Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

A critical vulnerability in the WPvivid Backup & Migration WordPress plugin allows unauthenticated attackers to upload and execute arbitrary PHP files on exposed websites. Tracked as CVE-2026-1357, the vulnerability affects vulnerable versions of the plugin and enables remote code execution through network-accessible functionality intended for backup and migration workflows. With over 900,000 active installations, WPvivid is widely deployed across production WordPress environments.

Approximately 1,600 Ivanti Endpoint Manager Mobile (EPMM) instances are currently exposed globally, creating a significant attack surface for enterprise mobile infrastructure. Ivanti has disclosed two critical vulnerabilities, CVE-2026-1281 and CVE-2026-1340, that allow unauthenticated remote code execution on affected on-premises deployments. CVE-2026-1281 has been confirmed exploited prior to disclosure and is now listed in CISA’s Known Exploited Vulnerabilities (KEV) catalog.

A critical unauthenticated remote code execution (RCE) vulnerability has been identified in the React Native Metro development server, with nearly 3,500 exposed instances currently reachable on the public internet. Tracked as CVE-2025-11953, also known as Metro4Shell, this flaw affects the Metro server used during React Native application build and testing workflows.

Angular applications often rely on built-in protections to handle user input safely. However, a recently disclosed vulnerability shows how gaps in this trust can lead to client-side attacks when input is not properly handled. The vulnerability lies in Angular’s template sanitization logic, where improper handling of SVG elements during template compilation allows attackers to execute arbitrary JavaScript in a user’s browser.

A critical unauthenticated remote code execution (RCE) vulnerability has been disclosed in n8n, a widely used open-source workflow automation platform that orchestrates business processes, SaaS integrations, and event-driven automation pipelines. Tracked as CVE-2026-21858 and referred to as Ni8mare, the vulnerability carries a CVSS v3.1 score of 10.0 (Critical) and allows unauthenticated attackers to execute arbitrary system-level code on vulnerable self-hosted n8n instances.

If you run a Magento agency, you know the feeling: it is 4:00 PM on a Friday, and a critical vulnerability like SessionReaper drops. You are now stuck between two impossible choices. Do you rush an emergency patch and risk breaking your checkout flow right before the weekend? Or do you wait for a safe testing window and pray you don’t become a statistic?