Skip to main content

RCE

31886 CVEs technique

Monthly

CVE-2026-5589 MEDIUM This Month

Integer underflow in Zephyr RTOS Bluetooth Mesh solicitation handling (versions ≤ 4.3.0) allows any physically proximate, unauthenticated BLE device to corrupt memory via a crafted advertising PDU, potentially causing denial of service or arbitrary code execution on the target device. The flaw resides in bt_mesh_sol_recv() within the OD Private Proxy Server feature and requires no prior pairing or device association to trigger. No public exploit has been identified at time of analysis and EPSS probability is low at 0.02%, but the combination of zero-interaction exploitation and RCE impact on embedded IoT devices warrants prioritization where this configuration is deployed.

Denial Of Service Memory Corruption Buffer Overflow RCE Zephyr
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.0%
CVE-2025-71316 CRITICAL POC PATCH Act Now

Arbitrary DLL loading in SQLite's sqldiff.exe utility on Windows allows attackers to achieve code execution by abusing the Microsoft C runtime's Unicode-to-ANSI Best-Fit character conversion. Specially crafted Unicode characters in command-line arguments can be transformed into ASCII characters that sqldiff then parses as the '-L' option, loading an attacker-supplied DLL. Publicly available exploit research (Blackhat EU 2024 'WorstFit' presentation) demonstrates the technique, though no public exploit identified targeting sqldiff specifically and it is not listed in CISA KEV.

Microsoft RCE
NVD
CVSS 4.0
9.2
EPSS
0.0%
CVE-2026-25551 HIGH POC This Week

Local privilege escalation in Seagull Software BarTender 2021 R1 through 12.0.1 allows any low-privileged user on the host to gain SYSTEM execution by sending a crafted BinaryFormatter payload to a localhost-bound .NET Remoting endpoint. Publicly available exploit code exists (a YSoSerial.NET-based PoC is published as a GitHub gist), and the issue carries a CVSS 4.0 base score of 8.5 with high confidentiality, integrity, and availability impact. No CISA KEV listing is present, so exploitation is opportunistic rather than confirmed in-the-wild.

Deserialization RCE Bartender 2021
NVD GitHub
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-25550 CRITICAL Act Now

Unauthenticated remote code execution in Seagull Software BarTender 2010, 2016 (<=R9), and 2019 (<=R10) is reachable over TCP/7375 through the BtSystem.Service.exe .NET Remoting endpoint, which runs as NT AUTHORITY\SYSTEM. The exposed singleton uses BinaryServerFormatterSinkProvider with TypeFilterLevel=Full, allowing attackers to abuse deserialization-style object unmarshalling to read/write arbitrary files, coerce NTLMv2 authentication via UNC paths, or pivot to full code execution. No public exploit identified at time of analysis, but the VulnCheck advisory documents the attack primitives in detail.

Authentication Bypass RCE Bartender 2010 Bartender 2016 Bartender 2019
NVD
CVSS 4.0
9.3
EPSS
0.4%
CVE-2026-50292 HIGH PATCH This Week

Local root code execution in libinput versions before 1.30.4 and 1.31.x before 1.31.3 is possible because the libinput-device-group helper fails to escape the 'phys' string returned for an input device, allowing injection of attacker-controlled udev properties that are subsequently evaluated as privileged actions. The flaw, tracked as CWE-93 (CRLF/property injection), enables an unprivileged local user who can attach or simulate a device with a crafted physical-path identifier to escalate to root. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.

RCE Red Hat Suse
NVD VulDB
CVSS 3.1
7.4
EPSS
0.0%
CVE-2026-41065 HIGH PATCH This Week

Remote code execution in Tautulli versions prior to 2.17.1 allows attackers to achieve unauthenticated RCE on fresh installations (pre-setup wizard) by abusing the newsletter custom template directory feature to load a malicious Mako template from an attacker-controlled SMB share. On completed installations the same chain remains exploitable by any authenticated admin. Publicly available exploit code exists per SSVC, and the SSVC framework rates this as automatable with total technical impact, though no CISA KEV listing has been confirmed.

Python Ssti RCE Tautulli
NVD GitHub VulDB
CVSS 4.0
8.9
EPSS
0.4%
CVE-2019-25741 CRITICAL POC Act Now

Mobatek MobaXterm 12.1 contains a structured exception handling (SEH) based buffer overflow vulnerability in the username field of session files that allows remote attackers to execute arbitrary. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Mobatek Mobaxterm
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
0.2%
CVE-2019-25736 HIGH POC This Week

LabF nfsAxe 3.7 Ping Client contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious payload in the Host IP field. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Labf Nfsaxe
NVD Exploit-DB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2019-25735 HIGH POC This Week

AllPlayer 7.4 contains a local buffer overflow vulnerability in URL handling that allows attackers to overwrite structured exception handling pointers by supplying an excessively long URL string. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Allplayer
NVD Exploit-DB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2019-25733 HIGH POC This Week

NetShareWatcher 1.5.8.0 contains a structured exception handler buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying malicious input. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Netsharewatcher
NVD Exploit-DB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2019-25729 CRITICAL POC Act Now

PDF Signer 3.0 contains a server-side template injection vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP commands through the CSRF-TOKEN cookie. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE CSRF PHP
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
0.0%
CVE-2026-8037 CRITICAL POC Act Now

Unauthenticated OS command injection in the API of Progress ADC products - LoadMaster, ECS Connections Manager, Object Scale Connection Manager, and MOVEit WAF - allows remote attackers to execute arbitrary commands on the appliance by supplying unsanitized input to multiple command endpoints. The flaw carries a CVSS of 9.8 (pre-auth, network-reachable) and publicly available exploit code exists (a GitHub PoC and watchTowr Labs write-up), though EPSS remains low at 0.30% and CISA SSVC currently rates exploitation status as 'none'. Fixed builds (7.2.63.2 and 7.2.54.18) are available from Progress.

RCE Command Injection Loadmaster Ecs Connections Manager Object Scale Connection Manager +1
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.3%
CVE-2026-45431 HIGH This Week

Authenticated remote command injection in GX Earth ONT (Optical Network Terminal) devices allows attackers with valid web management credentials to execute arbitrary OS commands as root via multiple diagnostic functions in the device's web interface. The flaw, reported by CERT-In and tracked as CIVN-2026-0288, carries a CVSS 4.0 score of 8.7 (High) reflecting low attack complexity and high confidentiality, integrity, and availability impact. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV.

RCE Command Injection
NVD
CVSS 4.0
8.7
EPSS
0.3%
CVE-2026-3820 HIGH This Week

Command injection in the Supermicro AS-2115HS-TNR BMC's SMTP service allows an authenticated administrator to inject crafted characters into the SMTP configuration, causing the underlying system to execute unintended OS commands during process invocation. Successful exploitation can yield arbitrary code execution on the baseboard management controller, denial of service, or persistent compromise of the management plane. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

RCE Command Injection As 2115Hs Tnr
NVD VulDB
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-69755 HIGH This Week

Remote code execution and information disclosure in Neterbit NW-431F routers (firmware vNW-431F-20241014-IR03) allow unauthenticated network attackers to compromise the device by sending a crafted command to the at_command.asp interface. The CVSS 8.2 vector (AV:N/AC:L/PR:N/UI:N) indicates trivial remote exploitation against the router's web management interface, and no public exploit identified at time of analysis, though a researcher repository on GitHub may contain proof-of-concept material.

RCE Command Injection
NVD GitHub
CVSS 3.1
8.2
EPSS
0.3%
CVE-2026-44182 PyPI CRITICAL PATCH GHSA Act Now

Privilege escalation and arbitrary Kubernetes resource creation in Jupyter Enterprise Gateway allows attackers to inject YAML into kernel pod manifests via untrusted KERNEL_* environment variables submitted to the /api/kernels endpoint. Because these values are interpolated into a Jinja2 pod template without YAML-aware escaping, an attacker can clobber the pod securityContext to run kernels as root or use multi-document YAML boundaries (--- / ...) to spin up additional privileged pods, ultimately enabling container escape and full cluster compromise. Publicly available exploit code exists (detailed PoC in the vendor advisory), though EPSS is low (0.06%) and it is not listed in CISA KEV.

Kubernetes Nginx RCE
NVD GitHub
CVSS 4.0
10.0
EPSS
0.1%
CVE-2026-44181 PyPI CRITICAL PATCH GHSA Act Now

Remote code execution in Jupyter Enterprise Gateway (fixed in v3.3.0) is possible because attacker-supplied KERNEL_XXX environment variables (e.g. KERNEL_POD_NAME, KERNEL_WORKING_DIR) sent to the /api/kernels endpoint are rendered through Jinja2 when building the Kubernetes pod manifest, enabling Server-Side Template Injection. Any client able to reach the gateway API can inject Jinja2 expressions to execute Python and OS commands inside the Enterprise Gateway pod, then steal its Kubernetes service account token to read secrets and schedule privileged/hostPath pods, escalating to full cluster compromise. Publicly available exploit code exists (working curl PoCs in the advisory); the flaw is not listed in CISA KEV and EPSS is low at 0.86%.

Kubernetes Python Ssti RCE
NVD GitHub
CVSS 4.0
10.0
EPSS
0.9%
CVE-2026-44180 PyPI CRITICAL PATCH GHSA Act Now

Privilege bypass in Jupyter Enterprise Gateway versions 2.0.0rc1 through 3.2.x allows remote unauthenticated attackers to launch Jupyter kernels as root (UID/GID 0) by appending whitespace to the KERNEL_UID or KERNEL_GID values, bypassing the EG_PROHIBITED_UIDS/GIDS protection. The flaw chains with Kubernetes hostPath volume mounts to enable container escape and worker-node compromise, with publicly available exploit code (PoC) documented in the GHSA advisory; no public exploitation identified at time of analysis.

Kubernetes RCE
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-44016 PyPI HIGH PATCH GHSA This Week

Server-side request forgery and potential remote code execution in Docling versions 2.82.0 through 2.90.x affect deployments that explicitly enable the Playwright-based HTML rendering backend. When `render_page=True` is set, untrusted HTML documents can execute arbitrary JavaScript in the rendering browser context and reach internal network services, enabling SSRF, data exfiltration, or code execution in the rendering environment. No public exploit identified at time of analysis, and the issue is not in CISA KEV, but a vendor-confirmed fix exists in 2.91.0.

Code Injection SSRF RCE
NVD GitHub
CVSS 3.1
8.2
EPSS
0.2%
CVE-2026-44017 PyPI HIGH PATCH GHSA This Week

Path traversal (Zip Slip) in IBM's Docling document processing library before v2.91.0 allows arbitrary file write when the EasyOCR model download function extracts ZIP archives without validating member paths. An attacker who can intercept or substitute the model download source (via MITM, DNS spoofing, or upstream supply-chain compromise) can drop files anywhere the process can write, leading to RCE or persistence. No public exploit identified at time of analysis and the vulnerability is not on the CISA KEV list.

Python Path Traversal RCE
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-41283 PyPI CRITICAL PATCH GHSA Act Now

Remote code execution in OpenStack Mistral through version 22.0.0 allows authenticated attackers with low privileges to execute arbitrary code via exposed API endpoints, leading to exfiltration of service credentials and full compromise of the workflow service. The CVSS 9.9 score reflects scope change (S:C) meaning impact extends beyond Mistral itself into other OpenStack components whose credentials it holds. There is no public exploit identified at time of analysis, but the vulnerability is tagged as Authentication Bypass and RCE, and disclosure occurred via oss-security with vendor coordination.

RCE Authentication Bypass
NVD GitHub VulDB
CVSS 3.1
9.9
EPSS
0.2%
CVE-2026-20175 MEDIUM This Month

Remote File Inclusion (RFI) in Cisco Finesse enables unauthenticated remote attackers to load attacker-controlled files into an active user's browser session by exploiting insufficient validation of user-supplied HTTP request parameters. Exploitation requires social engineering an authenticated Finesse user into clicking a crafted URL referencing the affected device - no server-side authentication is needed from the attacker's perspective. A successful attack results in arbitrary JavaScript execution within the Finesse interface context (browser-based XSS-class impact) or unauthorized access to sensitive contact center information; no public exploit identified at time of analysis.

RCE Cisco
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-6657 PyPI HIGH This Week

Origin validation bypass in Jupyter Server 1.12.0 through 2.17.0 lets remote attackers defeat CORS origin checks whenever the optional allow_origin_pat configuration is enabled. Because origin matching uses re.match() (anchored only at the start of the string), an attacker-controlled lookalike domain such as trusted.example.com.evil.com satisfies a pattern meant to allow only trusted.example.com, exposing CORS-protected responses, WebSocket kernels, referer checks, and login redirects. Publicly available exploit code exists via the huntr report, but EPSS is very low (0.02%) and SSVC rates exploitation as POC-only and not automatable, so there is no evidence of widespread active exploitation.

Authentication Bypass RCE Jupyter Jupyter
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-5241 PyPI CRITICAL PATCH GHSA Act Now

Remote code execution in Hugging Face Transformers 5.2.0 allows a malicious model repository to bypass the user's explicit trust_remote_code=False safeguard when loading a LightGlue model via AutoModel.from_pretrained(). The LightGlueConfig deserializes the trust_remote_code flag from the untrusted config.json and propagates the attacker-controlled value into a nested AutoConfig.from_pretrained() call, enabling execution of arbitrary attacker-supplied Python during model initialization. Rated CVSS 9.6 (AV:N/AC:L/PR:N/UI:R) with publicly available exploit code exists via the Huntr disclosure, though EPSS is currently 0.07% (22th percentile) and the CVE is not on CISA KEV.

RCE Python Transformers
NVD GitHub VulDB
CVSS 3.1
9.6
EPSS
0.1%
CVE-2022-49042 HIGH PATCH This Week

An inclusion of functionality from untrusted control sphere vulnerability in MinGW DLL component in Synology Hyper Backup Explorer before 3.0.1-0156 allows local users to execute arbitrary code via. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Synology RCE
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2022-49036 HIGH PATCH This Week

An inclusion of functionality from untrusted control sphere vulnerability in OpenSSL configuration in Synology Active Backup for Business Recovery Media Creator before 2.5.0-2081 allows local users. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Synology OpenSSL RCE
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-4035 PyPI HIGH PATCH GHSA This Week

Server-side environment variable disclosure in MLflow versions prior to 3.11.0 allows attackers to exfiltrate sensitive credentials from the MLflow AI Gateway by abusing the `$ENV_VAR` resolution feature in gateway secret configuration. By registering or modifying a gateway route where `api_key` references an environment variable like `$AWS_SECRET_ACCESS_KEY` and pointing `api_base` at an attacker-controlled endpoint, the resolved secret is transmitted in upstream provider authentication headers. Publicly available exploit code exists via the huntr.com bounty disclosure, though EPSS remains low at 0.28% (51st percentile) and the issue is not in CISA KEV.

RCE Mlflow Mlflow
NVD GitHub VulDB
CVSS 3.1
7.7
EPSS
0.3%
CVE-2026-26378 MEDIUM This Month

Stored Cross-Site Scripting in Koha 25.11 and earlier allows a remote authenticated attacker to inject and execute arbitrary JavaScript in victim browsers via the file upload function within the Invoice features module. The CVSS Scope:Changed designation indicates the injected script executes in a security context beyond the attacker's own session - targeting higher-privileged users (e.g., acquisitions staff or administrators) who subsequently view the affected invoice. A researcher blog post at g03m0n.github.io documents this vulnerability, suggesting public technical details are available. No public exploit identified at time of analysis, and EPSS at 0.05% (16th percentile) indicates low observed exploitation probability.

XSS File Upload RCE
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2026-36574 HIGH This Week

Local privilege escalation and arbitrary code execution in Wassimulator CactusViewer v2.3.0 (Windows) occurs through DLL hijacking, where the application loads a malicious DLL from a writable directory instead of the legitimate library. Exploitation requires user interaction to launch the application after an attacker plants the crafted DLL, and no public exploit identified at time of analysis. EPSS rates exploitation probability at just 0.02% (5th percentile), reflecting the niche user base of this open-source image viewer.

RCE N A
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-26379 MEDIUM This Month

Remote code execution in Koha v.25.11 and earlier allows unauthenticated network attackers to inject and execute arbitrary code through the Z39.50 configuration module. Koha is a widely deployed open-source integrated library system (ILS); the affected component handles Z39.50, a standard client-server protocol used for querying remote library catalogues. No public exploit identified at time of analysis, though a researcher technical write-up is publicly available at g03m0n.github.io, and EPSS exploitation probability is low at 0.05% (16th percentile). Notable discrepancy: CVSS impact scores (C:L/I:L) appear understated relative to the arbitrary code execution claim and should be treated with caution.

Code Injection RCE
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2021-4481 HIGH PATCH This Week

Dräger Protector Software prior to version 6.4.2 contains a local privilege escalation vulnerability due to insecure file system permissions that allows local attackers to execute arbitrary code with. Rated high severity (CVSS 8.3), this vulnerability is no authentication required, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

RCE Privilege Escalation Protector Software
NVD VulDB
CVSS 4.0
8.3
EPSS
0.0%
CVE-2021-4480 HIGH PATCH This Week

Dräger Protector Software prior to version 6.4.2 contains a local privilege escalation vulnerability due to insecure file system permissions that allows local attackers to execute arbitrary code with. Rated high severity (CVSS 8.3), this vulnerability is no authentication required, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

RCE Privilege Escalation Protector Software
NVD
CVSS 4.0
8.3
EPSS
0.0%
CVE-2026-49143 npm HIGH POC GHSA Monitor

Remote code execution in BrowserStack Runner through version 0.9.5 allows network-adjacent unauthenticated attackers to execute arbitrary code on the host system by sending crafted JSON to the /_log HTTP handler. The flaw stems from unsafe use of vm.runInNewContext() combined with eval(), and a known sandbox-escape technique via util.format and this.constructor.constructor enables full host compromise. No public exploit identified at time of analysis, but the technique is well-documented and the CVSS 8.8 score reflects high impact across confidentiality, integrity, and availability.

RCE Code Injection Node.js Browserstack Runner
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.2%
CVE-2026-34993 PyPI HIGH PATCH GHSA This Week

Arbitrary code execution in the aiohttp Python framework (versions prior to 3.14.0) arises when CookieJar.load() deserializes an attacker-controlled file, classed as CWE-502 unsafe deserialization. An attacker who can plant or substitute the persisted cookie file and induce the application to load it gains code execution in the host process. There is no public exploit identified at time of analysis, EPSS is very low (0.06%), and CISA SSVC rates exploitation as none - consistent with the library's own note that the function is normally used on the user's own trusted data.

RCE Deserialization Python Aiohttp
NVD GitHub VulDB
CVSS 3.1
7.3
EPSS
0.1%
CVE-2026-42211 npm HIGH POC PATCH GHSA This Week

Remote code execution in React Router 7.0.0 through 7.14.1 affects applications running in Framework Mode by chaining an application-level prototype pollution flaw with router internals to achieve unauthenticated RCE on the server. Applications using Declarative Mode (BrowserRouter) or Data Mode (createBrowserRouter/RouterProvider) are unaffected. No public exploit identified at time of analysis; CVSS 8.1 reflects high impact tempered by high attack complexity due to the prerequisite prototype pollution gadget.

RCE Deserialization React Router
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.3%
CVE-2026-1829 HIGH This Week

Remote code execution in the Content Visibility for Divi Builder WordPress plugin (versions ≤ 4.02) allows authenticated attackers with Contributor-level access or higher to execute arbitrary PHP on the server by abusing the 'cvdb_content_visibility_check' parameter of the 'et_pb_text' shortcode. The flaw is a CWE-94 code injection issue disclosed by Wordfence and carries a CVSS 3.1 score of 8.8. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.

RCE WordPress Code Injection
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-24237 HIGH This Week

Local code execution in NVIDIA NVTabular allows a low-privileged attacker to abuse insecure deserialization of untrusted data, potentially leading to arbitrary code execution, data tampering, and information disclosure on the host running the library. The flaw carries a CVSS 7.8 (High) rating with confidentiality, integrity, and availability all marked High, and currently no public exploit identified at time of analysis. NVTabular is a tabular feature-engineering library used in recommender-system pipelines, so the practical blast radius is data-science workstations and ML training nodes.

Nvidia RCE Deserialization Information Disclosure
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-24221 HIGH This Week

Local code execution in NVIDIA NVTabular allows an authenticated low-privileged user to abuse improper deserialization of untrusted data to run arbitrary code, tamper with data, and disclose sensitive information. The CVSS 3.1 base score is 7.8 (AV:L/AC:L/PR:L/UI:N) reflecting a local attack vector with low complexity and low privileges; no public exploit identified at time of analysis and the issue is not on the CISA KEV list.

Nvidia RCE Deserialization Information Disclosure
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-0611 CRITICAL PATCH Act Now

Unauthenticated remote code execution in Spacelabs Healthcare Sentinel (versions 10.5.x and 11.x prior to 11.6.0) allows network attackers to drop ASPX webshells into the IIS wwwroot via a legacy .NET Remoting HTTP channel on TCP/8989. The flaw stems from missing authentication (CWE-306) on a deprecated Microsoft remoting endpoint, and while a vendor patch is available, no public exploit identified at time of analysis. Exploitation requires that port 8989 has been deliberately exposed to the network, since it is not reachable in default Sentinel deployments.

RCE Authentication Bypass Sentinel
NVD
CVSS 4.0
9.2
EPSS
0.2%
CVE-2026-10591 HIGH PATCH This Week

Arbitrary command execution in Amazon Kiro IDE versions prior to 0.11 allows remote attackers to plant malicious task definitions (e.g., .vscode/tasks.json) via the IDE's file write tool, which then auto-execute when a developer opens the affected workspace folder. The CVSS 4.0 score of 8.6 reflects network-reachable abuse with high confidentiality, integrity, and availability impact contingent on a single user action (folder open). No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

RCE Kiro Ide
NVD VulDB
CVSS 4.0
8.6
EPSS
0.1%
CVE-2026-35717 MEDIUM This Month

Stack-based buffer overflow in VIVOTEK FD8136 network camera firmware FD8136-VVTK-0300a allows authenticated remote attackers to execute arbitrary code as root by sending a crafted POST request to the export_language.cgi administrative endpoint. The CGI handler passes an attacker-controlled Content-Length HTTP header value directly to fread() with no bounds validation, overflowing a 0x60-byte stack buffer and overwriting the saved link register; the binary's lack of stack canaries eliminates the primary runtime defense against this class of attack. A researcher-published proof-of-concept exists on GitHub, though EPSS stands at 0.05% (17th percentile) and the vulnerability is not currently listed in the CISA KEV catalog, suggesting no confirmed widespread exploitation at time of analysis.

Buffer Overflow RCE Stack Overflow Fd8136 Firmware
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2026-47117 PyPI CRITICAL PATCH GHSA Act Now

Remote code execution in OpenMed before 1.5.2 allows unauthenticated attackers to execute arbitrary Python code on the OpenMed service by abusing broad substring matching in the PII privacy-filter model dispatcher to load attacker-controlled Hugging Face repositories with trust_remote_code=True. The flaw, reported by VulnCheck and tracked as CWE-94 (Code Injection), carries a CVSS 4.0 score of 9.3 and a vendor-released patch is available; no public exploit identified at time of analysis.

RCE Code Injection Openmed
NVD GitHub
CVSS 4.0
9.3
EPSS
0.2%
CVE-2026-48861 LOW POC PATCH GHSA Monitor

CRLF injection in the elixir-mint Mint HTTP/1.1 client library (versions 0.1.0 through 1.8.x) enables HTTP Request Splitting and HTTP Request Smuggling on shared TCP connections when applications forward attacker-controlled values as the HTTP method or target to Mint.HTTP.request/5. The target-based vector was partially closed in Mint 1.7.0 via validate_request_target/2, but the method field was left unvalidated in all versions prior to 1.9.0, meaning method-based injection remains exploitable under the default Mint configuration. No public exploit has been identified and the vulnerability is not listed in the CISA KEV catalog; the complete fix shipping method-character validation is available in Mint 1.9.0.

RCE Mint
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-7299 MEDIUM POC PATCH This Month

Stored XSS in Appsmith's SQL query editor autocomplete allows an authenticated Developer-role user to inject persistent malicious JavaScript via crafted database table or column names that are rendered unsanitized through innerHTML. When other workspace members interact with the same datasource's query editor, the injected script executes in their browser session, enabling session token theft and unauthorized actions with high confidentiality impact (CVSS C:H). A public proof-of-concept exploit exists (Stuub/Appsmith-1.98-Stored-XSS-Exploit on GitHub), and the vulnerability was reported by CERT/CC, materially elevating practical exploitation risk above what the CVSS 6.3 Medium score alone implies.

XSS RCE Appsmith
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.0%
CVE-2026-34906 CRITICAL Act Now

Remote code execution in Wirtualna Uczelnia (versions up to wu#2016.437.295#0#20260327_105545) allows unauthenticated network attackers to execute arbitrary commands via Server-Side Template Injection in the redirectToUrl endpoint's redirectUrlParameter. The CVSS 4.0 base score of 9.3 reflects no authentication, no user interaction, and high impact across confidentiality, integrity, and availability; no public exploit identified at time of analysis, and the issue is not listed in CISA KEV. Disclosure originated from CERT-PL, indicating a vetted advisory channel for this Polish academic management product.

Ssti RCE
NVD
CVSS 4.0
9.3
EPSS
0.3%
CVE-2026-30649 HIGH This Week

Remote code execution in VIVOTEK FD8136 network camera (firmware VVTK-0300a) is possible via a stack-based buffer overflow in the set_getparam.cgi component, reachable over the network without authentication. CVSS 7.3 reflects partial CIA impact, but the presence of public vulnerability-research artifacts on GitHub indicates publicly available exploit code exists, while EPSS remains low at 0.05% (17th percentile) and the issue is not currently listed in CISA KEV.

Buffer Overflow RCE Stack Overflow N A
NVD GitHub VulDB
CVSS 3.1
7.3
EPSS
0.1%
CVE-2026-30650 HIGH This Week

Remote code execution in Vivotek FD8136 IP cameras running firmware FD8136-VVTK-0300a allows authenticated attackers to gain root-level command execution by triggering a buffer overflow in the /cgi-bin/admin/eventtask.cgi admin endpoint. Publicly available exploit code exists in a GitHub research repository, though EPSS scoring (0.09%, 25th percentile) suggests low observed exploitation activity and the CVE is not listed in CISA KEV.

Buffer Overflow RCE N A
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-35716 MEDIUM This Month

Stack-based buffer overflow in VIVOTEK FD8136 firmware FD8136-VVTK-0300a grants authenticated remote attackers root-level code execution by supplying an oversized POST parameter to any of three symlinked CGI admin endpoints. The vulnerable `motion_privacy.cgi` binary copies the `n1` parameter into a fixed 164-byte (0xa4) stack buffer with no bounds check and no stack canary protection, overwriting the saved link register and diverting execution to attacker-controlled code. A public proof-of-concept is available on GitHub; no active exploitation has been confirmed in CISA KEV at time of analysis.

Buffer Overflow RCE Stack Overflow N A
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2026-30652 HIGH This Week

Authenticated remote code execution in Vivotek FD8136 IP cameras running firmware FD8136-VVTK-0300a allows attackers with valid admin-interface credentials to overflow a buffer in the /cgi-bin/dido/setdo.cgi endpoint and execute arbitrary code as root. No public exploit identified at time of analysis, though a vulnerability research repository on GitHub describes the issue, and EPSS estimates exploitation probability at 0.05% (17th percentile), suggesting low broad-scale exploitation interest despite the high CVSS 8.8 score.

Buffer Overflow RCE N A
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-0059 HIGH This Week

Proximity-based remote code execution in Google Android (versions 14, 15, 16, and 16-qpr2) is possible via a heap buffer overflow in multiple functions of sdp_discovery.cc, the Bluetooth Service Discovery Protocol component. An adjacent attacker within Bluetooth range can trigger memory corruption without any user interaction, with no public exploit identified at time of analysis. The flaw resides in the native Bluetooth stack and could yield code execution at the privilege level of the Bluetooth process.

Heap Overflow RCE Buffer Overflow
NVD VulDB
CVSS 3.1
8.0
EPSS
0.0%
CVE-2025-48595 HIGH POC KEV THREAT NEWS Act Now

Local privilege escalation in Google Android (versions 14, 15, 16, and 16-qpr2) stems from an integer overflow (CWE-190) that can be triggered without user interaction to achieve code execution. With CVSS 8.4 and SSVC technical impact rated 'total,' a local attacker on the device can elevate privileges across security boundaries without additional execution rights. No public exploit identified at time of analysis and SSVC reports exploitation status as 'none.'

Privilege Escalation RCE Integer Overflow
NVD VulDB
CVSS 3.1
8.4
EPSS
0.0%
Threat
4.7
CVE-2018-25432 HIGH POC This Week

Arm Whois 3.11 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting the structured exception handler. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Arm Whois
NVD Exploit-DB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2018-25427 CRITICAL POC Act Now

Arm Whois 3.11 contains a stack-based buffer overflow vulnerability that allows remote attackers to execute arbitrary code by supplying oversized input to the IP address or domain field. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow RCE Buffer Overflow Arm Whois
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
0.3%
CVE-2026-9330 HIGH PATCH This Week

Remote code execution in IBM WebSphere Application Server 9.0 and 8.5 allows authenticated attackers to abuse unsafe Java deserialization in the SAML Web Single Sign-On component to run arbitrary code via a crafted HTTP request combined with a gadget chain. The flaw carries a CVSS 8.5 with scope change, and while no public exploit has been identified at time of analysis, deserialization gadget chains for WebSphere are historically well-researched. IBM has released a patch via support advisory node/7274733.

IBM RCE Deserialization
NVD VulDB
CVSS 3.1
8.5
EPSS
0.4%
CVE-2026-9319 CRITICAL PATCH Act Now

Remote code execution in IBM WebSphere Application Server 9.0 and 8.5 arises from unsafe deserialization of untrusted data processed by JAX-WS endpoints that use WS-Security. Unauthenticated remote attackers who can reach a SOAP/JAX-WS endpoint may craft malicious serialized payloads to execute arbitrary code in the WebSphere server context. No public exploit identified at time of analysis, but the high CVSS (9.0) and scope-changed impact mean any exposed JAX-WS service is a meaningful target.

IBM RCE Deserialization
NVD VulDB
CVSS 3.1
9.0
EPSS
0.2%
CVE-2026-9311 CRITICAL PATCH Act Now

Remote code execution in IBM WebSphere Application Server 9.0 and 8.5 allows network-based attackers to bypass security controls and execute arbitrary code on the application server. The flaw carries a CVSS 9.0 critical rating with a scope-changed impact (S:C) and requires no authentication, though high attack complexity (AC:H) suggests specific timing or environmental conditions must be met. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

IBM RCE Code Injection
NVD VulDB
CVSS 3.1
9.0
EPSS
0.3%
CVE-2026-7770 HIGH PATCH This Week

Remote code execution in IBM i Access Client Solutions (ACS) versions 1.1.5.0 through 1.1.9.12 allows authenticated attackers to execute arbitrary code on systems where ACS is configured to listen for requests from IBM i Navigator. The flaw, rated CVSS 8.8 with high impact across confidentiality, integrity, and availability, requires low privileges and no user interaction, making it a serious threat in enterprise IBM i environments. There is no public exploit identified at time of analysis and the CVE is not currently in CISA KEV.

IBM RCE
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-43958 HIGH PATCH This Week

Stack-based buffer overflow in rrdcached (the caching daemon for rrdtool) allows a local attacker with socket access to crash the daemon or potentially execute arbitrary code by sending an oversized CREATE request. The flaw is tracked under CWE-121 with a CVSS 3.1 base score of 7.8 (AV:L/AC:L/PR:L), reported by Red Hat against RHEL 6 through 10, and there is no public exploit identified at time of analysis.

Buffer Overflow RCE Denial Of Service Stack Overflow Red Hat Enterprise Linux 10 +4
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-49121 CRITICAL PATCH Act Now

Remote code execution in AMD's AI Tensor Engine for ROCm (AITER) through version 0.1.14 allows unauthenticated network attackers to run arbitrary code on every inference worker in a distributed cluster by sending a malicious pickle payload to the ZMQ SUB socket consumed by MessageQueue.recv() in shm_broadcast.py. The vulnerability stems from unauthenticated, unvalidated pickle deserialization with no HMAC or format checks; no public exploit identified at time of analysis, but VulnCheck has published an advisory and AMD has merged an upstream fix.

RCE Deserialization Aiter
NVD GitHub VulDB
CVSS 4.0
9.2
EPSS
0.2%
CVE-2026-45131 CRITICAL Act Now

Secret exfiltration in CloudPirates Open Source Helm Charts (prior to commit fcf9302) allows unauthenticated attackers to steal repository secrets, including Docker Hub credentials and tokens, by submitting a malicious fork pull request that triggers the pull-request.yaml GitHub Actions workflow in a privileged context. No public exploit is identified at time of analysis, but the attack pattern is a well-known pwn-request misconfiguration that requires no maintainer approval, and the CVSS score of 10.0 (Critical) with scope change reflects compromise of CI/CD secrets that extend beyond the workflow boundary.

Docker RCE Code Injection
NVD GitHub
CVSS 3.1
10.0
EPSS
0.0%
CVE-2026-45132 CRITICAL Act Now

Credential exposure in CloudPirates Open Source Helm Charts (prior to commit fcf9302) allows attackers to steal a Personal Access Token and SSH signing key by submitting a malicious pull request that the vulnerable GitHub Actions workflow checks out and executes with privileged secrets. The repository's generate-schema.yaml workflow used unsafe pull_request_target patterns combined with checkout of fork-controlled code, enabling code injection into a privileged CI context. No public exploit identified at time of analysis, but the attack pattern is well-documented for this class of GitHub Actions misconfiguration.

RCE Code Injection Helm Charts
NVD GitHub
CVSS 3.1
10.0
EPSS
0.0%
CVE-2022-4991 HIGH PATCH This Week

Tychon includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory that may be controllable by an unprivileged user on Windows. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required.

Microsoft RCE OpenSSL
NVD
CVSS 3.1
7.4
EPSS
0.0%
CVE-2026-10118 HIGH PATCH This Week

Local code execution in Poppler's Splash rendering backend allows attackers to compromise applications that open attacker-supplied PDFs by triggering an integer overflow in tilingPatternFill that produces an undersized heap allocation and a subsequent out-of-bounds write. The flaw affects Poppler as shipped across Red Hat Enterprise Linux 6 through 10 and Red Hat Hardened Images, with impact including arbitrary code execution, information disclosure, or denial of service in the rendering process. No public exploit identified at time of analysis, and the CVSS 7.8 vector requires user interaction to open a malicious PDF.

Information Disclosure RCE Buffer Overflow Denial Of Service Integer Overflow +6
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-8931 CRITICAL Act Now

Remote code execution in Disig Web Signer versions 2.0.3 through 2.5.3 allows network-adjacent attackers to execute arbitrary code on systems running this Slovak electronic signing client when a user performs a passive interaction (e.g., visiting a malicious page or processing a crafted signing request). The flaw was reported by Slovakia's National Security Authority (incident@nbu.gov.sk) and carries a CVSS 4.0 score of 9.4 (Critical) with both vulnerable and subsequent system impact rated High, indicating a likely scope-changing condition. There is no public exploit identified at time of analysis and the vulnerability is not currently listed in the CISA KEV catalog.

RCE Code Injection
NVD
CVSS 4.0
9.4
EPSS
0.4%
CVE-2026-0826 CRITICAL POC PATCH Act Now

Remote code execution in Poly Voice products on Linux is possible through a stack-based buffer overflow reachable when administrators enable Interactive Connectivity Establishment (ICE). Unauthenticated network attackers can trigger the flaw without user interaction, and no public exploit has been identified at time of analysis. HP rates the issue at CVSS 4.0 9.2 (Critical), driven by network reachability and full confidentiality, integrity, and availability impact.

Buffer Overflow RCE Stack Overflow
NVD
CVSS 4.0
9.2
EPSS
0.2%
CVE-2026-47428 npm CRITICAL PATCH GHSA Act Now

Reflected cross-site scripting in Vitest browser mode (@vitest/browser) allows attackers to execute arbitrary JavaScript in the Vitest server origin by luring a developer to a crafted /__vitest_test__/ URL with a malicious otelCarrier query parameter. Because the same page embeds VITEST_API_TOKEN used to authenticate the Vitest WebSocket API, the XSS chains into full Node-side remote code execution by writing to vite.config.ts and triggering a config reload. Publicly available exploit code exists in the vendor's GHSA-2h32-95rg-cppp advisory, though no public exploit identified at time of analysis in CISA KEV.

XSS Node.js RCE
NVD GitHub
CVSS 3.1
9.6
EPSS
0.1%
CVE-2026-47429 npm CRITICAL PATCH GHSA Act Now

Arbitrary file read and remote code execution in Vitest versions prior to 4.1.0 allow remote unauthenticated attackers to read files outside the project directory on Windows and execute arbitrary scripts when the Vitest UI or Browser Mode API server is exposed to the network via the --api.host flag or api.host configuration option. The flaw stems from incorrect use of the deprecated isFileServingAllowed check, which can be bypassed using Windows-specific path syntax (\\?\\..\\), and is compounded by API features (saveTestFile + rerun, readFile/writeFile/saveSnapshotFile) that effectively grant script execution to anyone who can reach the API. Publicly available exploit code exists in the GHSA advisory PoC; no public exploit beyond that is identified at time of analysis.

Microsoft RCE Authentication Bypass
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-10532 Maven LOW PATCH Monitor

Deserialization restriction bypass in QOS.CH Sarl logback-core affects all versions through 1.5.33, allowing unauthenticated network attackers with the ability to influence serialized data to instantiate Java Proxy objects via SimpleSocketServer or SimpleSSLSocketServer. Despite the 'RCE' tag in source intelligence, the vendor explicitly states that no practical path to remote code execution or significant privilege escalation has been identified - this is a security boundary bypass of the HardenedObjectInputStream defense mechanism, not a full compromise vector. A proof-of-concept exists (CVSS E:P), though CVSS 4.0 scores the overall risk at 2.9 due to high attack complexity and prerequisite deployment conditions.

RCE Deserialization Logback
NVD VulDB
CVSS 4.0
2.9
EPSS
0.1%
CVE-2026-7858 CRITICAL Act Now

Unauthenticated remote code execution in Dassault Systèmes Teamwork Cloud (No Magic Release 2022x-2026x) and Magic Collaboration Studio (CATIA Magic Release 2022x-2026x) arises from unsafe deserialization of attacker-controlled data. The CVSS 9.8 vector indicates a network-reachable attack with no privileges or user interaction, yielding full confidentiality, integrity, and availability impact, though no public exploit identified at time of analysis and EPSS data was not provided.

RCE Deserialization
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2026-45505 Maven HIGH PATCH GHSA This Week

Remote code execution in Apache ActiveMQ Broker, ActiveMQ All, and ActiveMQ (versions before 5.19.7 and 6.0.0 before 6.2.6) allows authenticated attackers to bypass the CVE-2026-34197 fix using non-parenthesized discovery wrappers such as `masterslave:vm://...` and `static:vm://...`, which incorrectly pass validation and trigger the VM transport's brokerConfig parameter to load a remote Spring XML application context. The flaw abuses the Jolokia JMX-HTTP bridge at /api/jolokia/ to invoke BrokerService.addNetworkConnector/addConnector MBean operations, resulting in arbitrary code execution on the broker JVM. EPSS is low at 0.06% (19th percentile) and no public exploit identified at time of analysis, but the patch bypass nature and prior in-the-wild interest in ActiveMQ RCE chains warrant urgent patching.

Java RCE Apache Activemq Activemq Broker
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-42588 Maven HIGH PATCH GHSA This Week

Authenticated remote code execution in Apache ActiveMQ Classic (versions before 5.19.7 and 6.0.0 through 6.2.5) is achievable via the Jolokia JMX-HTTP bridge exposed at /api/jolokia/ on the web console. An authenticated attacker can invoke BrokerService.addNetworkConnector with a crafted masterslave:// discovery URI that loads a Spring XML application context, instantiating attacker-controlled singleton beans (e.g., Runtime.exec()) on the broker JVM. No public exploit identified at time of analysis and EPSS is low (0.06%), but the vendor-released patches and CVSS 8.1 score reflect a significant risk to message brokers exposing the web console.

Java RCE Apache
NVD VulDB
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-20452 HIGH This Week

Heap buffer overflow in the MediaTek WLAN access point driver allows adjacent-network attackers with low-privilege user execution to corrupt memory and achieve remote code execution without user interaction. The flaw affects multiple MediaTek Wi-Fi chipsets commonly embedded in routers and access points (MT7615, MT7915, MT7916, MT7981, MT7986, MT7990, MT7992, MT7993, MT6890). No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Heap Overflow RCE Buffer Overflow Mediatek Chipset
NVD
CVSS 3.1
8.0
EPSS
0.0%
CVE-2026-38950 HIGH This Week

Arbitrary code execution in ESA AnomalyMatch before 1.3.1 allows local attackers with low privileges to run code under the application's process by planting a malicious PyTorch checkpoint into a session directory, which is loaded via torch.load() with weights_only=False. No public exploit is identified at time of analysis, but the upstream fix (PR #9) and a third-party advisory (imlabs.info) confirm the unsafe-deserialization root cause and the migration to safetensors.

Checkpoint RCE Deserialization N A
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-10175 PyPI LOW POC Monitor

Code injection in Aider-AI Aider 0.86.3 Architect Mode enables authenticated remote attackers to execute arbitrary code via the `editor_coder.run` function in `auth.py`. A public proof-of-concept exploit is available via GitHub issue #5058, lowering the barrier to exploitation. No vendor patch exists as the project has not responded to the responsible disclosure, leaving all users of the affected version exposed with no official remediation path.

RCE Code Injection Aider
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.1%
CVE-2018-25412 CRITICAL POC Act Now

Delta Sql 1.8.2 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to docs_upload.php with crafted multipart form. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Authentication Bypass File Upload
NVD Exploit-DB VulDB
CVSS 4.0
9.3
EPSS
0.2%
CVE-2026-7465 HIGH This Week

Remote code execution in the Spectra Gutenberg Blocks WordPress plugin (versions up to and including 2.19.25) allows authenticated users with Contributor-level access or higher to execute arbitrary PHP on the server by abusing the plugin's block rendering logic. The flaw stems from the plugin trusting attacker-controlled block attributes to register a fake uagb/-prefixed block type with an arbitrary render_callback, which is then invoked via call_user_func() when a second block of the same type is rendered in the same request. No public exploit identified at time of analysis, but the low privilege bar (Contributor is commonly granted to untrusted guest authors) makes this a high-priority issue for sites with open registration.

Privilege Escalation RCE WordPress
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-47410 PyPI CRITICAL PATCH GHSA Act Now

Pre-authentication full account takeover in praisonai-platform (pip package, versions <= 0.1.2) allows remote unauthenticated attackers to forge JWTs for any user, including workspace owners and admins. The JWT signing key silently falls back to the hardcoded literal 'dev-secret-change-me' from the public GitHub source because the production-mode guard only triggers when PLATFORM_ENV is explicitly set to a non-default value, which default deployments do not do. Publicly available exploit code exists in the GHSA advisory itself, though no public exploit campaign or CISA KEV listing has been reported at time of analysis.

RCE Python
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-47391 PyPI CRITICAL PATCH GHSA Act Now

Remote code execution in PraisonAI's first-party A2A server example (pip package <= 4.6.39) allows unauthenticated network attackers to execute arbitrary Python on the server process by sending a JSON-RPC message/send request to /a2a that drives the LLM-backed agent into invoking an eval()-based calculate tool. The chain combines three first-party defaults - no auth_token, 0.0.0.0 bind, and an eval()-backed example tool - and was confirmed end-to-end against a real Gemini model with a canary marker file write. No public exploit identified at time of analysis beyond the proof-of-concept in the advisory itself, and the issue is not in CISA KEV.

Denial Of Service RCE Code Injection Python
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-47392 PyPI CRITICAL PATCH GHSA Act Now

Remote code execution in PraisonAI praisonaiagents <=1.6.39 and PraisonAI <=4.6.39 allows authenticated attackers to fully escape the execute_code() subprocess sandbox by leveraging print.__self__ to reach the real builtins module and reconstructing __import__ at runtime. The flaw defeats prior patches for CVE-2026-39888, CVE-2026-34938, and CVE-2026-40158, enabling arbitrary OS command execution on the host wherever agent input can be influenced via prompt injection or direct code submission. Publicly available exploit code exists in the GitHub Security Advisory (GHSA-4mr5-g6f9-cfrh), and EPSS/KEV signals are not yet published for this newly disclosed novel bypass.

Command Injection Node.js RCE Python
NVD GitHub
CVSS 3.1
9.9
EPSS
0.1%
CVE-2026-47390 PyPI MEDIUM PATCH GHSA This Month

SSRF protection bypass in PraisonAI's spider_tools component (praisonaiagents <= 1.6.39, PraisonAI <= 4.6.39) allows an attacker who can influence URLs submitted to scrape_page(), crawl(), or extract_text() to reach loopback-only HTTP services by supplying alternate loopback address encodings such as octal IPv4, hex, decimal integer, or trailing-dot hostname forms. The _validate_url() function performs only exact-string blocklist checks against 'localhost' and '127.0.0.1', without DNS resolution, IP normalization, or post-connect address validation, causing the bypass. Publicly available exploit code (PoC) has been confirmed functional; no active exploitation via CISA KEV has been identified at time of analysis.

RCE SSRF Python
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-47398 PyPI HIGH PATCH GHSA This Week

Remote code execution in PraisonAI versions 2.0.0 through 4.6.39 allows attackers to execute arbitrary Python code via two unguarded spec.loader.exec_module call sites in agents_generator.py. The flaw is a sibling of CVE-2026-44334: the v4.6.32 chokepoint refactor added a PRAISONAI_ALLOW_LOCAL_TOOLS env-var gate to tool_override.py but missed the load_tools_from_module and load_tools_from_module_class sinks, which load arbitrary module paths from YAML agent configuration without validation. Publicly available exploit code exists (working PoC published with the advisory) and a fixed release is available in 4.6.40.

RCE Code Injection Python
NVD GitHub
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-47211 PyPI HIGH PATCH GHSA This Week

Remote code execution in the ouroboros-ai Python package (versions prior to 0.39.0) allows attackers to execute arbitrary code on a developer's machine when the victim clones a malicious repository and runs any Ouroboros command from that directory. The CLI loads a project-local `.env` file and previously honored execution-affecting variables such as `OUROBOROS_CLI_PATH` and `OPENCODE_CLI_PATH`, letting an attacker redirect adapter execution to a script shipped in the repo. No public exploit identified at time of analysis, but the PR diff illustrates the exact technique and the attack requires only standard developer workflow actions.

RCE
NVD GitHub
EPSS
0.6%
CVE-2026-44420 HIGH PATCH This Week

Heap buffer overflow write in FreeRDP's server-side clipboard (cliprdr) channel allows a malicious RDP client to crash server processes and potentially achieve remote code execution against FreeRDP versions prior to 3.26.0. The flaw is triggered by a malformed CB_CLIP_CAPS PDU with an undersized capabilitySetLength field, corrupting heap memory after authentication. No public exploit identified at time of analysis, but the CVSS 8.8 rating and heap corruption nature make this a high-priority patch for any RDP server deployment using FreeRDP.

Heap Overflow RCE Buffer Overflow Freerdp
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-44421 HIGH PATCH This Week

Heap buffer overflow write in FreeRDP client versions prior to 3.26.0 allows a malicious RDP server to corrupt client memory and potentially achieve code execution when the victim connects with RDPGFX enabled. The flaw resides in gdi_CacheToSurface, where validation uses a clamped destination rectangle while the actual copy uses unclamped cacheEntry width/height values, enabling a large out-of-bounds heap write. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Heap Overflow RCE Buffer Overflow Freerdp
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-44287 MEDIUM PATCH This Month

Sandbox escape in FastGPT's JavaScript code execution worker allows authenticated remote attackers to execute arbitrary OS commands inside the sandbox container by bypassing a regex-based blocklist. The sandbox at projects/code-sandbox/src/pool/worker.ts:356 blocks dynamic import() using a regex that matches only ASCII whitespace between 'import' and '(', failing to account for JavaScript's syntactically valid block comment syntax - the payload import/**/("child_process") parses correctly by the JS engine but evades the regex entirely. Because the safeRequire Proxy only intercepts require() and not native ES import(), the attacker gains direct access to child_process and execSync as uid=100(sandbox). No public exploit identified at time of analysis, but the bypass technique is fully documented in the vendor advisory and is trivially reproducible by any authenticated user.

RCE Code Injection Fastgpt
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2026-49382 MEDIUM PATCH This Month

Template injection (SSTI) in JetBrains IntelliJ IDEA's Copyright plugin before version 2026.1 enables local code execution when a victim interacts with a maliciously crafted copyright template. The flaw, rooted in CWE-1336 (improper neutralization of template engine special elements), requires both local access and user interaction, and carries a CVSS score of 4.5 (Medium) reflecting these significant constraints. No public exploit or CISA KEV listing has been identified at time of analysis.

Ssti RCE
NVD VulDB
CVSS 3.1
4.5
EPSS
0.0%
CVE-2026-49373 HIGH PATCH This Week

Remote code execution in JetBrains TeamCity versions prior to 2026.1 is achievable by authenticated users who can configure Perforce connection settings on a build project. The flaw, classified as CWE-88 (argument injection), allows attackers with project configuration privileges to inject arguments through Perforce VCS root parameters, leading to command execution on the TeamCity server. No public exploit identified at time of analysis, and the EPSS/KEV signals were not provided in the source intelligence.

RCE Teamcity
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-47140 npm CRITICAL PATCH GHSA Act Now

Sandbox escape leading to remote code execution in vm2 NodeVM versions 3.11.3 and earlier allows attackers running untrusted JavaScript inside the sandbox to break out via two missing entries in the dangerous-builtin denylist: `process` (whose `getBuiltinModule()` reloads any core module, including `child_process`) and `inspector/promises` (whose `Session().post('Runtime.evaluate', ...)` evaluates code in the host realm). The flaw is exploitable only when the embedder allows `process`, `inspector/promises`, or wildcard `*` in `require.builtin`. Publicly available exploit code exists (PoC published with the advisory), and a patch is available in vm2 3.11.4; no public exploit identified at time of analysis as actively used in the wild.

Node.js RCE Red Hat
NVD GitHub VulDB
CVSS 3.1
10.0
EPSS
0.1%
CVE-2026-47210 npm CRITICAL PATCH GHSA Act Now

Sandbox escape in vm2 (npm package, versions <= 3.11.3) allows arbitrary code execution in the Node.js host process when untrusted code is run on runtimes exposing WebAssembly JSPI (Node 24 with --experimental-wasm-jspi, or Node 26+ by default). A working PoC demonstrates that a JSPI-backed Promise reaches host-realm Promise.prototype.finally without bridge interposition, letting attacker-controlled species logic walk a rejection object's constructor chain to host process and execute arbitrary commands. No public exploit identified as actively used in the wild, but a complete weaponized PoC is published in the GHSA advisory.

Node.js RCE Red Hat
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-47137 npm CRITICAL PATCH GHSA Act Now

Sandbox escape in vm2 (npm package, versions <= 3.11.3) allows full remote code execution by bypassing the GHSA-8hg8-63c5-gwmx (CVE-2023-37903) patch through omission of the require option when nesting:true is set. Publicly available exploit code exists in the GHSA advisory itself, and with a CVSS of 10.0 (AV:N/AC:L/PR:N/UI:N/S:C) any application passing untrusted code to a NodeVM configured this way is trivially compromised on the host.

RCE Red Hat
NVD GitHub VulDB
CVSS 3.1
10.0
EPSS
0.2%
EPSS 0% CVSS 6.3
MEDIUM This Month

Integer underflow in Zephyr RTOS Bluetooth Mesh solicitation handling (versions ≤ 4.3.0) allows any physically proximate, unauthenticated BLE device to corrupt memory via a crafted advertising PDU, potentially causing denial of service or arbitrary code execution on the target device. The flaw resides in bt_mesh_sol_recv() within the OD Private Proxy Server feature and requires no prior pairing or device association to trigger. No public exploit has been identified at time of analysis and EPSS probability is low at 0.02%, but the combination of zero-interaction exploitation and RCE impact on embedded IoT devices warrants prioritization where this configuration is deployed.

Denial Of Service Memory Corruption Buffer Overflow +2
NVD GitHub VulDB
EPSS 0% CVSS 9.2
CRITICAL POC PATCH Act Now

Arbitrary DLL loading in SQLite's sqldiff.exe utility on Windows allows attackers to achieve code execution by abusing the Microsoft C runtime's Unicode-to-ANSI Best-Fit character conversion. Specially crafted Unicode characters in command-line arguments can be transformed into ASCII characters that sqldiff then parses as the '-L' option, loading an attacker-supplied DLL. Publicly available exploit research (Blackhat EU 2024 'WorstFit' presentation) demonstrates the technique, though no public exploit identified targeting sqldiff specifically and it is not listed in CISA KEV.

Microsoft RCE
NVD
EPSS 0% CVSS 8.5
HIGH POC This Week

Local privilege escalation in Seagull Software BarTender 2021 R1 through 12.0.1 allows any low-privileged user on the host to gain SYSTEM execution by sending a crafted BinaryFormatter payload to a localhost-bound .NET Remoting endpoint. Publicly available exploit code exists (a YSoSerial.NET-based PoC is published as a GitHub gist), and the issue carries a CVSS 4.0 base score of 8.5 with high confidentiality, integrity, and availability impact. No CISA KEV listing is present, so exploitation is opportunistic rather than confirmed in-the-wild.

Deserialization RCE Bartender 2021
NVD GitHub
EPSS 0% CVSS 9.3
CRITICAL Act Now

Unauthenticated remote code execution in Seagull Software BarTender 2010, 2016 (<=R9), and 2019 (<=R10) is reachable over TCP/7375 through the BtSystem.Service.exe .NET Remoting endpoint, which runs as NT AUTHORITY\SYSTEM. The exposed singleton uses BinaryServerFormatterSinkProvider with TypeFilterLevel=Full, allowing attackers to abuse deserialization-style object unmarshalling to read/write arbitrary files, coerce NTLMv2 authentication via UNC paths, or pivot to full code execution. No public exploit identified at time of analysis, but the VulnCheck advisory documents the attack primitives in detail.

Authentication Bypass RCE Bartender 2010 +2
NVD
EPSS 0% CVSS 7.4
HIGH PATCH This Week

Local root code execution in libinput versions before 1.30.4 and 1.31.x before 1.31.3 is possible because the libinput-device-group helper fails to escape the 'phys' string returned for an input device, allowing injection of attacker-controlled udev properties that are subsequently evaluated as privileged actions. The flaw, tracked as CWE-93 (CRLF/property injection), enables an unprivileged local user who can attach or simulate a device with a crafted physical-path identifier to escalate to root. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.

RCE Red Hat Suse
NVD VulDB
EPSS 0% CVSS 8.9
HIGH PATCH This Week

Remote code execution in Tautulli versions prior to 2.17.1 allows attackers to achieve unauthenticated RCE on fresh installations (pre-setup wizard) by abusing the newsletter custom template directory feature to load a malicious Mako template from an attacker-controlled SMB share. On completed installations the same chain remains exploitable by any authenticated admin. Publicly available exploit code exists per SSVC, and the SSVC framework rates this as automatable with total technical impact, though no CISA KEV listing has been confirmed.

Python Ssti RCE +1
NVD GitHub VulDB
EPSS 0% CVSS 9.3
CRITICAL POC Act Now

Mobatek MobaXterm 12.1 contains a structured exception handling (SEH) based buffer overflow vulnerability in the username field of session files that allows remote attackers to execute arbitrary. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Mobatek Mobaxterm
NVD Exploit-DB
EPSS 0% CVSS 8.6
HIGH POC This Week

LabF nfsAxe 3.7 Ping Client contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious payload in the Host IP field. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Labf Nfsaxe
NVD Exploit-DB
EPSS 0% CVSS 8.6
HIGH POC This Week

AllPlayer 7.4 contains a local buffer overflow vulnerability in URL handling that allows attackers to overwrite structured exception handling pointers by supplying an excessively long URL string. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Allplayer
NVD Exploit-DB
EPSS 0% CVSS 8.6
HIGH POC This Week

NetShareWatcher 1.5.8.0 contains a structured exception handler buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying malicious input. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Netsharewatcher
NVD Exploit-DB
EPSS 0% CVSS 9.3
CRITICAL POC Act Now

PDF Signer 3.0 contains a server-side template injection vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP commands through the CSRF-TOKEN cookie. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE CSRF PHP
NVD Exploit-DB
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Unauthenticated OS command injection in the API of Progress ADC products - LoadMaster, ECS Connections Manager, Object Scale Connection Manager, and MOVEit WAF - allows remote attackers to execute arbitrary commands on the appliance by supplying unsanitized input to multiple command endpoints. The flaw carries a CVSS of 9.8 (pre-auth, network-reachable) and publicly available exploit code exists (a GitHub PoC and watchTowr Labs write-up), though EPSS remains low at 0.30% and CISA SSVC currently rates exploitation status as 'none'. Fixed builds (7.2.63.2 and 7.2.54.18) are available from Progress.

RCE Command Injection Loadmaster +3
NVD GitHub VulDB
EPSS 0% CVSS 8.7
HIGH This Week

Authenticated remote command injection in GX Earth ONT (Optical Network Terminal) devices allows attackers with valid web management credentials to execute arbitrary OS commands as root via multiple diagnostic functions in the device's web interface. The flaw, reported by CERT-In and tracked as CIVN-2026-0288, carries a CVSS 4.0 score of 8.7 (High) reflecting low attack complexity and high confidentiality, integrity, and availability impact. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV.

RCE Command Injection
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Command injection in the Supermicro AS-2115HS-TNR BMC's SMTP service allows an authenticated administrator to inject crafted characters into the SMTP configuration, causing the underlying system to execute unintended OS commands during process invocation. Successful exploitation can yield arbitrary code execution on the baseboard management controller, denial of service, or persistent compromise of the management plane. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

RCE Command Injection As 2115Hs Tnr
NVD VulDB
EPSS 0% CVSS 8.2
HIGH This Week

Remote code execution and information disclosure in Neterbit NW-431F routers (firmware vNW-431F-20241014-IR03) allow unauthenticated network attackers to compromise the device by sending a crafted command to the at_command.asp interface. The CVSS 8.2 vector (AV:N/AC:L/PR:N/UI:N) indicates trivial remote exploitation against the router's web management interface, and no public exploit identified at time of analysis, though a researcher repository on GitHub may contain proof-of-concept material.

RCE Command Injection
NVD GitHub
EPSS 0% CVSS 10.0
CRITICAL PATCH Act Now

Privilege escalation and arbitrary Kubernetes resource creation in Jupyter Enterprise Gateway allows attackers to inject YAML into kernel pod manifests via untrusted KERNEL_* environment variables submitted to the /api/kernels endpoint. Because these values are interpolated into a Jinja2 pod template without YAML-aware escaping, an attacker can clobber the pod securityContext to run kernels as root or use multi-document YAML boundaries (--- / ...) to spin up additional privileged pods, ultimately enabling container escape and full cluster compromise. Publicly available exploit code exists (detailed PoC in the vendor advisory), though EPSS is low (0.06%) and it is not listed in CISA KEV.

Kubernetes Nginx RCE
NVD GitHub
EPSS 1% CVSS 10.0
CRITICAL PATCH Act Now

Remote code execution in Jupyter Enterprise Gateway (fixed in v3.3.0) is possible because attacker-supplied KERNEL_XXX environment variables (e.g. KERNEL_POD_NAME, KERNEL_WORKING_DIR) sent to the /api/kernels endpoint are rendered through Jinja2 when building the Kubernetes pod manifest, enabling Server-Side Template Injection. Any client able to reach the gateway API can inject Jinja2 expressions to execute Python and OS commands inside the Enterprise Gateway pod, then steal its Kubernetes service account token to read secrets and schedule privileged/hostPath pods, escalating to full cluster compromise. Publicly available exploit code exists (working curl PoCs in the advisory); the flaw is not listed in CISA KEV and EPSS is low at 0.86%.

Kubernetes Python Ssti +1
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Privilege bypass in Jupyter Enterprise Gateway versions 2.0.0rc1 through 3.2.x allows remote unauthenticated attackers to launch Jupyter kernels as root (UID/GID 0) by appending whitespace to the KERNEL_UID or KERNEL_GID values, bypassing the EG_PROHIBITED_UIDS/GIDS protection. The flaw chains with Kubernetes hostPath volume mounts to enable container escape and worker-node compromise, with publicly available exploit code (PoC) documented in the GHSA advisory; no public exploitation identified at time of analysis.

Kubernetes RCE
NVD GitHub
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Server-side request forgery and potential remote code execution in Docling versions 2.82.0 through 2.90.x affect deployments that explicitly enable the Playwright-based HTML rendering backend. When `render_page=True` is set, untrusted HTML documents can execute arbitrary JavaScript in the rendering browser context and reach internal network services, enabling SSRF, data exfiltration, or code execution in the rendering environment. No public exploit identified at time of analysis, and the issue is not in CISA KEV, but a vendor-confirmed fix exists in 2.91.0.

Code Injection SSRF RCE
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Path traversal (Zip Slip) in IBM's Docling document processing library before v2.91.0 allows arbitrary file write when the EasyOCR model download function extracts ZIP archives without validating member paths. An attacker who can intercept or substitute the model download source (via MITM, DNS spoofing, or upstream supply-chain compromise) can drop files anywhere the process can write, leading to RCE or persistence. No public exploit identified at time of analysis and the vulnerability is not on the CISA KEV list.

Python Path Traversal RCE
NVD GitHub
EPSS 0% CVSS 9.9
CRITICAL PATCH Act Now

Remote code execution in OpenStack Mistral through version 22.0.0 allows authenticated attackers with low privileges to execute arbitrary code via exposed API endpoints, leading to exfiltration of service credentials and full compromise of the workflow service. The CVSS 9.9 score reflects scope change (S:C) meaning impact extends beyond Mistral itself into other OpenStack components whose credentials it holds. There is no public exploit identified at time of analysis, but the vulnerability is tagged as Authentication Bypass and RCE, and disclosure occurred via oss-security with vendor coordination.

RCE Authentication Bypass
NVD GitHub VulDB
EPSS 0% CVSS 6.1
MEDIUM This Month

Remote File Inclusion (RFI) in Cisco Finesse enables unauthenticated remote attackers to load attacker-controlled files into an active user's browser session by exploiting insufficient validation of user-supplied HTTP request parameters. Exploitation requires social engineering an authenticated Finesse user into clicking a crafted URL referencing the affected device - no server-side authentication is needed from the attacker's perspective. A successful attack results in arbitrary JavaScript execution within the Finesse interface context (browser-based XSS-class impact) or unauthorized access to sensitive contact center information; no public exploit identified at time of analysis.

RCE Cisco
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Origin validation bypass in Jupyter Server 1.12.0 through 2.17.0 lets remote attackers defeat CORS origin checks whenever the optional allow_origin_pat configuration is enabled. Because origin matching uses re.match() (anchored only at the start of the string), an attacker-controlled lookalike domain such as trusted.example.com.evil.com satisfies a pattern meant to allow only trusted.example.com, exposing CORS-protected responses, WebSocket kernels, referer checks, and login redirects. Publicly available exploit code exists via the huntr report, but EPSS is very low (0.02%) and SSVC rates exploitation as POC-only and not automatable, so there is no evidence of widespread active exploitation.

Authentication Bypass RCE Jupyter Jupyter
NVD VulDB
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Remote code execution in Hugging Face Transformers 5.2.0 allows a malicious model repository to bypass the user's explicit trust_remote_code=False safeguard when loading a LightGlue model via AutoModel.from_pretrained(). The LightGlueConfig deserializes the trust_remote_code flag from the untrusted config.json and propagates the attacker-controlled value into a nested AutoConfig.from_pretrained() call, enabling execution of arbitrary attacker-supplied Python during model initialization. Rated CVSS 9.6 (AV:N/AC:L/PR:N/UI:R) with publicly available exploit code exists via the Huntr disclosure, though EPSS is currently 0.07% (22th percentile) and the CVE is not on CISA KEV.

RCE Python Transformers
NVD GitHub VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

An inclusion of functionality from untrusted control sphere vulnerability in MinGW DLL component in Synology Hyper Backup Explorer before 3.0.1-0156 allows local users to execute arbitrary code via. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Synology RCE
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

An inclusion of functionality from untrusted control sphere vulnerability in OpenSSL configuration in Synology Active Backup for Business Recovery Media Creator before 2.5.0-2081 allows local users. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Synology OpenSSL RCE
NVD
EPSS 0% CVSS 7.7
HIGH PATCH This Week

Server-side environment variable disclosure in MLflow versions prior to 3.11.0 allows attackers to exfiltrate sensitive credentials from the MLflow AI Gateway by abusing the `$ENV_VAR` resolution feature in gateway secret configuration. By registering or modifying a gateway route where `api_key` references an environment variable like `$AWS_SECRET_ACCESS_KEY` and pointing `api_base` at an attacker-controlled endpoint, the resolved secret is transmitted in upstream provider authentication headers. Publicly available exploit code exists via the huntr.com bounty disclosure, though EPSS remains low at 0.28% (51st percentile) and the issue is not in CISA KEV.

RCE Mlflow Mlflow
NVD GitHub VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

Stored Cross-Site Scripting in Koha 25.11 and earlier allows a remote authenticated attacker to inject and execute arbitrary JavaScript in victim browsers via the file upload function within the Invoice features module. The CVSS Scope:Changed designation indicates the injected script executes in a security context beyond the attacker's own session - targeting higher-privileged users (e.g., acquisitions staff or administrators) who subsequently view the affected invoice. A researcher blog post at g03m0n.github.io documents this vulnerability, suggesting public technical details are available. No public exploit identified at time of analysis, and EPSS at 0.05% (16th percentile) indicates low observed exploitation probability.

XSS File Upload RCE
NVD GitHub VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Local privilege escalation and arbitrary code execution in Wassimulator CactusViewer v2.3.0 (Windows) occurs through DLL hijacking, where the application loads a malicious DLL from a writable directory instead of the legitimate library. Exploitation requires user interaction to launch the application after an attacker plants the crafted DLL, and no public exploit identified at time of analysis. EPSS rates exploitation probability at just 0.02% (5th percentile), reflecting the niche user base of this open-source image viewer.

RCE N A
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

Remote code execution in Koha v.25.11 and earlier allows unauthenticated network attackers to inject and execute arbitrary code through the Z39.50 configuration module. Koha is a widely deployed open-source integrated library system (ILS); the affected component handles Z39.50, a standard client-server protocol used for querying remote library catalogues. No public exploit identified at time of analysis, though a researcher technical write-up is publicly available at g03m0n.github.io, and EPSS exploitation probability is low at 0.05% (16th percentile). Notable discrepancy: CVSS impact scores (C:L/I:L) appear understated relative to the arbitrary code execution claim and should be treated with caution.

Code Injection RCE
NVD GitHub VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Dräger Protector Software prior to version 6.4.2 contains a local privilege escalation vulnerability due to insecure file system permissions that allows local attackers to execute arbitrary code with. Rated high severity (CVSS 8.3), this vulnerability is no authentication required, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

RCE Privilege Escalation Protector Software
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Dräger Protector Software prior to version 6.4.2 contains a local privilege escalation vulnerability due to insecure file system permissions that allows local attackers to execute arbitrary code with. Rated high severity (CVSS 8.3), this vulnerability is no authentication required, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

RCE Privilege Escalation Protector Software
NVD
EPSS 0% CVSS 8.7
HIGH POC Monitor

Remote code execution in BrowserStack Runner through version 0.9.5 allows network-adjacent unauthenticated attackers to execute arbitrary code on the host system by sending crafted JSON to the /_log HTTP handler. The flaw stems from unsafe use of vm.runInNewContext() combined with eval(), and a known sandbox-escape technique via util.format and this.constructor.constructor enables full host compromise. No public exploit identified at time of analysis, but the technique is well-documented and the CVSS 8.8 score reflects high impact across confidentiality, integrity, and availability.

RCE Code Injection Node.js +1
NVD GitHub VulDB
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Arbitrary code execution in the aiohttp Python framework (versions prior to 3.14.0) arises when CookieJar.load() deserializes an attacker-controlled file, classed as CWE-502 unsafe deserialization. An attacker who can plant or substitute the persisted cookie file and induce the application to load it gains code execution in the host process. There is no public exploit identified at time of analysis, EPSS is very low (0.06%), and CISA SSVC rates exploitation as none - consistent with the library's own note that the function is normally used on the user's own trusted data.

RCE Deserialization Python +1
NVD GitHub VulDB
EPSS 0% CVSS 8.1
HIGH POC PATCH This Week

Remote code execution in React Router 7.0.0 through 7.14.1 affects applications running in Framework Mode by chaining an application-level prototype pollution flaw with router internals to achieve unauthenticated RCE on the server. Applications using Declarative Mode (BrowserRouter) or Data Mode (createBrowserRouter/RouterProvider) are unaffected. No public exploit identified at time of analysis; CVSS 8.1 reflects high impact tempered by high attack complexity due to the prerequisite prototype pollution gadget.

RCE Deserialization React Router
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Remote code execution in the Content Visibility for Divi Builder WordPress plugin (versions ≤ 4.02) allows authenticated attackers with Contributor-level access or higher to execute arbitrary PHP on the server by abusing the 'cvdb_content_visibility_check' parameter of the 'et_pb_text' shortcode. The flaw is a CWE-94 code injection issue disclosed by Wordfence and carries a CVSS 3.1 score of 8.8. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.

RCE WordPress Code Injection
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Local code execution in NVIDIA NVTabular allows a low-privileged attacker to abuse insecure deserialization of untrusted data, potentially leading to arbitrary code execution, data tampering, and information disclosure on the host running the library. The flaw carries a CVSS 7.8 (High) rating with confidentiality, integrity, and availability all marked High, and currently no public exploit identified at time of analysis. NVTabular is a tabular feature-engineering library used in recommender-system pipelines, so the practical blast radius is data-science workstations and ML training nodes.

Nvidia RCE Deserialization +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Local code execution in NVIDIA NVTabular allows an authenticated low-privileged user to abuse improper deserialization of untrusted data to run arbitrary code, tamper with data, and disclose sensitive information. The CVSS 3.1 base score is 7.8 (AV:L/AC:L/PR:L/UI:N) reflecting a local attack vector with low complexity and low privileges; no public exploit identified at time of analysis and the issue is not on the CISA KEV list.

Nvidia RCE Deserialization +1
NVD VulDB
EPSS 0% CVSS 9.2
CRITICAL PATCH Act Now

Unauthenticated remote code execution in Spacelabs Healthcare Sentinel (versions 10.5.x and 11.x prior to 11.6.0) allows network attackers to drop ASPX webshells into the IIS wwwroot via a legacy .NET Remoting HTTP channel on TCP/8989. The flaw stems from missing authentication (CWE-306) on a deprecated Microsoft remoting endpoint, and while a vendor patch is available, no public exploit identified at time of analysis. Exploitation requires that port 8989 has been deliberately exposed to the network, since it is not reachable in default Sentinel deployments.

RCE Authentication Bypass Sentinel
NVD
EPSS 0% CVSS 8.6
HIGH PATCH This Week

Arbitrary command execution in Amazon Kiro IDE versions prior to 0.11 allows remote attackers to plant malicious task definitions (e.g., .vscode/tasks.json) via the IDE's file write tool, which then auto-execute when a developer opens the affected workspace folder. The CVSS 4.0 score of 8.6 reflects network-reachable abuse with high confidentiality, integrity, and availability impact contingent on a single user action (folder open). No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

RCE Kiro Ide
NVD VulDB
EPSS 0% CVSS 6.3
MEDIUM This Month

Stack-based buffer overflow in VIVOTEK FD8136 network camera firmware FD8136-VVTK-0300a allows authenticated remote attackers to execute arbitrary code as root by sending a crafted POST request to the export_language.cgi administrative endpoint. The CGI handler passes an attacker-controlled Content-Length HTTP header value directly to fread() with no bounds validation, overflowing a 0x60-byte stack buffer and overwriting the saved link register; the binary's lack of stack canaries eliminates the primary runtime defense against this class of attack. A researcher-published proof-of-concept exists on GitHub, though EPSS stands at 0.05% (17th percentile) and the vulnerability is not currently listed in the CISA KEV catalog, suggesting no confirmed widespread exploitation at time of analysis.

Buffer Overflow RCE Stack Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 9.3
CRITICAL PATCH Act Now

Remote code execution in OpenMed before 1.5.2 allows unauthenticated attackers to execute arbitrary Python code on the OpenMed service by abusing broad substring matching in the PII privacy-filter model dispatcher to load attacker-controlled Hugging Face repositories with trust_remote_code=True. The flaw, reported by VulnCheck and tracked as CWE-94 (Code Injection), carries a CVSS 4.0 score of 9.3 and a vendor-released patch is available; no public exploit identified at time of analysis.

RCE Code Injection Openmed
NVD GitHub
EPSS 0% CVSS 2.1
LOW POC PATCH Monitor

CRLF injection in the elixir-mint Mint HTTP/1.1 client library (versions 0.1.0 through 1.8.x) enables HTTP Request Splitting and HTTP Request Smuggling on shared TCP connections when applications forward attacker-controlled values as the HTTP method or target to Mint.HTTP.request/5. The target-based vector was partially closed in Mint 1.7.0 via validate_request_target/2, but the method field was left unvalidated in all versions prior to 1.9.0, meaning method-based injection remains exploitable under the default Mint configuration. No public exploit has been identified and the vulnerability is not listed in the CISA KEV catalog; the complete fix shipping method-character validation is available in Mint 1.9.0.

RCE Mint
NVD GitHub VulDB
EPSS 0% CVSS 6.3
MEDIUM POC PATCH This Month

Stored XSS in Appsmith's SQL query editor autocomplete allows an authenticated Developer-role user to inject persistent malicious JavaScript via crafted database table or column names that are rendered unsanitized through innerHTML. When other workspace members interact with the same datasource's query editor, the injected script executes in their browser session, enabling session token theft and unauthorized actions with high confidentiality impact (CVSS C:H). A public proof-of-concept exploit exists (Stuub/Appsmith-1.98-Stored-XSS-Exploit on GitHub), and the vulnerability was reported by CERT/CC, materially elevating practical exploitation risk above what the CVSS 6.3 Medium score alone implies.

XSS RCE Appsmith
NVD GitHub VulDB
EPSS 0% CVSS 9.3
CRITICAL Act Now

Remote code execution in Wirtualna Uczelnia (versions up to wu#2016.437.295#0#20260327_105545) allows unauthenticated network attackers to execute arbitrary commands via Server-Side Template Injection in the redirectToUrl endpoint's redirectUrlParameter. The CVSS 4.0 base score of 9.3 reflects no authentication, no user interaction, and high impact across confidentiality, integrity, and availability; no public exploit identified at time of analysis, and the issue is not listed in CISA KEV. Disclosure originated from CERT-PL, indicating a vetted advisory channel for this Polish academic management product.

Ssti RCE
NVD
EPSS 0% CVSS 7.3
HIGH This Week

Remote code execution in VIVOTEK FD8136 network camera (firmware VVTK-0300a) is possible via a stack-based buffer overflow in the set_getparam.cgi component, reachable over the network without authentication. CVSS 7.3 reflects partial CIA impact, but the presence of public vulnerability-research artifacts on GitHub indicates publicly available exploit code exists, while EPSS remains low at 0.05% (17th percentile) and the issue is not currently listed in CISA KEV.

Buffer Overflow RCE Stack Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Remote code execution in Vivotek FD8136 IP cameras running firmware FD8136-VVTK-0300a allows authenticated attackers to gain root-level command execution by triggering a buffer overflow in the /cgi-bin/admin/eventtask.cgi admin endpoint. Publicly available exploit code exists in a GitHub research repository, though EPSS scoring (0.09%, 25th percentile) suggests low observed exploitation activity and the CVE is not listed in CISA KEV.

Buffer Overflow RCE N A
NVD GitHub VulDB
EPSS 0% CVSS 6.3
MEDIUM This Month

Stack-based buffer overflow in VIVOTEK FD8136 firmware FD8136-VVTK-0300a grants authenticated remote attackers root-level code execution by supplying an oversized POST parameter to any of three symlinked CGI admin endpoints. The vulnerable `motion_privacy.cgi` binary copies the `n1` parameter into a fixed 164-byte (0xa4) stack buffer with no bounds check and no stack canary protection, overwriting the saved link register and diverting execution to attacker-controlled code. A public proof-of-concept is available on GitHub; no active exploitation has been confirmed in CISA KEV at time of analysis.

Buffer Overflow RCE Stack Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Authenticated remote code execution in Vivotek FD8136 IP cameras running firmware FD8136-VVTK-0300a allows attackers with valid admin-interface credentials to overflow a buffer in the /cgi-bin/dido/setdo.cgi endpoint and execute arbitrary code as root. No public exploit identified at time of analysis, though a vulnerability research repository on GitHub describes the issue, and EPSS estimates exploitation probability at 0.05% (17th percentile), suggesting low broad-scale exploitation interest despite the high CVSS 8.8 score.

Buffer Overflow RCE N A
NVD GitHub VulDB
EPSS 0% CVSS 8.0
HIGH This Week

Proximity-based remote code execution in Google Android (versions 14, 15, 16, and 16-qpr2) is possible via a heap buffer overflow in multiple functions of sdp_discovery.cc, the Bluetooth Service Discovery Protocol component. An adjacent attacker within Bluetooth range can trigger memory corruption without any user interaction, with no public exploit identified at time of analysis. The flaw resides in the native Bluetooth stack and could yield code execution at the privilege level of the Bluetooth process.

Heap Overflow RCE Buffer Overflow
NVD VulDB
EPSS 0% 4.7 CVSS 8.4
HIGH POC KEV THREAT Act Now

Local privilege escalation in Google Android (versions 14, 15, 16, and 16-qpr2) stems from an integer overflow (CWE-190) that can be triggered without user interaction to achieve code execution. With CVSS 8.4 and SSVC technical impact rated 'total,' a local attacker on the device can elevate privileges across security boundaries without additional execution rights. No public exploit identified at time of analysis and SSVC reports exploitation status as 'none.'

Privilege Escalation RCE Integer Overflow
NVD VulDB
EPSS 0% CVSS 8.6
HIGH POC This Week

Arm Whois 3.11 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting the structured exception handler. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Arm Whois
NVD Exploit-DB
EPSS 0% CVSS 9.3
CRITICAL POC Act Now

Arm Whois 3.11 contains a stack-based buffer overflow vulnerability that allows remote attackers to execute arbitrary code by supplying oversized input to the IP address or domain field. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow RCE Buffer Overflow +1
NVD Exploit-DB
EPSS 0% CVSS 8.5
HIGH PATCH This Week

Remote code execution in IBM WebSphere Application Server 9.0 and 8.5 allows authenticated attackers to abuse unsafe Java deserialization in the SAML Web Single Sign-On component to run arbitrary code via a crafted HTTP request combined with a gadget chain. The flaw carries a CVSS 8.5 with scope change, and while no public exploit has been identified at time of analysis, deserialization gadget chains for WebSphere are historically well-researched. IBM has released a patch via support advisory node/7274733.

IBM RCE Deserialization
NVD VulDB
EPSS 0% CVSS 9.0
CRITICAL PATCH Act Now

Remote code execution in IBM WebSphere Application Server 9.0 and 8.5 arises from unsafe deserialization of untrusted data processed by JAX-WS endpoints that use WS-Security. Unauthenticated remote attackers who can reach a SOAP/JAX-WS endpoint may craft malicious serialized payloads to execute arbitrary code in the WebSphere server context. No public exploit identified at time of analysis, but the high CVSS (9.0) and scope-changed impact mean any exposed JAX-WS service is a meaningful target.

IBM RCE Deserialization
NVD VulDB
EPSS 0% CVSS 9.0
CRITICAL PATCH Act Now

Remote code execution in IBM WebSphere Application Server 9.0 and 8.5 allows network-based attackers to bypass security controls and execute arbitrary code on the application server. The flaw carries a CVSS 9.0 critical rating with a scope-changed impact (S:C) and requires no authentication, though high attack complexity (AC:H) suggests specific timing or environmental conditions must be met. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

IBM RCE Code Injection
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in IBM i Access Client Solutions (ACS) versions 1.1.5.0 through 1.1.9.12 allows authenticated attackers to execute arbitrary code on systems where ACS is configured to listen for requests from IBM i Navigator. The flaw, rated CVSS 8.8 with high impact across confidentiality, integrity, and availability, requires low privileges and no user interaction, making it a serious threat in enterprise IBM i environments. There is no public exploit identified at time of analysis and the CVE is not currently in CISA KEV.

IBM RCE
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Stack-based buffer overflow in rrdcached (the caching daemon for rrdtool) allows a local attacker with socket access to crash the daemon or potentially execute arbitrary code by sending an oversized CREATE request. The flaw is tracked under CWE-121 with a CVSS 3.1 base score of 7.8 (AV:L/AC:L/PR:L), reported by Red Hat against RHEL 6 through 10, and there is no public exploit identified at time of analysis.

Buffer Overflow RCE Denial Of Service +6
NVD VulDB
EPSS 0% CVSS 9.2
CRITICAL PATCH Act Now

Remote code execution in AMD's AI Tensor Engine for ROCm (AITER) through version 0.1.14 allows unauthenticated network attackers to run arbitrary code on every inference worker in a distributed cluster by sending a malicious pickle payload to the ZMQ SUB socket consumed by MessageQueue.recv() in shm_broadcast.py. The vulnerability stems from unauthenticated, unvalidated pickle deserialization with no HMAC or format checks; no public exploit identified at time of analysis, but VulnCheck has published an advisory and AMD has merged an upstream fix.

RCE Deserialization Aiter
NVD GitHub VulDB
EPSS 0% CVSS 10.0
CRITICAL Act Now

Secret exfiltration in CloudPirates Open Source Helm Charts (prior to commit fcf9302) allows unauthenticated attackers to steal repository secrets, including Docker Hub credentials and tokens, by submitting a malicious fork pull request that triggers the pull-request.yaml GitHub Actions workflow in a privileged context. No public exploit is identified at time of analysis, but the attack pattern is a well-known pwn-request misconfiguration that requires no maintainer approval, and the CVSS score of 10.0 (Critical) with scope change reflects compromise of CI/CD secrets that extend beyond the workflow boundary.

Docker RCE Code Injection
NVD GitHub
EPSS 0% CVSS 10.0
CRITICAL Act Now

Credential exposure in CloudPirates Open Source Helm Charts (prior to commit fcf9302) allows attackers to steal a Personal Access Token and SSH signing key by submitting a malicious pull request that the vulnerable GitHub Actions workflow checks out and executes with privileged secrets. The repository's generate-schema.yaml workflow used unsafe pull_request_target patterns combined with checkout of fork-controlled code, enabling code injection into a privileged CI context. No public exploit identified at time of analysis, but the attack pattern is well-documented for this class of GitHub Actions misconfiguration.

RCE Code Injection Helm Charts
NVD GitHub
EPSS 0% CVSS 7.4
HIGH PATCH This Week

Tychon includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory that may be controllable by an unprivileged user on Windows. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required.

Microsoft RCE OpenSSL
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local code execution in Poppler's Splash rendering backend allows attackers to compromise applications that open attacker-supplied PDFs by triggering an integer overflow in tilingPatternFill that produces an undersized heap allocation and a subsequent out-of-bounds write. The flaw affects Poppler as shipped across Red Hat Enterprise Linux 6 through 10 and Red Hat Hardened Images, with impact including arbitrary code execution, information disclosure, or denial of service in the rendering process. No public exploit identified at time of analysis, and the CVSS 7.8 vector requires user interaction to open a malicious PDF.

Information Disclosure RCE Buffer Overflow +8
NVD VulDB
EPSS 0% CVSS 9.4
CRITICAL Act Now

Remote code execution in Disig Web Signer versions 2.0.3 through 2.5.3 allows network-adjacent attackers to execute arbitrary code on systems running this Slovak electronic signing client when a user performs a passive interaction (e.g., visiting a malicious page or processing a crafted signing request). The flaw was reported by Slovakia's National Security Authority (incident@nbu.gov.sk) and carries a CVSS 4.0 score of 9.4 (Critical) with both vulnerable and subsequent system impact rated High, indicating a likely scope-changing condition. There is no public exploit identified at time of analysis and the vulnerability is not currently listed in the CISA KEV catalog.

RCE Code Injection
NVD
EPSS 0% CVSS 9.2
CRITICAL POC PATCH Act Now

Remote code execution in Poly Voice products on Linux is possible through a stack-based buffer overflow reachable when administrators enable Interactive Connectivity Establishment (ICE). Unauthenticated network attackers can trigger the flaw without user interaction, and no public exploit has been identified at time of analysis. HP rates the issue at CVSS 4.0 9.2 (Critical), driven by network reachability and full confidentiality, integrity, and availability impact.

Buffer Overflow RCE Stack Overflow
NVD
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Reflected cross-site scripting in Vitest browser mode (@vitest/browser) allows attackers to execute arbitrary JavaScript in the Vitest server origin by luring a developer to a crafted /__vitest_test__/ URL with a malicious otelCarrier query parameter. Because the same page embeds VITEST_API_TOKEN used to authenticate the Vitest WebSocket API, the XSS chains into full Node-side remote code execution by writing to vite.config.ts and triggering a config reload. Publicly available exploit code exists in the vendor's GHSA-2h32-95rg-cppp advisory, though no public exploit identified at time of analysis in CISA KEV.

XSS Node.js RCE
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Arbitrary file read and remote code execution in Vitest versions prior to 4.1.0 allow remote unauthenticated attackers to read files outside the project directory on Windows and execute arbitrary scripts when the Vitest UI or Browser Mode API server is exposed to the network via the --api.host flag or api.host configuration option. The flaw stems from incorrect use of the deprecated isFileServingAllowed check, which can be bypassed using Windows-specific path syntax (\\?\\..\\), and is compounded by API features (saveTestFile + rerun, readFile/writeFile/saveSnapshotFile) that effectively grant script execution to anyone who can reach the API. Publicly available exploit code exists in the GHSA advisory PoC; no public exploit beyond that is identified at time of analysis.

Microsoft RCE Authentication Bypass
NVD GitHub
EPSS 0% CVSS 2.9
LOW PATCH Monitor

Deserialization restriction bypass in QOS.CH Sarl logback-core affects all versions through 1.5.33, allowing unauthenticated network attackers with the ability to influence serialized data to instantiate Java Proxy objects via SimpleSocketServer or SimpleSSLSocketServer. Despite the 'RCE' tag in source intelligence, the vendor explicitly states that no practical path to remote code execution or significant privilege escalation has been identified - this is a security boundary bypass of the HardenedObjectInputStream defense mechanism, not a full compromise vector. A proof-of-concept exists (CVSS E:P), though CVSS 4.0 scores the overall risk at 2.9 due to high attack complexity and prerequisite deployment conditions.

RCE Deserialization Logback
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

Unauthenticated remote code execution in Dassault Systèmes Teamwork Cloud (No Magic Release 2022x-2026x) and Magic Collaboration Studio (CATIA Magic Release 2022x-2026x) arises from unsafe deserialization of attacker-controlled data. The CVSS 9.8 vector indicates a network-reachable attack with no privileges or user interaction, yielding full confidentiality, integrity, and availability impact, though no public exploit identified at time of analysis and EPSS data was not provided.

RCE Deserialization
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Apache ActiveMQ Broker, ActiveMQ All, and ActiveMQ (versions before 5.19.7 and 6.0.0 before 6.2.6) allows authenticated attackers to bypass the CVE-2026-34197 fix using non-parenthesized discovery wrappers such as `masterslave:vm://...` and `static:vm://...`, which incorrectly pass validation and trigger the VM transport's brokerConfig parameter to load a remote Spring XML application context. The flaw abuses the Jolokia JMX-HTTP bridge at /api/jolokia/ to invoke BrokerService.addNetworkConnector/addConnector MBean operations, resulting in arbitrary code execution on the broker JVM. EPSS is low at 0.06% (19th percentile) and no public exploit identified at time of analysis, but the patch bypass nature and prior in-the-wild interest in ActiveMQ RCE chains warrant urgent patching.

Java RCE Apache +2
NVD VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Authenticated remote code execution in Apache ActiveMQ Classic (versions before 5.19.7 and 6.0.0 through 6.2.5) is achievable via the Jolokia JMX-HTTP bridge exposed at /api/jolokia/ on the web console. An authenticated attacker can invoke BrokerService.addNetworkConnector with a crafted masterslave:// discovery URI that loads a Spring XML application context, instantiating attacker-controlled singleton beans (e.g., Runtime.exec()) on the broker JVM. No public exploit identified at time of analysis and EPSS is low (0.06%), but the vendor-released patches and CVSS 8.1 score reflect a significant risk to message brokers exposing the web console.

Java RCE Apache
NVD VulDB
EPSS 0% CVSS 8.0
HIGH This Week

Heap buffer overflow in the MediaTek WLAN access point driver allows adjacent-network attackers with low-privilege user execution to corrupt memory and achieve remote code execution without user interaction. The flaw affects multiple MediaTek Wi-Fi chipsets commonly embedded in routers and access points (MT7615, MT7915, MT7916, MT7981, MT7986, MT7990, MT7992, MT7993, MT6890). No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Heap Overflow RCE Buffer Overflow +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in ESA AnomalyMatch before 1.3.1 allows local attackers with low privileges to run code under the application's process by planting a malicious PyTorch checkpoint into a session directory, which is loaded via torch.load() with weights_only=False. No public exploit is identified at time of analysis, but the upstream fix (PR #9) and a third-party advisory (imlabs.info) confirm the unsafe-deserialization root cause and the migration to safetensors.

Checkpoint RCE Deserialization +1
NVD GitHub
EPSS 0% CVSS 2.1
LOW POC Monitor

Code injection in Aider-AI Aider 0.86.3 Architect Mode enables authenticated remote attackers to execute arbitrary code via the `editor_coder.run` function in `auth.py`. A public proof-of-concept exploit is available via GitHub issue #5058, lowering the barrier to exploitation. No vendor patch exists as the project has not responded to the responsible disclosure, leaving all users of the affected version exposed with no official remediation path.

RCE Code Injection Aider
NVD VulDB GitHub
EPSS 0% CVSS 9.3
CRITICAL POC Act Now

Delta Sql 1.8.2 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to docs_upload.php with crafted multipart form. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Authentication Bypass +1
NVD Exploit-DB VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Remote code execution in the Spectra Gutenberg Blocks WordPress plugin (versions up to and including 2.19.25) allows authenticated users with Contributor-level access or higher to execute arbitrary PHP on the server by abusing the plugin's block rendering logic. The flaw stems from the plugin trusting attacker-controlled block attributes to register a fake uagb/-prefixed block type with an arbitrary render_callback, which is then invoked via call_user_func() when a second block of the same type is rendered in the same request. No public exploit identified at time of analysis, but the low privilege bar (Contributor is commonly granted to untrusted guest authors) makes this a high-priority issue for sites with open registration.

Privilege Escalation RCE WordPress
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Pre-authentication full account takeover in praisonai-platform (pip package, versions <= 0.1.2) allows remote unauthenticated attackers to forge JWTs for any user, including workspace owners and admins. The JWT signing key silently falls back to the hardcoded literal 'dev-secret-change-me' from the public GitHub source because the production-mode guard only triggers when PLATFORM_ENV is explicitly set to a non-default value, which default deployments do not do. Publicly available exploit code exists in the GHSA advisory itself, though no public exploit campaign or CISA KEV listing has been reported at time of analysis.

RCE Python
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Remote code execution in PraisonAI's first-party A2A server example (pip package <= 4.6.39) allows unauthenticated network attackers to execute arbitrary Python on the server process by sending a JSON-RPC message/send request to /a2a that drives the LLM-backed agent into invoking an eval()-based calculate tool. The chain combines three first-party defaults - no auth_token, 0.0.0.0 bind, and an eval()-backed example tool - and was confirmed end-to-end against a real Gemini model with a canary marker file write. No public exploit identified at time of analysis beyond the proof-of-concept in the advisory itself, and the issue is not in CISA KEV.

Denial Of Service RCE Code Injection +1
NVD GitHub
EPSS 0% CVSS 9.9
CRITICAL PATCH Act Now

Remote code execution in PraisonAI praisonaiagents <=1.6.39 and PraisonAI <=4.6.39 allows authenticated attackers to fully escape the execute_code() subprocess sandbox by leveraging print.__self__ to reach the real builtins module and reconstructing __import__ at runtime. The flaw defeats prior patches for CVE-2026-39888, CVE-2026-34938, and CVE-2026-40158, enabling arbitrary OS command execution on the host wherever agent input can be influenced via prompt injection or direct code submission. Publicly available exploit code exists in the GitHub Security Advisory (GHSA-4mr5-g6f9-cfrh), and EPSS/KEV signals are not yet published for this newly disclosed novel bypass.

Command Injection Node.js RCE +1
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

SSRF protection bypass in PraisonAI's spider_tools component (praisonaiagents <= 1.6.39, PraisonAI <= 4.6.39) allows an attacker who can influence URLs submitted to scrape_page(), crawl(), or extract_text() to reach loopback-only HTTP services by supplying alternate loopback address encodings such as octal IPv4, hex, decimal integer, or trailing-dot hostname forms. The _validate_url() function performs only exact-string blocklist checks against 'localhost' and '127.0.0.1', without DNS resolution, IP normalization, or post-connect address validation, causing the bypass. Publicly available exploit code (PoC) has been confirmed functional; no active exploitation via CISA KEV has been identified at time of analysis.

RCE SSRF Python
NVD GitHub
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Remote code execution in PraisonAI versions 2.0.0 through 4.6.39 allows attackers to execute arbitrary Python code via two unguarded spec.loader.exec_module call sites in agents_generator.py. The flaw is a sibling of CVE-2026-44334: the v4.6.32 chokepoint refactor added a PRAISONAI_ALLOW_LOCAL_TOOLS env-var gate to tool_override.py but missed the load_tools_from_module and load_tools_from_module_class sinks, which load arbitrary module paths from YAML agent configuration without validation. Publicly available exploit code exists (working PoC published with the advisory) and a fixed release is available in 4.6.40.

RCE Code Injection Python
NVD GitHub
EPSS 1%
HIGH PATCH This Week

Remote code execution in the ouroboros-ai Python package (versions prior to 0.39.0) allows attackers to execute arbitrary code on a developer's machine when the victim clones a malicious repository and runs any Ouroboros command from that directory. The CLI loads a project-local `.env` file and previously honored execution-affecting variables such as `OUROBOROS_CLI_PATH` and `OPENCODE_CLI_PATH`, letting an attacker redirect adapter execution to a script shipped in the repo. No public exploit identified at time of analysis, but the PR diff illustrates the exact technique and the attack requires only standard developer workflow actions.

RCE
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap buffer overflow write in FreeRDP's server-side clipboard (cliprdr) channel allows a malicious RDP client to crash server processes and potentially achieve remote code execution against FreeRDP versions prior to 3.26.0. The flaw is triggered by a malformed CB_CLIP_CAPS PDU with an undersized capabilitySetLength field, corrupting heap memory after authentication. No public exploit identified at time of analysis, but the CVSS 8.8 rating and heap corruption nature make this a high-priority patch for any RDP server deployment using FreeRDP.

Heap Overflow RCE Buffer Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap buffer overflow write in FreeRDP client versions prior to 3.26.0 allows a malicious RDP server to corrupt client memory and potentially achieve code execution when the victim connects with RDPGFX enabled. The flaw resides in gdi_CacheToSurface, where validation uses a clamped destination rectangle while the actual copy uses unclamped cacheEntry width/height values, enabling a large out-of-bounds heap write. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Heap Overflow RCE Buffer Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Sandbox escape in FastGPT's JavaScript code execution worker allows authenticated remote attackers to execute arbitrary OS commands inside the sandbox container by bypassing a regex-based blocklist. The sandbox at projects/code-sandbox/src/pool/worker.ts:356 blocks dynamic import() using a regex that matches only ASCII whitespace between 'import' and '(', failing to account for JavaScript's syntactically valid block comment syntax - the payload import/**/("child_process") parses correctly by the JS engine but evades the regex entirely. Because the safeRequire Proxy only intercepts require() and not native ES import(), the attacker gains direct access to child_process and execSync as uid=100(sandbox). No public exploit identified at time of analysis, but the bypass technique is fully documented in the vendor advisory and is trivially reproducible by any authenticated user.

RCE Code Injection Fastgpt
NVD GitHub VulDB
EPSS 0% CVSS 4.5
MEDIUM PATCH This Month

Template injection (SSTI) in JetBrains IntelliJ IDEA's Copyright plugin before version 2026.1 enables local code execution when a victim interacts with a maliciously crafted copyright template. The flaw, rooted in CWE-1336 (improper neutralization of template engine special elements), requires both local access and user interaction, and carries a CVSS score of 4.5 (Medium) reflecting these significant constraints. No public exploit or CISA KEV listing has been identified at time of analysis.

Ssti RCE
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Remote code execution in JetBrains TeamCity versions prior to 2026.1 is achievable by authenticated users who can configure Perforce connection settings on a build project. The flaw, classified as CWE-88 (argument injection), allows attackers with project configuration privileges to inject arguments through Perforce VCS root parameters, leading to command execution on the TeamCity server. No public exploit identified at time of analysis, and the EPSS/KEV signals were not provided in the source intelligence.

RCE Teamcity
NVD VulDB
EPSS 0% CVSS 10.0
CRITICAL PATCH Act Now

Sandbox escape leading to remote code execution in vm2 NodeVM versions 3.11.3 and earlier allows attackers running untrusted JavaScript inside the sandbox to break out via two missing entries in the dangerous-builtin denylist: `process` (whose `getBuiltinModule()` reloads any core module, including `child_process`) and `inspector/promises` (whose `Session().post('Runtime.evaluate', ...)` evaluates code in the host realm). The flaw is exploitable only when the embedder allows `process`, `inspector/promises`, or wildcard `*` in `require.builtin`. Publicly available exploit code exists (PoC published with the advisory), and a patch is available in vm2 3.11.4; no public exploit identified at time of analysis as actively used in the wild.

Node.js RCE Red Hat
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Sandbox escape in vm2 (npm package, versions <= 3.11.3) allows arbitrary code execution in the Node.js host process when untrusted code is run on runtimes exposing WebAssembly JSPI (Node 24 with --experimental-wasm-jspi, or Node 26+ by default). A working PoC demonstrates that a JSPI-backed Promise reaches host-realm Promise.prototype.finally without bridge interposition, letting attacker-controlled species logic walk a rejection object's constructor chain to host process and execute arbitrary commands. No public exploit identified as actively used in the wild, but a complete weaponized PoC is published in the GHSA advisory.

Node.js RCE Red Hat
NVD GitHub VulDB
EPSS 0% CVSS 10.0
CRITICAL PATCH Act Now

Sandbox escape in vm2 (npm package, versions <= 3.11.3) allows full remote code execution by bypassing the GHSA-8hg8-63c5-gwmx (CVE-2023-37903) patch through omission of the require option when nesting:true is set. Publicly available exploit code exists in the GHSA advisory itself, and with a CVSS of 10.0 (AV:N/AC:L/PR:N/UI:N/S:C) any application passing untrusted code to a NodeVM configured this way is trivially compromised on the host.

RCE Red Hat
NVD GitHub VulDB
Prev Page 13 of 355 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy