Google explains JavaScript execution on non-200 HTTP status codes

Google noted that if the HTTP status code is non-200 (for example, on error pages with 404 status code), rendering might be skipped.
SecurityWeek

Ivanti EPM Update Patches Critical Remote Code Execution Flaw

A critical Ivanti EPM vulnerability could allow unauthenticated attackers to execute arbitrary code remotely with ...
The Hacker News

HPE OneView Flaw Rated CVSS 10.0 Allows Unauthenticated Remote Code Execution

HPE patched a critical OneView vulnerability with CVSS 10.0 that could allow unauthenticated remote code execution in ...
CSO Online

Gladinet servers file-sharing servers allow remote code execution

Static AES keys are enabling attackers to decrypt access tokens and reach remote code execution, triggering urgent patch ...