A critical remote code execution vulnerability has been discovered in Anthropic’s open‑source tool, MCP Inspector, which is widely used by AI developers for debugging Model Context Protocol (MCP) servers. Tracked as CVE-2025-49596, the vulnerability has a CVSS score of 9.4. Successful exploitation of the vulnerability may allow a remote unauthenticated attacker to execute arbitrary code … Continue reading “Anthropic Model Context Protocol (MCP) Inspector Remote Code Execution Vulnerability (CVE-2025-49596)”
Tag: Remote Code Execution Vulnerability
WingFTP Critical Remote Code Execution Vulnerability (CVE-2025-47812)
Julien Ahrens from RCE Security discovered a critical security vulnerability impacting WingFTP. Tracked as CVE-2025-47812, the vulnerability has a CVSS score of 10. Successful exploitation of the vulnerability may allow a remote unauthenticated attacker to execute arbitrary code, leading to complete system compromise.
Cisco Identity Services Engine Unauthenticated Remote Code Execution Vulnerabilities (CVE-2025-20281 & CVE-2025-20282)
Cisco addresses two critical severity vulnerabilities impacting Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC). Tracked as CVE-2025-20281 & CVE-2025-20282, both vulnerabilities have a CVSS score of 10. Successful exploitation of the vulnerabilities may allow an unauthenticated, remote attacker to issue commands on the underlying operating system as the root user.
Invision Community Remote Code Execution Vulnerability (CVE-2025-47916)
A critical remote code execution vulnerability (CVE-2025-47916) in the Invision Community has come to light. The vulnerability may allow attackers to execute arbitrary code on the target system. The vulnerability puts countless forums and online communities at serious risk because of the popularity of the Invision Community.
vBulletin Remote Code Execution Vulnerabilities Exploited in the Wild (CVE-2025-48827 & CVE-2025-48828)
Security researchers at Karma(In)Security discovered two unauthenticated remote code execution vulnerabilities in vBulletin, a popular commercial forum solution. Tracked as CVE-2025-48828, successful exploitation of the vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code, leading to critical data loss and complete system compromise.
Versa Concerto Zero-day Remote Code Execution Vulnerabilities (CVE-2025-34025, CVE-2025-34026, & CVE-2025-34027)
Security researchers at Project Discovery discovered two critical zero-day vulnerabilities in Versa Concerto, a popular SD-WAN and network orchestration platform. When exploited together, the vulnerabilities may allow attackers to fully compromise the application and the underlying host system. The vulnerabilities affect key elements of the platform, which are based on Docker containers, Spring Boot, and … Continue reading “Versa Concerto Zero-day Remote Code Execution Vulnerabilities (CVE-2025-34025, CVE-2025-34026, & CVE-2025-34027)”
CISA Warns of Ivanti EPMM Unauthenticated Remote Code Execution Vulnerabilities (CVE-2025-4427 & CVE-2025-4428)
Ivanti released security updates to address two high security vulnerabilities impacting its Endpoint Manager Mobile (EPMM). Tracked as CVE-2025-4427 and CVE-2025-4428, the vulnerabilities are being exploited in the wild. The advisory states, “When chained together, successful exploitation could lead to unauthenticated remote code execution.” CISA added the CVEs to its Known Exploited Vulnerabilities Catalog and … Continue reading “CISA Warns of Ivanti EPMM Unauthenticated Remote Code Execution Vulnerabilities (CVE-2025-4427 & CVE-2025-4428)”
CISA Warns of Actively Exploited Langflow Remote Code Execution Vulnerability (CVE-2025-3248)
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned users about a critical severity vulnerability (CVE-2025-3248) impacting Langflow, a tool designed for building agentic AI workflows. Successful exploitation of the vulnerability may allow a remote, unauthenticated attacker to execute arbitrary system commands, leading to complete system compromise. CISA added the vulnerability to its Known Exploited … Continue reading “CISA Warns of Actively Exploited Langflow Remote Code Execution Vulnerability (CVE-2025-3248)”
SAP NetWeaver Zero-day Remote Code Execution Vulnerability (CVE-2025-31324)
SAP released an out-of-band emergency update to address a remote code execution zero-day vulnerability impacting NetWeaver. Tracked as CVE-2025-31324, the vulnerability has a critical severity rating with a CVSS score of 10. Threat actors are exploiting the vulnerability to hijack servers. CISA added CVE-2025-31324 to its Known Exploited Vulnerabilities Catalog, urging users to patch it … Continue reading “SAP NetWeaver Zero-day Remote Code Execution Vulnerability (CVE-2025-31324)”
Commvault Command Center Remote Code Execution Vulnerability (CVE-2025-34028)
A security researcher at watchTowr Labs discovered a critical vulnerability in Commvault Command Center that may allow an attacker to execute arbitrary code without authentication. Tracked as CVE-2025-34028, the vulnerability has a CVSS score of 9.0. CISA added CVE-2025-34028 to its Known Exploited Vulnerabilities Catalog, urging users to patch it before May 23, 2025.