RCE – NuclearCoffee

Hacker news

SGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model Files

On Apr 20, 2026 6:47 pm, by NuclearCoffee

A critical security vulnerability has been disclosed in SGLang that, if successfully exploited, could result in remote code execution on susceptible systems. The vulnerability, tracked as CVE-2026-5760, carries… Continue reading

Hacker news

Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain

On Apr 20, 2026 11:31 am, by NuclearCoffee

Cybersecurity researchers have discovered a critical “by design” weakness in the Model Context Protocol’s (MCP) architecture that could pave the way for remote code execution and have a… Continue reading

Hacker news

ThreatsDay Bulletin: Defender 0-Day, SonicWall Brute-Force, 17-Year-Old Excel RCE and 15 More Stories

On Apr 16, 2026 3:26 pm, by NuclearCoffee

You know that feeling when you open your feed on a Thursday morning and it’s just… a lot? Yeah. This week delivered. We’ve got hackers getting creative in ways that are… Continue reading

Hacker news

ShowDoc RCE Flaw CVE-2025-0520 Actively Exploited on Unpatched Servers

On Apr 14, 2026 7:00 am, by NuclearCoffee

A critical security vulnerability impacting ShowDoc, a document management and collaboration service popular in China, has come under active exploitation in the wild. The vulnerability in question is CVE-2025-0520 (aka CNVD-2020-26585),… Continue reading

Hacker news

Marimo RCE Flaw CVE-2026-39987 Exploited Within 10 Hours of Disclosure

On Apr 10, 2026 5:12 pm, by NuclearCoffee

A critical security vulnerability in Marimo, an open-source Python notebook for data science and analysis, has been exploited within 10 hours of public disclosure, according to findings from Sysdig. The vulnerability… Continue reading

Hacker news

ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories

On Apr 09, 2026 3:17 pm, by NuclearCoffee

Thursday. Another week, another batch of things that probably should’ve been caught sooner but weren’t. This one’s got some range — old vulnerabilities getting new life, a few “why was… Continue reading

Hacker news

Flowise AI Agent Builder Under Active CVSS 10.0 RCE Exploitation; 12,000+ Instances Exposed

On Apr 07, 2026 7:18 am, by NuclearCoffee

Threat actors are exploiting a maximum-severity security flaw in Flowise, an open-source artificial intelligence (AI) platform, according to new findings from VulnCheck. The vulnerability in question is CVE-2025-59528 (CVSS… Continue reading

Hacker news

Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager

On Mar 21, 2026 12:54 pm, by NuclearCoffee

Ravie LakshmananMar 21, 2026Vulnerability / Threat Intelligence Oracle has released security updates to address a critical security flaw impacting Identity Manager and Web Services Manager that could be… Continue reading

Hacker news

Magento PolyShell Flaw Enables Unauthenticated Uploads, RCE and Account Takeover

On Mar 20, 2026 6:30 pm, by NuclearCoffee

Ravie LakshmananMar 20, 2026Web Security / Vulnerability Sansec is warning of a critical security flaw in Magento’s REST API that could allow unauthenticated attackers to upload arbitrary executables… Continue reading

Hacker news

Critical Unpatched Telnetd Flaw (CVE-2026-32746) Enables Unauthenticated Root RCE

On Mar 18, 2026 1:41 pm, by NuclearCoffee

Ravie LakshmananMar 18, 2026Vulnerability / Data Protection Cybersecurity researchers have disclosed a critical security flaw impacting the GNU InetUtils telnet daemon (telnetd) that could be exploited by an… Continue reading

Tag: RCE

Stay Connected