< ciso
brief />
Tag Banner

All news with #remote code execution tag

691 articles · page 5 of 35

Drupal issues emergency patch for critical SQL injection

🚨Drupal administrators must apply an emergency core update to address a “highly critical” SQL injection defect (CVE-2026-9082) that affects sites using PostgreSQL. The release also bundles upstream fixes for Symfony and Twig, so Drupal urges updates even for non-Postgres deployments. Supported branches 11.3, 11.2, 10.6 and 10.5 are patched, while end-of-life versions may receive unsupported best-effort patches. The flaw permits anonymous attackers to send crafted requests resulting in arbitrary SQL injection, information disclosure, and potential privilege escalation or remote code execution.
read more →

Max-Severity ChromaDB Flaw Lets Attackers Hijack Servers

⚠️ A max-severity flaw (CVE-2026-45829) in the Python FastAPI server of ChromaDB allows unauthenticated attackers to load and execute remote models before authentication is enforced, enabling arbitrary code execution on exposed servers. The issue impacts PyPI-distributed releases used widely in AI retrieval stacks; a 1.5.9 release exists but it is unclear if the fix addresses this vulnerability. Mitigations include using the Rust frontend, avoiding public exposure of the Python API, and restricting network access to the ChromaDB API port.
read more →

CISA Advisory: Multiple Critical Vulnerabilities in ScadaBR

⚠ CISA reports multiple critical vulnerabilities in ScadaBR version 1.2.0, including missing authentication, OS command injection, CSRF, and hard-coded credentials. Successful exploitation could enable unauthenticated remote code execution, root command execution, arbitrary sensor injection, or full administrative access. The vendor did not respond to CISA requests; users should contact ScadaBR support and implement network-level mitigations immediately.
read more →

PAN-OS Captive Portal Critical RCE Affecting Siemens Devices

⚠️A buffer overflow in the User-ID™ Authentication Portal (Captive Portal) of Palo Alto Networks PAN-OS permits an unauthenticated attacker to execute arbitrary code with root privileges on PA-Series and VM-Series firewalls by sending specially crafted packets. Siemens has identified affected Siemens RUGGEDCOM APE1808 devices and is preparing fixes while recommending immediate mitigations. Recommended actions include disabling Response Pages on exposed interfaces, disabling the User-ID Authentication Portal if not required, and restricting portal access to trusted internal IP addresses; contact vendor support for patch information.
read more →

Critical RCE and Data-Leak Flaws in SEPPMail Gateway

🔒 InfoGuard Labs disclosed multiple critical vulnerabilities in SEPPMail Secure E-Mail Gateway that allow unauthenticated remote code execution, path traversal, deserialization flaws, and exposure of sensitive server data. Researchers demonstrated an exploit chain leveraging the LFT path traversal (CVE-2026-2743) to overwrite syslog configuration and obtain a Perl reverse shell, enabling full appliance takeover and mail interception. SEPPmail has released fixes across versions 15.0.2.1, 15.0.3 and 15.0.4 and urges administrators to apply updates immediately.
read more →

NGINX Heap Overflow CVE-2026-42945 Exploited in the Wild

⚠️ A high-severity heap buffer overflow (CVE-2026-42945, CVSS 9.2) in the ngx_http_rewrite_module of NGINX Plus and NGINX Open (versions 0.6.27–1.30.0) is being exploited in the wild shortly after disclosure. The flaw, reportedly introduced in 2008, can allow unauthenticated attackers to crash worker processes or, when Address Space Layout Randomization (ASLR) is disabled and certain configurations are present, achieve remote code execution. Users are advised to apply F5's fixes and review server configurations urgently.
read more →

AI Finds 18-Year-Old Remote Code Execution Flaw in Nginx

🔍 Researchers using an LLM-powered platform discovered a critical 18-year-old heap buffer overflow in Nginx that can enable remote code execution under certain conditions. Tracked as CVE-2026-42945, it resides in ngx_http_rewrite_module and affects versions 0.6.27 through 1.30.0. Patches were released in 1.31.0 and 1.30.1 and in Nginx Plus releases; several F5 products remain pending updates. Exploitation can cause server crashes and, without ASLR, may allow arbitrary code execution.
read more →

NGINX 18-Year Heap Overflow (CVE-2026-42945) Risks DoS/RCE

🔒 Researchers at DepthFirst AI found an 18-year-old heap buffer overflow in NGINX’s ngx_http_rewrite_module (CVE-2026-42945) that can cause denial of service and, under specific conditions, remote code execution. The flaw affects NGINX Open Source 0.6.27 through 1.30.0 and several F5-managed builds. Exploitation hinges on configurations using both rewrite and set directives and problems in the internal script engine’s two-pass handling of rewrites. Patches and mitigations are available, and F5 recommends replacing unnamed PCRE capture groups with named captures if immediate upgrades are not possible.
read more →

Universal Robots Polyscope 5 Command Injection Fix

⚠️ A critical OS command injection in the Dashboard Server of Universal Robots Polyscope 5 (CVSS 9.8) allows unauthenticated attackers to execute commands on the robot's operating system. Affected releases are versions prior to 5.25.1; the vendor has issued Polyscope 5 v5.25.1 as a corrective update. CISA advises immediate patching and network defenses including segmentation, firewalling, and limiting internet exposure.
read more →

Siemens Solid Edge SE2026 PAR Parsing Flaws, Update

⚠️ Siemens released an update fixing two PAR file parsing vulnerabilities in Solid Edge SE2026 that could allow application crashes or remote code execution. The flaws involve access of an uninitialized pointer (CWE-824) and a stack-based buffer overflow (CWE-121) when handling specially crafted PAR files. Update to V226.0 Update 5 or later and limit network exposure. CISA has republished the vendor advisory and urges organizations to apply the fix and follow recommended ICS security practices.
read more →

Siemens gPROMS gWAP RCE Risk from Axios Prototype Pollution

🔒 Siemens reports that gPROMS Web Applications Publisher (gWAP) is affected by a remote code execution vulnerability stemming from a third‑party Axios prototype pollution "gadget" chain. The flaw can escalate prototype pollution in dependencies into arbitrary code execution or full cloud compromise (including possible AWS IMDSv2 bypass). Siemens has released V3.1.1 and recommends updating to the latest version, restricting network access, and following Siemens industrial security guidelines.
read more →

Siemens Ruggedcom Rox OS Command Injection Fix Released

⚠ An input validation vulnerability in the feature key installation process of Siemens Ruggedcom Rox allows an authenticated remote attacker to inject OS commands and achieve arbitrary code execution with root privileges. Siemens has released updates and advises customers to upgrade affected devices to V2.17.1 or later without delay. CISA and Siemens recommend isolating control networks, restricting access, and following Siemens' operational guidelines to reduce exposure.
read more →

Siemens Ruggedcom Rox OS Command Injection Advisory

⚠️An input validation vulnerability in the Scheduler feature of Siemens Ruggedcom Rox devices allows an authenticated remote attacker to inject OS commands via the device's Web UI. Successful exploitation can execute arbitrary commands with root privileges on the underlying operating system. Siemens has released updates and recommends upgrading to V2.17.1 or later; CISA urges operators to apply the patch and implement network protections such as firewalls, isolation, and secure remote access.
read more →

Siemens Ruggedcom Rox: Multiple Critical Vulnerabilities

🚨 Siemens reports that Ruggedcom Rox devices prior to V2.17.1 contain numerous third‑party vulnerabilities and has released updated firmware; customers are urged to update immediately. The issues include uncontrolled recursion, integer underflow/overflow, multiple stack- and heap-based buffer overflows, use‑after‑free, improper input validation and path traversal, among others. Affected components include Das U‑Boot, QEMU emulation modules, Python email parsing, linux‑pam and other supporting libraries. Apply the vendor updates to mitigate risks such as denial of service, boot bypass or potential code execution.
read more →

Siemens Simcenter Femap Heap Overflow in IPT Files

⚠️ Simcenter Femap contains a heap-based buffer overflow in the Datakit library that can be triggered by specially crafted IPT files, causing memory corruption during parsing. If a user opens a malicious IPT file, an attacker could achieve remote code execution in the context of the running process. Siemens has released V2512.0003 or later to address the issue and recommends immediate updating; the flaw is tracked as CWE-122. CISA republished the vendor advisory to increase visibility and urges reducing network exposure and following Siemens' industrial security guidance.
read more →

Fortinet fixes critical RCE flaws in Authenticator, Sandbox

🔒 Fortinet released Patch Tuesday updates addressing two critical remote code execution vulnerabilities: FortiAuthenticator (CVE-2026-44277) and FortiSandbox (CVE-2026-26083), both rated 9.1. The flaws permit unauthenticated attackers to execute arbitrary commands; Fortinet advises upgrading FortiAuthenticator to 6.5.7/6.6.9/8.0.3 and FortiSandbox to 4.4.9 or 5.0.2. Both issues were found internally and have not yet been observed exploited in the wild, but Fortinet RCEs have been weaponized previously. Administrators should prioritize immediate patching and monitor credentials and logs.
read more →

Critical Exim GnuTLS Flaw Allows Remote Code Execution

⚠️ A critical user-after-free flaw in Exim (CVE-2026-45185) affects GnuTLS builds prior to 4.99.3 and can be triggered during TLS shutdown while processing BDAT chunked SMTP. The vulnerability allows an unauthenticated remote attacker to achieve arbitrary code execution and access mail data. OpenSSL-based builds are not affected. Administrators should apply Exim v4.99.3 updates immediately via their package managers.
read more →

Microsoft May Patch: 17 Critical Flaws Including RCE

🔒 Microsoft released its May Patch Tuesday fixing 120 CVEs, including 17 critical flaws. The update addresses 14 RCEs, two elevation of privilege bugs and one information disclosure issue, with the majority of fixes covering EoP and RCE types. Microsoft credited its WARP team and an agentic AI system, MDASH, with discovering 16 of the issues. Administrators are urged to prioritize high-risk fixes such as CVE-2026-41089.
read more →

May Patch Tuesday: Critical Windows, DNS, and Dynamics Fixes

🔒 Microsoft’s May Patch Tuesday addresses 118 vulnerabilities, including critical Windows Server flaws in Netlogon (CVE-2026-41089) and the DNS Client (CVE-2026-41096), plus a severe RCE in Microsoft Dynamics 365 On-Premises. Cloud services such as Azure and Microsoft Teams have already been updated, but on-prem and endpoint administrators must prioritize OS and application patches. Analysts recommend additional protections like network segmentation, access restrictions, and monitoring. Also note a mandatory Secure Boot certificate rotation before June 26 and multiple high‑risk SAP and Oracle updates.
read more →

Microsoft Patch Tuesday May 2026: 137 Vulnerabilities

🔒 Microsoft released its May 2026 Patch Tuesday update addressing 137 vulnerabilities, of which 31 are rated critical. Microsoft reports no observed active exploitation in the wild, though several critical RCE and local code-execution flaws affect Windows services, Office, Azure, SharePoint, and mobile Office. Talos has published new Snort 2 and Snort 3 rule sets to detect many exploitation attempts and recommends immediate patching and signature updates.
read more →