Remote Code Execution Archives • Page 20 of 25 • Daily CyberSecurity

QNAP Fixes SQL Injection and Certificate Validation Flaws in Qsync Central and File Station 5 QNAP Vulnerabilities CVE-2025-52856

QNAP Fixes SQL Injection and Certificate Validation Flaws in Qsync Central and File Station 5

Do Son June 9, 2025

QNAP Systems, Inc. has released patches addressing multiple high-severity vulnerabilities in its Qsync Central and File Station...

CVE-2025-4318 (CVSS 9.5): AWS Amplify RCE Flaw Exposed with PoC – CI/CD Pipelines at Risk AWS Amplify, Remote Code Execution

CVE-2025-4318 (CVSS 9.5): AWS Amplify RCE Flaw Exposed with PoC – CI/CD Pipelines at Risk

Do Son June 9, 2025

A critical vulnerability in AWS Amplify’s UI generation tool, @aws-amplify/codegen-ui, is putting developers—and their build pipelines—at serious...

CISA Alert: Critical Vulnerabilities Found in CyberData SIP Emergency Intercom Devices CyberData Vulnerabilities, SIP Intercom Security

CISA Alert: Critical Vulnerabilities Found in CyberData SIP Emergency Intercom Devices

Do Son June 7, 2025

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical advisory warning of multiple high-impact...

CVSS 9.8 Alert: Critical Flaws in HPE Insight Remote Support Enable RCE & File Access HPE Security, Insight RS Vulnerabilities

CVSS 9.8 Alert: Critical Flaws in HPE Insight Remote Support Enable RCE & File Access

Do Son June 5, 2025

Hewlett Packard Enterprise (HPE) has issued a security advisory addressing multiple high-impact vulnerabilities in its Insight Remote...

CRITICAL (CVSS 9.4) Python ‘tarfile’ Vulnerability: Arbitrary Filesystem Writes Possible! CPython Vulnerabilities, Python Tarfile CVE-2025-4517

CRITICAL (CVSS 9.4) Python ‘tarfile’ Vulnerability: Arbitrary Filesystem Writes Possible!

Do Son June 5, 2025

The CPython project has issued a security advisory addressing five vulnerabilities—including one CRITICAL and three HIGH-severity flaws—affecting...

CVE-2025-49113: Roundcube RCE Exploit Unveiled—The Swiss Army Knife of Webmail Just Got a Weaponized Blade Roundcube Vulnerability CVE-2025-49113 exploit

Roundcube Vulnerability CVE-2025-49113 exploit

CVE-2025-49113: Roundcube RCE Exploit Unveiled—The Swiss Army Knife of Webmail Just Got a Weaponized Blade

Do Son June 5, 2025

In a stunningly fast-moving sequence of events, a serious vulnerability in the widely-used Roundcube webmail client—CVE-2025-49113—has been...

Unpatched Telecom Flaws (CVSS 9.8) Enable Remote Code Execution: Critical Buffer Overflows Expose Core Infrastructure Buffer Overflow Telecom Vulnerabilities

Unpatched Telecom Flaws (CVSS 9.8) Enable Remote Code Execution: Critical Buffer Overflows Expose Core Infrastructure

Do Son June 4, 2025

Two newly disclosed vulnerabilities in popular telecommunications devices expose critical infrastructure to unauthenticated remote code execution and...

Critical CVSS 9.6: IBM QRadar & Cloud Pak Security Flaws Exposed IBM QRadar CVE-2025-25022

Critical CVSS 9.6: IBM QRadar & Cloud Pak Security Flaws Exposed

Do Son June 4, 2025

IBM has released a security advisory addressing multiple vulnerabilities discovered in its QRadar Suite Software and Cloud...

New WordPress Malware Masquerades as Legit Plugin with Data Exfiltration and RCE Capabilities WordPress Malware, Hidden Plugin

New WordPress Malware Masquerades as Legit Plugin with Data Exfiltration and RCE Capabilities

Do Son June 4, 2025

The Wordfence Threat Intelligence team has uncovered a deceptive and highly persistent WordPress malware variant that disguises...

Critical 9.8 CVSS Authentication Bypass in HPE StoreOnce Software HPE StoreOnce, Authentication Bypass

Critical 9.8 CVSS Authentication Bypass in HPE StoreOnce Software

Do Son June 3, 2025

Hewlett Packard Enterprise (HPE) has issued a security bulletin detailing multiple severe vulnerabilities in its StoreOnce Software,...

Stealthy npm Supply Chain Attack: Typosquatting Leads to Remote Code Execution and Data Destruction npm supply chain attack, typosquatting

Stealthy npm Supply Chain Attack: Typosquatting Leads to Remote Code Execution and Data Destruction

Do Son June 3, 2025

In a recent revelation, Socket’s Threat Research Team has uncovered a stealthy npm supply chain attack leveraging...

CVE-2025-4010: ONEKEY Uncovers Critical Remote Code Execution Flaw in Netcomm/Lantronix 4G Gateways Netcomm Vulnerability, Remote Code Execution

Netcomm Vulnerability, Remote Code Execution

CVE-2025-4010: ONEKEY Uncovers Critical Remote Code Execution Flaw in Netcomm/Lantronix 4G Gateways

Do Son June 2, 2025

A newly disclosed vulnerability affecting Netcomm Wireless devices—now under Lantronix ownership—has been assigned CVE-2025-4010, and it poses...

Critical RCE Flaw Patched in Roundcube Webmail: Update Immediately! Roundcube, RCE Vulnerability CVE-2025-49113

Critical RCE Flaw Patched in Roundcube Webmail: Update Immediately!

Do Son June 2, 2025

Roundcube Webmail, a widely-used browser-based IMAP client, has patched a critical security vulnerability, tracked as CVE-2025-49113 (CVSS...

PoC Reveals Apple Audio Zero-Day Enabling Remote Code Execution via Malicious Media Files CoreAudio Vulnerability, Apple Zero-Day

PoC Reveals Apple Audio Zero-Day Enabling Remote Code Execution via Malicious Media Files

Do Son June 2, 2025

Apple has patched a high-severity zero-day vulnerability in CoreAudio, the framework responsible for audio playback and processing...

Critical SSRF Flaw in Esri Portal for ArcGIS Exposes Internal Networks Esri ArcGIS, SSRF Vulnerability

Critical SSRF Flaw in Esri Portal for ArcGIS Exposes Internal Networks

Do Son June 2, 2025

Esri has issued a critical security patch for its widely used Portal for ArcGIS software, addressing a...

Critical Flaws in Veritas DLO Expose Systems to Remote Code Execution Veritas DLO, Critical Vulnerabilities

Critical Flaws in Veritas DLO Expose Systems to Remote Code Execution

Do Son June 2, 2025

Veritas has issued a security advisory warning users of its Desktop Laptop Option (DLO) platform about two...

Critical RCE Flaws in MICI NetFax Server Unpatched, Vendor Refuses Fix NetFax Vulnerabilities, RCE

Critical RCE Flaws in MICI NetFax Server Unpatched, Vendor Refuses Fix

Do Son June 2, 2025

Security researchers at Rapid7 have uncovered a troubling trio of vulnerabilities in MICI Network Co., Ltd.’s NetFax...

Hitachi Energy’s Asset Suite Hit by Multiple Critical Vulnerabilities Hitachi Energy, Asset Suite Vulnerabilities

Hitachi Energy’s Asset Suite Hit by Multiple Critical Vulnerabilities

Do Son June 1, 2025

Hitachi Energy has issued a cybersecurity advisory warning of multiple vulnerabilities impacting its Asset Suite product—a widely...

Critical (CVSS 9.8): IBM Tivoli Monitoring Flaw Risks Remote Code Execution IBM Tivoli vulnerability CVE-2025-3357

Critical (CVSS 9.8): IBM Tivoli Monitoring Flaw Risks Remote Code Execution

Do Son May 30, 2025

IBM has issued a critical security update for its Tivoli Monitoring suite, addressing a high-severity vulnerability that...

Tenda Router Flaw (CVSS 9.8): Unauthenticated RCE Flaw (PoC, No Patch) CVE-2023-4498

Tenda Router Flaw (CVSS 9.8): Unauthenticated RCE Flaw (PoC, No Patch)

Do Son May 29, 2025

A critical vulnerability in the Tenda W18Ev2 Enterprise Router allows unauthenticated attackers to remotely change the administrator...

Critical Alert 4 Active Exploits Detected Today