RCE
Monthly
PHP object injection in YesWiki's BazaR import feature allows an attacker to reach an unsafe unserialize() sink in tools/bazar/services/CSVManager.php, where attacker-supplied base64 data is deserialized without allowed_classes=false, instantiating arbitrary classes and triggering magic methods (__destruct, and __toString via array_map('strval')). Because the importentries mode lacks CSRF protection (the assigned root cause CWE-352), a remote attacker can host an auto-POSTing HTML page that, when visited by a logged-in wiki admin, drives the deserialization using the admin's session - chaining published Doctrine PHPGGC gadgets into remote code execution on the host. Publicly available exploit code exists demonstrating the object-injection primitive, but no full end-to-end RCE chain is published and this is not confirmed actively exploited (not in CISA KEV).
Reflected XSS in YesWiki doryphore 4.6.5 allows an attacker to execute arbitrary JavaScript in a victim's browser by exploiting unescaped output of the `time` GET parameter in the archived-revision edit form at `handlers/page/show.php`. A working proof-of-concept has been published by the reporter and confirmed against the official package; the attack exploits MySQL's DATETIME coercion to accept a malformed timestamp that begins with a real archived revision value yet appends injected markup, causing the archived-revision branch to render and reflect the payload unescaped. No active exploitation has been confirmed by CISA KEV, but the detailed PoC lowers the barrier to weaponization.
{{ 7 * 7 }} rendering as 49, escalated to an interactive reverse shell); this vulnerability is not in CISA KEV and there is no evidence of active exploitation.
Authenticated remote code execution in LibreBooking (open-source scheduling/reservation platform) versions prior to 5.1.0 allows an administrator to write arbitrary files outside the intended template directory by abusing the email template editor's save action, which trusts the submitted template name as part of the destination file path. Because the resulting file can be dropped into a web-executable location, the write primitive escalates to server-side code execution. No public exploit has been identified at time of analysis and the flaw is not listed in CISA KEV, but a CISA CSAF advisory and upstream fix commit exist.
Remote code execution in Metabase (open-source BI/analytics platform) versions 1.55.0 through the fixed releases arises because one database-creation code path failed to validate unsafe H2 JDBC connection properties, letting an authenticated administrator register a crafted H2 datasource and run arbitrary Java on the server host. Because the CVSS scope is Changed (S:C), successful exploitation escapes the application context and yields full host compromise. No public exploit has been identified at time of analysis and it is not listed in CISA KEV, but the CVSS base score of 9.1 and RCE nature make it a high-priority patch for any exposed Metabase instance.
Arbitrary code execution on the host operating system is achievable by an authenticated FileMaker Server administrator via a malicious file upload through the Open Source LLM setup feature - specifically the Miniforge installer upload path - in the Admin Console. All FileMaker Server versions prior to 26.0.1 are affected; the flaw is classified as CWE-434 (unrestricted upload of a dangerous file type) and was reported directly by Apple/Claris product security. No public exploit code or CISA KEV listing exists at time of analysis, and SSVC rates exploitation as none with no automation feasibility, substantially limiting real-world risk despite the RCE classification.
Prototype pollution in apidevtools json-schema-ref-parser up to v15.3.5 allows low-privileged remote attackers to modify Object prototype attributes via crafted input to the Refs.set/Pointer.set functions in lib/pointer.ts. The vulnerability is tagged RCE and Code Injection, reflecting the theoretical worst-case of prototype pollution in Node.js environments where polluted properties propagate to dangerous sinks; however, the CVSS 4.0 score of 2.1 with limited (L/L/L) impact ratings suggests the direct, exploitable impact is constrained. A proof-of-concept exists (CVSS 4.0 E:P) but no confirmed active exploitation has been recorded in CISA KEV.
Cross-user remote code execution in Open WebUI before 0.10.0 lets an authenticated user run arbitrary code interpreter Python or invoke tools inside another logged-in user's session. The get_event_call handler dispatched execute:python and execute:tool Socket.IO events to any client-supplied session_id that was merely 'connected', so an attacker who harvested a victim's socket ID via the ydoc:document:join collaboration flow could hijack that session. A proof-of-concept is indicated in the SSVC data, though the flaw is not in CISA KEV and EPSS rates near-term mass exploitation low (0.28%, 19th percentile).
Malicious firmware installation is possible on Siemens CPCI85 Central Processing/Communication firmware (versions before V26.20) and the SICORE Base System (before V26.20.0) because the firmware update mechanism fails to properly validate signatures. An attacker with high privileges and local access can push crafted, tampered firmware to achieve persistent code execution and full device compromise. There is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV.
Root-privileged arbitrary directory creation and file write affects Note Mark (self-hosted notes application) versions <= v0.19.4, arising because book and note slug validation uses the unanchored huma OpenAPI pattern '[a-z0-9-]+', letting a low-privilege authenticated user store a path-traversal slug such as '../../../../etc/cron.d/x'. When an administrator later runs the 'note-mark migrate export' or 'export-v1' CLI (routinely as root in Docker), the exporter joins the raw slug into the output path and writes '_index.md' outside the export directory, enabling escalation to code execution as root. Publicly available exploit code exists (a version-pinned Go reproducer plus an end-to-end Docker walkthrough); this is the unpatched sibling of GHSA-g49p-4qxj-88v3 and is not listed in CISA KEV.
Authentication bypass leading to remote code execution in Xerte Online Tools (all versions below 3.14.6 and below 3.15.5) lets unauthenticated remote attackers reach the exposed /setup/ installer and re-run the installation, pointing the application at a database they control and thereby seizing full control of the toolkit. The flaw scores CVSS 9.1 (AV:N/AC:L/PR:N/UI:N) and is tagged Authentication Bypass and RCE; a vendor patch exists but there is no public exploit identified at time of analysis. CISA's SSVC framework rates it not-exploited but automatable with partial technical impact.
{user}/tokens endpoint, which failed to enforce an authorization check on the target user. An attacker who knows a more-privileged user's login name and can log in through the Dashboard's OAuth/OIDC flow can forge and finalize a token for that account, potentially seizing Dashboard Administrator rights and — chained with a separate weakness — achieving code execution on the host. CVSS 4.0 is rated 8.7 (High); there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.
Arbitrary file deletion in the Bit Form WordPress plugin (all versions through 3.1.1) lets low-privileged authenticated users delete any file on the server via an unsanitized path passed to the deleteFiles function. Because a subscriber-level attacker can remove critical files such as wp-config.php, this path traversal escalates into a full site takeover / remote code execution scenario. Reported by Wordfence with a CVSS of 7.1; no public exploit identified at time of analysis and it is not listed in CISA KEV.
Arbitrary file upload leading to remote code execution affects the premium Blocksy Companion Pro plugin for WordPress in all versions through 2.1.46, where the Custom Fonts extension's flawed MIME validation lets unauthenticated attackers upload executable PHP files disguised as fonts. The Custom Fonts extension registers a wp_check_filetype_and_ext filter that uses strpos() to approve any filename merely containing '.woff2' or '.ttf' anywhere in the string, so a double-extension payload like shell.woff2.php passes as a legitimate font. Reported by Wordfence with a CVSS of 9.8; no public exploit identified at time of analysis and it is not listed in CISA KEV.
Remote code execution in the Popup Maker WordPress plugin (all versions through 1.22.0) allows authenticated attackers holding editor-level access or above to install and activate an arbitrary plugin from an attacker-controlled URL, resulting in full server-side code execution. The root cause is a missing authorization check (CWE-862) in the plugin's REST API Connect controller, whose install endpoint treats a bearer token - issued by the legacy v1/connect/info endpoint - as its only non-spoofable authorization gate. Reported by Wordfence; no public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Local File Inclusion in the WPFunnels WordPress plugin (all versions through 3.12.7) allows authenticated administrators to include and execute arbitrary PHP files on the server via the unsanitized `logKey` parameter, yielding full remote code execution when combined with file upload capability. The attack requires administrator-level WordPress credentials and high complexity - specifically the ability to place a PHP file on the server - materially limiting the exploitable population. No public exploit code or CISA KEV listing has been identified at time of analysis, placing this in a routine-patching priority tier despite its severe potential impact.
Man-in-the-middle credential theft and root code execution affects the BOSH CLI (bosh-cli) prior to v7.10.4, which fails to verify the DAV blobstore server certificate during 'bosh create-env' and 'bosh delete-env' even though a valid CA certificate is present in the installation manifest. An adjacent network attacker who can intercept the operator's HTTPS upload can harvest Basic-auth credentials and the rendered-templates archive holding every bootstrap secret for the new BOSH Director, then replay those credentials against the target VM's agent to gain root code execution. There is no public exploit identified at time of analysis, but the vendor-rated CVSS 4.0 score of 8.9 reflects the high impact of a full Director compromise.
Remote code execution in Google Chrome desktop before 150.0.7871.115 stems from a use-after-free in the InterestGroups component (the Protected Audience / FLEDGE ad-auction API of Privacy Sandbox), letting a remote attacker run arbitrary code within the renderer sandbox by luring a victim to a crafted HTML page. Google rates the Chromium severity High, and the CVSS 8.8 reflects network-reachable, low-complexity, unauthenticated exploitation gated only by user interaction (visiting a page). There is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV, though EPSS-style risk for Chrome memory-corruption bugs is typically elevated once details circulate.
Uninitialized Use in V8 in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Sandboxed remote code execution in Google Chrome versions prior to 150.0.7871.115 stems from a use-after-free in the Forms component, allowing a remote attacker to run arbitrary code within the renderer sandbox when a victim opens a crafted HTML page. The flaw carries a High Chromium severity rating and CVSS 8.8; Google has shipped a stable-channel fix, but no public exploit has been identified at time of analysis. Because code execution is confined to the sandbox, a separate sandbox-escape bug would be required for full host compromise.
Sandboxed remote code execution in Google Chrome desktop before 150.0.7871.115 lets a remote attacker run arbitrary code within the renderer sandbox when a victim opens a crafted HTML page, stemming from an inappropriate implementation in the Forms component (Chromium severity: High). No public exploit identified at time of analysis, and the flaw is not on CISA KEV; Google has shipped a fixed Stable channel build. The high CVSS (8.8) reflects full compromise of the affected renderer process, though code execution is stated to be confined to the sandbox rather than a full host takeover.
Use after free in WebRTC in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Remote code execution in Google Chrome desktop before 150.0.7871.115 stems from a use-after-free in the browser's Input component, letting a remote attacker who lures a victim to a crafted HTML page run arbitrary code inside the renderer sandbox. Google rates the Chromium severity High and CVSS is 8.8, requiring user interaction (visiting a malicious page) but no authentication. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the memory-corruption class and network attack vector make it a standard high-priority browser patch.
Remote code execution in Google Chrome desktop before 150.0.7871.115 lets a remote attacker run arbitrary code (constrained to the renderer sandbox) by luring a victim to a crafted HTML page that triggers a use-after-free in the Actor component. The flaw is network-reachable and requires only that the user visit a malicious page, but Chromium rates the severity High rather than Critical because code execution stays inside the renderer sandbox. No public exploit identified at time of analysis; no EPSS or KEV signal was supplied in the input.
Renderer-process code execution in Google Chrome desktop before 150.0.7871.115 arises from a use-after-free in the IndexedDB implementation, letting a remote attacker run arbitrary code within the Chromium sandbox when a victim opens a crafted HTML page. Chromium rated the flaw Medium severity even though the CVSS base score is 8.8, reflecting that execution is confined to the sandboxed renderer rather than the host. A vendor patch is available and no public exploit has been identified at time of analysis.
Remote code execution in the Generic OEM UZ801_v2.1 4G LTE Router (firmware V3.4.3) lets unauthenticated attackers run arbitrary code by sending crafted requests to the /ajax web management API served by the device's MifiService.apk component. The flaw stems from broken access control on the management endpoint, giving remote attackers full control of the device with no credentials. Publicly available exploit code exists on GitHub, though EPSS probability is low (0.24%, 15th percentile) and it is not on the CISA KEV list.
Sandbox escape in the OpenJDK packages shipped by Ubuntu allows a compromised sandboxed application to break out and run arbitrary code on the host. Because the packages' .jar MIME handlers execute any file flagged executable (when the mailcap package is present), an app abusing the OpenURI portal through xdg-desktop-portal-gtk can drop a malicious .jar, set its executable bit, and invoke the handler. There is no public exploit identified at time of analysis, but the flaw carries a CVSS 8.8 with a changed scope, reflecting full loss of host confidentiality, integrity and availability once the sandbox boundary is crossed.
Elasticsearch Painless script injection via OpenCTI's GraphQL API allows any authenticated user holding the KNOWLEDGE capability to submit computationally expensive, unvalidated scripts that saturate Elasticsearch cluster CPU, degrading or denying service for the entire platform. All OpenCTI deployments prior to version 7.260401.0 are affected, with the vulnerability residing in the exposed 'script' FilterOperator of the GraphQL API. No public exploit code or CISA KEV listing is confirmed at time of analysis; a vendor-released patch is available in version 7.260401.0.
Memory corruption in the User-ID Terminal Server Agent (TSA) of Palo Alto Networks PAN-OS lets an unauthenticated network attacker crash the service (DoS) or potentially execute arbitrary code by sending crafted traffic to the TSA listener. Multiple out-of-bounds write bugs are involved; the vendor's CVSS 4.0 vector flags the exploit as unproven (E:U), and no public exploit has been identified at time of analysis. Panorama is explicitly not affected, and exposure hinges on whether the optional TSA component is deployed and reachable.
Unauthenticated remote code execution in Joro ≤ v1.1.0 (BishopFox's offensive-security tooling) allows an attacker to gain a shell as the operator's user when that operator merely visits a malicious web page. In the default proxy mode, Joro exposes an unauthenticated local API on 127.0.0.1:9090 with a wildcard CORS policy; because plugin uploads use the CORS-safelisted multipart/form-data content type, cross-origin JavaScript can upload a native Go plugin and trigger a restart through the operator's browser with no preflight or credentials, and the plugin's init() executes on load. No public exploit is identified at time of analysis, but the advisory documents a complete, reproducible attack chain, and the assigned CVSS is 9.6 (Critical).
Remote code execution in DSpace 8.0-8.3 and 9.0-9.2 allows an authenticated administrator to execute arbitrary Java via Velocity templates used to render COAR Notify/LDN messages, using reflection to escape the templating sandbox. Exploitation requires valid DSpace administrator credentials and is most impactful when chained with the related LDN path-traversal flaw (GHSA-9qm4-rh6w-pq5x). No public exploit identified at time of analysis, and CVSS is 8.0 (High).
OS command injection in Nuclio (serverless platform) versions <= 1.15.27 lets attackers run arbitrary shell commands as root inside Kubernetes CronJob pods by submitting a function with a crafted cron trigger. The controller concatenates unsanitized `event.headers` keys and `event.body` values into a `/bin/sh -c` curl string; a header key containing a double-quote breaks quoting, and a body containing `$()` triggers command substitution (strconv.Quote does not escape it). Because the Nuclio Dashboard API is unauthenticated in its default configuration, this is remotely reachable; no public exploit is identified in KEV, though a detailed, dynamically-verified PoC accompanies the advisory.
Custom Code Guardrails in LiteLLM's AI Gateway proxy prior to 1.82.0-stable permitted privileged users with guardrail management rights to submit arbitrary Python code via the production create and update API paths, which executed unsandboxed within the proxy process. Unlike the test endpoint - which enforced sandbox controls - the production paths lacked equivalent validation, enabling the injected code to access and expose secrets, API keys, and environment variables available to the running process. No public exploit or active exploitation (CISA KEV) has been identified at time of analysis; risk is highest in multi-tenant or multi-operator LiteLLM deployments where guardrail management rights are distributed.
Unrestricted file upload in Grav API Plugin 1.0.0 allows authenticated users to store arbitrary content - including PHP scripts, SVG with embedded JavaScript, and polyglot payloads - via the avatar upload endpoint by supplying a forged client-declared MIME type beginning with 'image/'. The endpoint performs no server-side content inspection and imposes no extension restriction, so malicious files are written to user/accounts/avatars/ with predictable filenames. Immediate exploitation is partially mitigated by an .htaccess rule that returns HTTP 403 on direct access, but the files persist on disk and represent a latent RCE or stored XSS vector if a co-resident path traversal flaw or server misconfiguration bypasses that control. No public exploit code or CISA KEV listing has been identified at time of analysis.
Remote code execution and denial of service in FreeRDP before 3.22.0 stem from a use-after-free in the dynamic virtual channel manager (drdynvc), where `dvcman_channel_close` and `dvcman_call_on_receive` access `channel_callback` without proper synchronization (CWE-362). A malicious or compromised RDP server can race DYNVC_DATA and DYNVC_CLOSE messages to free a channel callback while another thread still uses it, corrupting the client heap. This is a client-side flaw affecting anyone connecting to an attacker-controlled server; no public exploit identified at time of analysis, and it is not listed in CISA KEV. FreeRDP is a widely used open-source implementation of the Microsoft Remote Desktop Protocol, embedded in clients such as Remmina, GNOME Connections, Weston, and numerous commercial and VDI products. The bug lives in the drdynvc (Dynamic Virtual Channel) subsystem, which multiplexes optional channels (clipboard, audio, device redirection, etc.) over the RDP connection and processes them on a dedicated client thread. Per CWE-362 (concurrent execution using shared resource with improper synchronization / race condition), `dvcman_channel_close` (handling DYNVC_CLOSE) can free the `channel_callback` structure while `dvcman_call_on_receive` (handling DYNVC_DATA) is concurrently dereferencing it, producing a heap use-after-free. Because the RDP server dictates the timing and ordering of DYNVC_DATA and DYNVC_CLOSE PDUs, a hostile server controls the race window. The published CVSS 4.0 vector (AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H) yields 8.3 (High), driven mainly by high availability impact with lower confidentiality/integrity impact — consistent with a heap corruption that reliably crashes the client (DoS) but only potentially yields RCE. AC:H correctly reflects that success depends on winning a non-deterministic thread race, which is unreliable and may require many attempts. There is no EPSS score, no KEV listing, and no confirmed public POC in the provided data, so exploitation pressure is currently low-to-unknown; the RCE and Denial Of Service tags reflect potential impact, not observed attacks. One nuance to verify: the vector uses UI:N/PR:N, but this is a client-side vulnerability requiring the victim to connect to a malicious server — a real-world limiting factor that raw CVSS understates. Net: a legitimate patch priority for fleets whose users connect to untrusted or reachable RDP endpoints, but not an emergency mass-exploitation scenario given AC:H and no evidence of exploitation. FreeRDP (the open-source RDP client/library and its FreeRDP-based clients) at all versions prior to 3.22.0 are affected; the flaw is fixed in FreeRDP 3.22.0. No CPE strings were provided in the input, so exact downstream package ranges (e.g., distribution builds of Remmina or the freerdp2/freerdp3 packages) should be confirmed against vendor trackers. Authoritative details are in the FreeRDP GitHub Security Advisory GHSA-3mv2-5q57-2v8h (https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-3mv2-5q57-2v8h) and the VulnCheck advisory (https://www.vulncheck.com/advisories/freerdp-use-after-free-via-race-condition-in-drdynvc-channel-callback). Vendor-released patch: FreeRDP 3.22.0 — upgrade all FreeRDP libraries and any FreeRDP-based clients (Remmina, GNOME Connections, xrdp clients, etc.) to 3.22.0 or later, rebuilding or updating downstream distribution packages that bundle the library. Until patched, reduce exposure by only connecting to trusted, known-good RDP servers and avoiding connections to untrusted or attacker-influenced hosts, since the malicious behavior originates server-side; where feasible, restrict outbound RDP (TCP 3389) from client machines to an allowlist of approved servers via egress firewall rules (trade-off: breaks ad-hoc connections to new servers). If specific dynamic virtual channels are not required, disabling optional channel redirections (clipboard, drive, audio) narrows the attack surface of drdynvc but does not fully eliminate the race and reduces functionality. Follow guidance in GHSA-3mv2-5q57-2v8h (https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-3mv2-5q57-2v8h) and the VulnCheck advisory (https://www.vulncheck.com/advisories/freerdp-use-after-free-via-race-condition-in-drdynvc-channel-callback). An attacker stands up or compromises an RDP server and lures a victim into connecting with a vulnerable FreeRDP client (e.g., via a malicious .rdp file, phishing link, or a man-in-the-middle position). Once connected, the server rapidly interleaves DYNVC_DATA and DYNVC_CLOSE messages on a dynamic virtual channel to win the race and trigger the heap use-after-free in the client's drdynvc thread, crashing the client or, with careful heap grooming, potentially executing code in the client process. No public POC is identified at this time, and the AC:H race condition makes reliable code execution difficult. Exploitation requires the victim to establish an RDP session to an attacker-controlled or compromised server running against a FreeRDP client before 3.22.0, and the connection must use the drdynvc dynamic virtual channel path. The attacker must then concurrently send DYNVC_DATA and DYNVC_CLOSE messages on a dynamic virtual channel to win a timing race in `channel_callback` access. Limiting factors: the attacker must control the RDP server side (this is a client-side vulnerability, so it cannot be triggered against an unwilling client that never connects), the exploit depends on winning a non-deterministic thread race (CVSS AC:H) so it is unreliable and may require repeated attempts, and reliable code execution beyond a crash requires heap-layout control. No authentication to the malicious server is needed, but the user must initiate the outbound connection. Lure victim to malicious RDP server → Client opens dynamic virtual channel (drdynvc) → Server races DYNVC_DATA and DYNVC_CLOSE → Trigger heap use-after-free on channel_callback → Crash client or execute code in client process Affected/fixed version (before 3.22.0; fixed in 3.22.0), root cause, and functions are confirmed by the FreeRDP GitHub Security Advisory GHSA-3mv2-5q57-2v8h and the VulnCheck advisory. CVSS 4.0 vector, 8.3 score, and CWE-362 are provided in the input; RCE is described as potential, not demonstrated. Not listed in CISA KEV and no EPSS score or public POC was provided, so real-world exploitation status is unknown; downstream package version ranges are not confirmed due to absent CPE data. high core open-source RDP library embedded in many Linux remote-desktop clients CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H Client-side flaw needing the victim to connect to a malicious server (UI:R) and to win a thread race (AC:H); heap corruption gives high availability impact with limited C/I. CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
Path traversal in Flowise's Faiss and SimpleStore vector store implementations allows any holder of a valid API token to write vector store data to arbitrary filesystem locations, creating a practical path to remote code execution or data exfiltration on the hosting server. All Flowise deployments prior to version 3.1.0 are affected when either of these two vector store backends is configured. No public exploit code has been identified at time of analysis and the vulnerability is not listed in CISA KEV, but the post-authentication exploitation path is low-complexity, making timely patching critical especially in multi-tenant or shared deployments where API tokens are broadly distributed.
Remote code execution in the Blocksy Companion Pro WordPress plugin (all versions before 2.1.47) lets unauthenticated attackers upload executable PHP files through the Advanced Reviews feature, taking over the site. The save_attachments function relies on a flawed strpos() substring check inherited from the Custom Fonts extension, so a double-extension filename like shell.woff2.php passes validation while the server executes it as PHP. No public exploit has been identified at time of analysis, but a vendor patch (2.1.47) is available and the flaw was reported by VulnCheck.
Remote code execution in Apache Gravitino before 1.2.1 allows unauthenticated callers to abuse the testConnection API by submitting a crafted H2 JDBC URL whose INIT parameter runs arbitrary Java on the server. The flaw only manifests when Gravitino is backed by the H2 database - a configuration primarily used for testing and local development - and CISA SSVC rates technical impact as total and exploitation as automatable, though no public exploit has surfaced. Fixed in 1.2.1; because Gravitino is usually deployed on internal networks and H2 is not the production default, the vendor characterizes real-world severity as low despite the 9.1 CVSS score.
The Appointment Booking Calendar Plugin and Scheduling Plugin WordPress plugin through 1.1.28 does not validate data before passing it to a PHP deserialization function, allowing unauthenticated attackers to inject arbitrary PHP objects; where a suitable gadget chain is present on the site this can be leveraged to achieve remote code execution.
Arbitrary file upload in the WHMCS Bridge plugin for WordPress (all versions through 6.9) lets authenticated users with Custom-level access or above upload files of any type via the unvalidated connect() function, potentially achieving remote code execution on the host. Reported by Wordfence and tracked as CWE-434, the flaw carries a CVSS of 8.8; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. The impact hinges on the plugin's failure to enforce file-type checks before writing uploaded content to disk.
Local privilege escalation to SYSTEM in Fuji Electric Pupsman before version 3.9.0 allows a low-privileged local user to drop a malicious executable into the weakly-permissioned installation directory, which is then run with SYSTEM privileges for full arbitrary code execution. Reported through JPCERT/CC (JVN JVN62347140); no public exploit identified and no active exploitation is confirmed at time of analysis. The CVSS 4.0 base score is 8.5 (High), reflecting complete confidentiality, integrity, and availability impact despite the local attack vector.
Local privilege escalation to arbitrary code execution affects Fuji Electric's Pupsman UPS management software in all versions prior to 3.9.0, where the installer insecurely loads a DLL from its own directory. A local attacker who can drop a malicious DLL into the folder containing the installer can have it executed with SYSTEM privilege the next time the installer is run. No public exploit identified at time of analysis and the flaw is not in CISA KEV; exploitation requires local file placement plus a victim executing the installer (UI:A).
Arbitrary file deletion in the Simple Coherent Form WordPress plugin (all versions up to and including 2.4.13) allows unauthenticated attackers to delete any file the web server can reach, and deleting wp-config.php can cascade into full remote code execution. The plugin's two intended access controls are illusory: the scf_get_id_upload endpoint hands a valid scf_upload_file_removal nonce to any anonymous visitor, and the secondary hash check can be reproduced offline because it derives from a salt hardcoded in the plugin source. There is no public exploit identified at time of analysis, but the flaw carries a high 9.1 CVSS and reflects a genuine unauthenticated-network attack path.
Remote code execution in the Widget Logic Visual WordPress plugin (all versions through 1.52) lets low-privileged authenticated users run arbitrary PHP on the server. The flaw stems from the widget-logic-update-conditional-tags AJAX action lacking a capability check and nonce verification, allowing any subscriber-and-above account to store attacker-controlled data in the 'nwlv[cod-tag]' parameter that is later passed to an eval() call by widget_logic_visual_check_visibility. Reported by Wordfence with no public exploit identified at time of analysis and no CISA KEV listing.
Arbitrary code execution on Code27 Companion Hub (firmware SQ3A.220705.003.A1) is achievable by a physically proximate attacker through improper access controls on the device's USB debugging (ADB) interface. The Android Debug Bridge component fails to enforce adequate restrictions, allowing an unauthenticated attacker with physical USB access to execute arbitrary commands at elevated privilege. A publicly available proof-of-concept exploit exists on GitHub, and SSVC assessment rates the technical impact as total despite no confirmed active exploitation in the wild.
Connection string injection in KEDA's PostgreSQL scaler allows low-privileged tenants to inject arbitrary libpq connection parameters by embedding tab, newline, or other non-space whitespace characters into ScaledObject or TriggerAuthentication configuration fields. The `escapePostgreConnectionParameter` function in `pkg/scalers/postgresql_scaler.go` only detects literal spaces before quoting values, leaving all other libpq token delimiters unescaped; successful exploitation forces TLS downgrade (sslmode=disable) or redirects database connections to attacker-controlled hosts to steal operator-supplied credentials. A working proof-of-concept YAML payload is included in GitHub advisory GHSA-6w3m-4hhp-775q; no CISA KEV listing was present at time of analysis.
Path traversal in Goploy's `/deploy/fileDiff` endpoint (versions <=1.17.5) enables any authenticated low-privilege member to read arbitrary files on both the Goploy host and every SFTP-managed remote server registered in the system. The dual file read returns local content in the `srcText` response field and remote server content in `distText`, multiplying the blast radius across all managed deployment targets. Publicly available exploit code exists per the GitHub Security Advisory; this is not listed in CISA KEV, but exploitation conditions are trivially met under default Goploy configuration.
Local arbitrary code execution affects an unspecified industrial control system (ICS) product reported through CISA ICS-CERT (advisory ICSA-26-188-06). A stack-based buffer overflow (CWE-121) lets an attacker who can supply crafted input trigger memory corruption and run arbitrary code once a local user interacts with the malicious data, fully compromising confidentiality, integrity, and availability. No public exploit identified at time of analysis and the affected vendor/product is not disclosed in the available data.
Arbitrary code execution in an unnamed ICS/OT application arises from a use-after-free (CWE-416) triggered when the software parses a specially crafted file, letting an attacker run code in the context of the current process. The flaw was reported through CISA's ICS-CERT (advisory ICSA-26-188-06) and carries a CVSS 4.0 base score of 8.4; exploitation is local and requires a user to open the malicious file. No public exploit code has been identified at time of analysis and the CVE is not listed in CISA KEV.
Arbitrary code execution via an out-of-bounds write (CWE-787) affects an industrial control system product covered by CISA ICS advisory ICSA-26-188-06, where an attacker can corrupt memory past an allocated buffer to run code in the context of the affected application. The CVSS 4.0 vector (AV:L/UI:A) indicates the flaw is triggered locally and requires a victim to actively interact - consistent with opening a malicious file or project in engineering/HMI software. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the high-impact memory corruption and DHS ICS-CERT reporting warrant prompt patching in OT environments.
DBI versions before 1.650 for Perl are vulnerable to code injection via caller-influenced Profile. When a string is assigned to a DBI handle's Profile attribute, DBI splits it into path, package and arguments, and interpolates the package part in a string eval with no validation of the package name. Any caller-influenced value that reaches the Profile attribute is therefore arbitrary Perl code execution, including calls to run system commands. The Profile attribute can be set from three different sources that can carry untrusted data: the DBI_PROFILE environment variable, a direct attribute assignment, and a DSN driver-attribute clause dbi:Driver(Profile=>SPEC):db. An attacker controlling any of those inputs runs arbitrary Perl in the host process. The strongest remote position is a network-exposed DBI::Gofer / DBI::ProxyServer whose per-request DSN reaches the Profile attribute, letting a client execute code on the broker host.
Remote code execution in Koodo Reader (versions 2.3.0 and earlier) lets an attacker who supplies a malicious EPUB file run arbitrary OS commands with the victim's privileges once the book is imported and opened. The flaw combines a dangerously permissive Electron IPC handler (nodeIntegrationInSubFrames enabled) with unsanitized innerHTML rendering of chapter content, turning ebook display into a Node.js code-execution primitive. No public exploit has been identified at time of analysis; the issue is fixed in version 2.3.1 and is not listed in CISA KEV.
Remote code execution in the Oraios Serena MCP coding toolkit (prior to v1.5.2) lets a malicious webpage hijack a developer's local coding agent via DNS rebinding. Serena's built-in web dashboard runs an unauthenticated Flask API on a fixed, predictable port with no auth, no CSRF protection, and no Host-header validation, so any site the victim visits while Serena is running can write attacker-controlled content into the agent's persistent memory store; because the agent autonomously reads that memory and can invoke execute_shell_command with shell=True, this chains to code execution on the developer's machine. No public exploit identified at time of analysis, and the flaw is not on the CISA KEV list.
Arbitrary Python code execution in calibre (e-book manager) before 9.10.0 lets attackers run code on a victim's machine simply by having them import or edit a malicious EPUB, OPF, or PDF. The crafted file embeds a custom column definition containing a python: template inside the calibre:user_metadata field, which calibre passes unsanitized to exec() in its template formatter during routine metadata reading (Add books / Edit books). No public exploit has been identified at time of analysis, but the flaw triggers through normal user workflows, making weaponized e-book files a realistic delivery vector.
Arbitrary code execution in DataEase before 2.10.24 lets authenticated users bypass H2 JDBC URL validation using special Unicode characters whose case conversion differs between DataEase's validator and the H2 parser, smuggling dangerous parameters such as INIT into a malicious H2 connection string. Because H2's INIT clause executes SQL/DDL at connection time, an attacker can run arbitrary code on the host. No public exploit has been identified at time of analysis, but a fix commit and release exist, making the mechanism reproducible from the public patch.
Remote code execution in DataEase before 2.10.24 allows an authenticated attacker to bypass the prior H2 zip-protocol and file-dropper hardening by uploading a ZIP archive masquerading as a font file (.ttf) via the FontManage.saveFile endpoint, then invoking the H2 database zip protocol against it to execute arbitrary code on the server. The flaw is a regression that defeats an earlier fix, and carries a CVSS 4.0 score of 8.7 (High). No public exploit has been identified at time of analysis, but the vendor GitHub Security Advisory (GHSA-8x36-774q-pwqg) and two remediation commits are published.
Remote code execution in Vtiger CRM before 8.4.0 lets an authenticated low-privileged user upload a malicious .phar file through the Documents module and execute arbitrary PHP. The extension denylist in config.inc.php omits .phar, and a stale Apache 2.2-syntax .htaccess is silently ignored on Apache 2.4, so the payload lands in a web-accessible directory reachable by unauthenticated HTTP - the attack begins authenticated but the final execution step is unauthenticated. Publicly available exploit code exists (published by VulnCheck/Jiva Security); no CISA KEV listing and no EPSS score were provided.
Authenticated remote code execution in Vtiger CRM through version 8.4.0 lets an administrator upload a crafted ZIP archive through the ModuleManager import feature and drop executable PHP files directly into the web-root modules/ directory, yielding a persistent web shell. Because Apache resolves and executes those PHP files before Vtiger's routing layer runs, the resulting shell bypasses the application's authentication entirely and survives independently of the attacker's login session. Publicly available exploit code exists (VulnCheck / Jiva Security), though there is no public exploit identified as being used in active attacks and it is not listed in CISA KEV.
Arbitrary file write in the AMP for WP - Accelerated Mobile Pages WordPress plugin (versions up to and including 1.1.12) lets authenticated Author-level users, granted permission by an Administrator, upload and unsafely extract a crafted ZIP through the ampforwp_save_local_font() function, planting attacker-controlled files in a web-accessible uploads path. On hosts configured to execute PHP from the uploads directory, this escalates to remote code execution. There is no public exploit identified at time of analysis, and the issue is not listed in CISA KEV; an upstream fix is present in the plugin repository (changeset 3512870).
Arbitrary file read in EGroupware's mail composition module allows any authenticated user with mail access to exfiltrate files readable by the web server process. The vulnerability stems from a defective URI scheme check in `api/src/Mail.php` that correctly rejects `data:` URIs but inadvertently permits `file://` URIs, which PHP's `file_get_contents()` resolves natively against the local filesystem. A publicly available proof-of-concept exists demonstrating `/etc/passwd` extraction via a crafted HTML email body; no active exploitation (CISA KEV) has been confirmed at time of analysis.
Authenticated OS command execution in EGroupware allows an administrator to escalate from web-application access to arbitrary shell commands as the web server user (typically www-data). The flaw lives in the eTemplate engine's Widget::expand_name(), where widget attribute values are passed into a PHP eval() with only double-quotes escaped, leaving backtick shell-execution operators intact; an admin uploads a malicious .xet template to the /etemplates VFS mount to trigger it. A detailed proof-of-concept is published in the vendor's GitHub Security Advisory (publicly available exploit code exists), though there is no evidence of active exploitation.
Remote code execution in EGroupware lets an attacker chain a broken authorization check with an arbitrary file write and an arbitrary file read to fully compromise the server. An authenticated user can forge the participant_role field in a SmallPartMediaRecorder::ajax_upload() request to impersonate a course teacher, then use path traversal to read and overwrite header.inc.php with valid but attacker-controlled PHP, yielding code execution after OPcache refresh or a setup-password change. Where self-registration is enabled the entire chain becomes reachable pre-authentication. No public exploit has been identified, but the advisory documents a complete, reproducible technique.
Remote code execution in Apache Airflow before 3.3.0 lets a DAG author embed a malicious trigger whose attacker-controlled class path is loaded via an unrestricted import_string() when the Scheduler or API Server deserializes the serialized DAG, executing arbitrary code in those privileged processes and breaking the core Airflow boundary that DAG-author code must never run in the Scheduler/API Server. Reported by Apache with a fix in 3.3.0, it currently has no public exploit identified and a low EPSS of 0.69% (48th percentile), and it is not listed in CISA KEV. The practical severity depends heavily on how much a deployment trusts its DAG authors, since exploitation requires the ability to submit a DAG.
Heap memory corruption in GIMP's PSD (Photoshop) file parser allows a malicious .psd image to overflow an integer in read_RLE_channel(), producing an undersized heap allocation for the RLE row-length table that is then overwritten row-by-row, potentially yielding denial of service or arbitrary code execution. The flaw affects GIMP as shipped across Red Hat Enterprise Linux 6 through 9 and is triggered when a victim opens or imports a crafted PSD file. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Remote code execution in the WPFunnels (Funnel Builder for WooCommerce) WordPress plugin versions up to and including 3.12.7 lets attackers write attacker-controlled 'postData' into a PHP-includeable .log file that wpfnl_show_log later renders with include_once, yielding server-side code execution. The initial injection is fully unauthenticated because the nonce guarding the optin endpoint is publicly emitted on every funnel step page, though execution only fires once an administrator opens the poisoned log via the Log Settings View while the 'Enable Logs' toggle is active. There is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV, but the pre-auth injection combined with a maximal 9.8 CVSS score makes it a high-priority patch for any exposed WooCommerce funnel deployment.
Unauthenticated mass assignment in FOSSBilling's client self-registration endpoint (all versions prior to 0.8.0) allows any visitor to inject an arbitrary client group identifier during signup, bypassing group-based access controls on promotional codes. Attackers who successfully place themselves into a privileged group can redeem group-restricted discount codes and receive unauthorized price reductions. No public exploit or active exploitation has been identified; the CVSS 4.0 score of 6.9 reflects a limited, integrity-only impact with no confidentiality or availability consequence, and the erroneous 'RCE' source tag should be disregarded as inconsistent with the description and impact metrics.
Authenticated remote code execution in FOSSBilling 0.6.10 through 0.7.2 lets an admin-privileged user inject arbitrary PHP into config.php via the Config::prettyPrintArrayToPHP() method, which fails to escape single quotes in string configuration values. Because config.php is pulled in through a bare include on every HTTP request, injected code runs persistently on all subsequent requests. No public exploit identified at time of analysis, and the flaw is not listed in CISA KEV; the CVSS 4.0 base score is 8.9, elevated by the persistent, server-wide impact once an admin account is abused.
Session token leakage in Coder's CLI (github.com/coder/coder v2) lets a malicious template author steal a user's session token when the victim runs `coder open app`. The `coder open app` command opens external workspace-app URLs without scheme/host validation and substitutes the `$SESSION_TOKEN` placeholder with the user's real token before passing the URL to the OS open handler, so a workspace-controlled URL like `https://attacker.example/?t=$SESSION_TOKEN` exfiltrates the token and enables full account impersonation for its lifetime; the same path can invoke arbitrary local URI-scheme handlers. No public exploit identified at time of analysis, and it is not listed in CISA KEV.
Denial of service in Coder's coderd server allows any authenticated user with file-upload access to exhaust server memory by uploading a crafted zip bomb via POST /api/v2/files, crashing the service before RBAC checks execute. Affected versions span all supported release lines prior to v2.34.2, v2.33.8, v2.32.7, and v2.29.17 (ESR). No public exploit has been identified at time of analysis; the impact is strictly an availability loss - the advisory explicitly confirms no data disclosure or code execution is possible, contradicting the 'RCE' tag present in the intelligence feed.
SSH configuration injection leading to arbitrary code execution in Coder's `coder config-ssh` CLI command allows a malicious or compromised Coder server to write attacker-controlled directives into a developer's `~/.ssh/config`. The command copied server-supplied `HostnameSuffix` and `SSHConfigOptions` values verbatim without stripping newlines, letting an attacker in control of those values inject a directive such as `ProxyCommand` that runs on every SSH connection from the workstation. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; the issue was found and disclosed by Anthropic's Security Team and is fixed across all supported release lines.
Remote command injection in Coolify (self-hosted PaaS) before 4.0.0-beta.469 lets an authenticated user with application write permissions inject OS commands through deployment-handling fields such as dockerfile_location, achieving arbitrary code execution on the deployment host and exfiltrating secrets via deployment logs. The flaw scores CVSS 9.9 because command injection breaks out of the application context to compromise the underlying server (scope change), exposing environment variables and other applications' secrets. No public exploit has been identified at time of analysis, but the fix is available in tagged release v4.0.0-beta.469.
Remote code execution in the Langroid Python LLM-agent framework allows an attacker who can influence LLM prompts to escape the intended sandbox and run arbitrary OS commands on the host. The flaw affects TableChatAgent.pandas_eval() and the VectorStore base class, which pass LLM-generated expressions to Python's eval() with an empty locals dict but an unscrubbed globals dict, leaving __builtins__ implicitly available. A full working proof-of-concept is included in the advisory (publicly available exploit code exists); CVSS is scored 10.0 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H), though real-world exploitation is gated on the non-default full_eval=True setting.
Unauthenticated SSRF in Dragonfly's scheduler v1 gRPC service allows any remote client to force the scheduler to issue HTTP GET requests to arbitrary internal addresses, including loopback (127.0.0.1), cloud metadata endpoints (169.254.0.0/16), and RFC1918 ranges. The scheduler's `DownloadTinyFile()` function constructs HTTP requests from attacker-controlled `PeerHost.Ip` and `PeerHost.DownPort` gRPC fields with no destination address validation, and stores up to 128 bytes of each fetched response in `Task.DirectPiece`, which is subsequently served to other peers. The input tag of 'RCE' in the source intelligence is incorrect - this is a read-SSRF with a limited exfiltration path, not remote code execution. A fully confirmed proof-of-concept exists against v2.4.4-rc.2; no patched release version has been identified at time of analysis.
Arbitrary file write in Crawl4AI (the open-source LLM-friendly web crawler by unclecode) before version 0.9.0 lets a malicious website or download control where crawled files land on disk, and because the file contents are also attacker-controlled this escalates to remote code execution. Both the HTTP crawler path (trusting the response Content-Disposition filename) and the browser crawler path (trusting the download's suggested filename) are affected. CVSS is 9.6 (Critical); no public exploit is identified at time of analysis and it is not listed in CISA KEV, but a fix commit and GHSA advisory are published.
Server-side template injection in Formie, a forms plugin for Craft CMS 5 (verbb/formie 3.0.0-beta.1 through 3.1.26), allows unauthenticated attackers to inject Twig syntax through request-controlled inputs that Hidden fields use as dynamic default values. When a public form contains a Hidden field seeded from the User Agent, Referer, Current URL, a query parameter, or a cookie, the attacker-supplied value reaches Craft's Twig rendering layer and is evaluated server-side, potentially yielding information disclosure, application-state modification, or remote code execution. No public exploit identified at time of analysis, though the flaw is tagged RCE/SSTI and rated CVSS 9.8.
Privilege escalation in the Plesk web hosting control panel lets an authenticated low-privileged user abuse an improper authorization flaw in the XML API to inject arbitrary configuration directives, achieving arbitrary file write as root and full compromise of the underlying server. Rated CVSS 9.9 with a scope change, this turns any valid panel account into root on the host; no public exploit identified at time of analysis and it is not listed in CISA KEV.
Remote code execution in Adobe ColdFusion 2025.9, 2023.20 and all earlier releases lets an unauthenticated network attacker run arbitrary code in the context of the current user via improper input validation (CWE-20), with no user interaction and a scope change to other components. Adobe rates this maximum severity (CVSS 10.0) and self-reported it; there is no public exploit identified at time of analysis and it is not yet listed in CISA KEV. Given ColdFusion's long history of mass-exploited RCE flaws, patching should be treated as urgent despite the current absence of a public PoC.
Untrusted Java deserialization in Apache OpenNLP's SvmDoccatModel (libsvm document categorization module, versions 3.0.0-M1 through before 3.0.0-M4) lets an attacker who supplies a crafted serialized stream to the public static SvmDoccatModel.deserialize(InputStream) trigger deserialization of an arbitrary object graph before the SvmDoccatModel cast occurs. Where a usable gadget chain exists on the consuming application's classpath, this yields remote code execution in the loading JVM; OpenNLP ships no gadget itself, so realistic risk falls on downstream apps that embed the module alongside vulnerable transitive dependencies. No public exploit identified at time of analysis and the flaw is not in CISA KEV, though the SSVC assessment marks it automatable with partial technical impact.
Remote code execution in ownCloud 10 (before 10.15.3) lets an authenticated administrator abuse a relative path traversal weakness to write or reference files outside intended directories and execute arbitrary code on the server. The high-privilege requirement (PR:H) and high attack complexity (AC:H) constrain who can trigger it, but successful exploitation yields full compromise with a scope change beyond the application context. No public exploit has been identified at time of analysis and the flaw is not listed in CISA KEV.
Server-side request forgery escalating to remote code execution in the SharePoint for ownCloud app (versions prior to 0.4.1, bundled with ownCloud 10 before 10.15.3) lets an already-authenticated administrator coerce the server into making attacker-controlled requests that ultimately run arbitrary code on the host. The flaw is tagged RCE/SSRF and carries an 8.5 CVSS with a scope change (S:C), reflecting that abuse of the SharePoint integration crosses a trust boundary into the underlying system. No public exploit identified at time of analysis and it is not listed in CISA KEV, so this is a patch-and-move-on issue rather than an active-threat emergency.
Arbitrary code execution in ownCloud Core (ownCloud 10 Classic server, all versions before 10.15.3) allows an administrator to abuse an exposed dangerous method in the Updater component to run code on the server host. Any actor holding administrative credentials - legitimately, or via session hijack/credential theft/CSRF against an admin - can convert web-app admin rights into full server compromise. No public exploit identified at time of analysis and it is not listed in CISA KEV; the vendor-issued GHSA-hvcx-ph66-mmvw advisory and the fix in 10.15.3 are the primary confirmation.
Stack-based memory corruption in GIMP's PNM image parser lets an attacker execute code or crash the application when a victim opens a malicious PNM/PBM/PGM/PPM file. The flaw is an off-by-one in pnmscanner_gettoken() that writes a null terminator one byte past a stack buffer; it is local and requires the user to open the crafted file (UI:R). No public exploit is identified at time of analysis, and EPSS is low (0.12%), consistent with the CISA SSVC 'Exploitation: none' judgment.
Unauthenticated denial-of-service in elixir-mint's hpax (the HPACK header-compression library for Elixir HTTP/2, versions 0.1.1 through 1.0.3) allows a remote attacker to force superlinear (~O(N²)) CPU consumption by sending a small header block containing an HPACK integer with a long run of continuation octets. Because BEAM integers are arbitrary-precision, the decoder builds an ever-growing bignum with no upper bound, turning a few crafted bytes into a large, attacker-controlled amount of CPU and transient memory - a classic decompression/amplification DoS. No public exploit is identified at time of analysis and it is not in CISA KEV, but a vendor patch (version 1.0.4) is available.
Java object deserialization in the Apache Camel camel-pqc component allows code execution in the key-management application when an attacker who can write to the backing AWS Secrets Manager secret stores a malicious serialized payload. The flaw affects Apache Camel 4.18.0-4.18.2 and 4.19.0-4.20.x, where AwsSecretsManagerKeyLifecycleManager.deserializeMetadata() calls a raw ObjectInputStream.readObject() with no class filter, so gadget side effects fire before the KeyMetadata cast. Rated CVSS 9.8 by Apache, but exploitation genuinely requires IAM write access to the specific secret; there is no public exploit identified at time of analysis and EPSS is low at 0.19% (8th percentile).
Remote code execution via unsafe Java deserialization affects the camel-pqc component of Apache Camel 4.18.0-4.18.2 and 4.19.0-4.20.x. The HashiCorp Vault and AWS Secrets Manager KeyLifecycleManager implementations (and a legacy-migration path in the file-based manager) read post-quantum key metadata back with a raw ObjectInputStream.readObject() lacking any ObjectInputFilter or allow-list, so a principal able to write to the key backend can plant a gadget object that executes during normal key-lifecycle operations. No public exploit has been identified at time of analysis and EPSS is low (0.19%), but SSVC rates technical impact as total; this is an incomplete-remediation follow-on to CVE-2026-40048.
Unauthenticated Camel control-header injection in Apache Camel's camel-cometd component (4.0.0 before 4.14.8, 4.15.0 before 4.18.3, and 4.19.0 before 4.21.0) lets any client that completes a Bayeux/CometD handshake inject internal headers such as CamelHttpUri, CamelFileName or CamelJmsDestinationName into the Camel Exchange, hijacking the behaviour of downstream producers. Because a CometdComponent installs no Bayeux SecurityPolicy by default, no authentication is required (PR:N), and the injected headers survive internal direct/seda/vm hops. Reported by Apache with a fix in 4.21.0; there is no public exploit identified at time of analysis and EPSS is low at 0.19% (9th percentile).
Remote code execution in the Apache Camel camel-hazelcast component allows an attacker who can join or reach the Hazelcast cluster to run arbitrary code on every Camel node. The flaw exists because Camel-created Hazelcast instances apply no Java deserialization filter by default, so crafted serialized objects sent over the cluster protocol are deserialized (ObjectInputStream.readObject) before Camel processes them. It affects Camel 4.0.0-4.14.7, 4.15.0-4.18.2, and 4.19.0-4.20.x whenever a hazelcast consumer or repository uses Camel's own default configuration; there is no public exploit identified at time of analysis and EPSS is low (0.49%, 39th percentile).
Remote code execution in Apache Camel's camel-vertx-http component (4.0.0-4.14.7, 4.15.0-4.18.2, 4.19.0) arises when a producer endpoint deserializes 5xx HTTP response bodies marked application/x-java-serialized-object through a raw java.io.ObjectInputStream with no class filtering. Exploitation is limited to non-default deployments where transferException=true or allowJavaSerializedObject=true is set and throwExceptionOnFailure remains true, letting an attacker who controls or intercepts the backend deliver a malicious serialized object and, given a gadget chain on the classpath, run code on the Camel host. This is a vendor-reported (Apache) issue with a publicly available advisory; there is no public exploit identified at time of analysis and EPSS is low at 0.39% (31st percentile).
Authenticated remote code execution in the FileOrganizer WordPress plugin before 1.2.0 lets users granted file-manager access upload arbitrary PHP files because several file-management operations skip file-type validation. Publicly available exploit code exists, and the flaw is an incomplete fix of CVE-2024-7985, which only hardened the upload operation while leaving other file-management endpoints unvalidated. With CVSS 3.1 base 8.8 (PR:L) and a working PoC, any low-privileged account with file-manager rights - extendable to sub-administrator roles via the premium add-on - can achieve full site compromise.
Authentication bypass in Apache Camel's camel-keycloak component (versions 4.15.0-4.18.2 and 4.19.0-4.20.x) allows any caller presenting a non-null Authorization: Bearer header value - including an arbitrary string or a forged, unsigned JWT - to bypass Keycloak token verification entirely and access routes protected by KeycloakSecurityPolicy. The cryptographic token checks (signature, issuer, expiry) are embedded exclusively inside role and permission validation routines that are never invoked when requiredRoles and requiredPermissions are empty, which is the documented default 'Basic Setup.' Where the protected route connects to a code-execution-capable Camel producer, this authentication bypass can escalate to unauthenticated remote code execution; no public exploit has been identified at time of analysis.
PHP object injection in YesWiki's BazaR import feature allows an attacker to reach an unsafe unserialize() sink in tools/bazar/services/CSVManager.php, where attacker-supplied base64 data is deserialized without allowed_classes=false, instantiating arbitrary classes and triggering magic methods (__destruct, and __toString via array_map('strval')). Because the importentries mode lacks CSRF protection (the assigned root cause CWE-352), a remote attacker can host an auto-POSTing HTML page that, when visited by a logged-in wiki admin, drives the deserialization using the admin's session - chaining published Doctrine PHPGGC gadgets into remote code execution on the host. Publicly available exploit code exists demonstrating the object-injection primitive, but no full end-to-end RCE chain is published and this is not confirmed actively exploited (not in CISA KEV).
Reflected XSS in YesWiki doryphore 4.6.5 allows an attacker to execute arbitrary JavaScript in a victim's browser by exploiting unescaped output of the `time` GET parameter in the archived-revision edit form at `handlers/page/show.php`. A working proof-of-concept has been published by the reporter and confirmed against the official package; the attack exploits MySQL's DATETIME coercion to accept a malformed timestamp that begins with a real archived revision value yet appends injected markup, causing the archived-revision branch to render and reflect the payload unescaped. No active exploitation has been confirmed by CISA KEV, but the detailed PoC lowers the barrier to weaponization.
{{ 7 * 7 }} rendering as 49, escalated to an interactive reverse shell); this vulnerability is not in CISA KEV and there is no evidence of active exploitation.
Authenticated remote code execution in LibreBooking (open-source scheduling/reservation platform) versions prior to 5.1.0 allows an administrator to write arbitrary files outside the intended template directory by abusing the email template editor's save action, which trusts the submitted template name as part of the destination file path. Because the resulting file can be dropped into a web-executable location, the write primitive escalates to server-side code execution. No public exploit has been identified at time of analysis and the flaw is not listed in CISA KEV, but a CISA CSAF advisory and upstream fix commit exist.
Remote code execution in Metabase (open-source BI/analytics platform) versions 1.55.0 through the fixed releases arises because one database-creation code path failed to validate unsafe H2 JDBC connection properties, letting an authenticated administrator register a crafted H2 datasource and run arbitrary Java on the server host. Because the CVSS scope is Changed (S:C), successful exploitation escapes the application context and yields full host compromise. No public exploit has been identified at time of analysis and it is not listed in CISA KEV, but the CVSS base score of 9.1 and RCE nature make it a high-priority patch for any exposed Metabase instance.
Arbitrary code execution on the host operating system is achievable by an authenticated FileMaker Server administrator via a malicious file upload through the Open Source LLM setup feature - specifically the Miniforge installer upload path - in the Admin Console. All FileMaker Server versions prior to 26.0.1 are affected; the flaw is classified as CWE-434 (unrestricted upload of a dangerous file type) and was reported directly by Apple/Claris product security. No public exploit code or CISA KEV listing exists at time of analysis, and SSVC rates exploitation as none with no automation feasibility, substantially limiting real-world risk despite the RCE classification.
Prototype pollution in apidevtools json-schema-ref-parser up to v15.3.5 allows low-privileged remote attackers to modify Object prototype attributes via crafted input to the Refs.set/Pointer.set functions in lib/pointer.ts. The vulnerability is tagged RCE and Code Injection, reflecting the theoretical worst-case of prototype pollution in Node.js environments where polluted properties propagate to dangerous sinks; however, the CVSS 4.0 score of 2.1 with limited (L/L/L) impact ratings suggests the direct, exploitable impact is constrained. A proof-of-concept exists (CVSS 4.0 E:P) but no confirmed active exploitation has been recorded in CISA KEV.
Cross-user remote code execution in Open WebUI before 0.10.0 lets an authenticated user run arbitrary code interpreter Python or invoke tools inside another logged-in user's session. The get_event_call handler dispatched execute:python and execute:tool Socket.IO events to any client-supplied session_id that was merely 'connected', so an attacker who harvested a victim's socket ID via the ydoc:document:join collaboration flow could hijack that session. A proof-of-concept is indicated in the SSVC data, though the flaw is not in CISA KEV and EPSS rates near-term mass exploitation low (0.28%, 19th percentile).
Malicious firmware installation is possible on Siemens CPCI85 Central Processing/Communication firmware (versions before V26.20) and the SICORE Base System (before V26.20.0) because the firmware update mechanism fails to properly validate signatures. An attacker with high privileges and local access can push crafted, tampered firmware to achieve persistent code execution and full device compromise. There is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV.
Root-privileged arbitrary directory creation and file write affects Note Mark (self-hosted notes application) versions <= v0.19.4, arising because book and note slug validation uses the unanchored huma OpenAPI pattern '[a-z0-9-]+', letting a low-privilege authenticated user store a path-traversal slug such as '../../../../etc/cron.d/x'. When an administrator later runs the 'note-mark migrate export' or 'export-v1' CLI (routinely as root in Docker), the exporter joins the raw slug into the output path and writes '_index.md' outside the export directory, enabling escalation to code execution as root. Publicly available exploit code exists (a version-pinned Go reproducer plus an end-to-end Docker walkthrough); this is the unpatched sibling of GHSA-g49p-4qxj-88v3 and is not listed in CISA KEV.
Authentication bypass leading to remote code execution in Xerte Online Tools (all versions below 3.14.6 and below 3.15.5) lets unauthenticated remote attackers reach the exposed /setup/ installer and re-run the installation, pointing the application at a database they control and thereby seizing full control of the toolkit. The flaw scores CVSS 9.1 (AV:N/AC:L/PR:N/UI:N) and is tagged Authentication Bypass and RCE; a vendor patch exists but there is no public exploit identified at time of analysis. CISA's SSVC framework rates it not-exploited but automatable with partial technical impact.
{user}/tokens endpoint, which failed to enforce an authorization check on the target user. An attacker who knows a more-privileged user's login name and can log in through the Dashboard's OAuth/OIDC flow can forge and finalize a token for that account, potentially seizing Dashboard Administrator rights and — chained with a separate weakness — achieving code execution on the host. CVSS 4.0 is rated 8.7 (High); there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.
Arbitrary file deletion in the Bit Form WordPress plugin (all versions through 3.1.1) lets low-privileged authenticated users delete any file on the server via an unsanitized path passed to the deleteFiles function. Because a subscriber-level attacker can remove critical files such as wp-config.php, this path traversal escalates into a full site takeover / remote code execution scenario. Reported by Wordfence with a CVSS of 7.1; no public exploit identified at time of analysis and it is not listed in CISA KEV.
Arbitrary file upload leading to remote code execution affects the premium Blocksy Companion Pro plugin for WordPress in all versions through 2.1.46, where the Custom Fonts extension's flawed MIME validation lets unauthenticated attackers upload executable PHP files disguised as fonts. The Custom Fonts extension registers a wp_check_filetype_and_ext filter that uses strpos() to approve any filename merely containing '.woff2' or '.ttf' anywhere in the string, so a double-extension payload like shell.woff2.php passes as a legitimate font. Reported by Wordfence with a CVSS of 9.8; no public exploit identified at time of analysis and it is not listed in CISA KEV.
Remote code execution in the Popup Maker WordPress plugin (all versions through 1.22.0) allows authenticated attackers holding editor-level access or above to install and activate an arbitrary plugin from an attacker-controlled URL, resulting in full server-side code execution. The root cause is a missing authorization check (CWE-862) in the plugin's REST API Connect controller, whose install endpoint treats a bearer token - issued by the legacy v1/connect/info endpoint - as its only non-spoofable authorization gate. Reported by Wordfence; no public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Local File Inclusion in the WPFunnels WordPress plugin (all versions through 3.12.7) allows authenticated administrators to include and execute arbitrary PHP files on the server via the unsanitized `logKey` parameter, yielding full remote code execution when combined with file upload capability. The attack requires administrator-level WordPress credentials and high complexity - specifically the ability to place a PHP file on the server - materially limiting the exploitable population. No public exploit code or CISA KEV listing has been identified at time of analysis, placing this in a routine-patching priority tier despite its severe potential impact.
Man-in-the-middle credential theft and root code execution affects the BOSH CLI (bosh-cli) prior to v7.10.4, which fails to verify the DAV blobstore server certificate during 'bosh create-env' and 'bosh delete-env' even though a valid CA certificate is present in the installation manifest. An adjacent network attacker who can intercept the operator's HTTPS upload can harvest Basic-auth credentials and the rendered-templates archive holding every bootstrap secret for the new BOSH Director, then replay those credentials against the target VM's agent to gain root code execution. There is no public exploit identified at time of analysis, but the vendor-rated CVSS 4.0 score of 8.9 reflects the high impact of a full Director compromise.
Remote code execution in Google Chrome desktop before 150.0.7871.115 stems from a use-after-free in the InterestGroups component (the Protected Audience / FLEDGE ad-auction API of Privacy Sandbox), letting a remote attacker run arbitrary code within the renderer sandbox by luring a victim to a crafted HTML page. Google rates the Chromium severity High, and the CVSS 8.8 reflects network-reachable, low-complexity, unauthenticated exploitation gated only by user interaction (visiting a page). There is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV, though EPSS-style risk for Chrome memory-corruption bugs is typically elevated once details circulate.
Uninitialized Use in V8 in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Sandboxed remote code execution in Google Chrome versions prior to 150.0.7871.115 stems from a use-after-free in the Forms component, allowing a remote attacker to run arbitrary code within the renderer sandbox when a victim opens a crafted HTML page. The flaw carries a High Chromium severity rating and CVSS 8.8; Google has shipped a stable-channel fix, but no public exploit has been identified at time of analysis. Because code execution is confined to the sandbox, a separate sandbox-escape bug would be required for full host compromise.
Sandboxed remote code execution in Google Chrome desktop before 150.0.7871.115 lets a remote attacker run arbitrary code within the renderer sandbox when a victim opens a crafted HTML page, stemming from an inappropriate implementation in the Forms component (Chromium severity: High). No public exploit identified at time of analysis, and the flaw is not on CISA KEV; Google has shipped a fixed Stable channel build. The high CVSS (8.8) reflects full compromise of the affected renderer process, though code execution is stated to be confined to the sandbox rather than a full host takeover.
Use after free in WebRTC in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Remote code execution in Google Chrome desktop before 150.0.7871.115 stems from a use-after-free in the browser's Input component, letting a remote attacker who lures a victim to a crafted HTML page run arbitrary code inside the renderer sandbox. Google rates the Chromium severity High and CVSS is 8.8, requiring user interaction (visiting a malicious page) but no authentication. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the memory-corruption class and network attack vector make it a standard high-priority browser patch.
Remote code execution in Google Chrome desktop before 150.0.7871.115 lets a remote attacker run arbitrary code (constrained to the renderer sandbox) by luring a victim to a crafted HTML page that triggers a use-after-free in the Actor component. The flaw is network-reachable and requires only that the user visit a malicious page, but Chromium rates the severity High rather than Critical because code execution stays inside the renderer sandbox. No public exploit identified at time of analysis; no EPSS or KEV signal was supplied in the input.
Renderer-process code execution in Google Chrome desktop before 150.0.7871.115 arises from a use-after-free in the IndexedDB implementation, letting a remote attacker run arbitrary code within the Chromium sandbox when a victim opens a crafted HTML page. Chromium rated the flaw Medium severity even though the CVSS base score is 8.8, reflecting that execution is confined to the sandboxed renderer rather than the host. A vendor patch is available and no public exploit has been identified at time of analysis.
Remote code execution in the Generic OEM UZ801_v2.1 4G LTE Router (firmware V3.4.3) lets unauthenticated attackers run arbitrary code by sending crafted requests to the /ajax web management API served by the device's MifiService.apk component. The flaw stems from broken access control on the management endpoint, giving remote attackers full control of the device with no credentials. Publicly available exploit code exists on GitHub, though EPSS probability is low (0.24%, 15th percentile) and it is not on the CISA KEV list.
Sandbox escape in the OpenJDK packages shipped by Ubuntu allows a compromised sandboxed application to break out and run arbitrary code on the host. Because the packages' .jar MIME handlers execute any file flagged executable (when the mailcap package is present), an app abusing the OpenURI portal through xdg-desktop-portal-gtk can drop a malicious .jar, set its executable bit, and invoke the handler. There is no public exploit identified at time of analysis, but the flaw carries a CVSS 8.8 with a changed scope, reflecting full loss of host confidentiality, integrity and availability once the sandbox boundary is crossed.
Elasticsearch Painless script injection via OpenCTI's GraphQL API allows any authenticated user holding the KNOWLEDGE capability to submit computationally expensive, unvalidated scripts that saturate Elasticsearch cluster CPU, degrading or denying service for the entire platform. All OpenCTI deployments prior to version 7.260401.0 are affected, with the vulnerability residing in the exposed 'script' FilterOperator of the GraphQL API. No public exploit code or CISA KEV listing is confirmed at time of analysis; a vendor-released patch is available in version 7.260401.0.
Memory corruption in the User-ID Terminal Server Agent (TSA) of Palo Alto Networks PAN-OS lets an unauthenticated network attacker crash the service (DoS) or potentially execute arbitrary code by sending crafted traffic to the TSA listener. Multiple out-of-bounds write bugs are involved; the vendor's CVSS 4.0 vector flags the exploit as unproven (E:U), and no public exploit has been identified at time of analysis. Panorama is explicitly not affected, and exposure hinges on whether the optional TSA component is deployed and reachable.
Unauthenticated remote code execution in Joro ≤ v1.1.0 (BishopFox's offensive-security tooling) allows an attacker to gain a shell as the operator's user when that operator merely visits a malicious web page. In the default proxy mode, Joro exposes an unauthenticated local API on 127.0.0.1:9090 with a wildcard CORS policy; because plugin uploads use the CORS-safelisted multipart/form-data content type, cross-origin JavaScript can upload a native Go plugin and trigger a restart through the operator's browser with no preflight or credentials, and the plugin's init() executes on load. No public exploit is identified at time of analysis, but the advisory documents a complete, reproducible attack chain, and the assigned CVSS is 9.6 (Critical).
Remote code execution in DSpace 8.0-8.3 and 9.0-9.2 allows an authenticated administrator to execute arbitrary Java via Velocity templates used to render COAR Notify/LDN messages, using reflection to escape the templating sandbox. Exploitation requires valid DSpace administrator credentials and is most impactful when chained with the related LDN path-traversal flaw (GHSA-9qm4-rh6w-pq5x). No public exploit identified at time of analysis, and CVSS is 8.0 (High).
OS command injection in Nuclio (serverless platform) versions <= 1.15.27 lets attackers run arbitrary shell commands as root inside Kubernetes CronJob pods by submitting a function with a crafted cron trigger. The controller concatenates unsanitized `event.headers` keys and `event.body` values into a `/bin/sh -c` curl string; a header key containing a double-quote breaks quoting, and a body containing `$()` triggers command substitution (strconv.Quote does not escape it). Because the Nuclio Dashboard API is unauthenticated in its default configuration, this is remotely reachable; no public exploit is identified in KEV, though a detailed, dynamically-verified PoC accompanies the advisory.
Custom Code Guardrails in LiteLLM's AI Gateway proxy prior to 1.82.0-stable permitted privileged users with guardrail management rights to submit arbitrary Python code via the production create and update API paths, which executed unsandboxed within the proxy process. Unlike the test endpoint - which enforced sandbox controls - the production paths lacked equivalent validation, enabling the injected code to access and expose secrets, API keys, and environment variables available to the running process. No public exploit or active exploitation (CISA KEV) has been identified at time of analysis; risk is highest in multi-tenant or multi-operator LiteLLM deployments where guardrail management rights are distributed.
Unrestricted file upload in Grav API Plugin 1.0.0 allows authenticated users to store arbitrary content - including PHP scripts, SVG with embedded JavaScript, and polyglot payloads - via the avatar upload endpoint by supplying a forged client-declared MIME type beginning with 'image/'. The endpoint performs no server-side content inspection and imposes no extension restriction, so malicious files are written to user/accounts/avatars/ with predictable filenames. Immediate exploitation is partially mitigated by an .htaccess rule that returns HTTP 403 on direct access, but the files persist on disk and represent a latent RCE or stored XSS vector if a co-resident path traversal flaw or server misconfiguration bypasses that control. No public exploit code or CISA KEV listing has been identified at time of analysis.
Remote code execution and denial of service in FreeRDP before 3.22.0 stem from a use-after-free in the dynamic virtual channel manager (drdynvc), where `dvcman_channel_close` and `dvcman_call_on_receive` access `channel_callback` without proper synchronization (CWE-362). A malicious or compromised RDP server can race DYNVC_DATA and DYNVC_CLOSE messages to free a channel callback while another thread still uses it, corrupting the client heap. This is a client-side flaw affecting anyone connecting to an attacker-controlled server; no public exploit identified at time of analysis, and it is not listed in CISA KEV. FreeRDP is a widely used open-source implementation of the Microsoft Remote Desktop Protocol, embedded in clients such as Remmina, GNOME Connections, Weston, and numerous commercial and VDI products. The bug lives in the drdynvc (Dynamic Virtual Channel) subsystem, which multiplexes optional channels (clipboard, audio, device redirection, etc.) over the RDP connection and processes them on a dedicated client thread. Per CWE-362 (concurrent execution using shared resource with improper synchronization / race condition), `dvcman_channel_close` (handling DYNVC_CLOSE) can free the `channel_callback` structure while `dvcman_call_on_receive` (handling DYNVC_DATA) is concurrently dereferencing it, producing a heap use-after-free. Because the RDP server dictates the timing and ordering of DYNVC_DATA and DYNVC_CLOSE PDUs, a hostile server controls the race window. The published CVSS 4.0 vector (AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H) yields 8.3 (High), driven mainly by high availability impact with lower confidentiality/integrity impact — consistent with a heap corruption that reliably crashes the client (DoS) but only potentially yields RCE. AC:H correctly reflects that success depends on winning a non-deterministic thread race, which is unreliable and may require many attempts. There is no EPSS score, no KEV listing, and no confirmed public POC in the provided data, so exploitation pressure is currently low-to-unknown; the RCE and Denial Of Service tags reflect potential impact, not observed attacks. One nuance to verify: the vector uses UI:N/PR:N, but this is a client-side vulnerability requiring the victim to connect to a malicious server — a real-world limiting factor that raw CVSS understates. Net: a legitimate patch priority for fleets whose users connect to untrusted or reachable RDP endpoints, but not an emergency mass-exploitation scenario given AC:H and no evidence of exploitation. FreeRDP (the open-source RDP client/library and its FreeRDP-based clients) at all versions prior to 3.22.0 are affected; the flaw is fixed in FreeRDP 3.22.0. No CPE strings were provided in the input, so exact downstream package ranges (e.g., distribution builds of Remmina or the freerdp2/freerdp3 packages) should be confirmed against vendor trackers. Authoritative details are in the FreeRDP GitHub Security Advisory GHSA-3mv2-5q57-2v8h (https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-3mv2-5q57-2v8h) and the VulnCheck advisory (https://www.vulncheck.com/advisories/freerdp-use-after-free-via-race-condition-in-drdynvc-channel-callback). Vendor-released patch: FreeRDP 3.22.0 — upgrade all FreeRDP libraries and any FreeRDP-based clients (Remmina, GNOME Connections, xrdp clients, etc.) to 3.22.0 or later, rebuilding or updating downstream distribution packages that bundle the library. Until patched, reduce exposure by only connecting to trusted, known-good RDP servers and avoiding connections to untrusted or attacker-influenced hosts, since the malicious behavior originates server-side; where feasible, restrict outbound RDP (TCP 3389) from client machines to an allowlist of approved servers via egress firewall rules (trade-off: breaks ad-hoc connections to new servers). If specific dynamic virtual channels are not required, disabling optional channel redirections (clipboard, drive, audio) narrows the attack surface of drdynvc but does not fully eliminate the race and reduces functionality. Follow guidance in GHSA-3mv2-5q57-2v8h (https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-3mv2-5q57-2v8h) and the VulnCheck advisory (https://www.vulncheck.com/advisories/freerdp-use-after-free-via-race-condition-in-drdynvc-channel-callback). An attacker stands up or compromises an RDP server and lures a victim into connecting with a vulnerable FreeRDP client (e.g., via a malicious .rdp file, phishing link, or a man-in-the-middle position). Once connected, the server rapidly interleaves DYNVC_DATA and DYNVC_CLOSE messages on a dynamic virtual channel to win the race and trigger the heap use-after-free in the client's drdynvc thread, crashing the client or, with careful heap grooming, potentially executing code in the client process. No public POC is identified at this time, and the AC:H race condition makes reliable code execution difficult. Exploitation requires the victim to establish an RDP session to an attacker-controlled or compromised server running against a FreeRDP client before 3.22.0, and the connection must use the drdynvc dynamic virtual channel path. The attacker must then concurrently send DYNVC_DATA and DYNVC_CLOSE messages on a dynamic virtual channel to win a timing race in `channel_callback` access. Limiting factors: the attacker must control the RDP server side (this is a client-side vulnerability, so it cannot be triggered against an unwilling client that never connects), the exploit depends on winning a non-deterministic thread race (CVSS AC:H) so it is unreliable and may require repeated attempts, and reliable code execution beyond a crash requires heap-layout control. No authentication to the malicious server is needed, but the user must initiate the outbound connection. Lure victim to malicious RDP server → Client opens dynamic virtual channel (drdynvc) → Server races DYNVC_DATA and DYNVC_CLOSE → Trigger heap use-after-free on channel_callback → Crash client or execute code in client process Affected/fixed version (before 3.22.0; fixed in 3.22.0), root cause, and functions are confirmed by the FreeRDP GitHub Security Advisory GHSA-3mv2-5q57-2v8h and the VulnCheck advisory. CVSS 4.0 vector, 8.3 score, and CWE-362 are provided in the input; RCE is described as potential, not demonstrated. Not listed in CISA KEV and no EPSS score or public POC was provided, so real-world exploitation status is unknown; downstream package version ranges are not confirmed due to absent CPE data. high core open-source RDP library embedded in many Linux remote-desktop clients CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H Client-side flaw needing the victim to connect to a malicious server (UI:R) and to win a thread race (AC:H); heap corruption gives high availability impact with limited C/I. CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
Path traversal in Flowise's Faiss and SimpleStore vector store implementations allows any holder of a valid API token to write vector store data to arbitrary filesystem locations, creating a practical path to remote code execution or data exfiltration on the hosting server. All Flowise deployments prior to version 3.1.0 are affected when either of these two vector store backends is configured. No public exploit code has been identified at time of analysis and the vulnerability is not listed in CISA KEV, but the post-authentication exploitation path is low-complexity, making timely patching critical especially in multi-tenant or shared deployments where API tokens are broadly distributed.
Remote code execution in the Blocksy Companion Pro WordPress plugin (all versions before 2.1.47) lets unauthenticated attackers upload executable PHP files through the Advanced Reviews feature, taking over the site. The save_attachments function relies on a flawed strpos() substring check inherited from the Custom Fonts extension, so a double-extension filename like shell.woff2.php passes validation while the server executes it as PHP. No public exploit has been identified at time of analysis, but a vendor patch (2.1.47) is available and the flaw was reported by VulnCheck.
Remote code execution in Apache Gravitino before 1.2.1 allows unauthenticated callers to abuse the testConnection API by submitting a crafted H2 JDBC URL whose INIT parameter runs arbitrary Java on the server. The flaw only manifests when Gravitino is backed by the H2 database - a configuration primarily used for testing and local development - and CISA SSVC rates technical impact as total and exploitation as automatable, though no public exploit has surfaced. Fixed in 1.2.1; because Gravitino is usually deployed on internal networks and H2 is not the production default, the vendor characterizes real-world severity as low despite the 9.1 CVSS score.
The Appointment Booking Calendar Plugin and Scheduling Plugin WordPress plugin through 1.1.28 does not validate data before passing it to a PHP deserialization function, allowing unauthenticated attackers to inject arbitrary PHP objects; where a suitable gadget chain is present on the site this can be leveraged to achieve remote code execution.
Arbitrary file upload in the WHMCS Bridge plugin for WordPress (all versions through 6.9) lets authenticated users with Custom-level access or above upload files of any type via the unvalidated connect() function, potentially achieving remote code execution on the host. Reported by Wordfence and tracked as CWE-434, the flaw carries a CVSS of 8.8; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. The impact hinges on the plugin's failure to enforce file-type checks before writing uploaded content to disk.
Local privilege escalation to SYSTEM in Fuji Electric Pupsman before version 3.9.0 allows a low-privileged local user to drop a malicious executable into the weakly-permissioned installation directory, which is then run with SYSTEM privileges for full arbitrary code execution. Reported through JPCERT/CC (JVN JVN62347140); no public exploit identified and no active exploitation is confirmed at time of analysis. The CVSS 4.0 base score is 8.5 (High), reflecting complete confidentiality, integrity, and availability impact despite the local attack vector.
Local privilege escalation to arbitrary code execution affects Fuji Electric's Pupsman UPS management software in all versions prior to 3.9.0, where the installer insecurely loads a DLL from its own directory. A local attacker who can drop a malicious DLL into the folder containing the installer can have it executed with SYSTEM privilege the next time the installer is run. No public exploit identified at time of analysis and the flaw is not in CISA KEV; exploitation requires local file placement plus a victim executing the installer (UI:A).
Arbitrary file deletion in the Simple Coherent Form WordPress plugin (all versions up to and including 2.4.13) allows unauthenticated attackers to delete any file the web server can reach, and deleting wp-config.php can cascade into full remote code execution. The plugin's two intended access controls are illusory: the scf_get_id_upload endpoint hands a valid scf_upload_file_removal nonce to any anonymous visitor, and the secondary hash check can be reproduced offline because it derives from a salt hardcoded in the plugin source. There is no public exploit identified at time of analysis, but the flaw carries a high 9.1 CVSS and reflects a genuine unauthenticated-network attack path.
Remote code execution in the Widget Logic Visual WordPress plugin (all versions through 1.52) lets low-privileged authenticated users run arbitrary PHP on the server. The flaw stems from the widget-logic-update-conditional-tags AJAX action lacking a capability check and nonce verification, allowing any subscriber-and-above account to store attacker-controlled data in the 'nwlv[cod-tag]' parameter that is later passed to an eval() call by widget_logic_visual_check_visibility. Reported by Wordfence with no public exploit identified at time of analysis and no CISA KEV listing.
Arbitrary code execution on Code27 Companion Hub (firmware SQ3A.220705.003.A1) is achievable by a physically proximate attacker through improper access controls on the device's USB debugging (ADB) interface. The Android Debug Bridge component fails to enforce adequate restrictions, allowing an unauthenticated attacker with physical USB access to execute arbitrary commands at elevated privilege. A publicly available proof-of-concept exploit exists on GitHub, and SSVC assessment rates the technical impact as total despite no confirmed active exploitation in the wild.
Connection string injection in KEDA's PostgreSQL scaler allows low-privileged tenants to inject arbitrary libpq connection parameters by embedding tab, newline, or other non-space whitespace characters into ScaledObject or TriggerAuthentication configuration fields. The `escapePostgreConnectionParameter` function in `pkg/scalers/postgresql_scaler.go` only detects literal spaces before quoting values, leaving all other libpq token delimiters unescaped; successful exploitation forces TLS downgrade (sslmode=disable) or redirects database connections to attacker-controlled hosts to steal operator-supplied credentials. A working proof-of-concept YAML payload is included in GitHub advisory GHSA-6w3m-4hhp-775q; no CISA KEV listing was present at time of analysis.
Path traversal in Goploy's `/deploy/fileDiff` endpoint (versions <=1.17.5) enables any authenticated low-privilege member to read arbitrary files on both the Goploy host and every SFTP-managed remote server registered in the system. The dual file read returns local content in the `srcText` response field and remote server content in `distText`, multiplying the blast radius across all managed deployment targets. Publicly available exploit code exists per the GitHub Security Advisory; this is not listed in CISA KEV, but exploitation conditions are trivially met under default Goploy configuration.
Local arbitrary code execution affects an unspecified industrial control system (ICS) product reported through CISA ICS-CERT (advisory ICSA-26-188-06). A stack-based buffer overflow (CWE-121) lets an attacker who can supply crafted input trigger memory corruption and run arbitrary code once a local user interacts with the malicious data, fully compromising confidentiality, integrity, and availability. No public exploit identified at time of analysis and the affected vendor/product is not disclosed in the available data.
Arbitrary code execution in an unnamed ICS/OT application arises from a use-after-free (CWE-416) triggered when the software parses a specially crafted file, letting an attacker run code in the context of the current process. The flaw was reported through CISA's ICS-CERT (advisory ICSA-26-188-06) and carries a CVSS 4.0 base score of 8.4; exploitation is local and requires a user to open the malicious file. No public exploit code has been identified at time of analysis and the CVE is not listed in CISA KEV.
Arbitrary code execution via an out-of-bounds write (CWE-787) affects an industrial control system product covered by CISA ICS advisory ICSA-26-188-06, where an attacker can corrupt memory past an allocated buffer to run code in the context of the affected application. The CVSS 4.0 vector (AV:L/UI:A) indicates the flaw is triggered locally and requires a victim to actively interact - consistent with opening a malicious file or project in engineering/HMI software. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the high-impact memory corruption and DHS ICS-CERT reporting warrant prompt patching in OT environments.
DBI versions before 1.650 for Perl are vulnerable to code injection via caller-influenced Profile. When a string is assigned to a DBI handle's Profile attribute, DBI splits it into path, package and arguments, and interpolates the package part in a string eval with no validation of the package name. Any caller-influenced value that reaches the Profile attribute is therefore arbitrary Perl code execution, including calls to run system commands. The Profile attribute can be set from three different sources that can carry untrusted data: the DBI_PROFILE environment variable, a direct attribute assignment, and a DSN driver-attribute clause dbi:Driver(Profile=>SPEC):db. An attacker controlling any of those inputs runs arbitrary Perl in the host process. The strongest remote position is a network-exposed DBI::Gofer / DBI::ProxyServer whose per-request DSN reaches the Profile attribute, letting a client execute code on the broker host.
Remote code execution in Koodo Reader (versions 2.3.0 and earlier) lets an attacker who supplies a malicious EPUB file run arbitrary OS commands with the victim's privileges once the book is imported and opened. The flaw combines a dangerously permissive Electron IPC handler (nodeIntegrationInSubFrames enabled) with unsanitized innerHTML rendering of chapter content, turning ebook display into a Node.js code-execution primitive. No public exploit has been identified at time of analysis; the issue is fixed in version 2.3.1 and is not listed in CISA KEV.
Remote code execution in the Oraios Serena MCP coding toolkit (prior to v1.5.2) lets a malicious webpage hijack a developer's local coding agent via DNS rebinding. Serena's built-in web dashboard runs an unauthenticated Flask API on a fixed, predictable port with no auth, no CSRF protection, and no Host-header validation, so any site the victim visits while Serena is running can write attacker-controlled content into the agent's persistent memory store; because the agent autonomously reads that memory and can invoke execute_shell_command with shell=True, this chains to code execution on the developer's machine. No public exploit identified at time of analysis, and the flaw is not on the CISA KEV list.
Arbitrary Python code execution in calibre (e-book manager) before 9.10.0 lets attackers run code on a victim's machine simply by having them import or edit a malicious EPUB, OPF, or PDF. The crafted file embeds a custom column definition containing a python: template inside the calibre:user_metadata field, which calibre passes unsanitized to exec() in its template formatter during routine metadata reading (Add books / Edit books). No public exploit has been identified at time of analysis, but the flaw triggers through normal user workflows, making weaponized e-book files a realistic delivery vector.
Arbitrary code execution in DataEase before 2.10.24 lets authenticated users bypass H2 JDBC URL validation using special Unicode characters whose case conversion differs between DataEase's validator and the H2 parser, smuggling dangerous parameters such as INIT into a malicious H2 connection string. Because H2's INIT clause executes SQL/DDL at connection time, an attacker can run arbitrary code on the host. No public exploit has been identified at time of analysis, but a fix commit and release exist, making the mechanism reproducible from the public patch.
Remote code execution in DataEase before 2.10.24 allows an authenticated attacker to bypass the prior H2 zip-protocol and file-dropper hardening by uploading a ZIP archive masquerading as a font file (.ttf) via the FontManage.saveFile endpoint, then invoking the H2 database zip protocol against it to execute arbitrary code on the server. The flaw is a regression that defeats an earlier fix, and carries a CVSS 4.0 score of 8.7 (High). No public exploit has been identified at time of analysis, but the vendor GitHub Security Advisory (GHSA-8x36-774q-pwqg) and two remediation commits are published.
Remote code execution in Vtiger CRM before 8.4.0 lets an authenticated low-privileged user upload a malicious .phar file through the Documents module and execute arbitrary PHP. The extension denylist in config.inc.php omits .phar, and a stale Apache 2.2-syntax .htaccess is silently ignored on Apache 2.4, so the payload lands in a web-accessible directory reachable by unauthenticated HTTP - the attack begins authenticated but the final execution step is unauthenticated. Publicly available exploit code exists (published by VulnCheck/Jiva Security); no CISA KEV listing and no EPSS score were provided.
Authenticated remote code execution in Vtiger CRM through version 8.4.0 lets an administrator upload a crafted ZIP archive through the ModuleManager import feature and drop executable PHP files directly into the web-root modules/ directory, yielding a persistent web shell. Because Apache resolves and executes those PHP files before Vtiger's routing layer runs, the resulting shell bypasses the application's authentication entirely and survives independently of the attacker's login session. Publicly available exploit code exists (VulnCheck / Jiva Security), though there is no public exploit identified as being used in active attacks and it is not listed in CISA KEV.
Arbitrary file write in the AMP for WP - Accelerated Mobile Pages WordPress plugin (versions up to and including 1.1.12) lets authenticated Author-level users, granted permission by an Administrator, upload and unsafely extract a crafted ZIP through the ampforwp_save_local_font() function, planting attacker-controlled files in a web-accessible uploads path. On hosts configured to execute PHP from the uploads directory, this escalates to remote code execution. There is no public exploit identified at time of analysis, and the issue is not listed in CISA KEV; an upstream fix is present in the plugin repository (changeset 3512870).
Arbitrary file read in EGroupware's mail composition module allows any authenticated user with mail access to exfiltrate files readable by the web server process. The vulnerability stems from a defective URI scheme check in `api/src/Mail.php` that correctly rejects `data:` URIs but inadvertently permits `file://` URIs, which PHP's `file_get_contents()` resolves natively against the local filesystem. A publicly available proof-of-concept exists demonstrating `/etc/passwd` extraction via a crafted HTML email body; no active exploitation (CISA KEV) has been confirmed at time of analysis.
Authenticated OS command execution in EGroupware allows an administrator to escalate from web-application access to arbitrary shell commands as the web server user (typically www-data). The flaw lives in the eTemplate engine's Widget::expand_name(), where widget attribute values are passed into a PHP eval() with only double-quotes escaped, leaving backtick shell-execution operators intact; an admin uploads a malicious .xet template to the /etemplates VFS mount to trigger it. A detailed proof-of-concept is published in the vendor's GitHub Security Advisory (publicly available exploit code exists), though there is no evidence of active exploitation.
Remote code execution in EGroupware lets an attacker chain a broken authorization check with an arbitrary file write and an arbitrary file read to fully compromise the server. An authenticated user can forge the participant_role field in a SmallPartMediaRecorder::ajax_upload() request to impersonate a course teacher, then use path traversal to read and overwrite header.inc.php with valid but attacker-controlled PHP, yielding code execution after OPcache refresh or a setup-password change. Where self-registration is enabled the entire chain becomes reachable pre-authentication. No public exploit has been identified, but the advisory documents a complete, reproducible technique.
Remote code execution in Apache Airflow before 3.3.0 lets a DAG author embed a malicious trigger whose attacker-controlled class path is loaded via an unrestricted import_string() when the Scheduler or API Server deserializes the serialized DAG, executing arbitrary code in those privileged processes and breaking the core Airflow boundary that DAG-author code must never run in the Scheduler/API Server. Reported by Apache with a fix in 3.3.0, it currently has no public exploit identified and a low EPSS of 0.69% (48th percentile), and it is not listed in CISA KEV. The practical severity depends heavily on how much a deployment trusts its DAG authors, since exploitation requires the ability to submit a DAG.
Heap memory corruption in GIMP's PSD (Photoshop) file parser allows a malicious .psd image to overflow an integer in read_RLE_channel(), producing an undersized heap allocation for the RLE row-length table that is then overwritten row-by-row, potentially yielding denial of service or arbitrary code execution. The flaw affects GIMP as shipped across Red Hat Enterprise Linux 6 through 9 and is triggered when a victim opens or imports a crafted PSD file. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Remote code execution in the WPFunnels (Funnel Builder for WooCommerce) WordPress plugin versions up to and including 3.12.7 lets attackers write attacker-controlled 'postData' into a PHP-includeable .log file that wpfnl_show_log later renders with include_once, yielding server-side code execution. The initial injection is fully unauthenticated because the nonce guarding the optin endpoint is publicly emitted on every funnel step page, though execution only fires once an administrator opens the poisoned log via the Log Settings View while the 'Enable Logs' toggle is active. There is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV, but the pre-auth injection combined with a maximal 9.8 CVSS score makes it a high-priority patch for any exposed WooCommerce funnel deployment.
Unauthenticated mass assignment in FOSSBilling's client self-registration endpoint (all versions prior to 0.8.0) allows any visitor to inject an arbitrary client group identifier during signup, bypassing group-based access controls on promotional codes. Attackers who successfully place themselves into a privileged group can redeem group-restricted discount codes and receive unauthorized price reductions. No public exploit or active exploitation has been identified; the CVSS 4.0 score of 6.9 reflects a limited, integrity-only impact with no confidentiality or availability consequence, and the erroneous 'RCE' source tag should be disregarded as inconsistent with the description and impact metrics.
Authenticated remote code execution in FOSSBilling 0.6.10 through 0.7.2 lets an admin-privileged user inject arbitrary PHP into config.php via the Config::prettyPrintArrayToPHP() method, which fails to escape single quotes in string configuration values. Because config.php is pulled in through a bare include on every HTTP request, injected code runs persistently on all subsequent requests. No public exploit identified at time of analysis, and the flaw is not listed in CISA KEV; the CVSS 4.0 base score is 8.9, elevated by the persistent, server-wide impact once an admin account is abused.
Session token leakage in Coder's CLI (github.com/coder/coder v2) lets a malicious template author steal a user's session token when the victim runs `coder open app`. The `coder open app` command opens external workspace-app URLs without scheme/host validation and substitutes the `$SESSION_TOKEN` placeholder with the user's real token before passing the URL to the OS open handler, so a workspace-controlled URL like `https://attacker.example/?t=$SESSION_TOKEN` exfiltrates the token and enables full account impersonation for its lifetime; the same path can invoke arbitrary local URI-scheme handlers. No public exploit identified at time of analysis, and it is not listed in CISA KEV.
Denial of service in Coder's coderd server allows any authenticated user with file-upload access to exhaust server memory by uploading a crafted zip bomb via POST /api/v2/files, crashing the service before RBAC checks execute. Affected versions span all supported release lines prior to v2.34.2, v2.33.8, v2.32.7, and v2.29.17 (ESR). No public exploit has been identified at time of analysis; the impact is strictly an availability loss - the advisory explicitly confirms no data disclosure or code execution is possible, contradicting the 'RCE' tag present in the intelligence feed.
SSH configuration injection leading to arbitrary code execution in Coder's `coder config-ssh` CLI command allows a malicious or compromised Coder server to write attacker-controlled directives into a developer's `~/.ssh/config`. The command copied server-supplied `HostnameSuffix` and `SSHConfigOptions` values verbatim without stripping newlines, letting an attacker in control of those values inject a directive such as `ProxyCommand` that runs on every SSH connection from the workstation. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; the issue was found and disclosed by Anthropic's Security Team and is fixed across all supported release lines.
Remote command injection in Coolify (self-hosted PaaS) before 4.0.0-beta.469 lets an authenticated user with application write permissions inject OS commands through deployment-handling fields such as dockerfile_location, achieving arbitrary code execution on the deployment host and exfiltrating secrets via deployment logs. The flaw scores CVSS 9.9 because command injection breaks out of the application context to compromise the underlying server (scope change), exposing environment variables and other applications' secrets. No public exploit has been identified at time of analysis, but the fix is available in tagged release v4.0.0-beta.469.
Remote code execution in the Langroid Python LLM-agent framework allows an attacker who can influence LLM prompts to escape the intended sandbox and run arbitrary OS commands on the host. The flaw affects TableChatAgent.pandas_eval() and the VectorStore base class, which pass LLM-generated expressions to Python's eval() with an empty locals dict but an unscrubbed globals dict, leaving __builtins__ implicitly available. A full working proof-of-concept is included in the advisory (publicly available exploit code exists); CVSS is scored 10.0 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H), though real-world exploitation is gated on the non-default full_eval=True setting.
Unauthenticated SSRF in Dragonfly's scheduler v1 gRPC service allows any remote client to force the scheduler to issue HTTP GET requests to arbitrary internal addresses, including loopback (127.0.0.1), cloud metadata endpoints (169.254.0.0/16), and RFC1918 ranges. The scheduler's `DownloadTinyFile()` function constructs HTTP requests from attacker-controlled `PeerHost.Ip` and `PeerHost.DownPort` gRPC fields with no destination address validation, and stores up to 128 bytes of each fetched response in `Task.DirectPiece`, which is subsequently served to other peers. The input tag of 'RCE' in the source intelligence is incorrect - this is a read-SSRF with a limited exfiltration path, not remote code execution. A fully confirmed proof-of-concept exists against v2.4.4-rc.2; no patched release version has been identified at time of analysis.
Arbitrary file write in Crawl4AI (the open-source LLM-friendly web crawler by unclecode) before version 0.9.0 lets a malicious website or download control where crawled files land on disk, and because the file contents are also attacker-controlled this escalates to remote code execution. Both the HTTP crawler path (trusting the response Content-Disposition filename) and the browser crawler path (trusting the download's suggested filename) are affected. CVSS is 9.6 (Critical); no public exploit is identified at time of analysis and it is not listed in CISA KEV, but a fix commit and GHSA advisory are published.
Server-side template injection in Formie, a forms plugin for Craft CMS 5 (verbb/formie 3.0.0-beta.1 through 3.1.26), allows unauthenticated attackers to inject Twig syntax through request-controlled inputs that Hidden fields use as dynamic default values. When a public form contains a Hidden field seeded from the User Agent, Referer, Current URL, a query parameter, or a cookie, the attacker-supplied value reaches Craft's Twig rendering layer and is evaluated server-side, potentially yielding information disclosure, application-state modification, or remote code execution. No public exploit identified at time of analysis, though the flaw is tagged RCE/SSTI and rated CVSS 9.8.
Privilege escalation in the Plesk web hosting control panel lets an authenticated low-privileged user abuse an improper authorization flaw in the XML API to inject arbitrary configuration directives, achieving arbitrary file write as root and full compromise of the underlying server. Rated CVSS 9.9 with a scope change, this turns any valid panel account into root on the host; no public exploit identified at time of analysis and it is not listed in CISA KEV.
Remote code execution in Adobe ColdFusion 2025.9, 2023.20 and all earlier releases lets an unauthenticated network attacker run arbitrary code in the context of the current user via improper input validation (CWE-20), with no user interaction and a scope change to other components. Adobe rates this maximum severity (CVSS 10.0) and self-reported it; there is no public exploit identified at time of analysis and it is not yet listed in CISA KEV. Given ColdFusion's long history of mass-exploited RCE flaws, patching should be treated as urgent despite the current absence of a public PoC.
Untrusted Java deserialization in Apache OpenNLP's SvmDoccatModel (libsvm document categorization module, versions 3.0.0-M1 through before 3.0.0-M4) lets an attacker who supplies a crafted serialized stream to the public static SvmDoccatModel.deserialize(InputStream) trigger deserialization of an arbitrary object graph before the SvmDoccatModel cast occurs. Where a usable gadget chain exists on the consuming application's classpath, this yields remote code execution in the loading JVM; OpenNLP ships no gadget itself, so realistic risk falls on downstream apps that embed the module alongside vulnerable transitive dependencies. No public exploit identified at time of analysis and the flaw is not in CISA KEV, though the SSVC assessment marks it automatable with partial technical impact.
Remote code execution in ownCloud 10 (before 10.15.3) lets an authenticated administrator abuse a relative path traversal weakness to write or reference files outside intended directories and execute arbitrary code on the server. The high-privilege requirement (PR:H) and high attack complexity (AC:H) constrain who can trigger it, but successful exploitation yields full compromise with a scope change beyond the application context. No public exploit has been identified at time of analysis and the flaw is not listed in CISA KEV.
Server-side request forgery escalating to remote code execution in the SharePoint for ownCloud app (versions prior to 0.4.1, bundled with ownCloud 10 before 10.15.3) lets an already-authenticated administrator coerce the server into making attacker-controlled requests that ultimately run arbitrary code on the host. The flaw is tagged RCE/SSRF and carries an 8.5 CVSS with a scope change (S:C), reflecting that abuse of the SharePoint integration crosses a trust boundary into the underlying system. No public exploit identified at time of analysis and it is not listed in CISA KEV, so this is a patch-and-move-on issue rather than an active-threat emergency.
Arbitrary code execution in ownCloud Core (ownCloud 10 Classic server, all versions before 10.15.3) allows an administrator to abuse an exposed dangerous method in the Updater component to run code on the server host. Any actor holding administrative credentials - legitimately, or via session hijack/credential theft/CSRF against an admin - can convert web-app admin rights into full server compromise. No public exploit identified at time of analysis and it is not listed in CISA KEV; the vendor-issued GHSA-hvcx-ph66-mmvw advisory and the fix in 10.15.3 are the primary confirmation.
Stack-based memory corruption in GIMP's PNM image parser lets an attacker execute code or crash the application when a victim opens a malicious PNM/PBM/PGM/PPM file. The flaw is an off-by-one in pnmscanner_gettoken() that writes a null terminator one byte past a stack buffer; it is local and requires the user to open the crafted file (UI:R). No public exploit is identified at time of analysis, and EPSS is low (0.12%), consistent with the CISA SSVC 'Exploitation: none' judgment.
Unauthenticated denial-of-service in elixir-mint's hpax (the HPACK header-compression library for Elixir HTTP/2, versions 0.1.1 through 1.0.3) allows a remote attacker to force superlinear (~O(N²)) CPU consumption by sending a small header block containing an HPACK integer with a long run of continuation octets. Because BEAM integers are arbitrary-precision, the decoder builds an ever-growing bignum with no upper bound, turning a few crafted bytes into a large, attacker-controlled amount of CPU and transient memory - a classic decompression/amplification DoS. No public exploit is identified at time of analysis and it is not in CISA KEV, but a vendor patch (version 1.0.4) is available.
Java object deserialization in the Apache Camel camel-pqc component allows code execution in the key-management application when an attacker who can write to the backing AWS Secrets Manager secret stores a malicious serialized payload. The flaw affects Apache Camel 4.18.0-4.18.2 and 4.19.0-4.20.x, where AwsSecretsManagerKeyLifecycleManager.deserializeMetadata() calls a raw ObjectInputStream.readObject() with no class filter, so gadget side effects fire before the KeyMetadata cast. Rated CVSS 9.8 by Apache, but exploitation genuinely requires IAM write access to the specific secret; there is no public exploit identified at time of analysis and EPSS is low at 0.19% (8th percentile).
Remote code execution via unsafe Java deserialization affects the camel-pqc component of Apache Camel 4.18.0-4.18.2 and 4.19.0-4.20.x. The HashiCorp Vault and AWS Secrets Manager KeyLifecycleManager implementations (and a legacy-migration path in the file-based manager) read post-quantum key metadata back with a raw ObjectInputStream.readObject() lacking any ObjectInputFilter or allow-list, so a principal able to write to the key backend can plant a gadget object that executes during normal key-lifecycle operations. No public exploit has been identified at time of analysis and EPSS is low (0.19%), but SSVC rates technical impact as total; this is an incomplete-remediation follow-on to CVE-2026-40048.
Unauthenticated Camel control-header injection in Apache Camel's camel-cometd component (4.0.0 before 4.14.8, 4.15.0 before 4.18.3, and 4.19.0 before 4.21.0) lets any client that completes a Bayeux/CometD handshake inject internal headers such as CamelHttpUri, CamelFileName or CamelJmsDestinationName into the Camel Exchange, hijacking the behaviour of downstream producers. Because a CometdComponent installs no Bayeux SecurityPolicy by default, no authentication is required (PR:N), and the injected headers survive internal direct/seda/vm hops. Reported by Apache with a fix in 4.21.0; there is no public exploit identified at time of analysis and EPSS is low at 0.19% (9th percentile).
Remote code execution in the Apache Camel camel-hazelcast component allows an attacker who can join or reach the Hazelcast cluster to run arbitrary code on every Camel node. The flaw exists because Camel-created Hazelcast instances apply no Java deserialization filter by default, so crafted serialized objects sent over the cluster protocol are deserialized (ObjectInputStream.readObject) before Camel processes them. It affects Camel 4.0.0-4.14.7, 4.15.0-4.18.2, and 4.19.0-4.20.x whenever a hazelcast consumer or repository uses Camel's own default configuration; there is no public exploit identified at time of analysis and EPSS is low (0.49%, 39th percentile).
Remote code execution in Apache Camel's camel-vertx-http component (4.0.0-4.14.7, 4.15.0-4.18.2, 4.19.0) arises when a producer endpoint deserializes 5xx HTTP response bodies marked application/x-java-serialized-object through a raw java.io.ObjectInputStream with no class filtering. Exploitation is limited to non-default deployments where transferException=true or allowJavaSerializedObject=true is set and throwExceptionOnFailure remains true, letting an attacker who controls or intercepts the backend deliver a malicious serialized object and, given a gadget chain on the classpath, run code on the Camel host. This is a vendor-reported (Apache) issue with a publicly available advisory; there is no public exploit identified at time of analysis and EPSS is low at 0.39% (31st percentile).
Authenticated remote code execution in the FileOrganizer WordPress plugin before 1.2.0 lets users granted file-manager access upload arbitrary PHP files because several file-management operations skip file-type validation. Publicly available exploit code exists, and the flaw is an incomplete fix of CVE-2024-7985, which only hardened the upload operation while leaving other file-management endpoints unvalidated. With CVSS 3.1 base 8.8 (PR:L) and a working PoC, any low-privileged account with file-manager rights - extendable to sub-administrator roles via the premium add-on - can achieve full site compromise.
Authentication bypass in Apache Camel's camel-keycloak component (versions 4.15.0-4.18.2 and 4.19.0-4.20.x) allows any caller presenting a non-null Authorization: Bearer header value - including an arbitrary string or a forged, unsigned JWT - to bypass Keycloak token verification entirely and access routes protected by KeycloakSecurityPolicy. The cryptographic token checks (signature, issuer, expiry) are embedded exclusively inside role and permission validation routines that are never invoked when requiredRoles and requiredPermissions are empty, which is the documented default 'Basic Setup.' Where the protected route connects to a code-execution-capable Camel producer, this authentication bypass can escalate to unauthenticated remote code execution; no public exploit has been identified at time of analysis.