Notepad++ released a security advisory addressing three vulnerabilities, including two arbitrary code execution flaws, that could allow attackers to silently run malicious code on a victim’s machine. The most critical vulnerability among the three is CVE-2026-48778, which can lead to an arbitrary code execution issue via config.xml files.
Tag: Arbitrary Code Execution Vulnerability
Ivanti Endpoint Manager Mobile Vulnerability Exploited in the Wild (CVE-2026-6973)
Ivanti released security updates to address five high-severity vulnerabilities impacting Endpoint Manager Mobile (EPMM). One of these vulnerabilities, tracked as CVE-20260-6973, is said to be exploited in zero-day attacks. This Improper Input Validation vulnerability in Ivanti EPMM requires Admin authentication for successful exploitation. A remote authenticated user with administrative access may exploit the vulnerability to execute arbitrary code … Continue reading “Ivanti Endpoint Manager Mobile Vulnerability Exploited in the Wild (CVE-2026-6973)”
vm2 Sandbox Escape Vulnerability Allows Attackers to Execute Code (CVE-2026-26956)
Security researchers have identified a critical severity vulnerability impacting the popular Node.js sandboxing library vm2. Tracked as CVE-2026-26956, successful exploitation of the vulnerability allows an attacker to escape the sandbox and execute arbitrary code on the host system. Proof-of-concept code for the vulnerability is publicly available. vm2 is a widely used JavaScript sandbox that can run untrusted code with allowed Node’s built-in modules. Sandboxes are used in modern applications for a variety of functions.
Adobe Acrobat and Reader Arbitrary Code Execution Vulnerability Exploited in the Wild (CVE-2026-34621)
Adobe released a security update to address an actively exploited vulnerability impacting Adobe Acrobat and Reader. Tracked as CVE-2026-34621, the vulnerability may allow an attacker to run malicious code on affected installations. Haifei Li from EXPMON discovered and reported the vulnerability to Adobe. CISA acknowledged the active exploitation of the vulnerability by adding it to its Known Exploited Vulnerabilities Catalog. CISA urges users to patch the vulnerability before April 27, … Continue reading “Adobe Acrobat and Reader Arbitrary Code Execution Vulnerability Exploited in the Wild (CVE-2026-34621)”
N8n Critical Arbitrary Command Execution Vulnerability (CVE-2025-68668)
A new vulnerability has been discovered in n8n, an open-source workflow automation tool. Tracked as CVE-2025-68668, the vulnerability has a critical severity rating with a CVSS score of 9.9. Successful exploitation of the vulnerability may allow an attacker to execute arbitrary commands on the host system running n8n, using the same privileges as the n8n process. For successful exploitation of the vulnerability, an attacker must be authenticated and have permission to create or modify workflows.
Elasticsearch Kibana Arbitrary Code Execution Vulnerability (CVE-2025-25014)
Kibana released a security advisory to address a critical severity tracked as CVE-2025-25014. Successful exploitation of the prototype pollution vulnerability may lead to arbitrary code execution via crafted HTTP requests to machine learning and reporting endpoints.
Cisco IOS XE Wireless Controller Software Arbitrary File Upload Vulnerability (CVE-2025-20188)
Cisco released a security advisory to address a vulnerability in its IOS XE Wireless Controller that could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system. Tracked as CVE-2025-20188, the vulnerability has a critical severity rating with a CVSS score of 10.
Elasticsearch Kibana Arbitrary Code Execution Vulnerability (CVE-2024-37287)
Kibana, a data visualization tool, released a patch to address a critical severity flaw that may allow an attacker to perform arbitrary code execution on target systems. Tracked as CVE-2024-37287, the vulnerability has a CVSS score of 9.9.
Ivanti Patches Multiple Vulnerabilities Impacting Endpoint Manager (EPM)
Ivanti released a security advisory to address ten vulnerabilities in its Endpoint Manager. The vulnerabilities are given critical and high security vulnerabilities. On successful exploitation, an attacker with access to the internal network can execute arbitrary SQL queries and retrieve output without needing authentication. This can then allow the attacker control over machines running the … Continue reading “Ivanti Patches Multiple Vulnerabilities Impacting Endpoint Manager (EPM)”
Ivanti Patches Multiple Vulnerabilities Impacting Avalanche Mobile Device Management Solution (CVE-2024-24996 & CVE-2024-29204)
Ivanti released a security advisory to address 27 medium, high, and critical severity vulnerabilities in its mobile device management solution Avalanche. CVE-2024-24996 and CVE-2024-29204 are the two vulnerabilities that have been given critical severity ratings. Successful exploitation of the vulnerabilities may allow remote attackers to trigger denial-of-service attacks, execute arbitrary commands as SYSTEM, read sensitive … Continue reading “Ivanti Patches Multiple Vulnerabilities Impacting Avalanche Mobile Device Management Solution (CVE-2024-24996 & CVE-2024-29204)”