< ciso
brief />
Tag Banner

All news with #remote code execution tag

691 articles · page 3 of 35

Maximum-severity Ivanti Sentry flaw now exploited

🔒 Attackers are exploiting a recently patched maximum-severity OS command injection in Ivanti Sentry (formerly MobileIron Sentry), tracked as CVE-2026-10520, to achieve root code execution on Internet-exposed gateways. Ivanti released patches in Sentry R10.5.2, R10.6.2, and R10.7.1, but Shadowserver reports many publicly reachable appliances have already been backdoored. Shadowserver warned that their scans undercount exposures due to blocklisting and urged immediate patching, while Ivanti has not revised its advisory and maintains no evidence of customer exploitation at disclosure.
read more →

Ivanti patches critical Sentry gateway vulnerabilities

🔒 Ivanti patched two critical vulnerabilities in Ivanti Sentry, an in-line secure mobile gateway formerly called MobileIron Sentry, that could allow unauthenticated remote attackers to take full control of devices. One flaw, CVE-2026-10523, lets attackers bypass authentication to create administrative accounts and is rated 9.9/10. The second, CVE-2026-10520, is a command injection leading to root remote code execution and is rated 10/10. Customers should upgrade to versions 10.5.2, 10.6.2, or 10.7.1 immediately.
read more →

Microsoft issues record June 2026 security fixes

🛡️ Microsoft released fixes for a record 206 security vulnerabilities in June 2026, including three publicly disclosed flaws. The update covers 39 Critical and 167 Important issues, spanning privilege escalation, RCE, information disclosure, spoofing, and more, and includes two non-Microsoft CVEs and numerous Chromium fixes affecting Edge. Notable patched bugs include a Windows Kernel use-after-free (CVE-2026-45657), HTTP.sys and DHCP client RCEs, and several BitLocker bypasses addressed after public PoCs.
read more →

Microsoft fixes 200 CVEs in June Patch Tuesday

🛡️ Microsoft released June Patch Tuesday updates addressing 200 vulnerabilities, including three publicly disclosed zero-days. The release fixed 33 critical CVEs — mostly remote code execution bugs — and a large share of elevation-of-privilege issues. Notable fixes include the HTTP/2 Bomb DoS (CVE-2026-49160), a BitLocker bypass (CVE-2026-50507), and a CTFMON elevation-of-privilege flaw (CVE-2026-45586). Administrators are advised to prioritize patches for several high-risk RCE and EoP bugs affecting Windows components like Win32K, Remote Desktop, DHCP client, and Hyper-V.
read more →

Ivanti Sentry critical root code execution patched

🔒 Ivanti has released patches for two critical vulnerabilities in its Sentry secure mobile gateway, including a maximum-severity OS command injection (CVE-2026-10520) that allows remote code execution as root and a critical authentication bypass (CVE-2026-10523) permitting creation of rogue admin accounts. Patches are available in Sentry R10.5.2, R10.6.2, and R10.7.1, and the vendor reports no evidence of active exploitation at disclosure. Administrators are urged to apply updates promptly to prevent potential compromises.
read more →

Six Proto6 Vulnerabilities Impact protobuf.js Ecosystem

🔒 Cybersecurity researchers disclosed six vulnerabilities in protobuf.js, the JavaScript/TypeScript implementation of Protocol Buffers, that can enable remote code execution (RCE) and denial-of-service (DoS) when untrusted schemas or payloads are processed. Named Proto6, the flaws affect Node.js apps, Google Cloud client libraries, messaging frameworks like Baileys, and CI/CD pipelines. Patches are available in protobufjs 7.5.6 and 8.0.2 and protobufjs-cli 1.2.1 and 2.0.2, and users are urged to update to mitigate risks stemming from trusting schema and metadata by default.
read more →

Microsoft June 2026 Patch Tuesday: Key Fixes

🛡️ Microsoft released its June 2026 security update addressing 206 vulnerabilities, including 32 marked critical. Talos highlights multiple RCEs across Windows components, Office, Azure services, and other products, and calls out several vulnerabilities as more likely to be exploited. Cisco Talos published Snort 2 and Snort 3 rules to detect exploitation attempts and urges customers to update rule packs promptly.
read more →

Veeam issues patch for critical Backup & Replication RCE

🛡️ Veeam released patches for a critical remote code execution flaw in Backup & Replication, tracked as CVE-2026-44963 with a CVSS score of 9.4. The issue allowed an authenticated domain user to execute code on the Backup Server and affects 12.3.2.4465 and earlier 12.x builds; version 13.x is not vulnerable. The flaw was reported by watchTowr researcher Sina Kheirkhah and fixed in build 12.3.2.4854; users are urged to update promptly.
read more →

Critical Veeam RCE Flaw Affects Domain-Joined Servers

🔒 Veeam released updates to fix a critical remote code execution vulnerability in Backup & Replication (CVE-2026-44963) that affects 12.x builds up to 12.3.2.4465 and was patched in 12.3.2.4854. Any authenticated low-privilege domain user can exploit the issue, but only domain-joined installations are impacted. Veeam noted version 13.x is not affected due to architectural changes and urged customers to apply updates promptly as attackers commonly reverse-engineer patches.
read more →

Gogs patches critical zero-day enabling RCE

🛡️ Gogs has released version 0.14.3 to patch a critical argument-injection zero-day that allows authenticated non-admin users to execute remote code and access any repository, including private ones. The flaw affects all releases up to 0.14.2 and 0.15.0+dev and was reported by Rapid7 researcher Jonah Burgess. Rapid7 urges immediate upgrades and provided mitigations such as disabling open registration and restricting repo creation for instances that cannot be patched immediately.
read more →

Critical UniFi OS bug enables unauthenticated root access

🔒 Researchers found that three fixed flaws in UniFi OS Server (CVE-2026-34908, CVE-2026-34909, CVE-2026-34910) can be chained to achieve remote code execution with root privileges on versions 5.0.6 and earlier. Bishop Fox validated the full attack path on a live instance, showing an authentication bypass via URI normalization differences and a subsequent command injection that escalates to root due to passwordless sudo. A detection script and guidance are available; upgrade to 5.0.8 or later.
read more →

Critical protobuf.js flaws enable code injection risks

🛡️ Researchers at Cyera disclosed six vulnerabilities in protobuf.js, a JavaScript implementation of Google’s Protocol Buffers, that allow untrusted schema data to influence application behavior. The most severe issues enable code generation and injection via manipulated schema metadata, potentially leading to remote code execution when crafted inputs are accepted. The flaws affect protobuf.js versions up to 7.5.5 and 8.0.1 and also impact protobuf.js-cli; patches are available in updated releases.
read more →

Critical Everest Forms Pro Flaw Lets Site Takeover

⚠️ A critical vulnerability (CVE-2026-3300) in Everest Forms Pro versions 1.9.12 and earlier allows unauthenticated attackers to execute arbitrary PHP on affected WordPress sites via the plugin's Complex Calculation feature. The issue stems from user-supplied values being inserted into an eval() string without properly escaping single quotes, enabling code injection. Wordfence telemetry shows active exploitation creating rogue administrator accounts, and a patch was issued by the developer on March 18.
read more →

Critical RCE in Everest Forms Pro Actively Exploited

🛡️ A critical remote code execution flaw in Everest Forms Pro for WordPress has been actively exploited to hijack sites. Wordfence analysis shows the vulnerability (CVE-2026-3300, CVSS 9.8) allows unauthenticated attackers to run PHP via the plugin's Calculation add-on when "Complex Calculation" is enabled. The bug affects all versions through 1.9.12 and was patched in 1.9.13; administrators are urged to update immediately. Wordfence telemetry recorded tens of thousands of blocked exploit attempts and identified indicators such as a rogue admin named "diksimarina" and a recurring source IP.
read more →

Hugging Face Transformers RCE via model configs

🛡️ A high-severity RCE vulnerability in Hugging Face Transformers lets attackers leverage a hidden config field to execute remote code when loading models. The flaw abuses an underscore-prefixed parameter, _attn_implementation_internal, bypassing trust_remote_code=false and triggering unsandboxed kernel downloads. A silent patch was released in Transformers 5.3.0; users should upgrade and scan cached configs.
read more →

Hitachi Energy MACH HiDraw Heap Overflow Patch

🔒 Hitachi Energy reported a heap-based buffer overflow in MACH HiDraw XML parser where an authenticated local user can trigger memory corruption using a crafted XML file. Successful exploitation may cause application crashes (DoS) or enable arbitrary code execution. A vendor fix is available in version 9.23; contact your local account team for upgrade assistance. CISA recommends network segmentation, firewall controls, and minimizing exposure of control systems to the internet.
read more →

Redis RCE Flaw CVE-2026-23479 and Cloud Risk

🔒 A two-year use-after-free vulnerability (CVE-2026-23479) in Redis 7.2.0 through older stable branches enabled authenticated remote code execution and was disclosed after Team Xint Code and Wiz published a full technical write-up. The flaw arises in unblockClientOnKey() where a freed client structure is reused, and the exploit chain leaks a heap pointer via Lua, forges a client, and corrupts memory accounting to overwrite a GOT entry. Default deployments and many cloud instances lacking passwords increase exposure; Redis released fixes on May 5 and recommends minor upgrades per series and tightened ACLs if immediate patching is not possible.
read more →

Acer warns of max-severity zero-days in Wave 7 routers

🛡️ Acer confirmed it's addressing two maximum-severity zero-day vulnerabilities in Wave 7 mesh routers. Reported by researcher Gergo Pap, both affect firmware T7c_GBL_1.01.000055 or earlier and permit remote, unauthenticated access to sensitive data and persistent backdoors. Acer plans firmware fixes by the end of June 2026 and urges users to update once patches are released and to disable or restrict remote management as a temporary mitigation.
read more →

Critical HP Poly VoIP Flaw Enables Remote Root Access

🔒 HP has released patches for a critical buffer overflow in multiple IP conference phones in its Poly Voice line that can allow unauthenticated attackers to gain root on affected devices. The issue, tracked as CVE-2026-0826 and rated 9.2 CVSS, stems from SDP parsing when the ICE feature is enabled; administrators are advised to disable ICE if not needed. Rapid7 researchers released a Metasploit exploit demonstrating the vulnerability, and HP has issued UCS updates to remediate the affected VVX and Trio models.
read more →

CISA orders federal patch for WebLogic zero-day

🛡️ The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has mandated federal agencies to patch an actively exploited Oracle WebLogic vulnerability, CVE-2024-21182, by June 4 under BOD 22-01. The flaw affects Oracle WebLogic Server versions 12.2.1.4.0 and 14.1.1.0.0 and enables unauthenticated remote compromise via T3/IIOP. Shodan reports over 1,592 exposed and vulnerable WebLogic instances, and CISA urges all organizations to apply vendor mitigations or discontinue use if fixes are unavailable.
read more →