All articles tagged with #arbitrary code execution
A critical security flaw in the n8n workflow automation platform (CVE-2025-68613) allows authenticated attackers to execute arbitrary code, affecting over 100,000 instances worldwide. The vulnerability has been patched in recent versions, and users are urged to update immediately or implement strict access controls to mitigate risks.
A critical vulnerability in Windows' Remote Access Connection Manager (RasMan) allows local attackers to execute arbitrary code with System privileges by exploiting a race condition and a previously unknown zero-day flaw. Microsoft has issued patches for the primary flaw, CVE-2025-59230, but a secondary unpatched vulnerability involving a service crash was exploited to facilitate the attack. Administrators are urged to apply the latest updates immediately.
A high-severity security flaw, tracked as CVE-2023-37476, has been discovered in the OpenRefine data cleanup tool, allowing attackers to execute arbitrary code on affected systems. By tricking users into importing a malicious project file, the attacker gains the ability to execute code on the victim's machine. The vulnerability has been patched in version 3.7.4. This disclosure follows the surfacing of exploit code for patched flaws in Microsoft SharePoint Server and a high-severity bug in Apache NiFi, highlighting the severe impact of these vulnerabilities on system security and data integrity.