Tag: remote code execution
261 articles

KnowledgeDeliver LMS Flaw Exploited to Deploy Malware
A security flaw in the KnowledgeDeliver LMS, known as CVE-2026-5426, was exploited by a threat actor to inject malicious code and infect users visiting the site. This vulnerability was caused by a predictable secret in the system's web.config file, allowing attackers to execute remote code.

Mandiant Exposes KnowledgeDeliver Vulnerability via ViewState Deserialization
A critical vulnerability, CVE-2026-5426, was discovered in KnowledgeDeliver installations, allowing unauthenticated remote code execution across multiple customer sites due to identical ASP.NET machineKey values. This widespread flaw was caused by a standardized web.config with hardcoded keys, used across deployments, leaving sites vulnerable to attack.

Drupal Core SQL Injection Flaw Actively Exploited
Drupal has confirmed that exploit attempts for a critical SQL injection flaw, CVE-2026-9082, are being actively detected in the wild, posing a significant risk of privilege escalation and remote code execution. This vulnerability affects all supported Drupal Core versions and can lead to full site compromise if not addressed promptly.

Drupal Sites Targeted in SQL Injection Attacks
Drupal sites are under attack as SQL injection exploits are now being detected in the wild, taking advantage of a vulnerability that can be triggered without authentication. This critical flaw, CVE-2026-9082, allows attackers to execute arbitrary SQL and potentially run remote code, putting sites that use PostgreSQL at risk.

Ubiquiti Fixes Maximum-Severity UniFi OS Flaws
Ubiquiti has patched three critical vulnerabilities in UniFi OS that left nearly 100,000 Internet-exposed endpoints, including 50,000 in the US, open to remote attacks without requiring login credentials. The fixes address severe flaws that could allow unauthorized system changes, file access, and even command injection.

Cisco Exposes New Zero-Auth Vulnerability in Secure Workload Platform
Cisco has uncovered a critical zero-auth vulnerability in its Secure Workload platform, allowing attackers to access sensitive information and make configuration changes with alarming ease and admin-level privileges. This severe flaw, scoring a perfect 10.0 on the CVSS scale, demands immediate attention to prevent exploitation.

Drupal Flaw Exposes PostgreSQL Sites to Remote Code Execution Attacks
A vulnerability in Drupal Core's database abstraction API leaves PostgreSQL sites open to devastating SQL injection attacks, allowing hackers to send malicious requests and wreak havoc. This highly critical flaw, tracked as CVE-2026-9082, has been patched with urgent security updates.

SEPPMail Gateway Vulnerabilities Expose Remote Code Execution Risk
Critical vulnerabilities in SEPPMail's Secure E-Mail Gateway could allow hackers to read all mail traffic, gain entry into internal networks, and even execute remote code - putting your entire system at risk. These flaws could have devastating consequences, from data breaches to full-scale system compromise.

NGINX Flaw CVE-2026-42945 Actively Exploited, Threatens Worker Crashes and RCE
A newly discovered NGINX flaw, CVE-2026-42945, is being actively exploited, posing a significant threat of worker crashes and remote code execution (RCE) through specially crafted HTTP requests. This high-severity vulnerability, with a CVSS score of 9.2, has been lurking in NGINX versions since 2008, affecting NGINX Plus and NGINX Open.

NGINX Flaw Enables Unauthenticated Remote Code Execution
A critical 18-year-old vulnerability, known as NGINX Rift, has been discovered in NGINX Plus and NGINX Open Source, allowing unauthenticated attackers to remotely execute code with a single crafted HTTP request. This high-severity flaw, rated 9.2 on the CVSS v4 scale, poses a significant threat to vulnerable servers.

Exim Flaw Exposes Servers to Remote Code Execution
A critical flaw in Exim, tracked as CVE-2026-45185, leaves servers vulnerable to remote code execution if they're running specific builds, but thankfully, a remediation was published in Exim version 4.99.3. This vulnerability is triggered during TLS shutdown while handling certain SMTP traffic, allowing attackers to exploit it.

Microsoft Patch Tuesday Disrupts 120 Vulnerabilities with AI-Driven Insights
Microsoft's May Patch Tuesday update tackles a whopping 120 vulnerabilities, including 17 critical flaws that could leave your systems exposed to remote code execution, elevation of privilege, and information disclosure attacks. Prioritize patching now to safeguard your domain controllers and prevent potentially disastrous breaches.

AI-Powered Bug Hunts Disrupt Software Giants' Patch Cycles
Microsoft just dropped a massive batch of software updates to fix 118 security vulnerabilities, including 16 critical flaws that could let hackers take control of your system. For the first time in nearly two years, none of these patches are for emergency zero-day flaws that were already being exploited.

Fortinet Disrupts Critical RCE Flaws in FortiSandbox, FortiAuthenticator
Fortinet has patched a critical remote code execution vulnerability in its FortiAuthenticator and FortiSandbox products, which could have allowed unauthenticated attackers to run unauthorized code or commands. The company has released fixed builds to address the flaw, tracked as CVE-2026-44277, and urges users to update to versions 6.5.7, 6.6.9, or 8.0.3 to stay secure.

xrdp Vulnerability Exposes Remote Code Execution Risk
A critical vulnerability, CVE-2025-68670, was discovered in the xrdp remote desktop server, allowing for remote code execution - a flaw that was thankfully patched in January 2026. This security risk was found during a routine audit, highlighting the importance of regular security checks to protect against potential threats.

Ivanti Discloses Actively Exploited Zero-Day in Endpoint Manager
Ivanti has confirmed that hackers are actively exploiting a zero-day vulnerability, CVE-2026-6973, in its Endpoint Manager Mobile (EPMM) software, allowing them to run code remotely with administrative privileges. The company has issued patches for this and four other EPMM flaws to protect its customers.

Anthropic's AI Tool Exposes to One-Click Remote Code Execution Risk
A single click on Claude Code's generic dialog can unleash a major security risk, allowing an unsandboxed Node.js process to spawn with full user privileges. This vulnerability can be exploited using just two common JSON files, putting developers at risk of one-click remote code execution.

Ivanti EPMM Flaw Exploited, Grants Admin-Level Access
A critical flaw in Ivanti's Endpoint Manager Mobile (EPMM) has been exploited, allowing attackers to gain admin-level access - and the government is taking swift action to mitigate the threat. Federal agencies are now required to remediate the vulnerability, known as CVE-2026-6973, by May 10, 2026.

Bitcoin Core Exposes High-Severity Memory Safety Flaw
Bitcoin Core developers have disclosed a high-severity vulnerability, tracked as CVE-2024-52911, which is the project's first known memory safety flaw that could potentially allow remote code execution. This rare but critical bug was fixed months ago and affects Bitcoin Core releases from 2017 to early 2025.

Ivanti Discloses High-Severity EPMM Flaw Exploited in Zero-Day Attacks
Ivanti has disclosed a high-severity flaw in its Endpoint Manager Mobile (EPMM) product, which has been exploited in limited zero-day attacks requiring admin authentication. To protect against this vulnerability, customers are advised to patch to Ivanti EPMM versions 12.6.1.1, 12.7.0.1, or 12.8.0.1.

Palo Alto Networks Discloses Active Exploitation of PAN-OS Flaw Enabling Espionage
Palo Alto Networks has uncovered active exploitation of a high-severity flaw in PAN-OS software, allowing attackers to execute arbitrary code with root privileges and inject shellcode into vulnerable systems. This critical vulnerability, tracked as CVE-2026-0300, enables unauthenticated remote code execution, putting affected appliances at risk of espionage.

State-sponsored hackers exploit Palo Alto Networks firewall zero-day
Palo Alto Networks has issued a warning about a critical zero-day vulnerability, CVE-2026-0300, that allows state-sponsored hackers to exploit its firewalls and execute arbitrary code with root privileges. The company is tracking limited exploitation attempts, linked to a cluster of likely state-sponsored threat activity.

Palo Alto Networks Discloses Zero-Day Flaw in PAN-OS Software
Palo Alto Networks has issued a warning about a zero-day flaw in its PAN-OS software, tracked as CVE-2026-0300, which allows unauthenticated remote code execution with root privileges. This buffer overflow vulnerability in the User-ID Authentication Portal poses a high risk to PA-Series and VM-Series firewalls.

Palo Alto Networks Zero-Day Exploited in Wild, Firm Warns
Palo Alto Networks has warned of a critical zero-day vulnerability, CVE-2026-0300, being exploited in the wild, allowing unauthenticated attackers to execute code with root privileges on certain firewalls. This flaw affects a limited number of customers with exposed User-ID Authentication Portals.