#remote-code-execution

[ follow ]
Information security
fromTechzine Global
2 days ago

Zero-day vulnerability discovered in TP-Link routers

A CWMP (TR-069) stack-based buffer overflow in TP‑Link routers enables remote root compromise via crafted SetParameterValues messages and affects thousands of unpatched devices.
#sitecore
Information security
fromThe Hacker News
1 week ago

FreePBX Servers Targeted by Zero-Day Flaw, Emergency Patch Now Available

A critical CVE-2025-57819 FreePBX vulnerability enables unauthenticated arbitrary database manipulation and remote code execution; internet-exposed ACPs should be upgraded and restricted.
fromGameSpot
1 week ago

Call Of Duty: WW2 Is Once Again Available For PC Game Pass After Reportedly Serious Security Issue

Activision has brought Call of Duty: World War II back to the Microsoft Store and Xbox PC App after it was removed more than a month ago, though the company has still not said a word about what happened. A statement released on August 27 confirmed that the 2017 game has returned, and is once again available for PC Game Pass players. However, there was no explanation as to anything else related to the game's removal on July 4.
Video games
#citrix-netscaler
fromThe Hacker News
1 week ago

CISA Adds Three Exploited Vulnerabilities to KEV Catalog Affecting Citrix and Git

CVE-2024-8068 (CVSS score: 5.1) - An improper privilege management vulnerability in Citrix Session Recording that could allow for privilege escalation to NetworkService Account access when an attacker is an authenticated user in the same Windows Active Directory domain as the session recording server domain CVE-2024-8069 (CVSS score: 5.1) - A deserialization of untrusted data vulnerability in Citrix Session Recording that allows limited remote code execution with the privileges of a NetworkService Account access when an attacker is an authenticated user on the same intranet as the session recording server
Information security
#commvault
fromSecuritymagazine
4 months ago
Information security

Commvault Command Center has a critical security flaw

Commvault Command Center has a severe security flaw allowing potential remote code execution.
fromTechzine Global
4 months ago
Information security

Commvault vulnerability poses serious risk to company data

Commvault's Command Center has a serious vulnerability (CVE-2025-34028) that allows remote code execution.
Organizations must ensure their systems are updated to version 11.38.20 to mitigate the risk.
Information security
fromTheregister
2 weeks ago

AWS patches Q Developer after prompt injection, RCE demo

Amazon fixed prompt-injection and RCE-capable vulnerabilities in the Amazon Q Developer VS Code extension by updating the language server and adding human-in-the-loop approval.
#sap-netweaver
#cybersecurity
Privacy technologies
fromThe Hacker News
1 month ago

Cursor AI Code Editor Vulnerability Enables RCE via Malicious MCP File Swaps Post Approval

Cursor AI has a critical vulnerability allowing remote code execution through altered software configurations.
fromThe Hacker News
1 month ago

Google's August Patch Fixes Two Qualcomm Vulnerabilities Exploited in the Wild

The vulnerabilities include CVE-2025-21479 (CVSS score: 8.6) and CVE-2025-27038 (CVSS score: 7.5), both of which were disclosed alongside CVE-2025-21480 (CVSS score: 8.6) by the chipmaker back in June 2025.
Privacy technologies
#nvidia
Information security
fromTheregister
1 month ago

Cisco ISE flaw gave root access before fix landed

Cisco's Identity Services Engine vulnerability has been actively exploited since early July, rated critical on the CVSS scale for remote code execution.
#sharepoint
fromZDNET
1 month ago
Privacy professionals

Microsoft fixes two SharePoint zero-days under attack, but it's not over - how to patch

fromZDNET
1 month ago
Privacy professionals

Microsoft fixes two SharePoint zero-days under attack, but it's not over - how to patch

#microsoft
fromTechCrunch
2 months ago

Activision took down Call of Duty game after PC players hacked, says source | TechCrunch

The game is not safe to play on PC right now, there's an RCE exploit, which allows hackers the ability to plant malware capable of essentially taking control of a victim's device.
Video games
Video games
fromGadgets 360
2 months ago

Call of Duty: WWII Players on Xbox PC App Are Getting Hacked

Activision has removed Call of Duty: WWII from the Xbox PC app due to a serious security exploit.
fromIT Pro
2 months ago

Using WinRAR? Update now to avoid falling victim to this file path flaw

A crafted file path can cause the process to traverse to unintended directories. An attacker can leverage this vulnerability to execute code in the context of the current user.
Information security
Information security
fromTheregister
2 months ago

Veeam fixes another critical RCE bug in Backup & Replication

Users of Veeam Backup & Replication should urgently apply the latest patches to fix a critical remote code execution vulnerability.
fromThe Hacker News
3 months ago

HPE Issues Security Patch for StoreOnce Bug Allowing Remote Authentication Bypass

These vulnerabilities could be remotely exploited to allow remote code execution, disclosure of information, server-side request forgery, authentication bypass, arbitrary file deletion, and directory traversal information disclosure vulnerabilities.
Information security
Information security
fromTechzine Global
3 months ago

Active exploitation of vulnerabilities in Ivanti EPMM

Ivanti's Endpoint Manager Mobile has critical vulnerabilities exploited in both on-premises and cloud environments, allowing remote code execution without authentication.
Information security
fromSecuritymagazine
3 months ago

Hackers Can Take Control via SAP NetWeaver Flaw: SAP Security Analyst Discusses the Risks

A zero-day vulnerability in SAP NetWeaver allows remote code execution, posing significant risks to organizations globally.
Information security
fromSecuritymagazine
4 months ago

Devices exposed to remote hacking via Erlang/OTP SSH vulnerability

Erlang/OTP's SSH implementation has a critical vulnerability allowing remote code execution without authentication, requiring urgent attention and action from security teams.
[ Load more ]