Tag: remote code execution

One-Click RCE in Azure Windows Admin Center: what happened and what you need to do

Azure, Cybersecurity, Microsoft, Server and Virtualisation Leave a comment
One-Click RCE in Azure Windows Admin Center: what happened and what you need to do

Windows Admin Center (WAC) is a convenient, browser-based management hub for administrators to manage servers, clients, and clusters from a centralized interface. A recent Cymulate Research Labs disclosure describes a critical chain of flaws that let an attacker achieve unauthenticated, one-click remote code execution (RCE) against both Azure-integrated and on-premises WAC deployments. The exploit requires little user interaction—a maliciously crafted

Continue

ActiveMQ broker RCE tied to CVE-2026-34197: what admins need to know

Cybersecurity, Hacking and Exploits Leave a comment
ActiveMQ broker RCE tied to CVE-2026-34197: what admins need to know

A long-standing flaw in Apache ActiveMQ has resurfaced as a serious concern for administrators. The issue—listed on CISA’s Known Exploited Vulnerabilities (KEV) list under entry 46604—enables unauthenticated remote command execution via the broker port. Although CVE-2026-34197 is not yet reported as being widely exploited in the wild, researchers examining broker logs say there are clear indicators that attackers have attempted

Continue

Critical RCE in Ninja Forms File Upload Exposes ~50,000 WordPress Sites

Cybersecurity, Hacking and Exploits, Server and Virtualisation, Web Development Leave a comment
Critical RCE in Ninja Forms File Upload Exposes ~50,000 WordPress Sites

A recently disclosed vulnerability in the popular Ninja Forms “File Upload” addon has placed roughly 50,000 WordPress sites at risk of full takeover. Tracked as CVE-2026-0740 and carrying a CVSS score of 9.8, the flaw allows unauthenticated arbitrary file uploads — a straightforward path to remote code execution (RCE) for attackers. Site owners who rely on the affected plugin must

Continue

Oracle Issues Urgent Security Update for Critical RCE in Identity Manager and Web Services Manager

Cybersecurity, Hacking and Exploits, Server and Virtualisation Leave a comment
Oracle Issues Urgent Security Update for Critical RCE in Identity Manager and Web Services Manager

Oracle has released an out-of-band security alert to address a critical remote code execution vulnerability, tracked as CVE-2026-21992, affecting Oracle Identity Manager and Oracle Web Services Manager. With a CVSS 3.1 base score of 9.8 and no authentication required, this is a high-risk flaw that can be exploited remotely over HTTP with minimal complexity. Organizations running internet-facing Fusion Middleware components

Continue

Chrome Security Update Fixes 26 Vulnerabilities That Could Allow Remote Code Execution

Cybersecurity, Hacking and Exploits, Server and Virtualisation Leave a comment
Chrome Security Update Fixes 26 Vulnerabilities That Could Allow Remote Code Execution

Google’s latest Chrome security update is a reminder that even the world’s most scrutinized software still harbors dangerous flaws. In a single release, Chrome developers patched 26 vulnerabilities—three marked critical—that could let unauthenticated attackers run malicious code simply by getting a user to visit a crafted webpage. For anyone who uses Chrome, from casual browsers to enterprise fleets, this is

Continue

Hotpatch Alert: Microsoft Fixes Critical RRAS Remote-Execution Flaws in Windows 11

Cybersecurity, Hacking and Exploits, Microsoft, Server and Virtualisation Leave a comment
Hotpatch Alert: Microsoft Fixes Critical RRAS Remote-Execution Flaws in Windows 11

Microsoft issued an out-of-band hotpatch on March 13, 2026, to address a set of serious vulnerabilities in the Windows Routing and Remote Access Service (RRAS) management tool that affect Windows 11. The update, tracked as KB5084597 and aimed at OS builds 26200.7982 (25H2) and 26100.7982 (24H2), patches three CVEs that can allow a remote attacker to disrupt RRAS or execute

Continue