VulnHub

A serious vulnerability has been discovered in ShowDoc, an online tool used by IT teams for document sharing and collaboration. This flaw, identified as CVE-2025-0520, allows attackers to execute remote code on unpatched servers, posing a significant risk to organizations that have not updated their systems. With a CVSS score of 9.4, this remote code execution vulnerability is currently being exploited in the wild, meaning that attackers are actively taking advantage of it. Companies using ShowDoc need to prioritize patching their servers to protect against potential breaches and unauthorized access to sensitive information. Failing to address this issue could lead to severe consequences for affected organizations.

A serious vulnerability in Marimo software has come to light, allowing attackers to execute remote code without needing authentication. This flaw is currently being exploited to steal user credentials, making it a pressing issue for organizations using this software. The nature of the vulnerability means that it could potentially affect a wide range of users and systems that rely on Marimo. Companies need to act quickly to protect their data and systems from unauthorized access. Immediate action is essential to mitigate the risk posed by this vulnerability as attackers are actively targeting it.

Recent research has identified thirty-six malicious npm packages related to the Strapi framework that have been linked to Redis remote code execution (RCE), database theft, and persistent command and control (C2) capabilities. In addition, malicious LNK files are being used to distribute a Python-based backdoor. The Kimsuky Group has also been noted for changing their distribution techniques to enhance their attacks. These developments pose serious risks to developers and organizations using these tools, as they could lead to unauthorized access and data breaches. It is crucial for users to be vigilant and ensure they are using secure versions of these packages to avoid falling victim to these threats.

A serious vulnerability in the open-source Python notebook tool Marimo, identified as CVE-2026-39987, has been exploited within just 10 hours of its disclosure on April 8, 2026. This flaw has a CVSS score of 9.3, indicating its severity and potential impact. Researchers from the Sysdig Threat Research Team reported that attackers began exploiting this vulnerability almost immediately, raising alarms about the security of systems using Marimo. This incident underscores the urgency for users and organizations relying on this tool to take immediate action to protect their systems from potential breaches. Quick exploitation of such vulnerabilities demonstrates the need for timely patching and awareness in the cybersecurity community.

A serious vulnerability in Marimo, an open-source Python notebook designed for data science, has been exploited within just 10 hours of being made public. The flaw, identified as CVE-2026-39987, allows attackers to execute remote code without needing authentication, affecting all versions of Marimo up to and including the latest release. Researchers from Sysdig reported this rapid exploitation, underscoring the urgency for users to address this security gap. Organizations using Marimo need to prioritize patching their installations to avoid potential breaches, as the high CVSS score of 9.3 indicates a significant risk. The swift exploitation of this vulnerability serves as a reminder of the importance of timely updates and security practices in software development.

Researchers from VulnCheck have discovered that attackers are actively exploiting a severe vulnerability in Flowise, an open-source AI platform. The flaw, identified as CVE-2025-59528, has a maximum CVSS score of 10.0 and allows for remote code execution through a code injection vulnerability in the CustomMCP node. This means that unauthorized users could potentially execute commands on affected systems. Over 12,000 instances of Flowise are exposed, raising significant concerns for users and organizations relying on this platform. It's crucial for those affected to take immediate action to secure their systems against this vulnerability.

A previously reported vulnerability in Fortinet's BIG-IP product, identified as CVE-2025-53521, has been reclassified from a denial-of-service (DoS) flaw to a remote code execution (RCE) vulnerability. This change indicates that the bug poses a much greater risk, allowing attackers to potentially execute arbitrary code on affected systems. Initially disclosed in October, this vulnerability is now known to be actively exploited, increasing the urgency for users to take action. Organizations using Fortinet BIG-IP devices should be especially vigilant, as this issue may compromise the security of their networks. Users are advised to implement necessary patches and monitor for unusual activity to safeguard their systems.

A vulnerability in F5's BIG-IP software, initially categorized as a denial-of-service (DoS) issue, has been reclassified as a remote code execution (RCE) threat. This change comes after new findings revealed that attackers could exploit the flaw to execute arbitrary code on affected systems. Organizations using BIG-IP are at risk, as the vulnerability could allow unauthorized access and control over their systems. The reclassification raises concerns about the potential for severe exploitation, especially since the flaw is reportedly being actively targeted by attackers. Companies using F5 BIG-IP should take immediate action to protect their systems.

F5 Networks has escalated the severity of a vulnerability in its BIG-IP Application Policy Manager (APM) from a denial-of-service issue to a critical remote code execution flaw. This vulnerability allows attackers to exploit unpatched devices and deploy webshells, which can give them unauthorized access to systems. Organizations using affected versions of BIG-IP are urged to apply the necessary patches immediately to prevent potential breaches. The exploitation of this flaw poses a significant risk, especially for businesses relying on BIG-IP for application delivery and security. With reports of active attacks already in progress, it is crucial for users to take swift action to secure their environments.

A recent study by CloudSEK has found that attackers quickly took advantage of a serious remote code execution (RCE) vulnerability in Oracle WebLogic the same day that exploit code became available. This flaw poses a significant risk to organizations using affected versions of WebLogic, as it allows malicious actors to execute arbitrary code on compromised servers. The rapid exploitation indicates that cybercriminals are closely monitoring vulnerability disclosures and acting swiftly, which raises concerns for businesses that may not have applied necessary security patches. Companies using Oracle WebLogic should prioritize updating their systems to mitigate this threat and protect sensitive data.

Oracle has issued an emergency patch for a serious vulnerability, identified as CVE-2026-21992, affecting Oracle Identity Manager and Oracle Web Services Manager. This flaw allows attackers to exploit a missing authentication feature, potentially leading to remote code execution without prior authentication. While Oracle hasn't confirmed if this vulnerability has been actively exploited in the wild, they are urging all customers to apply the updates or implement alternative mitigations immediately. The lack of authentication for such a critical function poses significant risks for organizations using these services, emphasizing the need for prompt action to safeguard their systems.

A newly discovered vulnerability, identified as CVE-2026-33017, poses a serious risk by allowing unauthenticated attackers to run arbitrary Python code on vulnerable servers. This flaw was reportedly exploited within 20 hours of its disclosure, raising concerns among cybersecurity experts. Organizations that use systems affected by this vulnerability need to act swiftly to secure their environments. The ability for attackers to execute arbitrary code can lead to severe data breaches and system compromises, making it crucial for affected users to understand their risk and take appropriate measures. As of now, details on specific systems or versions impacted have not been disclosed, leaving many organizations potentially vulnerable.