tldrdaily.news logo
Tag

Rce

All articles tagged with #rce

technology20 days ago

MongoDB Urges Immediate Patch for Critical RCE and Data Leak Vulnerabilities

MongoDB has issued an urgent warning to patch a severe remote code execution vulnerability (CVE-2025-14847) affecting multiple versions of its database software. The flaw, due to improper handling of length parameters, allows unauthenticated attackers to execute arbitrary code. Admins are advised to upgrade to patched versions immediately or disable zlib compression to mitigate the risk. The vulnerability has been actively exploited in the past, emphasizing the need for prompt action.

via BleepingComputer|
#cve-2025-14847#mongodb#patch-update
network-security3 months ago

Cisco Issues Urgent Fix for Critical IOS Zero-Day Exploits

Cisco has issued a warning about a high-severity, actively exploited vulnerability in IOS and IOS XE Software (CVE-2025-20352) that affects SNMP protocols, allowing remote attackers with certain credentials to execute arbitrary code or cause a denial-of-service. The flaw, rooted in a stack overflow, has been patched in Cisco IOS XE Software Release 17.15.4a, but mitigation involves restricting SNMP access to trusted users and monitoring SNMP activity.

via The Hacker News|
#cisco#dos#ios-software
cybersecurity4 months ago

Hackers Exploit Zero-Day Flaw in Sitecore for Backdoors and Malware

Threat actors exploited a zero-day vulnerability in legacy Sitecore systems (CVE-2025-53690) involving a ViewState deserialization flaw caused by reused sample ASP.NET machine keys, leading to remote code execution and deployment of reconnaissance malware WeepSteel. The attack involved multi-stage exploits including privilege escalation and persistence techniques. Sitecore recommends immediate replacement and encryption of static machine keys to mitigate the vulnerability.

via BleepingComputer|
#backdoor#cve-2025-53690#cybersecurity
technology5 months ago

Cursor AI Code Editor Fixes and Security Vulnerabilities

Cybersecurity researchers disclosed a high-severity vulnerability (CVE-2025-54136) in the AI code editor Cursor that allows remote code execution through malicious MCP file swaps, which has been addressed in version 1.3 by requiring repeated user approval for configuration changes. The flaw exposes significant risks in AI development environments, especially as AI tools become more integrated into workflows, and is part of broader concerns about AI security vulnerabilities and attack vectors.

via The Hacker News|
#ai-security#ai-supply-chain-risks#cursor-vulnerability
cybersecurity1 year ago

Citrix Faces New RCE Threats with Zero-Day Vulnerabilities

New security flaws in Citrix Virtual Apps and Desktop could allow unauthenticated remote code execution (RCE) due to misconfigured MSMQ permissions and the use of BinaryFormatter for deserialization. The vulnerabilities, CVE-2024-8068 and CVE-2024-8069, require attackers to be authenticated users within the same Windows Active Directory domain. Citrix has released patches for affected versions, and Microsoft advises against using BinaryFormatter due to its security risks.

via The Hacker News|
#binaryformatter#citrix#cybersecurity
cybersecurity1 year ago

"Fortinet's Ongoing Battle: Exploited RCE Flaws and Urgent Patching"

CISA confirms active exploitation of a critical remote code execution (RCE) bug (CVE-2024-21762) in Fortinet's FortiOS operating system, urging immediate patching or SSL VPN disabling to mitigate risks. Fortinet's confusing disclosure process regarding other RCE vulnerabilities (CVE-2024-23108 and CVE-2024-23109) in FortiSIEM was clarified, emphasizing the need to secure all Fortinet devices due to the high likelihood of exploitation by malicious actors for cyber espionage and ransomware attacks.

via BleepingComputer|
#cisa#cve-2024-21762#cybersecurity
cybersecurity1 year ago

"45k Jenkins Servers at Risk of Remote Code Execution Attacks"

Approximately 45,000 Jenkins servers are vulnerable to a critical remote code execution (RCE) flaw, CVE-2024-23897, due to a feature that allows attackers to read arbitrary files on the Jenkins controller's file system. Multiple public proof-of-concept exploits are in circulation, dramatically elevating the risk for unpatched Jenkins servers. The exposure heatmap indicates a massive attack surface, with most vulnerable instances in China and the United States. Administrators are urged to apply security updates immediately or consult the Jenkins security bulletin for mitigation recommendations and potential workarounds.

via BleepingComputer|
#cve-2024-23897#cybersecurity#jenkins
cybersecurity1 year ago

"Urgent Patch Released for Critical Jenkins RCE Vulnerability"

Multiple proof-of-concept exploits have been released for a critical Jenkins vulnerability, allowing unauthenticated attackers to read arbitrary files and execute arbitrary CLI commands. SonarSource researchers discovered two flaws, one enabling data access and the other allowing arbitrary command execution. Jenkins has released fixes for the flaws, but researchers have already reproduced attack scenarios and created working PoC exploits, with reports of hackers actively exploiting the vulnerabilities in the wild.

via BleepingComputer|
#cybersecurity#exploits#jenkins
software-security1 year ago

"Urgent Patch Required for Critical Jenkins Vulnerability"

Jenkins has resolved nine security flaws, including a critical bug (CVE-2024-23897) that could lead to remote code execution (RCE) through its built-in command line interface (CLI). Attackers could exploit this vulnerability to read arbitrary files on the Jenkins controller file system, potentially leading to various attacks. The flaw has been fixed in Jenkins 2.442, LTS 2.426.3, and a short-term workaround is recommended until the patch can be applied. This comes after Jenkins addressed severe security vulnerabilities last year.

via The Hacker News|
#jenkins#patch#rce
cybersecurity2 years ago

"Massive Exploitation of Critical Atlassian Confluence RCE Vulnerability"

More than 600 IP addresses are launching thousands of exploit attempts against a critical bug in out-of-date versions of Atlassian Confluence Data Center and Server, which can allow unauthenticated remote code execution (RCE) attacks. Despite Atlassian urging customers to update immediately, over 11,000 instances remain exposed on the internet, with more than 39,000 RCE attempts seen since January 19. Organizations with vulnerable instances are advised to assume a breach, patch, and take precautions, as this follows a string of critical flaws that have plagued the company in recent months.

via The Register|
#atlassian#cve-2023-22527#cybersecurity
cybersecurity2 years ago

"Atlassian Confluence RCE Flaw Exploited by Hackers"

Hackers are actively exploiting a critical remote code execution vulnerability, CVE-2023-22527, in outdated versions of Atlassian Confluence servers, with over 39,000 exploitation attempts recorded. The flaw allows unauthenticated remote attackers to execute code and affects versions 8.0.x to 8.5.3. Atlassian has released fixes for affected versions and advises administrators to update to secure versions released after December 5, 2023, while also recommending thorough system cleanup for potentially compromised instances.

via BleepingComputer|
#atlassian#confluence#cve-2023-22527
cybersecurity2 years ago

"Massive SonicWall Firewall Vulnerability Exposes 178K Devices to DoS and RCE Attacks"

Over 178,000 SonicWall next-generation firewalls with exposed management interfaces are vulnerable to denial-of-service (DoS) and potential remote code execution (RCE) attacks due to two security flaws. Attackers can exploit these vulnerabilities to force the appliances into maintenance mode, disrupting corporate networks' VPN access. Admins are urged to ensure the management interface is not exposed online and to promptly update to the latest firmware versions. SonicWall's history includes being targeted in cyber-espionage attacks and by ransomware gangs, making these vulnerabilities a significant concern for over 500,000 exposed appliances worldwide.

via BleepingComputer|
#cybersecurity#dos#rce
cybersecurity2 years ago

Ivanti VPN Zero-Day Exploits: State-Sponsored Hackers at Work

Hackers are actively exploiting two critical zero-day vulnerabilities in Ivanti Connect Secure, a widely used VPN appliance, to bypass two-factor authentication and execute malicious code inside networks. The vulnerabilities, tracked as CVE-2023-46805 and CVE-2024-21887, allow attackers to run commands on the system, steal configuration data, modify files, and gain unfettered access to systems on the network. The attacks are attributed to a threat actor suspected to be a Chinese nation-state-level actor, and there are approximately 15,000 affected Ivanti appliances exposed to the Internet. Organizations using Ivanti Connect Secure are urged to take immediate action to mitigate the vulnerabilities.

via Ars Technica|
#cybersecurity#ivanti#rce