Everest Forms Pro Vulnerability Allows Remote Code Execution on WordPress Sites
Critical Everest Forms Pro RCE flaw exploited to create rogue WordPress admin accounts
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Critical Everest Forms Pro RCE flaw exploited to create rogue WordPress admin accounts
Obsidian publishes PoC for a 1-click Flowise RCE that can fully compromise self-hosted servers
Attackers rapidly exploited a critical Oracle WebLogic RCE flaw the same day exploit code was released, according to a CloudSEK honeypot study
Security researchers from LayerX identified a new flaw in 50 Claude Desktop Extensions that could lead to unauthorized remote code execution
Flaws in GitHub Codespaces allow RCE via crafted repositories or pull requests
Two critical security flaws in n8n have exposed sandboxing vulnerabilities, enabling remote code execution for attackers
A high-severity security flaw in the Gogs Git service is being actively exploited, leading to remote code execution
A critical RCE flaw in React.js, dubbed React2Shell (CVE-2025-55182), has been disclosed with a maximum CVSS score of 10.0, posing severe risks for server-side implementations
Flaws in Windows Graphics Device Interface (GDI) have been identified that allow remote code execution and information disclosure
A critical out-of-bounds write flaw (CVE-2025-9242) in WatchGuard Fireware OS could allow remote code execution
The vulnerability, dubbed SessionReaper, allows customer account takeover and unauthenticated remote code execution
A critical flaw in SAP NetWeaver AS Java is being widely exploited, allowing unauthenticated remote code execution
Cisco has issued a software update to address the vulnerability, which can allow an unauthenticated, remote attacker to inject arbitrary shell commands
Trend Micro has released a temporary fix for the flaws, which enable remote code execution on on-prem Apex One machines
WatchTowr has found three vulnerabilities in the Sitecore Experience Platform, used by HSBC and L’Oréal
Mandiant warned that Chinese espionage actor UNC5221 is actively exploiting a critical Ivanti vulnerability, which can lead to remote code execution
Attackers are actively exploiting an RCE flaw in Windows PHP-CGI implementations to target Japanese firms, deploying Cobalt Strike for persistence
A flaw in the Jupiter X Core plugin has been identified, allowing upload of malicious SVG files and remote code execution on vulnerable servers
Critical Fancy Product Designer plugin flaws risk remote code execution and SQL injection attacks on WordPress sites
watchTowr has found a flaw in Citrix’s Session Recording Manager that can be exploited to enable unauthenticated RCE against Citrix Virtual Apps and Desktops