rce Archives • Page 15 of 29 • Daily CyberSecurity

CISA Emergency Alert: Critical RCE Flaw (CVSS 10.0) Exposes AutomationDirect PLCs to Unauthenticated Takeover AutomationDirect Critical RCE, PLC Vulnerabilities

AutomationDirect Critical RCE, PLC Vulnerabilities

CISA Emergency Alert: Critical RCE Flaw (CVSS 10.0) Exposes AutomationDirect PLCs to Unauthenticated Takeover

Ddos October 26, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert warning of multiple high-severity vulnerabilities affecting...

CRITICAL ALERT: Windows Server WSUS Flaw Actively Exploited (CVE-2025-59287, CVSS 9.8) critical server patch Pygmy Goat malware - Fuji Electric Ransomware Attack

critical server patch Pygmy Goat malware - Fuji Electric Ransomware Attack

CRITICAL ALERT: Windows Server WSUS Flaw Actively Exploited (CVE-2025-59287, CVSS 9.8)

Ddos October 25, 2025

Microsoft has recently issued an emergency security update for enterprise Windows Server Update Services (WSUS) to address...

Critical WordPress RCE Flaws Resurface: Over 8.7 Million Attacks Exploit GutenKit & Hunk Companion WordPress RCE Plugins, Unauthenticated Install

WordPress RCE Plugins, Unauthenticated Install

Critical WordPress RCE Flaws Resurface: Over 8.7 Million Attacks Exploit GutenKit & Hunk Companion

Ddos October 25, 2025

The Wordfence Threat Intelligence team has issued a new warning about the resurgence of large-scale attacks exploiting...

Critical WSUS Flaw (CVE-2025-59287, CVSS 9.8) Allows Unauthenticated RCE via Unsafe Cookie Deserialization, PoC Available WSUS Deserialization RCE, CVE-2025-59287

WSUS Deserialization RCE, CVE-2025-59287

Critical WSUS Flaw (CVE-2025-59287, CVSS 9.8) Allows Unauthenticated RCE via Unsafe Cookie Deserialization, PoC Available

Ddos October 23, 2025

Security researcher Batuhan Er from HawkTrace has detailed a critical remote code execution (RCE) vulnerability in Microsoft...

Critical NeuVector RCE Flaw (CVE-2025-54469, CVSS 10.0) Allows Command Injection via Unsanitized Environment Variables NeuVector Critical RCE, Command Injection

NeuVector Critical RCE, Command Injection

Critical NeuVector RCE Flaw (CVE-2025-54469, CVSS 10.0) Allows Command Injection via Unsanitized Environment Variables

Ddos October 23, 2025

The SUSE Rancher Security team has issued a critical advisory addressing a command injection and buffer overflow...

Urgent Patch: Critical Lanscope Endpoint Manager RCE (CVE-2025-61932, CVSS 9.8) Under Active Exploitation Lanscope RCE, CVE-2025-61932

Urgent Patch: Critical Lanscope Endpoint Manager RCE (CVE-2025-61932, CVSS 9.8) Under Active Exploitation

Ddos October 21, 2025

JPCERT/CC and the developer MOTEX Inc. have issued an urgent advisory for a critical remote code execution...

Researcher Details Zero-Click RCE in Dolby Audio Decoder Affecting Android, iOS, and macOS Dolby Zero-Click RCE, Audio Decoder Overflow

Researcher Details Zero-Click RCE in Dolby Audio Decoder Affecting Android, iOS, and macOS

Ddos October 20, 2025

Researchers Ivan Fratric and Natalie Silvanovich from Google Project Zero have disclosed a critical 0-click vulnerability (CVE-2025-54957,...

Critical Keras 3 RCE Flaw (CVE-2025-49655, CVSS 9.8) Allows Code Execution on Model Load Keras RCE, Insecure Deserialization

Critical Keras 3 RCE Flaw (CVE-2025-49655, CVSS 9.8) Allows Code Execution on Model Load

Ddos October 20, 2025

Researchers at HiddenLayer have disclosed a critical arbitrary code execution vulnerability in the Keras 3 deep learning...

CISA Emergency Alert: Critical Adobe AEM Flaw (CVE-2025-54253, CVSS 10.0) Under Active Exploitation CVE-2021-1435 Adobe AEM RCE, CVE-2025-54253

CISA Emergency Alert: Critical Adobe AEM Flaw (CVE-2025-54253, CVSS 10.0) Under Active Exploitation

Ddos October 16, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Adobe Experience Manager (AEM) vulnerability to...

Critical Samba RCE Flaw CVE-2025-10230 (CVSS 10.0) Allows Unauthenticated Command Injection on AD DCs CVE-2023-0614 Samba RCE, CVE-2025-10230

Critical Samba RCE Flaw CVE-2025-10230 (CVSS 10.0) Allows Unauthenticated Command Injection on AD DCs

Ddos October 16, 2025

The Samba Team has released an urgent security advisory addressing two vulnerabilities, including a critical command injection...

Critical RCE Flaw CVE-2025-54539 in Apache ActiveMQ NMS AMQP Client Allows Server-Side Code Execution ActiveMQ RCE Jolokia Exploit ActiveMQ CVE-2025-27533 ActiveMQ Deserialization RCE, CVE-2025-54539

ActiveMQ RCE Jolokia Exploit ActiveMQ CVE-2025-27533 ActiveMQ Deserialization RCE, CVE-2025-54539

Critical RCE Flaw CVE-2025-54539 in Apache ActiveMQ NMS AMQP Client Allows Server-Side Code Execution

Ddos October 16, 2025

The Apache Software Foundation has issued a new security advisory addressing a critical vulnerability in Apache ActiveMQ’s...

Critical RCE Flaws CVE-2025-48983 & CVE-2025-48984 (CVSS 9.9) Found in Veeam Backup & Replication Veeam RCE Vulnerability CVE-2026-21669 Veeam RCE, CVE-2025-48983 CVE-2025-48984

Veeam RCE Vulnerability CVE-2026-21669 Veeam RCE, CVE-2025-48983 CVE-2025-48984

Critical RCE Flaws CVE-2025-48983 & CVE-2025-48984 (CVSS 9.9) Found in Veeam Backup & Replication

Ddos October 15, 2025

Veeam Software has released patches addressing three newly disclosed vulnerabilities, including two critical Remote Code Execution (RCE)...

Chrome Security Update Use After Free Chrome Security Update Critical Vulnerabilities Chrome Security Update CVE-2026-3062 Chrome Security Update V8 Engine Vulnerability Chrome Security Update CVE-2026-1862 CVE-2026-0628 Chrome 143 Update Chrome Safe Browsing UAF, CVE-2025-11756 Chrome Memory Flaws, CVE-2025-11460 Google Chrome, vulnerability CVE-2025-10200, CVE-2025-10201 Big Sleep CVE-2025-9478 Chrome Update, Security Vulnerabilities

Chrome Fix: New Use-After-Free Flaw (CVE-2025-11756) in Safe Browsing Component Poses High Risk

Ddos October 15, 2025

Google has released a new Stable Channel Update for Desktop, rolling out gradually to Windows, macOS, and...

October Patch Tuesday: Microsoft Fixes 6 Zero-Days, Including 4 Actively Exploited Flaws, as Windows 10 Reaches End-of-Life Patch Tuesday Zero-Days, Windows 10 Final Update

Patch Tuesday Zero-Days, Windows 10 Final Update

October Patch Tuesday: Microsoft Fixes 6 Zero-Days, Including 4 Actively Exploited Flaws, as Windows 10 Reaches End-of-Life

Ddos October 15, 2025

Microsoft’s October 2025 Patch Tuesday has arrived with one of the largest security updates of the year—193...

SAP Patches Critical 10.0 Flaw in NetWeaver: Unauthenticated RCE Risk SAP Security Patch Day CVE-2025-42944, CVE-2025-42937

SAP Patches Critical 10.0 Flaw in NetWeaver: Unauthenticated RCE Risk

Ddos October 14, 2025

SAP has released its October 2025 Security Patch Day, addressing 13 new security notes and 3 updates...

Microsoft Patches Edge IE Mode After Hackers Exploited Chakra Zero-Day for Device Takeover Microsoft Edge cleartext credentials memory dump Microsoft Edge auto-startup Microsoft Edge Collections sunset, export Edge Collections CSV Edge IE Mode Zero-Day, Chakra Exploit Windows Search, Microsoft Edge AI video translation, Edge browser Microsoft Editor, Edge Edge Developer tools Windows 10 ESU, Microsoft Edge Microsoft Edge, FCP Optimization CVE-2023-36735 Edge, AI Search

Microsoft Edge cleartext credentials memory dump Microsoft Edge auto-startup Microsoft Edge Collections sunset, export Edge Collections CSV Edge IE Mode Zero-Day, Chakra Exploit Windows Search, Microsoft Edge AI video translation, Edge browser Microsoft Editor, Edge Edge Developer tools Windows 10 ESU, Microsoft Edge Microsoft Edge, FCP Optimization CVE-2023-36735 Edge, AI Search

Microsoft Patches Edge IE Mode After Hackers Exploited Chakra Zero-Day for Device Takeover

Ddos October 14, 2025

After discovering that hackers were exploiting a zero-day vulnerability in the Chakra JavaScript engine used by Internet...

Critical Elastic Cloud Flaw: CVE-2025-37729 (CVSS 9.1) Allows RCE via Jinjava Template Injection ECE Jinjava Injection, CVE-2025-37729

Critical Elastic Cloud Flaw: CVE-2025-37729 (CVSS 9.1) Allows RCE via Jinjava Template Injection

Ddos October 14, 2025

Elastic has released urgent security updates for Elastic Cloud Enterprise (ECE) to patch a critical vulnerability (CVE-2025-37729)...

Cherry Studio RCE, Custom Protocol Exploit

Critical Cherry Studio Flaw CVE-2025-61929 (CVSS 9.7) Allows One-Click RCE via Custom URL Protocol

Ddos October 13, 2025

A critical security flaw has been discovered in Cherry Studio, a cross-platform desktop client that supports multiple...

Apple Ups Bounty to $5 Million for Zero-Click Spyware Exploits Bypassing Lockdown Mode Apple Bounty $5M, Zero-Click Exploit Zero-day, Apple security CVE-2025-43300

Apple Bounty $5M, Zero-Click Exploit Zero-day, Apple security CVE-2025-43300

Apple Ups Bounty to $5 Million for Zero-Click Spyware Exploits Bypassing Lockdown Mode

Ddos October 13, 2025

Apple has announced a major overhaul of its Security Bounty vulnerability reward program, set to take effect...

CVE-2025-61927 (CVSS 9.4): Critical RCE Flaw Discovered in Happy DOM, Over 2.7 Million Weekly Downloads Impacted

Ddos October 13, 2025

A critical-severity vulnerability has been disclosed in Happy DOM, a popular JavaScript package used to emulate web...