Tagged articles

60 articles

Page 1 of 1

May 16, 2026 · Information Security

A 18‑Year‑Old Nginx RCE Flaw Finally Exposed (CVE‑2026‑42945)

Depthfirst’s AI tool Rift uncovered a critical heap‑buffer‑overflow vulnerability (CVE‑2026‑42945) in Nginx’s ngx_http_rewrite_module that has been present for 18 years, allowing unauthenticated attackers to trigger denial‑of‑service or potential remote code execution, affecting versions 0.6.27‑1.30.0 and fixed in 1.30.1/1.31.0.

AI-assisted Vulnerability DiscoveryCVE-2026-42945Heap Buffer Overflow

0 likes · 5 min read

A 18‑Year‑Old Nginx RCE Flaw Finally Exposed (CVE‑2026‑42945)

21CTO

May 11, 2026 · Information Security

AI Uncovers 20-Year-Old Critical Vulnerabilities in PostgreSQL and MariaDB

An AI‑driven security tool discovered high‑severity, remote‑code‑execution flaws in PostgreSQL's pgcrypto extension and MariaDB's JSON schema validation, both dating back over two decades, prompting immediate patch releases and offering mitigation steps for unpatched deployments.

AI-driven AnalysisCVE-2026-2005MariaDB

0 likes · 6 min read

AI Uncovers 20-Year-Old Critical Vulnerabilities in PostgreSQL and MariaDB

Black & White Path

May 1, 2026 · Information Security

Deep Dive into cPanel/WHM Auth Bypass Vulnerability (CVE‑2026‑41940)

watchTowr Labs discovered a critical authentication bypass in all supported cPanel & WHM versions (CVE‑2026‑41940) that allows remote attackers to inject session files via crafted HTTP requests, gain root access, and has been observed in the wild; the article details the flaw, exploitation chain, impact, and mitigation steps.

Authentication BypassCVE-2026-41940Mitigation

0 likes · 13 min read

Deep Dive into cPanel/WHM Auth Bypass Vulnerability (CVE‑2026‑41940)

Black & White Path

Apr 18, 2026 · Information Security

iExploit Lab v1.0: $20K Dark‑Web iOS Exploit Tool Under Scrutiny

A dark‑web listing advertises iExploit Lab v1.0, a purported iOS 13‑17.2 exploit kit priced at $20,000, claiming remote code execution, sandbox escape, privilege escalation, and data theft via a C2 panel, though its authenticity remains unverified.

Remote Code Executiondark webexploit kit

0 likes · 2 min read

iExploit Lab v1.0: $20K Dark‑Web iOS Exploit Tool Under Scrutiny

Black & White Path

Apr 12, 2026 · Information Security

How Prototype Pollution in React Server Functions Enables Remote Code Execution (CVE‑2025‑55182)

The article analyzes the critical CVE‑2025‑55182 vulnerability affecting React Server Functions in Next.js, detailing how prototype‑pollution during serialization between server components and the client runtime allows attackers to inject __proto__ or constructor.prototype payloads and achieve remote code execution.

CVE-2025-55182Next.jsPrototype Pollution

0 likes · 2 min read

How Prototype Pollution in React Server Functions Enables Remote Code Execution (CVE‑2025‑55182)

Black & White Path

Apr 2, 2026 · Information Security

Zero‑Click RCE in Telegram: How a Malicious Animated Sticker Can Hijack Your Phone

Security researchers uncovered a CVSS 9.8 zero‑click vulnerability in Telegram that lets attackers execute code and fully control Android and Linux devices by sending a specially crafted animated sticker, and the flaw has been patched but requires immediate user updates.

AndroidRemote Code ExecutionTelegram

0 likes · 5 min read

Zero‑Click RCE in Telegram: How a Malicious Animated Sticker Can Hijack Your Phone

Lin is Dream

Mar 26, 2026 · Information Security

Detect and Fix the Critical Apifox Remote Code Execution Vulnerability

This article explains the high‑severity remote code execution and data‑theft flaw discovered in Apifox, outlines how malicious scripts can steal SSH keys, Git credentials and shell history, and provides step‑by‑step Mac and Windows commands for self‑inspection and comprehensive remediation.

ApifoxGitRemediation

0 likes · 7 min read

Detect and Fix the Critical Apifox Remote Code Execution Vulnerability

AI Insight Log

Mar 4, 2026 · Information Security

250k+ OpenClaw Instances Exposed Online – See If Yours Is on the Watchboard

An open‑source watchboard has catalogued over 250,000 publicly exposed OpenClaw AI agents, revealing common misconfigurations such as binding to 0.0.0.0, weak or missing authentication, and the CVE‑2026‑25253 RCE flaw, prompting concrete security recommendations for operators.

AI AgentCVE-2026-25253Exposure

0 likes · 8 min read

250k+ OpenClaw Instances Exposed Online – See If Yours Is on the Watchboard

Black & White Path

Feb 13, 2026 · Information Security

Critical Remote Command Execution Flaw in WeChat Linux 4.1.0.13 Impacts Major Chinese OSes, Skips HarmonyOS

A high‑severity (CVSS 8.8) command‑injection vulnerability in WeChat Linux client 4.1.0.13 allows an attacker to execute arbitrary shell commands by sending a file with a specially crafted name, affecting most Linux distributions and Chinese‑made operating systems while leaving HarmonyOS untouched.

Command InjectionLinuxRemote Code Execution

0 likes · 21 min read

Critical Remote Command Execution Flaw in WeChat Linux 4.1.0.13 Impacts Major Chinese OSes, Skips HarmonyOS

Black & White Path

Feb 9, 2026 · Information Security

How a One‑Click Flaw in OpenClaw Lets Attackers Steal the Master Key and Gain God‑Mode Access

A security analysis reveals that a high‑severity vulnerability in the open‑source AI assistant OpenClaw allows an attacker to steal the master authentication token and obtain unrestricted "god‑mode" control of the host through a single malicious link, and outlines the technical cause, attack chain, and mitigation steps.

AI Agent SecurityOpenClawRemote Code Execution

0 likes · 4 min read

How a One‑Click Flaw in OpenClaw Lets Attackers Steal the Master Key and Gain God‑Mode Access

Laravel Tech Community

Dec 10, 2025 · Information Security

Why 1Panel’s TLS Policy Lets Attackers Execute Remote Commands

The open‑source 1Panel Linux management panel suffered a remote command execution flaw because vulnerable versions used tls.RequireAnyClientCert, allowing self‑signed certificates with a forged CN to bypass verification, which was fixed by switching to tls.RequireAndVerifyClientCert and loading a trusted root CA.

1PanelCVE-2025-54424Remote Code Execution

0 likes · 3 min read

Why 1Panel’s TLS Policy Lets Attackers Execute Remote Commands

IT Services Circle

Dec 6, 2025 · Information Security

Critical RCE Vulnerability in React Server Components (CVE‑2025‑55182) – What You Must Patch Now

React’s Server Components contain a critical remote code execution flaw (CVE‑2025‑55182) with a CVSS score of 10.0, affecting versions 19.0.0‑19.2.0 and frameworks like Next.js, and the advisory provides detailed impact analysis, mitigation steps, and upgrade commands for affected stacks.

CVE-2025-55182Next.jsReact

0 likes · 7 min read

Critical RCE Vulnerability in React Server Components (CVE‑2025‑55182) – What You Must Patch Now

Tencent Technical Engineering

Jul 1, 2025 · Information Security

How Wukong AI Agent Uncovered a Critical RCE Vulnerability in LLaMA‑Factory (CVE‑2025‑53002)

This article details how the Wukong AI Agent automatically audited the popular LLaMA‑Factory project, discovered a high‑severity remote code execution vulnerability (CVE‑2025‑53002) caused by unsafe torch.load usage, reported it to the maintainers, and demonstrated the official fix that adds a secure weights_only flag.

AI securityCVE-2025-53002LLaMA-Factory

0 likes · 8 min read

How Wukong AI Agent Uncovered a Critical RCE Vulnerability in LLaMA‑Factory (CVE‑2025‑53002)

DevOps Operations Practice

Aug 18, 2024 · Information Security

Critical Windows TCP/IP Vulnerability (CVE‑2024‑38063) Allows Remote Code Execution via IPv6

Microsoft has disclosed a critical Windows TCP/IP stack vulnerability (CVE‑2024‑38063) with a CVSS 9.8 score that enables remote code execution through specially crafted IPv6 packets, is wormable, and can spread laterally across internal networks, prompting immediate patch installation or IPv6 disabling.

CVE-2024-38063IPv6Remote Code Execution

0 likes · 3 min read

Critical Windows TCP/IP Vulnerability (CVE‑2024‑38063) Allows Remote Code Execution via IPv6

Open Source Linux

Aug 16, 2024 · Information Security

Critical Windows IPv6 RCE Vulnerability (CVE‑2024‑38063): Risks & Fixes

A high‑severity Windows TCP/IP IPv6 vulnerability (CVE‑2024‑38063) allows unauthenticated remote attackers to trigger denial‑of‑service or execute arbitrary code on millions of systems, and Microsoft recommends immediate patching or temporary IPv6 disabling as mitigation.

CVE-2024-38063IPv6Remote Code Execution

0 likes · 9 min read

Critical Windows IPv6 RCE Vulnerability (CVE‑2024‑38063): Risks & Fixes

Liangxu Linux

Jun 30, 2024 · Information Security

How a Git Submodule & Symlink Trick Triggers Remote Code Execution (CVE‑2024‑32002)

An RCE vulnerability (CVE‑2024‑32002) in Git allows attackers to embed malicious hooks via a recursive submodule and a case‑insensitive symlink, so that cloning the repository executes arbitrary code such as launching the calculator, affecting Git versions up to 2.45.0 unless patched.

CVE-2024-32002Git HooksRemote Code Execution

0 likes · 10 min read

How a Git Submodule & Symlink Trick Triggers Remote Code Execution (CVE‑2024‑32002)

Java Tech Enthusiast

Jun 1, 2024 · Information Security

Git CVE-2024-32002 Remote Code Execution Vulnerability Analysis

The article examines Git CVE‑2024‑32002, a remote‑code‑execution flaw that lets attackers run malicious code simply by cloning a crafted repository, exploiting Git hooks, submodules and case‑insensitive symbolic‑link tricks, and advises users to verify their Git version and update to mitigate the risk.

CVE-2024-32002GitRCE

0 likes · 9 min read

Git CVE-2024-32002 Remote Code Execution Vulnerability Analysis

Java Architect Essentials

Nov 22, 2023 · Information Security

Apache ActiveMQ Remote Code Execution Vulnerability and Mitigation for JDK8/Docker Environments

The article explains the critical remote code execution vulnerability discovered in Apache ActiveMQ, lists the affected and safe versions, and provides practical mitigation steps—including upgrading, network restrictions, and a custom Docker image for JDK8 users—to protect systems from exploitation.

Apache ActiveMQDockerJDK8

0 likes · 4 min read

Apache ActiveMQ Remote Code Execution Vulnerability and Mitigation for JDK8/Docker Environments

Laravel Tech Community

Oct 29, 2023 · Information Security

Remote Code Execution Vulnerability in Apache ActiveMQ < 5.18.3 (Deserialization)

Apache ActiveMQ versions prior to 5.18.3 are vulnerable to a deserialization flaw that allows remote code execution via crafted OpenWire messages on port 61616, affecting various activemq-client and activemq-openwire-legacy artifacts, and can be mitigated by upgrading to 5.15.16, 5.16.7, 5.17.6, 5.18.3 or later.

Apache ActiveMQDeserializationMessaging Middleware

0 likes · 3 min read

Remote Code Execution Vulnerability in Apache ActiveMQ < 5.18.3 (Deserialization)

MaGe Linux Operations

Feb 11, 2023 · Information Security

How to Exploit and Patch the Apache Log4j2 Remote Code Execution Vulnerability

This article explains the Log4j2 vulnerability, demonstrates step‑by‑step exploitation using malicious payloads and LDAP servers, and provides practical mitigation measures including version upgrades and JVM configuration changes to protect Java applications.

Remote Code ExecutionSecurity PatchVulnerability Exploit

0 likes · 4 min read

How to Exploit and Patch the Apache Log4j2 Remote Code Execution Vulnerability

Laravel Tech Community

Jan 29, 2023 · Information Security

Git Security Vulnerabilities CVE-2022-41903 and CVE-2022-23521: Integer Overflows in Pretty Formatting and Gitattributes

Git released maintenance versions fixing critical security issues CVE-2022-41903 and CVE-2022-23521, which stem from integer overflows in the pretty formatting code and gitattributes parsing, potentially allowing arbitrary heap reads/writes and remote code execution via crafted git log formats or malicious .gitattributes files.

GitRemote Code Executioninteger overflow

0 likes · 3 min read

Git Security Vulnerabilities CVE-2022-41903 and CVE-2022-23521: Integer Overflows in Pretty Formatting and Gitattributes

Laravel Tech Community

Oct 18, 2022 · Information Security

Linux Kernel Remote Code Execution Vulnerability (CVE-2022-42721)

A remote code execution vulnerability (CVE-2022-42721) affecting Linux kernel versions 5.1 through 5.19.14 allows local attackers to inject malicious WLAN frames that corrupt the mac80211 BSS handling list, enabling execution of arbitrary code, and can be mitigated by upgrading to kernel 5.19.15 or later.

Remote Code ExecutionVulnerabilitycve-2022-42721

0 likes · 2 min read

Laravel Tech Community

Aug 29, 2022 · Information Security

Memory Safety Vulnerability in Firefox (CVE-2022-38478) and Fix Recommendations

A memory‑safety vulnerability (CVE‑2022‑38478) affecting Firefox 103, Firefox ESR 102.1 and 91.12 can leak sensitive data and enable arbitrary code execution, and users should upgrade to Firefox 104 or the latest ESR releases to mitigate the issue.

CVE-2022-38478FirefoxMemory Safety

0 likes · 3 min read

Memory Safety Vulnerability in Firefox (CVE-2022-38478) and Fix Recommendations

DevOps Cloud Academy

Jun 5, 2022 · Information Security

Critical Remote Code Execution Vulnerability CVE-2022-26134 in Atlassian Confluence – Description, Impact, and Mitigation Steps

Atlassian Confluence suffers a severe, easily exploitable remote code execution flaw (CVE-2022-26134) that allows unauthenticated attackers to run arbitrary commands, affecting multiple versions and prompting both official upgrade recommendations and detailed temporary mitigation procedures, while Xmirror's Cloud Shark RASP offers innate protection.

CVE-2022-26134ConfluenceRASP

0 likes · 9 min read

Critical Remote Code Execution Vulnerability CVE-2022-26134 in Atlassian Confluence – Description, Impact, and Mitigation Steps

Java Architecture Diary

May 24, 2022 · Information Security

Fastjson ≤1.2.80 Deserialization Flaw Enables Remote Code Execution – How to Protect Your Systems

A critical deserialization flaw in Fastjson versions up to 1.2.80 allows attackers to bypass autoType restrictions and achieve remote code execution, affecting Spring Cloud Alibaba Sentinel users, with mitigation steps and version-specific fixes detailed for both open‑source and commercial releases.

Remote Code ExecutionSecurity PatchSpring Cloud Alibaba Sentinel

0 likes · 2 min read

Fastjson ≤1.2.80 Deserialization Flaw Enables Remote Code Execution – How to Protect Your Systems

Java Backend Technology

Mar 17, 2022 · Information Security

Critical Spring Cloud Gateway Vulnerabilities (CVE-2022-22946 & 22947) – Risks and Fixes

On March 1 2022 Spring released two critical CVEs (22946 and 22947) affecting Spring Cloud Gateway, detailing a remote code execution flaw via exposed Actuator endpoints and an insecure HTTP/2 TrustManager, and provides upgrade and configuration mitigation steps.

CVE-2022-22946CVE-2022-22947Remote Code Execution

0 likes · 5 min read

Critical Spring Cloud Gateway Vulnerabilities (CVE-2022-22946 & 22947) – Risks and Fixes

Su San Talks Tech

Mar 13, 2022 · Information Security

Critical Spring Cloud Gateway Vulnerabilities: How to Detect and Patch CVE-2022-22946 & CVE-2022-22947

This article explains the two high‑severity Spring Cloud Gateway vulnerabilities disclosed on March 1, 2022, details their impact and affected versions, and provides concrete upgrade and configuration steps to mitigate the risks.

CVE-2022-22946CVE-2022-22947Remote Code Execution

0 likes · 4 min read

Critical Spring Cloud Gateway Vulnerabilities: How to Detect and Patch CVE-2022-22946 & CVE-2022-22947

Code Ape Tech Column

Mar 5, 2022 · Information Security

Spring Cloud Gateway Vulnerabilities CVE-2022-22946 and CVE-2022-22947: Description, Impact, and Mitigation

This article explains two critical Spring Cloud Gateway vulnerabilities (CVE-2022-22946 and CVE-2022-22947), detailing their causes, affected versions, potential impact, and recommended remediation steps such as upgrading to safe releases or disabling the vulnerable actuator endpoint.

CVERemote Code ExecutionSecurity Patch

0 likes · 4 min read

Spring Cloud Gateway Vulnerabilities CVE-2022-22946 and CVE-2022-22947: Description, Impact, and Mitigation

Programmer DD

Jan 17, 2022 · Information Security

Critical Apache Dubbo CVE-2021-43297 Vulnerability: Risks and Fixes

On January 14, 2022, 360CERT reported a high‑severity CVE‑2021‑43297 deserialization flaw in Apache Dubbo’s hessian‑lite (up to version 3.2.11) that can lead to remote code execution, detailing its impact, affected versions, risk rating, and recommending immediate upgrades to safe releases.

Apache DubboCVE-2021-43297Remote Code Execution

0 likes · 4 min read

Critical Apache Dubbo CVE-2021-43297 Vulnerability: Risks and Fixes

Java High-Performance Architecture

Dec 30, 2021 · Information Security

Understanding Logback CVE‑2021‑42550: Remote Code Execution Risks and Mitigation

This article explains the Logback vulnerability CVE‑2021‑42550 affecting versions before 1.2.7, detailing how malicious configuration files can lead to remote code execution via LDAP, outlines trigger conditions, affected versions, provides a SpringBoot demo for exploitation, and offers practical mitigation advice.

CVE-2021-42550Configuration AttackRemote Code Execution

0 likes · 4 min read

Understanding Logback CVE‑2021‑42550: Remote Code Execution Risks and Mitigation

Architecture Digest

Dec 21, 2021 · Information Security

Apache Log4j2 Remote Code Execution Vulnerability Exploitation Guide

This article introduces Apache Log4j2, explains the remote code execution vulnerability caused by unsafe JNDI lookups, provides step‑by‑step environment setup, PoC code, exploitation instructions, and outlines official patches and temporary mitigation measures for developers and security engineers.

ExploitMitigationRemote Code Execution

0 likes · 5 min read

Apache Log4j2 Remote Code Execution Vulnerability Exploitation Guide

21CTO

Dec 15, 2021 · Information Security

Why Log4Shell Is the Most Critical Vulnerability Since Heartbleed

The Log4Shell (CVE-2021-44228) vulnerability in Apache Log4j, first reported on November 24, has triggered a global security crisis, affecting thousands of organizations, enabling rapid exploitation for crypto mining and data theft, and prompting massive attack volumes that rival historic flaws like Heartbleed and EternalBlue.

CVE-2021-44228Log4ShellRemote Code Execution

0 likes · 6 min read

Why Log4Shell Is the Most Critical Vulnerability Since Heartbleed

Laravel Tech Community

Dec 13, 2021 · Information Security

Apache Log4j2 Remote Code Execution Vulnerability: Description, Impact, and Mitigation Steps

On December 10, a critical remote code execution vulnerability in Apache Log4j 2.x (≤ 2.14.1) was disclosed, allowing attackers to execute arbitrary code via JNDI injection; the article explains the flaw, affected components, detection methods, and urgent remediation measures such as disabling lookups and upgrading to safe versions.

JNDI injectionMitigationRemote Code Execution

0 likes · 5 min read

Apache Log4j2 Remote Code Execution Vulnerability: Description, Impact, and Mitigation Steps

Java High-Performance Architecture

Dec 13, 2021 · Information Security

How to Mitigate the Critical Apache Log4j 2 Remote Code Execution Vulnerability

The article explains the severe Apache Log4j 2 remote code execution flaw affecting versions up to 2.14.1, outlines its impact on Java applications, and provides both permanent upgrade steps and urgent workarounds to protect systems from exploitation.

Java SecurityRemote Code Executionlog4j

0 likes · 3 min read

How to Mitigate the Critical Apache Log4j 2 Remote Code Execution Vulnerability

macrozheng

Dec 12, 2021 · Information Security

Unpacking the Log4j2 Log4Shell Vulnerability: How JNDI Injection Works

This article breaks down the widely publicized Log4j2 (Log4Shell) flaw, explaining the underlying JNDI and LDAP lookup mechanisms, how malicious payloads are executed through log messages, the massive impact across Java ecosystems, and the steps needed to remediate the issue.

JNDI injectionJava SecurityRemote Code Execution

0 likes · 10 min read

Unpacking the Log4j2 Log4Shell Vulnerability: How JNDI Injection Works

21CTO

Dec 11, 2021 · Information Security

Critical Apache Log4j2 Remote Code Execution Vulnerability: Risks and Fixes

Google delays its office‑return plan and grants US staff a $1,600 bonus, while a severe Apache Log4j2 remote‑code‑execution flaw affecting many Java projects is disclosed with mitigation steps, and IntelliJ IDEA introduces built‑in audio‑video chat for collaborative coding.

Audio Video CollaborationGoogle BonusIntelliJ IDEA

0 likes · 5 min read

Critical Apache Log4j2 Remote Code Execution Vulnerability: Risks and Fixes

MaGe Linux Operations

Dec 10, 2021 · Information Security

How the Log4j2 RCE Flaw Threatened Global Systems and What to Do Now

A critical remote code execution vulnerability in Apache Log4j2, exposed through JNDI injection, has impacted major services worldwide, prompting urgent patches, temporary mitigations, and ongoing updates from the Apache project to protect vulnerable Java applications.

Remote Code ExecutionSecurity Vulnerabilityjava

0 likes · 6 min read

How the Log4j2 RCE Flaw Threatened Global Systems and What to Do Now

Top Architect

Dec 10, 2021 · Information Security

Log4j 2 Vulnerability Overview and Mitigation Measures

The article explains the Log4j 2 remote code execution vulnerability affecting versions up to 2.14.1, describes its impact, lists affected components, and provides both permanent upgrade instructions and urgent mitigation steps such as JVM flags, configuration changes, and environment variable settings.

MitigationRemote Code ExecutionSecurity Patch

0 likes · 3 min read

Log4j 2 Vulnerability Overview and Mitigation Measures

Open Source Linux

Sep 5, 2021 · Information Security

How to Exploit Critical Tomcat Vulnerabilities (CVE‑2017‑12615, CVE‑2020‑1938, CVE‑2019‑0232) Step‑by‑Step

This guide introduces Apache Tomcat, explains the mechanics of several high‑severity CVEs—including arbitrary file write, AJP file inclusion, and CGI RCE—provides detailed reproduction steps with Docker, command‑line payloads, and code snippets, and demonstrates how to gain remote shells via weak credentials and war deployment.

CVE-2017-12615CVE-2019-0232CVE-2020-1938

0 likes · 15 min read

How to Exploit Critical Tomcat Vulnerabilities (CVE‑2017‑12615, CVE‑2020‑1938, CVE‑2019‑0232) Step‑by‑Step

Programmer DD

Jun 30, 2021 · Information Security

Exploring Critical Spring Boot Vulnerabilities: Exploits, Analysis, and Mitigation

This article presents a collection of Spring Boot security vulnerabilities, detailing information leakage and remote code execution cases, with step‑by‑step exploitation guides and underlying principles, intended for security research and authorized testing only.

Remote Code ExecutionSpring BootVulnerability

0 likes · 2 min read

Exploring Critical Spring Boot Vulnerabilities: Exploits, Analysis, and Mitigation

ELab Team

May 19, 2021 · Information Security

How Prototype Chain Pollution Can Hijack Your Node.js Server – Risks and Fixes

This article explains the prototype chain pollution vulnerability in JavaScript, demonstrates how malicious payloads can gain unauthorized server access through libraries like Lodash, provides detailed code analyses, and offers practical mitigation strategies for developers to secure their applications.

Prototype PollutionRemote Code Executionlodash

0 likes · 19 min read

How Prototype Chain Pollution Can Hijack Your Node.js Server – Risks and Fixes

21CTO

Mar 20, 2021 · Information Security

How TikTok’s Android WebView Exposes Multiple Vulnerabilities Leading to Remote Code Execution

Egyptian security researchers discovered a chain of flaws in TikTok’s Android app—including generic WebView XSS, Add Wiki Activity XSS, intent-based component launch, a Zip Slip in Tma Test Activity, and an RCE exploit—that can be combined to achieve remote code execution, and the report details TikTok’s remediation steps.

AndroidRemote Code ExecutionTikTok

0 likes · 10 min read

How TikTok’s Android WebView Exposes Multiple Vulnerabilities Leading to Remote Code Execution

MaGe Linux Operations

Feb 25, 2021 · Information Security

Why You Must Upgrade to Python 3.8.8/3.9.2 Now: Inside CVE‑2021‑3177 RCE Vulnerability

The Python Software Foundation released Python 3.8.8 and 3.9.2 to patch CVE‑2021‑3177, a buffer‑overflow flaw in ctypes that enables remote code execution and denial‑of‑service attacks, prompting users to upgrade immediately to protect their systems.

CVE-2021-3177PythonRemote Code Execution

0 likes · 4 min read

Why You Must Upgrade to Python 3.8.8/3.9.2 Now: Inside CVE‑2021‑3177 RCE Vulnerability

Programmer DD

Aug 14, 2020 · Information Security

Understanding the Critical Apache Struts2 Remote Code Execution (CVE‑2019‑0230)

On August 13, 2020, 360CERT reported a high‑severity remote command execution vulnerability (CVE‑2019‑0230) in Apache Struts2 versions 2.0.0‑2.5.20, detailing its OGNL injection mechanism, risk rating, affected versions, remediation steps, and a timeline of disclosures.

Apache Struts2CVE-2019-0230OGNL Injection

0 likes · 4 min read

Understanding the Critical Apache Struts2 Remote Code Execution (CVE‑2019‑0230)

Architecture Digest

Jun 27, 2020 · Information Security

Apache Dubbo Remote Code Execution Vulnerability (CVE-2020-1948): Background, Risk Assessment, Affected Versions, and Mitigation

The article details the high‑severity CVE‑2020‑1948 remote code execution flaw in Apache Dubbo, describing its background, risk rating, affected versions, remediation steps, asset‑mapping data, and a timeline of disclosures to help users protect their Java RPC services.

Apache DubboCVE-2020-1948Remote Code Execution

0 likes · 4 min read

Apache Dubbo Remote Code Execution Vulnerability (CVE-2020-1948): Background, Risk Assessment, Affected Versions, and Mitigation

Java Backend Technology

Jun 26, 2020 · Information Security

Why Apache Dubbo’s Remote Code Execution (CVE‑2020‑1948) Is Critical and How to Patch It

The 2020‑06‑23 360CERT alert reveals a high‑severity remote code execution vulnerability (CVE‑2020‑1948) in Apache Dubbo providers, explains its impact, affected versions, risk rating, and provides concrete upgrade and mitigation recommendations to protect Java RPC services.

Apache DubboCVE-2020-1948Java RPC

0 likes · 5 min read

Why Apache Dubbo’s Remote Code Execution (CVE‑2020‑1948) Is Critical and How to Patch It

Programmer DD

Jun 25, 2020 · Information Security

Critical Apache Dubbo RCE (CVE‑2020‑1948): Threat Details & Fixes

The 2020‑06‑23 security advisory reveals that Apache Dubbo versions 2.5.x, 2.6.0‑2.6.7, and 2.7.0‑2.7.6 contain a high‑severity deserialization vulnerability (CVE‑2020‑1948) allowing remote code execution, outlines its impact, provides affected version details, risk assessment, remediation steps, and references to mapping data and product‑level mitigation.

Apache DubboCVE-2020-1948Deserialization

0 likes · 5 min read

Critical Apache Dubbo RCE (CVE‑2020‑1948): Threat Details & Fixes

FunTester

Jun 1, 2020 · Information Security

Fastjson <=1.2.68 Remote Code Execution Vulnerability and Mitigation Recommendations

Tencent Cloud Security reports that Fastjson versions up to 1.2.68 contain a high‑risk remote code execution vulnerability exploitable via the autotype feature, allowing attackers to gain server system privileges, and recommends immediate updates, enabling SafeMode, or replacing the library with alternatives such as Jackson‑databind or Gson.

Remote Code ExecutionSafeModeSecurity Vulnerability

0 likes · 3 min read

Fastjson <=1.2.68 Remote Code Execution Vulnerability and Mitigation Recommendations

Programmer DD

May 30, 2020 · Information Security

Critical Fastjson RCE Vulnerability (≤1.2.68): Risks, Impact, and Fixes

On May 28, 2020, 360CERT reported a high‑severity remote code execution flaw in Alibaba’s Fastjson library (versions ≤1.2.68) that bypasses autotype restrictions, affecting many assets, and provided temporary mitigation steps and upgrade recommendations to safeguard systems.

CVERemote Code ExecutionSecurity Advisory

0 likes · 3 min read

Critical Fastjson RCE Vulnerability (≤1.2.68): Risks, Impact, and Fixes

macrozheng

Mar 3, 2020 · Information Security

Exploiting Apache Tomcat AJP File Inclusion (CVE‑2020‑1938) for Remote Code Execution

This article analyzes the high‑severity Apache Tomcat AJP file‑inclusion vulnerability (CVE‑2020‑1938), detailing affected versions, the underlying code flaw, how attackers can read arbitrary files and achieve remote code execution, and provides concrete upgrade recommendations to mitigate the risk.

AJPApache TomcatCVE-2020-1938

0 likes · 7 min read

Exploiting Apache Tomcat AJP File Inclusion (CVE‑2020‑1938) for Remote Code Execution

21CTO

Feb 22, 2020 · Information Security

How Critical Is the Apache Dubbo CVE‑2019‑17564 Vulnerability and How to Fix It?

The Apache Dubbo CVE‑2019‑17564 vulnerability allows remote code execution via unsafe deserialization when using the HTTP protocol, affecting multiple Dubbo versions, and can be mitigated by upgrading to 2.7.5 or applying WAF protection rules.

Apache DubboCVE-2019-17564Java RPC

0 likes · 5 min read

How Critical Is the Apache Dubbo CVE‑2019‑17564 Vulnerability and How to Fix It?

ITPUB

Feb 16, 2020 · Information Security

Uncovering CVE‑2019‑17564: How Apache Dubbo’s HTTP Protocol Enables Remote Code Execution

Apache Dubbo’s CVE‑2019‑17564 is a high‑severity vulnerability that allows remote code execution via unsafe deserialization when the HTTP protocol is enabled, affecting versions 2.5.x through 2.7.4; the article details the flaw’s mechanics, affected classes, detection methods, and recommended upgrades or WAF protections.

Apache DubboCVE-2019-17564Java RPC

0 likes · 4 min read

Uncovering CVE‑2019‑17564: How Apache Dubbo’s HTTP Protocol Enables Remote Code Execution

Programmer DD

Jul 12, 2019 · Databases

Critical Redis Remote Code Execution Flaw (CNVD‑2019‑21763): Risks & Fixes

A high‑severity Redis remote command execution vulnerability (CNVD‑2019‑21763) discovered in July 2019 allows unauthenticated attackers to load malicious modules and execute arbitrary code, affecting Redis 2.x‑5.x, with no official patch yet and only temporary mitigation steps available.

CNVDDatabase SecurityRemote Code Execution

0 likes · 3 min read

Critical Redis Remote Code Execution Flaw (CNVD‑2019‑21763): Risks & Fixes

ITPUB

Sep 25, 2018 · Information Security

How a Security Engineer Hacked a Singapore Hotel Wi‑Fi Server and Got Fined $5,000

A Chinese security engineer exploited default credentials and multiple vulnerabilities in a Singapore hotel’s Wi‑Fi authentication system, gained root access, extracted MySQL data, achieved remote code execution, and was later fined $5,000 by Singapore courts for unauthorized access and password disclosure.

DirtyCOWRemote Code ExecutionWiFi hacking

0 likes · 11 min read

How a Security Engineer Hacked a Singapore Hotel Wi‑Fi Server and Got Fined $5,000

Efficient Ops

May 30, 2018 · Information Security

Critical EOS Blockchain Flaws Enable Remote Code Execution and Full Node Takeover

The 360 Vulcan team uncovered high‑risk EOS blockchain vulnerabilities that allow remote code execution on nodes, enabling attackers to control the entire network, and reported them to EOS officials for urgent remediation before the platform goes live.

EOSRemote Code Executionblockchain security

0 likes · 4 min read

Critical EOS Blockchain Flaws Enable Remote Code Execution and Full Node Takeover

MaGe Linux Operations

Sep 21, 2017 · Information Security

How a Struts2 RCE Vulnerability Turned My Linux Server into a Bitcoin Miner

A Linux server behind multiple firewalls was compromised by a Struts2 remote code execution flaw (CVE‑2017‑5638), leading to a hidden cron job that repeatedly launched a Bitcoin mining script, illustrating how outdated frameworks can expose systems to stealthy resource‑draining attacks.

Bitcoin miningCVE-2017-5638Remote Code Execution

0 likes · 6 min read

How a Struts2 RCE Vulnerability Turned My Linux Server into a Bitcoin Miner

MaGe Linux Operations

Aug 15, 2017 · Information Security

Xshell Backdoor Discovered in Build 1326 – Critical Security Alert

A critical backdoor was discovered in NetSarang’s Xshell 5 Build 1326, where the nssock2.dll module contains malicious code that contacts a remote domain, affecting multiple NetSarang products; the article details the vulnerability, affected versions, behavior, and provides safe download links.

Remote Code ExecutionVulnerabilitybackdoor

0 likes · 4 min read

Xshell Backdoor Discovered in Build 1326 – Critical Security Alert

MaGe Linux Operations

May 15, 2017 · Information Security

Critical Linux Kernel UDP Bug (CVE-2016-10229) Enables Remote Code Execution

An unauthenticated remote attacker can exploit a flaw in Linux kernel versions prior to 4.5’s udp.c, using crafted UDP packets with MSG_PEEK to trigger an unsafe checksum calculation, achieving arbitrary code execution and potential privilege escalation, though the vulnerability’s impact is limited due to rare MSG_PEEK usage.

CVE-2016-10229Linux kernelRemote Code Execution

0 likes · 4 min read

Critical Linux Kernel UDP Bug (CVE-2016-10229) Enables Remote Code Execution

Efficient Ops

Mar 12, 2017 · Information Security

Understanding the CVE-2017-5638 Struts2 RCE: Impact, Stats, and Fixes

The article examines the high‑risk CVE‑2017‑5638 vulnerability in Apache Struts2, detailing its remote code execution mechanism, global impact statistics across industries and regions, and provides comprehensive detection methods and three tiers of remediation solutions.

Apache StrutsCVE-2017-5638Patch management

0 likes · 6 min read

Understanding the CVE-2017-5638 Struts2 RCE: Impact, Stats, and Fixes

ITPUB

Nov 26, 2015 · Information Security

How a Wormhole‑Style Vulnerability in 360 Browser Enables Remote Code Execution on Android

Security researchers discovered a wormhole‑style flaw in the popular 360 Browser for Android that allows remote code execution through a custom HTTP service, affecting both rooted and non‑rooted devices, and a patch (version 6.9.9.71) was released on November 23 to mitigate the issue.

360 BrowserAndroidRemote Code Execution

0 likes · 4 min read

How a Wormhole‑Style Vulnerability in 360 Browser Enables Remote Code Execution on Android