#remote-code-execution

WordPress Breeze Cache Plugin Hit by Critical RCE Exploit

Hackers actively exploit CVE-2024-50550 in WordPress Breeze Cache plugin, allowing unauthenticated arbitrary file uploads and remote code execution.

6,400+ Apache ActiveMQ Servers Exposed to Code Injection Attacks

Shadowserver discovered over 6,400 Apache ActiveMQ servers vulnerable to active code injection exploits targeting high-severity flaws.

Critical protobuf.js RCE Flaw Gets Public Exploit Code

Proof-of-concept exploit code emerged for a critical remote code execution vulnerability in protobuf.js, Google's widely deployed JavaScript Protocol Buffers library.

CISA Warns of Active Attacks on 13-Year-Old ActiveMQ Flaw

CISA added Apache ActiveMQ CVE-2023-46604 to its Known Exploited Vulnerabilities catalog after confirming active exploitation of the 13-year-old remote code execution flaw.

Marimo RCE Flaw Under Active Attack Hours After Disclosure

Critical pre-authentication remote code execution vulnerability in Marimo notebook platform exploited for credential theft within hours of public disclosure.

Apache ActiveMQ Classic RCE Flaw Exposed After 13 Years

Security researchers uncovered a critical remote code execution vulnerability in Apache ActiveMQ Classic that remained hidden for over a decade.

CVE-2025-59528: Hackers Exploit Critical Flowise RCE Flaw

Attackers are actively exploiting CVE-2025-59528, a maximum-severity remote code execution vulnerability in Flowise LLM platform.

Progress ShareFile RCE Flaws Enable Pre-Auth Server Takeover

Critical Progress ShareFile vulnerabilities allow attackers to chain exploits for unauthenticated remote code execution and arbitrary file uploads.

TrueConf Zero-Day Exploited to Execute Files on Endpoints

Attackers exploit a zero-day vulnerability in TrueConf conference servers to execute arbitrary files on all connected endpoints.

F5 BIG-IP APM Flaw Upgraded to Critical RCE Threat

F5 reclassified a BIG-IP APM denial-of-service vulnerability as critical remote code execution after attackers deployed webshells on unpatched systems.

CISA Adds Critical F5 BIG-IP CVE-2025-53521 to KEV Catalog

CISA added CVE-2025-53521 affecting F5 BIG-IP Access Policy Manager to its Known Exploited Vulnerabilities catalog following confirmed active exploitation.

PTC Patches Critical RCE Flaw in Windchill PLM Software

PTC Inc. fixed a critical remote code execution vulnerability in Windchill and FlexPLM that threatens manufacturing organizations worldwide.

Quest KACE CVE-2025-32975 Exploited in Education Attacks

Critical Quest KACE vulnerability CVE-2025-32975 has been actively exploited in targeted attacks against educational institutions worldwide.

Oracle Patches Critical RCE Flaw in Identity Manager

Oracle released emergency patches for critical remote code execution vulnerabilities affecting Identity Manager and Web Services Manager components exposed to the internet.

Langflow CVE-2026-33017 Exploited 20 Hours After Disclosure

Critical authentication bypass flaw in Langflow enables remote code execution, actively exploited within hours of public disclosure.

CISA Warns of Actively Exploited Wing FTP Server Flaw

CISA alerts federal agencies about an actively exploited Wing FTP Server vulnerability enabling remote code execution attacks.

Veeam Patches Four Critical RCE Flaws in Backup Software

Veeam Software fixed four critical remote code execution vulnerabilities in its Backup & Replication solution on March 12, 2026.

Veeam Patches 5 Security Flaws, 3 Critical RCE Bugs

Veeam released March 2026 security updates for Backup & Replication 13, fixing five vulnerabilities including three critical remote code execution flaws.

CISA Orders Federal Agencies to Patch n8n RCE Flaw

CISA added an actively exploited n8n remote code execution vulnerability to its Known Exploited Vulnerabilities catalog, requiring federal agencies to patch by March 25.