A recently disclosed Microsoft SharePoint remote code execution (RCE) vulnerability tracked as CVE-2024-38094 is being exploited to gain initial access to corporate networks.
Ransomware gangs now exploit a critical security vulnerability that lets attackers gain remote code execution (RCE) on vulnerable Veeam Backup & Replication (VBR) servers.
Today, CISA revealed that attackers actively exploit a critical FortiOS remote code execution (RCE) vulnerability in the wild.
U.S. cybersecurity agency CISA is warning about two critical vulnerabilities that allow authentication bypass and remote code execution in Optigo Networks ONS-S8 Aggregation Switch products used in critical infrastructure.
Threat update
There is a critical remote code execution (RCE) vulnerability in Zimbra Collaboration Suite (ZCS) version 9.0, tracked as CVE-2024-45519. The vulnerability allows unauthenticated attackers to remotely execute arbitrary commands by exploiting weaknesses in Zimbra's SMTP PostJournal service.
The U.S. Cybersecurity and Infrastructure Agency (CISA) has added five flaws to its Known Exploited Vulnerabilities (KEV) catalog, among which is a remote code execution (RCE) flaw impacting Apache HugeGraph-Server.
Threat update
SolarWinds has issued patches to address two vulnerabilities in its Access Rights Manager (ARM) software. Out of the two, one is a critical vulnerability that can lead to remote code execution (RCE).
Ivanti has fixed a maximum severity vulnerability in its Endpoint Management software (EPM) that can let unauthenticated attackers gain remote code execution on the core server.
Threat update
There were recently six vulnerabilities discovered in Veeam Backup and Replication. One of them is an unauthenticated remote code execution (RCE), while the other five include authenticated RCE, arbitrary file deletion, low-privileged multi-factor authentication (MFA) setting modification and MFA bypass, credential sniffing, and privilege escalation. Review the details in this Cybersecurity Threat Advisory to limit customers' impact.
Threat update
A new high-severity remote code execution (RCE) vulnerability known as CVE-2024-21683 has been discovered in Atlassian's Confluence Data Center and Server. This vulnerability permits an attacker with an account on the service to gain server control. Review this Cybersecurity Threat Advisory for more information and to limit your risk now.
Threat update
A recent Microsoft Outlook client zero-click remote code execution (RCE) vulnerability, CVE-2024-30103, has a CVSS score of 8.8.
A new PHP for Windows remote code execution (RCE) vulnerability has been disclosed, impacting all releases since version 5.x, potentially impacting a massive number of servers worldwide.
Threat update
HPE Aruba Networking has disclosed that critical remote code execution (RCE) vulnerabilities are impacting multiple versions of ArubaOS. Out of the ten vulnerabilities found, four pose critical risks of unauthenticated buffer overflows in various services.
CISA confirmed today that attackers are actively exploiting a critical remote code execution (RCE) bug patched by Fortinet on Thursday.
A new Mirai-based malware botnet named 'InfectedSlurs' has been exploiting two zero-day remote code execution (RCE) vulnerabilities to infect routers and video recorder (NVR) devices.
The Kinsing malware operator is actively exploiting the CVE-2023-46604 critical vulnerability in the Apache ActiveMQ open-source message broker to compromise Linux systems.
Ford is warning of a buffer overflow vulnerability in its SYNC3 infotainment system used in many Ford and Lincoln vehicles, which could allow remote code execution, but says that vehicle driving safety isn't impacted.
Millions of PLC (programmable logic controllers) used in industrial environments worldwide are at risk to 15 vulnerabilities in the CODESYS V3 software development kit, allowing remote code execution (RCE) and denial of service (DoS) attacks.
Hundreds of Citrix Netscaler ADC and Gateway servers have already been breached and backdoored in a series of attacks targeting a critical remote code execution (RCE) vulnerability tracked as CVE-2023-3519.