remote code execution
-
SmarterMail authentication bypass exploited days after patch enables admin reset and RCE
An authentication bypass in SmarterMail that allows resetting administrator passwords and enabling system-level command execution was exploited two days after a vendor patch. A watchTowr Labs technical analysis describes the vulnerability and exploitation timeline.
-
HPE fixes critical OneView flaw rated CVSS 10.0 that allows remote code execution
Hewlett Packard Enterprise has fixed a CVSS 10.0 vulnerability in OneView (CVE-2025-37164) that could allow unauthenticated remote code execution; patches, version 11.00 and hotfixes for earlier releases, are available and should be applied promptly.
-
Hard-coded cryptographic keys in Gladinet CentreStack and Triofox exploited to access web.config, Huntress says
Huntress warned that hard-coded cryptographic keys in Gladinet CentreStack and Triofox allow attackers to decrypt or forge access tickets and retrieve web.config files, enabling ViewState deserialization attempts; nine organisations have been affected and vendors have released updates.
-
Critical Sneeit WordPress plugin RCE actively exploited, security firm reports
A critical remote code execution flaw (CVE-2025-6389) in the Sneeit Framework WordPress plugin is being exploited in the wild; Wordfence said attackers have created admin accounts and uploaded web shells. The issue affects versions up to 8.3 and was fixed in 8.4. Separately, VulnCheck observed an ICTBroadcast exploit delivering a DDoS botnet called “frost.”
-
Cloudflare says emergency React2Shell patch caused brief network outage
Cloudflare said an emergency change to its Web Application Firewall to mitigate the critical React2Shell vulnerability briefly made its network unavailable, causing widespread 500 errors. The React flaw can allow unauthenticated remote code execution and researchers report active exploitation and circulating proof-of-concept exploits.
-
Critical React Server Components flaw (React2shell) allows unauthenticated remote code execution; Next.js also affected
A critical deserialization flaw in React Server Components, tracked as CVE-2025-55182 and nicknamed React2shell, can allow unauthenticated remote code execution; related Next.js App Router releases are covered by CVE-2025-66478. Patches are available and vendors and security firms advise applying fixes and using WAFs or access restrictions.
-
Long-running ‘ShadyPanda’ campaign amassed more than 4.3 million browser extension installs, researchers say
Researchers say the ShadyPanda campaign turned hundreds of browser extensions into spyware and backdoors, accumulating more than 4.3 million installs across Chrome and Edge and exfiltrating browsing data to multiple domains.
-
Researchers find widespread remote code execution risk in AI inference engines from unsafe ZMQ and pickle use
Researchers found a recurring insecure pattern — pickle deserialization over unauthenticated ZeroMQ sockets — in multiple AI inference frameworks, creating remote code execution risks across projects including vLLM, NVIDIA TensorRT-LLM, Modular Max Server and SGLang; related research also showed browser and IDE injection risks in Cursor.
-
Mass attacks exploit outdated GutenKit and Hunk Companion WordPress plugins
A mass exploitation campaign is targeting WordPress sites running outdated GutenKit and Hunk Companion plugins, leveraging three critical vulnerabilities that can lead to remote code execution; Wordfence said it blocked 8.7 million attack attempts over two days and urged administrators to update plugins and check for indicators of compromise.
-
Microsoft issues out-of-band fix for WSUS vulnerability CVE-2025-59287
Microsoft released an out-of-band cumulative update to address CVE-2025-59287, a critical WSUS deserialization vulnerability being exploited in the wild; admins should apply the patch or disable WSUS/block ports 8530 and 8531 until systems can be rebooted after updating.
