Tag
#rce
Microsoft has released its monthly security update for May of 2025 which includes 78 vulnerabilities affecting a range of products, including 11 that Microsoft marked as “critical”. Microsoft noted five vulnerabilities that have been observed to be exploited in the wild. CVE-2025-30397 is a remote code
Zoom fixes multiple security bugs in Workplace Apps, including a high-risk flaw. Users are urged to update to…
A recently disclosed critical security flaw impacting SAP NetWeaver is being exploited by multiple China-nexus nation-state actors to target critical infrastructure networks. "Actors leveraged CVE-2025-31324, an unauthenticated file upload vulnerability that enables remote code execution (RCE)," EclecticIQ researcher Arda Büyükkaya said in an analysis published today. Targets of the campaign
Out-of-bounds read in Microsoft Office Outlook allows an unauthorized attacker to execute code locally.
Buffer over-read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an unauthorized attacker to execute code locally.
**According to the CVSS metric, the attack vector is network (AV:N) and user interaction is required (UI:R). What is the target context of the remote code execution?** This attack requires a user to open a specially crafted file from the attacker to initiate remote code execution.
Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.
Heap-based buffer overflow in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally.
Stack-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.