rce Archives • Page 6 of 30 • Daily CyberSecurity

Maximum Severity RCE Vulnerability Decimating Paperclip AI Instances Paperclip RCE AI Agent Security Paperclip RCE Cross-Tenant AI Takeover

Paperclip RCE AI Agent Security Paperclip RCE Cross-Tenant AI Takeover

Maximum Severity RCE Vulnerability Decimating Paperclip AI Instances

Do Son April 14, 2026

Paperclip—a Node.js and React-based platform—has become a popular choice for businesses looking to deploy teams of AI...

Hijacking the Soundboard: Critical 9.8 RCE Flaws Hit Ubiquiti UniFi Play Audio UniFi OS vulnerabilities, Ubiquiti security flaws, CVE-2026-47367, CVE-2026-47369, CVE-2026-47370 Ubiquiti UniFi OS Vulnerabilities UniFi OS Firmware Update 2026 UniFi Play Vulnerability Critical RCE Patch Ubiquiti UniFi Vulnerability CVE-2026-22557

UniFi OS vulnerabilities, Ubiquiti security flaws, CVE-2026-47367, CVE-2026-47369, CVE-2026-47370 Ubiquiti UniFi OS Vulnerabilities UniFi OS Firmware Update 2026 UniFi Play Vulnerability Critical RCE Patch Ubiquiti UniFi Vulnerability CVE-2026-22557

Hijacking the Soundboard: Critical 9.8 RCE Flaws Hit Ubiquiti UniFi Play Audio

Do Son April 14, 2026

Ubiquiti has issued an urgent security advisory for its UniFi Play audio lineup, addressing a suite of...

Apache NiFi Patches High-Severity Code Execution Flaw Apache NiFi RCE CVE-2026-39816 Apache NiFi Vulnerability CVE-2026-25903 Apache NiFi Deserialization, GetAsanaObject Vulnerability CVE-2024-52067 - CVE-2024-56512 CVE-2025-27017

Apache NiFi RCE CVE-2026-39816 Apache NiFi Vulnerability CVE-2026-25903 Apache NiFi Deserialization, GetAsanaObject Vulnerability CVE-2024-52067 - CVE-2024-56512 CVE-2025-27017

Apache NiFi Patches High-Severity Code Execution Flaw

Do Son April 14, 2026

Apache NiFi, a cornerstone for automating complex data pipelines and generative AI distribution worldwide, has addressed a...

High-Severity RCE and XSS Vulnerabilities Patched in Apache Storm 2.8.6 Apache Storm RCE Deserialization Vulnerability

High-Severity RCE and XSS Vulnerabilities Patched in Apache Storm 2.8.6

Do Son April 13, 2026

Apache Storm, the distributed realtime computation system known for processing unbounded streams of data, has released a...

LiteLLM Under Fire: Triple Threat Vulnerabilities Expose AI Gateways to Total Takeover LiteLLM SQL Injection CVE-2026-42208 LiteLLM Vulnerability AI Infrastructure Security

LiteLLM SQL Injection CVE-2026-42208 LiteLLM Vulnerability AI Infrastructure Security

LiteLLM Under Fire: Triple Threat Vulnerabilities Expose AI Gateways to Total Takeover

Do Son April 13, 2026

LiteLLM, the popular open-source library used to provide a unified interface for over 100 Large Language Models...

Supply Chain Alert: Critical 9.4 CVSS RCE Hits Sonatype Nexus Repository Manager Nexus Repository RCE Supply Chain Security Nexus Repository Manager - CVE-2024-5082 & CVE-2024-5083

Supply Chain Alert: Critical 9.4 CVSS RCE Hits Sonatype Nexus Repository Manager

Do Son April 13, 2026

Security teams across the globe are being urged to move quickly as Sonatype has disclosed a critical...

Under 10 Hours: The marimo Terminal RCE Exploited in a Record-Breaking AI Sprint marimo Terminal RCE AI-Assisted Exploitation

Under 10 Hours: The marimo Terminal RCE Exploited in a Record-Breaking AI Sprint

Do Son April 13, 2026

A critical flaw in marimo, a popular reactive Python notebook platform, has become the latest case study...

Total CMS Takeover: Movable Type Patches Critical 9.8 CVSS Perl RCE Movable Type Vulnerability Perl RCE

Total CMS Takeover: Movable Type Patches Critical 9.8 CVSS Perl RCE

Do Son April 13, 2026

Six Apart Ltd. has issued an urgent security advisory for Movable Type, a long-standing content management system...

The CVE Watchtower: Weekly Threat Intelligence Briefing (April 6 – April 12, 2026) Vulnerability Digest Active Exploitation

The CVE Watchtower: Weekly Threat Intelligence Briefing (April 6 – April 12, 2026)

Do Son April 13, 2026

Welcome to this week’s vulnerability digest. As we close out the first full week of April, security...

CVE-2026-40175 (CVSS 10): Critical Axios Vulnerability and Exploit Code Disclosed Publicly Axios proxy vulnerabilities prototype pollution gadget Axios Vulnerability Cloud Hijacking Axios npm supply chain attack Axios Vulnerability Node.js DoS CVE-2025-58754 CVE-2025-27152 Axios Vulnerability, Form-Data Flaw

Axios proxy vulnerabilities prototype pollution gadget Axios Vulnerability Cloud Hijacking Axios npm supply chain attack Axios Vulnerability Node.js DoS CVE-2025-58754 CVE-2025-27152 Axios Vulnerability, Form-Data Flaw

CVE-2026-40175 (CVSS 10): Critical Axios Vulnerability and Exploit Code Disclosed Publicly

Do Son April 12, 2026

A critical security vulnerability in Axios, the ubiquitous promise-based HTTP client for Node.js and the browser, has...

Critical 9.8 CVSS Flaws in goshs Exposed goshs Exploit Path Traversal

Critical 9.8 CVSS Flaws in goshs Exposed

Do Son April 9, 2026

Security researchers have unmasked three critical vulnerabilities in goshs, a popular high-performance replacement for Python’s SimpleHTTPServer. The...

100,000+ Sites Exposed: Critical 9.8 CVSS Flaw Hits Everest Forms WordPress Plugin Everest Forms Vulnerability PHP Object Injection

100,000+ Sites Exposed: Critical 9.8 CVSS Flaw Hits Everest Forms WordPress Plugin

Do Son April 9, 2026

Everest Forms, a popular WordPress plugin trusted by over 100,000 websites for building everything from simple contact...

Sandbox Escape: Critical Flatpak Flaw Grants Full Host Access Flatpak Sandbox Escape CVE-2026-34078

Sandbox Escape: Critical Flatpak Flaw Grants Full Host Access

Do Son April 9, 2026

Flatpak, the widely-used system for building, distributing, and running sandboxed desktop applications on Linux, has been hit...

Beyond the URL: How “Cookie-Gated” Web Shells Hide Silent RCE in Plain Sight Cookie-Gated Web Shell Stealth C2

Beyond the URL: How “Cookie-Gated” Web Shells Hide Silent RCE in Plain Sight

Do Son April 9, 2026

A technical analysis from the Microsoft Defender Security Research Team has revealed that threat actors are increasingly...

CISA Warning: Critical Ivanti EPMM Code Injection Vulnerability Under Active Attack Ivanti EPMM Vulnerability CVE-2026-1340 CISA KEV Catalog CVE-2026-21385 CISA KEV Update CVE-2008-0015 CISA KEV, Array Networks Command Injection CVE-2025-0111 & CVE-2025-23209 CISA, Known Exploited Vulnerabilities

Ivanti EPMM Vulnerability CVE-2026-1340 CISA KEV Catalog CVE-2026-21385 CISA KEV Update CVE-2008-0015 CISA KEV, Array Networks Command Injection CVE-2025-0111 & CVE-2025-23209 CISA, Known Exploited Vulnerabilities

CISA Warning: Critical Ivanti EPMM Code Injection Vulnerability Under Active Attack

Do Son April 9, 2026

The Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical code injection vulnerability in Ivanti...

CVE-2026-34208 (CVSS 10): Critical Sandbox Escape Uncovered in SandboxJS SandboxJS Escape Host Object Poisoning SandboxJS Vulnerability CVE-2026-26954

SandboxJS Escape Host Object Poisoning SandboxJS Vulnerability CVE-2026-26954

CVE-2026-34208 (CVSS 10): Critical Sandbox Escape Uncovered in SandboxJS

Do Son April 8, 2026

In the world of secure software development, sandboxing is the ultimate safety net—a controlled environment designed to...

Apache ActiveMQ Patches RCE and Path Traversal Flaws ActiveMQ RCE Jolokia Exploit ActiveMQ CVE-2025-27533 ActiveMQ Deserialization RCE, CVE-2025-54539

ActiveMQ RCE Jolokia Exploit ActiveMQ CVE-2025-27533 ActiveMQ Deserialization RCE, CVE-2025-54539

Apache ActiveMQ Patches RCE and Path Traversal Flaws

Do Son April 8, 2026

Apache ActiveMQ, the widely used open-source message broker, has released critical security updates to address two vulnerabilities...

Weaver E-cology RCE CVE-2026-22679 CVE-2026-20127 Cisco SD-WAN Exploitation AI-Driven Cyberattack ARXON Malware React Server Components Vulnerability CVE-2025-55182 FortiWeb Auth Bypass, Unauthenticated Admin Takeover RayInitiator Bootkit, LINE VIPER CVE-2025-59689 Department of the Treasury cybersecurity - CVE-2025-0108 PoC CVE-2025-31103 Dior Data Breach SK Telecom data breach, long-term intrusion

Critical Zero-Day: Unauthenticated RCE Exploited in Weaver E-cology 10.0

Do Son April 8, 2026

A critical security vulnerability, tracked as CVE-2026-22679, has been identified in Weaver (Fanwei) E-cology 10.0, one of...

Exploited in the Wild: Critical 9.3 CVSS Flaw Turns Tianxin Systems into Hacker Gateways PAN-OS Root RCE CL-STA-1132 Exploitation Tianxin RCE CVE-2021-4473 React Native Supply Chain Attack AstrOOnauta Malware Gladinet Zero-Day, LFI RCE Chain WordPress Theme, Account Takeover CVE-2024-50623 - European Space Agency cyberattack