Two arbitrary code execution vulnerabilities in Notepad++ let local attackers run commands of their choice on Windows machines by tampering with the editor’s XML configuration files, with both flaws rated High at CVSS 7.8. The flaws, tracked as CVE-2026-48778 and CVE-2026-48800, affect every version of the editor up to and including 8.9.6, Notepad++ said in…
Tag: arbitrary
AI, Exploits, Global Security News
PHP Composer flaws enable remote command execution via Perforce VCS
Two high-severity flaws in PHP Composer could let attackers run arbitrary commands via malicious repository configs and crafted inputs affecting Perforce VCS. Two high-severity vulnerabilities in PHP Composer could allow attackers to execute arbitrary commands. PHP Composer is a dependency manager for PHP that helps developers install and manage libraries their projects need. By defining…
Global Security News
Critical Vulnerability in Ninja Forms Exposes WordPress Sites
Ninja Forms File Upload RCE via unauthenticated arbitrary file upload; update to 3.3.27 immediately
AI, Apps, Exploits, Global Security News, Network Security
Hackers exploit a critical Flowise flaw affecting thousands of AI workflows
Threat actors have found a way to inject arbitrary JavaScript into the Flowise low-code platform for building custom LLM and agentic systems. The code injection was possible due to a design oversight, rated at max-severity, in the platform’s custom MCP node, which acts as a plug-in connector for an application’s AI agent to talk to…
Global Security News
GIGABYTE Control Center vulnerable to arbitrary file write flaw
The GIGABYTE Control Center is vulnerable to an arbitrary file-write flaw that could allow a remote, unauthenticated attacker to access files on vulnerable hosts. […]
Global Security News
Patch Now: Oracle’s Fusion Middleware Has Critical RCE Flaw
Attackers can execute arbitrary code without authentication if Oracle’s Identity or Web Services Managers are exposed to the Web.
AI, Cybersecurity, Data Breaches, Exploits, Global Security News, Network Security, News, Risk Management, Threats
BeyondTrust Vulnerability Allows Pre-Auth Remote Code Execution
A vulnerability in BeyondTrust remote access products allows unauthenticated attackers to execute arbitrary operating system commands, potentially granting full control over affected systems. The flaw impacts BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) and carries a CVSS score of 9.9. “Successful exploitation requires no authentication or user interaction and may lead to system…
AI, Cybersecurity, Data Breaches, Exploits, Global Security News, Network Security, News, Risk Management, Threats
BeyondTrust Vulnerability Allows Pre-Auth Remote Code Execution
A vulnerability in BeyondTrust remote access products allows unauthenticated attackers to execute arbitrary operating system commands, potentially granting full control over affected systems. The flaw impacts BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) and carries a CVSS score of 9.9. “Successful exploitation requires no authentication or user interaction and may lead to system…
AI, CISA, Don't miss, Exploits, Global Security News, Hot stuff, News
CISA confirms exploitation of VMware ESXi flaw by ransomware attackers
CVE-2025-22225, a VMware ESXi arbitrary write vulnerability, is being used in ransomware campaigns, CISA confirmed on Wednesday by updating the vulnerability’s entry in its Known Exploited Vulnerabilities (KEV) catalog. Researchers linked VMware ESXi zero-day trio to single exploit toolkit Broadcom fixed CVE-2025-22225, CVE-2025-22224 (a heap overflow vulnerability) and CVE-2025-22226 (an information disclosure flaw) in VMware…