Skip to main content

RCE

31887 CVEs technique

Monthly

CVE-2026-22615 MEDIUM PATCH This Month

Eaton Intelligent Power Protector (IPP) software allows authenticated administrators with local system access to execute arbitrary commands via XML input validation bypass, requiring user interaction. The vulnerability impacts all versions of IPP software prior to the latest patched release available on Eaton's download center. CVSS score of 6.0 reflects high integrity and availability impact but is constrained by elevated privilege requirements and high attack complexity.

RCE Ipp Software
NVD VulDB
CVSS 3.1
6.0
EPSS
0.0%
CVE-2026-6350 CRITICAL PATCH Act Now

Remote unauthenticated code execution in Openfind MailGates (5.0-6.0) and MailAudit (5.0-6.0) via stack-based buffer overflow allows complete system compromise. Attackers can send crafted network requests to exploit CWE-121 buffer overflow conditions without authentication, achieving arbitrary code execution with high impact to confidentiality, integrity, and availability. Vendor patches available (MailGates 6.1.10.054, 5.2.10.099; MailAudit 6.1.10.054, 5.2.10.099). CVSS 9.3 with network attack vector (AV:N), low complexity (AC:L), and no privileges required (PR:N) creates critical exposure for internet-facing mail security appliances. EPSS data unavailable; no confirmed active exploitation or public POC identified at time of analysis.

Stack Overflow Buffer Overflow RCE Mailgates Mailaudit
NVD VulDB
CVSS 4.0
9.3
EPSS
0.1%
CVE-2026-6348 CRITICAL Act Now

WinMatrix agent escalates privileges to SYSTEM without authentication, enabling authenticated local users to execute arbitrary code with full administrative control on both the local machine and all networked hosts where the agent is deployed. This environmental spread capability (CVSS scope change: H) transforms a local vulnerability into an enterprise-wide threat. Taiwan CERT issued advisories in January 2026 for versions 3.5.13 through 3.5.26.15. No public exploit identified at time of analysis, but CVSS 9.3 reflects catastrophic potential impact given the agent's privileged access and network propagation capability. EPSS data not available for new 2026 CVE.

Authentication Bypass RCE Winmatrix
NVD
CVSS 4.0
9.3
EPSS
0.0%
CVE-2026-40505 MEDIUM PATCH This Month

MuPDF mutool fails to sanitize PDF metadata before displaying it in terminal output, allowing local attackers to inject ANSI escape sequences through crafted PDF files. When a user runs mutool info on a malicious PDF, embedded escape codes can clear the terminal and display fabricated text for social engineering attacks such as fake login prompts or spoofed shell commands. This is a low-severity local vulnerability (CVSS 3.3) requiring user interaction, with a vendor-released patch available.

RCE Mupdf
NVD GitHub
CVSS 4.0
4.8
EPSS
0.0%
CVE-2026-40504 CRITICAL PATCH Act Now

Heap buffer overflow in Creolabs Gravity scripting language before 0.9.6 enables remote code execution when applications evaluate untrusted scripts containing many string literals at global scope. The vulnerability stems from insufficient bounds checking in gravity_fiber_reassign(), allowing heap metadata corruption. VulnCheck disclosed this issue with a vendor-released patch (commit 18b9195) available. CVSS 9.3 reflects the critical network-accessible, unauthenticated attack vector. No active exploitation (CISA KEV) or public POC identified at time of analysis, but technical details in GitHub issue #437 could facilitate exploit development.

Heap Overflow Buffer Overflow RCE Gravity
NVD GitHub
CVSS 4.0
9.3
EPSS
0.1%
CVE-2026-40316 HIGH This Week

OWASP BLT is a QA testing and vulnerability disclosure platform that encompasses websites, apps, git repositories, and more. Versions prior to 2.1.1 contain an RCE vulnerability in the .github/workflows/regenerate-migrations.yml workflow. The workflow uses the pull_request_target trigger to run with full GITHUB_TOKEN write permissions, copies attacker-controlled files from untrusted pull requests into the trusted runner workspace via git show, and then executes python manage.py makemigrations, which imports Django model modules including attacker-controlled website/models.py at runtime. Any module-level Python code in the attacker's models.py is executed during import, enabling arbitrary code execution in the privileged CI environment with access to GITHUB_TOKEN and repository secrets. The attack is triggerable by any external contributor who can open a pull request, provided a maintainer applies the regenerate-migrations label, potentially leading to secret exfiltration, repository compromise, and supply chain attacks. A patch for this issue is expected to be released in version 2.1.1.

Code Injection Python RCE
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-6385 MEDIUM PATCH This Month

A flaw was found in FFmpeg. A remote attacker could exploit this vulnerability by providing a specially crafted MPEG-PS/VOB media file containing a malicious DVD subtitle stream. This vulnerability is caused by a signed integer overflow in the DVD subtitle parser's fragment reassembly bounds checks, leading to a heap out-of-bounds write. Successful exploitation can result in a denial of service (DoS) due to an application crash, and potentially lead to arbitrary code execution.

Denial Of Service Integer Overflow Buffer Overflow RCE Red Hat +1
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-6384 HIGH PATCH This Week

A flaw was found in gimp. This buffer overflow vulnerability in the GIF image loading component's `ReadJeffsImage` function allows an attacker to write beyond an allocated buffer by processing a specially crafted GIF file. This can lead to a denial of service or potentially arbitrary code execution.

Denial Of Service Buffer Overflow RCE Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 +2
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-6319 HIGH PATCH This Week

Remote code execution in Google Chrome on Android versions prior to 147.0.7727.101 is possible through a use-after-free vulnerability in the Payments feature. Attackers who successfully convince users to perform specific UI interactions on a malicious webpage can achieve arbitrary code execution with high impact to confidentiality, integrity, and availability. The vulnerability requires high attack complexity and user interaction (CVSS:3.1/AV:N/AC:H/PR:N/UI:R), indicating social engineering is necessary. Google has released Chrome 147.0.7727.101 to address this issue. No evidence of active exploitation (not in CISA KEV) or public proof-of-concept code has been identified at time of analysis.

Use After Free Memory Corruption Google Denial Of Service RCE +1
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-6318 HIGH PATCH This Week

Arbitrary code execution within Chrome's sandbox affects all versions prior to 147.0.7727.101 via crafted HTML pages exploiting a use-after-free in codec processing. Remote attackers require user interaction (visiting a malicious page) but need no authentication. CVSS 8.8 (High) with network attack vector, low complexity, and high impact across confidentiality, integrity, and availability. Google patched this in the stable channel update released April 15, 2026. No public exploit code or CISA KEV listing identified at time of analysis, though Chromium issue tracker #495996858 indicates vendor-confirmed vulnerability. The sandbox containment limits initial exploitation to Chrome's restricted environment, not direct system compromise.

Use After Free Memory Corruption Google Denial Of Service RCE +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-6317 HIGH PATCH This Week

Use after free in Cast in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Use After Free Memory Corruption Google Denial Of Service RCE +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-6361 HIGH PATCH This Week

Heap buffer overflow in PDFium in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High)

Microsoft Google Heap Overflow Buffer Overflow RCE +1
NVD VulDB
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-6316 HIGH PATCH This Week

Use after free in Forms in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Use After Free Memory Corruption Google Denial Of Service RCE +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-6315 HIGH PATCH This Week

Use after free in Permissions in Google Chrome on Android prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Use After Free Memory Corruption Google Denial Of Service RCE +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-6308 HIGH PATCH This Week

Out-of-bounds read in Google Chrome's media component (versions prior to 147.0.7727.101) enables remote code execution when attackers convince users to perform specific UI interactions on a malicious HTML page. Google rated this high severity and released Chrome 147.0.7727.101 as a fix. No active exploitation confirmed via CISA KEV at time of analysis, though CVSS 7.5 reflects significant impact if user interaction prerequisite is met. The UI gesture requirement and high attack complexity (AC:H) reduce automated exploitation risk compared to interaction-free vulnerabilities.

Information Disclosure Buffer Overflow RCE Google Chrome
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-6307 HIGH PATCH This Week

Type Confusion in Turbofan in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Memory Corruption RCE Google Red Hat Suse +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-6306 HIGH PATCH This Week

Heap buffer overflow in Google Chrome's PDFium library (versions prior to 147.0.7727.101) enables remote code execution within the Chrome sandbox when a victim opens a malicious PDF file. Despite CVSS 8.8 severity, exploitation requires user interaction (opening a crafted PDF) and is confined to the sandbox, limiting system-level impact. Vendor patch available in Chrome 147.0.7727.101. No active exploitation confirmed (not in CISA KEV), no public POC identified at time of analysis. EPSS data not provided.

Heap Overflow Buffer Overflow RCE Google Chrome
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-6305 HIGH PATCH This Week

Heap buffer overflow in PDFium in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High)

Heap Overflow Buffer Overflow RCE Google Chrome
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-6303 HIGH PATCH This Week

Arbitrary code execution within Google Chrome's sandbox affects all versions prior to 147.0.7727.101 through a use-after-free vulnerability in the codec processing components. Remote attackers can exploit this by tricking users into visiting a malicious webpage, achieving high-severity compromise of confidentiality, integrity, and availability within the sandboxed renderer process. Google has released version 147.0.7727.101 as a stable channel update to address this flaw. No evidence of active exploitation (not in CISA KEV) or public exploit code has been identified at time of analysis, though the simplicity of the attack vector (network-based, low complexity, requiring only user interaction) warrants prioritized patching.

Use After Free Memory Corruption Google Denial Of Service RCE +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-6302 HIGH PATCH This Week

Use after free in Video in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Use After Free Memory Corruption Google Denial Of Service RCE +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-6301 HIGH PATCH This Week

Type Confusion in Turbofan in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Memory Corruption RCE Google Chrome
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-6300 HIGH PATCH This Week

Use after free in CSS in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Use After Free Memory Corruption Google Denial Of Service RCE +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-6299 HIGH PATCH This Week

Use after free in Prerender in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)

Use After Free Memory Corruption Google Denial Of Service RCE +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-40915 MEDIUM PATCH This Month

A flaw was found in GIMP. A remote attacker could exploit an integer overflow vulnerability in the FITS image loader by providing a specially crafted FITS file. This integer overflow leads to a zero-byte memory allocation, which is then subjected to a heap buffer overflow when processing pixel data. Successful exploitation could result in a denial of service (DoS) or potentially arbitrary code execution.

Denial Of Service Integer Overflow Buffer Overflow RCE Red Hat Enterprise Linux 6 +3
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-34632 HIGH This Week

Adobe Photoshop Installer was affected by an Uncontrolled Search Path Element vulnerability that could have resulted in arbitrary code execution in the context of the current user. A low-privileged local attacker could have exploited this vulnerability by manipulating the search path used by the application to locate critical resources, potentially causing unauthorized code execution. Exploitation of this issue required user interaction in that a user had to be running the installer.

RCE Adobe Adobe Photoshop Installer
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-33435 PyPI HIGH PATCH GHSA This Week

Weblate is a web based localization tool. In versions prior to 5.17, the project backup didn't filter Git and Mercurial configuration files which could lead to remote code execution under certain circumstances. This issue has been fixed in version 5.17. If developers are unable to update immediately, they can limit the scope of the vulnerability by restricting access to the project backup, as it is only accessible to users who can create projects.

RCE Weblate
NVD GitHub
CVSS 3.1
8.0
EPSS
0.3%
CVE-2026-5758 npm MEDIUM PATCH This Month

JavaScript is vulnerable to prototype pollution in Mafintosh's protocol-buffers-schema Version 3.6.0, where an attacker may alter the application logic, bypass security checks, cause a DoS or achieve remote code execution.

RCE Red Hat
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-20204 HIGH PATCH This Week

In Splunk Enterprise versions below 10.2.1, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0, 10.3.2512.5, 10.2.2510.9, 10.1.2507.19, 10.0.2503.13, and 9.3.2411.127, a low-privileged user that does not hold the `admin` or `power` Splunk roles could potentially perform a Remote Code Execution (RCE) by uploading a malicious file to the `$SPLUNK_HOME/var/run/splunk/apptemp` directory due to improper handling and insufficient isolation of temporary files within the `apptemp` directory.

RCE Splunk Enterprise Splunk Cloud Platform
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2026-4682 HIGH This Week

Certain HP DeskJet All in One devices may be vulnerable to remote code execution caused by a buffer overflow when specially crafted Web Services for Devices (WSD) scan requests are improperly validated and handled by the MFP. WSD Scan is a Microsoft Windows-based network scanning protocol that allows a PC to discover scanners (and MFPs) on a network and send scan jobs to them without requiring vendor specific drivers or utilities.

HP RCE Buffer Overflow Stack Overflow Microsoft
NVD VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-4145 HIGH PATCH This Week

During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix that could allow a local authenticated user to perform arbitrary code execution with elevated privileges.

Lenovo RCE
NVD VulDB
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-1555 CRITICAL Act Now

Unrestricted file upload in WebStack WordPress theme allows unauthenticated remote code execution. The io_img_upload() function in all versions through 1.2024 lacks file type validation, enabling unauthenticated attackers to upload malicious files (e.g., PHP shells) directly to the server. No public exploit identified at time of analysis, but EPSS score and attack complexity (CVSS AC:L) indicate straightforward exploitation. Critical severity (CVSS 9.8) warranted due to complete system compromise potential with zero authentication barriers.

WordPress RCE File Upload
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-1509 MEDIUM This Month

Arbitrary WordPress action execution in Avada (Fusion) Builder plugin versions up to 3.15.1 allows authenticated attackers with Subscriber-level access to invoke unvalidated WordPress action hooks via the Dynamic Data feature, potentially enabling privilege escalation, file inclusion, denial of service, or remote code execution depending on available hooks in the WordPress installation. The vulnerability stems from the `output_action_hook()` function accepting user-controlled input without authorization checks. No public exploit code or active exploitation has been confirmed at time of analysis.

Denial Of Service RCE WordPress Privilege Escalation Code Injection
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-54550 PyPI HIGH PATCH GHSA This Week

The example example_xcom that was included in airflow documentation implemented unsafe pattern of reading value from xcom in the way that could be exploited to allow UI user who had access to modify XComs to perform arbitrary execution of code on the worker. Since the UI users are already highly trusted, this is a Low severity vulnerability. It does not affect Airflow release - example_dags are not supposed to be enabled in production environment, however users following the example could replicate the bad pattern. Documentation of Airflow 3.2.0 contains version of the example with improved resiliance for that case. Users who followed that pattern are advised to adjust their implementations accordingly.

Code Injection RCE Apache Airflow
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-30624 HIGH This Week

Agent Zero 0.9.8 contains a remote code execution vulnerability in its External MCP Servers configuration feature. The application allows users to define MCP servers using a JSON configuration containing arbitrary command and args values. These values are executed by the application when the configuration is applied without sufficient validation or restriction. An attacker may supply a malicious MCP configuration to execute arbitrary operating system commands, potentially resulting in remote code execution with the privileges of the Agent Zero process.

Command Injection RCE
NVD
CVSS 3.1
8.6
EPSS
0.2%
CVE-2026-30616 HIGH This Week

Jaaz 1.0.30 contains a remote code execution vulnerability in its MCP STDIO command execution handling. A remote attacker can send crafted network requests to the network-accessible Jaaz application, causing attacker-controlled commands to be executed on the server. Successful exploitation results in arbitrary command execution within the context of the Jaaz service, potentially allowing full compromise of the affected system.

Command Injection RCE
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2024-53412 Go HIGH GHSA This Week

Command injection in the connect function in NietThijmen ShoppingCart 0.0.2 allows an attacker to execute arbitrary shell commands and achieve remote code execution via injection of malicious. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE
NVD GitHub VulDB
CVSS 3.1
8.4
EPSS
0.1%
CVE-2026-30625 PyPI CRITICAL PATCH GHSA Act Now

Upsonic 0.71.6 contains a remote code execution vulnerability in its MCP server/task creation functionality. The application allows users to define MCP tasks with arbitrary command and args values. Although an allowlist exists, certain allowed commands (npm, npx) accept argument flags that enable execution of arbitrary OS commands. Maliciously crafted MCP tasks may lead to remote code execution with the privileges of the Upsonic process. In version 0.72.0 Upsonic added a warning about using Stdio servers being able to execute commands directly on the machine.

Command Injection RCE Node.js
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-30617 HIGH This Week

LangChain-ChatChat 0.3.1 contains a remote code execution vulnerability in its MCP STDIO server configuration and execution handling. A remote attacker can access the publicly exposed MCP management interface and configure an MCP STDIO server with attacker-controlled commands and arguments. When the MCP server is started and MCP is enabled for agent execution, subsequent agent activity triggers execution of arbitrary commands on the server. Successful exploitation allows arbitrary command execution within the context of the LangChain-ChatChat service.

Command Injection RCE
NVD
CVSS 3.1
8.6
EPSS
0.1%
CVE-2026-30461 HIGH This Week

Daylight Studio FuelCMS v1.5.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the /controllers/Installer.php and the function add_git_submodule.

PHP Command Injection RCE N A
NVD GitHub VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-30993 CRITICAL Act Now

Slah CMS v1.5.0 and below was discovered to contain a remote code execution (RCE) vulnerability in the session() function at config.php. This vulnerability is exploitable via a crafted input.

PHP Code Injection RCE
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-39399 CRITICAL Act Now

Cross-package metadata injection in NuGet Gallery backend allows authenticated attackers to achieve remote code execution and arbitrary blob storage writes through crafted .nuspec files. Attackers exploit URI fragment injection via unsanitized package identifiers to control blob paths in the storage container, enabling tampering of existing content beyond .nupkg files. CVSS 9.6 (Critical) with network attack vector, low complexity, and scope change. Vendor-released patch available in commit 0e80f87628349207cdcaf55358491f8a6f1ca276. No public exploit identified at time of analysis.

RCE
NVD GitHub
CVSS 3.1
9.6
EPSS
0.3%
CVE-2026-39387 HIGH This Week

Local File Inclusion in BoidCMS versions prior to 2.1.3 enables authenticated administrators to execute arbitrary PHP code via path traversal in the tpl parameter combined with file upload. The vulnerability chains unsanitized require_once() inclusion with media upload functionality, allowing attackers to upload malicious files and force their execution with web server privileges. Vendor-released patch available in version 2.1.3. CVSS 7.2 reflects high-privilege requirement (administrator access), but exploitation complexity is low once authenticated. No CISA KEV listing or public exploit code identified at time of analysis.

RCE LFI PHP File Upload Path Traversal
NVD GitHub
CVSS 3.1
7.2
EPSS
0.2%
CVE-2026-27298 HIGH This Week

Arbitrary code execution in Adobe FrameMaker 2022.8 and earlier allows local attackers to execute code with current user privileges via maliciously crafted files. The type confusion vulnerability (CWE-843) requires user interaction to open a weaponized document. CVSS 7.8 (High) reflects significant impact (full confidentiality, integrity, availability compromise) once exploitation succeeds. No public exploit identified at time of analysis, though the local attack vector and user interaction requirement reduce immediate remote exploitation risk.

RCE Memory Corruption Adobe
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-27297 HIGH This Week

Arbitrary code execution in Adobe FrameMaker 2022.8 and earlier allows local attackers to execute code in user context by delivering malicious FrameMaker documents that trigger integer underflow during file parsing. Attack requires social engineering to convince targets to open crafted files. No public exploit identified at time of analysis, though CVSS 7.8 severity reflects high impact across confidentiality, integrity, and availability if successfully exploited.

Integer Overflow RCE Adobe
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-27296 HIGH This Week

Arbitrary code execution in Adobe FrameMaker 2022.8 and earlier allows local attackers to execute malicious code with current user privileges through specially crafted files exploiting an integer underflow. Attack requires user interaction (opening a malicious file). CVSS 7.8 (High) reflects local attack vector with low complexity. No public exploit identified at time of analysis, and EPSS data not provided. Vendor advisory available at Adobe PSIRT (APSB26-36).

Integer Overflow RCE Adobe
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-27295 HIGH This Week

Out-of-bounds write in Adobe FrameMaker 2022.8 and earlier enables arbitrary code execution when users open specially crafted malicious files. The vulnerability achieves full confidentiality, integrity, and availability impact (CVSS 7.8 HIGH) but requires local access and user interaction, limiting immediate risk. No public exploit identified at time of analysis, and exploitation requires social engineering to deliver the malicious file to victims.

Buffer Overflow RCE Memory Corruption Adobe
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-27293 HIGH This Week

Heap-based buffer overflow in Adobe FrameMaker 2022.8 and earlier enables arbitrary code execution with high integrity and confidentiality impact when users open specially crafted malicious files. Attack requires local access and user interaction (CVSS 7.8, AV:L/UI:R), limiting remote exploitation scenarios. No public exploit identified at time of analysis. EPSS data not available, and vulnerability not listed in CISA KEV, suggesting exploitation remains theoretical despite the high CVSS score.

Heap Overflow Buffer Overflow RCE Adobe
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-27292 HIGH This Week

Arbitrary code execution in Adobe FrameMaker 2022.8 and earlier allows local attackers to execute malicious code with current user privileges by tricking victims into opening specially crafted files. This use-after-free memory corruption vulnerability requires no authentication but depends on user interaction. No confirmed active exploitation (not in CISA KEV) or public proof-of-concept identified at time of analysis, though the local attack vector and user interaction requirement reduce immediate remote threat surface compared to network-accessible vulnerabilities.

Denial Of Service RCE Memory Corruption Adobe Use After Free
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-27290 HIGH This Week

Arbitrary code execution in Adobe FrameMaker 2022.8 and earlier via DLL hijacking/search path manipulation allows local attackers to run malicious code in user context without interaction. CVSS 8.6 severity stems from changed scope and high confidentiality/integrity/availability impact despite local attack vector. No public exploit identified at time of analysis. EPSS data not available for this recent CVE. Vendor patch released per Adobe Security Bulletin APSB26-36.

RCE Adobe
NVD
CVSS 3.1
8.6
EPSS
0.0%
CVE-2026-40320 PyPI MEDIUM PATCH GHSA This Month

Remote code execution in giskard-checks through server-side template injection (SSTI) in the ConformityCheck class allows arbitrary Python code execution when the rule parameter is processed via unsandboxed Jinja2 template rendering. Affected versions prior to 1.0.2b1 silently interpret rule strings as Jinja2 templates, enabling attackers with write access to check definitions or configuration files to inject malicious template expressions that execute during test suite execution. Exploitation requires local file write access and subsequent developer execution of the test suite, but the implicit template evaluation increases risk when untrusted check definitions are integrated from shared projects or external sources.

RCE Ssti Python
NVD GitHub VulDB
CVSS 4.0
5.4
EPSS
0.0%
CVE-2026-39971 PHP HIGH PATCH GHSA This Week

SMTP header injection in Serendipity CMS allows remote unauthenticated attackers to inject arbitrary email headers via malicious Host header during email-triggering operations (comments, subscriptions, password resets). The unsanitized $_SERVER['HTTP_HOST'] value is embedded directly into Message-ID headers without validation, enabling BCC injection, email spoofing, and reply hijacking. CVSS 7.2 with Changed scope indicates cross-domain impact. EPSS data not available; no public exploit identified at time of analysis, though a detailed proof-of-concept exists in the GitHub security advisory demonstrating successful header injection via comment submission.

PHP RCE
NVD GitHub
CVSS 3.1
7.2
EPSS
0.0%
CVE-2026-39884 npm HIGH PATCH GHSA This Week

Command injection in mcp-server-kubernetes port_forward function allows authenticated network attackers to expose internal Kubernetes services to external networks or bypass namespace restrictions. The vulnerability (CVSS 8.3) stems from unsafe string concatenation and space-splitting of kubectl arguments, enabling arbitrary flag injection via fields like resourceName or namespace. Attackers can inject '--address=0.0.0.0' to bind port-forwards on all network interfaces, exposing databases and internal APIs beyond localhost. Affects mcp-server-kubernetes <= 3.4.0. No public exploit identified at time of analysis, though exploitation requires only low complexity (AC:L) with authenticated access (PR:L).

RCE Kubernetes
NVD GitHub
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-39842 Maven CRITICAL PATCH GHSA Act Now

Remote code execution as root in OpenRemote IoT platform's rules engine (versions prior to 1.20.3) allows authenticated non-superuser attackers with write:rules role to execute arbitrary Java code via unsandboxed JavaScript rulesets. The vulnerability stems from Nashorn ScriptEngine.eval() executing user-supplied JavaScript without ClassFilter restrictions, enabling Java.type() access to any JVM class including java.lang.Runtime. Attackers can compromise the entire multi-tenant platform, steal c

Information Disclosure RCE Apple Docker Deserialization +5
NVD GitHub
CVSS 3.1
9.9
EPSS
0.1%
CVE-2026-33414 Go MEDIUM PATCH GHSA This Month

Command injection in Podman's HyperV machine backend allows local administrators with high privileges to execute arbitrary PowerShell commands at SYSTEM level on Windows hosts by crafting a malicious VM image path containing PowerShell subexpression syntax. The vulnerability affects Podman v4 and v5 on Windows only; a vendor patch is available via commit 571c842.

Command Injection RCE Microsoft
NVD GitHub VulDB
CVSS 4.0
4.0
EPSS
0.0%
CVE-2026-35031 CRITICAL PATCH NEWS Act Now

Remote code execution as root in Jellyfin media server versions prior to 10.11.7 allows authenticated users with 'Upload Subtitles' permission to execute arbitrary code through a multi-stage attack chain exploiting path traversal in subtitle uploads, arbitrary file write, and ld.so.preload manipulation. CVSS 9.9 (Critical) reflects the complete system compromise potential. EPSS data not available. Not listed in CISA KEV, indicating no confirmed active exploitation at time of analysis. Attack requires low-privilege authenticated access but can escalate to full root-level code execution.

Privilege Escalation RCE Path Traversal Jellyfin
NVD GitHub
CVSS 3.1
9.9
EPSS
0.2%
CVE-2026-34631 HIGH This Week

Arbitrary code execution in Adobe InCopy 20.5.2, 21.2 and earlier allows unauthenticated local attackers to execute malicious code with the victim's privileges through a specially crafted file. The vulnerability stems from an out-of-bounds write (CWE-787) triggering memory corruption. Exploitation requires the victim to open a malicious document, making this a viable social engineering vector. No public exploit identified at time of analysis, though the vulnerability's local attack vector and user interaction requirement moderately constrain immediate risk.

Buffer Overflow RCE Memory Corruption Incopy
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-33020 HIGH PATCH This Week

Heap buffer overflow in libsixel 1.8.7 and earlier allows local attackers to achieve arbitrary code execution by providing a maliciously crafted large palettised PNG image that triggers integer overflow in RGB888 conversion routines. The vulnerability requires user interaction to process the malicious image but no authentication. EPSS data not available; no public exploit identified at time of analysis, though the technical details in the advisory provide sufficient information for weaponization. Vendor-released patch: version 1.8.7-r1.

Heap Overflow Buffer Overflow RCE Libsixel
NVD GitHub VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-33018 HIGH PATCH This Week

Heap use-after-free in libsixel 1.8.7 and earlier allows local code execution when processing malicious animated GIF files through the sixel_helper_load_image_file() API with multi-frame callbacks. The vulnerability triggers when gif_init_frame() unconditionally frees and reallocates frame->pixels between frames while client code retains references via the documented sixel_frame_ref() API, creating dangling pointers confirmed by AddressSanitizer. Fixed in version 1.8.7-r1. No public exploit iden

Use After Free RCE Memory Corruption Libsixel
NVD GitHub
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-27306 HIGH This Week

Arbitrary code execution in Adobe ColdFusion 2023.18, 2025.6 and earlier allows authenticated attackers with high privileges to execute malicious code through improper input validation. Exploitation requires user interaction (victim opening a malicious file). EPSS data not available; no confirmed active exploitation (not in CISA KEV). CVSS 8.4 reflects high impact across confidentiality, integrity, and availability with scope change, though real-world risk is constrained by requiring both elevated privileges and user interaction.

RCE Coldfusion
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-27304 CRITICAL Act Now

Remote code execution in Adobe ColdFusion 2023.18, 2025.6 and earlier allows unauthenticated adjacent network attackers to execute arbitrary code via improper input validation. The vulnerability requires no user interaction and achieves scope change, enabling attackers to break out of security boundaries. CVSS 9.3 (Critical). No confirmed active exploitation or public POC identified at time of analysis, but the combination of zero authentication requirements and code execution impact makes this a high-priority patching target for ColdFusion deployments.

RCE Coldfusion
NVD VulDB
CVSS 3.1
9.3
EPSS
0.0%
CVE-2026-33023 HIGH PATCH This Week

Use-after-free in libsixel's gdk-pixbuf2 loader enables local attackers to achieve code execution via crafted images. Affects libsixel versions through 1.8.7 when compiled with --with-gdk-pixbuf2 option. The vulnerability stems from inconsistent memory management in load_with_gdkpixbuf(), which manually frees reference-counted frame objects, leaving dangling pointers that callbacks can access post-cleanup. CVSS 7.8 (High) with local attack vector requiring user interaction. Fixed in version 1.8.7-r1. No confirmed active exploitation (CISA KEV), though proof-of-concept feasibility is high given the deterministic nature of the memory corruption.

Information Disclosure RCE Memory Corruption Buffer Overflow Use After Free +1
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-33021 HIGH PATCH This Week

Use-after-free in libsixel 1.8.7 and earlier enables local attackers to crash applications or execute arbitrary code via crafted SIXEL image frames. The vulnerability occurs when sixel_encoder_encode_bytes() processes resize operations that free caller-owned pixel buffers, creating dangling pointers exploitable through repeated, predictable frame manipulation. EPSS data not available; no confirmed active exploitation (not in CISA KEV), but the technical details suggest reliable exploitation potential for local privilege escalation or RCE scenarios.

Use After Free RCE Memory Corruption Libsixel
NVD GitHub
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-24893 HIGH PATCH This Week

Remote code execution in openITCOCKPIT Community Edition (versions prior to 5.5.2) allows authenticated users with host management permissions to execute arbitrary OS commands on the monitoring backend via command injection in host address fields. The vulnerability stems from unsanitized user input being expanded into Nagios/Icinga monitoring command templates and executed via shell, enabling full system compromise. CVSS score of 8.8 reflects network-accessible attack with low complexity requiring only low-privilege authentication. No public exploit identified at time of analysis, with EPSS data unavailable for this recently disclosed CVE.

Command Injection RCE Openitcockpit
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2026-34630 HIGH This Week

Heap-based buffer overflow in Adobe Bridge 16.0.2, 15.1.4, and earlier versions enables arbitrary code execution with victim's privileges when processing maliciously crafted files. Attack requires local access and user interaction (opening a weaponized file). CVSS 7.8 (High) reflects significant impact but local-only attack vector. No public exploit identified at time of analysis, and exploitation probability remains moderate given the user interaction requirement and local access constraint.

Heap Overflow Buffer Overflow RCE Bridge
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-34618 HIGH This Week

Arbitrary code execution in Adobe Illustrator 30.2, 29.8.5 and earlier versions allows unauthenticated local attackers to execute malicious code with current user privileges via crafted file exploitation. The vulnerability requires user interaction (opening a malicious file) but has low attack complexity once delivered. No public exploit identified at time of analysis, with EPSS data unavailable for risk quantification. The out-of-bounds write flaw affects memory management during file parsing operations.

Buffer Overflow RCE Memory Corruption Illustrator
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-27313 HIGH This Week

Arbitrary code execution in Adobe Bridge 16.0.2, 15.1.4 and earlier allows local attackers to execute malicious code with current user privileges through specially crafted files. CVSS 7.8 (High) with EPSS data not available. No public exploit identified at time of analysis. Exploitation requires victim to open a malicious Bridge file, making this a realistic threat for targeted attacks using phishing or social engineering delivery methods.

Heap Overflow Buffer Overflow RCE Bridge
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-27312 HIGH This Week

Heap-based buffer overflow in Adobe Bridge 16.0.2, 15.1.4, and earlier allows arbitrary code execution with user privileges when processing malicious files. CVSS 7.8 (High) reflects the local attack vector requiring victim interaction to open a crafted file. No public exploit identified at time of analysis, with SSVC framework rating this as non-automatable but capable of total technical impact. Exploitation requires social engineering to deliver the malicious file to the target user.

Heap Overflow Buffer Overflow RCE Bridge
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-27311 HIGH This Week

Heap-based buffer overflow in Adobe Bridge 16.0.2, 15.1.4, and earlier versions enables arbitrary code execution with user privileges when processing maliciously crafted files. CVSS 7.8 reflects high impact across confidentiality, integrity, and availability, requiring local access and user interaction. CISA SSVC framework categorizes this as non-automatable with total technical impact. No public exploit identified at time of analysis, and vendor has released security advisory APSB26-39 addressing the vulnerability.

Heap Overflow Buffer Overflow RCE Bridge
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-27310 HIGH This Week

Arbitrary code execution via heap-based buffer overflow in Adobe Bridge (versions 16.0.2, 15.1.4 and earlier) allows local attackers to execute code in the user's security context by tricking victims into opening specially crafted malicious files. No public exploit identified at time of analysis, with SSVC assessment indicating no current exploitation, non-automatable attack requiring user interaction, and total technical impact upon successful compromise.

Heap Overflow Buffer Overflow RCE Bridge
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-5752 CRITICAL Act Now

Sandbox escape in Terrarium enables arbitrary code execution with root privileges on the host system through JavaScript prototype chain traversal. This local attack requires no authentication or user interaction and breaks out of the sandbox entirely (scope change from container to host). CERT/CC publicly disclosed the vulnerability (VU#414811). EPSS probability is very low at 0.02% (5th percentile), and CISA SSVC indicates no active exploitation detected. Despite the critical 9.3 CVSS score, real-world risk appears limited by local attack vector and absence of widespread targeting, though the total technical impact (root-level host compromise) makes this severe for any deployment running untrusted code in Terrarium sandboxes.

RCE
NVD GitHub
CVSS 3.1
9.3
EPSS
0.0%
CVE-2026-27303 CRITICAL Act Now

Remote code execution in Adobe Connect 12.10 and earlier (including 2025.3) allows unauthenticated attackers to execute arbitrary code by exploiting unsafe deserialization. Attack requires no user interaction despite UI:R in CVSS vector, with scope change enabling container escape or privilege escalation beyond the application context. Adobe released patch APSB26-37. EPSS score of 1.50% (81st percentile) indicates moderate exploitation probability. No active exploitation confirmed (SSVC: exploitation=none), but deserialization flaws are commonly targeted once details emerge.

RCE Deserialization Adobe
NVD
CVSS 3.1
9.6
EPSS
1.5%
CVE-2026-34615 CRITICAL Act Now

Remote code execution in Adobe Connect 12.10 and earlier allows unauthenticated network attackers to execute arbitrary code via deserialization of untrusted data. The vulnerability has changed scope (CVSS 9.3), enabling impact beyond the vulnerable component. Adobe issued patch APSB26-37. EPSS indicates 81st percentile risk with 1.44% probability, and CISA SSVC reports no active exploitation. The CVSS vector conflicts with the description: vector indicates user interaction required (UI:R) while description states 'does not require user interaction' - verify actual interaction requirements with Adobe advisory.

RCE Deserialization Adobe
NVD
CVSS 3.1
9.3
EPSS
1.4%
CVE-2026-34628 HIGH This Week

Heap-based buffer overflow in Adobe InDesign Desktop versions 20.5.2, 21.2 and earlier enables arbitrary code execution with high impact to confidentiality, integrity, and availability when users open malicious files. The vulnerability requires local access and user interaction (opening a crafted document), with no authentication barriers (CVSS PR:N). No public exploit identified at time of analysis, and CISA SSVC framework rates this as non-exploited with total technical impact but not automatable, indicating targeted attack potential rather than mass exploitation risk.

Heap Overflow Buffer Overflow RCE Indesign Desktop
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-34629 HIGH This Week

Heap-based buffer overflow in Adobe InDesign Desktop versions 20.5.2, 21.2 and earlier enables arbitrary code execution with high integrity and confidentiality impact when users open specially crafted malicious files. No public exploit identified at time of analysis. CVSS 7.8 reflects local attack vector requiring user interaction but no authentication, with complete system compromise potential in user context. EPSS risk data not available; exploitation requires social engineering to deliver malicious InDesign document.

Heap Overflow Buffer Overflow RCE Indesign Desktop
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-34627 HIGH This Week

Heap-based buffer overflow in Adobe InDesign Desktop versions 20.5.2, 21.2 and earlier enables arbitrary code execution with high confidentiality, integrity, and availability impact when users open malicious files. No public exploit identified at time of analysis. Attack requires local access and user interaction (opening a crafted file), with low attack complexity and no authentication requirements (CVSS:3.1 AV:L/AC:L/PR:N/UI:R). EPSS risk data not available; vulnerability enables complete system compromise in user context.

Heap Overflow Buffer Overflow RCE Indesign Desktop
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-27283 HIGH This Week

Arbitrary code execution in Adobe InDesign Desktop versions 20.5.2, 21.2 and earlier allows unauthenticated attackers to execute malicious code with current user privileges through maliciously crafted files. The use-after-free vulnerability requires user interaction (opening a weaponized InDesign file) but offers high impact across confidentiality, integrity, and availability. EPSS data not provided; no public exploit identified at time of analysis. Exploitation likelihood increased by low attack complexity (CVSS AC:L) requiring only basic social engineering to deliver malicious files.

Denial Of Service Use After Free RCE Memory Corruption Indesign Desktop
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-27238 HIGH This Week

Heap-based buffer overflow in Adobe InDesign Desktop 20.5.2, 21.2 and earlier enables arbitrary code execution with high confidentiality, integrity, and availability impact. Attack requires local access and user interaction (victim opens malicious InDesign file), with low attack complexity and no authentication barriers. CVSS 7.8 reflects significant impact once social engineering succeeds. No CISA KEV listing indicates no confirmed active exploitation at time of analysis. Adobe has published security advisory APSB26-32 addressing this vulnerability.

Buffer Overflow RCE Heap Overflow Indesign Desktop
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-27291 HIGH This Week

Arbitrary code execution in Adobe InDesign Desktop versions through 21.2 allows unauthenticated attackers to execute malicious code with full user privileges by exploiting an out-of-bounds write vulnerability via a specially crafted InDesign file. Attack requires local access and user interaction to open the malicious document. No public exploit identified at time of analysis, though CVSS 7.8 reflects high impact if successfully exploited. Adobe has released security bulletin APSB26-32 addressing this memory corruption flaw.

Buffer Overflow RCE Memory Corruption Indesign Desktop
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-34622 HIGH This Week

Prototype pollution in Adobe Acrobat Reader allows arbitrary code execution when victims open malicious PDF files. Affects Acrobat Reader versions through 26.001.21411, 24.001.30360, and 24.001.30362. Attack requires local file access with user interaction (CVSS AV:L/UI:R) but achieves scope change and full CIA impact (S:C/C:H/I:H/A:H), yielding CVSS 8.6. No public exploit identified at time of analysis. Vendor advisory available from Adobe (APSB26-44). EPSS data not provided; exploitation status limited to user-interaction-dependent local attack vector.

Prototype Pollution Adobe RCE
NVD
CVSS 3.1
8.6
EPSS
0.1%
CVE-2026-22828 HIGH This Week

Remote code execution in Fortinet FortiAnalyzer Cloud and FortiManager Cloud versions 7.6.2 through 7.6.4 allows unauthenticated remote attackers to execute arbitrary code via crafted network requests exploiting a heap-based buffer overflow (CWE-122). Attack complexity is rated high due to ASLR and network segmentation defenses requiring significant exploitation preparation. CVSS score of 8.1 reflects the critical impact despite defensive barriers. No public exploit identified at time of analysis, though the vulnerability's disclosure by Fortinet suggests patch availability through their security advisory FG-IR-26-121.

Buffer Overflow Fortinet RCE Heap Overflow
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-4344 HIGH PATCH This Week

Stored XSS in Autodesk Fusion desktop application allows local attackers to execute arbitrary code or read local files through malicious component names displayed in delete confirmation dialogs. When a user clicks the crafted payload, the vulnerability escalates from XSS to potential local code execution within the application context. Vendor-released patches available for Windows and macOS. No public exploit identified at time of analysis, though the attack vector is local (CVSS:3.1/AV:L) requiring user interaction but no authentication (PR:N), with CVSS 7.1 reflecting high confidentiality and integrity impact.

RCE XSS Fusion
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-4345 HIGH PATCH This Week

Stored cross-site scripting (XSS) in Autodesk Fusion desktop application allows local attackers to execute arbitrary code or read local files by crafting malicious HTML payloads in design names that trigger when exported to CSV format. The vulnerability requires no authentication but depends on user interaction (opening the exported CSV). Vendor patch available via updated client installers for Windows and macOS. No evidence of active exploitation (not in CISA KEV) or public proof-of-concept code identified at time of analysis.

RCE XSS Fusion
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-4369 HIGH PATCH This Week

Stored cross-site scripting in Autodesk Fusion desktop application enables arbitrary code execution when malicious assembly variant names render in delete confirmation dialogs. Attackers can craft HTML payloads that execute in the application context, enabling local file access and code execution with user privileges (CVSS 7.1, local attack vector requiring user interaction). Vendor-released patch available via official Fusion client installers for Windows and macOS. No public exploit identified at time of analysis.

RCE XSS Fusion
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-2582 MEDIUM This Month

Unauthenticated attackers can execute arbitrary WordPress shortcodes in the Germanized for WooCommerce plugin (all versions up to 3.20.5) via the 'account_holder' parameter, which bypasses shortcode validation in the do_shortcode() function. This enables remote code execution with medium severity (CVSS 6.5) affecting any WordPress site with the vulnerable plugin installed. No public exploit code or active exploitation has been confirmed at the time of analysis.

Code Injection RCE WordPress
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-40288 PyPI CRITICAL PATCH GHSA Act Now

Arbitrary command and code execution in PraisonAI's workflow engine (versions <4.5.139) and praisonaiagents (<1.5.140) allows remote unauthenticated attackers to execute shell commands and Python code through malicious YAML workflow files. The vulnerability stems from unsafe processing of 'run:', 'script:', and 'python:' directives in job-type workflows without validation or sandboxing. With a critical CVSS score of 9.8 and network-accessible attack vector requiring no privileges or user interac

RCE Command Injection Python
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-40287 PyPI HIGH PATCH GHSA This Week

Arbitrary Python code execution in PraisonAI ≤4.5.138 occurs when malicious tools.py files are automatically imported from the current working directory without validation. Attackers placing a crafted tools.py in shared projects, cloned repositories, or writable workspaces achieve immediate code execution with full process privileges upon PraisonAI startup. EPSS data not available, but the local attack vector (AV:L) requiring no privileges (PR:N) or user interaction (UI:N) enables exploitation through supply chain and workspace poisoning attacks. No public exploit identified at time of analysis, though the vulnerability is trivial to exploit given the straightforward code injection mechanism.

Code Injection RCE Python
NVD GitHub
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-6227 HIGH This Week

Local file inclusion in BackWPup WordPress plugin versions ≤5.6.6 allows authenticated administrators to read sensitive configuration files or achieve remote code execution via path traversal bypass in the `/wp-json/backwpup/v1/getblock` REST endpoint. The vulnerability stems from insufficient sanitization using non-recursive `str_replace()`, enabling crafted sequences like `....//` to bypass filtering. While requiring high privileges (PR:H), the plugin's permission delegation feature allows administrators to grant backup management rights to lower-privileged users, expanding the attack surface. No public exploit or active exploitation (CISA KEV) confirmed at time of analysis, though CVSS 7.2 reflects high confidentiality, integrity, and availability impact.

PHP Path Traversal WordPress RCE
NVD
CVSS 3.1
7.2
EPSS
0.3%
CVE-2026-6264 CRITICAL PATCH Act Now

Unauthenticated remote code execution via JMX monitoring port affects Talend JobServer and Talend Runtime (CVSS 9.8). Attackers can exploit the exposed JMX interface without authentication to execute arbitrary code with JobServer privileges. Vendor-released patches available (Talend ESB Runtime R2024-07-RT). No confirmed active exploitation (CISA KEV status: NO), but the trivial attack complexity (AC:L) and network accessibility (AV:N) present significant risk for exposed instances. EPSS data not provided.

RCE Talend Jobserver Talend Runtime
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-39424 MEDIUM PATCH This Month

MaxKB versions 2.7.1 and below allow authenticated administrators to trigger arbitrary code execution on their own workstations through improper CSV formula sanitization in the chat export feature. When exporting chat history to Excel via the /admin/api/workspace/{workspace_id}/application/{application_id}/chat/export endpoint, formula strings (e.g., =cmd|'/c calc'!A1) are written unsanitized to the .xlsx file, enabling Dynamic Data Exchange (DDE) exploitation when the file is opened in Microsoft Excel. No public exploit code has been identified, but the vulnerability represents a high-impact attack path for administrators with legitimate export access and is a direct repeat of a previously patched flaw (CVE-2025-4546) that was incompletely remediated across the codebase.

RCE Microsoft
NVD GitHub
CVSS 4.0
5.3
EPSS
0.1%
CVE-2026-39421 MEDIUM PATCH This Month

MaxKB versions 2.7.1 and below allow authenticated attackers with workspace privileges to execute arbitrary code by exploiting a sandbox escape vulnerability in the ToolExecutor component. By leveraging Python's ctypes library to invoke raw system calls and bypassing the LD_PRELOAD-based sandbox.so module through the unblocked pkey_mprotect syscall, attackers can achieve remote code execution, enabling network exfiltration and container compromise. This vulnerability is confirmed fixed in version 2.8.0, and no public exploit code has been identified at time of analysis.

RCE Python
NVD GitHub
CVSS 3.1
6.3
EPSS
0.1%
EPSS 0% CVSS 6.0
MEDIUM PATCH This Month

Eaton Intelligent Power Protector (IPP) software allows authenticated administrators with local system access to execute arbitrary commands via XML input validation bypass, requiring user interaction. The vulnerability impacts all versions of IPP software prior to the latest patched release available on Eaton's download center. CVSS score of 6.0 reflects high integrity and availability impact but is constrained by elevated privilege requirements and high attack complexity.

RCE Ipp Software
NVD VulDB
EPSS 0% CVSS 9.3
CRITICAL PATCH Act Now

Remote unauthenticated code execution in Openfind MailGates (5.0-6.0) and MailAudit (5.0-6.0) via stack-based buffer overflow allows complete system compromise. Attackers can send crafted network requests to exploit CWE-121 buffer overflow conditions without authentication, achieving arbitrary code execution with high impact to confidentiality, integrity, and availability. Vendor patches available (MailGates 6.1.10.054, 5.2.10.099; MailAudit 6.1.10.054, 5.2.10.099). CVSS 9.3 with network attack vector (AV:N), low complexity (AC:L), and no privileges required (PR:N) creates critical exposure for internet-facing mail security appliances. EPSS data unavailable; no confirmed active exploitation or public POC identified at time of analysis.

Stack Overflow Buffer Overflow RCE +2
NVD VulDB
EPSS 0% CVSS 9.3
CRITICAL Act Now

WinMatrix agent escalates privileges to SYSTEM without authentication, enabling authenticated local users to execute arbitrary code with full administrative control on both the local machine and all networked hosts where the agent is deployed. This environmental spread capability (CVSS scope change: H) transforms a local vulnerability into an enterprise-wide threat. Taiwan CERT issued advisories in January 2026 for versions 3.5.13 through 3.5.26.15. No public exploit identified at time of analysis, but CVSS 9.3 reflects catastrophic potential impact given the agent's privileged access and network propagation capability. EPSS data not available for new 2026 CVE.

Authentication Bypass RCE Winmatrix
NVD
EPSS 0% CVSS 4.8
MEDIUM PATCH This Month

MuPDF mutool fails to sanitize PDF metadata before displaying it in terminal output, allowing local attackers to inject ANSI escape sequences through crafted PDF files. When a user runs mutool info on a malicious PDF, embedded escape codes can clear the terminal and display fabricated text for social engineering attacks such as fake login prompts or spoofed shell commands. This is a low-severity local vulnerability (CVSS 3.3) requiring user interaction, with a vendor-released patch available.

RCE Mupdf
NVD GitHub
EPSS 0% CVSS 9.3
CRITICAL PATCH Act Now

Heap buffer overflow in Creolabs Gravity scripting language before 0.9.6 enables remote code execution when applications evaluate untrusted scripts containing many string literals at global scope. The vulnerability stems from insufficient bounds checking in gravity_fiber_reassign(), allowing heap metadata corruption. VulnCheck disclosed this issue with a vendor-released patch (commit 18b9195) available. CVSS 9.3 reflects the critical network-accessible, unauthenticated attack vector. No active exploitation (CISA KEV) or public POC identified at time of analysis, but technical details in GitHub issue #437 could facilitate exploit development.

Heap Overflow Buffer Overflow RCE +1
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

OWASP BLT is a QA testing and vulnerability disclosure platform that encompasses websites, apps, git repositories, and more. Versions prior to 2.1.1 contain an RCE vulnerability in the .github/workflows/regenerate-migrations.yml workflow. The workflow uses the pull_request_target trigger to run with full GITHUB_TOKEN write permissions, copies attacker-controlled files from untrusted pull requests into the trusted runner workspace via git show, and then executes python manage.py makemigrations, which imports Django model modules including attacker-controlled website/models.py at runtime. Any module-level Python code in the attacker's models.py is executed during import, enabling arbitrary code execution in the privileged CI environment with access to GITHUB_TOKEN and repository secrets. The attack is triggerable by any external contributor who can open a pull request, provided a maintainer applies the regenerate-migrations label, potentially leading to secret exfiltration, repository compromise, and supply chain attacks. A patch for this issue is expected to be released in version 2.1.1.

Code Injection Python RCE
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

A flaw was found in FFmpeg. A remote attacker could exploit this vulnerability by providing a specially crafted MPEG-PS/VOB media file containing a malicious DVD subtitle stream. This vulnerability is caused by a signed integer overflow in the DVD subtitle parser's fragment reassembly bounds checks, leading to a heap out-of-bounds write. Successful exploitation can result in a denial of service (DoS) due to an application crash, and potentially lead to arbitrary code execution.

Denial Of Service Integer Overflow Buffer Overflow +3
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A flaw was found in gimp. This buffer overflow vulnerability in the GIF image loading component's `ReadJeffsImage` function allows an attacker to write beyond an allocated buffer by processing a specially crafted GIF file. This can lead to a denial of service or potentially arbitrary code execution.

Denial Of Service Buffer Overflow RCE +4
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Remote code execution in Google Chrome on Android versions prior to 147.0.7727.101 is possible through a use-after-free vulnerability in the Payments feature. Attackers who successfully convince users to perform specific UI interactions on a malicious webpage can achieve arbitrary code execution with high impact to confidentiality, integrity, and availability. The vulnerability requires high attack complexity and user interaction (CVSS:3.1/AV:N/AC:H/PR:N/UI:R), indicating social engineering is necessary. Google has released Chrome 147.0.7727.101 to address this issue. No evidence of active exploitation (not in CISA KEV) or public proof-of-concept code has been identified at time of analysis.

Use After Free Memory Corruption Google +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Arbitrary code execution within Chrome's sandbox affects all versions prior to 147.0.7727.101 via crafted HTML pages exploiting a use-after-free in codec processing. Remote attackers require user interaction (visiting a malicious page) but need no authentication. CVSS 8.8 (High) with network attack vector, low complexity, and high impact across confidentiality, integrity, and availability. Google patched this in the stable channel update released April 15, 2026. No public exploit code or CISA KEV listing identified at time of analysis, though Chromium issue tracker #495996858 indicates vendor-confirmed vulnerability. The sandbox containment limits initial exploitation to Chrome's restricted environment, not direct system compromise.

Use After Free Memory Corruption Google +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in Cast in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Use After Free Memory Corruption Google +3
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Heap buffer overflow in PDFium in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High)

Microsoft Google Heap Overflow +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in Forms in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Use After Free Memory Corruption Google +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in Permissions in Google Chrome on Android prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Use After Free Memory Corruption Google +3
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Out-of-bounds read in Google Chrome's media component (versions prior to 147.0.7727.101) enables remote code execution when attackers convince users to perform specific UI interactions on a malicious HTML page. Google rated this high severity and released Chrome 147.0.7727.101 as a fix. No active exploitation confirmed via CISA KEV at time of analysis, though CVSS 7.5 reflects significant impact if user interaction prerequisite is met. The UI gesture requirement and high attack complexity (AC:H) reduce automated exploitation risk compared to interaction-free vulnerabilities.

Information Disclosure Buffer Overflow RCE +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Type Confusion in Turbofan in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Memory Corruption RCE Google +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap buffer overflow in Google Chrome's PDFium library (versions prior to 147.0.7727.101) enables remote code execution within the Chrome sandbox when a victim opens a malicious PDF file. Despite CVSS 8.8 severity, exploitation requires user interaction (opening a crafted PDF) and is confined to the sandbox, limiting system-level impact. Vendor patch available in Chrome 147.0.7727.101. No active exploitation confirmed (not in CISA KEV), no public POC identified at time of analysis. EPSS data not provided.

Heap Overflow Buffer Overflow RCE +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap buffer overflow in PDFium in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High)

Heap Overflow Buffer Overflow RCE +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Arbitrary code execution within Google Chrome's sandbox affects all versions prior to 147.0.7727.101 through a use-after-free vulnerability in the codec processing components. Remote attackers can exploit this by tricking users into visiting a malicious webpage, achieving high-severity compromise of confidentiality, integrity, and availability within the sandboxed renderer process. Google has released version 147.0.7727.101 as a stable channel update to address this flaw. No evidence of active exploitation (not in CISA KEV) or public exploit code has been identified at time of analysis, though the simplicity of the attack vector (network-based, low complexity, requiring only user interaction) warrants prioritized patching.

Use After Free Memory Corruption Google +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in Video in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Use After Free Memory Corruption Google +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Type Confusion in Turbofan in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Memory Corruption RCE Google +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in CSS in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Use After Free Memory Corruption Google +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in Prerender in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)

Use After Free Memory Corruption Google +3
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A flaw was found in GIMP. A remote attacker could exploit an integer overflow vulnerability in the FITS image loader by providing a specially crafted FITS file. This integer overflow leads to a zero-byte memory allocation, which is then subjected to a heap buffer overflow when processing pixel data. Successful exploitation could result in a denial of service (DoS) or potentially arbitrary code execution.

Denial Of Service Integer Overflow Buffer Overflow +5
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Adobe Photoshop Installer was affected by an Uncontrolled Search Path Element vulnerability that could have resulted in arbitrary code execution in the context of the current user. A low-privileged local attacker could have exploited this vulnerability by manipulating the search path used by the application to locate critical resources, potentially causing unauthorized code execution. Exploitation of this issue required user interaction in that a user had to be running the installer.

RCE Adobe Adobe Photoshop Installer
NVD VulDB
EPSS 0% CVSS 8.0
HIGH PATCH This Week

Weblate is a web based localization tool. In versions prior to 5.17, the project backup didn't filter Git and Mercurial configuration files which could lead to remote code execution under certain circumstances. This issue has been fixed in version 5.17. If developers are unable to update immediately, they can limit the scope of the vulnerability by restricting access to the project backup, as it is only accessible to users who can create projects.

RCE Weblate
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

JavaScript is vulnerable to prototype pollution in Mafintosh's protocol-buffers-schema Version 3.6.0, where an attacker may alter the application logic, bypass security checks, cause a DoS or achieve remote code execution.

RCE Red Hat
NVD GitHub VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

In Splunk Enterprise versions below 10.2.1, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0, 10.3.2512.5, 10.2.2510.9, 10.1.2507.19, 10.0.2503.13, and 9.3.2411.127, a low-privileged user that does not hold the `admin` or `power` Splunk roles could potentially perform a Remote Code Execution (RCE) by uploading a malicious file to the `$SPLUNK_HOME/var/run/splunk/apptemp` directory due to improper handling and insufficient isolation of temporary files within the `apptemp` directory.

RCE Splunk Enterprise Splunk Cloud Platform
NVD
EPSS 0% CVSS 8.7
HIGH This Week

Certain HP DeskJet All in One devices may be vulnerable to remote code execution caused by a buffer overflow when specially crafted Web Services for Devices (WSD) scan requests are improperly validated and handled by the MFP. WSD Scan is a Microsoft Windows-based network scanning protocol that allows a PC to discover scanners (and MFPs) on a network and send scan jobs to them without requiring vendor specific drivers or utilities.

HP RCE Buffer Overflow +2
NVD VulDB
EPSS 0% CVSS 8.5
HIGH PATCH This Week

During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix that could allow a local authenticated user to perform arbitrary code execution with elevated privileges.

Lenovo RCE
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

Unrestricted file upload in WebStack WordPress theme allows unauthenticated remote code execution. The io_img_upload() function in all versions through 1.2024 lacks file type validation, enabling unauthenticated attackers to upload malicious files (e.g., PHP shells) directly to the server. No public exploit identified at time of analysis, but EPSS score and attack complexity (CVSS AC:L) indicate straightforward exploitation. Critical severity (CVSS 9.8) warranted due to complete system compromise potential with zero authentication barriers.

WordPress RCE File Upload
NVD GitHub VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

Arbitrary WordPress action execution in Avada (Fusion) Builder plugin versions up to 3.15.1 allows authenticated attackers with Subscriber-level access to invoke unvalidated WordPress action hooks via the Dynamic Data feature, potentially enabling privilege escalation, file inclusion, denial of service, or remote code execution depending on available hooks in the WordPress installation. The vulnerability stems from the `output_action_hook()` function accepting user-controlled input without authorization checks. No public exploit code or active exploitation has been confirmed at time of analysis.

Denial Of Service RCE WordPress +2
NVD VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

The example example_xcom that was included in airflow documentation implemented unsafe pattern of reading value from xcom in the way that could be exploited to allow UI user who had access to modify XComs to perform arbitrary execution of code on the worker. Since the UI users are already highly trusted, this is a Low severity vulnerability. It does not affect Airflow release - example_dags are not supposed to be enabled in production environment, however users following the example could replicate the bad pattern. Documentation of Airflow 3.2.0 contains version of the example with improved resiliance for that case. Users who followed that pattern are advised to adjust their implementations accordingly.

Code Injection RCE Apache Airflow
NVD GitHub VulDB
EPSS 0% CVSS 8.6
HIGH This Week

Agent Zero 0.9.8 contains a remote code execution vulnerability in its External MCP Servers configuration feature. The application allows users to define MCP servers using a JSON configuration containing arbitrary command and args values. These values are executed by the application when the configuration is applied without sufficient validation or restriction. An attacker may supply a malicious MCP configuration to execute arbitrary operating system commands, potentially resulting in remote code execution with the privileges of the Agent Zero process.

Command Injection RCE
NVD
EPSS 0% CVSS 7.3
HIGH This Week

Jaaz 1.0.30 contains a remote code execution vulnerability in its MCP STDIO command execution handling. A remote attacker can send crafted network requests to the network-accessible Jaaz application, causing attacker-controlled commands to be executed on the server. Successful exploitation results in arbitrary command execution within the context of the Jaaz service, potentially allowing full compromise of the affected system.

Command Injection RCE
NVD
EPSS 0% CVSS 8.4
HIGH This Week

Command injection in the connect function in NietThijmen ShoppingCart 0.0.2 allows an attacker to execute arbitrary shell commands and achieve remote code execution via injection of malicious. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Upsonic 0.71.6 contains a remote code execution vulnerability in its MCP server/task creation functionality. The application allows users to define MCP tasks with arbitrary command and args values. Although an allowlist exists, certain allowed commands (npm, npx) accept argument flags that enable execution of arbitrary OS commands. Maliciously crafted MCP tasks may lead to remote code execution with the privileges of the Upsonic process. In version 0.72.0 Upsonic added a warning about using Stdio servers being able to execute commands directly on the machine.

Command Injection RCE Node.js
NVD GitHub
EPSS 0% CVSS 8.6
HIGH This Week

LangChain-ChatChat 0.3.1 contains a remote code execution vulnerability in its MCP STDIO server configuration and execution handling. A remote attacker can access the publicly exposed MCP management interface and configure an MCP STDIO server with attacker-controlled commands and arguments. When the MCP server is started and MCP is enabled for agent execution, subsequent agent activity triggers execution of arbitrary commands on the server. Successful exploitation allows arbitrary command execution within the context of the LangChain-ChatChat service.

Command Injection RCE
NVD
EPSS 0% CVSS 8.3
HIGH This Week

Daylight Studio FuelCMS v1.5.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the /controllers/Installer.php and the function add_git_submodule.

PHP Command Injection RCE +1
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

Slah CMS v1.5.0 and below was discovered to contain a remote code execution (RCE) vulnerability in the session() function at config.php. This vulnerability is exploitable via a crafted input.

PHP Code Injection RCE
NVD VulDB
EPSS 0% CVSS 9.6
CRITICAL Act Now

Cross-package metadata injection in NuGet Gallery backend allows authenticated attackers to achieve remote code execution and arbitrary blob storage writes through crafted .nuspec files. Attackers exploit URI fragment injection via unsanitized package identifiers to control blob paths in the storage container, enabling tampering of existing content beyond .nupkg files. CVSS 9.6 (Critical) with network attack vector, low complexity, and scope change. Vendor-released patch available in commit 0e80f87628349207cdcaf55358491f8a6f1ca276. No public exploit identified at time of analysis.

RCE
NVD GitHub
EPSS 0% CVSS 7.2
HIGH This Week

Local File Inclusion in BoidCMS versions prior to 2.1.3 enables authenticated administrators to execute arbitrary PHP code via path traversal in the tpl parameter combined with file upload. The vulnerability chains unsanitized require_once() inclusion with media upload functionality, allowing attackers to upload malicious files and force their execution with web server privileges. Vendor-released patch available in version 2.1.3. CVSS 7.2 reflects high-privilege requirement (administrator access), but exploitation complexity is low once authenticated. No CISA KEV listing or public exploit code identified at time of analysis.

RCE LFI PHP +2
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe FrameMaker 2022.8 and earlier allows local attackers to execute code with current user privileges via maliciously crafted files. The type confusion vulnerability (CWE-843) requires user interaction to open a weaponized document. CVSS 7.8 (High) reflects significant impact (full confidentiality, integrity, availability compromise) once exploitation succeeds. No public exploit identified at time of analysis, though the local attack vector and user interaction requirement reduce immediate remote exploitation risk.

RCE Memory Corruption Adobe
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe FrameMaker 2022.8 and earlier allows local attackers to execute code in user context by delivering malicious FrameMaker documents that trigger integer underflow during file parsing. Attack requires social engineering to convince targets to open crafted files. No public exploit identified at time of analysis, though CVSS 7.8 severity reflects high impact across confidentiality, integrity, and availability if successfully exploited.

Integer Overflow RCE Adobe
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe FrameMaker 2022.8 and earlier allows local attackers to execute malicious code with current user privileges through specially crafted files exploiting an integer underflow. Attack requires user interaction (opening a malicious file). CVSS 7.8 (High) reflects local attack vector with low complexity. No public exploit identified at time of analysis, and EPSS data not provided. Vendor advisory available at Adobe PSIRT (APSB26-36).

Integer Overflow RCE Adobe
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Out-of-bounds write in Adobe FrameMaker 2022.8 and earlier enables arbitrary code execution when users open specially crafted malicious files. The vulnerability achieves full confidentiality, integrity, and availability impact (CVSS 7.8 HIGH) but requires local access and user interaction, limiting immediate risk. No public exploit identified at time of analysis, and exploitation requires social engineering to deliver the malicious file to victims.

Buffer Overflow RCE Memory Corruption +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Heap-based buffer overflow in Adobe FrameMaker 2022.8 and earlier enables arbitrary code execution with high integrity and confidentiality impact when users open specially crafted malicious files. Attack requires local access and user interaction (CVSS 7.8, AV:L/UI:R), limiting remote exploitation scenarios. No public exploit identified at time of analysis. EPSS data not available, and vulnerability not listed in CISA KEV, suggesting exploitation remains theoretical despite the high CVSS score.

Heap Overflow Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe FrameMaker 2022.8 and earlier allows local attackers to execute malicious code with current user privileges by tricking victims into opening specially crafted files. This use-after-free memory corruption vulnerability requires no authentication but depends on user interaction. No confirmed active exploitation (not in CISA KEV) or public proof-of-concept identified at time of analysis, though the local attack vector and user interaction requirement reduce immediate remote threat surface compared to network-accessible vulnerabilities.

Denial Of Service RCE Memory Corruption +2
NVD
EPSS 0% CVSS 8.6
HIGH This Week

Arbitrary code execution in Adobe FrameMaker 2022.8 and earlier via DLL hijacking/search path manipulation allows local attackers to run malicious code in user context without interaction. CVSS 8.6 severity stems from changed scope and high confidentiality/integrity/availability impact despite local attack vector. No public exploit identified at time of analysis. EPSS data not available for this recent CVE. Vendor patch released per Adobe Security Bulletin APSB26-36.

RCE Adobe
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Remote code execution in giskard-checks through server-side template injection (SSTI) in the ConformityCheck class allows arbitrary Python code execution when the rule parameter is processed via unsandboxed Jinja2 template rendering. Affected versions prior to 1.0.2b1 silently interpret rule strings as Jinja2 templates, enabling attackers with write access to check definitions or configuration files to inject malicious template expressions that execute during test suite execution. Exploitation requires local file write access and subsequent developer execution of the test suite, but the implicit template evaluation increases risk when untrusted check definitions are integrated from shared projects or external sources.

RCE Ssti Python
NVD GitHub VulDB
EPSS 0% CVSS 7.2
HIGH PATCH This Week

SMTP header injection in Serendipity CMS allows remote unauthenticated attackers to inject arbitrary email headers via malicious Host header during email-triggering operations (comments, subscriptions, password resets). The unsanitized $_SERVER['HTTP_HOST'] value is embedded directly into Message-ID headers without validation, enabling BCC injection, email spoofing, and reply hijacking. CVSS 7.2 with Changed scope indicates cross-domain impact. EPSS data not available; no public exploit identified at time of analysis, though a detailed proof-of-concept exists in the GitHub security advisory demonstrating successful header injection via comment submission.

PHP RCE
NVD GitHub
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Command injection in mcp-server-kubernetes port_forward function allows authenticated network attackers to expose internal Kubernetes services to external networks or bypass namespace restrictions. The vulnerability (CVSS 8.3) stems from unsafe string concatenation and space-splitting of kubectl arguments, enabling arbitrary flag injection via fields like resourceName or namespace. Attackers can inject '--address=0.0.0.0' to bind port-forwards on all network interfaces, exposing databases and internal APIs beyond localhost. Affects mcp-server-kubernetes <= 3.4.0. No public exploit identified at time of analysis, though exploitation requires only low complexity (AC:L) with authenticated access (PR:L).

RCE Kubernetes
NVD GitHub
EPSS 0% CVSS 9.9
CRITICAL PATCH Act Now

Remote code execution as root in OpenRemote IoT platform's rules engine (versions prior to 1.20.3) allows authenticated non-superuser attackers with write:rules role to execute arbitrary Java code via unsandboxed JavaScript rulesets. The vulnerability stems from Nashorn ScriptEngine.eval() executing user-supplied JavaScript without ClassFilter restrictions, enabling Java.type() access to any JVM class including java.lang.Runtime. Attackers can compromise the entire multi-tenant platform, steal c

Information Disclosure RCE Apple +7
NVD GitHub
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

Command injection in Podman's HyperV machine backend allows local administrators with high privileges to execute arbitrary PowerShell commands at SYSTEM level on Windows hosts by crafting a malicious VM image path containing PowerShell subexpression syntax. The vulnerability affects Podman v4 and v5 on Windows only; a vendor patch is available via commit 571c842.

Command Injection RCE Microsoft
NVD GitHub VulDB
EPSS 0% CVSS 9.9
CRITICAL PATCH Act Now

Remote code execution as root in Jellyfin media server versions prior to 10.11.7 allows authenticated users with 'Upload Subtitles' permission to execute arbitrary code through a multi-stage attack chain exploiting path traversal in subtitle uploads, arbitrary file write, and ld.so.preload manipulation. CVSS 9.9 (Critical) reflects the complete system compromise potential. EPSS data not available. Not listed in CISA KEV, indicating no confirmed active exploitation at time of analysis. Attack requires low-privilege authenticated access but can escalate to full root-level code execution.

Privilege Escalation RCE Path Traversal +1
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe InCopy 20.5.2, 21.2 and earlier allows unauthenticated local attackers to execute malicious code with the victim's privileges through a specially crafted file. The vulnerability stems from an out-of-bounds write (CWE-787) triggering memory corruption. Exploitation requires the victim to open a malicious document, making this a viable social engineering vector. No public exploit identified at time of analysis, though the vulnerability's local attack vector and user interaction requirement moderately constrain immediate risk.

Buffer Overflow RCE Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Heap buffer overflow in libsixel 1.8.7 and earlier allows local attackers to achieve arbitrary code execution by providing a maliciously crafted large palettised PNG image that triggers integer overflow in RGB888 conversion routines. The vulnerability requires user interaction to process the malicious image but no authentication. EPSS data not available; no public exploit identified at time of analysis, though the technical details in the advisory provide sufficient information for weaponization. Vendor-released patch: version 1.8.7-r1.

Heap Overflow Buffer Overflow RCE +1
NVD GitHub VulDB
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Heap use-after-free in libsixel 1.8.7 and earlier allows local code execution when processing malicious animated GIF files through the sixel_helper_load_image_file() API with multi-frame callbacks. The vulnerability triggers when gif_init_frame() unconditionally frees and reallocates frame->pixels between frames while client code retains references via the documented sixel_frame_ref() API, creating dangling pointers confirmed by AddressSanitizer. Fixed in version 1.8.7-r1. No public exploit iden

Use After Free RCE Memory Corruption +1
NVD GitHub
EPSS 0% CVSS 8.4
HIGH This Week

Arbitrary code execution in Adobe ColdFusion 2023.18, 2025.6 and earlier allows authenticated attackers with high privileges to execute malicious code through improper input validation. Exploitation requires user interaction (victim opening a malicious file). EPSS data not available; no confirmed active exploitation (not in CISA KEV). CVSS 8.4 reflects high impact across confidentiality, integrity, and availability with scope change, though real-world risk is constrained by requiring both elevated privileges and user interaction.

RCE Coldfusion
NVD
EPSS 0% CVSS 9.3
CRITICAL Act Now

Remote code execution in Adobe ColdFusion 2023.18, 2025.6 and earlier allows unauthenticated adjacent network attackers to execute arbitrary code via improper input validation. The vulnerability requires no user interaction and achieves scope change, enabling attackers to break out of security boundaries. CVSS 9.3 (Critical). No confirmed active exploitation or public POC identified at time of analysis, but the combination of zero authentication requirements and code execution impact makes this a high-priority patching target for ColdFusion deployments.

RCE Coldfusion
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use-after-free in libsixel's gdk-pixbuf2 loader enables local attackers to achieve code execution via crafted images. Affects libsixel versions through 1.8.7 when compiled with --with-gdk-pixbuf2 option. The vulnerability stems from inconsistent memory management in load_with_gdkpixbuf(), which manually frees reference-counted frame objects, leaving dangling pointers that callbacks can access post-cleanup. CVSS 7.8 (High) with local attack vector requiring user interaction. Fixed in version 1.8.7-r1. No confirmed active exploitation (CISA KEV), though proof-of-concept feasibility is high given the deterministic nature of the memory corruption.

Information Disclosure RCE Memory Corruption +3
NVD GitHub
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Use-after-free in libsixel 1.8.7 and earlier enables local attackers to crash applications or execute arbitrary code via crafted SIXEL image frames. The vulnerability occurs when sixel_encoder_encode_bytes() processes resize operations that free caller-owned pixel buffers, creating dangling pointers exploitable through repeated, predictable frame manipulation. EPSS data not available; no confirmed active exploitation (not in CISA KEV), but the technical details suggest reliable exploitation potential for local privilege escalation or RCE scenarios.

Use After Free RCE Memory Corruption +1
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in openITCOCKPIT Community Edition (versions prior to 5.5.2) allows authenticated users with host management permissions to execute arbitrary OS commands on the monitoring backend via command injection in host address fields. The vulnerability stems from unsanitized user input being expanded into Nagios/Icinga monitoring command templates and executed via shell, enabling full system compromise. CVSS score of 8.8 reflects network-accessible attack with low complexity requiring only low-privilege authentication. No public exploit identified at time of analysis, with EPSS data unavailable for this recently disclosed CVE.

Command Injection RCE Openitcockpit
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

Heap-based buffer overflow in Adobe Bridge 16.0.2, 15.1.4, and earlier versions enables arbitrary code execution with victim's privileges when processing maliciously crafted files. Attack requires local access and user interaction (opening a weaponized file). CVSS 7.8 (High) reflects significant impact but local-only attack vector. No public exploit identified at time of analysis, and exploitation probability remains moderate given the user interaction requirement and local access constraint.

Heap Overflow Buffer Overflow RCE +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe Illustrator 30.2, 29.8.5 and earlier versions allows unauthenticated local attackers to execute malicious code with current user privileges via crafted file exploitation. The vulnerability requires user interaction (opening a malicious file) but has low attack complexity once delivered. No public exploit identified at time of analysis, with EPSS data unavailable for risk quantification. The out-of-bounds write flaw affects memory management during file parsing operations.

Buffer Overflow RCE Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe Bridge 16.0.2, 15.1.4 and earlier allows local attackers to execute malicious code with current user privileges through specially crafted files. CVSS 7.8 (High) with EPSS data not available. No public exploit identified at time of analysis. Exploitation requires victim to open a malicious Bridge file, making this a realistic threat for targeted attacks using phishing or social engineering delivery methods.

Heap Overflow Buffer Overflow RCE +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Heap-based buffer overflow in Adobe Bridge 16.0.2, 15.1.4, and earlier allows arbitrary code execution with user privileges when processing malicious files. CVSS 7.8 (High) reflects the local attack vector requiring victim interaction to open a crafted file. No public exploit identified at time of analysis, with SSVC framework rating this as non-automatable but capable of total technical impact. Exploitation requires social engineering to deliver the malicious file to the target user.

Heap Overflow Buffer Overflow RCE +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Heap-based buffer overflow in Adobe Bridge 16.0.2, 15.1.4, and earlier versions enables arbitrary code execution with user privileges when processing maliciously crafted files. CVSS 7.8 reflects high impact across confidentiality, integrity, and availability, requiring local access and user interaction. CISA SSVC framework categorizes this as non-automatable with total technical impact. No public exploit identified at time of analysis, and vendor has released security advisory APSB26-39 addressing the vulnerability.

Heap Overflow Buffer Overflow RCE +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution via heap-based buffer overflow in Adobe Bridge (versions 16.0.2, 15.1.4 and earlier) allows local attackers to execute code in the user's security context by tricking victims into opening specially crafted malicious files. No public exploit identified at time of analysis, with SSVC assessment indicating no current exploitation, non-automatable attack requiring user interaction, and total technical impact upon successful compromise.

Heap Overflow Buffer Overflow RCE +1
NVD VulDB
EPSS 0% CVSS 9.3
CRITICAL Act Now

Sandbox escape in Terrarium enables arbitrary code execution with root privileges on the host system through JavaScript prototype chain traversal. This local attack requires no authentication or user interaction and breaks out of the sandbox entirely (scope change from container to host). CERT/CC publicly disclosed the vulnerability (VU#414811). EPSS probability is very low at 0.02% (5th percentile), and CISA SSVC indicates no active exploitation detected. Despite the critical 9.3 CVSS score, real-world risk appears limited by local attack vector and absence of widespread targeting, though the total technical impact (root-level host compromise) makes this severe for any deployment running untrusted code in Terrarium sandboxes.

RCE
NVD GitHub
EPSS 2% CVSS 9.6
CRITICAL Act Now

Remote code execution in Adobe Connect 12.10 and earlier (including 2025.3) allows unauthenticated attackers to execute arbitrary code by exploiting unsafe deserialization. Attack requires no user interaction despite UI:R in CVSS vector, with scope change enabling container escape or privilege escalation beyond the application context. Adobe released patch APSB26-37. EPSS score of 1.50% (81st percentile) indicates moderate exploitation probability. No active exploitation confirmed (SSVC: exploitation=none), but deserialization flaws are commonly targeted once details emerge.

RCE Deserialization Adobe
NVD
EPSS 1% CVSS 9.3
CRITICAL Act Now

Remote code execution in Adobe Connect 12.10 and earlier allows unauthenticated network attackers to execute arbitrary code via deserialization of untrusted data. The vulnerability has changed scope (CVSS 9.3), enabling impact beyond the vulnerable component. Adobe issued patch APSB26-37. EPSS indicates 81st percentile risk with 1.44% probability, and CISA SSVC reports no active exploitation. The CVSS vector conflicts with the description: vector indicates user interaction required (UI:R) while description states 'does not require user interaction' - verify actual interaction requirements with Adobe advisory.

RCE Deserialization Adobe
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Heap-based buffer overflow in Adobe InDesign Desktop versions 20.5.2, 21.2 and earlier enables arbitrary code execution with high impact to confidentiality, integrity, and availability when users open malicious files. The vulnerability requires local access and user interaction (opening a crafted document), with no authentication barriers (CVSS PR:N). No public exploit identified at time of analysis, and CISA SSVC framework rates this as non-exploited with total technical impact but not automatable, indicating targeted attack potential rather than mass exploitation risk.

Heap Overflow Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Heap-based buffer overflow in Adobe InDesign Desktop versions 20.5.2, 21.2 and earlier enables arbitrary code execution with high integrity and confidentiality impact when users open specially crafted malicious files. No public exploit identified at time of analysis. CVSS 7.8 reflects local attack vector requiring user interaction but no authentication, with complete system compromise potential in user context. EPSS risk data not available; exploitation requires social engineering to deliver malicious InDesign document.

Heap Overflow Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Heap-based buffer overflow in Adobe InDesign Desktop versions 20.5.2, 21.2 and earlier enables arbitrary code execution with high confidentiality, integrity, and availability impact when users open malicious files. No public exploit identified at time of analysis. Attack requires local access and user interaction (opening a crafted file), with low attack complexity and no authentication requirements (CVSS:3.1 AV:L/AC:L/PR:N/UI:R). EPSS risk data not available; vulnerability enables complete system compromise in user context.

Heap Overflow Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe InDesign Desktop versions 20.5.2, 21.2 and earlier allows unauthenticated attackers to execute malicious code with current user privileges through maliciously crafted files. The use-after-free vulnerability requires user interaction (opening a weaponized InDesign file) but offers high impact across confidentiality, integrity, and availability. EPSS data not provided; no public exploit identified at time of analysis. Exploitation likelihood increased by low attack complexity (CVSS AC:L) requiring only basic social engineering to deliver malicious files.

Denial Of Service Use After Free RCE +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Heap-based buffer overflow in Adobe InDesign Desktop 20.5.2, 21.2 and earlier enables arbitrary code execution with high confidentiality, integrity, and availability impact. Attack requires local access and user interaction (victim opens malicious InDesign file), with low attack complexity and no authentication barriers. CVSS 7.8 reflects significant impact once social engineering succeeds. No CISA KEV listing indicates no confirmed active exploitation at time of analysis. Adobe has published security advisory APSB26-32 addressing this vulnerability.

Buffer Overflow RCE Heap Overflow +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe InDesign Desktop versions through 21.2 allows unauthenticated attackers to execute malicious code with full user privileges by exploiting an out-of-bounds write vulnerability via a specially crafted InDesign file. Attack requires local access and user interaction to open the malicious document. No public exploit identified at time of analysis, though CVSS 7.8 reflects high impact if successfully exploited. Adobe has released security bulletin APSB26-32 addressing this memory corruption flaw.

Buffer Overflow RCE Memory Corruption +1
NVD
EPSS 0% CVSS 8.6
HIGH This Week

Prototype pollution in Adobe Acrobat Reader allows arbitrary code execution when victims open malicious PDF files. Affects Acrobat Reader versions through 26.001.21411, 24.001.30360, and 24.001.30362. Attack requires local file access with user interaction (CVSS AV:L/UI:R) but achieves scope change and full CIA impact (S:C/C:H/I:H/A:H), yielding CVSS 8.6. No public exploit identified at time of analysis. Vendor advisory available from Adobe (APSB26-44). EPSS data not provided; exploitation status limited to user-interaction-dependent local attack vector.

Prototype Pollution Adobe RCE
NVD
EPSS 0% CVSS 8.1
HIGH This Week

Remote code execution in Fortinet FortiAnalyzer Cloud and FortiManager Cloud versions 7.6.2 through 7.6.4 allows unauthenticated remote attackers to execute arbitrary code via crafted network requests exploiting a heap-based buffer overflow (CWE-122). Attack complexity is rated high due to ASLR and network segmentation defenses requiring significant exploitation preparation. CVSS score of 8.1 reflects the critical impact despite defensive barriers. No public exploit identified at time of analysis, though the vulnerability's disclosure by Fortinet suggests patch availability through their security advisory FG-IR-26-121.

Buffer Overflow Fortinet RCE +1
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Stored XSS in Autodesk Fusion desktop application allows local attackers to execute arbitrary code or read local files through malicious component names displayed in delete confirmation dialogs. When a user clicks the crafted payload, the vulnerability escalates from XSS to potential local code execution within the application context. Vendor-released patches available for Windows and macOS. No public exploit identified at time of analysis, though the attack vector is local (CVSS:3.1/AV:L) requiring user interaction but no authentication (PR:N), with CVSS 7.1 reflecting high confidentiality and integrity impact.

RCE XSS Fusion
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Stored cross-site scripting (XSS) in Autodesk Fusion desktop application allows local attackers to execute arbitrary code or read local files by crafting malicious HTML payloads in design names that trigger when exported to CSV format. The vulnerability requires no authentication but depends on user interaction (opening the exported CSV). Vendor patch available via updated client installers for Windows and macOS. No evidence of active exploitation (not in CISA KEV) or public proof-of-concept code identified at time of analysis.

RCE XSS Fusion
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Stored cross-site scripting in Autodesk Fusion desktop application enables arbitrary code execution when malicious assembly variant names render in delete confirmation dialogs. Attackers can craft HTML payloads that execute in the application context, enabling local file access and code execution with user privileges (CVSS 7.1, local attack vector requiring user interaction). Vendor-released patch available via official Fusion client installers for Windows and macOS. No public exploit identified at time of analysis.

RCE XSS Fusion
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

Unauthenticated attackers can execute arbitrary WordPress shortcodes in the Germanized for WooCommerce plugin (all versions up to 3.20.5) via the 'account_holder' parameter, which bypasses shortcode validation in the do_shortcode() function. This enables remote code execution with medium severity (CVSS 6.5) affecting any WordPress site with the vulnerable plugin installed. No public exploit code or active exploitation has been confirmed at the time of analysis.

Code Injection RCE WordPress
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Arbitrary command and code execution in PraisonAI's workflow engine (versions <4.5.139) and praisonaiagents (<1.5.140) allows remote unauthenticated attackers to execute shell commands and Python code through malicious YAML workflow files. The vulnerability stems from unsafe processing of 'run:', 'script:', and 'python:' directives in job-type workflows without validation or sandboxing. With a critical CVSS score of 9.8 and network-accessible attack vector requiring no privileges or user interac

RCE Command Injection Python
NVD GitHub
EPSS 0% CVSS 8.4
HIGH PATCH This Week

Arbitrary Python code execution in PraisonAI ≤4.5.138 occurs when malicious tools.py files are automatically imported from the current working directory without validation. Attackers placing a crafted tools.py in shared projects, cloned repositories, or writable workspaces achieve immediate code execution with full process privileges upon PraisonAI startup. EPSS data not available, but the local attack vector (AV:L) requiring no privileges (PR:N) or user interaction (UI:N) enables exploitation through supply chain and workspace poisoning attacks. No public exploit identified at time of analysis, though the vulnerability is trivial to exploit given the straightforward code injection mechanism.

Code Injection RCE Python
NVD GitHub
EPSS 0% CVSS 7.2
HIGH This Week

Local file inclusion in BackWPup WordPress plugin versions ≤5.6.6 allows authenticated administrators to read sensitive configuration files or achieve remote code execution via path traversal bypass in the `/wp-json/backwpup/v1/getblock` REST endpoint. The vulnerability stems from insufficient sanitization using non-recursive `str_replace()`, enabling crafted sequences like `....//` to bypass filtering. While requiring high privileges (PR:H), the plugin's permission delegation feature allows administrators to grant backup management rights to lower-privileged users, expanding the attack surface. No public exploit or active exploitation (CISA KEV) confirmed at time of analysis, though CVSS 7.2 reflects high confidentiality, integrity, and availability impact.

PHP Path Traversal WordPress +1
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Unauthenticated remote code execution via JMX monitoring port affects Talend JobServer and Talend Runtime (CVSS 9.8). Attackers can exploit the exposed JMX interface without authentication to execute arbitrary code with JobServer privileges. Vendor-released patches available (Talend ESB Runtime R2024-07-RT). No confirmed active exploitation (CISA KEV status: NO), but the trivial attack complexity (AC:L) and network accessibility (AV:N) present significant risk for exposed instances. EPSS data not provided.

RCE Talend Jobserver Talend Runtime
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

MaxKB versions 2.7.1 and below allow authenticated administrators to trigger arbitrary code execution on their own workstations through improper CSV formula sanitization in the chat export feature. When exporting chat history to Excel via the /admin/api/workspace/{workspace_id}/application/{application_id}/chat/export endpoint, formula strings (e.g., =cmd|'/c calc'!A1) are written unsanitized to the .xlsx file, enabling Dynamic Data Exchange (DDE) exploitation when the file is opened in Microsoft Excel. No public exploit code has been identified, but the vulnerability represents a high-impact attack path for administrators with legitimate export access and is a direct repeat of a previously patched flaw (CVE-2025-4546) that was incompletely remediated across the codebase.

RCE Microsoft
NVD GitHub
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

MaxKB versions 2.7.1 and below allow authenticated attackers with workspace privileges to execute arbitrary code by exploiting a sandbox escape vulnerability in the ToolExecutor component. By leveraging Python's ctypes library to invoke raw system calls and bypassing the LD_PRELOAD-based sandbox.so module through the unblocked pkey_mprotect syscall, attackers can achieve remote code execution, enabling network exfiltration and container compromise. This vulnerability is confirmed fixed in version 2.8.0, and no public exploit code has been identified at time of analysis.

RCE Python
NVD GitHub
Prev Page 25 of 355 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy