#remote-code-execution

#remote-code-execution

Threat actors are exploiting a vulnerability in SAP NetWeaver for unauthorized file uploads and code execution.

Apache Tomcat is vulnerable to remote code execution attacks due to a recently disclosed vulnerability, CVE-2025-24813.

A vulnerability in the Parquet-avro module of a Java library could allow remote code execution through crafted files.

The vulnerability in Aviatrix Controller poses critical risks, leading to remote code execution and privilege escalation, with active exploits already observed.

A critical vulnerability in the GiveWP plugin could expose over 100,000 websites to remote code execution attacks, necessitating an urgent update.

Commvault Command Center has a severe security flaw allowing potential remote code execution.

Critical security flaw in Apache Struts 2 allows file upload manipulation, posing severe risks of remote code execution; immediate updates are essential.

Erlang/OTP's SSH implementation has a critical vulnerability allowing remote code execution without authentication, requiring urgent attention and action from security teams.

A critical 9.9-rated unauthenticated RCE flaw is affecting GNU/Linux systems, with no fix yet despite disclosure to developers three weeks ago.

A high-severity vulnerability in Meta's Llama framework could allow remote code execution via deserialization of untrusted data.

A critical security vulnerability in Apache Parquet allows remote code execution, affecting versions up to 1.15.0.

Commvault's Command Center has a serious vulnerability (CVE-2025-34028) that allows remote code execution.

Organizations must ensure their systems are updated to version 11.38.20 to mitigate the risk.

Critical vulnerabilities in Ingress NGINX Controller expose 6,500 Kubernetes clusters to remote code execution risks.

The U.S. government warns of active exploitation of Ivanti Endpoint Manager vulnerabilities.

CUPS vulnerabilities can lead to remote code execution and facilitate DDoS attacks.

Exploiting CUPS for DDoS requires minimal resources, making it appealing for attackers.

A crafted packet sent to a CUPS server can initiate a DDoS attack.

Exploiting these vulnerabilities could cost less than one cent on modern platforms.

Google's Quick Share for Windows had 10 now-fixed bugs, allowing remote code execution through a full RCE chain.

The ProxyNotShell vulnerability chain illustrates that patches can be circumvented, allowing for potential attacks even after fixes are released.

Thousands of Prometheus servers lack proper authentication, risking data leakage, DoS, and remote code execution attacks due to their exposure on the internet.

A critical flaw in Aviatrix Controller is under active exploitation for backdoors and cryptocurrency mining.

Veeam's Backup & Replication software has a critical RCE vulnerability fixed in the latest security update.

Sophos has patched critical vulnerabilities in its Firewall products to prevent remote code execution and privileged access.

The newly discovered vulnerabilities in Cups pose a significant security risk to numerous devices, potentially exposing them to remote code execution.

Netgear has patched critical security vulnerabilities in several Wi-Fi routers and access points, urging timely updates for user safety.

MediaTek disclosed a critical vulnerability affecting 51 chipsets, posing severe security risks to multiple device categories.