Remote Code Execution

Ivanti EPMM Zero-Days Exploited in Chained Remote Code Execution Attacks

CVE News

Ivanti EPMM Zero-Days Exploited in Chained Remote Code Execution Attacks

Ivanti has issued an urgent patch advisory for two zero-day vulnerabilities (CVE-2025-4427 and CVE-2025-4428) affecting its Endpoint...

Fortinet Patches Critical Zero-Day Exploit in FortiVoice Enterprise Systems

CVE News

Fortinet Patches Critical Zero-Day Exploit in FortiVoice Enterprise Systems

Fortinet has released urgent security updates to address a critical remote code execution (RCE) vulnerability actively exploited...

Exploiting Regex Filter Flaws for Remote Code Execution: Analysis and Mitigation

CVE News

Exploiting Regex Filter Flaws for Remote Code Execution: Analysis and Mitigation

A recent security disclosure highlights how a seemingly robust frontend regex filter in a username field was...

CISA Warns of Active Exploitation: Critical Langflow RCE Vulnerability (CVE-2025-3248)

CVE News

CISA Warns of Active Exploitation: Critical Langflow RCE Vulnerability (CVE-2025-3248)

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding an actively exploited remote...

Critical Commvault Path Traversal Vulnerability (CVE-2025-34028) Added to CISA KEV Catalog

CVE News

Critical Commvault Path Traversal Vulnerability (CVE-2025-34028) Added to CISA KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has escalated the urgency around a critical vulnerability in...

Apple AirPlay Zero-Click RCE Vulnerabilities: Technical Analysis and Mitigation

CVE News

Apple AirPlay Zero-Click RCE Vulnerabilities: Technical Analysis and Mitigation

A set of critical vulnerabilities in Apple’s AirPlay Protocol and AirPlay SDK, collectively dubbed “AirBorne,” exposes devices...

MSSQL Injection Attacks: Tactics, Case Studies, and Mitigation Strategies

Red-Team

MSSQL Injection Attacks: Tactics, Case Studies, and Mitigation Strategies

Recent reports highlight a surge in MSSQL injection attacks, with threat actors exploiting vulnerabilities to execute remote...

CVE-2025-45947: Critical RCE Vulnerability in PhpGurukul Online Banquet Booking System

CVE News

CVE-2025-45947: Critical RCE Vulnerability in PhpGurukul Online Banquet Booking System

A critical remote code execution (RCE) vulnerability has been identified in PhpGurukul’s Online Banquet Booking System (OBBS)...

GFI MailEssentials .NET Deserialization Vulnerability (CVE-2025-34491) Allows Remote Code Execution

CVE News

GFI MailEssentials .NET Deserialization Vulnerability (CVE-2025-34491) Allows Remote Code Execution

A critical vulnerability (CVE-2025-34491) in GFI MailEssentials enables authenticated attackers to execute arbitrary code through .NET deserialization...

Critical Server-Side Template Injection Vulnerability in IPW Systems Metazo (CVE-2025-46661)

CVE News

Critical Server-Side Template Injection Vulnerability in IPW Systems Metazo (CVE-2025-46661)

A critical vulnerability (CVE-2025-46661) has been identified in IPW Systems Metazo versions up to 8.1.3, allowing unauthenticated...

CVE-2015-2079: Critical Remote Code Execution Vulnerability in Usermin

CVE News

CVE-2015-2079: Critical Remote Code Execution Vulnerability in Usermin

A critical vulnerability (CVE-2015-2079) in Usermin, a web-based administration tool, allows authenticated attackers to execute arbitrary code...

Moodle EQUELLA Remote Code Execution Vulnerability (CVE-2025-3642): Analysis and Mitigation

CVE News

Moodle EQUELLA Remote Code Execution Vulnerability (CVE-2025-3642): Analysis and Mitigation

A high-severity remote code execution (RCE) vulnerability (CVE-2025-3642) has been identified in Moodle’s EQUELLA repository integration, posing...

Sophisticated WooCommerce Phishing Campaign Exploits Fake Security Alerts

Blue-Team

Sophisticated WooCommerce Phishing Campaign Exploits Fake Security Alerts

A widespread phishing campaign targeting WooCommerce store owners has been identified, leveraging fabricated security vulnerability alerts to...

Critical Zyxel USG FLEX-H Firewall Vulnerabilities Expose Networks to Pre-Auth RCE

CVE News

Critical Zyxel USG FLEX-H Firewall Vulnerabilities Expose Networks to Pre-Auth RCE

Security researcher Alessandro Sgreccia (aka “rainpwn”) has disclosed critical vulnerabilities in Zyxel’s USG FLEX-H firewall series, enabling...

Critical Commvault RCE Vulnerability (CVE-2025-34028) Exploited in the Wild

CVE News

Critical Commvault RCE Vulnerability (CVE-2025-34028) Exploited in the Wild

Organizations using Commvault’s backup and recovery software are under immediate threat due to an actively exploited pre-authenticated...

CarlinKit CPC200-CCPA Firmware Update Vulnerabilities Expose Devices to Remote Code Execution

CVE News

CarlinKit CPC200-CCPA Firmware Update Vulnerabilities Expose Devices to Remote Code Execution

A critical vulnerability (CVE-2025-2764) in CarlinKit CPC200-CCPA devices allows network-adjacent attackers to bypass cryptographic signature checks and...

Sonos Era 300 Vulnerability (CVE-2025-1049): Heap-Based Buffer Overflow Enables Remote Code Execution

CVE News

Sonos Era 300 Vulnerability (CVE-2025-1049): Heap-Based Buffer Overflow Enables Remote Code Execution

A critical vulnerability (CVE-2025-1049) affecting Sonos Era 300 speakers has been disclosed, allowing network-adjacent attackers to execute...

Critical Remote Code Execution Vulnerability in Dell EMC iDRAC7/iDRAC8 (CVE-2018-1207)

CVE News

Critical Remote Code Execution Vulnerability in Dell EMC iDRAC7/iDRAC8 (CVE-2018-1207)

A critical remote code execution vulnerability has been identified in Dell EMC’s Integrated Dell Remote Access Controller...

compop.ca 3.5.3 Arbitrary Code Execution Vulnerability (CVE-2024-48445)

CVE News

compop.ca 3.5.3 Arbitrary Code Execution Vulnerability (CVE-2024-48445)

A critical vulnerability in compop.ca version 3.5.3 has been disclosed, allowing arbitrary code execution due to an...

Critical RCE Vulnerability in ASUS ASMB8 iKVM Firmware (CVE-2023-26602)

CVE News

Critical RCE Vulnerability in ASUS ASMB8 iKVM Firmware (CVE-2023-26602)

A critical Remote Code Execution (RCE) vulnerability has been identified in ASUS ASMB8 iKVM firmware versions ≤1.14.51,...

Posts pagination

1 2 3 Next

Remote Code Execution

Ivanti EPMM Zero-Days Exploited in Chained Remote Code Execution Attacks

Fortinet Patches Critical Zero-Day Exploit in FortiVoice Enterprise Systems

Exploiting Regex Filter Flaws for Remote Code Execution: Analysis and Mitigation

CISA Warns of Active Exploitation: Critical Langflow RCE Vulnerability (CVE-2025-3248)

Critical Commvault Path Traversal Vulnerability (CVE-2025-34028) Added to CISA KEV Catalog

Apple AirPlay Zero-Click RCE Vulnerabilities: Technical Analysis and Mitigation

MSSQL Injection Attacks: Tactics, Case Studies, and Mitigation Strategies

CVE-2025-45947: Critical RCE Vulnerability in PhpGurukul Online Banquet Booking System

GFI MailEssentials .NET Deserialization Vulnerability (CVE-2025-34491) Allows Remote Code Execution

Critical Server-Side Template Injection Vulnerability in IPW Systems Metazo (CVE-2025-46661)

CVE-2015-2079: Critical Remote Code Execution Vulnerability in Usermin

Moodle EQUELLA Remote Code Execution Vulnerability (CVE-2025-3642): Analysis and Mitigation

Sophisticated WooCommerce Phishing Campaign Exploits Fake Security Alerts

Critical Zyxel USG FLEX-H Firewall Vulnerabilities Expose Networks to Pre-Auth RCE

Critical Commvault RCE Vulnerability (CVE-2025-34028) Exploited in the Wild

CarlinKit CPC200-CCPA Firmware Update Vulnerabilities Expose Devices to Remote Code Execution

Sonos Era 300 Vulnerability (CVE-2025-1049): Heap-Based Buffer Overflow Enables Remote Code Execution

Critical Remote Code Execution Vulnerability in Dell EMC iDRAC7/iDRAC8 (CVE-2018-1207)

compop.ca 3.5.3 Arbitrary Code Execution Vulnerability (CVE-2024-48445)

Critical RCE Vulnerability in ASUS ASMB8 iKVM Firmware (CVE-2023-26602)

You may have missed

Procolored Printer Drivers Distributed Malware for Six Months: Technical Analysis and Mitigation

Tor Oniux: Kernel-Level Network Anonymization for Linux Applications

Google Chrome’s Security Update: Blocking Admin-Level Launches in Windows

Australian Human Rights Commission Data Breach: Technical Analysis and Impact