 vulnerability in Wing FTP Server that grants attackers root/SYSTEM access. Over 8,000 servers remain exposed.
CVE-2025-20265 in Cisco Secure Firewall Management Center allows unauthenticated attackers to execute commands as root via RADIUS authentication. Patch immediately.