Google pushed out its monthly Android patches Monday, addressing 17 critical vulnerabilities, six of which are tied to the Android Mediaserver component and four addressing problems with Qualcomm chipsets.

SquirrelMail suffers from a remote code execution vulnerability that could let attackers execute arbitrary commands on the target and compromise the remote system.

VMware patched a critical vulnerability in its vCenter Server platform late last week that could have let an attacker execute arbitrary code in some scenarios.

A popular version of the Magento ecommerce platform is vulnerable to a remote code execution bug, putting as many as 200,000 online retailers at risk.

Riverbed Technology, whose products are used by most of the Global 500, patched vulnerabilities in its SteelCentral Portal used for critical application performance monitoring.

Researchers at ERPScan today disclosed details and a proof-of-concept exploit for a SAP GUI remote code execution vulnerability patched last week.

While probes looking for vulnerable Apache Struts 2 deployments continue, malicious traffic has tapered off, researchers at Rapid7 said.

Apache administrators are urged to immediately upgrade the Struts 2 web application framework to address a remote code execution flaw under public attack.

A researcher disclosed vulnerabilities in TP-Link C2 and C20i routers that allow for remote code execution and denial-of-service attacks with authentication.

WordPress security experts said that 1.5M sites have been defaced following the disclosure of a silently fixed content injection vulnerability.