tldrdailynews.com logo
Tag

Rce

All articles tagged with #rce

Millions at Risk as NGINX Zero-Day RCE Flaw Sees Real-World Exploitation
cybersecurity7 days ago

Millions at Risk as NGINX Zero-Day RCE Flaw Sees Real-World Exploitation

Security researchers say CVE-2026-42945, a heap buffer overflow in NGINX Open Source and NGINX Plus, is being actively exploited in the wild. The flaw can crash NGINX worker processes via crafted requests, with remote code execution possible only if ASLR is disabled and a specific rewrite configuration is present; despite ASLR generally enabled, estimates show up to 5.7 million internet-facing servers may be affected. Organizations should patch promptly, ensure ASLR remains enabled, and audit rewrite rules to mitigate risk while threat actors rapidly scan for vulnerable systems.

via CyberSecurityNews|
#cve-2026-42945#cybersecurity#exploitation
Claude Code CLI RCE via Malicious Deeplinks Prompted Quick Patch (2.1.118)
cyber-security-news8 days ago

Claude Code CLI RCE via Malicious Deeplinks Prompted Quick Patch (2.1.118)

A critical remote code execution vulnerability in Anthropic’s Claude Code CLI allowed attackers to execute arbitrary commands through crafted deeplinks. The flaw came from a context-blind argument parser that treated --settings overrides found inside a deeplink’s q parameter as legitimate, enabling injection of a SessionStart hook at startup. Anthropic released a fix in Claude Code 2.1.118 and urged users to update; the issue highlights the risks of eager CLI parsing and deeplink handling.

via CyberSecurityNews|
#claude-code#cli#cyber-security-news
18-Year-Old NGINX Flaw Triggers Unauthenticated Remote Code Execution
cyber-security11 days ago

18-Year-Old NGINX Flaw Triggers Unauthenticated Remote Code Execution

A severe heap-buffer-overflow bug in NGINX’s ngx_http_rewrite_module (CVE-2026-42945, CVSS 9.2) allows unauthenticated remote code execution when rewrite and set directives are used together, affecting NGINX Open Source 0.6.27–1.30.0 and several F5/NGINX products; a working PoC is public. Patch guidance includes upgrading to NGINX 1.30.1 or 1.31.0 and auditing configurations that combine rewrite+set directives, with a recommendation to add a WAFlayer until patching is complete. Additional related CVEs include CVE-2026-42946 (high severity, memory corruption), CVE-2026-40701 (medium, use-after-free), and CVE-2026-42934 (medium, out-of-bounds read).

via CyberSecurityNews|
#cve-2026-42945#cyber-security#heap-buffer-overflow
18-year-old NGINX flaw raises DoS risk and possible RCE in certain configs
security11 days ago

18-year-old NGINX flaw raises DoS risk and possible RCE in certain configs

An 18-year-old heap buffer overflow in NGINX's rewrite_module (CVE-2026-42945) can cause denial of service and, under specific rewrite configurations, unauthenticated remote code execution. Patches are available in NGINX Open Source 1.31.0 and 1.30.1 and related F5 products; real-world exploitability is debated, but the DoS risk makes patching or applying mitigations urgent, especially where ASLR is disabled to enable RCE in PoC tests.

via BleepingComputer|
#cve-2026-42945#dos#nginx
technology1 month ago

Rogue researcher releases second Windows Defender exploit, threatens more RCEs

A rogue researcher, Nightmare-Eclipse, released a second Windows Defender privilege-escalation exploit (RedSun) after Microsoft patched the first CVE-2026-33825 vulnerability. The PoC allegedly lets unprivileged users gain SYSTEM privileges by abusing Defender to overwrite system files; the researcher warns of more remote code execution exploits to come. Microsoft patched the flaw on Patch Tuesday and credited Zen Dodd and Yuanpei Xu, while the researcher continues to air grievances and threaten further disclosures.

via Cybernews|
#exploit#microsoft#privilege-escalation
F5 BIG-IP APM Flaw Upgraded to Active RCE Risk, Urgency to Patch
technology1 month ago

F5 BIG-IP APM Flaw Upgraded to Active RCE Risk, Urgency to Patch

F5 Networks reclassified the BIG-IP APM vulnerability CVE-2025-53521 from a DoS issue to a critical remote code execution flaw, with attackers exploiting unpatched systems to deploy webshells. CISA has ordered federal agencies to patch, and F5 issued mitigations and indicators of compromise as online exposure of BIG-IP instances remains high. Patch now and review disks, logs, and terminal history for signs of intrusion.

via BleepingComputer|
#big-ip#cve-2025-53521#f5
Ancient Telnet Hole Sparks Modern Worry: CVE-2026-32746 Pre-Auth RCE in Telnetd
security2 months ago

Ancient Telnet Hole Sparks Modern Worry: CVE-2026-32746 Pre-Auth RCE in Telnetd

Researchers analyze CVE-2026-32746, a pre-auth RCE in GNU inetutils Telnetd via a LINEMODE SLC buffer overflow. The issue stems from overflowing a small slcbuf when processing SLC triplets during LINEMODE negotiation, with exploitation heavily dependent on OS and architecture (64-bit vs 32-bit); while a reliable full RCE wasn't achieved across tested targets, a heap leak and an arbitrary-free primitive were demonstrated, potentially enabling code execution under favorable libc conditions. The vulnerability affects inetutils Telnetd and many forks across major distros (Ubuntu, Debian, FreeBSD, NetBSD, macOS, etc.), and patches have not been widely released at publication time. Detection strategies include probing for LINEMODE support and non-invasive overflow checks; watchTowr provides a detection artifact generator. Patch urgently, but note there is no universal fixed version yet; users should build from fixed commits or apply vendor mitigations.

via watchTowr Labs|
#cve-2026-32746#inetutils#memory-corruption
Zero-Click RCE in Claude Desktop Extensions Endangers 10k+ Users
cyber-security3 months ago

Zero-Click RCE in Claude Desktop Extensions Endangers 10k+ Users

Security researchers LayerX revealed a zero-click remote code execution flaw in Claude Desktop Extensions (DXT) that leverages the Model Context Protocol to chain untrusted data from Google Calendar into a privileged local executor. An attacker can trigger the payload via a malicious calendar event with no user interaction, potentially compromising the host with the user’s privileges. The issue affects over 10,000 active Claude users and more than 50 DXT extensions; Anthropic has reportedly not fixed it yet, citing the architecture of MCP autonomy. Mitigations include disconnecting high-privilege local extensions from untrusted data sources and awaiting a patch or architectural changes to MCP. This serves as a warning about the security risks of AI agents autonomously bridging data to local systems.

via CybersecurityNews|
#claude#cyber-security#desktop-extensions
Decompiled Patch Diff Enables SmarterMail Admin Password Bypass (WT-2026-0001)
security4 months ago

Decompiled Patch Diff Enables SmarterMail Admin Password Bypass (WT-2026-0001)

Researchers detail WT-2026-0001 in SmarterMail, a pre-authentication admin password-reset bypass that can be triggered by calling a force-reset-password API with IsSysAdmin set to true, enabling admin access without verifying OldPassword and potentially yielding remote code execution via the Volume Mount feature. A PoC shows a JSON payload including IsSysAdmin, Username, and NewPassword. SmarterTools released patch 9511 on Jan 15, 2026 to fix the flaw, but exploitation was observed shortly after the patch, highlighting urgent need to upgrade. The patched flow enforces admin verification and old-password checks, mitigating this bypass; the report also notes the ongoing risk and how attackers monitor patches to exploit high-value targets.

via watchTowr Labs|
#authentication-bypass#password-reset#patch
MongoDB Urges Immediate Patch for Critical RCE and Data Leak Vulnerabilities
technology5 months ago

MongoDB Urges Immediate Patch for Critical RCE and Data Leak Vulnerabilities

MongoDB has issued an urgent warning to patch a severe remote code execution vulnerability (CVE-2025-14847) affecting multiple versions of its database software. The flaw, due to improper handling of length parameters, allows unauthenticated attackers to execute arbitrary code. Admins are advised to upgrade to patched versions immediately or disable zlib compression to mitigate the risk. The vulnerability has been actively exploited in the past, emphasizing the need for prompt action.

via BleepingComputer|
#cve-2025-14847#mongodb#patch-update
Cisco Issues Urgent Fix for Critical IOS Zero-Day Exploits
network-security8 months ago

Cisco Issues Urgent Fix for Critical IOS Zero-Day Exploits

Cisco has issued a warning about a high-severity, actively exploited vulnerability in IOS and IOS XE Software (CVE-2025-20352) that affects SNMP protocols, allowing remote attackers with certain credentials to execute arbitrary code or cause a denial-of-service. The flaw, rooted in a stack overflow, has been patched in Cisco IOS XE Software Release 17.15.4a, but mitigation involves restricting SNMP access to trusted users and monitoring SNMP activity.

via The Hacker News|
#cisco#dos#ios-software
Hackers Exploit Zero-Day Flaw in Sitecore for Backdoors and Malware
cybersecurity8 months ago

Hackers Exploit Zero-Day Flaw in Sitecore for Backdoors and Malware

Threat actors exploited a zero-day vulnerability in legacy Sitecore systems (CVE-2025-53690) involving a ViewState deserialization flaw caused by reused sample ASP.NET machine keys, leading to remote code execution and deployment of reconnaissance malware WeepSteel. The attack involved multi-stage exploits including privilege escalation and persistence techniques. Sitecore recommends immediate replacement and encryption of static machine keys to mitigate the vulnerability.

via BleepingComputer|
#backdoor#cve-2025-53690#cybersecurity
Cursor AI Code Editor Fixes and Security Vulnerabilities
technology9 months ago

Cursor AI Code Editor Fixes and Security Vulnerabilities

Cybersecurity researchers disclosed a high-severity vulnerability (CVE-2025-54136) in the AI code editor Cursor that allows remote code execution through malicious MCP file swaps, which has been addressed in version 1.3 by requiring repeated user approval for configuration changes. The flaw exposes significant risks in AI development environments, especially as AI tools become more integrated into workflows, and is part of broader concerns about AI security vulnerabilities and attack vectors.

via The Hacker News|
#ai-security#ai-supply-chain-risks#cursor-vulnerability
Citrix Faces New RCE Threats with Zero-Day Vulnerabilities
cybersecurity1 year ago

Citrix Faces New RCE Threats with Zero-Day Vulnerabilities

New security flaws in Citrix Virtual Apps and Desktop could allow unauthenticated remote code execution (RCE) due to misconfigured MSMQ permissions and the use of BinaryFormatter for deserialization. The vulnerabilities, CVE-2024-8068 and CVE-2024-8069, require attackers to be authenticated users within the same Windows Active Directory domain. Citrix has released patches for affected versions, and Microsoft advises against using BinaryFormatter due to its security risks.

via The Hacker News|
#binaryformatter#citrix#cybersecurity
"Fortinet's Ongoing Battle: Exploited RCE Flaws and Urgent Patching"
cybersecurity2 years ago

"Fortinet's Ongoing Battle: Exploited RCE Flaws and Urgent Patching"

CISA confirms active exploitation of a critical remote code execution (RCE) bug (CVE-2024-21762) in Fortinet's FortiOS operating system, urging immediate patching or SSL VPN disabling to mitigate risks. Fortinet's confusing disclosure process regarding other RCE vulnerabilities (CVE-2024-23108 and CVE-2024-23109) in FortiSIEM was clarified, emphasizing the need to secure all Fortinet devices due to the high likelihood of exploitation by malicious actors for cyber espionage and ransomware attacks.

via BleepingComputer|
#cisa#cve-2024-21762#cybersecurity