Skip to content
The Nexus
DossierENTITY

remote code execution

Coverage of remote code execution in the Nexus archive.

Earliest in view: Apr 6 · 23:03 UTCMost recent: Jul 2 · 05:46 UTC
Co-mentioned in this coverage
Recent coverage
  • SECURITYJul 2 · 05:46 UTCTHE HACKER NEWS
    SharePoint RCE CVE-2026-45659 Added to CISA KEV After Active Exploitation

    CISA added a high-severity remote code execution vulnerability (CVE-2026-45659) in Microsoft SharePoint Server to its Known Exploited Vulnerabilities catalog due to active exploitation. The flaw, rated with a CVSS score of 8.8, stems from deserialization of untrusted data.

  • SECURITYJun 19 · 05:33 UTCCOINTELEGRAPH
    Microsoft warns users of 'Crypto Clipper' malware spread via USB drives

    Microsoft has warned users about 'Crypto Clipper' malware distributed through USB drives. The malware combines data theft with remote code execution, transforming a financially motivated stealer into a lightweight backdoor.

  • SECURITYJun 12 · 09:50 UTCTHE HACKER NEWS
    LangGraph Flaw Chain Exposes Self-Hosted AI Agents to Remote Code Execution

    Cybersecurity researchers disclosed three patched security flaws in LangGraph, an open-source framework by LangChain for building AI agents, including a critical vulnerability chain that could lead to remote code execution.

  • SECURITYJun 8 · 16:18 UTCBLEEPING COMPUTER
    Gogs patches critical zero-day enabling remote code execution

    Gogs has patched a critical zero-day security flaw that could allow attackers to execute remote code and access repositories, including private ones, on Internet-facing instances.

  • SECURITYJun 8 · 15:51 UTCBLEEPING COMPUTER
    Critical UniFi OS bug lets hackers gain root without authentication

    A critical bug in Ubiquiti UniFi OS allows hackers to gain root access without authentication by chaining three fixed vulnerabilities. Attackers can execute remote code with elevated privileges through this exploit.

  • SECURITYJun 5 · 08:38 UTCTHE HACKER NEWS
    Hackers Exploit Critical Everest Forms Pro WordPress Plugin Flaw to Take Over Sites

    Threat actors are exploiting a critical remote code execution vulnerability (CVE-2026-3300) in Everest Forms Pro, a WordPress plugin with 4,000 active installations, leading to site compromises. The vulnerability affects all versions up to 1.9.12.

  • SECURITYMay 28 · 17:24 UTCTHE HACKER NEWS
    Critical Gogs RCE Vulnerability Lets Any Authenticated User Execute Arbitrary Code

    A critical remote code execution (RCE) vulnerability has been disclosed in Gogs, an open-source self-hosted Git service, allowing authenticated users to execute arbitrary code. The flaw is rated 9.4 on the CVSS scoring system and currently lacks a CVE identifier.

  • SECURITYMay 28 · 14:25 UTCBLEEPING COMPUTER
    New Gogs zero-day flaw lets hackers get remote code execution

    A new zero-day vulnerability in the Gogs self-hosted Git service allows attackers to achieve remote code execution on internet-facing instances. The flaw remains unpatched, posing a security risk.

  • SECURITYMay 26 · 11:49 UTCTHE HACKER NEWS
    Microsoft Patches SharePoint RCE Flaw CVE-2026-45659 Across Server Versions

    Microsoft has released patches to address a critical remote code execution vulnerability (CVE-2026-45659) in SharePoint with a CVSS score of 8.8. The flaw, which could be exploited without specialized conditions, is classified as important severity.

  • SECURITYMay 22 · 12:00 UTCBLEEPING COMPUTER
    Ubiquiti patches three max severity UniFi OS vulnerabilities

    Ubiquiti has released security updates addressing three maximum severity vulnerabilities in UniFi OS that can be exploited by remote attackers without requiring special privileges. These patches are critical for protecting UniFi infrastructure from unauthorized remote access.

  • SECURITYMay 21 · 18:13 UTCBLEEPING COMPUTER
    Google accidentally exposed details of unfixed Chromium flaw

    Google accidentally disclosed details about an unfixed security vulnerability in Chromium that allows JavaScript to execute in the background after the browser is closed, enabling remote code execution on affected devices. The leaked information about this critical flaw poses a significant security risk to users until a patch is developed and released.

  • SECURITYMay 14 · 15:43 UTCBLEEPING COMPUTER
    18-year-old NGINX vulnerability allows DoS, potential RCE

    An 18-year-old vulnerability in NGINX allows denial of service and potential remote code execution under certain conditions. The flaw was discovered using an autonomous scanning system. This vulnerability can be exploited for malicious purposes.

  • SECURITYApr 29 · 19:32 UTCDARK READING
    AI Finds 38 Security Flaws in Electronic Health Record Platform

    AI discovered 38 security flaws in OpenEMR's electronic health record platform, which is used by over 100,000 healthcare providers. The vulnerabilities allowed database compromise, remote code execution, and data theft.

  • SECURITYApr 29 · 12:41 UTCBLEEPING COMPUTER
    GitHub fixes RCE flaw that gave access to millions of private repos

    GitHub patched a critical remote code execution vulnerability (CVE-2026-3854) in early March that could have allowed attackers to access millions of private repositories. The flaw, if exploited, would have exposed sensitive code and data stored in private GitHub projects.

  • SECURITYApr 28 · 18:19 UTCTHE HACKER NEWS
    Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push

    Cybersecurity researchers discovered a critical remote code execution (RCE) vulnerability in GitHub.com and GitHub Enterprise Server, tracked as CVE-2026-3854 (CVSS score: 8.7). The flaw allows authenticated users with push access to exploit a command injection vulnerability via a single 'git push' command.

  • SECURITYApr 28 · 16:15 UTCHACKER NEWS
    GitHub RCE Vulnerability: CVE-2026-3854 Breakdown

    A critical Remote Code Execution (RCE) vulnerability, CVE-2026-3854, was disclosed in GitHub, allowing attackers to execute arbitrary code. The flaw, detailed in a Wiz.io blog post, has sparked discussion on Hacker News with 11 comments and 23 upvotes.

  • SECURITYApr 21 · 15:29 UTCDARK READING
    Surge in Bomgar RMM Exploitation Demonstrates Supply Chain Risk

    A critical remote code execution flaw (CVE-2026-1731) in Bomgar RMM has led to a surge in exploitation attempts, enabling ransomware attacks and supply chain compromises. The vulnerability highlights significant risks in remote monitoring and management tools.

  • SECURITYApr 20 · 17:14 UTCTHE HACKER NEWS
    SGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model Files

    A critical security vulnerability, CVE-2026-5760, in SGLang allows remote code execution via malicious GGUF model files. The flaw, with a CVSS score of 9.8, stems from command injection and affects the high-performance open-source serving framework.

  • SECURITYApr 12 · 14:20 UTCBLEEPING COMPUTER
    Critical Marimo pre-auth RCE flaw now under active exploitation

    A critical pre-authentication remote code execution (RCE) vulnerability in Marimo is being actively exploited for credential theft. The flaw allows attackers to execute arbitrary code without prior authentication, posing significant security risks.

  • SECURITYApr 12 · 04:25 UTCTHE HACKER NEWS
    Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621

    Adobe has released emergency updates to address a critical security flaw in Acrobat Reader (CVE-2026-34621) that is being actively exploited. The vulnerability, rated 8.6 on the CVSS scale, could allow attackers to execute malicious code on affected systems.

  • SECURITYApr 10 · 07:37 UTCTHE HACKER NEWS
    Marimo RCE Flaw CVE-2026-39987 Exploited Within 10 Hours of Disclosure

    A critical remote code execution vulnerability (CVE-2026-39987) in Marimo, a Python data science notebook, was exploited within 10 hours of disclosure. The flaw affects all versions up to a specific release and was identified by Sysdig with a CVSS score of 9.3.

  • SECURITYApr 8 · 17:26 UTCBLEEPING COMPUTER
    13-year-old bug in ActiveMQ lets hackers remotely execute commands

    A critical remote code execution vulnerability in Apache ActiveMQ Classic, undetected for 13 years, allows hackers to execute arbitrary commands remotely. Security researchers have identified the flaw, raising concerns about potential exploitation of the outdated system.

  • SECURITYApr 7 · 22:03 UTCBLEEPING COMPUTER
    Hackers exploit critical flaw in Ninja Forms WordPress plugin

    A critical vulnerability in the Ninja Forms File Uploads premium add-on for WordPress allows unauthenticated arbitrary file uploads, enabling remote code execution. The flaw poses a significant security risk to WordPress users.

  • SECURITYApr 7 · 17:02 UTCBLEEPING COMPUTER
    Max severity Flowise RCE vulnerability now exploited in attacks

    A critical vulnerability (CVE-2025-59528) in Flowise, an open-source platform for building LLM apps and agentic systems, is being exploited by hackers to execute arbitrary code. The vulnerability, classified as maximum severity, poses a significant security risk.

  • SECURITYApr 6 · 23:03 UTCTHE REGISTER
    AI agents found vulns in this popular Linux and Unix print server

    A security researcher and AI agents discovered two vulnerabilities in the CUPS print server, allowing unauthenticated remote code execution and root access. The flaws could enable attackers to overwrite files and execute arbitrary code on affected systems.

remote code execution · Dossier · The Nexus