Remote Code Execution Archives • Page 21 of 25 • Daily CyberSecurity

Stack Overflow in Redis May Lead to Remote Code Execution Redis vulnerability redis-check-aof

Stack Overflow in Redis May Lead to Remote Code Execution

Do Son May 29, 2025

Redis, the lightning-fast in-memory data store beloved by developers for real-time data applications, has recently patched a...

Java Apps at Risk: Apache Commons BeanUtils Flaw Exposes RCE Apache Commons BeanUtils vulnerability CVE-2025-48734

Java Apps at Risk: Apache Commons BeanUtils Flaw Exposes RCE

Do Son May 29, 2025

A newly disclosed vulnerability in Apache Commons BeanUtils has raised serious concerns for Java-based applications relying on...

Firefox Alert: Zero-Interaction Exploit in libvpx Allows Arbitrary Code Execution Firefox vulnerability libvpx exploit

Firefox Alert: Zero-Interaction Exploit in libvpx Allows Arbitrary Code Execution

Do Son May 28, 2025

The Mozilla Foundation has released a security advisory addressing a critical vulnerability affecting Firefox and other Mozilla-based...

Critical (CVSS 9.8): Weidmueller Switch Flaws Risk Full System Compromise Weidmueller vulnerability Industrial switch hack

Critical (CVSS 9.8): Weidmueller Switch Flaws Risk Full System Compromise

Do Son May 28, 2025

Weidmueller Interface GmbH & Co. KG, a global manufacturer of industrial connectivity and automation solutions, has disclosed...

Critical Pre-Auth RCE: vBulletin Flaw Allows Full Server Compromise (PoC Available) vBulletin RCE, pre-auth RCE

Critical Pre-Auth RCE: vBulletin Flaw Allows Full Server Compromise (PoC Available)

Do Son May 26, 2025

A newly disclosed vulnerability in vBulletin, one of the most widely used commercial forum platforms on the...

Critical 0-Day: Cityworks Flaw Actively Exploited by Chinese APT UAT-6382

Do Son May 22, 2025

A newly identified Chinese-speaking threat actor cluster, tracked as UAT-6382, is actively exploiting a zero-day vulnerability in...

Langroid Flaws (CVSS 9.8) Expose LLM Apps to RCE Langroid vulnerability, LLM agent exploit

Langroid Flaws (CVSS 9.8) Expose LLM Apps to RCE

Do Son May 22, 2025

Researchers have disclosed two critical vulnerabilities in Langroid, a popular Python framework designed for building large language...

Critical Remote Code Execution Flaw Hits Lexmark Printers

Do Son May 21, 2025

Lexmark has released a security advisory for a critical vulnerability—CVE-2025-1127—affecting a wide range of its printer models....

Critical CVSS 9.8 RCE Flaw in vLLM Exposes AI Hosts to Remote Attacks vLLM Vulnerability CVE-2026-22778 vLLM Memory Corruption, AI Inference RCE CVE-2025-29783 CVE-2025-32444 vLLM vulnerability vLLM, Remote Code Execution

vLLM Vulnerability CVE-2026-22778 vLLM Memory Corruption, AI Inference RCE CVE-2025-29783 CVE-2025-32444 vLLM vulnerability vLLM, Remote Code Execution

Critical CVSS 9.8 RCE Flaw in vLLM Exposes AI Hosts to Remote Attacks

Do Son May 21, 2025

A critical vulnerability—CVE-2025-47277—has been disclosed in vLLM, a high-performance inference and serving engine for large language models...

PoC Available: TP-Link Archer AX50 Flaw Allows Remote Root Access Archer AX50 exploit, router security

PoC Available: TP-Link Archer AX50 Flaw Allows Remote Root Access

Do Son May 21, 2025

A critical vulnerability in TP-Link’s widely deployed Archer AX50 router has been uncovered, potentially allowing remote attackers...

SAP NetWeaver RCE: Zero-Day Allows File Uploads, Qilin Ransomware Connection SAP RCE, CVE-2025-31324

SAP NetWeaver RCE: Zero-Day Allows File Uploads, Qilin Ransomware Connection

Do Son May 20, 2025

In a recent revelation, OP Innovate has uncovered early evidence of real-world exploitation of CVE-2025-31324 (CVSS 10),...

Race Condition in Windows Remote Desktop Gateway Enables RCE – PoC Demonstrates Exploitability RD Gateway RCE CVE-2025-21297

Race Condition in Windows Remote Desktop Gateway Enables RCE – PoC Demonstrates Exploitability

Do Son May 19, 2025

A newly disclosed vulnerability in Microsoft’s Remote Desktop Gateway (RD Gateway) reveals a dangerous race condition that...

Three Vulnerabilities Expose Apache IoTDB to Attacks Apache IoTDB JEXL injection Apache IoTDB, Security Vulnerabilities

Three Vulnerabilities Expose Apache IoTDB to Attacks

Do Son May 15, 2025

Apache IoTDB, a system designed for managing industrial IoT time-series data, faces a series of security vulnerabilities...

CVSS 10.0 Flaws in Siemens OZW Web Servers Enable Unauthenticated RCE and Admin Access CVE-2024-37998 and CVE-2024-39601 CVEs 2025-26389 and 2025-26390 Siemens OZW

CVE-2024-37998 and CVE-2024-39601 CVEs 2025-26389 and 2025-26390 Siemens OZW

CVSS 10.0 Flaws in Siemens OZW Web Servers Enable Unauthenticated RCE and Admin Access

Do Son May 14, 2025

Siemens has released a critical security advisory (SSA-047424) addressing two severe vulnerabilities—CVE-2025-26389 and CVE-2025-26390—affecting its OZW672 and...

82,000+ WordPress Sites at Risk: TheGem Theme Vulnerabilities Allow Full Site Takeover WordPress vulnerabilities TheGem, WordPress Vulnerability

WordPress vulnerabilities TheGem, WordPress Vulnerability

82,000+ WordPress Sites at Risk: TheGem Theme Vulnerabilities Allow Full Site Takeover

Do Son May 14, 2025

In a recent disclosure by Wordfence, two serious vulnerabilities have been discovered in TheGem, a popular premium...

Microsoft May 2025 Patch Tuesday Fixes 83 Vulnerabilities, Including 5 Exploited in the Wild Patch Tuesday, Zero-Day Exploits

Microsoft May 2025 Patch Tuesday Fixes 83 Vulnerabilities, Including 5 Exploited in the Wild

Do Son May 13, 2025

Microsoft’s May 2025 Patch Tuesday has addressed a total of 83 vulnerabilities across its product ecosystem, including...

Check Point VPN vulnerability exploited in the wild Check Point VPN exploit CVE-2026-50751 zero-day Checkmarx Breach Supply Chain Attack Ivanti EPMM RCE CVE-2026-1281 Modular DS Vulnerability CVE-2026-23550 D-Link RCE Vulnerability CVE-2026-0625 Christmas 2025 GreyNoise Campaign, Japan-Based Initial Access Broker React2Shell Zero-Day, APT Active Exploitation WordPress vulnerability, authentication bypass FreePBX, zero-day Trend Micro Apex One, Remote Code Execution BitoPro Hack, Crypto Theft UNC5337 - CVE-2022-47945 Safe{Wallet} hack Fortinet vulnerability, CVE-2024-21762, FortiGate attack Balloonfly, Play ransomware Ivanti EPMM CVE-2025-4427 and CVE-2025-4428

Ivanti EPMM Flaws Exploited in the Wild: Chained RCE and Auth Bypass Threaten Mobile Device Management

Do Son May 13, 2025

Ivanti has released a security updates addressing two vulnerabilities in Endpoint Manager Mobile (EPMM)—CVE-2025-4427 and CVE-2025-4428—that, when...

Fortinet CVE-2025-32756 Exploited in the Wild: Critical RCE Flaw Hits FortiVoice and More Fortinet, CVE-2025-32756

Fortinet CVE-2025-32756 Exploited in the Wild: Critical RCE Flaw Hits FortiVoice and More

Do Son May 13, 2025

Fortinet has disclosed a critical stack-based buffer overflow vulnerability, tracked as CVE-2025-32756, affecting a wide range of...

From Web Shell to Full Control: APT-Style Exploits Surge Against SAP NetWeaver Quest KACE Vulnerability CVE-2025-32975 FortiGate SSO Bypass, Active Exploitation GoAnywhere RCE, Storm-1175 Cisco VPN RCE, ASA Zero-Day TinyColor Supply Chain Attack SK Telecom, data breach Erlang/OTP RCE, OT Network Security Ivanti CSA Attacks WordPress RCE, Theme Vulnerability