Apache has fixed a critical security vulnerability in its open-source OFBiz (Open For Business) software, which could allow attackers to execute arbitrary code on vulnerable Linux and Windows servers.

Anthropic fixed the flaws – but the AI-enabled attack surfaces remain Security vulnerabilities in Claude Code could have allowed attackers to remotely execute code on users' machines and steal API ...

A maximum severity vulnerability in the FreeScout helpdesk platform allows hackers to achieve remote code execution without any user interaction or authentication.

Ox Security warns that Mail2Shell could enable threat actors to hijack FreeScout systems without user interaction ...

CERT-In has issued a high-severity warning for Google Chrome users, citing vulnerabilities that could allow remote code execution. The advisory urges users to update their browser to the latest ...

Open WebUI carried CVE-2025-64496, a high-severity code injection flaw in Direct Connection features Exploitation could enable account takeover and RCE via malicious model URLs and Functions API ...

SolarWinds has patched four critical-severity remote code execution vulnerabilities in the Serv-U enterprise file transfer product.

Data resilience solutions provider Veeam Software released a critical patch for its Veeam Backup & Replication product. The update fixes a deserialization issue that can result in remote code ...

Broadcom has released patches for several vulnerabilities affecting VMware Aria Operations, including high-severity flaws.

A new report out today from artificial intelligence security startup Cyata Security Ltd. details a critical remote code execution vulnerability in Cursor Inc.’s integrated development environment that ...

Microsoft fixes a critical Notepad vulnerability in Windows 11 that could allow remote code execution via malicious Markdown files. Here are the details ...