rce Archives • Page 6 of 29 • Daily CyberSecurity

Total CMS Takeover: Movable Type Patches Critical 9.8 CVSS Perl RCE Movable Type Vulnerability Perl RCE

Total CMS Takeover: Movable Type Patches Critical 9.8 CVSS Perl RCE

Ddos April 13, 2026

Six Apart Ltd. has issued an urgent security advisory for Movable Type, a long-standing content management system...

The CVE Watchtower: Weekly Threat Intelligence Briefing (April 6 – April 12, 2026) Vulnerability Digest Active Exploitation

The CVE Watchtower: Weekly Threat Intelligence Briefing (April 6 – April 12, 2026)

Ddos April 13, 2026

Welcome to this week’s vulnerability digest. As we close out the first full week of April, security...

CVE-2026-40175 (CVSS 10): Critical Axios Vulnerability and Exploit Code Disclosed Publicly Axios Vulnerability Cloud Hijacking Axios npm supply chain attack Axios Vulnerability Node.js DoS CVE-2025-58754 CVE-2025-27152 Axios Vulnerability, Form-Data Flaw

Axios Vulnerability Cloud Hijacking Axios npm supply chain attack Axios Vulnerability Node.js DoS CVE-2025-58754 CVE-2025-27152 Axios Vulnerability, Form-Data Flaw

CVE-2026-40175 (CVSS 10): Critical Axios Vulnerability and Exploit Code Disclosed Publicly

Ddos April 12, 2026

A critical security vulnerability in Axios, the ubiquitous promise-based HTTP client for Node.js and the browser, has...

Critical 9.8 CVSS Flaws in goshs Exposed goshs Exploit Path Traversal

Critical 9.8 CVSS Flaws in goshs Exposed

Ddos April 9, 2026

Security researchers have unmasked three critical vulnerabilities in goshs, a popular high-performance replacement for Python’s SimpleHTTPServer. The...

100,000+ Sites Exposed: Critical 9.8 CVSS Flaw Hits Everest Forms WordPress Plugin Everest Forms Vulnerability PHP Object Injection

100,000+ Sites Exposed: Critical 9.8 CVSS Flaw Hits Everest Forms WordPress Plugin

Ddos April 9, 2026

Everest Forms, a popular WordPress plugin trusted by over 100,000 websites for building everything from simple contact...

Sandbox Escape: Critical Flatpak Flaw Grants Full Host Access Flatpak Sandbox Escape CVE-2026-34078

Sandbox Escape: Critical Flatpak Flaw Grants Full Host Access

Ddos April 9, 2026

Flatpak, the widely-used system for building, distributing, and running sandboxed desktop applications on Linux, has been hit...

Beyond the URL: How “Cookie-Gated” Web Shells Hide Silent RCE in Plain Sight Cookie-Gated Web Shell Stealth C2

Beyond the URL: How “Cookie-Gated” Web Shells Hide Silent RCE in Plain Sight

Ddos April 9, 2026

A technical analysis from the Microsoft Defender Security Research Team has revealed that threat actors are increasingly...

CISA Warning: Critical Ivanti EPMM Code Injection Vulnerability Under Active Attack Ivanti EPMM Vulnerability CVE-2026-1340 CISA KEV Catalog CVE-2026-21385 CISA KEV Update CVE-2008-0015 CISA KEV, Array Networks Command Injection CVE-2025-0111 & CVE-2025-23209 CISA, Known Exploited Vulnerabilities

Ivanti EPMM Vulnerability CVE-2026-1340 CISA KEV Catalog CVE-2026-21385 CISA KEV Update CVE-2008-0015 CISA KEV, Array Networks Command Injection CVE-2025-0111 & CVE-2025-23209 CISA, Known Exploited Vulnerabilities

CISA Warning: Critical Ivanti EPMM Code Injection Vulnerability Under Active Attack

Ddos April 9, 2026

The Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical code injection vulnerability in Ivanti...

CVE-2026-34208 (CVSS 10): Critical Sandbox Escape Uncovered in SandboxJS SandboxJS Escape Host Object Poisoning SandboxJS Vulnerability CVE-2026-26954

SandboxJS Escape Host Object Poisoning SandboxJS Vulnerability CVE-2026-26954

CVE-2026-34208 (CVSS 10): Critical Sandbox Escape Uncovered in SandboxJS

Ddos April 8, 2026

In the world of secure software development, sandboxing is the ultimate safety net—a controlled environment designed to...

Apache ActiveMQ Patches RCE and Path Traversal Flaws ActiveMQ RCE Jolokia Exploit ActiveMQ CVE-2025-27533 ActiveMQ Deserialization RCE, CVE-2025-54539

ActiveMQ RCE Jolokia Exploit ActiveMQ CVE-2025-27533 ActiveMQ Deserialization RCE, CVE-2025-54539

Apache ActiveMQ Patches RCE and Path Traversal Flaws

Ddos April 8, 2026

Apache ActiveMQ, the widely used open-source message broker, has released critical security updates to address two vulnerabilities...

Weaver E-cology RCE CVE-2026-22679 CVE-2026-20127 Cisco SD-WAN Exploitation AI-Driven Cyberattack ARXON Malware React Server Components Vulnerability CVE-2025-55182 FortiWeb Auth Bypass, Unauthenticated Admin Takeover RayInitiator Bootkit, LINE VIPER CVE-2025-59689 Department of the Treasury cybersecurity - CVE-2025-0108 PoC CVE-2025-31103 Dior Data Breach SK Telecom data breach, long-term intrusion

Critical Zero-Day: Unauthenticated RCE Exploited in Weaver E-cology 10.0

Ddos April 8, 2026

A critical security vulnerability, tracked as CVE-2026-22679, has been identified in Weaver (Fanwei) E-cology 10.0, one of...

Exploited in the Wild: Critical 9.3 CVSS Flaw Turns Tianxin Systems into Hacker Gateways PAN-OS Root RCE CL-STA-1132 Exploitation Tianxin RCE CVE-2021-4473 React Native Supply Chain Attack AstrOOnauta Malware Gladinet Zero-Day, LFI RCE Chain WordPress Theme, Account Takeover CVE-2024-50623 - European Space Agency cyberattack

PAN-OS Root RCE CL-STA-1132 Exploitation Tianxin RCE CVE-2021-4473 React Native Supply Chain Attack AstrOOnauta Malware Gladinet Zero-Day, LFI RCE Chain WordPress Theme, Account Takeover CVE-2024-50623 - European Space Agency cyberattack

Exploited in the Wild: Critical 9.3 CVSS Flaw Turns Tianxin Systems into Hacker Gateways

Ddos April 8, 2026

A critical security vulnerability, tracked as CVE-2021-4473, has been identified in the Tianxin Internet Behavior Management System....

Zero-Day Alert: Sophisticated PDF Exploit Targets Adobe Reader for Massive Data Theft Adobe Reader Zero-Day PDF Exploit

Zero-Day Alert: Sophisticated PDF Exploit Targets Adobe Reader for Massive Data Theft

Ddos April 8, 2026

A highly-sophisticated zero-day exploit has been discovered targeting Adobe Reader users, allowing attackers to steal local files...

Budibase Patches Critical RCE and SSRF Vulnerabilities Budibase RCE SSRF Vulnerability Budibase Vulnerabilities Authentication Bypass

Budibase Patches Critical RCE and SSRF Vulnerabilities

Ddos April 7, 2026

Budibase, the popular open-source low-code platform used by engineers to rapidly build internal tools, has released urgent...

10.0 CVSS Flaw in Kestra Grants Full Server Control Kestra RCE SQL Injection Vulnerability

10.0 CVSS Flaw in Kestra Grants Full Server Control

Ddos April 7, 2026

A critical security vulnerability has been unmasked in Kestra, the popular open-source, event-driven orchestration platform. The flaw,...

Ninja Forms Alert: Critical 9.8 RCE Vulnerability Under Active Attack Ninja Forms RCE WordPress Vulnerability

Ninja Forms Alert: Critical 9.8 RCE Vulnerability Under Active Attack

Ddos April 6, 2026

In a major alert for the WordPress community, a critical security flaw has been disclosed in the...

CVE-2026-34838 (CVSS 10): Critical RCE Flaw Uncovered in GroupOffice CRM GroupOffice RCE, Insecure Deserialization

CVE-2026-34838 (CVSS 10): Critical RCE Flaw Uncovered in GroupOffice CRM

Ddos April 6, 2026

In a significant discovery for enterprises and public sector organizations, a critical security vulnerability has been unmasked...

Critical RCE and SQLi Flaws Shatter mbCONNECT24 Industrial Security mbCONNECT24 Vulnerabilities Industrial RCE

Critical RCE and SQLi Flaws Shatter mbCONNECT24 Industrial Security

Ddos April 6, 2026

In a significant alert for the industrial automation sector, CERT@VDE has disclosed a series of high-severity vulnerabilities...

Exploit Code Live: Full Technical Details and PoC Disclosed for Critical CWP RCE Vulnerability CWP RCE PoC Disclosed

Exploit Code Live: Full Technical Details and PoC Disclosed for Critical CWP RCE Vulnerability

Ddos April 6, 2026

A severe security failure has been unearthed in Control Web Panel (CWP)—formerly known as CentOS Web Panel—that...

Double Agents in the Cloud: Unit 42 Unmasks Critical AI Vulnerabilities in Google Vertex AI Vertex AI Security AI Double Agents

Double Agents in the Cloud: Unit 42 Unmasks Critical AI Vulnerabilities in Google Vertex AI

Ddos April 6, 2026

As organizations race to integrate autonomous systems into their workflows, a new and subtle threat is emerging...