remote code execution

Microsoft pushed its September 2025 monthly security updates on Patch Tuesday, delivering a broad set of fixes that address dozens of vulnerabilities across Windows client, server, and Microsoft server products — including multiple emergency severity fixes for remote code execution and a...

Executive Summary Microsoft has released a security update addressing a new heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS), tracked as CVE-2025-54113. The flaw could allow remote code execution (RCE) if exploited, and administrators are strongly urged to patch...

Microsoft’s High Performance Compute (HPC) Pack is under scrutiny after a reported deserialization vulnerability that — if the technical description is accurate — would allow an attacker to execute arbitrary code over a networked HPC cluster; however, the specific identifier CVE-2025-55232 could...

Microsoft’s Security Response Center has published an advisory for CVE-2025-54907, describing a heap-based buffer overflow in Microsoft Office Visio that can allow an unauthorized attacker to execute code in the context of the user who opens a malicious file. This is a document‑parser...

A newly disclosed Microsoft Excel vulnerability tracked as CVE-2025-54902 is an out‑of‑bounds read flaw in Excel’s file‑parsing logic that Microsoft warns could allow an attacker to achieve code execution on a targeted machine when a user opens a specially crafted spreadsheet, and organizations...

Microsoft’s advisory identifies CVE-2025-54101 as a use‑after‑free vulnerability in the Windows SMBv3 Client that can be triggered over a network and may allow an attacker to execute arbitrary code in the context of the affected process. This is a serious client‑side remote code execution (RCE)...

Honeywell’s OneWireless Wireless Device Manager (WDM) has been the subject of a high-severity coordinated disclosure: multiple vulnerabilities in the Control Data Access (CDA) component allow remote attackers to cause information disclosure, denial-of-service, and, in the worst cases, remote...

CISA has added CVE-2025-57819 — an authentication‑bypass and SQL‑injection chain that can lead to remote code execution in Sangoma FreePBX — to its Known Exploited Vulnerabilities (KEV) Catalog, citing evidence of active exploitation and urging immediate remediation. Background FreePBX is a...

The Indian government’s cybersecurity arm has issued a high-severity alert advising organisations and individuals to urgently address a batch of patched—but still dangerous—vulnerabilities across multiple Microsoft products, including Microsoft Edge (Chromium-based), Windows Server storage...

CISA has added a critical Citrix NetScaler vulnerability — CVE-2025-7775 — to its Known Exploited Vulnerabilities (KEV) Catalog after evidence of active exploitation, prompting an urgent patch-and-verify cycle for NetScaler ADC and NetScaler Gateway operators worldwide. Background CVE-2025-7775...

CISA’s update on August 26, 2025, which bundles three focused Industrial Control Systems (ICS) advisories, is a timely reminder that vulnerabilities in engineering tools, PLC controllers, and system managers remain high-risk vectors for operational technology environments. The agency published...

Microsoft’s Security Response Center has published an advisory for CVE-2025-55231 describing a race‑condition vulnerability in the Windows storage management stack that, according to the vendor entry, can be abused to achieve remote code execution — a high‑impact outcome that requires immediate...

The Indian Computer Emergency Response Team (CERT-In) on 18 August 2025 issued a high‑risk advisory warning that multiple critical vulnerabilities across Microsoft’s product portfolio place millions of Windows and Office users in India — from home desktops to enterprise Azure deployments — at...

Cisco has pushed an urgent patch for a maximum‑severity remote code execution flaw in its Secure Firewall Management Center (FMC) software that allows an unauthenticated attacker to inject and execute arbitrary shell commands on affected appliances when RADIUS authentication is enabled for...

A race condition in V8, tracked as CVE‑2025‑8880, was disclosed by the Chromium team and fixed upstream in Chrome Stable — the flaw could allow a remote attacker to execute code inside the browser sandbox via a crafted webpage, and Chromium-based browsers (including Microsoft Edge) are advised...

Rockwell Automation’s Micro800 line of programmable logic controllers (PLCs) has been the subject of a high-severity U.S. Cybersecurity and Infrastructure Security Agency (CISA) advisory republished on August 14, 2025, warning that multiple remotely exploitable vulnerabilities tied to Azure RTOS...

CISA’s latest update places three long‑standing and newly discovered flaws squarely in the crosshairs of enterprise defenders, adding CVE‑2013‑3893 (Internet Explorer), CVE‑2007‑0671 (Microsoft Excel), and CVE‑2025‑8088 (WinRAR) to the agency’s Known Exploited Vulnerabilities (KEV) Catalog on...

The identifier CVE-2025-49712 does not appear in any public, authoritative advisory or vulnerability database at this time; the single URL you supplied resolves to Microsoft’s update guide infrastructure but returns no accessible content without JavaScript, and independent searches for...

Microsoft’s Security Update Guide lists CVE-2025-53783 as a heap-based buffer overflow in Microsoft Teams that “allows an unauthorized attacker to execute code over a network,” but the advisory page requires JavaScript and cannot be fully scraped by some automated tools; independent indexing of...

Microsoft’s own Security Update Guide lists a new vulnerability tracked as CVE-2025-53766, described as a heap-based buffer overflow in GDI+ that could allow remote code execution over a network, but independent public records and third‑party databases were not uniformly available at the time of...