Technology ❯ Cybersecurity ❯ Vulnerabilities

Remote Code Execution

React2Shell React Server Components Microsoft SharePoint Critical Vulnerabilities CVE-2025-55182 F5 BIG-IP APM CVE-2025-10035 WatchGuard Firebox Security Patches CVE-2025-21043

Belgium Says Critical Windows Netlogon Flaw Is Being Actively Exploited

The bug allows unauthenticated attackers to run code on domain controllers and could enable rapid compromise of entire Windows domains.

Attackers Use FortiClient EMS Bug to Push Infostealer to Managed Endpoints

Microsoft Patches High-Severity SharePoint Deserialization RCE

CISA Adds Actively Exploited Microsoft Exchange Zero-Day to KEV Catalog

Microsoft’s May Patch Tuesday Fixes About 137 Flaws With No Zero-Days

Fortinet Patches Critical Flaws Allowing Unauthenticated RCE in FortiSandbox and FortiAuthenticator

Ivanti Patches EPMM Zero‑Day Under Active Exploitation as CISA Orders Fix by May 10

Google Patches Critical Android Zero-Click Flaw in Wireless ADB

Google Patches Critical Gemini CLI RCE That Threatened CI/CD Workflows

GitHub Patches Critical Git Push RCE as Wiz Warns Most Enterprise Servers Remain Exposed

Microsoft’s April Patch Tuesday Fixes Exploited SharePoint Zero-Day and 160-Plus Flaws

Marimo RCE Exploited Within Hours of Disclosure

Apache ActiveMQ Classic RCE Patched After AI-Assisted Discovery

Flowise CVSS 10 Flaw Now Exploited in the Wild as 12,000+ Instances Remain Exposed

F5 Reclassifies BIG-IP APM Bug as Critical RCE as In‑the‑Wild Attacks Unfold

CISA Lists F5 BIG-IP APM Flaw as Actively Exploited RCE, Sets March 30 Patch Deadline

Oracle Issues Emergency Patch for Critical RCE in Identity Manager and Web Services Manager

CISA Flags Cisco Firewall Zero-Day Exploited by Interlock, Sets March 22 Patch Deadline

CISA Flags SharePoint, Zimbra Flaws as Actively Exploited, Sets Rapid Federal Patching Deadlines

CISA Adds Actively Exploited Wing FTP Flaw to KEV With March 30 Fix Deadline