#patch-now | Qezir

HPE OneView's CVSS 10.0: An Unauthenticated API Endpoint That Runs Commands

CVE-2025-37164 is a maximum-severity RCE in HPE OneView. An unauthenticated REST API endpoint executes arbitrary commands. 40,000+ exploit attempts on day one.

cve rce patch-now +1

Feb 1, 2026 · 6 min read

Read

Vulnerability

CRITICAL

Ni8mare: n8n's CVSS 10.0 That Hands Over Your Entire Automation Stack

CVE-2026-21858 lets unauthenticated attackers take full control of n8n instances. 100K servers exposed, PoC is public, and your secrets are in the blast radius.

cve rce automation +1

Feb 1, 2026 · 5 min read

Read

Vulnerability

HIGH

Microsoft Office Zero-Day Gets Emergency Patch - CVE-2026-21509

Microsoft drops out-of-band patch for actively exploited Office vulnerability that bypasses OLE security controls. Here's what you need to know.

microsoft office cve +2

Jan 29, 2026 · 5 min read

Read

Vulnerability

CRITICAL

React2Shell: The CVSS 10.0 That Hit 85,000 Servers

CVE-2025-55182 turned React Server Components into a one-request RCE. Nation-states and criminals moved within hours.

cve rce supply-chain +2

Jan 29, 2026 · 6 min read

Read

Vulnerability

CRITICAL

Ivanti Connect Secure Under Mass Exploitation - What We Know So Far

Critical authentication bypass vulnerabilities in Ivanti's VPN appliances are being actively exploited. Here's the timeline, technical details, and what you should do right now.

ivanti vpn cve +2

Jan 22, 2025 · 4 min read

Read