Skip to main content

RCE

31889 CVEs technique

Monthly

CVE-2025-65115 HIGH PATCH This Week

Remote code execution in Hitachi's JP1/IT Desktop Management suite allows authenticated network attackers to execute arbitrary code on Windows systems running Manager, Operations Director, and Client components. Affects multiple product generations spanning versions 9.x through 13.x across nine distinct product lines. CVSS score of 8.8 reflects network-accessible attack surface with low complexity requiring only low-privilege authentication. No public exploit identified at time of analysis, though CWE-73 (external control of file name or path) indicates potential for path traversal-based exploitation. Hitachi has released patches addressing versions 13-50-02, 13-11-04, 13-10-07, 13-01-07, 13-00-05, and 12-60-12 for actively supported products.

RCE Microsoft
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-0740 CRITICAL POC Act Now

Unauthenticated arbitrary file upload in Ninja Forms - File Uploads plugin for WordPress (versions ≤3.3.26) enables remote code execution through missing file type validation in the upload handler. Attackers can upload malicious PHP files without authentication, achieving complete server compromise. CVSS 9.8 (Critical) with CVSS:3.1/AV:N/AC:L/PR:N/UI:N indicates network-based exploitation requiring no privileges or user interaction. Fully patched in version 3.3.27 following a partial fix in 3.3.25. No public exploit identified at time of analysis, though the vulnerability class (CWE-434: Unrestricted Upload of File with Dangerous Type) is well-understood and readily exploitable.

WordPress File Upload RCE
NVD VulDB Exploit-DB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2024-36057 CRITICAL Act Now

Koha Library before 23.05.10 fails to sanitize user-controllable filenames prior to unzipping, leading to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Code Injection
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-70844 PHP MEDIUM This Month

Stored cross-site scripting (XSS) in yaffa v2.0.0 allows unauthenticated remote attackers to inject malicious JavaScript via the 'Add Account Group' function, enabling arbitrary script execution in the browsers of users who view the affected page. The vulnerability requires user interaction (clicking/viewing) to trigger but can compromise account confidentiality and integrity for affected users. EPSS exploitation probability is minimal at 0.02%, indicating low real-world exploitation likelihood despite the moderate CVSS score of 6.1.

RCE XSS Code Injection
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-30460 HIGH This Week

Authenticated remote code execution in Daylight Studio FuelCMS version 1.5.2 allows low-privileged users to execute arbitrary code via the Blocks module. CVSS 8.8 rating indicates network-accessible attack requiring low-complexity exploitation without user interaction, enabling full system compromise (confidentiality, integrity, availability impact). No public exploit identified at time of analysis. Low observed exploitation activity (EPSS 0.02%).

RCE Code Injection N A
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-39305 PyPI CRITICAL PATCH GHSA Act Now

Arbitrary file write via path traversal in PraisonAI's Action Orchestrator allows compromised agents to overwrite critical system files and achieve remote code execution. The vulnerability affects the praisonai pip package, where unsanitized user input in file operation targets enables directory traversal attacks using '../' sequences. Public exploit code exists with detailed proof-of-concept demonstrating overwrite of SSH keys and shell configuration files. Despite CVSS 9.0 (Critical), EPSS score is 2% (4th percentile), indicating low observed exploitation probability in the wild. Vendor patch released in version 4.5.113.

Python RCE Path Traversal
NVD GitHub
CVSS 3.1
9.0
EPSS
0.0%
CVE-2026-39307 PyPI HIGH PATCH GHSA This Week

Arbitrary file write in PraisonAI's template installation feature allows remote attackers to overwrite system files when users install malicious templates via social engineering. The vulnerability stems from unsafe ZIP extraction in templates.py using Python's zipfile.extractall() without path validation, enabling classic Zip Slip attacks. Public exploit code exists with proof-of-concept demonstrating /tmp file creation via path traversal. EPSS probability is low (0.04%, 13th percentile) indicating limited observed exploitation attempts, though the attack requires only user interaction (CVSS UI:R) to achieve high integrity and availability impact. Vendor patch released in version 4.5.113 per GitHub advisory GHSA-4ph2-f6pf-79wv.

Python RCE
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-35197 MEDIUM PATCH This Month

Arbitrary code execution in dye color library versions prior to 1.1.1 allows authenticated local users with interactive UI access to execute arbitrary code through malicious template expressions. The vulnerability stems from unsafe evaluation of template syntax and requires local file system access and user interaction. No public exploits have been identified; the vulnerability was discovered and remediated by the author.

RCE Code Injection Dye
NVD GitHub
CVSS 3.1
6.6
EPSS
0.0%
CVE-2026-35178 CRITICAL PATCH Act Now

Remote code execution in Workbench (forceworkbench) versions prior to 65.0.0 allows network-based attackers to execute arbitrary code by exploiting unsafe processing of attacker-controlled cookie values during timezone conversion operations. The vulnerability requires user interaction (CVSS UI:P) but no authentication (PR:N), enabling compromise of both the vulnerable component and other system components (scope change: SC:H/SI:H). EPSS score of 0.51% (66th percentile) indicates moderate exploitation probability. No active exploitation confirmed in CISA KEV at time of analysis. Vendor-released patch available in version 65.0.0 with public GitHub advisory and fix PR.

RCE Code Injection Forceworkbench
NVD GitHub VulDB
CVSS 4.0
9.3
EPSS
0.5%
CVE-2026-35174 CRITICAL PATCH Act Now

Path traversal in Chyrp Lite administration console allows privileged users with Change Settings permissions to manipulate the uploads path, enabling arbitrary file read (including database credentials from config.json.php) and arbitrary file write leading to remote code execution. Affects all versions prior to 2026.01. CVSS 9.1 (Critical) reflects post-authentication impact with scope change. EPSS data not available; no public exploit identified at time of analysis, no CISA KEV listing.

RCE Path Traversal PHP
NVD GitHub
CVSS 3.1
9.1
EPSS
0.3%
CVE-2026-35164 HIGH PATCH This Week

Remote code execution in Brave CMS versions prior to 2.0.6 allows authenticated users to upload and execute arbitrary PHP scripts through the CKEditor upload functionality. The vulnerability stems from unrestricted file upload in the ckupload method of CkEditorController.php, which fails to validate uploaded file types. No public exploit identified at time of analysis, though the attack requires only low-privilege authentication (PR:L) with low complexity (AC:L). CVSS 8.8 High severity reflects the complete system compromise possible post-authentication.

File Upload PHP RCE
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-35047 CRITICAL PATCH Act Now

Unrestricted file upload in BraveCMS 2.0 (prior to 2.0.6) enables remote attackers to execute arbitrary code on the server without authentication. The CKEditor endpoint accepts malicious file uploads including executable scripts, leading to full remote code execution with CVSS 9.3 severity. EPSS data unavailable, no confirmed active exploitation (not in CISA KEV), but upstream fix is available via GitHub commit and version 2.0.6 release. Attack complexity is low with network-accessible vector requiring no privileges or user interaction, making this a critical exposure for internet-facing BraveCMS installations.

File Upload RCE Bravecms 2 0
NVD GitHub
CVSS 4.0
9.3
EPSS
0.4%
CVE-2024-14032 HIGH POC This Week

Twitch Studio version 0.114.8 and prior contain a privilege escalation vulnerability in its privileged helper tool that allows local attackers to execute arbitrary code as root by exploiting an. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation RCE Authentication Bypass Twitch Studio
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-34444 PyPI HIGH PATCH GHSA This Week

Arbitrary code execution in Lupa (Python-Lua integration library) versions ≤2.6 allows unauthenticated remote attackers to bypass attribute filtering controls via Python's getattr/setattr built-ins. The vulnerability enables attackers to circumvent sandbox restrictions designed to limit Lua runtime access to sensitive Python objects, ultimately achieving code execution in the CPython host process. EPSS data unavailable; no CISA KEV listing or public exploit identified at time of analysis, though exploitation complexity is low per CVSS vector (AC:L, PR:N).

RCE Authentication Bypass Lupa
NVD GitHub VulDB
CVSS 4.0
7.9
EPSS
0.1%
CVE-2026-33727 MEDIUM PATCH This Month

Pi-hole 6.4 allows local privilege escalation to root code execution via insecure sourcing of attacker-controlled content in /etc/pihole/versions by root-run scripts. A compromised low-privilege pihole account can inject malicious code that executes with root privileges, despite the pihole account using nologin shell. This vulnerability is fixed in version 6.4.1.

Privilege Escalation RCE Pi Hole
NVD GitHub
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-26026 CRITICAL PATCH Act Now

Remote code execution in GLPI asset management software versions 11.0.0 through 11.0.5 allows authenticated administrators to execute arbitrary code via template injection. The vulnerability requires high privileges (administrator access) but enables complete system compromise with changed scope, indicating potential breakout from the application context. CVSS 9.1 (Critical). No public exploit identified at time of analysis, with EPSS data unavailable for this recent CVE. Fixed in version 11.0.6.

RCE Code Injection Glpi
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-5631 MEDIUM POC This Month

Remote code injection in gpt-researcher (assafelovic) versions up to 3.4.3 allows unauthenticated attackers to execute arbitrary code via the WebSocket endpoint's extract_command_data function. The vulnerability stems from improper input validation of the 'args' parameter in backend/server/server_utils.py. Publicly available exploit code exists (GitHub issue #1694), though confirmed active exploitation (CISA KEV) has not been reported. With CVSS 7.3 and network-accessible attack vector requiring no authentication, this represents a significant risk to exposed instances, though vendor response remains pending.

Code Injection RCE Gpt Researcher
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2019-25687 CRITICAL POC Act Now

Pegasus CMS 1.0 contains a remote code execution vulnerability in the extra_fields.php plugin that allows unauthenticated attackers to execute arbitrary commands by exploiting unsafe eval. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal RCE
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
0.3%
CVE-2019-25685 HIGH POC This Week

phpBB contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by exploiting the plupload functionality and phar:// stream wrapper. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal File Upload RCE
NVD Exploit-DB
CVSS 4.0
8.7
EPSS
0.1%
CVE-2019-25681 HIGH POC This Week

Xlight FTP Server 3.9.1 contains a structured exception handler (SEH) overwrite vulnerability that allows local attackers to crash the application and overwrite SEH pointers by supplying a crafted. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE Xlight
NVD Exploit-DB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2019-25679 HIGH POC This Week

RealTerm Serial Terminal 2.0.0.70 contains a structured exception handling (SEH) buffer overflow vulnerability in the Echo Port tab that allows local attackers to execute arbitrary code by supplying. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE Realterm
NVD Exploit-DB
CVSS 4.0
8.5
EPSS
0.0%
CVE-2019-25676 HIGH POC This Week

Ask Expert Script 3.0.5 contains cross-site scripting and SQL injection vulnerabilities that allow unauthenticated attackers to inject malicious code by manipulating URL parameters. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS SQLi RCE
NVD Exploit-DB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2019-25673 HIGH POC This Week

UniSharp Laravel File Manager v2.0.0-alpha7 and v2.0 contain an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by sending multipart form data to the. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload RCE
NVD Exploit-DB GitHub
CVSS 4.0
8.7
EPSS
0.1%
CVE-2019-25671 HIGH POC This Week

VA MAX 8.3.4 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by injecting shell metacharacters into the mtu_eth0 parameter. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal RCE Apache
NVD Exploit-DB
CVSS 4.0
8.7
EPSS
0.4%
CVE-2019-25670 HIGH POC This Week

River Past Video Cleaner 7.6.3 contains a structured exception handler buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE River Past Video Cleaner
NVD Exploit-DB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2019-25656 HIGH POC This Week

R i386 3.5.0 contains a local buffer overflow vulnerability in the GUI Preferences dialog that allows local attackers to trigger a structured exception handler (SEH) overwrite by supplying malicious. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE R I386
NVD Exploit-DB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2026-5594 LOW POC Monitor

Remote code execution in premAI-io premsql up to version 0.2.1 allows authenticated remote attackers to achieve arbitrary code execution through code injection via manipulation of the result argument in the eval function located in premsql/agents/baseline/workers/followup.py. Publicly available exploit code exists for this vulnerability, and the vendor has not responded to early disclosure attempts, leaving affected deployments without an official patch.

RCE Code Injection Premsql
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-5584 MEDIUM POC This Month

Remote code execution in Fosowl agenticSeek 0.1.0 allows unauthenticated attackers to inject arbitrary Python code via the PyInterpreter.execute function in the query endpoint, enabling full system compromise. The vulnerability exploits unsafe code execution in the component responsible for interpreting user-supplied queries. Publicly available exploit code exists, and the vendor has not responded to early disclosure notifications.

Code Injection RCE Agenticseek
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-5562 MEDIUM POC This Month

Code injection in Provectus kafka-ui up to version 0.7.2 allows unauthenticated remote attackers to execute arbitrary code via the validateAccess function in the /api/smartfilters/testexecutions endpoint. The vulnerability has publicly available exploit code and carries a CVSS 6.9 score reflecting moderate but meaningful real-world risk; the vendor was contacted early but provided no response, suggesting no patch is anticipated.

Code Injection RCE Kafka Ui
NVD VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2026-5556 LOW POC Monitor

Code injection in badlogic pi-mono up to version 0.58.4 allows authenticated remote attackers to achieve remote code execution through the discoverAndLoadExtensions function in the extension loader module. Publicly available exploit code exists, and the vendor has not responded to early disclosure notifications despite contact attempts. The vulnerability carries moderate CVSS scoring (6.3) but represents a significant risk due to public exploit availability and lack of vendor engagement.

Code Injection RCE Pi Mono
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2018-25255 HIGH POC This Week

10-Strike LANState 8.8 contains a local buffer overflow vulnerability in structured exception handling that allows local attackers to execute arbitrary code by crafting malicious LSM map files. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Memory Corruption Strike Lanstate
NVD Exploit-DB VulDB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2018-25254 CRITICAL POC Act Now

NICO-FTP 3.0.1.19 contains a structured exception handler buffer overflow vulnerability that allows remote attackers to execute arbitrary code by sending crafted FTP commands. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Memory Corruption Nico Ftp
NVD Exploit-DB VulDB
CVSS 4.0
9.3
EPSS
0.2%
CVE-2018-25251 HIGH POC This Week

Snes9K 0.0.9z contains a buffer overflow vulnerability in the Netplay Socket Port Number field that allows local attackers to trigger a structured exception handler (SEH) overwrite. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Memory Corruption Snes9K 0 0 9Z
NVD Exploit-DB VulDB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2016-20052 CRITICAL POC Act Now

Snews CMS 1.7 contains an unrestricted file upload vulnerability that allows unauthenticated attackers to upload arbitrary files including PHP executables to the snews_files directory. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP
NVD Exploit-DB VulDB
CVSS 4.0
9.3
EPSS
0.2%
CVE-2025-14938 MEDIUM This Month

Unauthenticated arbitrary media upload in Listeo Core plugin for WordPress (versions up to 2.0.27) allows remote attackers to upload arbitrary files to the site's media library via the unprotected listeo_core_handle_dropped_media AJAX endpoint. The vulnerability stems from missing authorization checks and does not directly enable code execution, but significantly degrades site integrity by enabling malicious file storage and potential downstream attacks.

WordPress File Upload RCE
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-3309 MEDIUM This Month

Arbitrary shortcode execution in ProfilePress plugin for WordPress (all versions up to 4.16.11) allows unauthenticated attackers to execute arbitrary shortcodes by injecting malicious code into billing field values during checkout, potentially leading to information disclosure or content manipulation. The vulnerability stems from insufficient sanitization of user-supplied input before shortcode processing. Wordfence has documented this issue with a CVSS score of 6.5 and no confirmed active exploitation at time of analysis.

WordPress Code Injection RCE
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-35464 PyPI HIGH GHSA This Week

Arbitrary code execution in pyload-ng via pickle deserialization allows non-admin users with SETTINGS and ADD permissions to write malicious session files and trigger unauthenticated RCE. Attackers redirect the download directory to Flask's session store (/tmp/pyLoad/flask), plant a crafted pickle payload as a predictable session filename, then trigger deserialization by sending any HTTP request with the corresponding session cookie. This bypasses CVE-2026-33509 fix controls because storage_folder was not added to ADMIN_ONLY_OPTIONS. No public exploit identified at time of analysis, though detailed proof-of-concept methodology is documented in the advisory. EPSS data not available for this recent CVE.

RCE Deserialization Docker Python
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-35463 PyPI HIGH PATCH GHSA This Week

Remote code execution in pyLoad download manager allows authenticated non-admin users with SETTINGS permission to execute arbitrary system commands via the AntiVirus plugin configuration. The vulnerability stems from incomplete enforcement of admin-only security controls: while core configuration options like reconnect scripts and SSL certificates require admin privileges, plugin configuration lacks this protection. Attackers can modify the AntiVirus plugin's executable path (avfile) parameter, which is directly passed to subprocess.Popen() without validation, achieving command execution when file downloads complete. CVSS 8.8 reflects network-accessible attack with low complexity requiring only low-privilege authentication. No active exploitation confirmed (not in CISA KEV), but detailed proof-of-concept exists in the GitHub security advisory.

Python RCE Privilege Escalation Command Injection
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2026-35394 npm HIGH PATCH NEWS GHSA This Week

Arbitrary Android intent execution in mobile-mcp npm package (versions <0.0.50) allows remote attackers to trigger USSD codes, phone calls, SMS drafting, and content provider access through unvalidated URL schemes passed to adb shell commands. Attack vector exploits AI agent prompt injection: malicious documents can instruct connected AI systems to execute dangerous intents on paired Android devices. CVSS 8.3 (Network/Low complexity/No privileges/User interaction required). Publicly available exploit code exists. Vendor-released patch available (version 0.0.50+).

RCE Google
NVD GitHub
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-35044 PyPI HIGH PATCH GHSA This Week

Remote code execution in BentoML's containerization workflow allows attackers to execute arbitrary Python code on victim machines by distributing malicious bento archives containing SSTI payloads. When victims import a weaponized bento and run 'bentoml containerize', unsanitized Jinja2 template rendering executes attacker-controlled code directly on the host system - bypassing all Docker container isolation. The vulnerability stems from using an unsandboxed jinja2.Environment with the dangerous jinja2.ext.do extension to process user-provided dockerfile_template files. Authentication is not required (CVSS PR:N), though exploitation requires user interaction (UI:R) to import and containerize the malicious bento. No public exploit identified at time of analysis, though the GitHub advisory includes detailed proof-of-concept demonstrating host filesystem compromise.

Python Docker RCE Ssti
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-34612 CRITICAL Act Now

SQL injection in Kestra orchestration platform's flow search endpoint (GET /api/v1/main/flows/search) enables remote code execution on the underlying PostgreSQL host. Authenticated users can trigger the vulnerability by visiting a malicious link, exploiting PostgreSQL's COPY TO PROGRAM feature to execute arbitrary OS commands on the Docker container host. Affects Kestra versions prior to 1.3.7 in default docker-compose deployments. With CVSS 9.9 (Critical) and low attack complexity requiring only low-privilege authentication, this represents a severe risk for container escape and host compromise scenarios.

Docker SQLi PostgreSQL RCE
NVD GitHub VulDB
CVSS 3.1
9.9
EPSS
0.1%
CVE-2026-34787 MEDIUM This Month

Local file inclusion in Emlog admin/plugin.php allows authenticated attackers to execute arbitrary PHP code via unsanitized $plugin parameter in GET requests, provided CSRF token validation can be bypassed. Emlog versions 2.6.2 and prior are affected. An authenticated attacker with high privileges can include arbitrary files from the server filesystem, achieving remote code execution without requiring user interaction. No public exploit code or active exploitation has been confirmed at time of analysis.

LFI CSRF PHP RCE
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-34607 HIGH This Week

Path traversal in Emlog CMS 2.6.2 and earlier enables authenticated administrators to achieve remote code execution by uploading malicious ZIP archives containing directory traversal sequences. The emUnZip() function fails to sanitize entry paths during plugin/template uploads and backup imports, allowing arbitrary file writes including PHP webshells. CVSS 7.2 (High) with network attack vector and low complexity. No vendor-released patch identified at time of analysis; publicly available exploit code exists via GitHub Security Advisory GHSA-2jg8-rmhm-xv9m.

RCE Path Traversal PHP
NVD GitHub
CVSS 3.1
7.2
EPSS
0.3%
CVE-2026-35043 PyPI HIGH PATCH GHSA This Week

Command injection in BentoML's cloud deployment path allows remote code execution on BentoCloud build infrastructure via malicious bentofile.yaml configurations. While commit ce53491 fixed command injection in local Dockerfile generation by adding shlex.quote protection, the cloud deployment code path (deployment.py:1648) remained vulnerable, directly interpolating system_packages into shell commands without sanitization. Attackers can inject shell metacharacters through bentofile.yaml to execut

RCE Command Injection Docker Ubuntu Kubernetes
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-35029 PyPI HIGH POC PATCH GHSA This Week

Remote code execution in BerriAI LiteLLM (pkg:pip/litellm) prior to v1.83.0 allows authenticated users without admin privileges to execute arbitrary Python code, modify proxy configuration, read server files, and hijack privileged accounts via an improperly protected /config/update endpoint. Authentication requirements not confirmed from available data. No public exploit identified at time of analysis, but the attack surface is well-documented in the vendor advisory. CVSS score unavailable; however, the combination of RCE capability and authentication bypass warrants immediate remediation for all LiteLLM deployments.

RCE Authentication Bypass Python
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.3%
CVE-2026-34208 npm CRITICAL PATCH GHSA Act Now

Sandbox escape in SandboxJS npm package allows unauthenticated remote attackers to mutate host JavaScript global objects (Math, JSON, etc.) and persist malicious code across sandbox instances. The vulnerability bypasses intended global-write protections by exploiting an exposed constructor callable path (this.constructor.call), enabling arbitrary property injection into host runtime globals. Exploitation probability is HIGH (EPSS not available for recent CVE), with publicly available exploit code demonstrating both immediate host contamination and cross-execution persistence. Critical impact: attacker-controlled globals can hijack application control flow when host code consumes mutated built-ins, escalating to arbitrary command execution when chained with application sinks like execSync().

Node.js RCE
NVD GitHub
CVSS 3.1
10.0
EPSS
0.1%
CVE-2018-25237 CRITICAL Act Now

Hirschmann HiSecOS devices versions prior to 05.3.03 contain a buffer overflow vulnerability in the HTTPS login interface when RADIUS authentication is enabled that allows remote attackers to crash. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service Hirschmann Hisecos Classic Firewall Eagle Eagle One
NVD
CVSS 4.0
9.3
EPSS
0.1%
CVE-2017-20237 CRITICAL Act Now

Hirschmann Industrial HiVision versions prior to 06.0.07 and 07.0.03 contains an authentication bypass vulnerability in the master service that allows unauthenticated remote attackers to execute. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Authentication Bypass
NVD VulDB
CVSS 4.0
9.3
EPSS
0.0%
CVE-2026-22661 HIGH PATCH This Week

Path traversal in prompts.chat skill file extraction allows unauthenticated remote attackers to write arbitrary files and execute code on client systems through malicious ZIP archives. The vulnerability (CVSS 8.6) stems from missing server-side filename validation enabling ../ sequences in archive filenames that overwrite shell initialization files during extraction. VulnCheck identified this issue; vendor-released patch available in commit 0f8d4c3. No public exploit identified at time of analysis, though EPSS data not available for risk quantification.

Path Traversal RCE Prompts Chat
NVD GitHub VulDB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2026-35558 HIGH PATCH This Week

Command injection in Amazon Athena ODBC driver versions prior to 2.1.0.0 allows local attackers to execute arbitrary code or hijack authentication flows through malicious connection parameters during user-initiated database connections. With a CVSS 7.3 rating, the vulnerability requires user interaction but no authentication (CVSS:4.0 AV:L/PR:N/UI:P), enabling high impact to confidentiality, integrity, and availability on the local system. Vendor-released patches are available across all platforms (Windows, Linux, macOS). No public exploit or active exploitation confirmed at time of analysis, though EPSS data not available for risk calibration.

RCE Command Injection Amazon Athena Odbc Driver
NVD VulDB
CVSS 4.0
7.3
EPSS
0.0%
CVE-2026-5485 HIGH PATCH This Week

Local code execution via command injection in Amazon Athena ODBC driver for Linux (pre-2.0.5.1) allows unauthenticated local attackers to execute arbitrary commands by crafting malicious connection parameters processed during user-initiated database connections. Vendor-released patches available across all platforms (version 2.1.0.0). No active exploitation confirmed (not in CISA KEV); CVSS 7.3 reflects high impact but requires local access and user interaction, limiting remote attack surface.

RCE Command Injection Amazon Athena Odbc Driver
NVD VulDB
CVSS 4.0
7.3
EPSS
0.0%
CVE-2026-0545 PyPI CRITICAL POC GHSA Act Now

MLflow's FastAPI job endpoints bypass basic-auth entirely, allowing network attackers to submit and execute jobs without credentials (CVSS 9.8, CWE-306). Affects mlflow/mlflow latest version when MLFLOW_SERVER_ENABLE_JOB_EXECUTION=true and job functions are allowlisted. Public POC exists per SSVC framework. EPSS score of 0.20% (42nd percentile) indicates low observed exploitation probability despite critical CVSS, suggesting targeted rather than widespread risk. Vendor-released patch not confirmed at time of analysis - remediation relies on configuration changes and service hardening.

Authentication Bypass RCE Denial Of Service Information Disclosure Mlflow Mlflow
NVD VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-35216 npm CRITICAL PATCH GHSA Act Now

Remote code execution in Budibase versions prior to 3.33.4 allows unauthenticated attackers to execute arbitrary Bash commands with root privileges inside the application container by exploiting public webhook endpoints that trigger automation workflows. The vulnerability stems from improper neutralization of special elements in OS commands (CWE-78) and requires no authentication, though the CVSS complexity is rated high (AC:H). A vendor-released patch is available in version 3.33.4, with the fix publicly documented in GitHub pull request #18238 and commit f0c731b4.

RCE Command Injection Budibase
NVD GitHub VulDB
CVSS 3.1
9.0
EPSS
0.3%
CVE-2025-7024 MEDIUM This Month

AIRBUS TETRA Connectivity Server 7.0 on Windows Server allows privilege escalation to SYSTEM via incorrect default directory permissions (CWE-276), enabling local authenticated attackers to execute arbitrary code by placing a crafted file in a vulnerable directory with user interaction. The vulnerability affects TETRA Connectivity Server version 7.0, with patches available for versions 8.0 and 9.0. No public exploit code or active exploitation in the wild has been identified at time of analysis.

Privilege Escalation RCE Microsoft
NVD VulDB
CVSS 4.0
5.6
EPSS
0.0%
CVE-2026-35171 PyPI CRITICAL PATCH GHSA Act Now

Remote code execution in Kedro (all versions prior to 1.3.0) allows unauthenticated network attackers to execute arbitrary system commands during application startup by poisoning the KEDRO_LOGGING_CONFIG environment variable. The vulnerability stems from unsafe use of Python's logging.config.dictConfig() with the special '()' factory key that enables arbitrary callable instantiation. With CVSS 9.8 (critical severity, network-exploitable, no privileges required, low complexity), this represents a

RCE Code Injection
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2026-35052 PyPI MEDIUM PATCH GHSA This Month

Remote code execution in D-Tale allows unauthenticated attackers to execute arbitrary code on servers hosting D-Tale publicly when using Redis or Shelf storage backends. The vulnerability stems from improper input validation in the storage layer, affecting D-Tale versions prior to 3.22.0. Vendor-released patch version 3.22.0 is available.

Redis RCE XSS
NVD GitHub
CVSS 4.0
5.3
EPSS
0.4%
CVE-2026-34773 npm MEDIUM PATCH GHSA This Month

Electron's setAsDefaultProtocolClient() on Windows fails to validate protocol names before writing to the Windows registry, allowing local authenticated attackers to hijack protocol handlers by writing to arbitrary HKCU\Software\Classes\ subkeys when apps pass untrusted input as the protocol parameter. The vulnerability affects Electron versions prior to 38.8.6, 39.8.1, 40.8.1, and 41.0.0, and requires local access and low privileges; no public exploit has been identified at time of analysis.

RCE Microsoft
NVD GitHub
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-34769 npm HIGH PATCH GHSA This Week

Command line injection in Electron via undocumented commandLineSwitches webPreference enables sandbox escape and security control bypass when applications spread untrusted configuration objects into webPreferences. Attackers can inject arbitrary command-line switches to disable renderer process sandboxing or web security protections, achieving local code execution with elevated privileges. CVSS 7.8 (High) with attack complexity HIGH requiring user interaction. No public exploit identified at time of analysis, though technical disclosure is public via GitHub advisory.

RCE
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-59710 HIGH This Week

Remote code execution in BizTalk360 before version 11.5 allows any authenticated user to upload a malicious DLL and trigger its execution on the server through an unprotected DLL-loading endpoint. The vulnerability stems from missing access controls on a method that loads and executes DLL files, enabling attackers with valid domain credentials to achieve arbitrary code execution without requiring elevated privileges.

RCE File Upload
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-34950 npm CRITICAL PATCH GHSA Act Now

JWT algorithm confusion in fast-jwt npm package allows remote attackers to forge authentication tokens with arbitrary claims by exploiting incomplete CVE-2023-48223 remediation. The vulnerability (CVSS 9.1 Critical) affects applications using RS256 with public keys containing leading whitespace-a common scenario in database-stored keys, YAML configurations, and environment variables. Attackers possessing the RSA public key (inherently public information) can craft HS256 tokens accepted as valid

RCE Python PostgreSQL
NVD GitHub
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-34838 CRITICAL PATCH Act Now

Remote Code Execution in Group-Office enterprise CRM via insecure deserialization allows authenticated attackers to write arbitrary files and execute code on the server. Affects all versions prior to 6.8.156, 25.0.90, and 26.0.12 across multiple product branches. CVSS 9.9 (Critical) with network-based attack vector requiring only low-privileged authentication. No public exploit identified at time of analysis, though the technical details in the GitHub Security Advisory provide sufficient impleme

Microsoft Deserialization RCE
NVD GitHub
CVSS 3.1
9.9
EPSS
0.5%
CVE-2026-35053 CRITICAL PATCH Act Now

Unauthenticated remote code execution in OneUptime monitoring platform (versions < 10.0.42) allows attackers to trigger arbitrary workflow execution with controlled input data via exposed Worker service ManualAPI endpoints. The vulnerability enables JavaScript code execution, notification system abuse, and data manipulation without any authentication requirement. CVSS 9.2 (Critical) with network attack vector and low complexity; no public exploit identified at time of analysis, though the authentication bypass combined with RCE capability presents immediate risk to exposed instances.

Authentication Bypass RCE Oneuptime
NVD GitHub
CVSS 4.0
9.2
EPSS
0.1%
CVE-2026-5429 HIGH PATCH This Week

Arbitrary code execution in AWS Kiro IDE versions prior to 0.8.140 occurs when a local user opens a maliciously crafted workspace containing an unsanitized color theme name, exploiting improper neutralization of input during webview generation. The attack requires user interaction (trusting the workspace when prompted) and can deliver full system compromise with high confidentiality, integrity, and availability impact. No public exploit identified at time of analysis, though SSVC framework rates technical impact as total with manual (non-automatable) exploitation potential.

XSS RCE Kiro Ide
NVD VulDB
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-34735 HIGH This Week

Remote code execution in Hytale Modding Wiki version 1.2.0 and earlier allows authenticated users to upload malicious PHP files through a MIME type validation bypass. The quickUpload() endpoint performs independent validation of file content (via MIME type) and filename extension, enabling attackers to craft files with benign content signatures but executable .php extensions. Uploaded files are stored in a publicly accessible location, allowing direct URL access for server-side code execution. EPSS data unavailable; publicly available exploit code exists per SSVC assessment. No vendor-released patch identified at time of analysis.

PHP File Upload RCE
NVD GitHub
CVSS 4.0
8.7
EPSS
0.1%
CVE-2024-44250 HIGH PATCH This Week

A permissions issue was addressed with additional restrictions. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

RCE Apple Privilege Escalation
NVD
CVSS 3.1
8.2
EPSS
0.1%
CVE-2026-34877 CRITICAL PATCH Act Now

Mbed TLS versions 2.19.0 through 3.6.5 and 4.0.0 allow remote code execution through memory corruption when attackers modify serialized SSL context or session structures. The vulnerability stems from insufficient validation of deserialized data, enabling arbitrary code execution on systems using affected versions. CISA KEV status and active exploitation data not confirmed in provided intelligence.

RCE Privilege Escalation Buffer Overflow Mbed Tls
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-35002 PyPI CRITICAL PATCH GHSA Act Now

Remote code execution in Agno prior to version 2.3.24 allows attackers to execute arbitrary Python code by manipulating the field_type parameter in FunctionCall objects, which is passed unsafely to eval(). The vulnerability affects all versions before 2.3.24 and requires network access to influence the field_type value, enabling complete system compromise through code injection in the model execution component.

Python RCE Code Injection Agno
NVD GitHub VulDB
CVSS 4.0
9.3
EPSS
0.4%
CVE-2026-2701 CRITICAL POC NEWS Act Now

Remote code execution in Progress ShareFile Storage Zones Controller versions up to 5.12.3 allows high-privileged authenticated users to upload and execute malicious files on the server. The CVSS 9.1 score reflects scope change and total system compromise. Publicly available exploit code exists (confirmed by Italian CERT), though EPSS probability remains low at 0.19% and no active exploitation is confirmed by CISA KEV. Real-world risk depends heavily on authentication controls and privileged account management in ShareFile deployments.

RCE File Upload Sharefile Storage Zones Controller
NVD
CVSS 3.1
9.1
EPSS
0.2%
CVE-2026-2699 CRITICAL POC PATCH NEWS Act Now

Unauthenticated remote code execution affects Progress ShareFile Storage Zones Controller versions up to 5.12.3 via unauthorized access to restricted configuration pages. Attackers can modify system configuration remotely without authentication, leading to complete system compromise. Publicly available exploit code exists (watchTowr Labs GitHub). EPSS score of 0.41% suggests relatively low observed exploitation despite critical CVSS 9.8 rating and POC availability. Vendor patch released per ShareFile security advisory.

RCE Sharefile Storage Zones Controller
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2026-0634 HIGH This Week

Local privilege escalation via command injection in TECNO Pova7 Pro 5G AssistFeedbackService allows unprivileged Android applications to execute arbitrary code with system privileges. The vulnerability affects all TECNO Pova7 Pro 5G firmware versions and requires local app installation but no user interaction or special permissions beyond app execution capability. No public exploit code or active exploitation has been confirmed at time of analysis.

Command Injection Google RCE
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-1540 HIGH POC PATCH This Week

Remote code execution in Spam Protect for Contact Form 7 WordPress plugin before version 1.2.10 allows authenticated users with editor-level privileges to achieve arbitrary code execution by crafting malicious headers that are logged to a PHP file. The vulnerability is publicly exploitable with proof-of-concept code available, making it a critical risk for WordPress installations using affected plugin versions.

WordPress PHP RCE Code Injection
NVD VulDB WPScan
CVSS 3.1
7.2
EPSS
0.0%
CVE-2026-4347 HIGH This Week

Arbitrary file movement in MW WP Form plugin for WordPress (all versions ≤5.1.0) allows unauthenticated remote attackers to relocate server files and achieve remote code execution by moving critical files like wp-config.php. Exploitation requires a form with file upload capability and database inquiry storage enabled. CVSS 8.1 with network attack vector and high attack complexity. EPSS data not provided; no public exploit or CISA KEV status identified at time of analysis, though Wordfence threat intelligence has documented the vulnerability with source code references.

WordPress PHP Path Traversal RCE File Upload
NVD VulDB
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-30332 HIGH This Week

TOCTOU race condition in Balena Etcher for Windows (versions prior to 2.1.4) enables local privilege escalation to arbitrary code execution when attackers replace legitimate scripts with malicious payloads during disk flashing operations. The vulnerability requires low privileges and user interaction but achieves high impact across confidentiality, integrity, and availability with scope change. No public exploit identified at time of analysis, though technical details are available via researcher disclosure (B1tBreaker). EPSS data not available, but the local attack vector and high complexity reduce immediate remote exploitation risk.

RCE Microsoft
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-34783 Go HIGH PATCH GHSA This Week

Path traversal in Ferret's IO::FS::WRITE and IO::FS::READ functions enables remote code execution when web scraping operators process attacker-controlled filenames. The vulnerability affects github.com/MontFerret/ferret (all v2.x and earlier versions), allowing malicious websites to write arbitrary files outside intended directories by injecting '../' sequences into filenames returned via scraped content. Attackers can achieve RCE by writing to /etc/cron.d/, ~/.ssh/authorized_keys, shell profile

Path Traversal RCE Privilege Escalation PHP Python
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.2%
CVE-2026-32928 HIGH This Week

Stack-based buffer overflow in Fuji Electric/Hakko Electronics V-SFT versions through 6.2.10.0 enables arbitrary code execution when processing malicious V7 project files. Local attackers can exploit this via social engineering to deliver weaponized files requiring user interaction to open. CVSS 8.4 reflects high impact across confidentiality, integrity, and availability. No public exploit identified at time of analysis, with EPSS data unavailable for this newly-assigned CVE. Japanese vulnerability coordination (JPCERT/JVN) indicates regional industrial control system exposure.

Buffer Overflow RCE Stack Overflow V Sft
NVD VulDB
CVSS 4.0
8.4
EPSS
0.0%
CVE-2026-32925 HIGH This Week

Stack-based buffer overflow in Fuji Electric/HAKKO Electronics V-SFT automation software (versions ≤6.2.10.0) allows arbitrary code execution when opening a maliciously crafted V7 project file. An attacker must convince a user to open a weaponized file, requiring no authentication but user interaction. EPSS data not available; no public exploit identified at time of analysis, though the specific function (CV7BaseMap::WriteV7DataToRom) and vulnerability class (stack overflow) provide sufficient technical detail for skilled attackers to develop exploits.

RCE Buffer Overflow Stack Overflow V Sft
NVD
CVSS 4.0
8.4
EPSS
0.0%
CVE-2026-34725 npm HIGH PATCH GHSA This Week

Stored XSS in DbGate npm package escalates to remote code execution in Electron desktop app via unsanitized SVG icon rendering. Attackers who inject malicious SVG payloads into application definition files can execute arbitrary JavaScript when victims view matching database entries. In the Electron desktop client, insecure configuration (nodeIntegration: true, contextIsolation: false) allows XSS payloads to invoke Node.js APIs, enabling local code execution including file system access. Web depl

XSS RCE PostgreSQL
NVD GitHub
CVSS 3.1
8.2
EPSS
0.0%
CVE-2026-3987 HIGH This Week

Remote code execution in WatchGuard Fireware OS versions 12.6.1 through 12.11.8 and 2025.1 through 2026.1.2 allows privileged authenticated attackers to execute arbitrary code with elevated system privileges via path traversal in the Web UI. The vulnerability requires high-level administrative access (CVSS PR:H) but presents a direct RCE path once authenticated. WatchGuard self-reported this issue with an official advisory available. EPSS and KEV data not provided; no public exploit identified at time of analysis.

Path Traversal RCE Fireware Os
NVD
CVSS 4.0
8.6
EPSS
0.4%
CVE-2026-34545 HIGH PATCH This Week

Heap buffer overflow in OpenEXR 3.4.0 through 3.4.6 allows remote code execution when processing maliciously crafted EXR image files with HTJ2K compression and specific channel width configurations. The vulnerability enables controlled heap overwrites of 2-4 bytes per iteration beyond allocated buffer boundaries, exploitable through user interaction with weaponized .exr files. Attack vector is local (AV:L) requiring user action (UI:A) but no privileges (PR:N), with CVSS 8.4 severity. Vendor-released patch available in version 3.4.7. No public exploit identified at time of analysis, though the precise technical details in the security advisory lower exploitation complexity for capable adversaries.

Buffer Overflow RCE Heap Overflow Openexr
NVD GitHub VulDB
CVSS 4.0
8.4
EPSS
0.1%
CVE-2026-34159 CRITICAL Act Now

Remote code execution in llama.cpp RPC backend allows unauthenticated attackers with TCP access to achieve arbitrary memory read/write and full ASLR bypass. The vulnerability stems from missing bounds validation in deserialize_tensor() when processing GRAPH_COMPUTE messages with zero-valued buffer fields. Attackers can leverage pointer leaks from ALLOC_BUFFER/BUFFER_GET_BASE operations to reliably exploit this flaw. Fixed in version b8492 (commit 39bf0d3c). CVSS 9.8 (Critical) with network attack vector, low complexity, and no authentication required. No public exploit identified at time of analysis, though the detailed advisory provides sufficient technical context for weaponization.

RCE Buffer Overflow Llama Cpp
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-20097 MEDIUM This Month

Cisco IMC web-based management interface allows authenticated administrators to execute arbitrary code as root through improper input validation in HTTP requests. The vulnerability affects Cisco Unified Computing System (standalone) and requires admin-level credentials and network access; successful exploitation grants attacker root-level code execution on the underlying operating system. No public exploit code or active exploitation has been identified at time of analysis.

Cisco RCE Memory Corruption Buffer Overflow
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-2265 npm MEDIUM This Month

Remote code execution in Replicator npm package version 1.0.5 allows unauthenticated attackers to execute arbitrary code by supplying malicious serialized objects that the library deserializes without validation. Applications using Replicator to process untrusted input are vulnerable to immediate compromise; no public exploit code availability or active exploitation status is confirmed at time of analysis, but the unauthenticated attack vector and ease of object deserialization attacks suggest practical exploitability.

Node.js RCE
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-35093 HIGH PATCH This Week

Local privilege escalation in libinput allows authenticated users to execute arbitrary code within graphical compositor contexts by placing malicious Lua bytecode in system or user configuration directories. The vulnerability achieves scope change (CVSS:S:C) with high impact across confidentiality, integrity, and availability (8.8 CVSS), enabling attackers to monitor keyboard input including passwords and sensitive data. No public exploit identified at time of analysis, with EPSS data unavailable for this recently disclosed vulnerability.

RCE Code Injection Libinput Fedora
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-30289 HIGH This Week

Tinybeans Private Family Album App v5.9.5-prod contains an arbitrary file overwrite vulnerability in its file import process that enables remote attackers to overwrite critical internal files, resulting in arbitrary code execution or information disclosure. No CVSS score, EPSS data, or KEV status is available for this vulnerability, and no public exploit code has been independently confirmed at the time of analysis.

RCE Information Disclosure Private Family Album
NVD GitHub
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-30287 HIGH This Week

Deep Thought Industries ACE Scanner PDF Scanner v1.4.5 contains an arbitrary file overwrite vulnerability in its file import process that permits attackers to overwrite critical internal files, resulting in remote code execution or information disclosure. The vulnerability affects a mobile application distributed via Google Play Store. No CVSS score, active exploitation status, or patch information is currently available from vendor sources.

Information Disclosure RCE Ace Scanner
NVD GitHub
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-0522 HIGH PATCH This Week

Local file inclusion in VertiGIS FM's upload/download mechanism allows authenticated attackers to read arbitrary server files by manipulating file paths during upload, with potential for remote code execution if web.config is obtained and NTLM-relay attacks via UNC path resolution. VertiGIS FM version 10.5.00119 and earlier are affected, and the vulnerability requires valid application credentials to exploit.

RCE Vertigis Fm
NVD VulDB
CVSS 4.0
7.4
EPSS
0.4%
CVE-2026-29014 CRITICAL POC Act Now

MetInfo CMS 7.9, 8.0, and 8.1 allows unauthenticated remote code execution through PHP code injection in insufficient input validation mechanisms. Attackers can send crafted requests containing malicious PHP code to execute arbitrary commands and achieve full server compromise without authentication. Publicly available exploit code exists for this vulnerability.

PHP RCE Code Injection
NVD
CVSS 4.0
9.3
EPSS
0.2%
CVE-2026-5287 HIGH PATCH This Week

Remote code execution in Google Chrome prior to version 146.0.7680.178 allows attackers to execute arbitrary code within the Chrome sandbox via a specially crafted PDF file. The vulnerability exists in Chrome's PDF handling component and is caused by a use-after-free memory corruption flaw. Patch availability has been confirmed via vendor release, and the Chromium security team has classified this as High severity.

Google Use After Free RCE Memory Corruption Denial Of Service +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-5273 MEDIUM PATCH This Month

Remote code execution in Google Chrome's CSS engine prior to version 146.0.7680.178 allows unauthenticated remote attackers to execute arbitrary code within the Chrome sandbox via a crafted HTML page. The vulnerability stems from a use-after-free memory error in CSS processing, classified as high severity by the Chromium security team. Vendor-released patch available in Chrome 146.0.7680.178 and later.

Google Use After Free RCE Memory Corruption Denial Of Service +1
NVD VulDB
CVSS 3.1
6.3
EPSS
0.0%
CVE-2026-5286 HIGH PATCH This Week

Remote code execution in Google Chrome prior to version 146.0.7680.178 via use-after-free vulnerability in the Dawn graphics library allows unauthenticated remote attackers to execute arbitrary code through a crafted HTML page. The vulnerability affects all Chrome versions below the patched release and carries high severity per Chromium's assessment.

Google Use After Free RCE Memory Corruption Denial Of Service +4
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Hitachi's JP1/IT Desktop Management suite allows authenticated network attackers to execute arbitrary code on Windows systems running Manager, Operations Director, and Client components. Affects multiple product generations spanning versions 9.x through 13.x across nine distinct product lines. CVSS score of 8.8 reflects network-accessible attack surface with low complexity requiring only low-privilege authentication. No public exploit identified at time of analysis, though CWE-73 (external control of file name or path) indicates potential for path traversal-based exploitation. Hitachi has released patches addressing versions 13-50-02, 13-11-04, 13-10-07, 13-01-07, 13-00-05, and 12-60-12 for actively supported products.

RCE Microsoft
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Unauthenticated arbitrary file upload in Ninja Forms - File Uploads plugin for WordPress (versions ≤3.3.26) enables remote code execution through missing file type validation in the upload handler. Attackers can upload malicious PHP files without authentication, achieving complete server compromise. CVSS 9.8 (Critical) with CVSS:3.1/AV:N/AC:L/PR:N/UI:N indicates network-based exploitation requiring no privileges or user interaction. Fully patched in version 3.3.27 following a partial fix in 3.3.25. No public exploit identified at time of analysis, though the vulnerability class (CWE-434: Unrestricted Upload of File with Dangerous Type) is well-understood and readily exploitable.

WordPress File Upload RCE
NVD VulDB Exploit-DB
EPSS 0% CVSS 9.8
CRITICAL Act Now

Koha Library before 23.05.10 fails to sanitize user-controllable filenames prior to unzipping, leading to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Code Injection
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM This Month

Stored cross-site scripting (XSS) in yaffa v2.0.0 allows unauthenticated remote attackers to inject malicious JavaScript via the 'Add Account Group' function, enabling arbitrary script execution in the browsers of users who view the affected page. The vulnerability requires user interaction (clicking/viewing) to trigger but can compromise account confidentiality and integrity for affected users. EPSS exploitation probability is minimal at 0.02%, indicating low real-world exploitation likelihood despite the moderate CVSS score of 6.1.

RCE XSS Code Injection
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

Authenticated remote code execution in Daylight Studio FuelCMS version 1.5.2 allows low-privileged users to execute arbitrary code via the Blocks module. CVSS 8.8 rating indicates network-accessible attack requiring low-complexity exploitation without user interaction, enabling full system compromise (confidentiality, integrity, availability impact). No public exploit identified at time of analysis. Low observed exploitation activity (EPSS 0.02%).

RCE Code Injection N A
NVD GitHub
EPSS 0% CVSS 9.0
CRITICAL PATCH Act Now

Arbitrary file write via path traversal in PraisonAI's Action Orchestrator allows compromised agents to overwrite critical system files and achieve remote code execution. The vulnerability affects the praisonai pip package, where unsanitized user input in file operation targets enables directory traversal attacks using '../' sequences. Public exploit code exists with detailed proof-of-concept demonstrating overwrite of SSH keys and shell configuration files. Despite CVSS 9.0 (Critical), EPSS score is 2% (4th percentile), indicating low observed exploitation probability in the wild. Vendor patch released in version 4.5.113.

Python RCE Path Traversal
NVD GitHub
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Arbitrary file write in PraisonAI's template installation feature allows remote attackers to overwrite system files when users install malicious templates via social engineering. The vulnerability stems from unsafe ZIP extraction in templates.py using Python's zipfile.extractall() without path validation, enabling classic Zip Slip attacks. Public exploit code exists with proof-of-concept demonstrating /tmp file creation via path traversal. EPSS probability is low (0.04%, 13th percentile) indicating limited observed exploitation attempts, though the attack requires only user interaction (CVSS UI:R) to achieve high integrity and availability impact. Vendor patch released in version 4.5.113 per GitHub advisory GHSA-4ph2-f6pf-79wv.

Python RCE
NVD GitHub
EPSS 0% CVSS 6.6
MEDIUM PATCH This Month

Arbitrary code execution in dye color library versions prior to 1.1.1 allows authenticated local users with interactive UI access to execute arbitrary code through malicious template expressions. The vulnerability stems from unsafe evaluation of template syntax and requires local file system access and user interaction. No public exploits have been identified; the vulnerability was discovered and remediated by the author.

RCE Code Injection Dye
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL PATCH Act Now

Remote code execution in Workbench (forceworkbench) versions prior to 65.0.0 allows network-based attackers to execute arbitrary code by exploiting unsafe processing of attacker-controlled cookie values during timezone conversion operations. The vulnerability requires user interaction (CVSS UI:P) but no authentication (PR:N), enabling compromise of both the vulnerable component and other system components (scope change: SC:H/SI:H). EPSS score of 0.51% (66th percentile) indicates moderate exploitation probability. No active exploitation confirmed in CISA KEV at time of analysis. Vendor-released patch available in version 65.0.0 with public GitHub advisory and fix PR.

RCE Code Injection Forceworkbench
NVD GitHub VulDB
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Path traversal in Chyrp Lite administration console allows privileged users with Change Settings permissions to manipulate the uploads path, enabling arbitrary file read (including database credentials from config.json.php) and arbitrary file write leading to remote code execution. Affects all versions prior to 2026.01. CVSS 9.1 (Critical) reflects post-authentication impact with scope change. EPSS data not available; no public exploit identified at time of analysis, no CISA KEV listing.

RCE Path Traversal PHP
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Brave CMS versions prior to 2.0.6 allows authenticated users to upload and execute arbitrary PHP scripts through the CKEditor upload functionality. The vulnerability stems from unrestricted file upload in the ckupload method of CkEditorController.php, which fails to validate uploaded file types. No public exploit identified at time of analysis, though the attack requires only low-privilege authentication (PR:L) with low complexity (AC:L). CVSS 8.8 High severity reflects the complete system compromise possible post-authentication.

File Upload PHP RCE
NVD GitHub
EPSS 0% CVSS 9.3
CRITICAL PATCH Act Now

Unrestricted file upload in BraveCMS 2.0 (prior to 2.0.6) enables remote attackers to execute arbitrary code on the server without authentication. The CKEditor endpoint accepts malicious file uploads including executable scripts, leading to full remote code execution with CVSS 9.3 severity. EPSS data unavailable, no confirmed active exploitation (not in CISA KEV), but upstream fix is available via GitHub commit and version 2.0.6 release. Attack complexity is low with network-accessible vector requiring no privileges or user interaction, making this a critical exposure for internet-facing BraveCMS installations.

File Upload RCE Bravecms 2 0
NVD GitHub
EPSS 0% CVSS 8.5
HIGH POC This Week

Twitch Studio version 0.114.8 and prior contain a privilege escalation vulnerability in its privileged helper tool that allows local attackers to execute arbitrary code as root by exploiting an. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation RCE Authentication Bypass +1
NVD
EPSS 0% CVSS 7.9
HIGH PATCH This Week

Arbitrary code execution in Lupa (Python-Lua integration library) versions ≤2.6 allows unauthenticated remote attackers to bypass attribute filtering controls via Python's getattr/setattr built-ins. The vulnerability enables attackers to circumvent sandbox restrictions designed to limit Lua runtime access to sensitive Python objects, ultimately achieving code execution in the CPython host process. EPSS data unavailable; no CISA KEV listing or public exploit identified at time of analysis, though exploitation complexity is low per CVSS vector (AC:L, PR:N).

RCE Authentication Bypass Lupa
NVD GitHub VulDB
EPSS 0% CVSS 6.4
MEDIUM PATCH This Month

Pi-hole 6.4 allows local privilege escalation to root code execution via insecure sourcing of attacker-controlled content in /etc/pihole/versions by root-run scripts. A compromised low-privilege pihole account can inject malicious code that executes with root privileges, despite the pihole account using nologin shell. This vulnerability is fixed in version 6.4.1.

Privilege Escalation RCE Pi Hole
NVD GitHub
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Remote code execution in GLPI asset management software versions 11.0.0 through 11.0.5 allows authenticated administrators to execute arbitrary code via template injection. The vulnerability requires high privileges (administrator access) but enables complete system compromise with changed scope, indicating potential breakout from the application context. CVSS 9.1 (Critical). No public exploit identified at time of analysis, with EPSS data unavailable for this recent CVE. Fixed in version 11.0.6.

RCE Code Injection Glpi
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Remote code injection in gpt-researcher (assafelovic) versions up to 3.4.3 allows unauthenticated attackers to execute arbitrary code via the WebSocket endpoint's extract_command_data function. The vulnerability stems from improper input validation of the 'args' parameter in backend/server/server_utils.py. Publicly available exploit code exists (GitHub issue #1694), though confirmed active exploitation (CISA KEV) has not been reported. With CVSS 7.3 and network-accessible attack vector requiring no authentication, this represents a significant risk to exposed instances, though vendor response remains pending.

Code Injection RCE Gpt Researcher
NVD VulDB GitHub
EPSS 0% CVSS 9.3
CRITICAL POC Act Now

Pegasus CMS 1.0 contains a remote code execution vulnerability in the extra_fields.php plugin that allows unauthenticated attackers to execute arbitrary commands by exploiting unsafe eval. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal RCE
NVD Exploit-DB
EPSS 0% CVSS 8.7
HIGH POC This Week

phpBB contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by exploiting the plupload functionality and phar:// stream wrapper. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal File Upload +1
NVD Exploit-DB
EPSS 0% CVSS 8.6
HIGH POC This Week

Xlight FTP Server 3.9.1 contains a structured exception handler (SEH) overwrite vulnerability that allows local attackers to crash the application and overwrite SEH pointers by supplying a crafted. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE +1
NVD Exploit-DB
EPSS 0% CVSS 8.5
HIGH POC This Week

RealTerm Serial Terminal 2.0.0.70 contains a structured exception handling (SEH) buffer overflow vulnerability in the Echo Port tab that allows local attackers to execute arbitrary code by supplying. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE +1
NVD Exploit-DB
EPSS 0% CVSS 8.8
HIGH POC This Week

Ask Expert Script 3.0.5 contains cross-site scripting and SQL injection vulnerabilities that allow unauthenticated attackers to inject malicious code by manipulating URL parameters. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS SQLi +1
NVD Exploit-DB
EPSS 0% CVSS 8.7
HIGH POC This Week

UniSharp Laravel File Manager v2.0.0-alpha7 and v2.0 contain an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by sending multipart form data to the. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload RCE
NVD Exploit-DB GitHub
EPSS 0% CVSS 8.7
HIGH POC This Week

VA MAX 8.3.4 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by injecting shell metacharacters into the mtu_eth0 parameter. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal RCE +1
NVD Exploit-DB
EPSS 0% CVSS 8.6
HIGH POC This Week

River Past Video Cleaner 7.6.3 contains a structured exception handler buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE +1
NVD Exploit-DB
EPSS 0% CVSS 8.6
HIGH POC This Week

R i386 3.5.0 contains a local buffer overflow vulnerability in the GUI Preferences dialog that allows local attackers to trigger a structured exception handler (SEH) overwrite by supplying malicious. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE +1
NVD Exploit-DB
EPSS 0% CVSS 2.1
LOW POC Monitor

Remote code execution in premAI-io premsql up to version 0.2.1 allows authenticated remote attackers to achieve arbitrary code execution through code injection via manipulation of the result argument in the eval function located in premsql/agents/baseline/workers/followup.py. Publicly available exploit code exists for this vulnerability, and the vendor has not responded to early disclosure attempts, leaving affected deployments without an official patch.

RCE Code Injection Premsql
NVD VulDB GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Remote code execution in Fosowl agenticSeek 0.1.0 allows unauthenticated attackers to inject arbitrary Python code via the PyInterpreter.execute function in the query endpoint, enabling full system compromise. The vulnerability exploits unsafe code execution in the component responsible for interpreting user-supplied queries. Publicly available exploit code exists, and the vendor has not responded to early disclosure notifications.

Code Injection RCE Agenticseek
NVD VulDB GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Code injection in Provectus kafka-ui up to version 0.7.2 allows unauthenticated remote attackers to execute arbitrary code via the validateAccess function in the /api/smartfilters/testexecutions endpoint. The vulnerability has publicly available exploit code and carries a CVSS 6.9 score reflecting moderate but meaningful real-world risk; the vendor was contacted early but provided no response, suggesting no patch is anticipated.

Code Injection RCE Kafka Ui
NVD VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

Code injection in badlogic pi-mono up to version 0.58.4 allows authenticated remote attackers to achieve remote code execution through the discoverAndLoadExtensions function in the extension loader module. Publicly available exploit code exists, and the vendor has not responded to early disclosure notifications despite contact attempts. The vulnerability carries moderate CVSS scoring (6.3) but represents a significant risk due to public exploit availability and lack of vendor engagement.

Code Injection RCE Pi Mono
NVD VulDB GitHub
EPSS 0% CVSS 8.6
HIGH POC This Week

10-Strike LANState 8.8 contains a local buffer overflow vulnerability in structured exception handling that allows local attackers to execute arbitrary code by crafting malicious LSM map files. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Memory Corruption +1
NVD Exploit-DB VulDB
EPSS 0% CVSS 9.3
CRITICAL POC Act Now

NICO-FTP 3.0.1.19 contains a structured exception handler buffer overflow vulnerability that allows remote attackers to execute arbitrary code by sending crafted FTP commands. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Memory Corruption +1
NVD Exploit-DB VulDB
EPSS 0% CVSS 8.6
HIGH POC This Week

Snes9K 0.0.9z contains a buffer overflow vulnerability in the Netplay Socket Port Number field that allows local attackers to trigger a structured exception handler (SEH) overwrite. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Memory Corruption +1
NVD Exploit-DB VulDB
EPSS 0% CVSS 9.3
CRITICAL POC Act Now

Snews CMS 1.7 contains an unrestricted file upload vulnerability that allows unauthenticated attackers to upload arbitrary files including PHP executables to the snews_files directory. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP
NVD Exploit-DB VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

Unauthenticated arbitrary media upload in Listeo Core plugin for WordPress (versions up to 2.0.27) allows remote attackers to upload arbitrary files to the site's media library via the unprotected listeo_core_handle_dropped_media AJAX endpoint. The vulnerability stems from missing authorization checks and does not directly enable code execution, but significantly degrades site integrity by enabling malicious file storage and potential downstream attacks.

WordPress File Upload RCE
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Arbitrary shortcode execution in ProfilePress plugin for WordPress (all versions up to 4.16.11) allows unauthenticated attackers to execute arbitrary shortcodes by injecting malicious code into billing field values during checkout, potentially leading to information disclosure or content manipulation. The vulnerability stems from insufficient sanitization of user-supplied input before shortcode processing. Wordfence has documented this issue with a CVSS score of 6.5 and no confirmed active exploitation at time of analysis.

WordPress Code Injection RCE
NVD VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Arbitrary code execution in pyload-ng via pickle deserialization allows non-admin users with SETTINGS and ADD permissions to write malicious session files and trigger unauthenticated RCE. Attackers redirect the download directory to Flask's session store (/tmp/pyLoad/flask), plant a crafted pickle payload as a predictable session filename, then trigger deserialization by sending any HTTP request with the corresponding session cookie. This bypasses CVE-2026-33509 fix controls because storage_folder was not added to ADMIN_ONLY_OPTIONS. No public exploit identified at time of analysis, though detailed proof-of-concept methodology is documented in the advisory. EPSS data not available for this recent CVE.

RCE Deserialization Docker +1
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in pyLoad download manager allows authenticated non-admin users with SETTINGS permission to execute arbitrary system commands via the AntiVirus plugin configuration. The vulnerability stems from incomplete enforcement of admin-only security controls: while core configuration options like reconnect scripts and SSL certificates require admin privileges, plugin configuration lacks this protection. Attackers can modify the AntiVirus plugin's executable path (avfile) parameter, which is directly passed to subprocess.Popen() without validation, achieving command execution when file downloads complete. CVSS 8.8 reflects network-accessible attack with low complexity requiring only low-privilege authentication. No active exploitation confirmed (not in CISA KEV), but detailed proof-of-concept exists in the GitHub security advisory.

Python RCE Privilege Escalation +1
NVD GitHub
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Arbitrary Android intent execution in mobile-mcp npm package (versions <0.0.50) allows remote attackers to trigger USSD codes, phone calls, SMS drafting, and content provider access through unvalidated URL schemes passed to adb shell commands. Attack vector exploits AI agent prompt injection: malicious documents can instruct connected AI systems to execute dangerous intents on paired Android devices. CVSS 8.3 (Network/Low complexity/No privileges/User interaction required). Publicly available exploit code exists. Vendor-released patch available (version 0.0.50+).

RCE Google
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in BentoML's containerization workflow allows attackers to execute arbitrary Python code on victim machines by distributing malicious bento archives containing SSTI payloads. When victims import a weaponized bento and run 'bentoml containerize', unsanitized Jinja2 template rendering executes attacker-controlled code directly on the host system - bypassing all Docker container isolation. The vulnerability stems from using an unsandboxed jinja2.Environment with the dangerous jinja2.ext.do extension to process user-provided dockerfile_template files. Authentication is not required (CVSS PR:N), though exploitation requires user interaction (UI:R) to import and containerize the malicious bento. No public exploit identified at time of analysis, though the GitHub advisory includes detailed proof-of-concept demonstrating host filesystem compromise.

Python Docker RCE +1
NVD GitHub VulDB
EPSS 0% CVSS 9.9
CRITICAL Act Now

SQL injection in Kestra orchestration platform's flow search endpoint (GET /api/v1/main/flows/search) enables remote code execution on the underlying PostgreSQL host. Authenticated users can trigger the vulnerability by visiting a malicious link, exploiting PostgreSQL's COPY TO PROGRAM feature to execute arbitrary OS commands on the Docker container host. Affects Kestra versions prior to 1.3.7 in default docker-compose deployments. With CVSS 9.9 (Critical) and low attack complexity requiring only low-privilege authentication, this represents a severe risk for container escape and host compromise scenarios.

Docker SQLi PostgreSQL +1
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

Local file inclusion in Emlog admin/plugin.php allows authenticated attackers to execute arbitrary PHP code via unsanitized $plugin parameter in GET requests, provided CSRF token validation can be bypassed. Emlog versions 2.6.2 and prior are affected. An authenticated attacker with high privileges can include arbitrary files from the server filesystem, achieving remote code execution without requiring user interaction. No public exploit code or active exploitation has been confirmed at time of analysis.

LFI CSRF PHP +1
NVD GitHub
EPSS 0% CVSS 7.2
HIGH This Week

Path traversal in Emlog CMS 2.6.2 and earlier enables authenticated administrators to achieve remote code execution by uploading malicious ZIP archives containing directory traversal sequences. The emUnZip() function fails to sanitize entry paths during plugin/template uploads and backup imports, allowing arbitrary file writes including PHP webshells. CVSS 7.2 (High) with network attack vector and low complexity. No vendor-released patch identified at time of analysis; publicly available exploit code exists via GitHub Security Advisory GHSA-2jg8-rmhm-xv9m.

RCE Path Traversal PHP
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Command injection in BentoML's cloud deployment path allows remote code execution on BentoCloud build infrastructure via malicious bentofile.yaml configurations. While commit ce53491 fixed command injection in local Dockerfile generation by adding shlex.quote protection, the cloud deployment code path (deployment.py:1648) remained vulnerable, directly interpolating system_packages into shell commands without sanitization. Attackers can inject shell metacharacters through bentofile.yaml to execut

RCE Command Injection Docker +2
NVD GitHub VulDB
EPSS 0% CVSS 8.7
HIGH POC PATCH This Week

Remote code execution in BerriAI LiteLLM (pkg:pip/litellm) prior to v1.83.0 allows authenticated users without admin privileges to execute arbitrary Python code, modify proxy configuration, read server files, and hijack privileged accounts via an improperly protected /config/update endpoint. Authentication requirements not confirmed from available data. No public exploit identified at time of analysis, but the attack surface is well-documented in the vendor advisory. CVSS score unavailable; however, the combination of RCE capability and authentication bypass warrants immediate remediation for all LiteLLM deployments.

RCE Authentication Bypass Python
NVD GitHub VulDB
EPSS 0% CVSS 10.0
CRITICAL PATCH Act Now

Sandbox escape in SandboxJS npm package allows unauthenticated remote attackers to mutate host JavaScript global objects (Math, JSON, etc.) and persist malicious code across sandbox instances. The vulnerability bypasses intended global-write protections by exploiting an exposed constructor callable path (this.constructor.call), enabling arbitrary property injection into host runtime globals. Exploitation probability is HIGH (EPSS not available for recent CVE), with publicly available exploit code demonstrating both immediate host contamination and cross-execution persistence. Critical impact: attacker-controlled globals can hijack application control flow when host code consumes mutated built-ins, escalating to arbitrary command execution when chained with application sinks like execSync().

Node.js RCE
NVD GitHub
EPSS 0% CVSS 9.3
CRITICAL Act Now

Hirschmann HiSecOS devices versions prior to 05.3.03 contain a buffer overflow vulnerability in the HTTPS login interface when RADIUS authentication is enabled that allows remote attackers to crash. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service +1
NVD
EPSS 0% CVSS 9.3
CRITICAL Act Now

Hirschmann Industrial HiVision versions prior to 06.0.07 and 07.0.03 contains an authentication bypass vulnerability in the master service that allows unauthenticated remote attackers to execute. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Authentication Bypass
NVD VulDB
EPSS 0% CVSS 8.6
HIGH PATCH This Week

Path traversal in prompts.chat skill file extraction allows unauthenticated remote attackers to write arbitrary files and execute code on client systems through malicious ZIP archives. The vulnerability (CVSS 8.6) stems from missing server-side filename validation enabling ../ sequences in archive filenames that overwrite shell initialization files during extraction. VulnCheck identified this issue; vendor-released patch available in commit 0f8d4c3. No public exploit identified at time of analysis, though EPSS data not available for risk quantification.

Path Traversal RCE Prompts Chat
NVD GitHub VulDB
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Command injection in Amazon Athena ODBC driver versions prior to 2.1.0.0 allows local attackers to execute arbitrary code or hijack authentication flows through malicious connection parameters during user-initiated database connections. With a CVSS 7.3 rating, the vulnerability requires user interaction but no authentication (CVSS:4.0 AV:L/PR:N/UI:P), enabling high impact to confidentiality, integrity, and availability on the local system. Vendor-released patches are available across all platforms (Windows, Linux, macOS). No public exploit or active exploitation confirmed at time of analysis, though EPSS data not available for risk calibration.

RCE Command Injection Amazon Athena Odbc Driver
NVD VulDB
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Local code execution via command injection in Amazon Athena ODBC driver for Linux (pre-2.0.5.1) allows unauthenticated local attackers to execute arbitrary commands by crafting malicious connection parameters processed during user-initiated database connections. Vendor-released patches available across all platforms (version 2.1.0.0). No active exploitation confirmed (not in CISA KEV); CVSS 7.3 reflects high impact but requires local access and user interaction, limiting remote attack surface.

RCE Command Injection Amazon Athena Odbc Driver
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

MLflow's FastAPI job endpoints bypass basic-auth entirely, allowing network attackers to submit and execute jobs without credentials (CVSS 9.8, CWE-306). Affects mlflow/mlflow latest version when MLFLOW_SERVER_ENABLE_JOB_EXECUTION=true and job functions are allowlisted. Public POC exists per SSVC framework. EPSS score of 0.20% (42nd percentile) indicates low observed exploitation probability despite critical CVSS, suggesting targeted rather than widespread risk. Vendor-released patch not confirmed at time of analysis - remediation relies on configuration changes and service hardening.

Authentication Bypass RCE Denial Of Service +2
NVD VulDB
EPSS 0% CVSS 9.0
CRITICAL PATCH Act Now

Remote code execution in Budibase versions prior to 3.33.4 allows unauthenticated attackers to execute arbitrary Bash commands with root privileges inside the application container by exploiting public webhook endpoints that trigger automation workflows. The vulnerability stems from improper neutralization of special elements in OS commands (CWE-78) and requires no authentication, though the CVSS complexity is rated high (AC:H). A vendor-released patch is available in version 3.33.4, with the fix publicly documented in GitHub pull request #18238 and commit f0c731b4.

RCE Command Injection Budibase
NVD GitHub VulDB
EPSS 0% CVSS 5.6
MEDIUM This Month

AIRBUS TETRA Connectivity Server 7.0 on Windows Server allows privilege escalation to SYSTEM via incorrect default directory permissions (CWE-276), enabling local authenticated attackers to execute arbitrary code by placing a crafted file in a vulnerable directory with user interaction. The vulnerability affects TETRA Connectivity Server version 7.0, with patches available for versions 8.0 and 9.0. No public exploit code or active exploitation in the wild has been identified at time of analysis.

Privilege Escalation RCE Microsoft
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Remote code execution in Kedro (all versions prior to 1.3.0) allows unauthenticated network attackers to execute arbitrary system commands during application startup by poisoning the KEDRO_LOGGING_CONFIG environment variable. The vulnerability stems from unsafe use of Python's logging.config.dictConfig() with the special '()' factory key that enables arbitrary callable instantiation. With CVSS 9.8 (critical severity, network-exploitable, no privileges required, low complexity), this represents a

RCE Code Injection
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Remote code execution in D-Tale allows unauthenticated attackers to execute arbitrary code on servers hosting D-Tale publicly when using Redis or Shelf storage backends. The vulnerability stems from improper input validation in the storage layer, affecting D-Tale versions prior to 3.22.0. Vendor-released patch version 3.22.0 is available.

Redis RCE XSS
NVD GitHub
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

Electron's setAsDefaultProtocolClient() on Windows fails to validate protocol names before writing to the Windows registry, allowing local authenticated attackers to hijack protocol handlers by writing to arbitrary HKCU\Software\Classes\ subkeys when apps pass untrusted input as the protocol parameter. The vulnerability affects Electron versions prior to 38.8.6, 39.8.1, 40.8.1, and 41.0.0, and requires local access and low privileges; no public exploit has been identified at time of analysis.

RCE Microsoft
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Command line injection in Electron via undocumented commandLineSwitches webPreference enables sandbox escape and security control bypass when applications spread untrusted configuration objects into webPreferences. Attackers can inject arbitrary command-line switches to disable renderer process sandboxing or web security protections, achieving local code execution with elevated privileges. CVSS 7.8 (High) with attack complexity HIGH requiring user interaction. No public exploit identified at time of analysis, though technical disclosure is public via GitHub advisory.

RCE
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Remote code execution in BizTalk360 before version 11.5 allows any authenticated user to upload a malicious DLL and trigger its execution on the server through an unprotected DLL-loading endpoint. The vulnerability stems from missing access controls on a method that loads and executes DLL files, enabling attackers with valid domain credentials to achieve arbitrary code execution without requiring elevated privileges.

RCE File Upload
NVD
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

JWT algorithm confusion in fast-jwt npm package allows remote attackers to forge authentication tokens with arbitrary claims by exploiting incomplete CVE-2023-48223 remediation. The vulnerability (CVSS 9.1 Critical) affects applications using RS256 with public keys containing leading whitespace-a common scenario in database-stored keys, YAML configurations, and environment variables. Attackers possessing the RSA public key (inherently public information) can craft HS256 tokens accepted as valid

RCE Python PostgreSQL
NVD GitHub
EPSS 0% CVSS 9.9
CRITICAL PATCH Act Now

Remote Code Execution in Group-Office enterprise CRM via insecure deserialization allows authenticated attackers to write arbitrary files and execute code on the server. Affects all versions prior to 6.8.156, 25.0.90, and 26.0.12 across multiple product branches. CVSS 9.9 (Critical) with network-based attack vector requiring only low-privileged authentication. No public exploit identified at time of analysis, though the technical details in the GitHub Security Advisory provide sufficient impleme

Microsoft Deserialization RCE
NVD GitHub
EPSS 0% CVSS 9.2
CRITICAL PATCH Act Now

Unauthenticated remote code execution in OneUptime monitoring platform (versions < 10.0.42) allows attackers to trigger arbitrary workflow execution with controlled input data via exposed Worker service ManualAPI endpoints. The vulnerability enables JavaScript code execution, notification system abuse, and data manipulation without any authentication requirement. CVSS 9.2 (Critical) with network attack vector and low complexity; no public exploit identified at time of analysis, though the authentication bypass combined with RCE capability presents immediate risk to exposed instances.

Authentication Bypass RCE Oneuptime
NVD GitHub
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Arbitrary code execution in AWS Kiro IDE versions prior to 0.8.140 occurs when a local user opens a maliciously crafted workspace containing an unsanitized color theme name, exploiting improper neutralization of input during webview generation. The attack requires user interaction (trusting the workspace when prompted) and can deliver full system compromise with high confidentiality, integrity, and availability impact. No public exploit identified at time of analysis, though SSVC framework rates technical impact as total with manual (non-automatable) exploitation potential.

XSS RCE Kiro Ide
NVD VulDB
EPSS 0% CVSS 8.7
HIGH This Week

Remote code execution in Hytale Modding Wiki version 1.2.0 and earlier allows authenticated users to upload malicious PHP files through a MIME type validation bypass. The quickUpload() endpoint performs independent validation of file content (via MIME type) and filename extension, enabling attackers to craft files with benign content signatures but executable .php extensions. Uploaded files are stored in a publicly accessible location, allowing direct URL access for server-side code execution. EPSS data unavailable; publicly available exploit code exists per SSVC assessment. No vendor-released patch identified at time of analysis.

PHP File Upload RCE
NVD GitHub
EPSS 0% CVSS 8.2
HIGH PATCH This Week

A permissions issue was addressed with additional restrictions. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

RCE Apple Privilege Escalation
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Mbed TLS versions 2.19.0 through 3.6.5 and 4.0.0 allow remote code execution through memory corruption when attackers modify serialized SSL context or session structures. The vulnerability stems from insufficient validation of deserialized data, enabling arbitrary code execution on systems using affected versions. CISA KEV status and active exploitation data not confirmed in provided intelligence.

RCE Privilege Escalation Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 9.3
CRITICAL PATCH Act Now

Remote code execution in Agno prior to version 2.3.24 allows attackers to execute arbitrary Python code by manipulating the field_type parameter in FunctionCall objects, which is passed unsafely to eval(). The vulnerability affects all versions before 2.3.24 and requires network access to influence the field_type value, enabling complete system compromise through code injection in the model execution component.

Python RCE Code Injection +1
NVD GitHub VulDB
EPSS 0% CVSS 9.1
CRITICAL POC Act Now

Remote code execution in Progress ShareFile Storage Zones Controller versions up to 5.12.3 allows high-privileged authenticated users to upload and execute malicious files on the server. The CVSS 9.1 score reflects scope change and total system compromise. Publicly available exploit code exists (confirmed by Italian CERT), though EPSS probability remains low at 0.19% and no active exploitation is confirmed by CISA KEV. Real-world risk depends heavily on authentication controls and privileged account management in ShareFile deployments.

RCE File Upload Sharefile Storage Zones Controller
NVD
EPSS 0% CVSS 9.8
CRITICAL POC PATCH Act Now

Unauthenticated remote code execution affects Progress ShareFile Storage Zones Controller versions up to 5.12.3 via unauthorized access to restricted configuration pages. Attackers can modify system configuration remotely without authentication, leading to complete system compromise. Publicly available exploit code exists (watchTowr Labs GitHub). EPSS score of 0.41% suggests relatively low observed exploitation despite critical CVSS 9.8 rating and POC availability. Vendor patch released per ShareFile security advisory.

RCE Sharefile Storage Zones Controller
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

Local privilege escalation via command injection in TECNO Pova7 Pro 5G AssistFeedbackService allows unprivileged Android applications to execute arbitrary code with system privileges. The vulnerability affects all TECNO Pova7 Pro 5G firmware versions and requires local app installation but no user interaction or special permissions beyond app execution capability. No public exploit code or active exploitation has been confirmed at time of analysis.

Command Injection Google RCE
NVD
EPSS 0% CVSS 7.2
HIGH POC PATCH This Week

Remote code execution in Spam Protect for Contact Form 7 WordPress plugin before version 1.2.10 allows authenticated users with editor-level privileges to achieve arbitrary code execution by crafting malicious headers that are logged to a PHP file. The vulnerability is publicly exploitable with proof-of-concept code available, making it a critical risk for WordPress installations using affected plugin versions.

WordPress PHP RCE +1
NVD VulDB WPScan
EPSS 0% CVSS 8.1
HIGH This Week

Arbitrary file movement in MW WP Form plugin for WordPress (all versions ≤5.1.0) allows unauthenticated remote attackers to relocate server files and achieve remote code execution by moving critical files like wp-config.php. Exploitation requires a form with file upload capability and database inquiry storage enabled. CVSS 8.1 with network attack vector and high attack complexity. EPSS data not provided; no public exploit or CISA KEV status identified at time of analysis, though Wordfence threat intelligence has documented the vulnerability with source code references.

WordPress PHP Path Traversal +2
NVD VulDB
EPSS 0% CVSS 7.5
HIGH This Week

TOCTOU race condition in Balena Etcher for Windows (versions prior to 2.1.4) enables local privilege escalation to arbitrary code execution when attackers replace legitimate scripts with malicious payloads during disk flashing operations. The vulnerability requires low privileges and user interaction but achieves high impact across confidentiality, integrity, and availability with scope change. No public exploit identified at time of analysis, though technical details are available via researcher disclosure (B1tBreaker). EPSS data not available, but the local attack vector and high complexity reduce immediate remote exploitation risk.

RCE Microsoft
NVD GitHub VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Path traversal in Ferret's IO::FS::WRITE and IO::FS::READ functions enables remote code execution when web scraping operators process attacker-controlled filenames. The vulnerability affects github.com/MontFerret/ferret (all v2.x and earlier versions), allowing malicious websites to write arbitrary files outside intended directories by injecting '../' sequences into filenames returned via scraped content. Attackers can achieve RCE by writing to /etc/cron.d/, ~/.ssh/authorized_keys, shell profile

Path Traversal RCE Privilege Escalation +2
NVD GitHub VulDB
EPSS 0% CVSS 8.4
HIGH This Week

Stack-based buffer overflow in Fuji Electric/Hakko Electronics V-SFT versions through 6.2.10.0 enables arbitrary code execution when processing malicious V7 project files. Local attackers can exploit this via social engineering to deliver weaponized files requiring user interaction to open. CVSS 8.4 reflects high impact across confidentiality, integrity, and availability. No public exploit identified at time of analysis, with EPSS data unavailable for this newly-assigned CVE. Japanese vulnerability coordination (JPCERT/JVN) indicates regional industrial control system exposure.

Buffer Overflow RCE Stack Overflow +1
NVD VulDB
EPSS 0% CVSS 8.4
HIGH This Week

Stack-based buffer overflow in Fuji Electric/HAKKO Electronics V-SFT automation software (versions ≤6.2.10.0) allows arbitrary code execution when opening a maliciously crafted V7 project file. An attacker must convince a user to open a weaponized file, requiring no authentication but user interaction. EPSS data not available; no public exploit identified at time of analysis, though the specific function (CV7BaseMap::WriteV7DataToRom) and vulnerability class (stack overflow) provide sufficient technical detail for skilled attackers to develop exploits.

RCE Buffer Overflow Stack Overflow +1
NVD
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Stored XSS in DbGate npm package escalates to remote code execution in Electron desktop app via unsanitized SVG icon rendering. Attackers who inject malicious SVG payloads into application definition files can execute arbitrary JavaScript when victims view matching database entries. In the Electron desktop client, insecure configuration (nodeIntegration: true, contextIsolation: false) allows XSS payloads to invoke Node.js APIs, enabling local code execution including file system access. Web depl

XSS RCE PostgreSQL
NVD GitHub
EPSS 0% CVSS 8.6
HIGH This Week

Remote code execution in WatchGuard Fireware OS versions 12.6.1 through 12.11.8 and 2025.1 through 2026.1.2 allows privileged authenticated attackers to execute arbitrary code with elevated system privileges via path traversal in the Web UI. The vulnerability requires high-level administrative access (CVSS PR:H) but presents a direct RCE path once authenticated. WatchGuard self-reported this issue with an official advisory available. EPSS and KEV data not provided; no public exploit identified at time of analysis.

Path Traversal RCE Fireware Os
NVD
EPSS 0% CVSS 8.4
HIGH PATCH This Week

Heap buffer overflow in OpenEXR 3.4.0 through 3.4.6 allows remote code execution when processing maliciously crafted EXR image files with HTJ2K compression and specific channel width configurations. The vulnerability enables controlled heap overwrites of 2-4 bytes per iteration beyond allocated buffer boundaries, exploitable through user interaction with weaponized .exr files. Attack vector is local (AV:L) requiring user action (UI:A) but no privileges (PR:N), with CVSS 8.4 severity. Vendor-released patch available in version 3.4.7. No public exploit identified at time of analysis, though the precise technical details in the security advisory lower exploitation complexity for capable adversaries.

Buffer Overflow RCE Heap Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

Remote code execution in llama.cpp RPC backend allows unauthenticated attackers with TCP access to achieve arbitrary memory read/write and full ASLR bypass. The vulnerability stems from missing bounds validation in deserialize_tensor() when processing GRAPH_COMPUTE messages with zero-valued buffer fields. Attackers can leverage pointer leaks from ALLOC_BUFFER/BUFFER_GET_BASE operations to reliably exploit this flaw. Fixed in version b8492 (commit 39bf0d3c). CVSS 9.8 (Critical) with network attack vector, low complexity, and no authentication required. No public exploit identified at time of analysis, though the detailed advisory provides sufficient technical context for weaponization.

RCE Buffer Overflow Llama Cpp
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

Cisco IMC web-based management interface allows authenticated administrators to execute arbitrary code as root through improper input validation in HTTP requests. The vulnerability affects Cisco Unified Computing System (standalone) and requires admin-level credentials and network access; successful exploitation grants attacker root-level code execution on the underlying operating system. No public exploit code or active exploitation has been identified at time of analysis.

Cisco RCE Memory Corruption +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Remote code execution in Replicator npm package version 1.0.5 allows unauthenticated attackers to execute arbitrary code by supplying malicious serialized objects that the library deserializes without validation. Applications using Replicator to process untrusted input are vulnerable to immediate compromise; no public exploit code availability or active exploitation status is confirmed at time of analysis, but the unauthenticated attack vector and ease of object deserialization attacks suggest practical exploitability.

Node.js RCE
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Local privilege escalation in libinput allows authenticated users to execute arbitrary code within graphical compositor contexts by placing malicious Lua bytecode in system or user configuration directories. The vulnerability achieves scope change (CVSS:S:C) with high impact across confidentiality, integrity, and availability (8.8 CVSS), enabling attackers to monitor keyboard input including passwords and sensitive data. No public exploit identified at time of analysis, with EPSS data unavailable for this recently disclosed vulnerability.

RCE Code Injection Libinput +1
NVD VulDB
EPSS 0% CVSS 8.4
HIGH This Week

Tinybeans Private Family Album App v5.9.5-prod contains an arbitrary file overwrite vulnerability in its file import process that enables remote attackers to overwrite critical internal files, resulting in arbitrary code execution or information disclosure. No CVSS score, EPSS data, or KEV status is available for this vulnerability, and no public exploit code has been independently confirmed at the time of analysis.

RCE Information Disclosure Private Family Album
NVD GitHub
EPSS 0% CVSS 8.4
HIGH This Week

Deep Thought Industries ACE Scanner PDF Scanner v1.4.5 contains an arbitrary file overwrite vulnerability in its file import process that permits attackers to overwrite critical internal files, resulting in remote code execution or information disclosure. The vulnerability affects a mobile application distributed via Google Play Store. No CVSS score, active exploitation status, or patch information is currently available from vendor sources.

Information Disclosure RCE Ace Scanner
NVD GitHub
EPSS 0% CVSS 7.4
HIGH PATCH This Week

Local file inclusion in VertiGIS FM's upload/download mechanism allows authenticated attackers to read arbitrary server files by manipulating file paths during upload, with potential for remote code execution if web.config is obtained and NTLM-relay attacks via UNC path resolution. VertiGIS FM version 10.5.00119 and earlier are affected, and the vulnerability requires valid application credentials to exploit.

RCE Vertigis Fm
NVD VulDB
EPSS 0% CVSS 9.3
CRITICAL POC Act Now

MetInfo CMS 7.9, 8.0, and 8.1 allows unauthenticated remote code execution through PHP code injection in insufficient input validation mechanisms. Attackers can send crafted requests containing malicious PHP code to execute arbitrary commands and achieve full server compromise without authentication. Publicly available exploit code exists for this vulnerability.

PHP RCE Code Injection
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome prior to version 146.0.7680.178 allows attackers to execute arbitrary code within the Chrome sandbox via a specially crafted PDF file. The vulnerability exists in Chrome's PDF handling component and is caused by a use-after-free memory corruption flaw. Patch availability has been confirmed via vendor release, and the Chromium security team has classified this as High severity.

Google Use After Free RCE +3
NVD VulDB
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Remote code execution in Google Chrome's CSS engine prior to version 146.0.7680.178 allows unauthenticated remote attackers to execute arbitrary code within the Chrome sandbox via a crafted HTML page. The vulnerability stems from a use-after-free memory error in CSS processing, classified as high severity by the Chromium security team. Vendor-released patch available in Chrome 146.0.7680.178 and later.

Google Use After Free RCE +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome prior to version 146.0.7680.178 via use-after-free vulnerability in the Dawn graphics library allows unauthenticated remote attackers to execute arbitrary code through a crafted HTML page. The vulnerability affects all Chrome versions below the patched release and carries high severity per Chromium's assessment.

Google Use After Free RCE +6
NVD VulDB
Prev Page 28 of 355 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy