remote code execution

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to urgently remediate a critical Windows Server Update Services (WSUS) vulnerability — tracked as CVE-2025-59287 — after Microsoft released an emergency out‑of‑band patch and multiple security firms...

Microsoft has released an out‑of‑band emergency update to plug a critical remote‑code‑execution hole in Windows Server Update Services (WSUS), and federal and industry authorities warn the flaw — tracked as CVE‑2025‑59287 — is being actively exploited in the wild; immediate action is required...

Microsoft has pushed an emergency out‑of‑band patch to close a critical remote‑code‑execution flaw in Windows Server Update Services (WSUS) — tracked as CVE‑2025‑59287 — and federal and industry bodies are warning that attacks exploiting the bug are already underway, making immediate action...

Microsoft has released an out‑of‑band emergency update to patch a critical remote‑code‑execution vulnerability in Windows Server Update Services (WSUS) — tracked as CVE‑2025‑59287 — and administrators must treat every WSUS host as a top‑tier remediation priority until it is patched or safely...

Microsoft pushed an out‑of‑band emergency update on October 23, 2025 to fix a critical remote code execution vulnerability in Windows Server Update Services (WSUS), tracked as CVE‑2025‑59287, and administrators must treat WSUS hosts as a top‑tier remediation priority until every affected server...

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. Executive summary What happened: The Cybersecurity and Infrastructure Security Agency (CISA) added CVE‑2025‑54253 — a critical remote code‑execution...

Microsoft’s October Patch Tuesday delivers one of the largest security refreshes of the year, fixing a broad set of issues across Windows, Azure Entra, ASP.NET Core, SharePoint and related components — including two actively exploited local elevation-of-privilege zero-days and multiple critical...

A newly cataloged high-severity Windows vulnerability—CVE-2025-59295—has been published as a heap-based buffer overflow in Internet Explorer that can lead to remote code execution (RCE), and vendors and trackers assign it a CVSS 3.1 base score of 8.8. Early public records describe the flaw as a...

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent advisory on a critical remote code execution vulnerability in MegaSys’s Telenium Online web application, a network‑management platform widely used in telecommunications, energy and government environments; the flaw...

Hitachi Energy’s Service Suite is the subject of a high‑severity security advisory republished by vendor PSIRT and reflected in government guidance: a deserialization flaw tied to Oracle WebLogic (CVE‑2020‑2883) is implicated in the Service Suite advisory, and the combined risk profile is rated...

Title: CVE-2025-55319 — When Agentic AI Meets VS Code: How AI “agents” can open a path to remote code execution (and what developers must do now) Executive summary Microsoft’s Security Response Center lists CVE-2025-55319 as a vulnerability affecting agentic AI integrations and Visual Studio...

Siemens has published a high‑severity ProductCERT advisory (SSA‑722410) describing multiple remotely exploitable vulnerabilities in its User Management Component (UMC), including a stack‑based buffer overflow that Siemens scores as critical and three separate out‑of‑bounds read issues that can...

Microsoft pushed its September 2025 monthly security updates on Patch Tuesday, delivering a broad set of fixes that address dozens of vulnerabilities across Windows client, server, and Microsoft server products — including multiple emergency severity fixes for remote code execution and a...

Executive Summary Microsoft has released a security update addressing a new heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS), tracked as CVE-2025-54113. The flaw could allow remote code execution (RCE) if exploited, and administrators are strongly urged to patch...

Microsoft’s High Performance Compute (HPC) Pack is under scrutiny after a reported deserialization vulnerability that — if the technical description is accurate — would allow an attacker to execute arbitrary code over a networked HPC cluster; however, the specific identifier CVE-2025-55232 could...

Microsoft’s Security Response Center has published an advisory for CVE-2025-54907, describing a heap-based buffer overflow in Microsoft Office Visio that can allow an unauthorized attacker to execute code in the context of the user who opens a malicious file. This is a document‑parser...

A newly disclosed Microsoft Excel vulnerability tracked as CVE-2025-54902 is an out‑of‑bounds read flaw in Excel’s file‑parsing logic that Microsoft warns could allow an attacker to achieve code execution on a targeted machine when a user opens a specially crafted spreadsheet, and organizations...

Microsoft’s advisory identifies CVE-2025-54101 as a use‑after‑free vulnerability in the Windows SMBv3 Client that can be triggered over a network and may allow an attacker to execute arbitrary code in the context of the affected process. This is a serious client‑side remote code execution (RCE)...

Honeywell’s OneWireless Wireless Device Manager (WDM) has been the subject of a high-severity coordinated disclosure: multiple vulnerabilities in the Control Data Access (CDA) component allow remote attackers to cause information disclosure, denial-of-service, and, in the worst cases, remote...

CISA has added CVE-2025-57819 — an authentication‑bypass and SQL‑injection chain that can lead to remote code execution in Sangoma FreePBX — to its Known Exploited Vulnerabilities (KEV) Catalog, citing evidence of active exploitation and urging immediate remediation. Background FreePBX is a...