Latest Remote Code Execution news

Exploit available for new critical TeamCity auth bypass bug, patch now

A critical vulnerability (CVE-2024-27198) in the TeamCity On-Premises CI/CD solution from JetBrains can let a remote unauthenticated attacker take control of the server with administrative permissions.
- Ionut Ilascu
- March 04, 2024
- 05:42 PM
- 0
Joomla fixes XSS flaws that could expose sites to RCE attacks

Five vulnerabilities have been discovered in the Joomla content management system that could be leveraged to execute arbitrary code on vulnerable websites.
- Bill Toulas
- February 21, 2024
- 05:55 PM
- 0
ScreenConnect critical bug now under attack as exploit code emerges

Both technical details and proof-of-concept exploits are available for the two vulnerabilities ConnectWise disclosed earlier this week for ScreenConnect, its remote desktop and access software.
- Bill Toulas
- February 21, 2024
- 12:18 PM
- 1
ConnectWise urges ScreenConnect admins to patch critical RCE flaw

ConnectWise warned customers to patch their ScreenConnect servers immediately against a maximum severity flaw that can be used in remote code execution (RCE) attacks.
- Sergiu Gatlan
- February 20, 2024
- 11:48 AM
- 2
Hackers exploit critical RCE flaw in Bricks WordPress site builder

Hackers are actively exploiting a critical remote code execution (RCE) flaw impacting the Brick Builder Theme to run malicious PHP code on vulnerable sites.
- Bill Toulas
- February 19, 2024
- 12:55 PM
- 0
SolarWinds fixes critical RCE bugs in access rights audit solution

SolarWinds has patched five remote code execution (RCE) flaws in its Access Rights Manager (ARM) solution, including three critical severity vulnerabilities that allow unauthenticated exploitation.
- Sergiu Gatlan
- February 16, 2024
- 01:32 PM
- 0
New critical Microsoft Outlook RCE bug is trivial to exploit

Microsoft says remote unauthenticated attackers can trivially exploit a critical Outlook security vulnerability that also lets them bypass the Office Protected View.
- Sergiu Gatlan
- February 14, 2024
- 03:08 PM
- 1
Fortinet warns of new FortiSIEM RCE bugs in confusing disclosure

Fortinet is warning of two new unpatched patch bypasses for a critical remote code execution vulnerability in FortiSIEM, Fortinet's SIEM solution.
- Lawrence Abrams
- February 07, 2024
- 07:55 PM
- 0
JetBrains warns of new TeamCity auth bypass vulnerability

JetBrains urged customers today to patch their TeamCity On-Premises servers against a critical authentication bypass vulnerability that can let attackers take over vulnerable instances with admin privileges.
- Sergiu Gatlan
- February 06, 2024
- 12:30 PM
- 0
45k Jenkins servers exposed to RCE attacks using public exploits

Researchers found roughly 45,000 Jenkins instances exposed online that are vulnerable to CVE-2024-23897, a critical remote code execution (RCE) flaw for which multiple public proof-of-concept (PoC) exploits are in circulation.
- Bill Toulas
- January 29, 2024
- 05:06 PM
- 0
Exploits released for critical Jenkins RCE flaw, patch now

Multiple proof-of-concept (PoC) exploits for a critical Jenkins vulnerability allowing unauthenticated attackers to read arbitrary files have been made publicly available, with some researchers reporting attackers actively exploiting the flaws in attacks.
- Bill Toulas
- January 28, 2024
- 10:17 AM
- 0
Cisco warns of critical RCE flaw in communications software

Cisco is warning that several of its Unified Communications Manager (CM) and Contact Center Solutions products are vulnerable to a critical severity remote code execution security issue.
- Bill Toulas
- January 25, 2024
- 09:41 AM
- 0
Hackers start exploiting critical Atlassian Confluence RCE flaw

Security researchers are observing exploitation attempts for the CVE-2023-22527 remote code execution flaw vulnerability that affects outdated versions of Atlassian Confluence servers.
- Bill Toulas
- January 22, 2024
- 08:41 AM
- 0
Chinese hackers exploit VMware bug as zero-day for two years

A Chinese hacking group has been exploiting a critical vCenter Server vulnerability (CVE-2023-34048) as a zero-day since at least late 2021.
- Sergiu Gatlan
- January 19, 2024
- 11:32 AM
- 0
VMware confirms critical vCenter flaw now exploited in attacks

VMware has confirmed that a critical vCenter Server remote code execution vulnerability patched in October is now under active exploitation.
- Sergiu Gatlan
- January 19, 2024
- 08:22 AM
- 0
CISA pushes federal agencies to patch Citrix RCE within a week

Today, CISA ordered U.S. federal agencies to secure their systems against three recently patched Citrix NetScaler and Google Chrome zero-days actively exploited in attacks.
- Sergiu Gatlan
- January 17, 2024
- 01:31 PM
- 0
Citrix warns of new Netscaler zero-days exploited in attacks

Citrix urged customers on Tuesday to immediately patch Netscaler ADC and Gateway appliances exposed online against two actively exploited zero-day vulnerabilities.
- Sergiu Gatlan
- January 16, 2024
- 03:33 PM
- 0
Atlassian warns of critical RCE flaw in older Confluence versions

Atlassian Confluence Data Center and Confluence Server are vulnerable to a critical remote code execution (RCE) vulnerability that impacts versions released before December 5, 2023, including out-of-support releases.
- Bill Toulas
- January 16, 2024
- 10:17 AM
- 0
Over 178K SonicWall firewalls vulnerable to DoS, potential RCE attacks

Security researchers have found over 178,000 SonicWall next-generation firewalls (NGFW) with the management interface exposed online are vulnerable to denial-of-service (DoS) and potential remote code execution (RCE) attacks.
- Sergiu Gatlan
- January 15, 2024
- 01:28 PM
- 0
Juniper warns of critical RCE bug in its firewalls and switches

Juniper Networks has released security updates to fix a critical pre-auth remote code execution (RCE) vulnerability in its SRX Series firewalls and EX Series switches.
- Sergiu Gatlan
- January 12, 2024
- 12:36 PM
- 0