Technology ❯ Cybersecurity ❯ Vulnerabilities

Remote Code Execution

React2Shell React Server Components CVE-2025-55182 F5 BIG-IP APM CVE-2025-10035 Microsoft SharePoint Security Patches WatchGuard Firebox Insecure Deserialization CVE-2025-21043

GitHub Discloses Critical Git Push RCE and Releases GHES Patches

GitHub says it fixed the flaw in March with no sign of abuse.

Microsoft’s April Patch Tuesday Fixes Exploited SharePoint Zero-Day and 160-Plus Flaws

Marimo RCE Exploited Within Hours of Disclosure

Apache ActiveMQ Classic RCE Patched After AI-Assisted Discovery

Flowise CVSS 10 Flaw Now Exploited in the Wild as 12,000+ Instances Remain Exposed

F5 Reclassifies BIG-IP APM Bug as Critical RCE as In‑the‑Wild Attacks Unfold

CISA Lists F5 BIG-IP APM Flaw as Actively Exploited RCE, Sets March 30 Patch Deadline

Oracle Issues Emergency Patch for Critical RCE in Identity Manager and Web Services Manager

CISA Flags Cisco Firewall Zero-Day Exploited by Interlock, Sets March 22 Patch Deadline

CISA Flags SharePoint, Zimbra Flaws as Actively Exploited, Sets Rapid Federal Patching Deadlines

CISA Adds Actively Exploited Wing FTP Flaw to KEV With March 30 Fix Deadline

CISA Puts Actively Exploited n8n RCE on KEV, Orders Federal Patching by March 25

Exploit-Driven Hacks Overtake Credential Abuse in Cloud Breaches, Google Warns

CISA Adds VMware Aria Operations RCE to KEV With Federal Fix Due March 24

Google Releases March Android Security Patches, Confirms Active Qualcomm 0‑Day

Zyxel Patches Critical UPnP Flaw Enabling Remote Code Execution Across Many Routers

Researchers Expose Critical Flaws in Popular VS Code Extensions Downloaded Over 125 Million Times

BeyondTrust Pre-Auth RCE Is Now Being Exploited in the Wild

Microsoft Patches High-Severity Notepad Markdown Flaw as Store Update Rolls Out

BeyondTrust Patches Critical Pre-Auth RCE in Remote Access Tools