Flaws in a popular dev library could let hackers run malicious code in your MongoDB databaseTwo critical vulnerabilities in Mongoose could expose MongoDB databases to remote code execution attacks by hackers.
Researchers Uncover 46 Critical Flaws in Solar Inverters From Sungrow, Growatt, and SMA46 new security flaws discovered in solar inverter products pose risks to electrical grids.
Critical Ingress NGINX Controller Vulnerability Allows RCE Without AuthenticationCritical vulnerabilities in Ingress NGINX Controller expose 6,500 Kubernetes clusters to remote code execution risks.
Zero Day Initiative - CVE-2024-38213: Copy2Pwn Exploit Evades Windows Web ProtectionsCVE-2024-38213 allows bypassing Windows mark-of-the-web protections leading to remote code execution via WebDAV shares.
Microsoft offers updates on 117 vulnerabilities on Patch TuesdayMicrosoft released updates addressing 117 vulnerabilities, including two actively exploited threats that pose significant risks to users.
Researchers Uncover 10 Flaws in Google's File Transfer Tool Quick ShareAs many as 10 security flaws were discovered in Google's Quick Share utility, leading to a potential remote code execution threat on systems with the software.
Flaws in a popular dev library could let hackers run malicious code in your MongoDB databaseTwo critical vulnerabilities in Mongoose could expose MongoDB databases to remote code execution attacks by hackers.
Researchers Uncover 46 Critical Flaws in Solar Inverters From Sungrow, Growatt, and SMA46 new security flaws discovered in solar inverter products pose risks to electrical grids.
Critical Ingress NGINX Controller Vulnerability Allows RCE Without AuthenticationCritical vulnerabilities in Ingress NGINX Controller expose 6,500 Kubernetes clusters to remote code execution risks.
Zero Day Initiative - CVE-2024-38213: Copy2Pwn Exploit Evades Windows Web ProtectionsCVE-2024-38213 allows bypassing Windows mark-of-the-web protections leading to remote code execution via WebDAV shares.
Microsoft offers updates on 117 vulnerabilities on Patch TuesdayMicrosoft released updates addressing 117 vulnerabilities, including two actively exploited threats that pose significant risks to users.
Researchers Uncover 10 Flaws in Google's File Transfer Tool Quick ShareAs many as 10 security flaws were discovered in Google's Quick Share utility, leading to a potential remote code execution threat on systems with the software.
MITRE Caldera security tool gets perfect 10 in insecurityUsers of MITRE's Caldera must immediately update to the latest version to protect against a critical remote code execution vulnerability.
Stealthy Apache Tomcat Critical Exploit Bypasses Security FiltersApache Tomcat is vulnerable to remote code execution attacks due to a recently disclosed vulnerability, CVE-2025-24813.
Apache Tomcat Vulnerability Actively Exploited Just 30 Hours After Public DisclosureA critical vulnerability in Apache Tomcat enables remote code execution and information disclosure, with active exploitation noted shortly after its disclosure.
Thousands of PAN-OS devices compromised by critical exploitsPalo Alto Networks firewalls were compromised due to two security bugs, allowing attackers to deploy backdoors and malware.
NachoVPN Tool Exploits Flaws in Popular VPN Clients for System CompromiseFlaws in Palo Alto Networks and SonicWall VPNs could allow remote code execution on Windows and macOS, exposing users to significant security risks.
700K+ DrayTek routers are sitting ducks on the internetA critical vulnerability in DrayTek routers could allow remote-code execution, risking sensitive data and system integrity.
MITRE Caldera security tool gets perfect 10 in insecurityUsers of MITRE's Caldera must immediately update to the latest version to protect against a critical remote code execution vulnerability.
Stealthy Apache Tomcat Critical Exploit Bypasses Security FiltersApache Tomcat is vulnerable to remote code execution attacks due to a recently disclosed vulnerability, CVE-2025-24813.
Apache Tomcat Vulnerability Actively Exploited Just 30 Hours After Public DisclosureA critical vulnerability in Apache Tomcat enables remote code execution and information disclosure, with active exploitation noted shortly after its disclosure.
Thousands of PAN-OS devices compromised by critical exploitsPalo Alto Networks firewalls were compromised due to two security bugs, allowing attackers to deploy backdoors and malware.
NachoVPN Tool Exploits Flaws in Popular VPN Clients for System CompromiseFlaws in Palo Alto Networks and SonicWall VPNs could allow remote code execution on Windows and macOS, exposing users to significant security risks.
700K+ DrayTek routers are sitting ducks on the internetA critical vulnerability in DrayTek routers could allow remote-code execution, risking sensitive data and system integrity.
MITRE Caldera security advisory warns of maximum severity flawA critical Remote Code Execution vulnerability (CVE-2025-27364) has been identified in MITRE Caldera's dynamic compilation functionality.
Printing vulnerability affecting Linux distros raises alarm | Computer WeeklyThe newly discovered vulnerabilities in Cups pose a significant security risk to numerous devices, potentially exposing them to remote code execution.
Critical Flaws in Traccar GPS System Expose Users to Remote AttacksTraccar GPS system has critical vulnerabilities allowing remote code execution via path traversal if guest registration is enabled, posing serious security risks.
Your Netgear Wi-Fi router could be wide open to hackers - install the fix nowNetgear has patched critical security vulnerabilities in several Wi-Fi routers and access points, urging timely updates for user safety.
MediaTek says 'Happy New Year' with critical RCE, other bugsMediaTek disclosed a critical vulnerability affecting 51 chipsets, posing severe security risks to multiple device categories.
Printing vulnerability affecting Linux distros raises alarm | Computer WeeklyThe newly discovered vulnerabilities in Cups pose a significant security risk to numerous devices, potentially exposing them to remote code execution.
Critical Flaws in Traccar GPS System Expose Users to Remote AttacksTraccar GPS system has critical vulnerabilities allowing remote code execution via path traversal if guest registration is enabled, posing serious security risks.
Your Netgear Wi-Fi router could be wide open to hackers - install the fix nowNetgear has patched critical security vulnerabilities in several Wi-Fi routers and access points, urging timely updates for user safety.
MediaTek says 'Happy New Year' with critical RCE, other bugsMediaTek disclosed a critical vulnerability affecting 51 chipsets, posing severe security risks to multiple device categories.
Critical Apache Struts bug under active exploitCritical security flaw in Apache Struts 2 allows file upload manipulation, posing severe risks of remote code execution; immediate updates are essential.
Doomsday 9.9 unauthenticated RCE bug affects all LinuxA critical 9.9-rated unauthenticated RCE flaw is affecting GNU/Linux systems, with no fix yet despite disclosure to developers three weeks ago.
Critical RCE Flaw in GFI KerioControl Allows Remote Code Execution via CRLF InjectionGFI KerioControl firewalls have a vulnerability (CVE-2024-52875) allowing remote code execution due to improper input sanitization, posing significant security risks.
Meta's Llama Framework Flaw Exposes AI Systems to Remote Code Execution RisksA high-severity vulnerability in Meta's Llama framework could allow remote code execution via deserialization of untrusted data.
Apache MINA CVE-2024-52046: CVSS 10.0 Flaw Enables RCE via Unsafe SerializationApache MINA's CVE-2024-52046 vulnerability could lead to remote code execution, necessitating urgent updates and careful configuration to mitigate risks.
D-Link says replace vulnerable routers or risk pwnageUsers of older D-Link VPN routers should replace their devices to avoid critical security vulnerabilities.The vulnerability allows for remote code execution without authentication, raising significant security concerns.
Critical Apache Struts bug under active exploitCritical security flaw in Apache Struts 2 allows file upload manipulation, posing severe risks of remote code execution; immediate updates are essential.
Doomsday 9.9 unauthenticated RCE bug affects all LinuxA critical 9.9-rated unauthenticated RCE flaw is affecting GNU/Linux systems, with no fix yet despite disclosure to developers three weeks ago.
Critical RCE Flaw in GFI KerioControl Allows Remote Code Execution via CRLF InjectionGFI KerioControl firewalls have a vulnerability (CVE-2024-52875) allowing remote code execution due to improper input sanitization, posing significant security risks.
Meta's Llama Framework Flaw Exposes AI Systems to Remote Code Execution RisksA high-severity vulnerability in Meta's Llama framework could allow remote code execution via deserialization of untrusted data.
Apache MINA CVE-2024-52046: CVSS 10.0 Flaw Enables RCE via Unsafe SerializationApache MINA's CVE-2024-52046 vulnerability could lead to remote code execution, necessitating urgent updates and careful configuration to mitigate risks.
D-Link says replace vulnerable routers or risk pwnageUsers of older D-Link VPN routers should replace their devices to avoid critical security vulnerabilities.The vulnerability allows for remote code execution without authentication, raising significant security concerns.
Apache issues patches for critical Struts 2 RCE bugThe Apache Struts 2 vulnerability (CVE-2024-53677) has a severity rating of 9.5 and poses a serious security risk, necessitating immediate action for users.
Zero Day Initiative - Exploiting Exchange PowerShell After ProxyNotShell: Part 3 - DLL Loading Chain for RCEThe article explains a chain of vulnerabilities in Microsoft Exchange that lead to remote code execution.
September Patch Tuesday: Update before 1 October | Computer WeeklyMicrosoft has issued critical fixes for multiple remote code vulnerabilities in its September 2024 update, indicating urgency for users to patch their systems.
PoCcode released for zero-click Windows critical vulnWindows users must install the latest patches swiftly to protect against CVE-2024-38063, a critical vulnerability that allows remote code execution.
New Flaws in Sonos Smart Speakers Allow Hackers to Eavesdrop on UsersSonos smart speakers have vulnerabilities that could allow remote code execution and covert audio capture by hackers.
AWS 'Bucket Monopoly' attacks could allow account takeoverCritical flaws in AWS services allowed remote code execution and account takeover, fixed by AWS after Aqua Security's research.