RCE

  • Blog
    digitpatrox1 week ago
    25

    Unpatched critical bugs in Versa Concerto lead to auth bypass, RCE

    Critical vulnerabilities in Versa Concerto that are still unpatched could allow remote attackers to bypass authentication and execute arbitrary code on affected systems. Three security issues, two of them critical, were publicly disclosed by researchers at the vulnerability management firm ProjectDiscovery after reporting them to the vendor and receiving no confirmation of the bugs being addressed. Versa Concerto is the centralized management…

    Read More »
  • Blog
    digitpatrox3 weeks ago
    44

    Critical Langflow RCE flaw exploited to hack AI app servers

    The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has tagged a Langflow remote code execution vulnerability as actively exploited, urging organizations to apply security updates and mitigations as soon as possible. The vulnerability is tracked as CVE-2025-3248 and is a critical unauthenticated RCE flaw that allows any attacker on the internet to take full control of vulnerable Langflow servers by exploiting an…

    Read More »
  • Blog
    digitpatrox3 weeks ago
    51

    Samsung MagicINFO 9 Server RCE flaw now exploited in attacks

    Hackers are exploiting an unauthenticated remote code execution (RCE) vulnerability in the Samsung MagicINFO 9 Server to hijack devices and deploy malware. Samsung MagicINFO Server is a centralized content management system (CMS) used to remotely manage and control digital signage displays made by Samsung. It is used by retail stores, airports, hospitals, corporate buildings, and restaurants, where there’s a need…

    Read More »
  • Blog
    digitpatroxApril 26, 2025
    71

    Craft CMS RCE exploit chain used in zero-day attacks to steal data

    Two vulnerabilities impacting Craft CMS were chained together in zero-day attacks to breach servers and steal data, with exploitation ongoing, according to CERT Orange Cyberdefense. The vulnerabilities were discovered by Orange Cyberdefense’s CSIRT, which was called in to investigate a compromised server. As part of the investigation, they discovered that two zero-day vulnerabilities impacting Craft CMS were exploited to breach the…

    Read More »
  • Blog
    digitpatroxApril 22, 2025
    50

    Active! Mail RCE flaw exploited in attacks on Japanese orgs

    An Active! Mail zero-day remote code execution vulnerability is actively exploited in attacks on large organizations in Japan. Active! mail is a web-based email client developed initially by TransWARE and later acquired by Qualitia, both Japanese companies. While it’s not widely used worldwide like Gmail or Outlook, Active! is often used as a groupware component in Japanese-language environments of large…

    Read More »
  • Blog
    digitpatroxApril 20, 2025
    171

    Critical Erlang/OTP SSH RCE bug now has public exploits, patch now

    Public exploits are now available for a critical Erlang/OTP SSH vulnerability tracked as CVE-2025-32433, allowing unauthenticated attackers to remotely execute code on impacted devices. Researchers at the Ruhr University Bochum in Germany disclosed the flaw on Wednesday, warning that all devices running the daemon were vulnerable. “The issue is caused by a flaw in the SSH protocol message handling which allows an…

    Read More »
  • Blog
    digitpatroxApril 17, 2025
    52

    Critical Erlang/OTP SSH pre-auth RCE is ‘Surprisingly Easy’ to exploit, patch now

    A critical vulnerability in the Erlang/OTP SSH, tracked as CVE-2025-32433, has been disclosed that allows for unauthenticated remote code execution on vulnerable devices. The flaw was discovered by Fabian Bäumer, Marcus Brinkmann, Marcel Maehren, and Jörg Schwenk of the Ruhr University Bochum in Germany and given a maximum severity score of 10.0. All devices running the Erlang/OTP SSH daemon are impacted by the…

    Read More »
  • Blog
    digitpatroxApril 3, 2025
    69

    Max severity RCE flaw discovered in widely used Apache Parquet

    A maximum severity remote code execution (RCE) vulnerability has been discovered impacting all versions of Apache Parquet up to and including 1.15.0. The problem stems from the deserialization of untrusted data that could allow attackers with specially crafted Parquet files to gain control of target systems, exfiltrate or modify data, disrupt services, or introduce dangerous payloads such as ransomware. The…

    Read More »
  • Blog
    digitpatroxMarch 21, 2025
    78

    Veeam RCE bug lets domain users hack backup servers, patch now

    Veeam has patched a critical remote code execution vulnerability tracked as CVE-2025-23120 in its Backup & Replication software that impacts domain-joined installations. The flaw was disclosed yesterday and affects Veeam Backup & Replication version 12.3.0.310 and all earlier version 12 builds. The company fixed it in version 12.3.1 (build 12.3.1.1139), which was released yesterday. According to a technical writeup by watchTowr Labs, who…

    Read More »
  • Blog
    digitpatroxMarch 17, 2025
    84

    Critical RCE flaw in Apache Tomcat actively exploited in attacks

    A critical remote code execution (RCE) vulnerability in Apache Tomcat tracked as CVE-2025-24813 is actively exploited in the wild, enabling attackers to take over servers with a simple PUT request. Hackers are reportedly leveraging proof-of-concept (PoC) exploits that were published on GitHub just 30 hours after the flaw was disclosed last week. The malicious activity was confirmed by Wallarm security…

    Read More »
Load More
Back to top button
close