Tag

Remote Code Execution

All articles tagged with #remote code execution

Unsecured Splunk Flaw Could Allow Unauthenticated Writes and Remote Code Execution
security28 days ago

Unsecured Splunk Flaw Could Allow Unauthenticated Writes and Remote Code Execution

Security updates fix CVE-2026-20253 in Splunk Enterprise, a critical flaw that allowed unauthenticated file operations and potential pre-auth remote code execution via the PostgreSQL sidecar endpoint; affected versions include 10.0.0–10.0.6 (fixed in 10.0.7) and 10.2.0–10.2.3 (fixed in 10.2.4); Splunk Cloud and Splunk 10.4 are not affected. An attacker could abuse /backup and /restore to drop malicious SQL and write a payload to the file system, escalating to code execution; users should upgrade immediately.

Gogs zero-day opens door to remote code execution on default-config servers
security1 month ago

Gogs zero-day opens door to remote code execution on default-config servers

Security researchers warn of a critical zero-day in the Gogs self-hosted Git service that enables remote code execution on internet-facing instances via an argument-injection chain in the Merge() path. The flaw affects current releases (0.14.2, 0.15.0+dev) and can be exploited starting from a registered account on servers with open registration and unlimited repository creation, potentially allowing an attacker to run arbitrary code, access private data, and pivot to other systems. There is no patch or CVE assigned yet; thousands of Gogs servers are exposed online, highlighting the risk. This follows a prior Gogs RCE patch for CVE-2025-8110 and has prompted caution from security agencies.

Drupal Core Flaw Exposes PostgreSQL Sites to RCE via Anonymous SQL Injection
security1 month ago

Drupal Core Flaw Exposes PostgreSQL Sites to RCE via Anonymous SQL Injection

Drupal released highly critical security updates for Drupal Core to fix CVE-2026-9082, a flaw in the database abstraction API that allows anonymous attackers to perform arbitrary SQL injections on PostgreSQL sites, potentially leading to information disclosure, privilege escalation, or remote code execution (CVSS 6.5). Affected versions include 11.3.10, 11.2.12, 11.1.10, 10.6.9, 10.5.10, and 10.4.10; Drupal 7 is not affected. End-of-life releases are patched on a best-effort basis, and the updates include upstream fixes for Symfony and Twig.

Active NGINX flaw CVE-2026-42945 exploited in the wild, enabling RCE when ASLR is disabled
technology1 month ago

Active NGINX flaw CVE-2026-42945 exploited in the wild, enabling RCE when ASLR is disabled

Security researchers report active exploitation of NGINX CVE-2026-42945—a heap overflow in ngx_http_rewrite_module affecting NGINX Plus/Open versions 0.6.27–1.30.0—that can crash worker processes or, if ASLR is disabled, allow unauthenticated remote code execution; exploitation requires a specific config and attacker knowledge, with F5 fixes urged for defense. VulnCheck also notes exploitation of openDCIM flaws (CVE-2026-28515/28517/28516) that can be chained to remote code execution, with observed activity from a Chinese IP using a Vulnhuntr-based tool to drop a PHP web shell.

NGINX Rewrite Module Flaw Allows Unauthenticated Remote Code Execution (CVE-2026-42945)
security1 month ago

NGINX Rewrite Module Flaw Allows Unauthenticated Remote Code Execution (CVE-2026-42945)

Security researchers disclosed a critical, unauthenticated heap-buffer-overflow in NGINX's ngx_http_rewrite_module (CVE-2026-42945) that can enable remote code execution or DoS by sending a crafted URI; the flaw, which remained undetected for 18 years, affects NGINX Plus and Open Source and is more dangerous on systems with ASLR disabled. Patches are available across multiple products (NGINX Plus R32–R36, Open Source 1.30.1–1.31.0, among others), along with fixes for CVE-2026-42946, CVE-2026-40701, and CVE-2026-42934. Administrators should upgrade to the latest versions or, if patching isn’t feasible, modify rewrite directives to use named captures to mitigate exposure.

MDASH AI uncovers 16 Windows flaws in Patch Tuesday
technology1 month ago

MDASH AI uncovers 16 Windows flaws in Patch Tuesday

Microsoft's MDASH is a multi-model AI-powered vulnerability-scanning system (private preview) that orchestrates 100+ specialized agents to automatically discover, validate, and prove exploitable defects in Windows through a pipeline of auditing, debating, and proving steps. In early testing, MDASH identified 16 CVEs fixed in this Patch Tuesday, including two critical remote-code-execution flaws in ikeext.dll and tcpip.sys (CVE-2026-33824 and CVE-2026-33827), highlighting AI-driven vulnerability discovery's production-grade potential.

Mac malware slips into Claude chats via Google ads
technology2 months ago

Mac malware slips into Claude chats via Google ads

Researchers uncovered a malvertising campaign that abuses Google Ads and Claude.ai shared chats to deliver macOS malware. Sponsored results mislead users to claude.ai while a Claude chat guides them to paste a terminal command that downloads a polymorphic loader and a second-stage payload executed via osascript, enabling remote code execution; some variants also exfiltrate browser data and Keychain contents. The operation uses two separate infrastructures and even performs locale checks to skip certain targets. To stay safe, download Claude apps directly from claude.ai and avoid following terminal commands shown in chats or ads.

MetInfo CMS Faces Active Exploitation of Critical RCE Flaw
security2 months ago

MetInfo CMS Faces Active Exploitation of Critical RCE Flaw

MetInfo CMS versions 7.9–8.1 are under active exploitation for CVE-2026-29014, a critical unauthenticated PHP code injection (CVSS 9.8) that can give remote attackers arbitrary code execution. The flaw stems from insufficient input sanitization in weixinreply.class.php when handling Weixin/WeChat API requests, and requires an existing /cache/weixin/ directory. MetInfo released patches on April 7, 2026; exploitation has been observed since April 25, with honeypots in the US and Singapore and a surge on May 1 targeting China/Hong Kong. Roughly 2,000 online MetInfo instances are exposed, many in China, indicating a real risk of full server takeover for compromised systems.

PAN-OS Captive Portal zero-day enables remote code execution on exposed firewalls
technology2 months ago

PAN-OS Captive Portal zero-day enables remote code execution on exposed firewalls

Palo Alto Networks warned of a critical, unpatched vulnerability in the PAN-OS User-ID Authentication Portal (Captive Portal), CVE-2026-0300, that can be triggered by crafted packets to allow unauthenticated remote code execution with root privileges on internet-exposed PA-Series and VM-Series firewalls; exploitation has been observed as limited but ongoing, with Shadowserver counting thousands of exposed VM-series endpoints. Until a patch is released (updates expected May 13, 2026), admins are advised to restrict portal access to trusted networks or disable it, noting the issue does not affect Cloud NGFW or Panorama.

Critical PAN-OS Flaw Under Active Exploitation Enabling Root RCE
security2 months ago

Critical PAN-OS Flaw Under Active Exploitation Enabling Root RCE

Palo Alto Networks warns of a critical buffer‑overflow flaw in PAN-OS User-ID Authentication Portal (CVE-2026-0300) that allows unauthenticated remote code execution with root privileges on PA-Series and VM-Series firewalls; the bug is under active exploitation, with a CVSS of up to 9.3 when the portal is internet‑exposed and 8.7 otherwise, and PAN-OS 12.1 is listed as affected.

GitHub patches sweeping RCE flaw that could expose millions of repos
security2 months ago

GitHub patches sweeping RCE flaw that could expose millions of repos

GitHub fixed CVE-2026-3854, a remote code execution flaw that could let attackers gain full read/write access to private repositories with a single crafted git push. Reported by Wiz in March 2026, GitHub reproduced the issue within 40 minutes and deployed a fix on GitHub.com within two hours, with patches issued for GitHub Enterprise Server across supported releases. The vulnerability affected GitHub.com and multiple GHES products; Wiz warned exploitation could have exposed most enterprises’ codebases. GitHub says no customer data was accessed and no exploitation was observed before the patch, though about 88% of reachable GHES instances were still vulnerable at disclosure, prompting administrators to upgrade promptly.

Single Git Push Suffices for GitHub Remote Code Execution (CVE-2026-3854)
technology2 months ago

Single Git Push Suffices for GitHub Remote Code Execution (CVE-2026-3854)

Cybersecurity researchers disclosed a critical vulnerability, CVE-2026-3854, affecting GitHub.com and GitHub Enterprise Server that enables remote code execution via a single git push by injecting crafted push options into internal headers. GitHub patched the issue within two hours and released fixes for multiple GHES versions; at disclosure, about 88% of instances were vulnerable, with the risk including cross-tenant access on shared storage. No evidence of active exploitation was found; users are advised to update to the fixed releases immediately. The flaw highlights how unsanitized input in internal protocol data can create a major multi-service attack surface.

Breeze Cache Flaw Sparks Unauthenticated File Upload and RCE Risk
technology2 months ago

Breeze Cache Flaw Sparks Unauthenticated File Upload and RCE Risk

Hackers are actively exploiting a critical vulnerability in the Breeze Cache WordPress plugin (CVE-2026-3844) that allows unauthenticated attackers to upload arbitrary files, potentially enabling remote code execution. The flaw affects all versions up to 2.4.4 and was fixed in 2.4.5; exploitation is more likely if the Host Files Locally - Gravatars add-on is enabled. Update to the latest version or disable the Gravatar hosting option to reduce risk. The plugin has about 400,000 active installations, and hundreds of exploitation attempts have been observed.

Windows 11 gets a sudden hotfix to close RRAS remote-code execution vulnerability
technology3 months ago

Windows 11 gets a sudden hotfix to close RRAS remote-code execution vulnerability

Microsoft released an out-of-band hotpatch (KB5084597) to fix RRAS remote-code-execution vulnerabilities on Windows 11 25H2/24H2 and Enterprise LTSC 2024. The fixes (CVE-2026-25172, -25173, -26111) were added to an in-memory patch that also updates on-disk files, enabling the patch to apply without reboot for devices enrolled in the hotpatch program and Windows Autopatch. The update is a re-release of earlier hotfixes to ensure comprehensive coverage alongside the March 2026 Patch Tuesday fixes; it targets enterprise systems that cannot reboot easily and will install automatically without restart when available.