SAP has released out-of-band emergency NetWeaver updates to fix a suspected remote code execution (RCE) zero-day flaw actively exploited to hijack servers.

Cisco has released security updates for a high-severity Webex vulnerability that allows unauthenticated attackers to gain client-side remote code execution using malicious meeting invite links.

On April 3, 2025, Ivanti published an advisory for CVE-2025-22457, an unauthenticated remote code execution vulnerability due to a stack based buffer overflow.…

As large language models (LLMs) become more advanced and are granted additional capabilities by developers, security risks increase dramatically. Manipulated LLMs are no longer just a risk of...

We share actionable mitigation and detection strategies against IngressNightmare so you can protect against possible exploitation in runtime.

On December 16, 2024, BeyondTrust published both an advisory and patches for CVE-2024-12356, a critical unauthenticated remote code execution (RCE) vulnerabili…

Cisco has fixed two critical Identity Services Engine (ISE) vulnerabilities that can let attackers with read-only admin privileges bypass authorization and run commands as root.

On November 25, 2024, a third party, from SECURE NETWORK BVTECH, reported the D-Link DSL-3788 hardware revision B2 with firmware version vDSL-3788_fw_revA1_1.01R1B036_EU_EN or below, of a Unauthenticated Remote Code Execution (RCE) vulnerability.

When D-Link became aware of the reported security issues, we promptly started investigating and developing security patches. Patches were release within the 90-day of the report of the vulnerabilities.

In December 2024, two Windows Lightweight Directory Access Protocol (LDAP) vulnerabilities were identified by independent security researcher Yuki Chen: CVE-2024-49112, a remote code execution (RCE) flaw with a 9.8 CVSS score, and CVE-2024-49113, a denial-of-service (DoS) flaw with a 7.5 CVSS score.

​Veeam released security updates today to address two Service Provider Console (VSPC) vulnerabilities, including a critical remote code execution (RCE) discovered during internal testing.

VSPC, described by the company as a remote-managed BaaS (Backend as a Service) and DRaaS (Disaster Recovery as a Service) platform, is used by service providers to monitor the health and security of customer backups, as well as manage their Veeam-protected virtual, Microsoft 365, and public cloud workloads.

A vulnerability categorized as “critical” in a photo app installed by default on Synology network-attached storage devices could give attackers the ability to steal data and worse.

Multiple Xerox printers (EC80xx, AltaLink, VersaLink, WorkCentre) were affected by an authenticated remote code execution vulnerability which allowed an attacker with administrative web credentials to fully compromise the devices with root privileges on the operating system.

Hello friends, this is the first of two, possibly three (if and when I have time to finish the Windows research) writeups. We will start with targeting GNU/Linux systems with an RCE. As someone who’s

VMware warned that an attacker with network access could send a specially crafted packet to execute remote code. CVSS severity score 9.8/10.

SolarWinds addressed a critical remote code execution vulnerability, tracked as CVE-2024-28991, in Access Rights Manager.

Progress Software has issued an emergency fix for a maximum (10/10) severity vulnerability impacting its LoadMaster and LoadMaster Multi-Tenant (MT) Hypervisor products that allows attackers to remotely execute commands on the device.

D-Link is warning that four remote code execution (RCE) flaws impacting all hardware and firmware versions of its DIR-846W router will not be fixed as the products are no longer supported.

Veeam has released security updates for several of its products as part of a single September 2024 security bulletin that addresses 18 high and critical severity flaws in Veeam Backup & Replication, Service Provider Console, and One.

Security researchers have detailed and published a PoC exploit code for a critical vulnerability, designated as CVE-2024-38077 (CVSS 9.8)

Microsoft researchers found multiple vulnerabilities in OpenVPN that could lead to an attack chain allowing remote code execution and local privilege escalation. This attack chain could enable attackers to gain full control over targeted endpoints, potentially resulting in data breaches, system compromise, and unauthorized access to sensitive information.