Remote Code Execution Archives • Page 10 of 25 • Daily CyberSecurity

CVE-2025-54322 (CVSS 10): AI Agents Uncover Critical Zero-Day in Global Networking Gear Xspeeder Zero-Day CVE-2025-54322

CVE-2025-54322 (CVSS 10): AI Agents Uncover Critical Zero-Day in Global Networking Gear

Do Son December 29, 2025

A swarm of autonomous AI agents has successfully discovered a critical, unpatched vulnerability in networking gear used...

Critical Flaw in Livewire Exposes Laravel Apps to Stealthy RCE, PoC Releases CVE-2025-54068, Livewire RCE

Critical Flaw in Livewire Exposes Laravel Apps to Stealthy RCE, PoC Releases

Do Son December 26, 2025

Developers relying on Livewire, a cornerstone framework for building dynamic interfaces in Laravel, are facing a severe...

The Hard-Coded Backdoor: Critical 9.8 Severity NVIDIA Flaws Grant Total Control of AI Systems NVIDIA DGX Cloud restructuring, Dwight Diercks engineering shift NVIDIA Isaac Launchable, Hard-coded Credentials NVIDIA Merlin Deserialization, AI Pipeline RCE Triton DoS Flaws, AI Inference Server Security NVIDIA AI programming AI Chips China 800VDC Data Center, AI Power Architecture CVE-2024-0114 NVIDIA Container Toolkit vulnerability Container escape

NVIDIA DGX Cloud restructuring, Dwight Diercks engineering shift NVIDIA Isaac Launchable, Hard-coded Credentials NVIDIA Merlin Deserialization, AI Pipeline RCE Triton DoS Flaws, AI Inference Server Security NVIDIA AI programming AI Chips China 800VDC Data Center, AI Power Architecture CVE-2024-0114 NVIDIA Container Toolkit vulnerability Container escape

The Hard-Coded Backdoor: Critical 9.8 Severity NVIDIA Flaws Grant Total Control of AI Systems

Do Son December 24, 2025

NVIDIA has issued an urgent security update for its Isaac Launchable software, patching a trio of critical...

Critical Network Collapse: 9.8 Severity Net-SNMP Buffer Overflow Threatens Global Monitoring Systems Net-SNMP, CVE-2025-68615

Critical Network Collapse: 9.8 Severity Net-SNMP Buffer Overflow Threatens Global Monitoring Systems

Do Son December 24, 2025

A critical security vulnerability has been found in Net-SNMP, the ubiquitous software suite used globally for network...

“React2Shell” Exploited: New EtherRAT Malware Hunts for Crypto via Node.js NATS-as-C2 Sysdig CVE-2026-33017 Langflow RCE Microsoft Phone Link Hijack CloudZ Pheno Plugin Insider Threat BlackCat (ALPHV) OFAC Sanctions DPRK IT Workers Transparent Tribe APT36 React2Shell, EtherRAT SideWinder Espionage, Netlify Phishing DDNS Abuse, C2 Infrastructure Hacking Health Club

NATS-as-C2 Sysdig CVE-2026-33017 Langflow RCE Microsoft Phone Link Hijack CloudZ Pheno Plugin Insider Threat BlackCat (ALPHV) OFAC Sanctions DPRK IT Workers Transparent Tribe APT36 React2Shell, EtherRAT SideWinder Espionage, Netlify Phishing DDNS Abuse, C2 Infrastructure Hacking Health Club

“React2Shell” Exploited: New EtherRAT Malware Hunts for Crypto via Node.js

Do Son December 23, 2025

A new, sophisticated malware campaign is sweeping across the internet, leveraging a recently disclosed vulnerability to install...

n8n Under Fire: Critical CVSS 10.0 RCE Vulnerability Grants Total Server Access n8n Node RCE Vulnerabilities CVE-2026-44791 Prototype Pollution n8n RCE Vulnerabilities CVE-2026-27497 CVE-2026-25053 n8n RCE Vulnerability CVE-2026-21877 n8n RCE, CVE-2025-68613 n8n Git RCE, core.hooksPath Exploit

n8n Node RCE Vulnerabilities CVE-2026-44791 Prototype Pollution n8n RCE Vulnerabilities CVE-2026-27497 CVE-2026-25053 n8n RCE Vulnerability CVE-2026-21877 n8n RCE, CVE-2025-68613 n8n Git RCE, core.hooksPath Exploit

n8n Under Fire: Critical CVSS 10.0 RCE Vulnerability Grants Total Server Access

Do Son December 22, 2025

The popular workflow automation tool n8n has issued a critical security alert after discovering a vulnerability that...

PoC Available: Unauthenticated HPE OneView RCE (CVSS 10.0) Exploits Hidden ID Pools API CVE-2025-37164, HPE OneView RCE

PoC Available: Unauthenticated HPE OneView RCE (CVSS 10.0) Exploits Hidden ID Pools API

Do Son December 20, 2025

Security researchers have detailed a maximum-severity vulnerability in Hewlett Packard Enterprise’s (HPE) OneView software, revealing how a...

Cisco SD-WAN Vulnerability CVE-2026-20133 FortiGate Compromise Ivanti EPMM Zero-Day CVE-2026-1281 SmarterMail Vulnerability Storm-2603 WatchGuard Zero-Day, IKEv2 Out-of-Bounds Write Cisco Zero-Day, UAT-9686 Chinese APT FortiWeb RCE Exploitation CVE-2025-58034 VMware Zero-Day, Privilege Escalation Sitecore, remote code execution CVE-2025-53690 Windows CLFS, Privilege Escalation CVE-2024-47575 & CVE-2024-11120 CVE-2025-24983 vulnerability

WatchGuard Under Siege: Critical CVSS 9.3 Zero-Day Exploited in the Wild to Hijack Corporate Firewalls

Do Son December 19, 2025

A critical zero-day vulnerability has shattered the security perimeter of WatchGuard Firebox appliances, forcing network administrators into...

shell-quote command injection AI-Driven Vulnerabilities Q1 2026 Cyber Threats vm2 Sandbox Escape Node.js RCE upKeeper Privilege Escalation CVE-2026-2449 Pharos Controls Vulnerability Root Access Exploit Cybersecurity Vulnerability Roundup CVSS 10.0 Flaws Shadow Archives CVE-2026-0866 MS-Agent Prompt Injection CVE-2026-2256 basic-ftp Path Traversal CVE-2026-27699 telnetd Root Vulnerability CVE-1999-0073 Regression USR-W610 Vulnerabilities End-of-Life IoT Security IceWarp Security Update IceWarp Vulnerabilities Airleader Master Vulnerability CVE-2026-1358 ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

CVE-2025-37164 (CVSS 10.0): Unauthenticated HPE OneView RCE Grants Total Control Over Data Centers

Do Son December 18, 2025

Hewlett Packard Enterprise (HPE) has sounded the alarm on a catastrophic security vulnerability in its flagship infrastructure...

Zero-Day Warning: Hackers Chain SonicWall SMA1000 Flaws for Unauthenticated Root RCE SonicWall Zero-Day, SMA1000 Exploit Chain SonicWall, firewall configuration CVE-2024-29010 & CVE-2024-29011 SonicWall NetExtender VPN Vulnerability

SonicWall Zero-Day, SMA1000 Exploit Chain SonicWall, firewall configuration CVE-2024-29010 & CVE-2024-29011 SonicWall NetExtender VPN Vulnerability

Zero-Day Warning: Hackers Chain SonicWall SMA1000 Flaws for Unauthenticated Root RCE

Do Son December 18, 2025

SonicWall has issued an urgent security advisory for its high-end remote access appliances, patching a vulnerability that,...

CVE-2025-46295 (CVSS 9.8): Critical Apache Commons Text Flaw Risks Total Server Takeover Apache Commons Text RCE, FileMaker Server Patch

CVE-2025-46295 (CVSS 9.8): Critical Apache Commons Text Flaw Risks Total Server Takeover

Do Son December 18, 2025

A critical vulnerability has been fixed in Apache Commons Text, a ubiquitous Java library used for text...

Critical pgAdmin RCE (CVE-2025-13780) Flaw Bypasses Fix, Allowing Server Takeover Via Malicious Database Restore pgAdmin 4 Vulnerabilities CVE-2026-7813 Authorization Bypass pgAdmin RCE, BOM Bypass Flaw

pgAdmin 4 Vulnerabilities CVE-2026-7813 Authorization Bypass pgAdmin RCE, BOM Bypass Flaw

Critical pgAdmin RCE (CVE-2025-13780) Flaw Bypasses Fix, Allowing Server Takeover Via Malicious Database Restore

Do Son December 15, 2025

A critical security vulnerability has been discovered in pgAdmin, the world’s most popular open-source management tool for...

Critical Ray AI Flaw Exposes Devs via Safari & Firefox (CVE-2025-62593) Ray Framework, CVE-2025-62593

Critical Ray AI Flaw Exposes Devs via Safari & Firefox (CVE-2025-62593)

Do Son November 27, 2025

A critical remote code execution (RCE) vulnerability has been discovered in the Ray framework, putting AI and...

URGENT PATCH REQUIRED: Zenitel TCIV-3+ Intercoms Hit by Multiple Critical Flaws (CVSS 9.8) Gardyn Home Kit Vulnerabilities IoT Command Injection Vivotek Vulnerability CVE-2026-22755 Command Injection Ofuji Fishing data breach

Gardyn Home Kit Vulnerabilities IoT Command Injection Vivotek Vulnerability CVE-2026-22755 Command Injection Ofuji Fishing data breach

URGENT PATCH REQUIRED: Zenitel TCIV-3+ Intercoms Hit by Multiple Critical Flaws (CVSS 9.8)

Do Son November 26, 2025

Zenitel has issued an urgent security advisory, also reported by CISA, concerning a set of critical vulnerabilities...

CRITICAL: Fluent Bit Flaws Enable RCE and Telemetry Tampering in Major Orgs Fluent Bit, Telemetry Agent

CRITICAL: Fluent Bit Flaws Enable RCE and Telemetry Tampering in Major Orgs

Do Son November 25, 2025

Oligo Security researchers have uncovered a dangerous chain of vulnerabilities in Fluent Bit, the popular, lightweight telemetry...

PyPI Typosquat Delivers Multi-Layer Python RAT, Bypassing Scanners with XOR Encryption PyPI supply chain attack Socket malware detection PyPI Typosquat, Python RAT

PyPI supply chain attack Socket malware detection PyPI Typosquat, Python RAT

PyPI Typosquat Delivers Multi-Layer Python RAT, Bypassing Scanners with XOR Encryption

Do Son November 24, 2025

HelixGuard researchers have uncovered a malicious Python package uploaded to PyPI that impersonates the widely used “pyspellchecker”...

Google Patches Actively Exploited Chrome Zero-Day Flaw (CVE-2025-13223) in Emergency Update Chrome security update exploit in the wild Chrome Zero-Day CVE-2026-3909 Chrome Zero-Day PoC CVE-2026-2441 Chrome Zero-Day CVE-2026-2441 Chrome Zero-Day, Active Exploitation CVE-2025-10585 Chrome vulnerability, zero-day exploit CVE-2025-6558 Chrome Zero-Day, V8 Vulnerability Chrome Zero-Day, Security Update

Chrome security update exploit in the wild Chrome Zero-Day CVE-2026-3909 Chrome Zero-Day PoC CVE-2026-2441 Chrome Zero-Day CVE-2026-2441 Chrome Zero-Day, Active Exploitation CVE-2025-10585 Chrome vulnerability, zero-day exploit CVE-2025-6558 Chrome Zero-Day, V8 Vulnerability Chrome Zero-Day, Security Update

Google Patches Actively Exploited Chrome Zero-Day Flaw (CVE-2025-13223) in Emergency Update

Do Son November 17, 2025

Google has issued an urgent, out-of-band security update for the Chrome Stable channel, addressing two separate Type...

Malware Disguised as SteamCleaner Uses Valid Signature to Inject Node.js RCE Backdoor

Do Son November 13, 2025

Researchers from the AhnLab Security Intelligence Center (ASEC) have discovered a new malware campaign that abuses a...

Critical Synology BeeStation Zero-Day (CVE-2025-12686) Found at Pwn2Own Allows Remote Code Execution Synology Chat Server vulnerabilities Synology security update Synology DSM Update NAS Security Vulnerability Synology VPN Update SSL VPN Vulnerability Synology Telnet Flaw DSM Security Update Synology DSM Telnet vulnerability BeeStation Zero-Day, Pwn2Own RCE CVE-2024-11131 & CVE-2024-10442 CVE-2025-2848 Synology, NAS