SecurityWeek

Several Code Execution Flaws Patched in Veeam Backup & Replication

CISA’s Known Exploited Vulnerabilities (KEV) catalog includes four weaknesses found in the product in recent years, including ...

This WebUI vulnerability allows remote code execution - here's how to stay safe

Open WebUI, an open-source, self-hosted web interface for interacting with local or remote AI language models, carried a high ...
The Hacker News

CSA Issues Alert on Critical SmarterMail Bug Allowing Remote Code Execution

Singapore’s CSA warns of a CVSS 10.0 SmarterMail vulnerability allowing unauthenticated remote code execution via file upload ...
Bleeping Computer

Apache fixes critical OFBiz remote code execution vulnerability

Apache has fixed a critical security vulnerability in its open-source OFBiz (Open For Business) software, which could allow attackers to execute arbitrary code on vulnerable Linux and Windows servers.

New Veeam vulnerabilities expose backup servers to RCE attacks

Veeam released security updates to patch multiple security flaws in its Backup & Replication software, including a critical ...
CSO Online

Open WebUI bug turns ‘free model’ into an enterprise backdoor

The bug allows attacker-controlled model servers to inject code, steal session tokens, and, in some cases, escalate to remote ...
CSOonline

One click to compromise: Oracle Cloud Code Editor flaw exposed users to RCE

A critical vulnerability in OCI’s Code Editor exposed enterprise environments to RCE and privilege escalation risks, highlighting the dangers of implicit trust in integrated cloud tools. A now-patched ...

This SmarterMail vulnerability allows remote code execution - here's what we know

Business-grade email server software SmarterMail just patched a maximum-severity vulnerability that allowed threat actors to ...