The Hacker News

Critical Grist-Core Vulnerability Allows RCE Attacks via Spreadsheet Formulas

A critical Grist-Core flaw (CVE-2026-24002, CVSS 9.1) allows remote code execution through malicious formulas when Pyodide ...
CSOonline

Remote code execution exploit chain available for VMware vRealize Log Insight

Researchers found four vulnerabilities in vRealize Log Insight that were relatively non-threatening on their own but lead to significant compromise when used together. VMware published patches last ...

This WebUI vulnerability allows remote code execution - here's how to stay safe

Popular AI interface was plagued by an 8/10 bug, but a fix is now available.
Bleeping Computer

Zerodium triples WordPress remote code execution exploit payout

Zerodium has announced today an increased interest in exploits for the WordPress content management system that achieve remote code execution. The exploit acquisition platform is now enticing exploit ...

Cisco fixes Unified Communications RCE zero day exploited in attacks

Cisco has fixed a critical Unified Communications and Webex Calling remote code execution vulnerability, tracked as ...
techtimes

Microsoft Releases Patches For Zero-Day Exploits, Remote Code Execution Vulnerabilities, and More

Microsoft has addressed several fixes for zero-day flaws and other vulnerabilities on Tuesday, Dec. 14 for its last round of patches before the year ends. The tech giant indicated that it has solved ...
Searchenginejournal.com

WordPress Elementor Plugin Remote Code Execution Vulnerability

A vulnerability was discovered in Elementor, starting with version 3.6.0, that allows an attacker to upload arbitrary code and stage a full site takeover. The flaw was introduced through a lack of ...
The Hacker News

Fortinet Fixes Critical FortiSIEM Flaw Allowing Unauthenticated Remote Code Execution

Fortinet patches a critical FortiSIEM vulnerability (CVE-2025-64155) that allows unauthenticated remote code execution via ...

Steam Game Devs Call Exploit Allegations ‘Clickbait Exaggeration’ And ‘Malicious Defamation’

As of this writing, the game is currently sitting at a “Very Positive” review score on Steam, having amassed roughly 1,876 reviews and, according to VG Insights, over 113,000 individual purchases.
ZDNet

Microsoft adds second CVE for PrintNightmare remote code execution

What you think you know as PrintNightmare, might not be what Microsoft refers to, or then again it might. During the week, PrintNightware, a critical Windows print spooler vulnerability that allowed ...
Digital Journal

Microsoft’s SharePoint server remote code execution zero-day vulnerability

Microsoft has released its August 2025 Patch package, a cumulative set of updates addressing more than 100 vulnerabilities across a host of its products. Microsoft’s SharePoint Server Remote Code ...
CSOonline

Microsoft demonstrates remote code execution exploit against PLCs that support CODESYS

Researchers from Microsoft have demonstrated how programmable logic controllers (PLCs) that support the CODESYS runtime can be taken over by exploiting high-severity remote code execution (RCE) ...