rce Archives • Page 3 of 30 • Daily CyberSecurity

Critical OpenMRS Flaws Enable Patient Data Theft and Remote Server Takeover OpenMRS RCE Vulnerability CVE-2026-41258

Critical OpenMRS Flaws Enable Patient Data Theft and Remote Server Takeover

Do Son May 6, 2026

OpenMRS, the world’s leading open-source electronic medical record (EMR) platform used extensively in resource-constrained environments, has issued...

Critical 9.0 CVSS Flaw in Thymeleaf Enables Remote Server Injection Thymeleaf SSTI Bypass CVE-2026-41901 Thymeleaf SSTI CVE-2026-40477

Critical 9.0 CVSS Flaw in Thymeleaf Enables Remote Server Injection

Do Son May 6, 2026

The Thymeleaf project, a cornerstone for Java developers building modern server-side web applications, has issued a critical...

shell-quote command injection AI-Driven Vulnerabilities Q1 2026 Cyber Threats vm2 Sandbox Escape Node.js RCE upKeeper Privilege Escalation CVE-2026-2449 Pharos Controls Vulnerability Root Access Exploit Cybersecurity Vulnerability Roundup CVSS 10.0 Flaws Shadow Archives CVE-2026-0866 MS-Agent Prompt Injection CVE-2026-2256 basic-ftp Path Traversal CVE-2026-27699 telnetd Root Vulnerability CVE-1999-0073 Regression USR-W610 Vulnerabilities End-of-Life IoT Security IceWarp Security Update IceWarp Vulnerabilities Airleader Master Vulnerability CVE-2026-1358 ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

5.7 Million Users at Risk: Multiple 9.8 CVSS Breakthroughs Enable Remote Code Execution in vm2 Sandbox

Do Son May 6, 2026

The popular Node.js library vm2, a sandbox designed to run untrusted code with restricted access to built-in...

Rancher Flaw Allows Malicious Plugins to Hijack Kubernetes Clusters Rancher security flaws cluster privilege escalation Rancher Path Traversal CVE-2026-25705 Rancher Vulnerabilities, SAML Phishing CVE-2024-22036 Rancher, vulnerability

Rancher security flaws cluster privilege escalation Rancher Path Traversal CVE-2026-25705 Rancher Vulnerabilities, SAML Phishing CVE-2024-22036 Rancher, vulnerability

Rancher Flaw Allows Malicious Plugins to Hijack Kubernetes Clusters

Do Son May 5, 2026

The SUSE Rancher Security team has issued an urgent advisory regarding a high-severity vulnerability in Rancher, the...

Millions at Risk: Apache HTTP Server Fixes Critical Remote Code Execution Flaw CVE-2024-39884 Apache HTTP Server RCE CVE-2026-23918

Millions at Risk: Apache HTTP Server Fixes Critical Remote Code Execution Flaw

Do Son May 5, 2026

The Apache HTTP Server Project, the long-standing standard for secure and extensible web services on UNIX and...

Critical Zero-Click Android Flaw Grants Remote Shell Access Without Interaction Android Zero-Click RCE CVE-2026-0073 Android sideloading CVE-2024-43096, CVE-2024-43770, CVE-2024-43771, CVE-2024-49747 and, CVE-2024-49748

Android Zero-Click RCE CVE-2026-0073 Android sideloading CVE-2024-43096, CVE-2024-43770, CVE-2024-43771, CVE-2024-49747 and, CVE-2024-49748

Critical Zero-Click Android Flaw Grants Remote Shell Access Without Interaction

Do Son May 5, 2026

Google has issued an urgent warning in its May 2026 Android Security Bulletin regarding a critical vulnerability...

Maximum Severity Flaw: How a Newline Character Shattered Gotenberg’s PDF Security Gotenberg PDF RCE CVE-2026-40281

Maximum Severity Flaw: How a Newline Character Shattered Gotenberg’s PDF Security

Do Son May 5, 2026

Thousands of companies rely on Gotenberg, the Docker-based API for document-to-PDF conversion, to handle production workloads. However,...

Apache MINA Fixes Critical RCE Vulnerabilities Apache MINA flaws critical deserialization bypass Apache MINA Deserialization CVE-2026-42778 RCE Apache MINA RCE CVE-2026-41635

Apache MINA flaws critical deserialization bypass Apache MINA Deserialization CVE-2026-42778 RCE Apache MINA RCE CVE-2026-41635

Apache MINA Fixes Critical RCE Vulnerabilities

Do Son May 4, 2026

The Apache MINA project has issued a high-priority security release to address two critical vulnerabilities that were...

Active Exploitation in the Wild: Critical Qinglong Bypasses Fuel Covert Cryptomining Campaign Qinglong Vulnerability Active Exploitation GhostGrab Hybrid Malware, Monero Mining

Qinglong Vulnerability Active Exploitation GhostGrab Hybrid Malware, Monero Mining

Active Exploitation in the Wild: Critical Qinglong Bypasses Fuel Covert Cryptomining Campaign

Do Son May 4, 2026

Security researchers at Snyk have issued a warning regarding active, in-the-wild exploitation of Qinglong (青龙), a widely...

New DDoS Botnet Exploits Jenkins to Target Gaming Servers Jenkins DDoS Botnet Gaming Industry Cyberattacks

New DDoS Botnet Exploits Jenkins to Target Gaming Servers

Do Son May 1, 2026

Cybersecurity analysts at Darktrace have uncovered a new distributed denial-of-service (DDoS) botnet that specifically targets the video...

Critical Wazuh Vulnerability Enables Lateral Movement and Root Access Wazuh Cluster RCE CVE-2026-30893

Critical Wazuh Vulnerability Enables Lateral Movement and Root Access

Do Son April 30, 2026

Wazuh, the widely deployed open-source platform for threat detection and response, has addressed a critical path traversal...

High-Severity RCE and XSS Flaws Found in Popular CI/CD Jenkins Plugins Jenkins security advisory 2026, CVE-2026-53435, CVE-2026-53436 Jenkins Plugin RCE CI/CD Security Advisory Jenkins Vulnerability CVE-2026-33001 Jenkins CLI DoS, Coverage Plugin XSS Jenkins SAML Hijacking, Plaintext Secrets CVE-2023-43495 - Jenkins Vulnerability

Jenkins security advisory 2026, CVE-2026-53435, CVE-2026-53436 Jenkins Plugin RCE CI/CD Security Advisory Jenkins Vulnerability CVE-2026-33001 Jenkins CLI DoS, Coverage Plugin XSS Jenkins SAML Hijacking, Plaintext Secrets CVE-2023-43495 - Jenkins Vulnerability

High-Severity RCE and XSS Flaws Found in Popular CI/CD Jenkins Plugins

Do Son April 30, 2026

The Jenkins project has released a security advisory, addressing several vulnerabilities across its plugin ecosystem. The fixes...

Label Leak: Hardcoded Credentials in Snap One WattBox Devices Open Door to Root Access WattBox Vulnerability Root Access Exploit

Label Leak: Hardcoded Credentials in Snap One WattBox Devices Open Door to Root Access

Do Son April 29, 2026

A critical vulnerability has been identified in the Snap One WattBox 800 and 820 series power controllers....

NVIDIA FLARE Alert: Critical SDK Vulnerabilities Open Doors to Full System Takeover NVIDIA FLARE Vulnerability Federated Learning Security NVIDIA Jetson Linux Edge AI Security BioNeMo Vulnerability Insecure Deserialization NVIDIA RTX 50 Super delay NVIDIA Nsight Vulnerability Merlin Transformers4Rec NVIDIA AI Bubble $57 Billion Revenue H20 AI chip NVIDIA earnings Blackwell AI Nvidia DGX-1 Vulnerabilities CVE-2024-0143 NVIDIA Linux Gaming, VKD3D Performance

NVIDIA FLARE Vulnerability Federated Learning Security NVIDIA Jetson Linux Edge AI Security BioNeMo Vulnerability Insecure Deserialization NVIDIA RTX 50 Super delay NVIDIA Nsight Vulnerability Merlin Transformers4Rec NVIDIA AI Bubble $57 Billion Revenue H20 AI chip NVIDIA earnings Blackwell AI Nvidia DGX-1 Vulnerabilities CVE-2024-0143 NVIDIA Linux Gaming, VKD3D Performance

NVIDIA FLARE Alert: Critical SDK Vulnerabilities Open Doors to Full System Takeover

Do Son April 29, 2026

NVIDIA has issued an urgent software update for the NVIDIA FLARE SDK, addressing multiple security vulnerabilities that...

Git Push to Root: AI-Augmented Research Uncovers Critical GitHub RCE (CVE-2026-3854) GitHub RCE CVE-2026-3854

Git Push to Root: AI-Augmented Research Uncovers Critical GitHub RCE (CVE-2026-3854)

Do Son April 28, 2026

Wiz Research has unveiled a critical security flaw (CVE-2026-3854) within GitHub’s internal git infrastructure. The vulnerability, remarkably...

Race Against the Clock: The 10-Minute Window Granting Root RCE in Nginx UI Nginx UI RCE CVE-2026-42238 Nginx UI PoC CVE-2026-33032

Race Against the Clock: The 10-Minute Window Granting Root RCE in Nginx UI

Do Son April 28, 2026

A newly disclosed vulnerability, tracked as CVE-2026-42238, in Nginx UI, the popular web-based manager designed to simplify...

Apache Camel Under Fire: Multiple RCE Flaws Expose Critical Integration Infrastructure Apache Camel RCE Header Injection

Apache Camel Under Fire: Multiple RCE Flaws Expose Critical Integration Infrastructure

Do Son April 28, 2026

Apache Camel, the ubiquitous open-source integration framework used to connect disparate data systems, is facing a significant...

Patching the CVSS 10 RCE Hole in Gemini CLI Gemini CLI Security Update Headless RCE Patch

Patching the CVSS 10 RCE Hole in Gemini CLI

Do Son April 28, 2026

A critical update has been issued for Gemini CLI (@google/gemini-cli) and the run-gemini-cli GitHub Action to address...

Apache MINA Hit by Twin Critical RCE Flaws Apache MINA flaws critical deserialization bypass Apache MINA Deserialization CVE-2026-42778 RCE Apache MINA RCE CVE-2026-41635

Apache MINA Hit by Twin Critical RCE Flaws

Do Son April 28, 2026

Apache MINA is widely recognized as a foundational network application framework, designed to help users easily develop...

Critical 9.8 CVSS RCE Hijacks Pipecat Voice Agents Pipecat RCE CVE-2025-62373

Critical 9.8 CVSS RCE Hijacks Pipecat Voice Agents

Do Son April 27, 2026

A critical vulnerability has been disclosed in Pipecat, the popular open-source Python framework used to build voice...