The Hacker News

SGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model Files

CVE-2026-5760 (CVSS 9.8) exposes SGLang via /v1/rerank endpoint, enabling RCE through malicious GGUF models, risking server ...
SecurityWeek

Recent Apache ActiveMQ Vulnerability Exploited in the Wild

Organizations are warned that a recently patched vulnerability affecting Apache ActiveMQ Classic is being exploited in the ...
Bleeping Computer

Zerodium triples WordPress remote code execution exploit payout

Zerodium has announced today an increased interest in exploits for the WordPress content management system that achieve remote code execution. The exploit acquisition platform is now enticing exploit ...

Critical flaw in Protobuf library enables JavaScript code execution

Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used ...
SecurityWeek

Splunk Enterprise Update Patches Code Execution Vulnerability

Splunk has released patches that resolve high- and medium-severity vulnerabilities in Splunk Enterprise and MCP Server.
techtimes

Microsoft Releases Patches For Zero-Day Exploits, Remote Code Execution Vulnerabilities, and More

Microsoft has addressed several fixes for zero-day flaws and other vulnerabilities on Tuesday, Dec. 14 for its last round of patches before the year ends. The tech giant indicated that it has solved ...
Searchenginejournal.com

WordPress Elementor Plugin Remote Code Execution Vulnerability

A vulnerability was discovered in Elementor, starting with version 3.6.0, that allows an attacker to upload arbitrary code and stage a full site takeover. The flaw was introduced through a lack of ...
CSOonline

Microsoft demonstrates remote code execution exploit against PLCs that support CODESYS

Researchers from Microsoft have demonstrated how programmable logic controllers (PLCs) that support the CODESYS runtime can be taken over by exploiting high-severity remote code execution (RCE) ...
Digital Journal

Microsoft’s SharePoint server remote code execution zero-day vulnerability

Microsoft has released its August 2025 Patch package, a cumulative set of updates addressing more than 100 vulnerabilities across a host of its products. Microsoft’s SharePoint Server Remote Code ...
ZDNet

Microsoft adds second CVE for PrintNightmare remote code execution

What you think you know as PrintNightmare, might not be what Microsoft refers to, or then again it might. During the week, PrintNightware, a critical Windows print spooler vulnerability that allowed ...
Infosecurity-magazine.com

Remote Code Execution Vulnerability Found in Windows Internet Key Exchange

A series of exploits have been found in the wild targeting Windows Internet Key Exchange (IKE) Protocol Extensions. According to a new advisory recently shared by security company Cyfirma with ...
ZDNet

Code execution exploit dings iPhone

Apple's iPhone has failed the security smell test. Researchers at Security Evaluators have found what is believed to be the first remote code execution flaw affecting the device -- a bug that can be ...