Windows Netlogon RCE exploited, domain controllers at risk (CVE-2026-41089)
CVE-2026-41089, a critical Windows Netlogon RCE flaw that allows remote code execution, is now actively exploited in the wild, the Centre for Cybersecurity B...
MITRE ATT&CK Mapping
Articles mapped to MITRE ATT&CK techniques. Select a technique to view matching articles.
T1190 — Exploit Public-Facing Application (Initial Access)
Clear filter256 articles found
Critical Magento Cache Plugin Vulnerability Enables Remote Code Execution Attacks
A critical security vulnerability in a widely used Magento extension is exposing thousands of online stores to remote code execution (RCE) attacks. The vulne...
CVE-2026-0826: Critical unauthenticated stack buffer overflow in HP Poly VVX and Trio VoIP Phones (FIXED)
Overview Rapid7 Labs conducted a zero-day research project against an HP Poly VVX 450 Voice over Internet Protocol (VoIP) phone. This research resulted in th...
Flowise’s MCP implementation can run ghost commands
Enterprises using the lightweight, open-source Flowise platform to power self-hosted AI workloads have a new near-max severity issue to worry about. Research...
Gogs Zero-Day Exposes Servers to Remote Code Execution
The critical-severity issue, assigned a CVSS score of 9.4, is an argument injection flaw that can be exploited by authenticated attackers via pull requests w...
Chrome 148 Update Patches 151 Vulnerabilities
The browser update resolves critical-severity security defects that could potentially lead to remote code execution. The post Chrome 148 Update Patches 151 V...
New Gogs 0-Day Flaw Enables Remote Code Execution on Servers
A new 0-day vulnerability in Gogs, a popular self-hosted Git service, allows authenticated users to run arbitrary commands on the server and potentially take...
[remote] Wing FTP Server 8.1.3 - Authenticated Remote Code Execution
Wing FTP Server 8.1.
[webapps] MixPHP Framework 2.2.17 - Unsafe Deserialization Remote Code Execution
MixPHP Framework 2.2.
[webapps] Langflow 1.3.0 - Remote Code Execution
Langflow 1.3.
[webapps] Quick Playground for WordPress 1.3.1 - Unauthenticated Remote Code Execution
Quick Playground for WordPress 1.3.
Critical Gogs RCE Vulnerability Lets Any Authenticated User Execute Arbitrary Code
A critical security vulnerability has been disclosed in Gogs, a popular open-source self-hosted Git service, that allows an authenticated user to execute arb...
CVE-2026-35616: FortiClient EMS Flaw Actively Exploited in Malware Attacks
A critical FortiClient Endpoint Management Server (EMS) vulnerability patched in April has been exploited in fresh attacks to deploy information-stealing mal...
New Gogs zero-day flaw lets hackers get remote code execution
An unpatched zero-day vulnerability in the Gogs self-hosted Git service can allow attackers to gain remote code execution (RCE) on Internet-facing instances. [.
Hackers Pivot from marimo RCE to Internal Database Using LLM Agent
A newly observed intrusion demonstrates how attackers are replacing static playbooks with AI-driven agents that adapt in real time. The attack began on May 1...
Authenticated RCE via Argument Injection in Gogs (NOT FIXED)
Overview Rapid7 Labs discovered a critical argument injection (CWE-88) vulnerability in Gogs, a popular open-source self-hosted Git service. Rapid7 Labs scor...
Critical Notepad++ Flaw Could Enable Remote Code Execution Attacks
Notepad++ has released version 8.9.
Microsoft SharePoint Has a New RCE Flaw. If You Haven’t Patched Yet, Go Do That.
A critical vulnerability, tracked as CVE-2026-45659, in Microsoft SharePoint can allow attackers to achieve remote code execution with little effort. Microso...
Microsoft SharePoint Server Flaw Enables Remote Code Execution Attacks
Microsoft has disclosed a critical security vulnerability in SharePoint Server that could allow attackers to execute arbitrary code remotely, raising signifi...
[webapps] scramble - Remote Code Execution
scramble - Remote Code Execution