Command Injection
CISA flags VMware Aria Operations RCE flaw as exploited in attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a VMware Aria Operations vulnerability tracked as CVE-2026-22719 to its Known Exploited Vulnerabilities catalog, flagging the flaw as exploited in attacks. Broadcom also warned that it is aware of reports indicating the vulnerability is exploited but says it cannot independently confirm the claims. VMware Aria Operations […]
Hackers now exploiting critical Fortinet FortiSIEM flaw in attacks
A critical Fortinet FortiSIEM vulnerability with publicly available proof-of-concept exploit code is now being abused in attacks. According to security researcher Zach Hanley at penetration testing company Horizon3.ai, who reported the vulnerability (CVE-2025-64155), it is a combination of two issues that allow arbitrary writes with admin permissions and privilege escalation to root access. “An improper […]
Exploit code public for critical FortiSIEM command injection flaw
Technical details and a public exploit have been published for a critical vulnerability affecting Fortinet’s Security Information and Event Management (SIEM) solution that could be leveraged by a remote, unauthenticated attacker to execute commands or code. The vulnerability is tracked as CVE-2025-25256, and is a combination of two issues that permit arbitrary write with admin permissions […]
New D-Link flaw in legacy DSL routers actively exploited in attacks
Threat actors are exploiting a recently discovered command injection vulnerability that affects multiple D-Link DSL gateway routers that went out of support years ago. The vulnerability is now tracked as CVE-2026-0625 and affects the dnscfg.cgi endpoint due to improper input sanitization in a CGI library. An unauthenticated attacker could leverage this to execute remote commands via DNS configuration parameters. Vulnerability intelligence company […]
Hackers are exploiting ArrayOS AG VPN flaw to plant webshells
Threat actors have been exploiting a command injection vulnerability in Array AG Series VPN devices to plant webshells and create rogue users. Array Networks fixed the vulnerability in a May security update, but has not assigned an identifier, complicating efforts to track the flaw and patch management. An advisory from Japan’s Computer Emergency and Response Team (CERT) warns […]
D-Link warns of new RCE flaws in end-of-life DIR-878 routers
D-Link is warning of three remotely exploitable command execution vulnerabilities that affect all models and hardware revisions of its DIR-878 router, which has reached end-of-service but is still available in several markets. Technical details and proof-of-concept (PoC) exploit code demonstrating the vulnerabilities have been published by a researcher using the name Yangyifan. Typically used in homes and small offices, the DIR-878 was […]
W3 Total Cache WordPress plugin vulnerable to PHP command injection
A critical flaw in the W3 Total Cache (W3TC) WordPress plugin can be exploited to run PHP commands on the server by posting a comment that contains a malicious payload. The vulnerability, tracked as CVE-2025-9501, affects all versions of the W3TC plugin prior to 2.8.13 and is described as an unauthenticated command injection. W3TC is installed on more than […]
Fortinet warns of new FortiWeb zero-day exploited in attacks
Today, Fortinet released security updates to patch a new FortiWeb zero-day vulnerability that threat actors are actively exploiting in attacks. Tracked as CVE-2025-58034, this web application firewall security flaw was reported by Jason McFadyen of Trend Micro’s Trend Research team. Authenticated threat actors can gain code execution by successfully exploiting this OS command injection vulnerability in […]
TP-Link warns of critical command injection flaw in Omada gateways
TP-Link is warning of two command injection vulnerabilities in Omada gateway devices that could be exploited to execute arbitrary OS commands. Omada gateways are marketed as full-stack solutions (router, firewall, VPN gateway) for small to medium businesses, and are constantly increasing in popularity. Although the two security issues lead to the same result when triggered, only one […]
Maximum severity GoAnywhere MFT flaw exploited as zero day
Hackers are actively exploiting a maximum severity vulnerability (CVE-2025-10035) in Fortra’s GoAnywhere MFT that allows injecting commands remotely without authentication. The vendor disclosed the flaw on September 18, buit the company had learned about it a week earlier, and did not share any details on how it was discovered or if it was being exploited. CVE-2025-10035 […]