Cisco has patched a serious remote code execution vulnerability (CVE-2026-20045) in its Unified Communications and Webex Calling products, which has been actively exploited in attacks. The flaw allows attackers to gain elevated access on affected systems through crafted HTTP requests. Users are urged to update their software as there are no effective workarounds.

Researchers found a vulnerability in the .NET Framework, dubbed SOAPwn, that allows attackers to exploit SOAP messages to execute arbitrary code in various applications, including Barracuda and Ivanti. Microsoft has chosen not to fix it, citing that it stems from application design flaws. Some affected software has released patches, but Umbraco 8 remains vulnerable since it reached end-of-life.

A serious security flaw in Grist-Core, tracked as CVE-2026-24002, allows remote code execution through malicious spreadsheet formulas. Discovered by researcher Vladimir Tokarev, this vulnerability can lead to unauthorized command execution on the server. Users should update to version 1.7.9 or later to prevent risks.

This article discusses the CVE-2025-62507 vulnerability in Redis, which allows for remote code execution through a stack buffer overflow triggered by the XACKDEL command. The authors analyze how the vulnerability can be exploited and provide a proof of concept to demonstrate the risk.

A security vulnerability has been discovered in the popular game Call of Duty, allowing for remote code execution on PC systems. This issue poses significant risks to players, especially when the game is played offline, as it could lead to unauthorized access to their computers. Players are advised to stay updated on patches and security measures to mitigate potential threats.

A security engagement revealed an HTML to PDF converter API that allowed for local file access and remote code execution due to vulnerabilities in a .NET renderer using an outdated Chromium version. The authors successfully exploited a known vulnerability in Chromium 62, demonstrating the importance of manual penetration testing in uncovering overlooked security issues.

A critical vulnerability identified as CVE-2025-25257 in Fortinet’s FortiWeb can lead to remote code execution, posing significant security risks. Users are urged to apply patches immediately to mitigate potential exploitation of this flaw.

A critical vulnerability has been discovered in Anthropics software that could potentially allow remote code execution, putting users at significant risk. Security experts are urging users to update their software immediately to mitigate this threat and protect against potential exploits.

Redis has issued critical patches for a severe vulnerability (CVE-2025-49844) that allows remote code execution on approximately 330,000 exposed instances, with at least 60,000 not requiring authentication. The flaw stems from a 13-year-old use-after-free weakness in the Lua scripting feature, enabling attackers to gain full access to host systems and potentially exfiltrate sensitive data. Administrators are urged to update their Redis instances immediately to mitigate the risk of exploitation.

Hackers are exploiting a critical unauthenticated file upload vulnerability in the WordPress theme 'Alone,' enabling remote code execution and site takeovers. Wordfence has recorded over 120,000 exploitation attempts, and a patched version of the theme was released following the discovery of the flaw. Users are advised to update to version 7.8.5 to mitigate risks associated with this vulnerability.