Weekly Exploit Roundup
Generated 2026-01-13T08:00:14.453702+00:00 (UTC)
- Ni8mare and N8scape flaws among multiple critical vulnerabilities affecting n8n
Source: Rapid7 Cybersecurity Blog | Published: 2026-01-08T21:25:27+00:00 | Score: 23.628Overview On November 18, 2025, a patched release was published for a critical unauthenticated file read vulnerability in n8n , a popular piece of automation software. The advisory for this vulnerability, CVE-2026-21858, was subsequently published on January 7, 2026; the vulnerability holds a CVSS score of 10.0. If a server has a custom configured web form that implements file uploads with no validation of content type, an attacker can overwrite an internal JSON object to read arbitrary files and, in some cases, establish remote code execution. This vulnerability has been dubbed “Ni8mare” by the finders. The finders, Cyera, published a technical blog post about the vulnerability on January 7, 2026, and a separate technical analysis and proof-of-concept (PoC) exploit were published by third-party security researcher Valentin Lobstein the same day. The Cyera writeup demonstrates CVE-2026-21858 , while the third-party exploit also leverages CVE-2025-68613 , an authenticated expression lang
- Ongoing Attacks Exploiting Critical RCE Vulnerability in Legacy D-Link DSL Routers
Source: The Hacker News | Published: 2026-01-07T04:31:00+00:00 | Score: 22.71A newly discovered critical security flaw in legacy D-Link DSL gateway routers has come under active exploitation in the wild.
The vulnerability, tracked as CVE-2026-0625 (CVSS score: 9.3), concerns a case of command injection in the "dnscfg.cgi" endpoint that arises as a result of improper sanitization of user-supplied DNS configuration parameters.
"An unauthenticated remote attacker can inject - Metasploit Wrap-Up 01/09/2026
Source: Rapid7 Cybersecurity Blog | Published: 2026-01-09T23:07:48+00:00 | Score: 21.093RISC-V Payloads This week brings more RISC-V payloads from community member bcoles . One provides a new adapter which allows RISC-V payloads to be converted to commands and delivered as a Metasploit fetch-payload. The second is a classic bind shell, offering the user interactive connectivity to the target host. Both of these go a long way in improving Metasploit’s support for RISC-V systems. Annual Wrap Up With a new year comes a new annual wrap up. Earlier this week, the Metasploit project posted the annual wrap up covering notable changes from 2025. New module content (4) Taiga tribe_gig authenticated unserialize remote code execution Authors: rootjog and whotwagner Type: Exploit Pull request: #20700 contributed by whotwagner Path: multi/http/taiga_tribe_gig_unserial AttackerKB reference: CVE-2025-62368 Description: This adds a new module for authenticated deserialization vulnerability in Taiga.io (CVE-2025-62368). The module sends malicious data to exposed API, which performs unsafe
- Coolify Discloses 11 Critical Flaws Enabling Full Server Compromise on Self-Hosted Instances
Source: The Hacker News | Published: 2026-01-08T09:53:00+00:00 | Score: 20.085Cybersecurity researchers have disclosed details of multiple critical-severity security flaws affecting Coolify, an open-source, self-hosting platform, that could result in authentication bypass and remote code execution.
The list of vulnerabilities is as follows –CVE-2025-66209 (CVSS score: 10.0) – A command injection vulnerability in the database backup functionality allows any authenticated
- Trend Micro Apex Central RCE Flaw Scores 9.8 CVSS in On-Prem Windows Versions
Source: The Hacker News | Published: 2026-01-09T10:01:00+00:00 | Score: 18.303Trend Micro has released security updates to address multiple security vulnerabilities impacting on-premise versions of Apex Central for Windows, including a critical bug that could result in arbitrary code execution.
The vulnerability, tracked as CVE-2025-69258, carries a CVSS score of 9.8 out of a maximum of 10.0. The vulnerability has been described as a case of remote code execution - n8n Warns of CVSS 10.0 RCE Vulnerability Affecting Self-Hosted and Cloud Versions
Source: The Hacker News | Published: 2026-01-07T11:26:00+00:00 | Score: 17.916Open-source workflow automation platform n8n has warned of a maximum-severity security flaw that, if successfully exploited, could result in authenticated remote code execution (RCE).
The vulnerability, which has been assigned the CVE identifier CVE-2026-21877, is rated 10.0 on the CVSS scoring system.
"Under certain conditions, an authenticated user may be able to cause untrusted code to be - CISA orders feds to patch Gogs RCE flaw exploited in zero-day attacks
Source: BleepingComputer | Published: 2026-01-12T20:09:16+00:00 | Score: 17.847CISA has ordered government agencies to secure their systems against a high-severity Gogs vulnerability that was exploited in zero-day attacks. […]
- Veeam Patches Critical RCE Vulnerability with CVSS 9.0 in Backup & Replication
Source: The Hacker News | Published: 2026-01-07T10:41:00+00:00 | Score: 16.894Veeam has released security updates to address multiple flaws in its Backup & Replication software, including a "critical" issue that could result in remote code execution (RCE).
The vulnerability, tracked as CVE-2025-59470, carries a CVSS score of 9.0.
"This vulnerability allows a Backup or Tape Operator to perform remote code execution (RCE) as the postgres user by sending a malicious - CISA Flags Microsoft Office and HPE OneView Bugs as Actively Exploited
Source: The Hacker News | Published: 2026-01-08T04:52:00+00:00 | Score: 15.935The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added two security flaws impacting Microsoft Office and Hewlett Packard Enterprise (HPE) OneView to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
The vulnerabilities are listed below –CVE-2009-0556 (CVSS score: 8.8) – A code injection vulnerability in Microsoft Office
- GoBruteforcer Botnet Targets Crypto Project Databases by Exploiting Weak Credentials
Source: The Hacker News | Published: 2026-01-12T10:48:00+00:00 | Score: 12.469A new wave of GoBruteforcer attacks has targeted databases of cryptocurrency and blockchain projects to co-opt them into a botnet that's capable of brute-forcing user passwords for services such as FTP, MySQL, PostgreSQL, and phpMyAdmin on Linux servers.
"The current wave of campaigns is driven by two factors: the mass reuse of AI-generated server deployment examples that propagate common
End of report.
