Tag

#RCE

21 stories taggedRCE.

Vulnerabilities

Unpatched Argo CD Flaw Turns Your GitOps Engine Into a Deployment Backdoor

A gRPC endpoint that skips authentication, network policies off by default, and Redis credentials sitting in the environment. Synacktiv's research shows how one compromised pod can become a supply-chain pivot.

3 min
Vulnerabilities

No Patch, No CVE: Argo CD Repo-Server Flaw Opens Door to Kubernetes Cluster Takeover

Synacktiv reported the unauthenticated RCE bug to maintainers. There's still no fix.

3 min
Vulnerabilities

Langflow RCE Is Back on the Menu — This Time for a Monero Miner

Attackers are still pillaging exposed Langflow instances through CVE-2026-33017, turning forgotten AI workflow servers into XMR mining rigs.

3 min
Vulnerabilities

PTC Windchill RCE Lands on CISA's KEV After Web Shells Show Up in the Wild

A pre-auth code execution bug in PTC's PLM stack is being actively exploited. If you run Windchill or FlexPLM, the patch clock started a while ago.

2 min
Vulnerabilities

Cisco Unified CM Bug Under Active Exploit After PoC Drops Root File-Write Chain

CVE-2026-20230 (CVSS 8.6) lets unauthenticated attackers smuggle crafted HTTP requests into Unified CM. Cisco's PSIRT confirms in-the-wild attempts following public PoC release.

2 min
Vulnerabilities

FFmpeg Vulnerability 'PixelSmash' Threatens Media Applications

A critical flaw in FFmpeg's MagicYUV decoder reveals the fragility of software supply chains.

2 min
Vulnerabilities

PixelSmash Bug in FFmpeg Decoder Opens RCE Path on Jellyfin

A newly disclosed flaw in FFmpeg's PixletVideo decoder enables remote code execution against Jellyfin under specific conditions, with denial-of-service fallout for Kodi, Emby, Nextcloud, PhotoPrism, and OBS Studio.

3 min
AI Security

AutoJack: A Drive-By to RCE Hiding in AutoGen Studio's Dev UI

A prototyping tool nobody treated as production becomes a one-click code execution chain. The fix is out. The pattern is not.

2 min
AI Security

AutoJack: When the AI Browser Becomes the Initial Access Broker

Microsoft researchers describe an exploit chain that turns an agentic browser into a one-click path from web page to host process execution.

3 min
AI Security

AutoJack Exploit in Web-Enabled AI Agents: Bypassing Localhost Security

Microsoft uncovers RCE vulnerability in AutoGen Studio through local AI agent misuse.

2 min
Vulnerabilities

Splunk Enterprise RCE Flaw Under Active Exploitation, CISA Gives Feds 72 Hours

CVE-2026-20253 allows unauthenticated remote code execution in Splunk Enterprise. Attackers didn't wait long.

2 min
AI Security

Three-Bug Chain Turns Any LiteLLM User Into Root on the AI Gateway

A default low-privilege account on the popular open-source LLM proxy can escalate to admin and execute code, exposing every provider key the gateway holds.

2 min
Vulnerabilities

Splunk Patches CVE-2026-20253, a 9.8-Rated Unauthenticated RCE in Enterprise

The advisory covers Splunk Enterprise builds below 10.2.4 and 10.0.7, with fixed versions now available.

2 min
AI Security

LangGraph Patches Three Bugs, Including an SQLi-to-RCE Chain in Self-Hosted Agents

The framework underpinning a wave of multi-agent AI deployments shipped fixes for a flaw chain that let attackers pivot from SQL injection to code execution on self-hosted nodes.

3 min
Vulnerabilities

ShinyHunters Rode a PeopleSoft Zero-Day Into University Networks

A CVSS 9.8 RCE flaw in Oracle PeopleSoft gave UNC6240 a two-week head start before Oracle even confirmed the bug existed.

2 min
© 2026 Threat Vectr