Remote Code Execution Archives • Page 20 of 24 • Daily CyberSecurity

Critical SSRF Flaw in Esri Portal for ArcGIS Exposes Internal Networks Esri ArcGIS, SSRF Vulnerability

Critical SSRF Flaw in Esri Portal for ArcGIS Exposes Internal Networks

Ddos June 2, 2025

Esri has issued a critical security patch for its widely used Portal for ArcGIS software, addressing a...

Critical Flaws in Veritas DLO Expose Systems to Remote Code Execution Veritas DLO, Critical Vulnerabilities

Critical Flaws in Veritas DLO Expose Systems to Remote Code Execution

Ddos June 2, 2025

Veritas has issued a security advisory warning users of its Desktop Laptop Option (DLO) platform about two...

Critical RCE Flaws in MICI NetFax Server Unpatched, Vendor Refuses Fix NetFax Vulnerabilities, RCE

Critical RCE Flaws in MICI NetFax Server Unpatched, Vendor Refuses Fix

Ddos June 2, 2025

Security researchers at Rapid7 have uncovered a troubling trio of vulnerabilities in MICI Network Co., Ltd.’s NetFax...

Hitachi Energy’s Asset Suite Hit by Multiple Critical Vulnerabilities Hitachi Energy, Asset Suite Vulnerabilities

Hitachi Energy’s Asset Suite Hit by Multiple Critical Vulnerabilities

Ddos June 1, 2025

Hitachi Energy has issued a cybersecurity advisory warning of multiple vulnerabilities impacting its Asset Suite product—a widely...

Critical (CVSS 9.8): IBM Tivoli Monitoring Flaw Risks Remote Code Execution IBM Tivoli vulnerability CVE-2025-3357

Critical (CVSS 9.8): IBM Tivoli Monitoring Flaw Risks Remote Code Execution

Ddos May 30, 2025

IBM has issued a critical security update for its Tivoli Monitoring suite, addressing a high-severity vulnerability that...

Tenda Router Flaw (CVSS 9.8): Unauthenticated RCE Flaw (PoC, No Patch) CVE-2023-4498

Tenda Router Flaw (CVSS 9.8): Unauthenticated RCE Flaw (PoC, No Patch)

Ddos May 29, 2025

A critical vulnerability in the Tenda W18Ev2 Enterprise Router allows unauthenticated attackers to remotely change the administrator...

Stack Overflow in Redis May Lead to Remote Code Execution Redis vulnerability redis-check-aof

Stack Overflow in Redis May Lead to Remote Code Execution

Ddos May 29, 2025

Redis, the lightning-fast in-memory data store beloved by developers for real-time data applications, has recently patched a...

Java Apps at Risk: Apache Commons BeanUtils Flaw Exposes RCE Apache Commons BeanUtils vulnerability CVE-2025-48734

Java Apps at Risk: Apache Commons BeanUtils Flaw Exposes RCE

Ddos May 29, 2025

A newly disclosed vulnerability in Apache Commons BeanUtils has raised serious concerns for Java-based applications relying on...

Firefox Alert: Zero-Interaction Exploit in libvpx Allows Arbitrary Code Execution Firefox vulnerability libvpx exploit

Firefox Alert: Zero-Interaction Exploit in libvpx Allows Arbitrary Code Execution

Ddos May 28, 2025

The Mozilla Foundation has released a security advisory addressing a critical vulnerability affecting Firefox and other Mozilla-based...

Critical (CVSS 9.8): Weidmueller Switch Flaws Risk Full System Compromise Weidmueller vulnerability Industrial switch hack

Critical (CVSS 9.8): Weidmueller Switch Flaws Risk Full System Compromise

Ddos May 28, 2025

Weidmueller Interface GmbH & Co. KG, a global manufacturer of industrial connectivity and automation solutions, has disclosed...

Critical Pre-Auth RCE: vBulletin Flaw Allows Full Server Compromise (PoC Available) vBulletin RCE, pre-auth RCE

Critical Pre-Auth RCE: vBulletin Flaw Allows Full Server Compromise (PoC Available)

Ddos May 26, 2025

A newly disclosed vulnerability in vBulletin, one of the most widely used commercial forum platforms on the...

Critical 0-Day: Cityworks Flaw Actively Exploited by Chinese APT UAT-6382

Ddos May 22, 2025

A newly identified Chinese-speaking threat actor cluster, tracked as UAT-6382, is actively exploiting a zero-day vulnerability in...

Langroid Flaws (CVSS 9.8) Expose LLM Apps to RCE Langroid vulnerability, LLM agent exploit

Langroid Flaws (CVSS 9.8) Expose LLM Apps to RCE

Ddos May 22, 2025

Researchers have disclosed two critical vulnerabilities in Langroid, a popular Python framework designed for building large language...

Critical Remote Code Execution Flaw Hits Lexmark Printers

Ddos May 21, 2025

Lexmark has released a security advisory for a critical vulnerability—CVE-2025-1127—affecting a wide range of its printer models....

Critical CVSS 9.8 RCE Flaw in vLLM Exposes AI Hosts to Remote Attacks vLLM Vulnerability CVE-2026-22778 vLLM Memory Corruption, AI Inference RCE CVE-2025-29783 CVE-2025-32444 vLLM vulnerability vLLM, Remote Code Execution

vLLM Vulnerability CVE-2026-22778 vLLM Memory Corruption, AI Inference RCE CVE-2025-29783 CVE-2025-32444 vLLM vulnerability vLLM, Remote Code Execution

Critical CVSS 9.8 RCE Flaw in vLLM Exposes AI Hosts to Remote Attacks

Ddos May 21, 2025

A critical vulnerability—CVE-2025-47277—has been disclosed in vLLM, a high-performance inference and serving engine for large language models...

PoC Available: TP-Link Archer AX50 Flaw Allows Remote Root Access Archer AX50 exploit, router security

PoC Available: TP-Link Archer AX50 Flaw Allows Remote Root Access

Ddos May 21, 2025

A critical vulnerability in TP-Link’s widely deployed Archer AX50 router has been uncovered, potentially allowing remote attackers...

SAP NetWeaver RCE: Zero-Day Allows File Uploads, Qilin Ransomware Connection SAP RCE, CVE-2025-31324

SAP NetWeaver RCE: Zero-Day Allows File Uploads, Qilin Ransomware Connection

Ddos May 20, 2025

In a recent revelation, OP Innovate has uncovered early evidence of real-world exploitation of CVE-2025-31324 (CVSS 10),...

Race Condition in Windows Remote Desktop Gateway Enables RCE – PoC Demonstrates Exploitability RD Gateway RCE CVE-2025-21297

Race Condition in Windows Remote Desktop Gateway Enables RCE – PoC Demonstrates Exploitability

Ddos May 19, 2025

A newly disclosed vulnerability in Microsoft’s Remote Desktop Gateway (RD Gateway) reveals a dangerous race condition that...

Three Vulnerabilities Expose Apache IoTDB to Attacks Apache IoTDB JEXL injection Apache IoTDB, Security Vulnerabilities

Three Vulnerabilities Expose Apache IoTDB to Attacks

Ddos May 15, 2025

Apache IoTDB, a system designed for managing industrial IoT time-series data, faces a series of security vulnerabilities...

CVSS 10.0 Flaws in Siemens OZW Web Servers Enable Unauthenticated RCE and Admin Access CVE-2024-37998 and CVE-2024-39601 CVEs 2025-26389 and 2025-26390 Siemens OZW

CVE-2024-37998 and CVE-2024-39601 CVEs 2025-26389 and 2025-26390 Siemens OZW

CVSS 10.0 Flaws in Siemens OZW Web Servers Enable Unauthenticated RCE and Admin Access

Ddos May 14, 2025

Siemens has released a critical security advisory (SSA-047424) addressing two severe vulnerabilities—CVE-2025-26389 and CVE-2025-26390—affecting its OZW672 and...