CISA has mandated that U.S. government agencies patch a serious remote code execution vulnerability in Gogs, identified as CVE-2025-8110. This flaw, stemming from a path traversal issue, allows attackers to overwrite files outside the repository and execute arbitrary commands. Over 1,400 Gogs servers remain exposed, with a second wave of attacks observed recently.

A serious Remote Code Execution vulnerability in React, identified as CVE-2025-55182, affects versions prior to December 2025. It exploits a deserialization flaw in React Server Components, allowing attackers to execute arbitrary code via crafted HTTP requests without authentication. Upgrading to patched versions is essential for security.

This article details a critical vulnerability in OpenClaw, an open-source AI assistant, that allows an attacker to execute remote code with a single click. By exploiting logic flaws in the app's code, the attacker can hijack user data and bypass security measures. Users are urged to update to the latest version to protect against this exploit.

This article details a critical security flaw in n8n, an open-source workflow automation tool, that allowed attackers to execute arbitrary commands. It outlines how a prior security patch was bypassed due to a misunderstanding of TypeScript's type enforcement and highlights the implications for developers relying on such frameworks for security.

A remote code execution vulnerability affects specific versions of React and frameworks like Next.js using the App Router. Users of Next.js versions 15.x and 16.x need to update to patched versions immediately to mitigate the risk. Experimental canary releases starting from 14.3.0-canary.77 are also impacted.

The article reveals a vulnerability in Microsoft's Update Health Tools that allowed remote code execution through abandoned Azure storage blobs. Researchers exploited this flaw by monitoring HTTP requests and discovered that many devices were at risk due to misconfigurations. Microsoft has since addressed the issue after responsible disclosure.

Two serious vulnerabilities in the n8n automation platform could let attackers fully compromise instances and execute arbitrary code. The flaws, CVE-2026-1470 and CVE-2026-0863, allow unauthorized access despite requiring user authentication, with fixes available in recent software updates.

This article examines a critical pre-authentication remote code execution vulnerability in SmarterMail, assigned CVE-2025-52691. It discusses the timeline of the vulnerability's discovery and patch, along with technical details about how the flaw allows unauthenticated file uploads through an API endpoint.

A severe zero-click vulnerability in Claude Desktop Extensions allows attackers to take control of users' computers via malicious Google Calendar invites. This flaw affects over 10,000 users, enabling remote code execution without any user interaction.

CVE-2025-55182 is a serious remote code execution flaw in React Server Components that allows attackers to execute arbitrary code via a single malicious HTTP request. Both Windows and Linux environments are affected, with exploitation attempts involving coin miners and other malware. Immediate action is needed to patch vulnerable systems and enhance security measures.

BeyondTrust has issued a warning about a serious security vulnerability in its Remote Support and Privileged Remote Access software that allows attackers to execute arbitrary code without authentication. The flaw, tracked as CVE-2026-1731, affects multiple versions and could lead to significant system compromises. Users are urged to update their software to mitigate risks.

Researchers exploited a vulnerability in CodeRabbit, an AI code review tool, allowing them to achieve remote code execution (RCE) and gain read/write access to 1 million repositories. The exploitation involved creating a malicious pull request that leveraged a flaw in the integration of external static analysis tools, leading to the leakage of sensitive API tokens and secrets. CodeRabbit quickly remediated the vulnerabilities after disclosure, enhancing their security measures in response.

A long-standing deserialization vulnerability in SnakeYAML, which allowed for remote code execution in Java applications, was finally addressed after years of community discussion and a pivotal conversation between a security researcher and the library's maintainer. The change led to SnakeYAML 2.0 adopting secure defaults, preventing unsafe instantiation of classes from YAML tags unless explicitly configured. This shift highlights the importance of secure design in libraries and the need for developers to be aware of potential risks.

A critical remote code execution vulnerability (CVE-2025-30065) has been found in all versions of Apache Parquet up to 1.15.0, allowing attackers to exploit specially crafted Parquet files for malicious purposes. Users are urged to upgrade to version 1.15.1 to mitigate the risk, which is particularly significant for big data environments and analytics systems that rely on Parquet files. Although no active exploitation has been reported yet, the potential for severe impact remains high due to the widespread use of this format.

Citrix has addressed three vulnerabilities in its NetScaler ADC and Gateway, including a critical remote code execution flaw (CVE-2025-7775) that is being actively exploited. Users are urged to update their firmware as there are no available mitigations for the vulnerability. Additional vulnerabilities related to memory overflow and improper access control have also been identified and patched.

A security researcher discovered a significant remote code execution (RCE) vulnerability in ASUS's DriverHub software, which could be exploited due to inadequate origin checks in its RPC communication. The researcher detailed the exploit chain that could allow malicious code execution through ASUS-signed executables, ultimately leading to a successful report and patch from ASUS.