Oracle issues out-of-band warning about critical PeopleSoft code injection flaw

Oracle is closing a critical code injection vulnerability in PeopleSoft with an update outside of its usual schedule.
The Hacker News

Critical Gogs RCE Vulnerability Lets Any Authenticated User Execute Arbitrary Code

A critical security vulnerability has been disclosed in Gogs, a popular open-source self-hosted Git service, that allows an authenticated user to execute arbitrary code under certain conditions. The ...
The Hacker News

Ivanti, Fortinet, and SAP Release Patches for Multiple Critical Vulnerabilities

Fortinet, Ivanti, and SAP patched critical flaws up to CVSS 10.0, reducing RCE, admin takeover, and data exposure risks.

Google posts Chromium browsers' proof-of-concept exploit code without a fix

Chrome, Edge, Brave, Opera, and other Chromium-based browsers could reportedly be exposed to abuse after Google accidentally revealed exploit code for an unfixed vulnerability ...
Bleeping Computer

New Veeam vulnerabilities expose backup servers to RCE attacks

Veeam released security updates to patch multiple security flaws in its Backup & Replication software, including a critical remote code execution (RCE) vulnerability. Tracked as CVE-2025-59470, this ...
TechSpot

Microsoft's June Patch Tuesday fixes a record 200 vulnerabilities, including five being actively exploited

In a nutshell: On the second Tuesday of every month, Microsoft addresses the overall security of its many software products. The Patch Tuesday tradition has continued for more than 20 years, but the ...