Latest RCE news

Cisco patches critical Web UI RCE flaw in multiple IP phones

Cisco has addressed a critical security vulnerability found in the Web UI of multiple IP Phone models that unauthenticated and remote attackers can exploit in remote code execution (RCE) attacks.
- Sergiu Gatlan
- March 01, 2023
- 01:28 PM
- 0
CISA warns of hackers exploiting ZK Java Framework RCE flaw

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added CVE-2022-36537 to its "Known Exploited Vulnerabilities Catalog" after threat actors began actively exploiting the remote code execution (RCE) flaw in attacks.
- Bill Toulas
- February 28, 2023
- 04:37 PM
- 0
Fortinet fixes critical RCE flaws in FortiNAC and FortiWeb

Cybersecurity solutions company Fortinet has released security updates for its FortiNAC and FortiWeb products, addressing two critical-severity vulnerabilities that may allow unauthenticated attackers to perform arbitrary code or command execution.
- Bill Toulas
- February 17, 2023
- 09:13 AM
- 0
Exploit released for critical VMware vRealize RCE vulnerability

Horizon3 security researchers have released proof-of-concept (PoC) code for a VMware vRealize Log Insight vulnerability chain that allows attackers to gain remote code execution on unpatched appliances.
- Sergiu Gatlan
- January 31, 2023
- 11:14 AM
- 0
Researchers to release VMware vRealize Log RCE exploit, patch now

Security researchers with Horizon3's Attack Team will release next week an exploit targeting a vulnerability chain for gaining remote code execution on unpatched VMware vRealize Log Insight appliances.
- Sergiu Gatlan
- January 28, 2023
- 11:32 AM
- 0
VMware fixes critical security bugs in vRealize log analysis tool

VMware released security patches on Tuesday to address vRealize Log Insight vulnerabilities that could enable attackers to gain remote execution on unpatched appliances.
- Sergiu Gatlan
- January 24, 2023
- 05:01 PM
- 0
CISA warns of critical ManageEngine RCE bug exploited in attacks

The Cybersecurity and Infrastructure Security Agency (CISA) has added a remote code execution (RCE) affecting most Zoho ManageEngine products to its catalog of bugs known to be exploited in the wild.
- Sergiu Gatlan
- January 23, 2023
- 01:39 PM
- 0
Critical ManageEngine RCE bug now exploited to open reverse shells

A critical remote code execution (RCE) vulnerability affecting multiple Zoho ManageEngine products is now being exploited in attacks.
- Sergiu Gatlan
- January 20, 2023
- 02:08 PM
- 0
Git patches two critical remote code execution security flaws

Git has patched two critical severity security vulnerabilities that could allow attackers to execute arbitrary code after successfully exploiting heap-based buffer overflow weaknesses.
- Sergiu Gatlan
- January 17, 2023
- 06:26 PM
- 0
Over 4,000 Sophos Firewall devices vulnerable to RCE attacks

Over 4,000 Sophos Firewall devices exposed to Internet access are vulnerable to attacks targeting a critical remote code execution (RCE) vulnerability.
- Sergiu Gatlan
- January 17, 2023
- 01:53 PM
- 0
Researchers to release PoC exploit for critical ManageEngine RCE bug, patch now

Proof-of-concept exploit code will be released later this week for a critical vulnerability allowing remote code execution (RCE) without authentication in several Zoho ManageEngine products.
- Sergiu Gatlan
- January 16, 2023
- 06:10 PM
- 3
Hackers exploit Control Web Panel flaw to open reverse shells

Hackers are actively exploiting a critical vulnerability patched recently in Control Web Panel (CWP), a tool for managing servers formerly known as CentOS Web Panel.
- Ionut Ilascu
- January 12, 2023
- 07:23 PM
- 0
Auth0 fixes RCE flaw in JsonWebToken library used by 22,000 projects

Auth0 fixed a remote code execution vulnerability in the immensely popular 'JsonWebToken' open-source library used by over 22,000 projects and downloaded over 36 million times per month on NPM.
- Bill Toulas
- January 09, 2023
- 01:06 PM
- 0
Synology fixes maximum severity vulnerability in VPN routers

Taiwan-based NAS maker Synology has addressed a maximum (10/10) severity vulnerability affecting routers configured to run as VPN servers.
- Sergiu Gatlan
- January 03, 2023
- 10:36 AM
- 0
Ransomware gang uses new Microsoft Exchange exploit to breach servers

Play ransomware threat actors are using a new exploit chain that bypasses ProxyNotShell URL rewrite mitigations to gain remote code execution (RCE) on vulnerable servers through Outlook Web Access (OWA).
- Sergiu Gatlan
- December 20, 2022
- 05:33 PM
- 0
Hackers exploit critical Citrix ADC and Gateway zero day, patch now

Citrix strongly urges admins to apply security updates for an 'Critical' zero-day vulnerability (CVE-2022-27518) in Citrix ADC and Gateway that is actively exploited by state-sponsored hackers to gain access to corporate networks.
- Bill Toulas
- December 13, 2022
- 10:07 AM
- 0
Cisco discloses high-severity IP phone zero-day with exploit code

Cisco has disclosed today a high-severity zero-day vulnerability affecting the latest generation of its IP phones and exposing them to remote code execution and denial of service (DoS) attacks.
- Sergiu Gatlan
- December 08, 2022
- 02:24 PM
- 0
Exploit released for actively abused ProxyNotShell Exchange bug

Proof-of-concept exploit code has been released online for two actively exploited and high-severity vulnerabilities in Microsoft Exchange, collectively known as ProxyNotShell.
- Sergiu Gatlan
- November 18, 2022
- 03:53 PM
- 0
F5 fixes two remote code execution flaws in BIG-IP, BIG-IQ

F5 has released hotfixes for its BIG-IP and BIG-IQ products, addressing two high-severity flaws allowing attackers to perform unauthenticated remote code execution (RCE) on vulnerable endpoints.
- Bill Toulas
- November 17, 2022
- 11:18 AM
- 0
Researchers release exploit details for Backstage pre-auth RCE bug

Older versions of the Spotify Backstage development portal builder are vulnerable to a critical (CVSS score: 9.8) unauthenticated remote code execution flaw allowing attackers to run commands on publicly exposed systems.
- Bill Toulas
- November 15, 2022
- 11:29 AM
- 0