Remote Code Execution Archives • Page 14 of 24 • Daily CyberSecurity

Metasploit Module Released for Actively Exploited Microsoft SharePoint Flaw CVE-2025-53770 SharePoint RCE, Metasploit Exploit

Metasploit Module Released for Actively Exploited Microsoft SharePoint Flaw CVE-2025-53770

Ddos July 23, 2025

A newly released Metasploit module highlights the critical threat posed by an actively exploited remote code execution...

Critical Arbitrary File Upload Vulnerability in SonicWall SMA 100 Series Devices SonicWall ES RCE, Code Integrity Bypass SonicWall SMA, Arbitrary File Upload SonicWall SMA100 - CVE-2024-40764

SonicWall ES RCE, Code Integrity Bypass SonicWall SMA, Arbitrary File Upload SonicWall SMA100 - CVE-2024-40764

Critical Arbitrary File Upload Vulnerability in SonicWall SMA 100 Series Devices

Ddos July 23, 2025

SonicWall has issued a critical security advisory for a newly identified vulnerability—CVE-2025-40599—affecting its SMA 100 series appliances,...

CISA Alert: Actively Exploited Zero-Days in CrushFTP, Chrome, and SysAid Added to KEV Catalog CISA KEV, Zero-Day Exploitation

CISA Alert: Actively Exploited Zero-Days in CrushFTP, Chrome, and SysAid Added to KEV Catalog

Ddos July 23, 2025

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) Catalog with four...

Urgent: Cisco ISE Flaws (CVSS 10.0) Actively Exploited in the Wild – Patch Immediately! Cisco ISE Exploitation

Urgent: Cisco ISE Flaws (CVSS 10.0) Actively Exploited in the Wild – Patch Immediately!

Ddos July 22, 2025

Cisco has issued an urgent update to its security advisory, revealing that three critical remote code execution...

Urgent Sophos Firewall Update: Two Critical RCE Flaws (CVE-2025-6704, CVE-2025-7624) Patched via Hotfixes Sophos Firewall, Remote Code Execution

Urgent Sophos Firewall Update: Two Critical RCE Flaws (CVE-2025-6704, CVE-2025-7624) Patched via Hotfixes

Ddos July 22, 2025

Sophos has issued a security advisory detailing the remediation of five vulnerabilities in Sophos Firewall, including two...

Critical Livewire RCE (CVE-2025-54068) Threatens Millions of Laravel Apps – Patch Immediately! Livewire RCE, Laravel Vulnerability

Critical Livewire RCE (CVE-2025-54068) Threatens Millions of Laravel Apps – Patch Immediately!

Ddos July 21, 2025

A critical remote command execution (RCE) vulnerability has been discovered in Livewire, the popular full-stack framework for...

ToolShell: New SharePoint RCE Zero-Day Chain Under Active Global Exploitation SharePoint RCE, ToolShell Exploit

ToolShell: New SharePoint RCE Zero-Day Chain Under Active Global Exploitation

Ddos July 21, 2025

On the evening of July 18, 2025, Eye Security identified an active, large-scale exploitation of a newly...

SharePoint Server Under Active Zero-Day Attack (CVE-2025-53770, CVSS 9.8), No Patch Yet! SharePoint RCE, Zero-Day Exploitation CVE-2025-53770

SharePoint Server Under Active Zero-Day Attack (CVE-2025-53770, CVSS 9.8), No Patch Yet!

Ddos July 20, 2025

Microsoft has issued an urgent security advisory for on-premises SharePoint Server customers in response to active exploitation...

FortiWeb SQL Injection (CVE-2025-25257) Added to CISA KEV After Active Exploitation, PoC Available! ActiveMQ RCE CVE-2026-34197 CISA KEV Catalog Actively Exploited Vulnerabilities CISA KEV Catalog CVE-2025-37164 GeoServer XXE, CISA KEV FortiWeb SQLi, CISA KEV Critical Vulnerabilities CVE-2024-20953

ActiveMQ RCE CVE-2026-34197 CISA KEV Catalog Actively Exploited Vulnerabilities CISA KEV Catalog CVE-2025-37164 GeoServer XXE, CISA KEV FortiWeb SQLi, CISA KEV Critical Vulnerabilities CVE-2024-20953

FortiWeb SQL Injection (CVE-2025-25257) Added to CISA KEV After Active Exploitation, PoC Available!

Ddos July 19, 2025

A critical SQL injection vulnerability in Fortinet FortiWeb, tracked as CVE-2025-25257, has been added to the CISA...

CVE-2025-4660 (CVSS 8.7) in Forescout SecureConnector Allows Remote Endpoint Hijack, PoC Publishes Forescout Vulnerability Endpoint Hijack

CVE-2025-4660 (CVSS 8.7) in Forescout SecureConnector Allows Remote Endpoint Hijack, PoC Publishes

Ddos July 19, 2025

NetSPI has uncovered a critical vulnerability in Forescout SecureConnector, a security agent meant to enforce endpoint compliance....

CVE-2025-34300 (CVSS 10): Critical RCE Flaw in Lighthouse Studio’s CGI Scripts Threatens Survey Servers Worldwide Lighthouse Studio RCE, Survey Platform Vulnerability

Lighthouse Studio RCE, Survey Platform Vulnerability

CVE-2025-34300 (CVSS 10): Critical RCE Flaw in Lighthouse Studio’s CGI Scripts Threatens Survey Servers Worldwide

Ddos July 18, 2025

A severe remote code execution (RCE) vulnerability has been discovered in Lighthouse Studio, a popular web-based survey...

Critical Pre-Auth Root RCE Found in Samsung WLAN APs, PoC Published – Patch Now! Samsung RCE, WLAN AP Exploit

Critical Pre-Auth Root RCE Found in Samsung WLAN APs, PoC Published – Patch Now!

Ddos July 16, 2025

A critical vulnerability—CVE-2025-34068—has been discovered in Samsung’s WLAN AP WEA453e access points, allowing unauthenticated remote command execution...

CVE-2025-53833 (CVSS 10): Critical SSTI Flaw in LaRecipe Threatens Millions of Laravel Apps LaRecipe, Remote Code Execution

CVE-2025-53833 (CVSS 10): Critical SSTI Flaw in LaRecipe Threatens Millions of Laravel Apps

Ddos July 15, 2025

A newly discovered Server-Side Template Injection (SSTI) vulnerability in the widely-used LaRecipe documentation tool has been assigned...

CISA Warns of Active Exploitation of Wing FTP Server Flaw (CVE-2025-47812), CVSS 10 Cisco VPN Zero-Day, ASA Vulnerability Ivanti Vulnerabilities Wing FTP Server, RCE Exploit CVE-2024-9474 Exploited: LITTLELAMB.WOOLTEA Backdoor

Cisco VPN Zero-Day, ASA Vulnerability Ivanti Vulnerabilities Wing FTP Server, RCE Exploit CVE-2024-9474 Exploited: LITTLELAMB.WOOLTEA Backdoor

CISA Warns of Active Exploitation of Wing FTP Server Flaw (CVE-2025-47812), CVSS 10

Ddos July 15, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-47812 to its Known Exploited Vulnerabilities (KEV) Catalog...

ImageMagick Flaw (CVE-2025-53101): Stack Buffer Overflow Allows Potential Remote Code Execution ImageMagick, Stack Buffer Overflow

ImageMagick Flaw (CVE-2025-53101): Stack Buffer Overflow Allows Potential Remote Code Execution

Ddos July 15, 2025

A flaw has been discovered in ImageMagick, the widely used open-source image manipulation suite, that could lead...

Symantec Endpoint Management Alert: Critical Flaw Allows Unauthenticated RCE, PoC Releases Symantec Endpoint Management, Remote Code Execution

Symantec Endpoint Management, Remote Code Execution

Symantec Endpoint Management Alert: Critical Flaw Allows Unauthenticated RCE, PoC Releases

Ddos July 14, 2025

A critical remote code execution (RCE) vulnerability has been discovered in the Symantec Endpoint Management suite, also...

CVE-2025-25257 (CVSS 9.6): Pre-Auth SQLi in Fortinet FortiWeb Opens Door to RCE, PoC Published CVE-2025-25257 PoC FortiWeb, SQL Injection

CVE-2025-25257 (CVSS 9.6): Pre-Auth SQLi in Fortinet FortiWeb Opens Door to RCE, PoC Published

Ddos July 14, 2025

A critical security flaw in Fortinet’s FortiWeb web application firewall has been publicly weaponized, with proof-of-concept (PoC)...

RenderShock: New Zero-Click Attack Explores Hidden Vulnerabilities in OS & Enterprise Environments

Ddos July 14, 2025

CYFIRMA has uncovered a new threat model called RenderShock — a zero-click attack strategy that turns convenience...

SMM Vulnerabilities in Gigabyte UEFI Firmware Expose Systems to Stealthy Attacks Gigabyte UEFI, Critical Vulnerabilities

SMM Vulnerabilities in Gigabyte UEFI Firmware Expose Systems to Stealthy Attacks

Ddos July 14, 2025

In a warning issued by CERT/CC, multiple high-impact vulnerabilities have been identified in Gigabyte UEFI firmware that...

CVE-2025-30023: Critical RCE Vulnerability Discovered in Axis Video Management Software Axis Communications, Remote Code Execution

CVE-2025-30023: Critical RCE Vulnerability Discovered in Axis Video Management Software

Ddos July 14, 2025

Axis Communications has issued a security advisory for a critical vulnerability affecting several of its flagship software...