rce Archives • Page 21 of 30 • Daily CyberSecurity

Critical RCE Flaw (CVE-2025-54782) in NestJS DevTools Allows Remote Code Execution NestJS Vulnerability, Remote Code Execution

Critical RCE Flaw (CVE-2025-54782) in NestJS DevTools Allows Remote Code Execution

Do Son August 4, 2025

A critical vulnerability has been uncovered in the @nestjs/devtools-integration package—a component of the popular NestJS framework for...

Prompt Injection to Code Execution: Cursor Code Editor Hit by Critical MCP Vulnerabilities (CVE-2025-54135 & CVE-2025-54136) Cursor Vulnerability, MCP Security

Prompt Injection to Code Execution: Cursor Code Editor Hit by Critical MCP Vulnerabilities (CVE-2025-54135 & CVE-2025-54136)

Do Son August 4, 2025

Cursor, an AI-powered code editor that promises to “understand your codebase and help you code faster,” has...

Critical Squid Vulnerability (CVE-2025-54574) Allows Remote Code Execution & Data Leakage CVE-2024-45802 Squid Vulnerability, Remote Code Execution CVE-2025-54574

CVE-2024-45802 Squid Vulnerability, Remote Code Execution CVE-2025-54574

Critical Squid Vulnerability (CVE-2025-54574) Allows Remote Code Execution & Data Leakage

Do Son August 4, 2025

The Squid Project has issued an urgent advisory for CVE-2025-54574 (CVSS 9.3), a heap buffer overflow bug...

Critical HashiCorp Vault Flaw (CVE-2025-6000) Allows Code Execution for Privileged Users CVE-2025-6000 CVE-2024-2048 HashiCorp Vault, RCE Vulnerability

CVE-2025-6000 CVE-2024-2048 HashiCorp Vault, RCE Vulnerability

Critical HashiCorp Vault Flaw (CVE-2025-6000) Allows Code Execution for Privileged Users

Do Son August 4, 2025

In a recently disclosed advisory, HashiCorp has patched a critical vulnerability—CVE-2025-6000—in Vault, its industry-standard secrets management solution....

Critical SUSE Manager Flaw (CVSS 9.8) Allows Unauthenticated Root RCE on All Clients – PoC Available! SUSE Manager, Remote Code Execution

Critical SUSE Manager Flaw (CVSS 9.8) Allows Unauthenticated Root RCE on All Clients – PoC Available!

Do Son July 31, 2025

SUSE has issued a high-severity security advisory for CVE-2025-46811, a critical vulnerability in SUSE Manager that allows...

Critical RCE Flaw (CVE-2025-5394) in “Alone” WordPress Theme Actively Exploited, Allowing Full Site Takeover Quest KACE Vulnerability CVE-2025-32975 FortiGate SSO Bypass, Active Exploitation GoAnywhere RCE, Storm-1175 Cisco VPN RCE, ASA Zero-Day TinyColor Supply Chain Attack SK Telecom, data breach Erlang/OTP RCE, OT Network Security Ivanti CSA Attacks WordPress RCE, Theme Vulnerability

Quest KACE Vulnerability CVE-2025-32975 FortiGate SSO Bypass, Active Exploitation GoAnywhere RCE, Storm-1175 Cisco VPN RCE, ASA Zero-Day TinyColor Supply Chain Attack SK Telecom, data breach Erlang/OTP RCE, OT Network Security Ivanti CSA Attacks WordPress RCE, Theme Vulnerability

Critical RCE Flaw (CVE-2025-5394) in “Alone” WordPress Theme Actively Exploited, Allowing Full Site Takeover

Do Son July 30, 2025

A critical-severity vulnerability in the popular Alone – Charity Multipurpose Non-profit WordPress Theme has left thousands of...

Critical CodeIgniter Flaw (CVSS 9.8) Allows Remote Code Execution, Over 2.9 Million Downloads at Risk CodeIgniter vulnerability, arbitrary code execution, CVE-2026-48062, CVE-2024-47823 CVE-2023-32692 CodeIgniter RCE, ImageMagick Vulnerability

CodeIgniter vulnerability, arbitrary code execution, CVE-2026-48062, CVE-2024-47823 CVE-2023-32692 CodeIgniter RCE, ImageMagick Vulnerability

Critical CodeIgniter Flaw (CVSS 9.8) Allows Remote Code Execution, Over 2.9 Million Downloads at Risk

Do Son July 29, 2025

Developers relying on CodeIgniter, one of the most widely adopted PHP full-stack web frameworks with over 2.9...

Critical Command Injection (CVE-2025-54416) in tj-actions/branch-names GitHub Action Exposes 5,000+ Repos GitHub Actions Vulnerability, Command Injection

GitHub Actions Vulnerability, Command Injection

Critical Command Injection (CVE-2025-54416) in tj-actions/branch-names GitHub Action Exposes 5,000+ Repos

Do Son July 28, 2025

A critical command injection vulnerability has been disclosed in the widely used GitHub Action tj-actions/branch-names, affecting over...

RCE, SSRF & Data Exposure: Salesforce Patches 8 Serious Flaws in Tableau Server Tableau Server Vulnerabilities, Remote Code Execution

RCE, SSRF & Data Exposure: Salesforce Patches 8 Serious Flaws in Tableau Server

Do Son July 28, 2025

Salesforce has released a security advisory addressing eight serious vulnerabilities affecting multiple versions of Tableau Server, the...

Popular ‘is’ JavaScript Library & Others Compromised in npm Supply Chain Attack Cemu emulator Linux malware Blitz Brigantine AOBackdoor GitHub Malware Campaign StealC Infostealer TamperedChef Malware, SEO Poisoning Carbanak malware RubyGems Supply Chain, Infostealer

Cemu emulator Linux malware Blitz Brigantine AOBackdoor GitHub Malware Campaign StealC Infostealer TamperedChef Malware, SEO Poisoning Carbanak malware RubyGems Supply Chain, Infostealer

Popular ‘is’ JavaScript Library & Others Compromised in npm Supply Chain Attack

Do Son July 26, 2025

The lightweight JavaScript utility library is is a widely popular project on the NPM platform, boasting over...

Buffer Overflows & XSS in SonicWall SMA 100 Expose Devices to RCE – Patch Immediately! SonicWall Firewall CVE-2024-40766 SonicWall SMA Vulnerabilities, Web Interface Flaws

SonicWall Firewall CVE-2024-40766 SonicWall SMA Vulnerabilities, Web Interface Flaws

Buffer Overflows & XSS in SonicWall SMA 100 Expose Devices to RCE – Patch Immediately!

Do Son July 24, 2025

SonicWall has released a security updates for its Secure Mobile Access (SMA) 100 series appliances, addressing three...

shell-quote command injection AI-Driven Vulnerabilities Q1 2026 Cyber Threats vm2 Sandbox Escape Node.js RCE upKeeper Privilege Escalation CVE-2026-2449 Pharos Controls Vulnerability Root Access Exploit Cybersecurity Vulnerability Roundup CVSS 10.0 Flaws Shadow Archives CVE-2026-0866 MS-Agent Prompt Injection CVE-2026-2256 basic-ftp Path Traversal CVE-2026-27699 telnetd Root Vulnerability CVE-1999-0073 Regression USR-W610 Vulnerabilities End-of-Life IoT Security IceWarp Security Update IceWarp Vulnerabilities Airleader Master Vulnerability CVE-2026-1358 ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

Critical Flaws in Weidmueller Industrial Routers Allow Unauthenticated RCE

Do Son July 24, 2025

In a recent security advisory coordinated by CERT@VDE, Weidmueller has disclosed multiple critical vulnerabilities affecting its IE-SR-2TX...

TP-Link NVR Update: Command Injection Flaws Expose Devices to Remote Code Execution

Do Son July 24, 2025

TP-Link has issued a security advisory warning users of two critical operating system command injection vulnerabilities affecting...

CVE-2025-31700 & CVE-2025-31701: Buffer Overflow Flaws in Dahua IP Cameras Expose Devices to RCE Dahua product vulnerabilities, Dahua security advisory, CVE-2026-29114, CVE-2026-29115, CVE-2026-29116 Dahua IP Camera, Buffer Overflow Dahua IP cameras vulnerability

Dahua product vulnerabilities, Dahua security advisory, CVE-2026-29114, CVE-2026-29115, CVE-2026-29116 Dahua IP Camera, Buffer Overflow Dahua IP cameras vulnerability

CVE-2025-31700 & CVE-2025-31701: Buffer Overflow Flaws in Dahua IP Cameras Expose Devices to RCE

Do Son July 24, 2025

Dahua Technology has issued a security advisory addressing two high-severity vulnerabilities in its IP camera product line,...

18 Serious Flaws (CVSS up to 9.8) Expose Samsung MagicINFO 9 Servers to Full Compromise Samsung MagicINFO, Digital Signage Vulnerabilities

18 Serious Flaws (CVSS up to 9.8) Expose Samsung MagicINFO 9 Servers to Full Compromise

Do Son July 24, 2025

Samsung’s widely used MagicINFO 9 Server, a digital signage management platform, was found multi security vulnerabilities. Security...

Metasploit Module Released for Actively Exploited Microsoft SharePoint Flaw CVE-2025-53770 SharePoint RCE, Metasploit Exploit

Metasploit Module Released for Actively Exploited Microsoft SharePoint Flaw CVE-2025-53770

Do Son July 23, 2025

A newly released Metasploit module highlights the critical threat posed by an actively exploited remote code execution...

Critical Arbitrary File Upload Vulnerability in SonicWall SMA 100 Series Devices SonicWall ES RCE, Code Integrity Bypass SonicWall SMA, Arbitrary File Upload SonicWall SMA100 - CVE-2024-40764

SonicWall ES RCE, Code Integrity Bypass SonicWall SMA, Arbitrary File Upload SonicWall SMA100 - CVE-2024-40764

Critical Arbitrary File Upload Vulnerability in SonicWall SMA 100 Series Devices

Do Son July 23, 2025

SonicWall has issued a critical security advisory for a newly identified vulnerability—CVE-2025-40599—affecting its SMA 100 series appliances,...

RCEs in Schneider Electric EcoStruxure Power Operation: Actively Exploited, Public PoCs Available FortiClient EMS exploitation Cisco FIRESTARTER Backdoor Arcane Door Campaign Dell RecoverPoint Zero-Day UNC6201 Espionage Notepad++ Compromise Supply Chain Attack Magento SessionReaper CVE-2025-54236 ShadowRay 2.0, AI-Generated Malware WordPress Auth Bypass, CVE-2025-5947 Exploited EcoStruxure Vulnerabilities, Industrial Control System UNC5820 - CVE-2014-2120 - CVE-2021-44207

FortiClient EMS exploitation Cisco FIRESTARTER Backdoor Arcane Door Campaign Dell RecoverPoint Zero-Day UNC6201 Espionage Notepad++ Compromise Supply Chain Attack Magento SessionReaper CVE-2025-54236 ShadowRay 2.0, AI-Generated Malware WordPress Auth Bypass, CVE-2025-5947 Exploited EcoStruxure Vulnerabilities, Industrial Control System UNC5820 - CVE-2014-2120 - CVE-2021-44207

RCEs in Schneider Electric EcoStruxure Power Operation: Actively Exploited, Public PoCs Available

Do Son July 23, 2025

The Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with Schneider Electric, has issued a security advisory...

Critical Flaw (CVE-2025-7783, CVSS 9.4) in Form-Data Library Exposes Millions of Apps to Multipart Injection & RCE Form-Data Vulnerability, Multipart Injection

Form-Data Vulnerability, Multipart Injection

Critical Flaw (CVE-2025-7783, CVSS 9.4) in Form-Data Library Exposes Millions of Apps to Multipart Injection & RCE

Do Son July 23, 2025

A critical vulnerability has been uncovered in the widely used JavaScript library Form-Data, impacting millions of applications...

Microsoft: China-Backed APTs Actively Exploiting SharePoint Flaws (CVE-2025-49704 & CVE-2025-49706) Fortinet patch bypass 2026, FortiGate SSO authentication exploit SharePoint Zero-Day, China APTs Exploited Vulnerabilities 2023

Fortinet patch bypass 2026, FortiGate SSO authentication exploit SharePoint Zero-Day, China APTs Exploited Vulnerabilities 2023

Microsoft: China-Backed APTs Actively Exploiting SharePoint Flaws (CVE-2025-49704 & CVE-2025-49706)

Do Son July 23, 2025

Last week, the Microsoft Security Response Center (MSRC) issued an urgent advisory regarding active exploitation of critical...