Tag

Remote Code Execution

All articles tagged with #remote code execution

security5 days ago•1 min saved

Drupal Core Flaw Exposes PostgreSQL Sites to RCE via Anonymous SQL Injection

Drupal released highly critical security updates for Drupal Core to fix CVE-2026-9082, a flaw in the database abstraction API that allows anonymous attackers to perform arbitrary SQL injections on PostgreSQL sites, potentially leading to information disclosure, privilege escalation, or remote code execution (CVSS 6.5). Affected versions include 11.3.10, 11.2.12, 11.1.10, 10.6.9, 10.5.10, and 10.4.10; Drupal 7 is not affected. End-of-life releases are patched on a best-effort basis, and the updates include upstream fixes for Symfony and Twig.

via The Hacker News|

#cve-2026-9082 #drupal #postgresql

technology8 days ago•2 min saved

Active NGINX flaw CVE-2026-42945 exploited in the wild, enabling RCE when ASLR is disabled

Security researchers report active exploitation of NGINX CVE-2026-42945—a heap overflow in ngx_http_rewrite_module affecting NGINX Plus/Open versions 0.6.27–1.30.0—that can crash worker processes or, if ASLR is disabled, allow unauthenticated remote code execution; exploitation requires a specific config and attacker knowledge, with F5 fixes urged for defense. VulnCheck also notes exploitation of openDCIM flaws (CVE-2026-28515/28517/28516) that can be chained to remote code execution, with observed activity from a Chinese IP using a Vulnhuntr-based tool to drop a PHP web shell.

via The Hacker News|

#aslr #cve-2026-42945 #heap-buffer-overflow

security12 days ago•3 min saved

NGINX Rewrite Module Flaw Allows Unauthenticated Remote Code Execution (CVE-2026-42945)

Security researchers disclosed a critical, unauthenticated heap-buffer-overflow in NGINX's ngx_http_rewrite_module (CVE-2026-42945) that can enable remote code execution or DoS by sending a crafted URI; the flaw, which remained undetected for 18 years, affects NGINX Plus and Open Source and is more dangerous on systems with ASLR disabled. Patches are available across multiple products (NGINX Plus R32–R36, Open Source 1.30.1–1.31.0, among others), along with fixes for CVE-2026-42946, CVE-2026-40701, and CVE-2026-42934. Administrators should upgrade to the latest versions or, if patching isn’t feasible, modify rewrite directives to use named captures to mitigate exposure.

via The Hacker News|

#cve-2026-42945 #heap-buffer-overflow #nginx

technology13 days ago•2 min saved

MDASH AI uncovers 16 Windows flaws in Patch Tuesday

Microsoft's MDASH is a multi-model AI-powered vulnerability-scanning system (private preview) that orchestrates 100+ specialized agents to automatically discover, validate, and prove exploitable defects in Windows through a pipeline of auditing, debating, and proving steps. In early testing, MDASH identified 16 CVEs fixed in this Patch Tuesday, including two critical remote-code-execution flaws in ikeext.dll and tcpip.sys (CVE-2026-33824 and CVE-2026-33827), highlighting AI-driven vulnerability discovery's production-grade potential.

via The Hacker News|

#ai-cybersecurity #mdash #patch-tuesday

technology16 days ago•4 min saved

Mac malware slips into Claude chats via Google ads

Researchers uncovered a malvertising campaign that abuses Google Ads and Claude.ai shared chats to deliver macOS malware. Sponsored results mislead users to claude.ai while a Claude chat guides them to paste a terminal command that downloads a polymorphic loader and a second-stage payload executed via osascript, enabling remote code execution; some variants also exfiltrate browser data and Keychain contents. The operation uses two separate infrastructures and even performs locale checks to skip certain targets. To stay safe, download Claude apps directly from claude.ai and avoid following terminal commands shown in chats or ads.

via BleepingComputer|

#claudeai #infostealer #macos

security20 days ago•1 min saved

MetInfo CMS Faces Active Exploitation of Critical RCE Flaw

MetInfo CMS versions 7.9–8.1 are under active exploitation for CVE-2026-29014, a critical unauthenticated PHP code injection (CVSS 9.8) that can give remote attackers arbitrary code execution. The flaw stems from insufficient input sanitization in weixinreply.class.php when handling Weixin/WeChat API requests, and requires an existing /cache/weixin/ directory. MetInfo released patches on April 7, 2026; exploitation has been observed since April 25, with honeypots in the US and Singapore and a surge on May 1 targeting China/Hong Kong. Roughly 2,000 online MetInfo instances are exposed, many in China, indicating a real risk of full server takeover for compromised systems.

via The Hacker News|

#cms #cve-2026-29014 #metinfo

technology20 days ago•4 min saved

PAN-OS Captive Portal zero-day enables remote code execution on exposed firewalls

Palo Alto Networks warned of a critical, unpatched vulnerability in the PAN-OS User-ID Authentication Portal (Captive Portal), CVE-2026-0300, that can be triggered by crafted packets to allow unauthenticated remote code execution with root privileges on internet-exposed PA-Series and VM-Series firewalls; exploitation has been observed as limited but ongoing, with Shadowserver counting thousands of exposed VM-series endpoints. Until a patch is released (updates expected May 13, 2026), admins are advised to restrict portal access to trusted networks or disable it, noting the issue does not affect Cloud NGFW or Panorama.

via BleepingComputer|

#captive-portal #firewalls #pan-os

security21 days ago•4 min saved

Critical PAN-OS Flaw Under Active Exploitation Enabling Root RCE

Palo Alto Networks warns of a critical buffer‑overflow flaw in PAN-OS User-ID Authentication Portal (CVE-2026-0300) that allows unauthenticated remote code execution with root privileges on PA-Series and VM-Series firewalls; the bug is under active exploitation, with a CVSS of up to 9.3 when the portal is internet‑exposed and 8.7 otherwise, and PAN-OS 12.1 is listed as affected.

via The Hacker News|

#cve-2026-0300 #palo-alto-networks #pan-os

security27 days ago•3 min saved

GitHub patches sweeping RCE flaw that could expose millions of repos

GitHub fixed CVE-2026-3854, a remote code execution flaw that could let attackers gain full read/write access to private repositories with a single crafted git push. Reported by Wiz in March 2026, GitHub reproduced the issue within 40 minutes and deployed a fix on GitHub.com within two hours, with patches issued for GitHub Enterprise Server across supported releases. The vulnerability affected GitHub.com and multiple GHES products; Wiz warned exploitation could have exposed most enterprises’ codebases. GitHub says no customer data was accessed and no exploitation was observed before the patch, though about 88% of reachable GHES instances were still vulnerable at disclosure, prompting administrators to upgrade promptly.

via BleepingComputer|

#cve-2026-3854 #cybersecurity #github

technology28 days ago•3 min saved

Single Git Push Suffices for GitHub Remote Code Execution (CVE-2026-3854)

Cybersecurity researchers disclosed a critical vulnerability, CVE-2026-3854, affecting GitHub.com and GitHub Enterprise Server that enables remote code execution via a single git push by injecting crafted push options into internal headers. GitHub patched the issue within two hours and released fixes for multiple GHES versions; at disclosure, about 88% of instances were vulnerable, with the risk including cross-tenant access on shared storage. No evidence of active exploitation was found; users are advised to update to the fixed releases immediately. The flaw highlights how unsanitized input in internal protocol data can create a major multi-service attack surface.

via The Hacker News|

#cve-2026-3854 #cybersecurity #github

technology1 month ago•3 min saved

Breeze Cache Flaw Sparks Unauthenticated File Upload and RCE Risk

Hackers are actively exploiting a critical vulnerability in the Breeze Cache WordPress plugin (CVE-2026-3844) that allows unauthenticated attackers to upload arbitrary files, potentially enabling remote code execution. The flaw affects all versions up to 2.4.4 and was fixed in 2.4.5; exploitation is more likely if the Host Files Locally - Gravatars add-on is enabled. Update to the latest version or disable the Gravatar hosting option to reduce risk. The plugin has about 400,000 active installations, and hundreds of exploitation attempts have been observed.

via BleepingComputer|

#breeze-cache #cve-2026-3844 #remote-code-execution

technology2 months ago•3 min saved

Windows 11 gets a sudden hotfix to close RRAS remote-code execution vulnerability

Microsoft released an out-of-band hotpatch (KB5084597) to fix RRAS remote-code-execution vulnerabilities on Windows 11 25H2/24H2 and Enterprise LTSC 2024. The fixes (CVE-2026-25172, -25173, -26111) were added to an in-memory patch that also updates on-disk files, enabling the patch to apply without reboot for devices enrolled in the hotpatch program and Windows Autopatch. The update is a re-release of earlier hotfixes to ensure comprehensive coverage alongside the March 2026 Patch Tuesday fixes; it targets enterprise systems that cannot reboot easily and will install automatically without restart when available.

via BleepingComputer|

#autopatch #hotpatch #remote-code-execution

technology3 months ago•4 min saved

Critical pre-auth RCE in BeyondTrust remote-support tools prompts urgent patch

BeyondTrust warns of CVE-2026-1731, a pre-auth remote code execution flaw in Remote Support (RS) 25.3.1 and Privileged Remote Access (PRA) 24.3.4 and earlier, allowing unauthenticated attackers to run OS commands; patches are available by upgrading to RS 25.3.2+ and PRA 25.1.1+ (or enabling automatic updates). Cloud systems have been secured; about 11,000 instances are exposed online, with roughly 8,500 on-premises potentially vulnerable if not patched; no active exploitation is reported yet.

via BleepingComputer|

#enterprise-security #patch-management #remote-code-execution

technology3 months ago•3 min saved

One-Click RCE Flaw Lets Attackers Hijack OpenClaw Gateways

OpenClaw faces a high-severity vulnerability (CVE-2026-25253, CVSS 8.8) that enables one-click remote code execution via a crafted malicious link by exfiltrating the gateway token through a cross-site WebSocket hijack, granting attacker control of the gateway API and the ability to run commands on the host; a fix is in version 2026.1.29 (Jan 30, 2026).

via The Hacker News|

#cve-2026-25253 #openclaw #remote-code-execution

security3 months ago•4 min saved

Ivanti EPMM hit by two critical zero-days, with patches and risk guidance issued

Ivanti disclosed two critical RCE zero-day flaws in Endpoint Manager Mobile (CVE-2026-1281 and CVE-2026-1340) exploited in the wild at a limited number of customers. Both flaws score 9.8 and can run arbitrary code remotely without authentication. Ivanti released RPM-based mitigations for affected EPMM versions, noting no downtime is required but hotfixes must be reapplied after any version upgrade; a permanent fix arrives with EPMM 12.8.0.0 in Q1 2026. Exploitation can reveal administrator and user data, device details, and location (if enabled), and attackers could alter configurations via the API or web console. Defenders can detect activity via a specific Apache access-log regex, though logs can be altered by attackers. Recovery guidance includes restoring from a known-good backup or rebuilding, resetting local and service accounts' passwords, rotating certificates, and reviewing Sentry logs. CISA has added CVE-2026-1281 to KEV; federal agencies must patch or decommission affected systems by Feb 1, 2026.

via BleepingComputer|

#epmm #ivanti #patch-management