remote code execution
-
Researchers disclose critical WatchGuard Fireware IKEv2 vulnerability allowing unauthenticated code execution
Researchers and vendor advisories describe a critical out‑of‑bounds write in WatchGuard Fireware’s IKEv2 handling that can be exploited pre‑authentication to achieve remote code execution; patches are available.
-
Researchers disclose two CVSS 10.0 flaws in Red Lion Sixnet RTUs
Security researchers have disclosed two CVSS 10.0 vulnerabilities (CVE-2023-40151 and CVE-2023-42770) in Red Lion Sixnet RTUs that can allow unauthenticated attackers to execute commands as root; vendors and agencies advise patching, enabling authentication and blocking TCP access.
-
Critical ICTBroadcast flaw (CVE-2025-2611) exploited to deploy reverse shells
A critical input-validation flaw in ICTBroadcast (CVE-2025-2611, CVSS 9.3) allows unauthenticated command injection via a session cookie; researchers including VulnCheck say the bug is being exploited to run reverse shells on exposed servers, and no patch information is currently available.
-
Unauthenticated flaw in Gladinet CentreStack and Triofox (CVE-2025-11371) exploited in the wild
Security researchers say CVE-2025-11371, an unauthenticated local file inclusion in Gladinet CentreStack and Triofox, is being exploited in the wild; Huntress recommends removing a handler from the UploadDownloadProxy Web.config as a temporary mitigation while Gladinet prepares a patch.
-
Patched command injection in Figma MCP server could allow remote code execution, researchers say
A command injection bug in the figma-developer-mcp Model Context Protocol server, tracked as CVE-2025-53967 and scored 7.5, could allow remote code execution by interpolating unvalidated input into shell commands; the issue was fixed in version 0.6.3 and researchers recommend avoiding child_process.exec with untrusted data.
-
DrayTek warns of remote code execution bug in Vigor routers
DrayTek has warned that multiple Vigor router models are affected by CVE-2025-10547, an uninitialized stack vulnerability that can lead to memory corruption and, in some cases, remote code execution; firmware updates are available and administrators are urged to apply them.
-
Critical Chaos Mesh Flaws Could Allow Kubernetes Cluster Takeover; Patch Released
Cybersecurity researchers warned of four critical vulnerabilities in Chaos Mesh that could enable an in-cluster attacker to seize control of Kubernetes clusters, potentially exfiltrating data or disrupting services. Chaos Mesh issued a patch with version 2.7.3 and urges users to update or apply mitigations to limit exposure.
-
CISA Adds Critical CVE-2025-5086 in DELMIA Apriso to KEV Catalog Amid Active Exploitation
The U.S. Cybersecurity and Infrastructure Security Agency added CVE-2025-5086, a critical remote-code-execution flaw in DELMIA Apriso, to its Known Exploited Vulnerabilities catalog after evidence of active exploitation emerged, prompting urgent patching across affected deployments.
-
Netherlands says CVE-2025-6543 in Citrix NetScaler exploited to breach critical organizations
The Netherlands’ National Cyber Security Centre warned that CVE-2025-6543 in Citrix NetScaler was exploited to breach multiple critical organizations, turning a memory overflow vulnerability into remote code execution and prompting urgent upgrades to patched versions.
-
Critical Vulnerabilities Discovered in NVIDIA’s Triton Inference Server
A set of critical vulnerabilities in NVIDIA’s Triton Inference Server has been discovered, posing significant risks to organizations using the platform for AI operations. Potential exploits could lead to remote control of servers and theft of sensitive data.
