All news

rce

(13 articles)

May 14, 2026

NGINX Rewrite Flaw Enables Unauthenticated RCE

An 18-year-old flaw in NGINX's rewrite module allows unauthenticated RCE. Learn what's affected, how the exploit works, and how to protect your servers.

Apache HTTP/2 CVE-2026-23918: DoS and RCE Risk

May 5, 2026

Apache HTTP/2 CVE-2026-23918: DoS and RCE Risk

CVE-2026-23918 in Apache HTTP/2 enables denial of service and potential remote code execution. Learn what's exposed and how to patch now.

Weaver E-cology RCE CVE-2026-22679 Actively Exploited

May 5, 2026

Weaver E-cology RCE CVE-2026-22679 Actively Exploited

CVE-2026-22679 in Weaver E-cology is being actively exploited via a debug API endpoint. Learn how the RCE flaw works and how to protect your systems.

Google Fixes CVSS 10 Gemini CLI RCE and Cursor Flaws

April 30, 2026

Google Fixes CVSS 10 Gemini CLI RCE and Cursor Flaws

Google patched critical CVSS 10 RCE flaws in Gemini CLI and Cursor. Here's what developers need to know about the CI pipeline code execution risk.

GitHub CVE-2026-3854 RCE Flaw: Exploited via Git Push

April 28, 2026

GitHub CVE-2026-3854 RCE Flaw: Exploited via Git Push

Researchers found CVE-2026-3854, a critical GitHub RCE vulnerability triggerable with a single git push. Here's what developers need to know now.

Anthropic MCP Flaw Enables RCE and AI Supply Chain Risk

April 20, 2026

Anthropic MCP Flaw Enables RCE and AI Supply Chain Risk

A design vulnerability in Anthropic's MCP protocol enables remote code execution, putting AI supply chains at serious risk. Here's what developers need to know.

Marimo RCE CVE-2026-39987 Exploited in 10 Hours

April 10, 2026

Marimo RCE CVE-2026-39987 Exploited in 10 Hours

The Marimo RCE flaw CVE-2026-39987 was exploited within 10 hours of disclosure. Learn how it works, what's at risk, and how to protect your stack now.

Flowise RCE CVE: 12,000+ Instances Under Attack

April 7, 2026

Flowise RCE CVE: 12,000+ Instances Under Attack

A CVSS 10.0 RCE flaw in Flowise AI Agent Builder is being actively exploited. Over 12,000 exposed instances face full remote takeover. Here's what you need to know.

CISA: New Langflow Flaw Actively Exploited to Hijack AI Workflows

March 26, 2026

CISA: New Langflow Flaw Actively Exploited to Hijack AI Workflows

CVE-2026-33017 in Langflow is being actively exploited for RCE - attackers went from advisory to full exploitation in under 24 hours. Here's what you need to know.

Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager

March 21, 2026

Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager

Oracle patches CVE-2026-21992, a critical unauthenticated RCE flaw in Identity Manager. Here's what happened and how to protect your stack now.

Oracle Pushes Emergency Fix for Critical Identity Manager RCE Flaw

March 20, 2026

Oracle Pushes Emergency Fix for Critical Identity Manager RCE Flaw

Oracle drops an out-of-band patch for CVE-2026-21992, a CVSS 9.8 unauthenticated RCE bug in Identity Manager and Web Services Manager. Patch now.

Magento PolyShell Flaw Enables Unauthenticated Uploads, RCE and Account Takeover

March 20, 2026

Magento PolyShell Flaw Enables Unauthenticated Uploads, RCE and Account Takeover

A critical PolyShell vulnerability in Magento allows unauthenticated file uploads, remote code execution, and full account takeover. Here's what you need to know.

New 'PolyShell' Flaw Allows Unauthenticated RCE on Magento E-Stores

March 19, 2026

New 'PolyShell' Flaw Allows Unauthenticated RCE on Magento E-Stores

The PolyShell vulnerability lets attackers execute code or hijack accounts on Magento stores without authentication - and exploit code is already circulating.