CISA has mandated that U.S. government agencies patch a serious remote code execution vulnerability in Gogs, identified as CVE-2025-8110. This flaw, stemming from a path traversal issue, allows attackers to overwrite files outside the repository and execute arbitrary commands. Over 1,400 Gogs servers remain exposed, with a second wave of attacks observed recently.

A serious Remote Code Execution vulnerability in React, identified as CVE-2025-55182, affects versions prior to December 2025. It exploits a deserialization flaw in React Server Components, allowing attackers to execute arbitrary code via crafted HTTP requests without authentication. Upgrading to patched versions is essential for security.

This article details a critical vulnerability in OpenClaw, an open-source AI assistant, that allows an attacker to execute remote code with a single click. By exploiting logic flaws in the app's code, the attacker can hijack user data and bypass security measures. Users are urged to update to the latest version to protect against this exploit.

A remote code execution vulnerability affects specific versions of React and frameworks like Next.js using the App Router. Users of Next.js versions 15.x and 16.x need to update to patched versions immediately to mitigate the risk. Experimental canary releases starting from 14.3.0-canary.77 are also impacted.

This article details a critical security flaw in n8n, an open-source workflow automation tool, that allowed attackers to execute arbitrary commands. It outlines how a prior security patch was bypassed due to a misunderstanding of TypeScript's type enforcement and highlights the implications for developers relying on such frameworks for security.

This article details the process of finding and exploiting a vulnerability in the IN-8401 2K+ IP camera. The author describes steps from firmware extraction to building an ARM ROP chain for unauthenticated remote code execution. It highlights the importance of proper debugging and analysis methods in discovering security flaws.

WatchGuard has identified a serious remote code execution vulnerability in Firebox firewalls, affecting certain Fireware OS versions. Attackers can exploit this flaw without user interaction, particularly if the firewalls are configured for IKEv2 VPN. The company urges immediate patching and offers workarounds for those unable to update.

The article reveals a vulnerability in Microsoft's Update Health Tools that allowed remote code execution through abandoned Azure storage blobs. Researchers exploited this flaw by monitoring HTTP requests and discovered that many devices were at risk due to misconfigurations. Microsoft has since addressed the issue after responsible disclosure.

This article examines a critical pre-authentication remote code execution vulnerability in SmarterMail, assigned CVE-2025-52691. It discusses the timeline of the vulnerability's discovery and patch, along with technical details about how the flaw allows unauthenticated file uploads through an API endpoint.

Two serious vulnerabilities in the n8n automation platform could let attackers fully compromise instances and execute arbitrary code. The flaws, CVE-2026-1470 and CVE-2026-0863, allow unauthorized access despite requiring user authentication, with fixes available in recent software updates.

The RondoDox botnet is exploiting a critical RCE vulnerability in XWiki, tracked as CVE-2025-24893. CISA has flagged this flaw as actively exploited, with RondoDox using it to execute malicious payloads on affected servers. Immediate patching is recommended for vulnerable versions.

BeyondTrust has issued a warning about a serious security vulnerability in its Remote Support and Privileged Remote Access software that allows attackers to execute arbitrary code without authentication. The flaw, tracked as CVE-2026-1731, affects multiple versions and could lead to significant system compromises. Users are urged to update their software to mitigate risks.

CVE-2025-55182 is a serious remote code execution flaw in React Server Components that allows attackers to execute arbitrary code via a single malicious HTTP request. Both Windows and Linux environments are affected, with exploitation attempts involving coin miners and other malware. Immediate action is needed to patch vulnerable systems and enhance security measures.

A severe zero-click vulnerability in Claude Desktop Extensions allows attackers to take control of users' computers via malicious Google Calendar invites. This flaw affects over 10,000 users, enabling remote code execution without any user interaction.

The React2Shell vulnerability allows unauthenticated remote code execution in React Server Components, posing a significant risk for affected applications. Organizations using vulnerable versions must patch immediately to prevent exploitation. Runtime detection and WAF rules can offer temporary protection, but fixing the code is essential.

A long-standing deserialization vulnerability in SnakeYAML, which allowed for remote code execution in Java applications, was finally addressed after years of community discussion and a pivotal conversation between a security researcher and the library's maintainer. The change led to SnakeYAML 2.0 adopting secure defaults, preventing unsafe instantiation of classes from YAML tags unless explicitly configured. This shift highlights the importance of secure design in libraries and the need for developers to be aware of potential risks.

Researchers exploited a vulnerability in CodeRabbit, an AI code review tool, allowing them to achieve remote code execution (RCE) and gain read/write access to 1 million repositories. The exploitation involved creating a malicious pull request that leveraged a flaw in the integration of external static analysis tools, leading to the leakage of sensitive API tokens and secrets. CodeRabbit quickly remediated the vulnerabilities after disclosure, enhancing their security measures in response.

A critical remote code execution vulnerability (CVE-2025-3248) in Langflow has been actively exploited, allowing attackers to gain full control of vulnerable servers via an unprotected API endpoint. Organizations are urged to upgrade to version 1.3.0 or later to mitigate risks, as CISA warns of the high likelihood of exploitation and the potential existence of over 500 exposed instances. Those unable to upgrade should restrict access to Langflow services immediately.

A critical remote code execution vulnerability (CVE-2025-30065) has been found in all versions of Apache Parquet up to 1.15.0, allowing attackers to exploit specially crafted Parquet files for malicious purposes. Users are urged to upgrade to version 1.15.1 to mitigate the risk, which is particularly significant for big data environments and analytics systems that rely on Parquet files. Although no active exploitation has been reported yet, the potential for severe impact remains high due to the widespread use of this format.

Citrix has addressed three vulnerabilities in its NetScaler ADC and Gateway, including a critical remote code execution flaw (CVE-2025-7775) that is being actively exploited. Users are urged to update their firmware as there are no available mitigations for the vulnerability. Additional vulnerabilities related to memory overflow and improper access control have also been identified and patched.

A security researcher discovered a significant remote code execution (RCE) vulnerability in ASUS's DriverHub software, which could be exploited due to inadequate origin checks in its RPC communication. The researcher detailed the exploit chain that could allow malicious code execution through ASUS-signed executables, ultimately leading to a successful report and patch from ASUS.

The article discusses a critical Remote Code Execution vulnerability, named TARmageddon (CVE-2025-62518), found in the async-tar Rust library and its forks, notably tokio-tar, which appears to be unmaintained. It highlights the challenges of dealing with abandoned open-source projects, as the vulnerability's widespread impact necessitated a decentralized disclosure process for patching affected projects. Suggested remediation includes upgrading to patched forks or removing the dependency altogether.