Skip to main content

RCE

31890 CVEs technique

Monthly

CVE-2025-14287 PyPI HIGH PATCH This Week

Command injection vulnerability in MLflow versions before v3.7.0 that allows attackers to execute arbitrary commands by injecting malicious input through the --container parameter when deploying models to SageMaker. The vulnerability affects MLflow installations in development environments, CI/CD pipelines, and cloud deployments, with a CVSS score of 7.5 indicating high severity. No active exploitation or KEV listing is reported, and no EPSS data is available to assess real-world exploitation likelihood.

Command Injection RCE Code Injection Mlflow Mlflow
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-54920 Maven HIGH PATCH This Week

This issue affects Apache Spark: before 3.5.7 and 4.0.1.

Command Injection RCE Deserialization Apache Red Hat
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-32719 MEDIUM This Month

AnythingLLM versions 1.11.1 and earlier contain a Zip Slip path traversal vulnerability in the community plugin import functionality that fails to validate file paths during ZIP extraction. An authenticated attacker with high privileges can craft a malicious ZIP file containing path traversal sequences that, when imported via the community hub, extract files outside the intended directory and achieve arbitrary code execution on the server. While the CVSS score is moderate (4.2) due to high privilege requirements and user interaction, the vulnerability enables code execution and should be addressed promptly.

Path Traversal RCE AI / ML Anything Llm
NVD GitHub
CVSS 3.1
4.2
EPSS
0.0%
CVE-2026-32705 MEDIUM PATCH This Month

PX4 autopilot versions prior to 1.17.0-rc2 contain a stack overflow vulnerability in the BST telemetry probe driver that allows a malicious BST device to trigger a buffer overflow by reporting an oversized dev_name_len parameter without bounds checking. An attacker with physical access to inject a malicious BST device can crash the autopilot task or potentially achieve arbitrary code execution, impacting drone flight safety and control systems. No active KEV exploitation data or public POC is currently documented, but the vulnerability is patched in version 1.17.0-rc2.

RCE Stack Overflow Buffer Overflow Px4 Autopilot
NVD GitHub VulDB
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-32640 PyPI HIGH POC PATCH GHSA This Week

Code injection in SimpleEval when objects with dangerous attrs are passed. PoC available.

Code Injection RCE
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-32635 npm HIGH POC PATCH This Week

A Cross-Site Scripting (XSS) vulnerability in Angular's runtime and compiler allows attackers to bypass built-in sanitization when internationalization (i18n) is enabled on security-sensitive attributes like href, src, and action. The vulnerability affects Angular versions before 19.2.20, 20.3.18, 21.2.4, and 22.0.0-next.3, enabling attackers with low privileges to execute arbitrary JavaScript in users' browsers for session hijacking, data theft, and unauthorized actions. With a CVSS score of 8.6 and no current evidence of active exploitation or public POCs, this represents a serious but not yet weaponized threat to Angular applications using i18n features with user-controlled data.

XSS RCE
NVD GitHub HeroDevs VulDB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2025-15060 CRITICAL Act Now

Command injection RCE in claude-hovercraft tool. EPSS 1.3%.

Command Injection RCE AI / ML Claude Hovercraft
NVD
CVSS 3.0
9.8
EPSS
1.3%
CVE-2026-3084 HIGH PATCH This Week

CVE-2026-3084 is an integer underflow vulnerability in GStreamer's H.266 codec parser that allows remote code execution when processing malicious media files. The vulnerability affects all versions of GStreamer (CPE indicates wildcard versioning) and can be exploited through user interaction with specially crafted H.266 video content, allowing attackers to execute arbitrary code in the context of the application. No active exploitation (not in KEV) or public POC has been reported, and the relatively high CVSS score (7.8) is tempered by the local attack vector and user interaction requirement.

RCE Integer Overflow Gstreamer
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-2921 HIGH PATCH This Week

CVE-2026-2921 is an integer overflow vulnerability in GStreamer's RIFF palette handling for AVI files that allows remote code execution with a CVSS score of 7.8. The vulnerability affects all versions of GStreamer (based on CPE wildcard) and requires user interaction to exploit, such as opening a malicious AVI file. No evidence of active exploitation (not in KEV), no public POC mentioned, and EPSS data not provided.

RCE Integer Overflow Gstreamer
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-3083 HIGH PATCH This Week

Critical out-of-bounds write vulnerability in GStreamer's rtpqdm2depay component that allows remote code execution when processing malformed X-QDM RTP payloads. The vulnerability affects all versions of GStreamer (CPE shows wildcard versioning) and requires user interaction, though attack vectors vary by implementation. With a CVSS score of 8.8 and active patch available, this represents a significant risk for applications using GStreamer for media processing.

Buffer Overflow RCE Gstreamer
NVD VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2026-3086 HIGH PATCH This Week

CVE-2026-3086 is an out-of-bounds write vulnerability in GStreamer's H.266 codec parser that allows remote code execution when processing malformed APS (Adaptation Parameter Set) units. The vulnerability affects all versions of GStreamer (CPE shows wildcard versioning) and requires user interaction to exploit, such as processing a malicious H.266 video file. No evidence of active exploitation (not in KEV), no public POC, and no EPSS score available yet.

Buffer Overflow RCE Memory Corruption Gstreamer
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-3085 HIGH PATCH This Week

Heap-based buffer overflow vulnerability in GStreamer's rtpqdm2depay component that allows remote attackers to execute arbitrary code when processing malformed X-QDM RTP payloads. The vulnerability affects all versions of GStreamer (CPE indicates no version restrictions) and requires user interaction to exploit, though attack vectors may vary based on implementation. No active exploitation is known (not in KEV), and no EPSS score is available to assess real-world exploitation probability.

Buffer Overflow RCE Heap Overflow Gstreamer
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2026-3082 HIGH PATCH This Week

Heap-based buffer overflow vulnerability in the GStreamer multimedia framework's JPEG parser that allows remote code execution when processing malicious Huffman tables. The vulnerability affects all versions of GStreamer (CPE shows wildcard versioning) and requires user interaction to exploit, with a CVSS score of 7.8. No active exploitation in the wild has been reported (not in KEV), and no EPSS data is available.

Buffer Overflow RCE Heap Overflow Gstreamer
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-3081 HIGH PATCH This Week

Stack-based buffer overflow in GStreamer's H.266 codec parser that allows remote code execution when processing malicious video files. The vulnerability affects all versions of GStreamer (CPE shows wildcard versioning) and requires user interaction to trigger, such as opening a malicious media file. No active exploitation (not in KEV) or public PoC has been reported, with EPSS data unavailable.

Buffer Overflow RCE Stack Overflow Gstreamer
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-2923 HIGH PATCH This Week

CVE-2026-2923 is an out-of-bounds write vulnerability in GStreamer's DVB Subtitles handling that allows remote code execution when processing malformed subtitle coordinates. This vulnerability affects all versions of GStreamer (CPE indicates no version restrictions) and requires user interaction to exploit, though attack vectors may vary by implementation. No evidence of active exploitation (not in KEV), no public POC available, and no EPSS data provided.

Buffer Overflow RCE Memory Corruption Gstreamer
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-2922 HIGH PATCH This Week

Critical remote code execution vulnerability in GStreamer's RealMedia demuxer component, allowing attackers to execute arbitrary code via malformed video packets that trigger an out-of-bounds write. The vulnerability affects all versions of GStreamer (CPE indicates wildcard versioning) and requires user interaction to process malicious media files. While no active exploitation is reported (not in KEV), the availability of a vendor patch and ZDI advisory suggests this vulnerability has been responsibly disclosed and addressed.

Buffer Overflow RCE Memory Corruption Gstreamer
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-2920 HIGH PATCH This Week

Heap-based buffer overflow vulnerability in GStreamer's ASF Demuxer component that allows remote attackers to execute arbitrary code when processing malicious ASF media files. The vulnerability requires user interaction (opening/processing a malicious file) and affects all versions of GStreamer based on the CPE data. No evidence of active exploitation (not in KEV) or public proof-of-concept exists, though Zero Day Initiative tracked it as ZDI-CAN-28843.

Buffer Overflow RCE Heap Overflow Gstreamer
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-3838 HIGH This Week

Critical path traversal vulnerability in Unraid's update.php file that allows authenticated remote attackers to execute arbitrary code as root. The vulnerability affects all versions of Unraid (per CPE data) and was discovered by Zero Day Initiative (ZDI-CAN-28951). With a CVSS score of 8.8 and requiring only low privileges, this represents a severe risk for Unraid installations.

PHP Path Traversal RCE Unraid
NVD VulDB
CVSS 3.0
8.8
EPSS
1.6%
CVE-2026-3562 HIGH This Week

CVE-2026-3562 is an authentication bypass vulnerability in Philips Hue Bridge's HAP (HomeKit Accessory Protocol) implementation, specifically within the ed25519_sign_open function that fails to properly verify Ed25519 cryptographic signatures. Network-adjacent attackers can exploit this flaw without authentication to execute arbitrary code on affected Hue Bridge installations. The CVSS score of 6.3 reflects moderate severity with local network access requirements, though the authentication bypass nature elevates real-world risk for smart home environments.

Authentication Bypass RCE Jwt Attack
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-3561 HIGH This Week

Heap-based buffer overflow vulnerability in Philips Hue Bridge devices that allows network-adjacent attackers to execute arbitrary code through malformed PUT requests to the HomeKit Accessory Protocol (HAP) characteristics endpoint. While authentication is normally required, the advisory notes the authentication mechanism can be bypassed, effectively allowing unauthenticated remote code execution. No EPSS score or KEV listing is available, suggesting this is not currently being exploited in the wild.

Buffer Overflow RCE Heap Overflow Hue Bridge
NVD
CVSS 3.0
8.0
EPSS
0.1%
CVE-2026-3560 HIGH This Week

Heap-based buffer overflow vulnerability in Philips Hue Bridge's HomeKit implementation that allows unauthenticated network-adjacent attackers to execute arbitrary code. The vulnerability affects all versions of Philips Hue Bridge (CPE indicates no version restrictions) through the hk_hap_pair_storage_put function on TCP port 8080. No EPSS data or KEV listing is available, and while ZDI has published an advisory, no public POC or active exploitation has been reported.

Buffer Overflow RCE Heap Overflow Hue Bridge
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2026-3557 HIGH This Week

Heap-based buffer overflow vulnerability in Philips Hue Bridge devices that allows network-adjacent attackers with authentication (which can be bypassed) to achieve remote code execution as root. The vulnerability affects the HomeKit Accessory Protocol (HAP) implementation on TCP port 8080 and has a high CVSS score of 8.0, though no active exploitation or public PoC has been reported.

Buffer Overflow RCE Heap Overflow Hue Bridge
NVD
CVSS 3.0
8.0
EPSS
0.1%
CVE-2026-3556 HIGH This Week

Critical heap-based buffer overflow vulnerability in Philips Hue Bridge's HomeKit implementation that allows network-adjacent attackers to execute arbitrary code without authentication. The vulnerability affects all versions of Philips Hue Bridge (CPE indicates no version restriction) and stems from improper input validation in the hk_hap_pair_storage_put function. No active exploitation (not in KEV) or EPSS score is reported, but the high CVSS score (8.8) and RCE capability make this a significant threat for local network attackers.

Buffer Overflow RCE Heap Overflow Hue Bridge
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2026-3555 HIGH This Week

Heap-based buffer overflow vulnerability in the Philips Hue Bridge's Zigbee stack that allows network-adjacent attackers to execute arbitrary code when users initiate device pairing. The vulnerability affects all versions of Philips Hue Bridge and has a CVSS score of 8.0, requiring physical proximity and user interaction to exploit. No EPSS data or KEV listing is available, suggesting this is not actively exploited in the wild.

Buffer Overflow RCE Heap Overflow Hue Bridge
NVD
CVSS 3.0
8.0
EPSS
0.1%
CVE-2026-32626 CRITICAL Act Now

XSS in AnythingLLM 1.11.1 and earlier.

XSS RCE AI / ML Anything Llm
NVD GitHub
CVSS 3.1
9.6
EPSS
0.2%
CVE-2026-3910 HIGH POC KEV PATCH THREAT Act Now

Chrome's V8 JavaScript engine contains an inappropriate implementation (CVE-2026-3910, CVSS 8.8) that allows remote attackers to execute arbitrary code within the browser sandbox via crafted HTML pages. KEV-listed with public PoC, this V8 vulnerability affects all Chromium-based browsers and enables drive-by exploitation through any web page containing malicious JavaScript.

Google RCE Buffer Overflow Chrome Red Hat +1
NVD VulDB GitHub
CVSS 3.1
8.8
EPSS
0.1%
Threat
4.8
CVE-2026-32306 npm CRITICAL PATCH Act Now

SQL injection in OneUptime telemetry API before 10.0.23.

RCE SQLi Oneuptime
NVD GitHub VulDB
CVSS 3.1
9.9
EPSS
0.2%
CVE-2026-25823 CRITICAL Act Now

Stack overflow in HMS Networks Ewon Flexy/Cosy+ firmware.

RCE Buffer Overflow Denial Of Service Stack Overflow
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-25817 HIGH This Week

HMS Networks' industrial IoT gateways (Ewon Flexy and Cosy+) contain a command injection vulnerability that allows authenticated attackers to execute arbitrary OS commands remotely. This affects Flexy devices before firmware 15.0s4 and Cosy+ devices before 22.1s6 (22.x branch) or 23.0s3 (23.x branch). With a CVSS score of 8.8 but low EPSS of 0.06%, this vulnerability requires valid credentials but enables full system compromise.

RCE Command Injection Code Injection
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-31864 MEDIUM PATCH This Month

JumpServer contains a Server-Side Template Injection (SSTI) vulnerability in its Applet and VirtualApp upload functionality that allows authenticated administrators to execute arbitrary code within the JumpServer Core container. The vulnerability affects JumpServer versions vulnerable to unsafe Jinja2 template rendering of user-uploaded YAML manifest files. While requiring high privilege level (Application Applet Management or Virtual Application Management permissions), successful exploitation results in complete container compromise with high confidentiality, integrity, and availability impact.

Ssti RCE Jumpserver
NVD GitHub VulDB
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-1668 HIGH PATCH This Week

Unauthenticated attackers can trigger out-of-bounds memory access in the web interface of multiple Omada switches through improper input validation, potentially achieving remote code execution or causing denial-of-service. Affected products include Sg2005p PD 1.x, Sg2008 4.2x/4.3x, and Sg2008p 3.2x/3.3x, which require only network access to the vulnerable interface. A patch is available to address this high-severity vulnerability (CVSS 7.7).

Buffer Overflow Information Disclosure RCE Sg2008P 3 2X Sg2008P 3 3X +60
NVD VulDB
CVSS 4.0
7.7
EPSS
0.1%
CVE-2026-32304 npm CRITICAL POC PATCH Act Now

create_function() sandbox bypass via unsanitized args passed to Function constructor. PoC available.

Node.js RCE PHP Code Injection
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-26954 npm CRITICAL PATCH Act Now

SandboxJS sandbox escape before 0.8.34 via Function access through arrays. CVSS 10.0.

RCE Code Injection Sandboxjs
NVD GitHub VulDB
CVSS 3.1
10.0
EPSS
0.0%
CVE-2026-4092 npm HIGH POC PATCH This Week

Remote code execution in Clasp versions below 3.2.0 allows unauthenticated attackers to execute arbitrary code by uploading Google Apps Script projects with specially crafted filenames that exploit path traversal weaknesses. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires minimal user interaction and affects Google's Clasp tooling across all configurations.

Path Traversal RCE Google
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.0%
CVE-2026-0956 HIGH This Week

Memory corruption vulnerability in all versions of Digilent DASYLab data acquisition software that occurs when processing maliciously crafted files, potentially allowing attackers to leak sensitive information or execute arbitrary code. The vulnerability requires user interaction (opening a malicious file) and has a CVSS score of 7.8, with no current evidence of active exploitation or public proof-of-concept code.

Buffer Overflow Information Disclosure RCE Dasylab
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-0955 HIGH This Week

Memory corruption vulnerability in all versions of Digilent DASYLab software that allows attackers to achieve information disclosure or arbitrary code execution through specially crafted files. The vulnerability requires user interaction (opening a malicious file) and has a CVSS score of 7.8, with no current evidence of active exploitation (not in KEV) or public proof-of-concept code.

Buffer Overflow Information Disclosure RCE Dasylab
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-0957 HIGH This Week

Memory corruption vulnerability in all versions of Digilent DASYLab that allows attackers to execute arbitrary code or steal information by tricking users into opening malicious files. The vulnerability has a CVSS score of 7.8 (High) and requires user interaction, with no evidence of active exploitation (not in KEV) or publicly available proof-of-concept code.

Buffer Overflow Information Disclosure RCE Memory Corruption Dasylab
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-0954 HIGH This Week

Memory corruption vulnerability in all versions of Digilent DASYLab data acquisition software that allows attackers to achieve arbitrary code execution or information disclosure by tricking users into opening malicious .DSB files. With a CVSS score of 7.8 and requiring only user interaction, this out-of-bounds write vulnerability poses significant risk, though no active exploitation or public POCs have been reported.

Buffer Overflow Information Disclosure RCE Memory Corruption Dasylab
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-32414 HIGH This Week

A code injection vulnerability in ILLID Advanced Woo Labels WordPress plugin (versions up to 2.36) allows authenticated administrators to execute arbitrary code through improper input validation, potentially leading to full site compromise. The vulnerability requires high privileges to exploit (CVSS 7.2), has no known active exploitation in the wild (not in CISA KEV), and carries a very low EPSS score of 0.00043 (0.043%), indicating minimal real-world exploitation likelihood despite the high CVSS score.

Code Injection RCE Advanced Woo Labels
NVD VulDB
CVSS 3.1
7.2
EPSS
0.0%
CVE-2026-32367 CRITICAL Act Now

RCE via code injection in Modal Dialog WordPress plugin.

Code Injection RCE Modal Dialog
NVD
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-3891 CRITICAL POC Act Now

Arbitrary file upload in Pix for WooCommerce WordPress plugin.

File Upload RCE WordPress
NVD VulDB GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-22191 MEDIUM PATCH This Month

Medium severity vulnerability in wpDiscuz (WordPress plugin). wpDiscuz before 7.6.47 contains a shortcode injection vulnerability that allows attackers to execute arbitrary shortcodes by including them in comment content sent via email notifications. Attackers can inject shortcodes like [contact-form-7] or [user_meta] in comments, which are executed server-side when the WpdiscuzHelperEmail class processes notifications through do_shortcode() before wp_mai...

Code Injection RCE Wpdiscuz
NVD VulDB GitHub
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-70245 CRITICAL Act Now

D-Link DIR-513 router (v1.10) has a stack buffer overflow in the curTime parameter of formSetWizardSelectMode. This is an end-of-life router with no expected patch, meaning exploitation will remain possible indefinitely.

Buffer Overflow D-Link RCE Dir 513 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-32140 HIGH This Week

Remote code execution in Dataease prior to version 2.10.20 allows authenticated attackers to execute arbitrary code by manipulating the IniFile parameter to load malicious JDBC configuration files through the Redshift driver. An attacker with valid credentials can exploit the aggressive configuration file discovery mechanism to inject dangerous JDBC properties and gain complete system compromise. No patch is currently available, leaving affected deployments vulnerable to this high-severity attack vector.

RCE Path Traversal Dataease
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.5%
CVE-2026-21708 CRITICAL Act Now

Veeam Backup & Replication allows a user with the Backup Viewer role (read-only) to escalate to remote code execution as the postgres database user. A read-only role achieving RCE represents a severe privilege escalation with scope change.

PostgreSQL RCE SQLi
NVD VulDB
CVSS 3.1
9.9
EPSS
0.5%
CVE-2026-21671 CRITICAL Act Now

Veeam Backup & Replication allows Backup Administrators to achieve RCE in high-availability deployments. While requiring admin-level access, the scope change to the HA infrastructure makes this critical for organizations running Veeam in HA mode.

RCE Code Injection Veeam Backup Replication
NVD VulDB
CVSS 3.1
9.1
EPSS
0.2%
CVE-2026-21669 CRITICAL Act Now

Yet another Veeam Backup & Replication RCE vulnerability allowing authenticated domain users to execute code on the Backup Server with scope change (CVSS 9.9). Part of a cluster of related Veeam vulnerabilities disclosed together.

RCE Code Injection Veeam Backup Replication
NVD VulDB
CVSS 3.1
9.9
EPSS
0.2%
CVE-2026-21667 CRITICAL Act Now

A second RCE vulnerability in Veeam Backup & Replication allows any authenticated domain user to execute code on the Backup Server with scope change. Same impact as CVE-2026-21666 but through a different attack vector.

RCE Authentication Bypass Veeam Backup Replication
NVD VulDB
CVSS 3.1
9.9
EPSS
0.4%
CVE-2026-21666 CRITICAL Act Now

Veeam Backup & Replication allows an authenticated domain user to achieve remote code execution on the Backup Server. With a scope change to CVSS 9.9, a compromised domain account can fully take over the backup infrastructure.

RCE Authentication Bypass Veeam Backup Replication
NVD VulDB
CVSS 3.1
9.9
EPSS
0.4%
CVE-2026-3060 PyPI CRITICAL PATCH GHSA Act Now

SGLang's encoder parallel disaggregation system is vulnerable to unauthenticated RCE through pickle deserialization in the disaggregation module's inter-process communication. Same class of vulnerability as CVE-2026-3059 in a different code path.

RCE Deserialization Sglang
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2026-3059 PyPI CRITICAL PATCH GHSA Act Now

SGLang's multimodal generation module deserializes untrusted data with pickle.loads() over an unauthenticated ZMQ broker, enabling remote code execution. Any attacker who can reach the ZMQ port can execute arbitrary Python code on the ML inference server.

RCE Deserialization Sglang
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2025-15037 Monitor

An Incorrect Permission Assignment vulnerability exists in the ASUS Business System Control Interface driver.

Linux RCE Information Disclosure
NVD VulDB
EPSS
0.0%
CVE-2026-2368 HIGH This Week

Lenovo Filez fails to properly validate SSL/TLS certificates, enabling network-positioned attackers to intercept traffic and execute arbitrary code on affected systems. An attacker with the ability to perform man-in-the-middle attacks can exploit this weakness to compromise user devices without authentication. No patch is currently available to remediate this vulnerability.

Authentication Bypass RCE
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2019-25480 HIGH POC This Week

ARMBot contains an unrestricted file upload vulnerability in upload.php that allows unauthenticated attackers to upload arbitrary files by manipulating the file parameter with path traversal sequences. [CVSS 7.5 HIGH]

PHP RCE Path Traversal File Upload
NVD Exploit-DB VulDB
CVSS 4.0
8.7
EPSS
0.1%
CVE-2019-25468 CRITICAL POC Act Now

RCE in NetGain EM Plus 10.1.68. PoC available.

RCE Code Injection
NVD Exploit-DB VulDB
CVSS 4.0
9.3
EPSS
0.2%
CVE-2019-25467 HIGH POC This Week

Verypdf docPrint Pro 8.0 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized alphanumeric encoded payload in the User Password or Master Password fields. [CVSS 8.4 HIGH]

Buffer Overflow Memory Corruption RCE
NVD Exploit-DB VulDB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2019-25466 HIGH POC This Week

Easy File Sharing Web Server 7.2 contains a local structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by creating a malicious username. [CVSS 8.4 HIGH]

Buffer Overflow Memory Corruption RCE
NVD Exploit-DB VulDB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2026-31861 npm HIGH PATCH This Week

Arbitrary OS command execution in Cloud CLI versions prior to 1.24.0 allows authenticated users to inject malicious commands through improperly sanitized git configuration parameters passed to shell execution functions. The /api/user/git-config endpoint fails to properly escape bash metacharacters like backticks and $() substitutions, enabling attackers to execute arbitrary operating system commands with application privileges. No patch is currently available for affected deployments.

RCE Code Injection Cloud Cli
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-31857 PHP HIGH PATCH This Week

Remote code execution in Craft CMS 5 allows authenticated Control Panel users with basic access (including non-admin roles like Author or Editor) to execute arbitrary code by injecting malicious Twig templates through condition rule parameters. The vulnerability exploits an unsandboxed template rendering function that bypasses all security hardening settings, affecting versions prior to 5.9.9 and 4.17.4. No patch is currently available for this HIGH severity vulnerability.

RCE Code Injection Craft Cms
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-31852 CRITICAL Act Now

Arbitrary code execution in Jellyfin iOS GitHub Actions workflow. CVSS 10.0.

Privilege Escalation RCE Apple iOS
NVD GitHub VulDB
CVSS 3.1
10.0
EPSS
0.1%
CVE-2025-70082 CRITICAL Act Now

Critical vulnerability in Lantronix EDS serial device server (EDS5000/EDS3000PS). Multiple injection and auth bypass vulnerabilities in the management interface.

Command Injection RCE Eds3016Ps1Ns Firmware Eds3008Ps1Ns Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-67038 CRITICAL POC KEV THREAT Emergency

Critical vulnerability in Lantronix EDS serial device server (EDS5000/EDS3000PS). Multiple injection and auth bypass vulnerabilities in the management interface.

Code Injection RCE Eds5032 Firmware Eds5008 Firmware Eds5016 Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
Threat
5.0
CVE-2025-67037 HIGH This Week

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS commands into the "tunnel" parameter when killing a tunnel connection. [CVSS 8.8 HIGH]

Code Injection RCE Eds5032 Firmware Eds5008 Firmware Eds5016 Firmware
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-67036 HIGH This Week

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The Log Info page allows users to see log files by specifying their names. [CVSS 8.8 HIGH]

Code Injection RCE Eds5032 Firmware Eds5008 Firmware Eds5016 Firmware
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-67035 CRITICAL Act Now

Critical vulnerability in Lantronix EDS serial device server (EDS5000/EDS3000PS). Multiple injection and auth bypass vulnerabilities in the management interface.

Code Injection RCE Eds5032 Firmware Eds5008 Firmware Eds5016 Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-67034 HIGH This Week

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS commands into the "name" parameter when deleting SSL credentials through the management interface. [CVSS 8.8 HIGH]

Code Injection RCE Eds5032 Firmware Eds5008 Firmware Eds5016 Firmware
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-30741 CRITICAL Act Now

RCE in OpenClaw Agent Platform v2026.2.6 via prompt injection.

RCE Code Injection Openclaw
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-1992 HIGH This Week

Arbitrary plugin installation and remote code execution in ExactMetrics WordPress plugin versions 8.6.0-9.0.2 allows authenticated users with report-viewing permissions to bypass administrative capability checks via parameter manipulation. An attacker can exploit an Insecure Direct Object Reference in the onboarding process to install malicious plugins and execute arbitrary code on vulnerable WordPress installations. This vulnerability requires the site administrator to have previously granted non-admin users report access permissions.

WordPress RCE Authentication Bypass Google
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-3826 CRITICAL Act Now

LFI to RCE in IFTOP by WellChoose.

LFI PHP RCE Organization Portal System
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-20892 HIGH This Week

Code injection in MitsubishiChemical network devices MR-GM5L-S1 and MR-GM5A-L1 allows authenticated administrators to execute arbitrary commands via crafted inputs. While requiring high-privilege access (CVSS:4.0 PR:H), successful exploitation achieves complete system compromise with high confidentiality, integrity, and availability impact. EPSS score of 0.05% (16th percentile) indicates low probability of mass exploitation. No active exploitation or public proof-of-concept identified at time of analysis, though JPCERT/CC coordination suggests vendor awareness and patch availability.

Code Injection RCE
NVD
CVSS 4.0
8.6
EPSS
0.1%
CVE-2025-13067 HIGH This Week

Royal Addons for Elementor (WordPress plugin) versions up to 1.7.1049. is affected by unrestricted upload of file with dangerous type (CVSS 8.8).

WordPress PHP RCE File Upload
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-23816 HIGH This Week

Authenticated attackers can execute arbitrary OS commands on AOS-CX Switches through improper input validation in the CLI, potentially compromising network infrastructure. This command injection flaw (CWE-78) affects high-privileged users with network access and carries a CVSS score of 7.2, with no patch currently available.

Command Injection RCE
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2026-0122 HIGH This Week

Unauthenticated local attackers can achieve remote code execution on Android devices through out-of-bounds memory writes that corrupt process memory. This vulnerability requires no user interaction or elevated privileges to exploit and has a CVSS score of 8.4. No patch is currently available.

RCE Memory Corruption Android Google
NVD VulDB
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-0120 CRITICAL Act Now

Modem has a fifth OOB write enabling remote privilege escalation.

RCE Android Google
NVD VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-0116 CRITICAL Act Now

Samsung/Google MFC driver has an OOB write in mfc_core_isr.c enabling kernel-level privilege escalation on Android devices.

RCE Android Google
NVD VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-0114 CRITICAL Act Now

Modem has a fourth OOB write due to incorrect bounds check.

RCE Android Google
NVD VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-2713 HIGH This Week

IBM Trusteer Rapport 3.5.2309.290 contains an insecure DLL search path vulnerability that allows local attackers to execute arbitrary code by planting a malicious file in a compromised directory. The attack requires local system access but no user interaction or elevated privileges, making it exploitable by any local user. No patch is currently available for this high-severity vulnerability.

IBM RCE
NVD VulDB
CVSS 3.1
7.4
EPSS
0.0%
CVE-2026-28495 CRITICAL POC Act Now

GetSimple CMS massiveAdmin plugin has a CSRF vulnerability enabling attackers to perform admin actions through crafted malicious pages.

PHP RCE CSRF Getsimple Cms
NVD GitHub VulDB
CVSS 3.1
9.6
EPSS
0.1%
CVE-2026-27825 PyPI CRITICAL PATCH Act Now

MCP Atlassian server has a path traversal vulnerability enabling unauthorized access to Confluence and Jira data outside the intended scope.

Atlassian Path Traversal RCE
NVD GitHub VulDB
CVSS 3.1
9.0
EPSS
0.0%
CVE-2026-28292 npm CRITICAL POC PATCH GHSA Act Now

simple-git Node.js library has a command injection vulnerability (EPSS with patch) enabling RCE when processing untrusted git operations.

Node.js RCE Command Injection Simple Git
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-27280 HIGH This Week

Arbitrary code execution in DNG SDK 1.7.1 2471 and earlier via an out-of-bounds write vulnerability that executes with user privileges when a victim opens a malicious file. The vulnerability requires user interaction but no special privileges, making it exploitable through social engineering with crafted documents. No patch is currently available for affected DNG Software Development Kit users.

Buffer Overflow RCE Dng Software Development Kit
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-27279 HIGH This Week

Arbitrary code execution in Substance 3D Stager 3.1.7 and earlier through an out-of-bounds write vulnerability triggered when users open malicious files. An attacker can execute code with the privileges of the affected user, requiring only social engineering to deliver the malicious file. No patch is currently available for this high-severity vulnerability.

Buffer Overflow RCE Substance 3d Stager
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-27275 HIGH This Week

Arbitrary code execution in Substance 3D Stager 3.1.7 and earlier through an out-of-bounds write vulnerability triggered by opening a malicious file. An attacker can achieve code execution with user privileges by crafting a weaponized file and socially engineering a victim into opening it. No patch is currently available for this high-severity vulnerability.

Buffer Overflow RCE Substance 3d Stager
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-27274 HIGH This Week

Arbitrary code execution in Adobe Substance 3D Stager 3.1.7 and earlier through an out-of-bounds write vulnerability that executes with user privileges when a victim opens a crafted file. The vulnerability requires user interaction but no special permissions, making it a practical attack vector for local exploitation. No patch is currently available.

Buffer Overflow RCE Substance 3d Stager
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-27273 HIGH This Week

Arbitrary code execution in Substance 3D Stager 3.1.7 and earlier through an out-of-bounds write vulnerability triggered by opening a malicious file. Users running affected versions face code execution at their privilege level with no available patch. This requires social engineering to trick users into opening a crafted file.

Buffer Overflow RCE Substance 3d Stager
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-3854 HIGH POC This Week

Remote code execution in GitHub Enterprise Server allows authenticated users with repository push access to execute arbitrary code via unsanitized push option values that bypass internal header validation. An attacker can inject malicious metadata fields by exploiting insufficient input sanitization in the git push operation handler. This high-severity vulnerability affects GitHub Enterprise Server versions prior to 3.14.24, 3.15.19, 3.16.15, 3.17.12, 3.18.6, and 3.19.3, with no patch currently available for all affected installations.

RCE Command Injection Enterprise Server
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.5%
CVE-2026-3847 HIGH PATCH This Week

Arbitrary code execution in Firefox versions prior to 148.0.2 results from multiple memory corruption flaws in the browser's memory safety implementation. An unauthenticated attacker can exploit these vulnerabilities through a malicious webpage requiring user interaction to achieve remote code execution with full system privileges. No patch is currently available for this vulnerability.

Mozilla Buffer Overflow RCE Suse
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-3843 CRITICAL Act Now

Gas station automation system BUK TS-G 2.9.1 has a SQL injection enabling compromise of fuel management and transaction data.

PHP RCE SQLi
NVD VulDB
CVSS 4.0
9.3
EPSS
0.4%
CVE-2026-30960 Cargo CRITICAL PATCH Act Now

rssn is a scientific computing library for Rust, combining a high-performance symbolic computation engine with numerical methods support and physics simulations functionalities.

RCE Code Injection
NVD GitHub VulDB
CVSS 4.0
9.4
EPSS
0.0%
CVE-2026-30957 npm CRITICAL POC PATCH Act Now

OneUptime prior to 10.0.21 has a fourth vulnerability in Synthetic monitoring exposing dangerous functionality.

RCE Oneuptime
NVD GitHub VulDB
CVSS 3.1
9.9
EPSS
0.3%
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Command injection vulnerability in MLflow versions before v3.7.0 that allows attackers to execute arbitrary commands by injecting malicious input through the --container parameter when deploying models to SageMaker. The vulnerability affects MLflow installations in development environments, CI/CD pipelines, and cloud deployments, with a CVSS score of 7.5 indicating high severity. No active exploitation or KEV listing is reported, and no EPSS data is available to assess real-world exploitation likelihood.

Command Injection RCE Code Injection +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

This issue affects Apache Spark: before 3.5.7 and 4.0.1.

Command Injection RCE Deserialization +2
NVD GitHub VulDB
EPSS 0% CVSS 4.2
MEDIUM This Month

AnythingLLM versions 1.11.1 and earlier contain a Zip Slip path traversal vulnerability in the community plugin import functionality that fails to validate file paths during ZIP extraction. An authenticated attacker with high privileges can craft a malicious ZIP file containing path traversal sequences that, when imported via the community hub, extract files outside the intended directory and achieve arbitrary code execution on the server. While the CVSS score is moderate (4.2) due to high privilege requirements and user interaction, the vulnerability enables code execution and should be addressed promptly.

Path Traversal RCE AI / ML +1
NVD GitHub
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

PX4 autopilot versions prior to 1.17.0-rc2 contain a stack overflow vulnerability in the BST telemetry probe driver that allows a malicious BST device to trigger a buffer overflow by reporting an oversized dev_name_len parameter without bounds checking. An attacker with physical access to inject a malicious BST device can crash the autopilot task or potentially achieve arbitrary code execution, impacting drone flight safety and control systems. No active KEV exploitation data or public POC is currently documented, but the vulnerability is patched in version 1.17.0-rc2.

RCE Stack Overflow Buffer Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 8.7
HIGH POC PATCH This Week

Code injection in SimpleEval when objects with dangerous attrs are passed. PoC available.

Code Injection RCE
NVD GitHub VulDB
EPSS 0% CVSS 8.6
HIGH POC PATCH This Week

A Cross-Site Scripting (XSS) vulnerability in Angular's runtime and compiler allows attackers to bypass built-in sanitization when internationalization (i18n) is enabled on security-sensitive attributes like href, src, and action. The vulnerability affects Angular versions before 19.2.20, 20.3.18, 21.2.4, and 22.0.0-next.3, enabling attackers with low privileges to execute arbitrary JavaScript in users' browsers for session hijacking, data theft, and unauthorized actions. With a CVSS score of 8.6 and no current evidence of active exploitation or public POCs, this represents a serious but not yet weaponized threat to Angular applications using i18n features with user-controlled data.

XSS RCE
NVD GitHub HeroDevs VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

Command injection RCE in claude-hovercraft tool. EPSS 1.3%.

Command Injection RCE AI / ML +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

CVE-2026-3084 is an integer underflow vulnerability in GStreamer's H.266 codec parser that allows remote code execution when processing malicious media files. The vulnerability affects all versions of GStreamer (CPE indicates wildcard versioning) and can be exploited through user interaction with specially crafted H.266 video content, allowing attackers to execute arbitrary code in the context of the application. No active exploitation (not in KEV) or public POC has been reported, and the relatively high CVSS score (7.8) is tempered by the local attack vector and user interaction requirement.

RCE Integer Overflow Gstreamer
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

CVE-2026-2921 is an integer overflow vulnerability in GStreamer's RIFF palette handling for AVI files that allows remote code execution with a CVSS score of 7.8. The vulnerability affects all versions of GStreamer (based on CPE wildcard) and requires user interaction to exploit, such as opening a malicious AVI file. No evidence of active exploitation (not in KEV), no public POC mentioned, and EPSS data not provided.

RCE Integer Overflow Gstreamer
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Critical out-of-bounds write vulnerability in GStreamer's rtpqdm2depay component that allows remote code execution when processing malformed X-QDM RTP payloads. The vulnerability affects all versions of GStreamer (CPE shows wildcard versioning) and requires user interaction, though attack vectors vary by implementation. With a CVSS score of 8.8 and active patch available, this represents a significant risk for applications using GStreamer for media processing.

Buffer Overflow RCE Gstreamer
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

CVE-2026-3086 is an out-of-bounds write vulnerability in GStreamer's H.266 codec parser that allows remote code execution when processing malformed APS (Adaptation Parameter Set) units. The vulnerability affects all versions of GStreamer (CPE shows wildcard versioning) and requires user interaction to exploit, such as processing a malicious H.266 video file. No evidence of active exploitation (not in KEV), no public POC, and no EPSS score available yet.

Buffer Overflow RCE Memory Corruption +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap-based buffer overflow vulnerability in GStreamer's rtpqdm2depay component that allows remote attackers to execute arbitrary code when processing malformed X-QDM RTP payloads. The vulnerability affects all versions of GStreamer (CPE indicates no version restrictions) and requires user interaction to exploit, though attack vectors may vary based on implementation. No active exploitation is known (not in KEV), and no EPSS score is available to assess real-world exploitation probability.

Buffer Overflow RCE Heap Overflow +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Heap-based buffer overflow vulnerability in the GStreamer multimedia framework's JPEG parser that allows remote code execution when processing malicious Huffman tables. The vulnerability affects all versions of GStreamer (CPE shows wildcard versioning) and requires user interaction to exploit, with a CVSS score of 7.8. No active exploitation in the wild has been reported (not in KEV), and no EPSS data is available.

Buffer Overflow RCE Heap Overflow +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Stack-based buffer overflow in GStreamer's H.266 codec parser that allows remote code execution when processing malicious video files. The vulnerability affects all versions of GStreamer (CPE shows wildcard versioning) and requires user interaction to trigger, such as opening a malicious media file. No active exploitation (not in KEV) or public PoC has been reported, with EPSS data unavailable.

Buffer Overflow RCE Stack Overflow +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

CVE-2026-2923 is an out-of-bounds write vulnerability in GStreamer's DVB Subtitles handling that allows remote code execution when processing malformed subtitle coordinates. This vulnerability affects all versions of GStreamer (CPE indicates no version restrictions) and requires user interaction to exploit, though attack vectors may vary by implementation. No evidence of active exploitation (not in KEV), no public POC available, and no EPSS data provided.

Buffer Overflow RCE Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Critical remote code execution vulnerability in GStreamer's RealMedia demuxer component, allowing attackers to execute arbitrary code via malformed video packets that trigger an out-of-bounds write. The vulnerability affects all versions of GStreamer (CPE indicates wildcard versioning) and requires user interaction to process malicious media files. While no active exploitation is reported (not in KEV), the availability of a vendor patch and ZDI advisory suggests this vulnerability has been responsibly disclosed and addressed.

Buffer Overflow RCE Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Heap-based buffer overflow vulnerability in GStreamer's ASF Demuxer component that allows remote attackers to execute arbitrary code when processing malicious ASF media files. The vulnerability requires user interaction (opening/processing a malicious file) and affects all versions of GStreamer based on the CPE data. No evidence of active exploitation (not in KEV) or public proof-of-concept exists, though Zero Day Initiative tracked it as ZDI-CAN-28843.

Buffer Overflow RCE Heap Overflow +1
NVD VulDB
EPSS 2% CVSS 8.8
HIGH This Week

Critical path traversal vulnerability in Unraid's update.php file that allows authenticated remote attackers to execute arbitrary code as root. The vulnerability affects all versions of Unraid (per CPE data) and was discovered by Zero Day Initiative (ZDI-CAN-28951). With a CVSS score of 8.8 and requiring only low privileges, this represents a severe risk for Unraid installations.

PHP Path Traversal RCE +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH This Week

CVE-2026-3562 is an authentication bypass vulnerability in Philips Hue Bridge's HAP (HomeKit Accessory Protocol) implementation, specifically within the ed25519_sign_open function that fails to properly verify Ed25519 cryptographic signatures. Network-adjacent attackers can exploit this flaw without authentication to execute arbitrary code on affected Hue Bridge installations. The CVSS score of 6.3 reflects moderate severity with local network access requirements, though the authentication bypass nature elevates real-world risk for smart home environments.

Authentication Bypass RCE Jwt Attack
NVD
EPSS 0% CVSS 8.0
HIGH This Week

Heap-based buffer overflow vulnerability in Philips Hue Bridge devices that allows network-adjacent attackers to execute arbitrary code through malformed PUT requests to the HomeKit Accessory Protocol (HAP) characteristics endpoint. While authentication is normally required, the advisory notes the authentication mechanism can be bypassed, effectively allowing unauthenticated remote code execution. No EPSS score or KEV listing is available, suggesting this is not currently being exploited in the wild.

Buffer Overflow RCE Heap Overflow +1
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Heap-based buffer overflow vulnerability in Philips Hue Bridge's HomeKit implementation that allows unauthenticated network-adjacent attackers to execute arbitrary code. The vulnerability affects all versions of Philips Hue Bridge (CPE indicates no version restrictions) through the hk_hap_pair_storage_put function on TCP port 8080. No EPSS data or KEV listing is available, and while ZDI has published an advisory, no public POC or active exploitation has been reported.

Buffer Overflow RCE Heap Overflow +1
NVD
EPSS 0% CVSS 8.0
HIGH This Week

Heap-based buffer overflow vulnerability in Philips Hue Bridge devices that allows network-adjacent attackers with authentication (which can be bypassed) to achieve remote code execution as root. The vulnerability affects the HomeKit Accessory Protocol (HAP) implementation on TCP port 8080 and has a high CVSS score of 8.0, though no active exploitation or public PoC has been reported.

Buffer Overflow RCE Heap Overflow +1
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Critical heap-based buffer overflow vulnerability in Philips Hue Bridge's HomeKit implementation that allows network-adjacent attackers to execute arbitrary code without authentication. The vulnerability affects all versions of Philips Hue Bridge (CPE indicates no version restriction) and stems from improper input validation in the hk_hap_pair_storage_put function. No active exploitation (not in KEV) or EPSS score is reported, but the high CVSS score (8.8) and RCE capability make this a significant threat for local network attackers.

Buffer Overflow RCE Heap Overflow +1
NVD
EPSS 0% CVSS 8.0
HIGH This Week

Heap-based buffer overflow vulnerability in the Philips Hue Bridge's Zigbee stack that allows network-adjacent attackers to execute arbitrary code when users initiate device pairing. The vulnerability affects all versions of Philips Hue Bridge and has a CVSS score of 8.0, requiring physical proximity and user interaction to exploit. No EPSS data or KEV listing is available, suggesting this is not actively exploited in the wild.

Buffer Overflow RCE Heap Overflow +1
NVD
EPSS 0% CVSS 9.6
CRITICAL Act Now

XSS in AnythingLLM 1.11.1 and earlier.

XSS RCE AI / ML +1
NVD GitHub
EPSS 0% 4.8 CVSS 8.8
HIGH POC KEV PATCH THREAT Act Now

Chrome's V8 JavaScript engine contains an inappropriate implementation (CVE-2026-3910, CVSS 8.8) that allows remote attackers to execute arbitrary code within the browser sandbox via crafted HTML pages. KEV-listed with public PoC, this V8 vulnerability affects all Chromium-based browsers and enables drive-by exploitation through any web page containing malicious JavaScript.

Google RCE Buffer Overflow +3
NVD VulDB GitHub
EPSS 0% CVSS 9.9
CRITICAL PATCH Act Now

SQL injection in OneUptime telemetry API before 10.0.23.

RCE SQLi Oneuptime
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

Stack overflow in HMS Networks Ewon Flexy/Cosy+ firmware.

RCE Buffer Overflow Denial Of Service +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH This Week

HMS Networks' industrial IoT gateways (Ewon Flexy and Cosy+) contain a command injection vulnerability that allows authenticated attackers to execute arbitrary OS commands remotely. This affects Flexy devices before firmware 15.0s4 and Cosy+ devices before 22.1s6 (22.x branch) or 23.0s3 (23.x branch). With a CVSS score of 8.8 but low EPSS of 0.06%, this vulnerability requires valid credentials but enables full system compromise.

RCE Command Injection Code Injection
NVD VulDB
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

JumpServer contains a Server-Side Template Injection (SSTI) vulnerability in its Applet and VirtualApp upload functionality that allows authenticated administrators to execute arbitrary code within the JumpServer Core container. The vulnerability affects JumpServer versions vulnerable to unsafe Jinja2 template rendering of user-uploaded YAML manifest files. While requiring high privilege level (Application Applet Management or Virtual Application Management permissions), successful exploitation results in complete container compromise with high confidentiality, integrity, and availability impact.

Ssti RCE Jumpserver
NVD GitHub VulDB
EPSS 0% CVSS 7.7
HIGH PATCH This Week

Unauthenticated attackers can trigger out-of-bounds memory access in the web interface of multiple Omada switches through improper input validation, potentially achieving remote code execution or causing denial-of-service. Affected products include Sg2005p PD 1.x, Sg2008 4.2x/4.3x, and Sg2008p 3.2x/3.3x, which require only network access to the vulnerable interface. A patch is available to address this high-severity vulnerability (CVSS 7.7).

Buffer Overflow Information Disclosure RCE +62
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL POC PATCH Act Now

create_function() sandbox bypass via unsanitized args passed to Function constructor. PoC available.

Node.js RCE PHP +1
NVD GitHub VulDB
EPSS 0% CVSS 10.0
CRITICAL PATCH Act Now

SandboxJS sandbox escape before 0.8.34 via Function access through arrays. CVSS 10.0.

RCE Code Injection Sandboxjs
NVD GitHub VulDB
EPSS 1% CVSS 8.7
HIGH POC PATCH This Week

Remote code execution in Clasp versions below 3.2.0 allows unauthenticated attackers to execute arbitrary code by uploading Google Apps Script projects with specially crafted filenames that exploit path traversal weaknesses. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires minimal user interaction and affects Google's Clasp tooling across all configurations.

Path Traversal RCE Google
NVD GitHub VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Memory corruption vulnerability in all versions of Digilent DASYLab data acquisition software that occurs when processing maliciously crafted files, potentially allowing attackers to leak sensitive information or execute arbitrary code. The vulnerability requires user interaction (opening a malicious file) and has a CVSS score of 7.8, with no current evidence of active exploitation or public proof-of-concept code.

Buffer Overflow Information Disclosure RCE +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Memory corruption vulnerability in all versions of Digilent DASYLab software that allows attackers to achieve information disclosure or arbitrary code execution through specially crafted files. The vulnerability requires user interaction (opening a malicious file) and has a CVSS score of 7.8, with no current evidence of active exploitation (not in KEV) or public proof-of-concept code.

Buffer Overflow Information Disclosure RCE +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Memory corruption vulnerability in all versions of Digilent DASYLab that allows attackers to execute arbitrary code or steal information by tricking users into opening malicious files. The vulnerability has a CVSS score of 7.8 (High) and requires user interaction, with no evidence of active exploitation (not in KEV) or publicly available proof-of-concept code.

Buffer Overflow Information Disclosure RCE +2
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Memory corruption vulnerability in all versions of Digilent DASYLab data acquisition software that allows attackers to achieve arbitrary code execution or information disclosure by tricking users into opening malicious .DSB files. With a CVSS score of 7.8 and requiring only user interaction, this out-of-bounds write vulnerability poses significant risk, though no active exploitation or public POCs have been reported.

Buffer Overflow Information Disclosure RCE +2
NVD VulDB
EPSS 0% CVSS 7.2
HIGH This Week

A code injection vulnerability in ILLID Advanced Woo Labels WordPress plugin (versions up to 2.36) allows authenticated administrators to execute arbitrary code through improper input validation, potentially leading to full site compromise. The vulnerability requires high privileges to exploit (CVSS 7.2), has no known active exploitation in the wild (not in CISA KEV), and carries a very low EPSS score of 0.00043 (0.043%), indicating minimal real-world exploitation likelihood despite the high CVSS score.

Code Injection RCE Advanced Woo Labels
NVD VulDB
EPSS 0% CVSS 9.1
CRITICAL Act Now

RCE via code injection in Modal Dialog WordPress plugin.

Code Injection RCE Modal Dialog
NVD
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Arbitrary file upload in Pix for WooCommerce WordPress plugin.

File Upload RCE WordPress
NVD VulDB GitHub
EPSS 0% CVSS 5.1
MEDIUM PATCH This Month

Medium severity vulnerability in wpDiscuz (WordPress plugin). wpDiscuz before 7.6.47 contains a shortcode injection vulnerability that allows attackers to execute arbitrary shortcodes by including them in comment content sent via email notifications. Attackers can inject shortcodes like [contact-form-7] or [user_meta] in comments, which are executed server-side when the WpdiscuzHelperEmail class processes notifications through do_shortcode() before wp_mai...

Code Injection RCE Wpdiscuz
NVD VulDB GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

D-Link DIR-513 router (v1.10) has a stack buffer overflow in the curTime parameter of formSetWizardSelectMode. This is an end-of-life router with no expected patch, meaning exploitation will remain possible indefinitely.

Buffer Overflow D-Link RCE +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Remote code execution in Dataease prior to version 2.10.20 allows authenticated attackers to execute arbitrary code by manipulating the IniFile parameter to load malicious JDBC configuration files through the Redshift driver. An attacker with valid credentials can exploit the aggressive configuration file discovery mechanism to inject dangerous JDBC properties and gain complete system compromise. No patch is currently available, leaving affected deployments vulnerable to this high-severity attack vector.

RCE Path Traversal Dataease
NVD GitHub VulDB
EPSS 1% CVSS 9.9
CRITICAL Act Now

Veeam Backup & Replication allows a user with the Backup Viewer role (read-only) to escalate to remote code execution as the postgres database user. A read-only role achieving RCE represents a severe privilege escalation with scope change.

PostgreSQL RCE SQLi
NVD VulDB
EPSS 0% CVSS 9.1
CRITICAL Act Now

Veeam Backup & Replication allows Backup Administrators to achieve RCE in high-availability deployments. While requiring admin-level access, the scope change to the HA infrastructure makes this critical for organizations running Veeam in HA mode.

RCE Code Injection Veeam Backup Replication
NVD VulDB
EPSS 0% CVSS 9.9
CRITICAL Act Now

Yet another Veeam Backup & Replication RCE vulnerability allowing authenticated domain users to execute code on the Backup Server with scope change (CVSS 9.9). Part of a cluster of related Veeam vulnerabilities disclosed together.

RCE Code Injection Veeam Backup Replication
NVD VulDB
EPSS 0% CVSS 9.9
CRITICAL Act Now

A second RCE vulnerability in Veeam Backup & Replication allows any authenticated domain user to execute code on the Backup Server with scope change. Same impact as CVE-2026-21666 but through a different attack vector.

RCE Authentication Bypass Veeam Backup Replication
NVD VulDB
EPSS 0% CVSS 9.9
CRITICAL Act Now

Veeam Backup & Replication allows an authenticated domain user to achieve remote code execution on the Backup Server. With a scope change to CVSS 9.9, a compromised domain account can fully take over the backup infrastructure.

RCE Authentication Bypass Veeam Backup Replication
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

SGLang's encoder parallel disaggregation system is vulnerable to unauthenticated RCE through pickle deserialization in the disaggregation module's inter-process communication. Same class of vulnerability as CVE-2026-3059 in a different code path.

RCE Deserialization Sglang
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

SGLang's multimodal generation module deserializes untrusted data with pickle.loads() over an unauthenticated ZMQ broker, enabling remote code execution. Any attacker who can reach the ZMQ port can execute arbitrary Python code on the ML inference server.

RCE Deserialization Sglang
NVD GitHub VulDB
EPSS 0%
Monitor

An Incorrect Permission Assignment vulnerability exists in the ASUS Business System Control Interface driver.

Linux RCE Information Disclosure
NVD VulDB
EPSS 0% CVSS 7.1
HIGH This Week

Lenovo Filez fails to properly validate SSL/TLS certificates, enabling network-positioned attackers to intercept traffic and execute arbitrary code on affected systems. An attacker with the ability to perform man-in-the-middle attacks can exploit this weakness to compromise user devices without authentication. No patch is currently available to remediate this vulnerability.

Authentication Bypass RCE
NVD VulDB
EPSS 0% CVSS 8.7
HIGH POC This Week

ARMBot contains an unrestricted file upload vulnerability in upload.php that allows unauthenticated attackers to upload arbitrary files by manipulating the file parameter with path traversal sequences. [CVSS 7.5 HIGH]

PHP RCE Path Traversal +1
NVD Exploit-DB VulDB
EPSS 0% CVSS 9.3
CRITICAL POC Act Now

RCE in NetGain EM Plus 10.1.68. PoC available.

RCE Code Injection
NVD Exploit-DB VulDB
EPSS 0% CVSS 8.6
HIGH POC This Week

Verypdf docPrint Pro 8.0 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized alphanumeric encoded payload in the User Password or Master Password fields. [CVSS 8.4 HIGH]

Buffer Overflow Memory Corruption RCE
NVD Exploit-DB VulDB
EPSS 0% CVSS 8.6
HIGH POC This Week

Easy File Sharing Web Server 7.2 contains a local structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by creating a malicious username. [CVSS 8.4 HIGH]

Buffer Overflow Memory Corruption RCE
NVD Exploit-DB VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Arbitrary OS command execution in Cloud CLI versions prior to 1.24.0 allows authenticated users to inject malicious commands through improperly sanitized git configuration parameters passed to shell execution functions. The /api/user/git-config endpoint fails to properly escape bash metacharacters like backticks and $() substitutions, enabling attackers to execute arbitrary operating system commands with application privileges. No patch is currently available for affected deployments.

RCE Code Injection Cloud Cli
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Craft CMS 5 allows authenticated Control Panel users with basic access (including non-admin roles like Author or Editor) to execute arbitrary code by injecting malicious Twig templates through condition rule parameters. The vulnerability exploits an unsandboxed template rendering function that bypasses all security hardening settings, affecting versions prior to 5.9.9 and 4.17.4. No patch is currently available for this HIGH severity vulnerability.

RCE Code Injection Craft Cms
NVD GitHub VulDB
EPSS 0% CVSS 10.0
CRITICAL Act Now

Arbitrary code execution in Jellyfin iOS GitHub Actions workflow. CVSS 10.0.

Privilege Escalation RCE Apple +1
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

Critical vulnerability in Lantronix EDS serial device server (EDS5000/EDS3000PS). Multiple injection and auth bypass vulnerabilities in the management interface.

Command Injection RCE Eds3016Ps1Ns Firmware +1
NVD VulDB
EPSS 0% 5.0 CVSS 9.8
CRITICAL POC KEV THREAT Emergency

Critical vulnerability in Lantronix EDS serial device server (EDS5000/EDS3000PS). Multiple injection and auth bypass vulnerabilities in the management interface.

Code Injection RCE Eds5032 Firmware +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH This Week

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS commands into the "tunnel" parameter when killing a tunnel connection. [CVSS 8.8 HIGH]

Code Injection RCE Eds5032 Firmware +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH This Week

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The Log Info page allows users to see log files by specifying their names. [CVSS 8.8 HIGH]

Code Injection RCE Eds5032 Firmware +2
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

Critical vulnerability in Lantronix EDS serial device server (EDS5000/EDS3000PS). Multiple injection and auth bypass vulnerabilities in the management interface.

Code Injection RCE Eds5032 Firmware +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH This Week

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS commands into the "name" parameter when deleting SSL credentials through the management interface. [CVSS 8.8 HIGH]

Code Injection RCE Eds5032 Firmware +2
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

RCE in OpenClaw Agent Platform v2026.2.6 via prompt injection.

RCE Code Injection Openclaw
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Arbitrary plugin installation and remote code execution in ExactMetrics WordPress plugin versions 8.6.0-9.0.2 allows authenticated users with report-viewing permissions to bypass administrative capability checks via parameter manipulation. An attacker can exploit an Insecure Direct Object Reference in the onboarding process to install malicious plugins and execute arbitrary code on vulnerable WordPress installations. This vulnerability requires the site administrator to have previously granted non-admin users report access permissions.

WordPress RCE Authentication Bypass +1
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

LFI to RCE in IFTOP by WellChoose.

LFI PHP RCE +1
NVD
EPSS 0% CVSS 8.6
HIGH This Week

Code injection in MitsubishiChemical network devices MR-GM5L-S1 and MR-GM5A-L1 allows authenticated administrators to execute arbitrary commands via crafted inputs. While requiring high-privilege access (CVSS:4.0 PR:H), successful exploitation achieves complete system compromise with high confidentiality, integrity, and availability impact. EPSS score of 0.05% (16th percentile) indicates low probability of mass exploitation. No active exploitation or public proof-of-concept identified at time of analysis, though JPCERT/CC coordination suggests vendor awareness and patch availability.

Code Injection RCE
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Royal Addons for Elementor (WordPress plugin) versions up to 1.7.1049. is affected by unrestricted upload of file with dangerous type (CVSS 8.8).

WordPress PHP RCE +1
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Authenticated attackers can execute arbitrary OS commands on AOS-CX Switches through improper input validation in the CLI, potentially compromising network infrastructure. This command injection flaw (CWE-78) affects high-privileged users with network access and carries a CVSS score of 7.2, with no patch currently available.

Command Injection RCE
NVD
EPSS 0% CVSS 8.4
HIGH This Week

Unauthenticated local attackers can achieve remote code execution on Android devices through out-of-bounds memory writes that corrupt process memory. This vulnerability requires no user interaction or elevated privileges to exploit and has a CVSS score of 8.4. No patch is currently available.

RCE Memory Corruption Android +1
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

Modem has a fifth OOB write enabling remote privilege escalation.

RCE Android Google
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

Samsung/Google MFC driver has an OOB write in mfc_core_isr.c enabling kernel-level privilege escalation on Android devices.

RCE Android Google
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

Modem has a fourth OOB write due to incorrect bounds check.

RCE Android Google
NVD VulDB
EPSS 0% CVSS 7.4
HIGH This Week

IBM Trusteer Rapport 3.5.2309.290 contains an insecure DLL search path vulnerability that allows local attackers to execute arbitrary code by planting a malicious file in a compromised directory. The attack requires local system access but no user interaction or elevated privileges, making it exploitable by any local user. No patch is currently available for this high-severity vulnerability.

IBM RCE
NVD VulDB
EPSS 0% CVSS 9.6
CRITICAL POC Act Now

GetSimple CMS massiveAdmin plugin has a CSRF vulnerability enabling attackers to perform admin actions through crafted malicious pages.

PHP RCE CSRF +1
NVD GitHub VulDB
EPSS 0% CVSS 9.0
CRITICAL PATCH Act Now

MCP Atlassian server has a path traversal vulnerability enabling unauthorized access to Confluence and Jira data outside the intended scope.

Atlassian Path Traversal RCE
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL POC PATCH Act Now

simple-git Node.js library has a command injection vulnerability (EPSS with patch) enabling RCE when processing untrusted git operations.

Node.js RCE Command Injection +1
NVD GitHub VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in DNG SDK 1.7.1 2471 and earlier via an out-of-bounds write vulnerability that executes with user privileges when a victim opens a malicious file. The vulnerability requires user interaction but no special privileges, making it exploitable through social engineering with crafted documents. No patch is currently available for affected DNG Software Development Kit users.

Buffer Overflow RCE Dng Software Development Kit
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Substance 3D Stager 3.1.7 and earlier through an out-of-bounds write vulnerability triggered when users open malicious files. An attacker can execute code with the privileges of the affected user, requiring only social engineering to deliver the malicious file. No patch is currently available for this high-severity vulnerability.

Buffer Overflow RCE Substance 3d Stager
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Substance 3D Stager 3.1.7 and earlier through an out-of-bounds write vulnerability triggered by opening a malicious file. An attacker can achieve code execution with user privileges by crafting a weaponized file and socially engineering a victim into opening it. No patch is currently available for this high-severity vulnerability.

Buffer Overflow RCE Substance 3d Stager
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe Substance 3D Stager 3.1.7 and earlier through an out-of-bounds write vulnerability that executes with user privileges when a victim opens a crafted file. The vulnerability requires user interaction but no special permissions, making it a practical attack vector for local exploitation. No patch is currently available.

Buffer Overflow RCE Substance 3d Stager
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Substance 3D Stager 3.1.7 and earlier through an out-of-bounds write vulnerability triggered by opening a malicious file. Users running affected versions face code execution at their privilege level with no available patch. This requires social engineering to trick users into opening a crafted file.

Buffer Overflow RCE Substance 3d Stager
NVD VulDB
EPSS 1% CVSS 8.7
HIGH POC This Week

Remote code execution in GitHub Enterprise Server allows authenticated users with repository push access to execute arbitrary code via unsanitized push option values that bypass internal header validation. An attacker can inject malicious metadata fields by exploiting insufficient input sanitization in the git push operation handler. This high-severity vulnerability affects GitHub Enterprise Server versions prior to 3.14.24, 3.15.19, 3.16.15, 3.17.12, 3.18.6, and 3.19.3, with no patch currently available for all affected installations.

RCE Command Injection Enterprise Server
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Arbitrary code execution in Firefox versions prior to 148.0.2 results from multiple memory corruption flaws in the browser's memory safety implementation. An unauthenticated attacker can exploit these vulnerabilities through a malicious webpage requiring user interaction to achieve remote code execution with full system privileges. No patch is currently available for this vulnerability.

Mozilla Buffer Overflow RCE +1
NVD VulDB
EPSS 0% CVSS 9.3
CRITICAL Act Now

Gas station automation system BUK TS-G 2.9.1 has a SQL injection enabling compromise of fuel management and transaction data.

PHP RCE SQLi
NVD VulDB
EPSS 0% CVSS 9.4
CRITICAL PATCH Act Now

rssn is a scientific computing library for Rust, combining a high-performance symbolic computation engine with numerical methods support and physics simulations functionalities.

RCE Code Injection
NVD GitHub VulDB
EPSS 0% CVSS 9.9
CRITICAL POC PATCH Act Now

OneUptime prior to 10.0.21 has a fourth vulnerability in Synthetic monitoring exposing dangerous functionality.

RCE Oneuptime
NVD GitHub VulDB
Prev Page 33 of 355 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy