rce Archives • Page 14 of 30 • Daily CyberSecurity

D-Link DIR-878 Reaches EOL: 3 Unpatched RCE Flaws Allow Unauthenticated Remote Command Execution D-Link DIR-816, Critical Vulnerabilities D-Link EOL RCE, Unauthenticated Command Injection

D-Link DIR-816, Critical Vulnerabilities D-Link EOL RCE, Unauthenticated Command Injection

D-Link DIR-878 Reaches EOL: 3 Unpatched RCE Flaws Allow Unauthenticated Remote Command Execution

Do Son November 19, 2025

D-Link has issued a security advisory warning users of the DIR-878 router series that multiple newly disclosed...

Critical METZ CONNECT Flaws (CVSS 9.8) Allow Unauthenticated RCE and Admin Takeover on Industrial Controllers METZ CONNECT RCE, Unauthenticated Admin Takeover

METZ CONNECT RCE, Unauthenticated Admin Takeover

Critical METZ CONNECT Flaws (CVSS 9.8) Allow Unauthenticated RCE and Admin Takeover on Industrial Controllers

Do Son November 19, 2025

METZ CONNECT GmbH, in coordination with CERT@VDE, has issued an urgent security advisory warning of multiple critical...

Critical SolarWinds Serv-U Flaws (CVSS 9.1) Allow Authenticated Admin RCE and Path Bypass Serv-U RCE, Authenticated RCE CVE-2024-0692 Salesforce breach

Serv-U RCE, Authenticated RCE CVE-2024-0692 Salesforce breach

Critical SolarWinds Serv-U Flaws (CVSS 9.1) Allow Authenticated Admin RCE and Path Bypass

Do Son November 19, 2025

SolarWinds has released security updates addressing three critical vulnerabilities in Serv-U—its managed file transfer and FTP server...

Critical pgAdmin Flaws (CVE-2025-12762, CVSS 9.1) Allow Remote Code Execution via PostgreSQL Dump Files CVE-2023-5002 pgAdmin RCE, LDAP Injection

Critical pgAdmin Flaws (CVE-2025-12762, CVSS 9.1) Allow Remote Code Execution via PostgreSQL Dump Files

Do Son November 17, 2025

The pgAdmin development team has issued patches addressing four newly disclosed security vulnerabilities impacting pgAdmin versions up...

Critical IBM AIX RCE (CVE-2025-36250, CVSS 10.0) Flaw Exposes NIM Private Keys and Risks Directory Traversal IBM AIX RCE, NIM Private Key Leak

Critical IBM AIX RCE (CVE-2025-36250, CVSS 10.0) Flaw Exposes NIM Private Keys and Risks Directory Traversal

Do Son November 17, 2025

IBM has released a new security bulletin addressing multiple high-severity vulnerabilities affecting AIX 7.2, AIX 7.3, and...

Amazon Exposes Advanced APT Exploiting Cisco ISE (RCE) and Citrix Bleed Two as Simultaneous Zero-Days Cisco ISE Zero-Day, Citrix Bleed Two

Amazon Exposes Advanced APT Exploiting Cisco ISE (RCE) and Citrix Bleed Two as Simultaneous Zero-Days

Do Son November 14, 2025

The Amazon Threat Intelligence team has uncovered a highly sophisticated threat campaign exploiting multiple zero-day vulnerabilities in...

CVE-2025-11919: Wolfram Cloud Vulnerability Exposes Users to Privilege Escalation and Remote Code Execution Wolfram Cloud RCE, Multi-Tenant JVM

CVE-2025-11919: Wolfram Cloud Vulnerability Exposes Users to Privilege Escalation and Remote Code Execution

Do Son November 13, 2025

A newly disclosed vulnerability in Wolfram Cloud version 14.2 — tracked as CVE-2025-11919 — could allow attackers...

Open WebUI XSS Flaw (CVE-2025-64495) Risks Admin RCE via Malicious Prompts Open WebUI XSS RCE, Prompt Injection

Open WebUI XSS Flaw (CVE-2025-64495) Risks Admin RCE via Malicious Prompts

Do Son November 13, 2025

The developers behind Open WebUI, an open-source and self-hosted AI interface framework, have issued a security advisory...

CERT/CC Warns of Code Execution Flaws in Lite XL Text Editor (CVE-2025-12120, CVE-2025-12121) Lite XL RCE, Lua Autoloading

CERT/CC Warns of Code Execution Flaws in Lite XL Text Editor (CVE-2025-12120, CVE-2025-12121)

Do Son November 13, 2025

The CERT Coordination Center (CERT/CC) has issued a vulnerability note highlighting two severe security flaws in Lite...

Critical Apache OFBiz Flaw (CVE-2025-59118) Allows Remote Command Execution via Unrestricted File Upload Apache OFBiz RCE, Unrestricted File Upload CVE-2024-47208 and CVE-2024-48962

Critical Apache OFBiz Flaw (CVE-2025-59118) Allows Remote Command Execution via Unrestricted File Upload

Do Son November 12, 2025

The Apache Software Foundation (ASF) has released an important security update for Apache OFBiz, its open-source enterprise...

November Patch Tuesday: Microsoft Fixes 68 Flaws, Including Kernel Zero-Day Under Active Exploitation Windows Kernel Zero-Day, Patch Tuesday CVE-2022-34713 Patch Tuesday, Zero-day

Windows Kernel Zero-Day, Patch Tuesday CVE-2022-34713 Patch Tuesday, Zero-day

November Patch Tuesday: Microsoft Fixes 68 Flaws, Including Kernel Zero-Day Under Active Exploitation

Do Son November 12, 2025

Microsoft has released its November 2025 Patch Tuesday, addressing a total of 68 vulnerabilities, including a high-priority...

SAP November 2025 Patch Day Fixes 3 Critical Flaws (CVSS 10) — Including Code Injection and Insecure Key Management CVE-2024-33006 - CVE-2025-0064 SAP Critical Patch, RMI-P4 RCE

CVE-2024-33006 - CVE-2025-0064 SAP Critical Patch, RMI-P4 RCE

SAP November 2025 Patch Day Fixes 3 Critical Flaws (CVSS 10) — Including Code Injection and Insecure Key Management

Do Son November 11, 2025

Today, SAP released its latest batch of Security Patch Day updates, delivering 18 new security notes and...

Critical Synology BeeStation Zero-Day (CVE-2025-12686) Found at Pwn2Own Allows Remote Code Execution Synology Chat Server vulnerabilities Synology security update Synology DSM Update NAS Security Vulnerability Synology VPN Update SSL VPN Vulnerability Synology Telnet Flaw DSM Security Update Synology DSM Telnet vulnerability BeeStation Zero-Day, Pwn2Own RCE CVE-2024-11131 & CVE-2024-10442 CVE-2025-2848 Synology, NAS

Critical Synology BeeStation Zero-Day (CVE-2025-12686) Found at Pwn2Own Allows Remote Code Execution

Do Son November 11, 2025

Synology has released an urgent security update for its BeeStation OS, patching a zero-day vulnerability (CVE-2025-12686) that...

Critical Calibre Flaw (CVE-2025-64486, CVSS 9.3) Allows RCE via Malicious FB2 E-book Calibre Vulnerability CVE-2026-26065 Calibre RCE, FB2 File Flaw

Critical Calibre Flaw (CVE-2025-64486, CVSS 9.3) Allows RCE via Malicious FB2 E-book

Do Son November 11, 2025

A critical vulnerability in Calibre, the popular cross-platform e-book manager, allows arbitrary code execution when an attacker...

CVE-2025-64439: RCE Flaw Detected in LangGraph: Agent Orchestration Framework at Risk LangGraph RCE, Checkpoint Deserialization

CVE-2025-64439: RCE Flaw Detected in LangGraph: Agent Orchestration Framework at Risk

Do Son November 10, 2025

The LangGraph project, a powerful, low-level orchestration framework trusted by major tech companies for building stateful AI...

Critical Cisco CCX RCE Flaws (CVSS 9.8) Allow Unauthenticated Root Access via Java RMI and CCX Editor Cisco CCX RCE and Java RMI Flaw CVE-2024-20458 - CVE-2025-20111 Cisco Smart Licensing Utility Flaw

Cisco CCX RCE and Java RMI Flaw CVE-2024-20458 - CVE-2025-20111 Cisco Smart Licensing Utility Flaw

Critical Cisco CCX RCE Flaws (CVSS 9.8) Allow Unauthenticated Root Access via Java RMI and CCX Editor

Do Son November 6, 2025

Cisco has released urgent security updates to address two critical vulnerabilities in its Unified Contact Center Express...

CISA KEV Alert: Two Critical Flaws Under Active Exploitation, Including Gladinet LFI/RCE and CWP Admin Takeover n8n RCE Vulnerability CVE-2025-68613 CISA KEV WinRAR Zero-Day, Cloud Files UAF OpenPLC ScadaBR, CVE-2021-26829 CISA KEV, Gladinet LFI RCE XWiki RCE, VMware EoP CISA KEV CISA, Known Exploited Vulnerabilities CVE-2020-2883 CISA, Trend Micro

n8n RCE Vulnerability CVE-2025-68613 CISA KEV WinRAR Zero-Day, Cloud Files UAF OpenPLC ScadaBR, CVE-2021-26829 CISA KEV, Gladinet LFI RCE XWiki RCE, VMware EoP CISA KEV CISA, Known Exploited Vulnerabilities CVE-2020-2883 CISA, Trend Micro

CISA KEV Alert: Two Critical Flaws Under Active Exploitation, Including Gladinet LFI/RCE and CWP Admin Takeover

Do Son November 5, 2025

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two new vulnerabilities—CVE-2025-11371 in Gladinet CentreStack and...

Critical React Native CLI Flaw (CVE-2025-11953, CVSS 9.8) Allows Unauthenticated RCE via Exposed Metro Server React Native RCE, Metro Server Flaw

Critical React Native CLI Flaw (CVE-2025-11953, CVSS 9.8) Allows Unauthenticated RCE via Exposed Metro Server

Do Son November 5, 2025

A newly disclosed critical vulnerability (CVE-2025-11953, CVSS 9.8) in the React Native Community CLI exposes developers to...

Critical WooCommerce Plugin Flaw (CVE-2025-12493, CVSS 9.8) Allows Unauthenticated RCE, 100,000+ Sites Affect ShopLentor LFI RCE, WooCommerce Plugin Flaw

ShopLentor LFI RCE, WooCommerce Plugin Flaw

Critical WooCommerce Plugin Flaw (CVE-2025-12493, CVSS 9.8) Allows Unauthenticated RCE, 100,000+ Sites Affect

Do Son November 5, 2025

A critical-severity Local File Inclusion (LFI) flaw in the popular WordPress plugin ShopLentor – WooCommerce Builder for...

AI-Discovered Flaw: Redis Flaw (CVE-2025-62507) Allows Remote Code Execution via Stack Buffer Overflow Redis XACKDEL RCE, Google Big Sleep CVE-2023-41056 Redis licensing, AGPL Redis RCE, Lua Use-After-Free CVE-2025-49844

Redis XACKDEL RCE, Google Big Sleep CVE-2023-41056 Redis licensing, AGPL Redis RCE, Lua Use-After-Free CVE-2025-49844

AI-Discovered Flaw: Redis Flaw (CVE-2025-62507) Allows Remote Code Execution via Stack Buffer Overflow

Do Son November 4, 2025

Redis, the world’s leading in-memory data platform, has issued an urgent patch addressing a high-severity vulnerability (CVE-2025-62507,...