Rce
Curated coverage and analysis in this editorial area.
CVE-2026-48095: 7-Zip NTFS Handler Heap Overflow
A heap overflow in 7-Zip’s NTFS handler allows for RCE via crafted files. The vulnerability involves signature-based file routing that…
Kemp LoadMaster API Flaw Enables Authenticated RCE: CVSS 8.8 Vulnerability Patched
CVE-2026-3517 in Progress Software Kemp LoadMaster allows authenticated users to execute arbitrary code via command injection in the c…
CVE-2026-0826: Root RCE Vulnerability Hits HP Poly Enterprise VoIP Phones
A critical stack-based buffer overflow in HP Poly Voice's SDP parsing allows unauthenticated remote code execution with root privilege…
Microsoft Patched a Critical SharePoint RCE but Omitted the CVE from Official Documentation
CVE-2026-45659, a CVSS 8.8 SharePoint Server RCE, was missing from Microsoft’s May 2026 security update list. While the patch was dist…
Critical Flowise RCE: Exploit Code Released for CVSS 9.9 Vulnerability
Obsidian Security has published proof-of-concept exploit code for CVE-2026-40933, a critical RCE vulnerability in Flowise. The flaw le…
FortiClient EMS: EKZ Infostealer May Target VPN Management Channels
CVE-2026-35616 (CVSS 9.8): Compromised FortiClient EMS platforms could be transformed into malware delivery vehicles. Attacks in May 2…
7-Zip CVE-2026-48095: NTFS Heap Overflow Enables Vtable Hijacking
A critical heap buffer overflow in 7-Zip 26.00 allows for Remote Code Execution (RCE) via specially crafted NTFS files, regardless of…
Siemens Simcenter Femap Memory Corruption Vulnerability: Coordinated Disclosure Set for May 2026
A high-severity memory corruption vulnerability in Simcenter Femap’s IPT file parser (ZDI-26-317) leaves users with a nine-month expos…
Progress Software Patches High-Severity Command Injection in Kemp LoadMaster (ZDI-26-319)
An authenticated command injection vulnerability in the customLocation parameter of Kemp LoadMaster carries a CVSS score of 8.8. While…
CISA Adds Drupal SQL Injection Vulnerability to KEV Catalog Following Mass Exploitation
CISA has added the CVE-2026-9082 SQL injection flaw in Drupal Core to its Known Exploited Vulnerabilities catalog. The move follows re…
CISA Adds Critical Langflow Vulnerability (CVE-2025-34291) to KEV Catalog Following Active Exploitation
CISA has added CVE-2025-34291, a critical origin validation flaw in the Langflow platform, to its Known Exploited Vulnerabilities cata…
May 2026 Patch Tuesday: 137 Flaws and the Domain Controller Threat
Microsoft's May 2026 security update addresses 137 vulnerabilities, including 31 critical flaws. While no zero-days were reported, una…