Google explains JavaScript execution on non-200 HTTP status codes

Google noted that if the HTTP status code is non-200 (for example, on error pages with 404 status code), rendering might be skipped.
SecurityWeek

Ivanti EPM Update Patches Critical Remote Code Execution Flaw

A critical Ivanti EPM vulnerability could allow unauthenticated attackers to execute arbitrary code remotely with ...
The Hacker News

Active Attacks Exploit Gladinet's Hard-Coded Keys for Unauthorized Access and Code Execution

Huntress reports active attacks abusing Gladinet’s fixed cryptographic keys to forge tickets and gain remote code execution ...