#rce | Qezir

HPE OneView's CVSS 10.0: An Unauthenticated API Endpoint That Runs Commands

CVE-2025-37164 is a maximum-severity RCE in HPE OneView. An unauthenticated REST API endpoint executes arbitrary commands. 40,000+ exploit attempts on day one.

cve rce patch-now +1

Feb 1, 2026 · 6 min read

Read

Vulnerability

CRITICAL

Ni8mare: n8n's CVSS 10.0 That Hands Over Your Entire Automation Stack

CVE-2026-21858 lets unauthenticated attackers take full control of n8n instances. 100K servers exposed, PoC is public, and your secrets are in the blast radius.

cve rce automation +1

Feb 1, 2026 · 5 min read

Read

Vulnerability

CRITICAL

React2Shell: The CVSS 10.0 That Hit 85,000 Servers

CVE-2025-55182 turned React Server Components into a one-request RCE. Nation-states and criminals moved within hours.

cve rce supply-chain +2

Jan 29, 2026 · 6 min read

Read