rce

Exploit Code Publicly Released: Critical Firefox WebRTC Flaw Allows RCE (CVSS 9.8) Firefox built-in VPN Firefox VPN data limit, Firefox VPN countries, Mozilla VPN subscription Sanitizer API Firefox 148 Security Firefox WebRTC Vulnerability CVE-2025-14321 PoC Firefox VPN Feature, Browser-Only VPN Firefox Add-ons Rollback Firefox Encryption Firefox MKV support Firefox ESR, Windows 7

Firefox built-in VPN Firefox VPN data limit, Firefox VPN countries, Mozilla VPN subscription Sanitizer API Firefox 148 Security Firefox WebRTC Vulnerability CVE-2025-14321 PoC Firefox VPN Feature, Browser-Only VPN Firefox Add-ons Rollback Firefox Encryption Firefox MKV support Firefox ESR, Windows 7

Exploit Code Publicly Released: Critical Firefox WebRTC Flaw Allows RCE (CVSS 9.8)

Do Son January 27, 2026

A critical vulnerability in Mozilla Firefox has been found, with security researchers publicly releasing both the technical...

PoC Released for Critical Oracle E-Business Suite Flaw Exploited by Ransomware Oracle E-Business Suite RCE CVE-2025-61882 PoC

Oracle E-Business Suite RCE CVE-2025-61882 PoC

PoC Released for Critical Oracle E-Business Suite Flaw Exploited by Ransomware

Do Son January 26, 2026

Vietnamese security researcher MB VRED has publicly released the technical blueprints and proof-of-concept (PoC) exploit code for...

CVE-2025-67968 (CVSS 9.9): Critical Flaw in Real Estate Theme Exposes 30,000 Sites to Takeover RealHomes CRM Vulnerability CVE-2025-67968

RealHomes CRM Vulnerability CVE-2025-67968

CVE-2025-67968 (CVSS 9.9): Critical Flaw in Real Estate Theme Exposes 30,000 Sites to Takeover

Do Son January 26, 2026

A critical security vulnerability has been uncovered in the RealHomes CRM plugin, a core component of the...

Ghost in the Code: Critical RCE Found in Abandoned Python PLY Library (CVSS 9.8) Python Security Memory Safety PLY Vulnerability CVE-2025-56005 Python Software Foundation, NSF DEI CVE-2024-12254

Python Security Memory Safety PLY Vulnerability CVE-2025-56005 Python Software Foundation, NSF DEI CVE-2024-12254

Ghost in the Code: Critical RCE Found in Abandoned Python PLY Library (CVSS 9.8)

Do Son January 26, 2026

A critical vulnerability has been unearthed in PLY (Python Lex-Yacc), a legendary parsing library that has served...

CISA Alert: Critical VMware vCenter RCE (CVSS 9.8) Now Exploited in the Wild CISA KEV Catalog DarkSword Exploit Draytek Routers VMware vCenter RCE CVE-2024-37079

CISA KEV Catalog DarkSword Exploit Draytek Routers VMware vCenter RCE CVE-2024-37079

CISA Alert: Critical VMware vCenter RCE (CVSS 9.8) Now Exploited in the Wild

Do Son January 25, 2026

The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting Broadcom VMware vCenter Server...

“Enjoy Your Admin Access”: Critical SmarterMail RCE Exploited in the Wild

Cisco SD-WAN Vulnerability CVE-2026-20133 FortiGate Compromise Ivanti EPMM Zero-Day CVE-2026-1281 SmarterMail Vulnerability Storm-2603 WatchGuard Zero-Day, IKEv2 Out-of-Bounds Write Cisco Zero-Day, UAT-9686 Chinese APT FortiWeb RCE Exploitation CVE-2025-58034 VMware Zero-Day, Privilege Escalation Sitecore, remote code execution CVE-2025-53690 Windows CLFS, Privilege Escalation CVE-2024-47575 & CVE-2024-11120 CVE-2025-24983 vulnerability

“Enjoy Your Admin Access”: Critical SmarterMail RCE Exploited in the Wild

Do Son January 22, 2026

Just weeks after a major vulnerability rocked the SmarterMail ecosystem, security researchers have uncovered a new, critical...

7 Million Exposed: Critical CVSS 9.8 RCE Vulnerability Hits Laravel Reverb Laravel Reverb Vulnerability CVE-2026-23524

Laravel Reverb Vulnerability CVE-2026-23524

7 Million Exposed: Critical CVSS 9.8 RCE Vulnerability Hits Laravel Reverb

Do Son January 22, 2026

A critical vulnerability has been discovered in Laravel Reverb, a massively popular WebSocket package used by millions...

Under Attack: Critical Cisco RCE (CVE-2026-20045) Exploited in the Wild hackerbot-claw campaign Cisco RCE Exploit CVE-2026-20045 SonicWall VPN, Akira Ransomware Nobelium Apache Tomcat, Apache Camel

hackerbot-claw campaign Cisco RCE Exploit CVE-2026-20045 SonicWall VPN, Akira Ransomware Nobelium Apache Tomcat, Apache Camel

Under Attack: Critical Cisco RCE (CVE-2026-20045) Exploited in the Wild

Do Son January 22, 2026

Cisco has issued an urgent warning to network administrators worldwide: a critical remote code execution (RCE) vulnerability...

CVE-2026-1245: Code Injection Flaw Hits Node.js binary-parser WD Discovery Vulnerability CVE-2025-30248 binary-parser Vulnerability CVE-2026-1245 H3C RCE Vulnerability CVE-2025-60262 Telenium RCE, CVE-2025-10659 Fuel station security, ICS vulnerabilities FreePBX vulnerability CVE-2024-9478 & CVE-2024-9479 SysTrack Vulnerability, Privilege Escalation

WD Discovery Vulnerability CVE-2025-30248 binary-parser Vulnerability CVE-2026-1245 H3C RCE Vulnerability CVE-2025-60262 Telenium RCE, CVE-2025-10659 Fuel station security, ICS vulnerabilities FreePBX vulnerability CVE-2024-9478 & CVE-2024-9479 SysTrack Vulnerability, Privilege Escalation

CVE-2026-1245: Code Injection Flaw Hits Node.js binary-parser

Do Son January 22, 2026

Developers using the popular binary-parser library for Node.js are being urged to update their dependencies immediately following...

Critical Zoom Flaw (CVE-2026-22844): CVSS 9.9 Command Injection Exposes Hybrid Meetings Zoom Node Vulnerability CVE-2026-22844 CVE-2024-45421 & CVE-2024-45419 CVE-2025-27440

Zoom Node Vulnerability CVE-2026-22844 CVE-2024-45421 & CVE-2024-45419 CVE-2025-27440

Critical Zoom Flaw (CVE-2026-22844): CVSS 9.9 Command Injection Exposes Hybrid Meetings

Do Son January 21, 2026

A near-maximum severity vulnerability has been discovered in Zoom’s enterprise infrastructure, threatening to turn hybrid meeting setups...

Critical OpenCode Flaws Let Websites Hijack Your PC OpenCode Vulnerability CVE-2026-22813

OpenCode Vulnerability CVE-2026-22813

Critical OpenCode Flaws Let Websites Hijack Your PC

Do Son January 14, 2026

Two vulnerabilities were found in the open-source OpenCode agent that let attackers write malicious code directly onto...

One Request to Rule Them All: Critical Trendnet Flaw (CVE-2025-15471) Allows Total Takeover Trendnet TEW-713RE Vulnerability CVE-2025-15471

Trendnet TEW-713RE Vulnerability CVE-2025-15471

One Request to Rule Them All: Critical Trendnet Flaw (CVE-2025-15471) Allows Total Takeover

Do Son January 8, 2026

A critical pre-authentication command injection vulnerability has been uncovered in the Trendnet TEW-713RE Wi-Fi extender, allowing remote...

Veeam Patches Critical RCE Flaws in Latest Backup & Replication Release CVE-2024-29212 - CVE-2025-23082 Veeam Backup & Replication CVE-2025-59470

CVE-2024-29212 - CVE-2025-23082 Veeam Backup & Replication CVE-2025-59470

Veeam Patches Critical RCE Flaws in Latest Backup & Replication Release

Do Son January 7, 2026

Veeam has rolled out urgent security updates for its flagship Backup & Replication software, addressing a cluster...

n8n Sandbox Escape: How CVE-2025-68668 Turns Workflows into Weapons n8n Vulnerability CVE-2025-68668

n8n Vulnerability CVE-2025-68668

n8n Sandbox Escape: How CVE-2025-68668 Turns Workflows into Weapons

Do Son January 6, 2026

A critical vulnerability in the popular workflow automation platform n8n has been dissected in a new analysis...

Attacking from Within: How Adobe ColdFusion Admins Can Weaponize Remote Shares ColdFusion Archive (CAR), UNC Path Exploitation

ColdFusion Archive (CAR), UNC Path Exploitation

Attacking from Within: How Adobe ColdFusion Admins Can Weaponize Remote Shares

Do Son January 6, 2026

Adobe has issued critical updates for its ColdFusion platform after security researcher Brian Reilly uncovered a clever...

Researcher Details Stack Buffer Overflow Flaw in Net-SNMP snmptrapd with PoC Net-SNMP, CVE-2025-68615

Net-SNMP, CVE-2025-68615

Researcher Details Stack Buffer Overflow Flaw in Net-SNMP snmptrapd with PoC

Do Son January 6, 2026

A critical vulnerability in the widely used Net-SNMP suite has been uncovered, exposing a dangerous logic flaw...

CVE-2026-21440: New AdonisJS 9.2 Critical Flaw Allows Arbitrary File Writes and RCE AdonisJS RCE, CVE-2026-21440

AdonisJS RCE, CVE-2026-21440

CVE-2026-21440: New AdonisJS 9.2 Critical Flaw Allows Arbitrary File Writes and RCE

Do Son January 5, 2026

A critical security vulnerability has been discovered in AdonisJS, a popular full-stack Node.js web framework known for...

CVE-2025-66848: Critical Flaw in JD Cloud Routers Grants Hackers Root Access

shell-quote command injection AI-Driven Vulnerabilities Q1 2026 Cyber Threats vm2 Sandbox Escape Node.js RCE upKeeper Privilege Escalation CVE-2026-2449 Pharos Controls Vulnerability Root Access Exploit Cybersecurity Vulnerability Roundup CVSS 10.0 Flaws Shadow Archives CVE-2026-0866 MS-Agent Prompt Injection CVE-2026-2256 basic-ftp Path Traversal CVE-2026-27699 telnetd Root Vulnerability CVE-1999-0073 Regression USR-W610 Vulnerabilities End-of-Life IoT Security IceWarp Security Update IceWarp Vulnerabilities Airleader Master Vulnerability CVE-2026-1358 ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

CVE-2025-66848: Critical Flaw in JD Cloud Routers Grants Hackers Root Access

Do Son January 5, 2026

A security vulnerability has been uncovered in a popular line of NAS routers from JD Cloud, potentially...

Eaton UPS Software Flaws Expose Systems to High-Risk Code Execution

Everon OCPP Vulnerability CVE-2026-26288 ASUSTOR ADM Vulnerability CVE-2026-24936 PrismX MX100 Vulnerability Hard-Coded Credentials Advantech Vulnerability CVE-2025-52694 Eaton UPS Companion, CVE-2025-59887 ASUS Router, Authentication Bypass ASUSTOR DLL Hijacking, Privilege Escalation OpenShift AI, Privilege Escalation GoAnywhere vulnerability CVE-2025-10035 LangChainGo, template injection DeepDiff, class pollution ToolShell Sunshine, CSRF Vulnerability KACE SMA, Critical Vulnerabilities Oracle Zero-Days - PDQ Deploy vulnerability

Eaton UPS Software Flaws Expose Systems to High-Risk Code Execution

Do Son January 5, 2026

Power management giant Eaton dropped a critical security advisory on Christmas Eve, warning users of its UPS...

“RondoDoX” Strikes Back: Exposed Logs Reveal Massive 9-Month Campaign Targeting Next.js and IoT AccountDumpling Phishing Google AppSheet Abuse AI-Generated Malware PureRAT Campaign RondoDoX Botnet, Next.js React2Shell EchoGather, Paper Werewolf Salt Typhoon, Telecom Espionage BreachForums, Conor Fitzpatrick Ransomware Negotiation, DOJ Investigation MirrorFace group - Earth Kasha Emperor Dragonfly

AccountDumpling Phishing Google AppSheet Abuse AI-Generated Malware PureRAT Campaign RondoDoX Botnet, Next.js React2Shell EchoGather, Paper Werewolf Salt Typhoon, Telecom Espionage BreachForums, Conor Fitzpatrick Ransomware Negotiation, DOJ Investigation MirrorFace group - Earth Kasha Emperor Dragonfly

“RondoDoX” Strikes Back: Exposed Logs Reveal Massive 9-Month Campaign Targeting Next.js and IoT

Do Son December 31, 2025

The RondoDoX botnet has resurfaced with a potent new arsenal, shifting its sights from simple routers to...