rce Archives • Page 16 of 29 • Daily CyberSecurity

Two 7-Zip Flaws Allow Code Execution via Malicious ZIP Files (CVE-2025-11001 & CVE-2025-11002) 7-Zip RCE, ZIP Directory Traversal

Two 7-Zip Flaws Allow Code Execution via Malicious ZIP Files (CVE-2025-11001 & CVE-2025-11002)

Ddos October 11, 2025

The Zero Day Initiative (ZDI) has published details of two critical vulnerabilities in the popular open-source compression...

Weaver E-cology RCE CVE-2026-22679 CVE-2026-20127 Cisco SD-WAN Exploitation AI-Driven Cyberattack ARXON Malware React Server Components Vulnerability CVE-2025-55182 FortiWeb Auth Bypass, Unauthenticated Admin Takeover RayInitiator Bootkit, LINE VIPER CVE-2025-59689 Department of the Treasury cybersecurity - CVE-2025-0108 PoC CVE-2025-31103 Dior Data Breach SK Telecom data breach, long-term intrusion

CL0P Extortion: Google/Mandiant Expose Zero-Day RCE in Oracle E-Business Suite (CVE-2025-61882)

Ddos October 10, 2025

Google Threat Intelligence Group (GTIG) and Mandiant have jointly disclosed an extensive data theft and extortion campaign...

Exploited Zero-Day: Gladinet/Triofox Flaw CVE-2025-11371 Allows RCE via LFI PAN-OS Root RCE CL-STA-1132 Exploitation Tianxin RCE CVE-2021-4473 React Native Supply Chain Attack AstrOOnauta Malware Gladinet Zero-Day, LFI RCE Chain WordPress Theme, Account Takeover CVE-2024-50623 - European Space Agency cyberattack

PAN-OS Root RCE CL-STA-1132 Exploitation Tianxin RCE CVE-2021-4473 React Native Supply Chain Attack AstrOOnauta Malware Gladinet Zero-Day, LFI RCE Chain WordPress Theme, Account Takeover CVE-2024-50623 - European Space Agency cyberattack

Exploited Zero-Day: Gladinet/Triofox Flaw CVE-2025-11371 Allows RCE via LFI

Ddos October 10, 2025

Huntress has sounded the alarm over active exploitation of a newly discovered Local File Inclusion (LFI) vulnerability...

NVIDIA GPU Driver Patches Multiple High-Severity Flaws Risking RCE and Privilege Escalation NemoClaw Prompt Injection AI Sandbox Security NVIDIA Physical AI CES 2026, Jetson T4000 robotics hardware NVIDIA AI Security, Isaac Lab RCE NVIDIA Driver RCE, CVE-2025-23309 NVIDIA Triton, AI Server Vulnerabilities CVE-2023-31029 & CVE-2023-31024 - CVE‑2024-0112

NemoClaw Prompt Injection AI Sandbox Security NVIDIA Physical AI CES 2026, Jetson T4000 robotics hardware NVIDIA AI Security, Isaac Lab RCE NVIDIA Driver RCE, CVE-2025-23309 NVIDIA Triton, AI Server Vulnerabilities CVE-2023-31029 & CVE-2023-31024 - CVE‑2024-0112

NVIDIA GPU Driver Patches Multiple High-Severity Flaws Risking RCE and Privilege Escalation

Ddos October 10, 2025

NVIDIA has released an important software security update for its GPU Display Driver, addressing multiple vulnerabilities that...

TP-Link Router Flaw CVE-2023-28760 Allows Root RCE via LAN, PoC Available TP-Link RCE, MiniDLNA Overflow

TP-Link Router Flaw CVE-2023-28760 Allows Root RCE via LAN, PoC Available

Ddos October 10, 2025

Security researcher Rocco Calvi detailed a critical flaw in the TP-Link AX1800 WiFi 6 Router (Archer AX21/AX20)...

Critical Flowise RCE Flaw: CVE-2025-61913 (CVSS 10.0) Allows Arbitrary File Write Flowise Sandbox Escape CVE-2026-46442 Flowise RCE Flowise Auth Bypass, Unauthenticated Registration Flowise RCE, WriteFileTool FlowiseAI, account takeover CVE-2025-58434

Flowise Sandbox Escape CVE-2026-46442 Flowise RCE Flowise Auth Bypass, Unauthenticated Registration Flowise RCE, WriteFileTool FlowiseAI, account takeover CVE-2025-58434

Critical Flowise RCE Flaw: CVE-2025-61913 (CVSS 10.0) Allows Arbitrary File Write

Ddos October 9, 2025

The maintainers of Flowise, an open-source generative AI development platform for building AI agents and LLM workflows,...

High-Severity Deno Flaw CVE-2025-61787 Allows Command Injection on Windows CVE-2023-28445 Deno Command Injection, CVE-2025-61787

High-Severity Deno Flaw CVE-2025-61787 Allows Command Injection on Windows

Ddos October 9, 2025

The Deno project has issued a new security advisory warning of a command injection vulnerability on Windows...

OpenSSH Flaw (CVE-2025-61984) Allows Remote Code Execution via Usernames CVE-2023-48795 - Terrapin Attack OpenSSH RCE, ProxyCommand Injection

OpenSSH Flaw (CVE-2025-61984) Allows Remote Code Execution via Usernames

Ddos October 8, 2025

Security researcher David Leadbeater has disclosed a vulnerability in OpenSSH, identified as CVE-2025-61984, which highlights how even...

Qt Fixes Dual Critical Vulnerabilities (CVE-2025-10728 & CVE-2025-10729) in SVG Module Qt SVG RCE, CVE-2025-10729 CVE-2024-33861

Qt Fixes Dual Critical Vulnerabilities (CVE-2025-10728 & CVE-2025-10729) in SVG Module

Ddos October 7, 2025

The Qt Group has released a critical security advisory addressing two severe vulnerabilities in the Qt SVG...

Oracle EBS Zero-Day (CVE-2025-61882) Under Active RCE Exploitation by GRACEFUL SPIDER Oracle EBS Zero-Day, GRACEFUL SPIDER Cracked Software, Supply Chain Attack Black Basta - NOVA stealer

Oracle EBS Zero-Day, GRACEFUL SPIDER Cracked Software, Supply Chain Attack Black Basta - NOVA stealer

Oracle EBS Zero-Day (CVE-2025-61882) Under Active RCE Exploitation by GRACEFUL SPIDER

Ddos October 7, 2025

CrowdStrike has sounded the alarm on an ongoing mass exploitation campaign targeting Oracle E-Business Suite (EBS) applications...

Critical RCE (CVE-2025-10035) in GoAnywhere MFT Used by Medusa Ransomware Group Quest KACE Vulnerability CVE-2025-32975 FortiGate SSO Bypass, Active Exploitation GoAnywhere RCE, Storm-1175 Cisco VPN RCE, ASA Zero-Day TinyColor Supply Chain Attack SK Telecom, data breach Erlang/OTP RCE, OT Network Security Ivanti CSA Attacks WordPress RCE, Theme Vulnerability

Quest KACE Vulnerability CVE-2025-32975 FortiGate SSO Bypass, Active Exploitation GoAnywhere RCE, Storm-1175 Cisco VPN RCE, ASA Zero-Day TinyColor Supply Chain Attack SK Telecom, data breach Erlang/OTP RCE, OT Network Security Ivanti CSA Attacks WordPress RCE, Theme Vulnerability

Critical RCE (CVE-2025-10035) in GoAnywhere MFT Used by Medusa Ransomware Group

Ddos October 7, 2025

Microsoft Threat Intelligence has issued a warning following the discovery of active exploitation of a newly disclosed...

Critical Flaw CVE-2025-36356 (CVSS 9.3) in IBM Security Verify Access Allows Root Privilege Escalation IBM API Connect, CVE-2025-13915 IBM Privilege Escalation, CVE-2025-36356 IBM Power Systems - CVE-2024-45656 CVE-2024-49814 and CVE-2024-51450 CVE-2024-56346 and CVE-2024-56347 CVE-2025-1302

IBM API Connect, CVE-2025-13915 IBM Privilege Escalation, CVE-2025-36356 IBM Power Systems - CVE-2024-45656 CVE-2024-49814 and CVE-2024-51450 CVE-2024-56346 and CVE-2024-56347 CVE-2025-1302

Critical Flaw CVE-2025-36356 (CVSS 9.3) in IBM Security Verify Access Allows Root Privilege Escalation

Ddos October 7, 2025

IBM has released fixes for three security vulnerabilities affecting its IBM Security Verify Access and IBM Verify...

Rapid7 Details Cisco ASA Zero-Day Exploit Chain (CVE-2025-20362 & CVE-2025-20333)

Ddos October 7, 2025

Security researchers at Rapid7 have published a detailed technical analysis uncovering how a pair of zero-day vulnerabilities...

Snipe-IT Flaw Chained: XSS (CVE-2025-59712) to RCE (CVE-2025-59713) Achieves Full Server Compromise, PoC Released Snipe-IT RCE Chain, Deserialization

Snipe-IT Flaw Chained: XSS (CVE-2025-59712) to RCE (CVE-2025-59713) Achieves Full Server Compromise, PoC Released

Ddos October 7, 2025

Cybersecurity researchers at Synacktiv have uncovered two critical vulnerabilities in Snipe-IT, an open-source IT asset management system,...

Unity Flaw CVE-2025-59489 Allows Local Code Execution in Millions of Games Unity RCE, CVE-2025-59489

Unity Flaw CVE-2025-59489 Allows Local Code Execution in Millions of Games

Ddos October 6, 2025

A serious vulnerability in the Unity Runtime, tracked as CVE-2025-59489 (CVSS 8.4), has been discovered by security...

RCE Flaw CVE-2025-10547 in DrayTek Vigor Routers Allows Unauthenticated Root Access DrayTek Vigor RCE, CVE-2025-10547 Router security, TheMoon malware

DrayTek Vigor RCE, CVE-2025-10547 Router security, TheMoon malware

RCE Flaw CVE-2025-10547 in DrayTek Vigor Routers Allows Unauthenticated Root Access

Ddos October 6, 2025

A newly disclosed vulnerability in DrayTek’s Vigor routers, tracked as CVE-2025-10547, could allow remote attackers to execute...

CVE-2025-61882 (CVSS 9.8): Critical RCE Flaw in Oracle E-Business Suite CVE-2025-21535 Oracle EBS RCE, CVE-2025-61882

CVE-2025-61882 (CVSS 9.8): Critical RCE Flaw in Oracle E-Business Suite

Ddos October 6, 2025

Oracle has issued an emergency Security Alert addressing a critical vulnerability (CVE-2025-61882) in Oracle E-Business Suite, warning...

Critical Flaw CVE-2025-49844 (CVSS 10.0) Allows Remote Code Execution in Redis Redis XACKDEL RCE, Google Big Sleep CVE-2023-41056 Redis licensing, AGPL Redis RCE, Lua Use-After-Free CVE-2025-49844

Redis XACKDEL RCE, Google Big Sleep CVE-2023-41056 Redis licensing, AGPL Redis RCE, Lua Use-After-Free CVE-2025-49844

Critical Flaw CVE-2025-49844 (CVSS 10.0) Allows Remote Code Execution in Redis

Ddos October 6, 2025

Redis, the popular open-source in-memory data store widely used for real-time analytics, caching, and message brokering, has...

Critical Flaw CVE-2025-52906 (CVSS 9.3) Allows Unauthenticated RCE on TOTOLINK X6000R Routers CVE-2024-1468 TOTOLINK RCE, Router Vulnerability

Critical Flaw CVE-2025-52906 (CVSS 9.3) Allows Unauthenticated RCE on TOTOLINK X6000R Routers

Ddos October 2, 2025

Researchers from Unit 42, Palo Alto Networks’ threat intelligence team, have disclosed three newly discovered vulnerabilities in...

CISA Warns of Critical RCE Flaw (CVE-2025-10659, CVSS 9.8) in Megasys Telenium Online Web Application WD Discovery Vulnerability CVE-2025-30248 binary-parser Vulnerability CVE-2026-1245 H3C RCE Vulnerability CVE-2025-60262 Telenium RCE, CVE-2025-10659 Fuel station security, ICS vulnerabilities FreePBX vulnerability CVE-2024-9478 & CVE-2024-9479 SysTrack Vulnerability, Privilege Escalation

WD Discovery Vulnerability CVE-2025-30248 binary-parser Vulnerability CVE-2026-1245 H3C RCE Vulnerability CVE-2025-60262 Telenium RCE, CVE-2025-10659 Fuel station security, ICS vulnerabilities FreePBX vulnerability CVE-2024-9478 & CVE-2024-9479 SysTrack Vulnerability, Privilege Escalation

CISA Warns of Critical RCE Flaw (CVE-2025-10659, CVSS 9.8) in Megasys Telenium Online Web Application

Ddos October 2, 2025

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a security advisory warning of a critical...