Skip to main content

RCE

31891 CVEs technique

Monthly

CVE-2026-1628 MEDIUM This Month

Mattermost Desktop is affected by inclusion of functionality from untrusted control sphere (CVSS 4.6).

RCE Mattermost Desktop
NVD
CVSS 3.1
4.6
EPSS
0.0%
CVE-2025-14532 CRITICAL Act Now

DobryCMS has an unauthenticated file upload vulnerability allowing remote attackers to upload and execute arbitrary files on the web server.

RCE Dorbycms
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-3000 CRITICAL PATCH Act Now

IDExpert Windows Logon Agent has a second RCE vulnerability through another unsigned code download path.

Windows RCE Idexpert
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-2999 CRITICAL PATCH Act Now

IDExpert Windows Logon Agent by Changing has an RCE vulnerability through download of code without integrity check, allowing malicious update injection.

Windows RCE Idexpert
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-28425 PHP HIGH PATCH This Week

Remote code execution in Statmatic CMS versions prior to 5.73.11 and 6.4.0 allows authenticated users with control panel access and permission to modify Antlers-enabled fields to execute arbitrary code in the application context. An attacker exploiting this vulnerability can fully compromise the application, including stealing sensitive configuration data, modifying or exfiltrating user data, and disrupting availability. A patch is available and exploitation requires authenticated access with specific field configuration permissions.

RCE Code Injection Statamic
NVD GitHub VulDB
CVSS 3.1
8.0
EPSS
0.1%
CVE-2026-28409 CRITICAL POC Act Now

Critical RCE via OS command injection in WeGIA before 3.6.5. Unauthenticated attackers can execute arbitrary commands on the server. CVSS 10.0 with PoC available.

RCE Authentication Bypass Command Injection Wegia
NVD GitHub
CVSS 3.1
10.0
EPSS
0.3%
CVE-2026-28406 Go HIGH PATCH This Week

Path traversal in Kaniko 1.25.4 through 1.25.9 allows attackers to extract tar archives outside the intended destination directory, enabling arbitrary file writes on the build system. When combined with Docker credential helpers in registry authentication scenarios, this vulnerability can be leveraged for code execution within the Kaniko executor process. Docker and Kubernetes environments using the affected Kaniko versions are at risk.

Docker Kubernetes Kaniko RCE Path Traversal
NVD GitHub
CVSS 3.1
8.2
EPSS
0.1%
CVE-2026-27947 HIGH This Week

Group Office versions before 26.0.9, 25.0.87, and 6.8.154 allow authenticated attackers to execute arbitrary commands through maliciously crafted TNEF attachments, where attacker-controlled filenames in winmail.dat are processed unsafely with zip wildcard expansion. An attacker with valid credentials can exploit this to achieve remote code execution with full system privileges. No patch is currently available for affected deployments.

RCE Group Office
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2026-21659 CRITICAL Act Now

Unauthenticated RCE and information disclosure via Local File Inclusion in Johnson Controls Frick Controls. Fifth critical vulnerability in the product line, enabling arbitrary file reads and code execution.

RCE LFI Information Disclosure Frick Controls Quantum Hd Firmware
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2026-21658 CRITICAL Act Now

Unauthenticated remote code execution via code injection in Johnson Controls Frick Controls Quantum HD. Fourth critical vulnerability — this one explicitly noted as unauthenticated RCE.

RCE Code Injection Frick Controls Quantum Hd Firmware
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-27776 HIGH This Week

Remote code execution in intra-mart Accel Platform's IM-LogicDesigner module through insecure deserialization of crafted files imported by administrative users. An attacker with admin privileges can execute arbitrary code by importing a malicious file, with no patch currently available. The vulnerability affects all deployments where IM-LogicDesigner is enabled.

Deserialization RCE Accel Platform
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-0980 Ruby HIGH PATCH This Week

Remote code execution in Red Hat Satellite's rubyipmi BMC component allows authenticated users with host creation or update permissions to execute arbitrary code by injecting malicious input into the BMC username field. An attacker with these privileges can compromise the underlying system through command injection. No patch is currently available for this vulnerability.

Red Hat RCE Command Injection
NVD VulDB
CVSS 3.1
8.3
EPSS
0.2%
CVE-2026-27653 MEDIUM This Month

Soliton Systems installers for Securebrowser For Onegate, Secureworkspace, and Securebrowser II fail to set proper file permissions during installation, enabling local authenticated users to execute arbitrary code with SYSTEM privileges. An attacker with user-level access can exploit this misconfiguration to achieve full system compromise. No patch is currently available.

Privilege Escalation RCE Securebrowser For Onegate Secureworkspace Securebrowser Ii
NVD VulDB
CVSS 3.1
6.7
EPSS
0.0%
CVE-2026-28370 PyPI CRITICAL POC PATCH Act Now

Code injection in OpenStack Vitrage query parser allows authenticated users to execute arbitrary Python code through crafted queries. Affects versions before 12.0.1, 13.0.0, 14.0.0, and 15.0.0. PoC available.

RCE Code Injection Authentication Bypass Vitrage
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2026-28364 HIGH PATCH This Week

Heap memory corruption in the OCaml runtime (before 4.14.3 and 5.x before 5.4.1) lets an attacker who can feed crafted Marshal-format data into an application's deserialization path read past buffer bounds and, through a multi-phase chain, achieve code execution. The flaw lives in the readblock() routine of runtime/intern.c, which copies blocks using attacker-controlled lengths without bounds checks. There is no public exploit identified at time of analysis and EPSS is very low (0.04%), but multiple vendors (SUSE, Red Hat) have shipped fixed packages.

RCE Buffer Overflow Deserialization Ocaml
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-3037 HIGH This Week

Remote code execution in XWEB Pro firmware (versions 1.12.1 and earlier) allows authenticated attackers to execute arbitrary OS commands by injecting malicious payloads into the MBird SMS service URL parameters processed during system setup. The vulnerability affects Xweb 500d Pro, 500b Pro, and 300d Pro models, with no patch currently available. Exploitation requires high privilege access but carries high impact due to complete system compromise potential.

RCE Command Injection Xweb 500d Pro Firmware Xweb 500b Pro Firmware Xweb 300d Pro Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
0.1%
CVE-2026-25721 HIGH This Week

Remote code execution in XWEB Pro firmware versions 1.12.1 and earlier allows authenticated attackers to execute arbitrary OS commands by injecting malicious payloads into the server username or password fields during restore operations via the API V1 endpoint. The vulnerability affects Xweb 300d Pro, 500b Pro, and 500d Pro devices and requires high-level privileges but could compromise the entire system. No patch is currently available for this vulnerability.

RCE Command Injection Xweb 500b Pro Firmware Xweb 300d Pro Firmware Xweb 500d Pro Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
0.1%
CVE-2026-25196 HIGH This Week

Remote code execution in XWEB Pro firmware (versions 1.12.1 and earlier) allows authenticated attackers to execute arbitrary OS commands by injecting malicious payloads into Wi-Fi SSID or password configuration fields. The vulnerability affects multiple Xweb Pro models (300d, 500b, 500d) and requires high privilege access to exploit, though successful exploitation grants complete system compromise across the network. No patch is currently available.

RCE Command Injection Xweb 500b Pro Firmware Xweb 300d Pro Firmware Xweb 500d Pro Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
0.1%
CVE-2026-25105 HIGH This Week

Remote code execution in XWEB Pro firmware versions 1.12.1 and earlier allows authenticated attackers to execute arbitrary OS commands by injecting malicious input into the Modbus command tool parameters accessible through the debug route. The vulnerability affects Xweb 300d Pro, 500d Pro, and 500b Pro devices, with a CVSS score of 8.0 indicating high severity. No patch is currently available for this command injection flaw.

RCE Command Injection Xweb 300d Pro Firmware Xweb 500d Pro Firmware Xweb 500b Pro Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
0.1%
CVE-2026-25037 HIGH This Week

Remote code execution in XWEB Pro firmware versions 1.12.1 and prior allows authenticated attackers to execute arbitrary OS commands by injecting malicious payloads through crafted LCD state configurations that are processed during system initialization. This vulnerability affects Xweb 300d Pro, 500b Pro, and 500d Pro devices and requires high-level privileges to exploit, though the impact extends across connected systems. No patch is currently available for this high-severity vulnerability (CVSS 8.0).

RCE Command Injection Xweb 500b Pro Firmware Xweb 300d Pro Firmware Xweb 500d Pro Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
0.1%
CVE-2026-24452 HIGH This Week

Remote code execution in Xweb Pro firmware (versions 1.12.1 and prior) allows authenticated attackers to execute arbitrary OS commands by uploading a malicious template file through the devices route. This vulnerability affects Xweb 300d Pro, 500b Pro, and 500d Pro models, with no patch currently available. The high CVSS score of 8.0 reflects the severity of achieving code execution with administrative privileges on vulnerable devices.

RCE Command Injection Xweb 300d Pro Firmware Xweb 500b Pro Firmware Xweb 500d Pro Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
0.1%
CVE-2026-23702 HIGH This Week

Remote code execution in XWEB Pro firmware versions 1.12.1 and earlier (affecting Xweb 500b Pro, 500d Pro, and 300d Pro models) allows authenticated attackers to execute arbitrary OS commands by injecting malicious input into the server username field during the import preconfiguration API action. An attacker with administrative privileges can exploit this OS command injection vulnerability to gain complete system compromise. No patch is currently available for this vulnerability.

RCE Command Injection Xweb 500b Pro Firmware Xweb 500d Pro Firmware Xweb 300d Pro Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
0.1%
CVE-2026-20764 HIGH This Week

Authenticated attackers can execute arbitrary OS commands on Xweb Pro devices (versions 1.12.1 and earlier across 300d, 500b, and 500d models) by injecting malicious payloads into the hostname configuration parameter during system setup. This command injection vulnerability grants remote code execution with high privileges on affected systems. No patch is currently available, requiring organizations to implement network access controls or disable affected devices until remediation is released.

RCE Command Injection Xweb 500b Pro Firmware Xweb 500d Pro Firmware Xweb 300d Pro Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
0.1%
CVE-2026-25195 HIGH This Week

Remote code execution in XWEB Pro firmware versions 1.12.1 and earlier allows authenticated attackers to execute arbitrary OS commands by submitting a malicious firmware update file through the update mechanism. The vulnerability affects multiple XWEB Pro models (300d, 500d, and 500b) and requires high-level privileges to exploit. No patch is currently available for this high-severity command injection flaw (CVSS 8.0).

RCE Command Injection Xweb 300d Pro Firmware Xweb 500d Pro Firmware Xweb 500b Pro Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
0.3%
CVE-2026-25111 HIGH This Week

Remote code execution in XWEB Pro versions 1.12.1 and earlier allows authenticated attackers to execute arbitrary OS commands via malicious input submitted to the restore functionality. The vulnerability affects Xweb 500d Pro, 500b Pro, and 300d Pro firmware versions, with no patch currently available. An attacker with valid credentials could compromise the affected device and gain full system control.

RCE Command Injection Xweb 500d Pro Firmware Xweb 500b Pro Firmware Xweb 300d Pro Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
0.3%
CVE-2026-25109 HIGH This Week

Remote code execution in Xweb 300d Pro, 500d Pro, and 500b Pro firmware versions 1.12.1 and earlier allows authenticated attackers to execute arbitrary OS commands by injecting malicious input through the devices field in the setup route. An attacker with valid credentials can exploit this command injection vulnerability to gain complete system control. No patch is currently available for this vulnerability.

RCE Command Injection Xweb 500b Pro Firmware Xweb 300d Pro Firmware Xweb 500d Pro Firmware
NVD GitHub VulDB
CVSS 3.1
8.0
EPSS
0.3%
CVE-2026-24695 HIGH This Week

Remote code execution in XWEB Pro firmware versions 1.12.1 and earlier allows authenticated attackers to execute arbitrary commands by injecting malicious input into OpenSSL parameter fields. An attacker with valid credentials can exploit this command injection vulnerability through the utility route to gain complete system compromise. No patch is currently available for affected XWEB 500b Pro and 300d Pro devices.

OpenSSL TLS RCE Command Injection Xweb 500b Pro Firmware +2
NVD GitHub
CVSS 3.1
8.0
EPSS
0.3%
CVE-2026-24689 HIGH This Week

Remote code execution in XWEB Pro firmware (versions 1.12.1 and earlier) allows authenticated attackers to execute arbitrary OS commands by injecting malicious input into the devices field during firmware updates. The vulnerability affects multiple Xweb Pro models (500d, 300d, and 500b) and requires high privileges to exploit, though it can impact the entire system. No patch is currently available for this HIGH severity issue.

RCE Command Injection Xweb 500d Pro Firmware Xweb 300d Pro Firmware Xweb 500b Pro Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
0.3%
CVE-2026-24517 HIGH This Week

Remote code execution in Xweb 300d/500b/500d Pro firmware versions 1.12.1 and earlier allows authenticated attackers to execute arbitrary OS commands by injecting malicious input into the firmware update endpoint. The vulnerability stems from insufficient input validation in command processing and requires high privileges but affects the entire system scope. No patch is currently available for this HIGH severity issue.

RCE Command Injection Xweb 300d Pro Firmware Xweb 500b Pro Firmware Xweb 500d Pro Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
0.3%
CVE-2026-21389 HIGH This Week

Remote code execution in XWEB Pro firmware (versions 1.12.1 and earlier) allows authenticated attackers to execute arbitrary OS commands by submitting malicious input through the contacts import endpoint. The vulnerability affects multiple Xweb Pro models (500d, 300d, and 500b) and requires high-level privileges but can compromise the entire system. No patch is currently available.

RCE Command Injection Xweb 500d Pro Firmware Xweb 300d Pro Firmware Xweb 500b Pro Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
0.3%
CVE-2026-20910 HIGH This Week

Remote code execution in XWEB Pro firmware versions 1.12.1 and earlier allows authenticated attackers to execute arbitrary OS commands by injecting malicious input through the devices field during firmware update operations. The vulnerability affects multiple Xweb Pro models (500d, 500b, and 300d) and requires high-level privileges to exploit, though it can impact the entire system. No patch is currently available for this HIGH severity issue.

RCE Command Injection Xweb 300d Pro Firmware Xweb 500d Pro Firmware Xweb 500b Pro Firmware
NVD GitHub VulDB
CVSS 3.1
8.0
EPSS
0.3%
CVE-2026-20902 HIGH This Week

Remote code execution in Xweb 300d Pro, 500b Pro, and 500d Pro firmware (version 1.12.1 and prior) allows authenticated attackers to execute arbitrary OS commands by injecting malicious payloads into the map filename field during file upload operations. An attacker with valid credentials can exploit this command injection flaw to gain full system control. No patch is currently available for this vulnerability.

RCE Command Injection Xweb 300d Pro Firmware Xweb 500b Pro Firmware Xweb 500d Pro Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
0.3%
CVE-2026-20742 HIGH This Week

Remote code execution in XWEB Pro firmware versions 1.12.1 and earlier allows authenticated attackers to execute arbitrary OS commands by injecting malicious input through the templates route. Affected versions include Xweb 500d Pro, 300d Pro, and 500b Pro. No patch is currently available for this vulnerability.

RCE Command Injection Xweb 500d Pro Firmware Xweb 300d Pro Firmware Xweb 500b Pro Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
0.3%
CVE-2026-28279 Go HIGH PATCH This Week

Remote code execution in osctrl prior to version 0.5.0 allows authenticated administrators to inject arbitrary OS commands through the hostname parameter during environment configuration, which are then executed on all endpoints enrolling via the compromised environment. The injected commands execute with root/SYSTEM privileges before osquery installation, providing complete system compromise with minimal audit trails. A patch is available in version 0.5.0 and later.

RCE Command Injection Osctrl Suse
NVD GitHub
CVSS 3.1
7.3
EPSS
0.1%
CVE-2026-28208 Maven MEDIUM POC PATCH This Month

Junrar versions prior to 7.5.8 contain a path traversal vulnerability in LocalFolderExtractor that allows attackers to write arbitrary files to the filesystem when processing malicious RAR archives on Linux/Unix systems. Public exploit code exists for this vulnerability, which can facilitate remote code execution through file overwrite attacks such as modifying shell profiles or cron jobs. Users should upgrade to version 7.5.8 or later to remediate this issue.

Linux Java RCE Path Traversal Junrar +1
NVD GitHub
CVSS 3.1
5.9
EPSS
0.1%
CVE-2026-22206 HIGH This Week

SQL injection in SPIP prior to 4.4.10 enables authenticated users with low privileges to execute arbitrary SQL commands and achieve remote code execution through union-based injection combined with PHP tag processing. The vulnerability affects SPIP and PHP environments, requiring only network access and valid credentials to exploit. No patch is currently available, presenting significant risk to production SPIP installations.

PHP RCE SQLi Spip
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-27510 CRITICAL POC Act Now

Remote control vulnerability in Unitree Go2 robot dog firmware 1.1.7-1.1.11. The companion Android app allows remote attackers to take control of the robot. PoC available.

Android Python RCE SQLi Go2 Firmware
NVD
CVSS 3.1
9.6
EPSS
0.1%
CVE-2026-1565 HIGH This Week

Arbitrary file upload in User Frontend plugin for WordPress (versions up to 4.2.8) allows authenticated users with Author-level privileges to bypass file type validation and upload malicious files to the server. This can lead to remote code execution if an attacker uploads executable files to web-accessible directories. The vulnerability remains unpatched and affects all versions through 4.2.8.

WordPress RCE
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2026-28296 MEDIUM PATCH This Month

FTP command injection in GVfs backend allows remote attackers to execute arbitrary FTP commands by embedding CRLF sequences in crafted file paths, potentially leading to unauthorized access or code execution. The vulnerability requires user interaction and affects systems utilizing the FTP GVfs backend for file operations. A patch is available to remediate this input validation weakness.

RCE Red Hat Suse
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2026-25191 HIGH This Week

Arbitrary code execution in FinalCode Client installer (Digital Arts Inc.) results from unsafe DLL loading that allows an attacker to place a malicious library in the same directory as the installer and execute it with elevated privileges when a user runs the installation. This local attack requires user interaction to place the malicious file and execute the installer, but poses significant risk as there is currently no available patch.

Privilege Escalation RCE
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2026-23703 HIGH This Week

FinalCode Client installer by Digital Arts Inc. improperly configures file permissions, enabling local non-administrative users to execute arbitrary code with SYSTEM-level privileges. This privilege escalation affects all users of the affected installer versions and allows attackers to achieve complete system compromise. No patch is currently available for this vulnerability.

Privilege Escalation RCE
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2026-1311 HIGH This Week

Remote code execution in WordPress Worry Proof Backup plugin through path traversal in the backup upload feature allows authenticated users with Subscriber privileges or higher to write arbitrary files, including PHP executables, to the server by uploading specially crafted ZIP archives. The vulnerability affects all versions up to 0.2.4 and currently has no available patch, enabling attackers to achieve full server compromise.

WordPress PHP RCE Path Traversal
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2026-27966 PyPI CRITICAL POC PATCH Act Now

Code injection in Langflow CSV Agent node before 1.8.0. The node hardcodes allow_dangerous_code=True, enabling arbitrary code execution through crafted CSV files. EPSS 0.41% with PoC and patch available.

Python RCE Command Injection AI / ML Langflow +1
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2026-27830 Maven HIGH PATCH This Week

Remote code execution in c3p0 (a Java JDBC connection-pooling library) before v0.12.0 allows an attacker who can set the `userOverridesAsString` property of a `ConnectionPoolDataSource` - or inject a crafted serialized object or `javax.naming.Reference` - to load and run arbitrary code on the application's CLASSPATH. The flaw stems from storing this writable Java-Bean property as a hex-encoded Java-serialized object, and is amplified by its dependency mchange-commons-java, which mirrored legacy JNDI behavior with ungated support for remote `factoryClassLocation` values, enabling download and execution of attacker-hosted classes. EPSS is low (0.15%) and there is no public exploit identified at time of analysis, though deserialization/JNDI gadget techniques against this library are publicly documented.

Java Deserialization Code Injection RCE
NVD GitHub VulDB
CVSS 4.0
8.9
EPSS
0.1%
CVE-2026-27976 HIGH POC This Week

Zed, a code editor, has an extension installer allows tar/gzip downloads. [CVSS 8.8 HIGH]

RCE Zed
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-27635 HIGH POC This Week

Remote code execution in Manyfold prior to version 0.133.0 allows authenticated users to execute arbitrary commands by uploading a ZIP archive with specially crafted filenames containing shell metacharacters that are passed unsanitized to Ruby backtick execution. The vulnerability affects the model render generation feature and requires an attacker to be logged in, with public exploit code currently available. A patch is available in version 0.133.0 and later.

Ruby RCE Manyfold
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-27613 CRITICAL PATCH Act Now

Unauthenticated command injection in TinyWeb HTTP/HTTPS server for Win32 before 2.01 allows remote attackers to execute arbitrary commands. Patch available.

PHP RCE Tinyweb
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-27577 npm CRITICAL PATCH Act Now

Additional expression evaluation exploits in n8n before 2.10.1/2.9.3/1.123.22. Fourth distinct code execution path through the expression engine. Patch available.

RCE Code Injection Command Injection Node.js N8n
NVD GitHub
CVSS 3.1
9.9
EPSS
0.2%
CVE-2026-27498 npm HIGH PATCH This Week

Remote code execution in n8n workflow automation platform allows authenticated users with workflow creation or modification permissions to execute arbitrary shell commands by chaining file write operations with git functions to manipulate configuration files. Versions prior to 2.2.0 and 1.123.8 are affected, and administrators should upgrade immediately or restrict workflow editing permissions to trusted users only.

RCE AI / ML N8n
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2026-27497 npm HIGH PATCH This Week

Authenticated users with workflow modification permissions in n8n versions prior to 2.10.1, 2.9.3, and 1.123.22 can exploit the Merge node's SQL query mode to execute arbitrary code and write files on the server. This high-severity vulnerability (CVSS 8.8) affects the AI/ML and workflow automation platform, allowing attackers with legitimate access to achieve complete system compromise. No patch is currently available, and administrators should restrict workflow permissions or disable the Merge node as temporary mitigations.

RCE SQLi AI / ML N8n
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-27495 npm CRITICAL PATCH Act Now

Code injection in n8n workflow automation before 2.10.1/2.9.3/1.123.22 allows authenticated users to execute arbitrary code by creating or editing workflows with malicious expressions. Third n8n RCE CVE in this release.

Code Injection RCE AI / ML N8n
NVD GitHub
CVSS 3.1
9.9
EPSS
0.1%
CVE-2026-27493 npm CRITICAL PATCH Act Now

Second-order expression injection in n8n workflow automation before 2.10.1/2.9.3/1.123.22. Crafted workflow data triggers expression evaluation leading to code execution. Patch available.

RCE AI / ML N8n
NVD GitHub
CVSS 3.1
9.0
EPSS
0.2%
CVE-2026-27148 npm HIGH PATCH This Week

Cross-site WebSocket hijacking leading to persistent XSS and Remote Code Execution affects Storybook's dev server prior to versions 7.6.23, 8.6.17, 9.1.19, and 10.2.10. Because the dev server's story create/save WebSocket handlers fail to validate the connection origin and do not sanitize the componentFilePath field, a malicious website silently injects WebSocket messages into a developer's locally running instance to plant XSS or execute code; publicly exposed dev servers can be hit directly by any unauthenticated attacker. No public exploit identified at time of analysis, and EPSS is low at 0.17% (38th percentile), but the high CVSS 4.0 score of 8.9 and confirmed RCE impact make this a meaningful developer-workstation risk.

RCE XSS Storybook
NVD GitHub
CVSS 4.0
8.9
EPSS
0.2%
CVE-2026-26984 HIGH This Week

Remote code execution in LORIS neuroimaging platform allows authenticated users with sufficient privileges to bypass path traversal protections and upload malicious files to arbitrary server locations. An attacker can leverage the uploaded file to achieve code execution on the underlying system, though read-only server configurations may prevent actual execution. The vulnerability affects versions prior to 26.0.5, 27.0.2, and 28.0.0, with no patch currently available.

RCE Path Traversal Loris
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-0542 Monitor

ServiceNow has addressed a remote code execution vulnerability that was identified in the ServiceNow AI platform. This vulnerability could enable an unauthenticated user, in certain circumstances, to execute code within the ServiceNow Sandbox.

RCE
NVD
EPSS
0.3%
CVE-2026-22719 HIGH KEV PATCH THREAT Act Now

VMware Aria Operations contains a command injection vulnerability (CVE-2026-22719, CVSS 8.1) that allows unauthenticated remote attackers to execute arbitrary commands during support-assisted product migration. KEV-listed with patches available, this vulnerability targets the infrastructure monitoring platform that has visibility into the entire virtualized environment.

VMware Broadcom RCE Command Injection Aria Operations +3
NVD
CVSS 3.1
8.1
EPSS
7.4%
CVE-2026-23627 HIGH POC PATCH This Week

SQL injection in OpenEMR's Immunization module prior to version 8.0.0 enables authenticated users to execute arbitrary database queries through unparameterized patient_id inputs. This allows attackers to exfiltrate protected health information, steal credentials, and potentially achieve remote code execution with complete database compromise. Public exploit code exists for this vulnerability; organizations should upgrade to version 8.0.0 immediately.

RCE SQLi Openemr
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-27794 PyPI MEDIUM PATCH This Month

Remote code execution in LangGraph's caching layer affects applications that explicitly enable cache backends inheriting from BaseCache with nodes opted into caching via CachePolicy. An attacker can exploit unsafe deserialization through pickle when msgpack serialization fails, allowing arbitrary code execution on affected systems. This vulnerability requires explicit cache configuration and does not affect default deployments.

Redis RCE SQLi Deserialization AI / ML +1
NVD GitHub
CVSS 3.1
6.6
EPSS
0.3%
CVE-2025-69771 CRITICAL Act Now

Arbitrary file upload via subtitle loading in asbplayer v1.13.0 allows execution of malicious files through crafted subtitle files.

File Upload RCE Asbplayer
NVD GitHub VulDB
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-1929 HIGH This Week

Remote code execution in Advanced Woo Labels plugin for WordPress through version 2.37 allows authenticated users with Contributor access or higher to execute arbitrary PHP functions and system commands via an unsanitized callback parameter in an AJAX handler. The vulnerability stems from improper use of call_user_func_array() without adequate input validation or capability restrictions. No patch is currently available for this high-severity flaw affecting WordPress environments.

WordPress PHP RCE
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2026-3179 HIGH This Week

Arbitrary file write vulnerability in Data Master ADM versions 4.1.0-4.3.3.ROF1 and 5.0.0-5.1.2.RE51 allows remote or man-in-the-middle attackers to bypass filename sanitization in FTP backup operations and place malicious files outside the intended directory. An attacker can exploit this path traversal flaw to overwrite critical system files and potentially execute code with elevated privileges. No patch is currently available, and exploitation requires moderate attack complexity but no user interaction.

RCE Privilege Escalation Path Traversal Data Master
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2026-27745 HIGH PATCH This Week

Remote code execution in SPIP's interface_traduction_objets plugin prior to version 2.2.2 allows authenticated editors to execute arbitrary code by injecting malicious content into unfiltered form fields that bypass output protection mechanisms. The vulnerability exploits how underscore-prefixed fields circumvent SPIP's security filters and are processed through the template engine without sanitization. An attacker with editor-level privileges can leverage this to achieve full code execution within the web server context.

RCE Interface Traduction Objets
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-27744 CRITICAL PATCH Act Now

Unauthenticated RCE in SPIP tickets plugin before 4.3.3 via code injection. Allows executing arbitrary PHP code without authentication. Patch available.

RCE Tickets
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2026-27641 PyPI CRITICAL POC PATCH Act Now

Path traversal and extension bypass in Flask-Reuploaded file upload library. Allows uploading files with arbitrary extensions to arbitrary directories. PoC and patch available.

Flask RCE Path Traversal Flask Reuploaded
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-27636 HIGH POC PATCH Act Now

Remote code execution in FreeScout prior to version 1.8.206 allows authenticated users to upload `.htaccess` files that bypass file upload restrictions, enabling arbitrary code execution on Apache servers with `AllowOverride All` enabled. Public exploit code exists for this vulnerability. The attack requires valid user credentials but affects all FreeScout installations using the vulnerable PHP Laravel framework configuration.

Apache PHP Laravel RCE Freescout
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2026-27597 npm CRITICAL POC PATCH GHSA Act Now

Sandbox escape in Enclave JavaScript sandbox before 2.11.1. Enclave is designed for safe AI agent code execution — the escape allows agents to execute arbitrary code outside the sandbox. CVSS 10.0, PoC and patch available.

RCE AI / ML Enclave
NVD GitHub
CVSS 3.1
10.0
EPSS
0.5%
CVE-2026-27629 MEDIUM This Month

InvenTree prior to version 1.2.3 allows authenticated staff users to inject malicious Jinja2 template code into batch code generation functionality, enabling server-side template injection that can expose sensitive data or execute arbitrary code. Once a staff member modifies the template maliciously, any user triggering batch code generation via the API will execute the injected code within their user context. This vulnerability requires staff-level access to set up but can be exploited by lower-privileged users once the malicious template is in place.

RCE Inventree
NVD GitHub
CVSS 3.1
5.9
EPSS
0.1%
CVE-2026-27626 Go CRITICAL POC PATCH Act Now

OS command injection in OliveTin web shell interface through version 3000.10.0. OliveTin provides web-based access to predefined shell commands — the injection allows executing arbitrary commands beyond the whitelist. PoC available.

RCE Command Injection Olivetin Suse
NVD GitHub
CVSS 3.1
9.9
EPSS
0.1%
CVE-2026-27606 npm HIGH POC PATCH This Week

Arbitrary file write via path traversal in the Rollup JavaScript module bundler lets an attacker who can influence build inputs write or overwrite files anywhere the build process can reach, escalating to persistent remote code execution by clobbering system or user configuration files. Affected are 4.x releases before 4.59.0 (and the 2.x/3.x lines before 2.80.0 and 3.30.0), where insecure output filename sanitization permits `../` traversal through CLI named inputs, manual chunk aliases, or malicious plugins. Publicly available exploit code exists (GitHub Security Advisory GHSA-mw96-cpmx-2vgc), though no public exploit is identified as active in-the-wild use; EPSS is modest at 0.62% (70th percentile).

RCE Path Traversal Rollup
NVD GitHub VulDB
CVSS 4.0
8.8
EPSS
0.6%
CVE-2026-27598 Go MEDIUM POC PATCH This Month

Arbitrary file write in Dagu workflow engine up to version 1.16.7 allows authenticated users with DAG write permissions to place malicious YAML files anywhere on the filesystem due to insufficient name validation in the CreateNewDAG API endpoint. Since Dagu executes DAG files as shell commands, an attacker can achieve remote code execution by overwriting existing DAGs or configuration files. Public exploit code exists for this vulnerability, and a patch is available.

RCE Dagu Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-22553 CRITICAL Act Now

OS command injection in InSAT MasterSCADA BUK-TS through MMadmServ web interface. Unauthenticated RCE on SCADA management server. EPSS 1.26%.

SCADA RCE Command Injection Masterscada
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2026-21410 CRITICAL Act Now

SQL injection in InSAT MasterSCADA BUK-TS through the main web interface. ICS/SCADA system with unauthenticated SQL injection enabling full database compromise.

SCADA RCE SQLi Masterscada
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2025-46320 MEDIUM This Month

A cross-site scripting (XSS) vulnerability in a FileMaker WebDirect custom homepage could lead to unauthorized access and remote code execution. This vulnerability has been fully addressed in FileMaker Server 22.0.4 and FileMaker Server 21.1.7. [CVSS 6.1 MEDIUM]

RCE XSS Filemaker Server
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2026-26222 CRITICAL Act Now

Insecure .NET Remoting deserialization in Altec DocLink (Beyond Limits) 4.0.336.0. Exposed TCP endpoints allow unauthenticated remote code execution via .NET Remoting deserialization attacks.

.NET RCE Denial Of Service Altec Doclink
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2026-27590 Go CRITICAL POC PATCH Act Now

FastCGI path splitting vulnerability in Caddy before 2.11.1 allows request smuggling or path confusion when proxying to FastCGI backends (PHP-FPM). EPSS 0.19% with PoC available.

PHP TLS RCE Caddy Suse
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-27517 MEDIUM This Month

Stored cross-site scripting in Binardat 10G08-0800GSM network switch firmware through version V300SP10260209 enables attackers to execute arbitrary JavaScript within authenticated user sessions via the web interface. An attacker with network access can inject malicious scripts that execute in the context of legitimate users, potentially leading to session hijacking, credential theft, or unauthorized configuration changes. No patch is currently available.

RCE XSS 10g08 0800gsm Firmware
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-69985 npm CRITICAL POC Act Now

Authentication bypass in FUXA SCADA/HMI system 1.2.8 and prior leading to Remote Code Execution. Unauthenticated attackers can execute arbitrary code on industrial control HMI systems. EPSS 0.64% with PoC available.

Node.js RCE Authentication Bypass Fuxa
NVD GitHub Exploit-DB VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2025-10010 MEDIUM This Month

Cryptopro Secure Disk contains a vulnerability that allows attackers to execute arbitrary code in the context of the root user and enables an attacker t (CVSS 6.8).

Linux RCE Cryptopro Secure Disk Windows Linux Kernel
NVD VulDB
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-2807 CRITICAL PATCH Act Now

Memory safety bugs in Firefox 147 and Thunderbird 147 with evidence of memory corruption. Mainline-only bugs not present in ESR branches.

Memory Corruption Mozilla Buffer Overflow RCE Thunderbird
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-2793 CRITICAL PATCH Act Now

Memory safety bugs in Firefox ESR 115.32, ESR 140.7, and Firefox 147. Broader set of memory corruption issues than CVE-2026-2792.

Memory Corruption Mozilla Buffer Overflow RCE Thunderbird
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-2792 CRITICAL PATCH Act Now

Memory safety bugs in Firefox ESR 140.7 and Firefox 147 with evidence of memory corruption and potential code execution exploitability.

Memory Corruption Mozilla Buffer Overflow RCE Thunderbird
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2024-56373 PyPI HIGH PATCH This Week

DAG Author (who already has quite a lot of permissions) could manipulate database of Airflow 2 in the way to execute arbitrary code in the web-server context, which they should normally not be able to do, leading to potentially remote code execution in the context of web-server (server-side) as a result of a user viewing historical task information. [CVSS 8.4 HIGH]

RCE AI / ML Airflow
NVD GitHub
CVSS 3.1
8.4
EPSS
0.1%
CVE-2026-25797 NuGet MEDIUM PATCH This Month

Arbitrary code injection in ImageMagick's PostScript and HTML encoders allows attackers to inject malicious code that executes when files are processed by downstream applications like Ghostscript or web viewers. The vulnerability affects versions prior to 7.1.2-15 and 6.9.13-40 due to insufficient input sanitization in the ps and html coders. Users processing untrusted image files are at risk of code execution, though no patch is currently available.

RCE Code Injection Imagemagick Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.7
EPSS
0.0%
CVE-2026-21665 This Week

The Print Service component of Fiserv Originate Loans Peripherals (formerly Velocity Services) in unsupported version 2021.2.4 (build 4.7.3155.0011) uses deprecated .NET Remoting TCP channels that allow unsafe deserialization of untrusted data.

.NET RCE Deserialization
NVD
EPSS
0.4%
CVE-2026-25648 HIGH POC This Week

Traccar versions 6.11.1 and later allow authenticated users to inject malicious JavaScript into other users' browsers by uploading unsanitized SVG files as device images, exploiting improper Content-Type handling. Public exploit code exists for this reflected cross-site scripting vulnerability, which could enable session hijacking or credential theft with no patch currently available.

File Upload RCE XSS Traccar
NVD GitHub
CVSS 3.1
8.7
EPSS
0.0%
CVE-2025-67733 HIGH PATCH This Week

Response-stream injection in Valkey (the Redis fork) lets an authenticated user abuse Lua scripting commands to smuggle arbitrary bytes into the reply stream, corrupting or tampering with data returned to other users sharing the same connection. The flaw stems from the Lua script error-handling path mishandling null characters. It affects all releases prior to 9.0.2, 8.1.6, 8.0.7, and 7.2.12. No public exploit identified at time of analysis; EPSS exploitation probability is negligible (0.02%, 4th percentile) and the issue is not in CISA KEV.

RCE Valkey
NVD GitHub VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-14905 HIGH PATCH This Week

A flaw was found in the 389-ds-base server. A heap buffer overflow vulnerability exists in the `schema_attr_enum_callback` function within the `schema.c` file. [CVSS 7.2 HIGH]

RCE Buffer Overflow Heap Overflow Denial Of Service
NVD VulDB
CVSS 3.1
7.2
EPSS
0.4%
CVE-2026-25747 Maven HIGH POC PATCH This Week

Deserialization of Untrusted Data vulnerability in Apache Camel LevelDB component. The Camel-LevelDB DefaultLevelDBSerializer class deserializes data read from the LevelDB aggregation repository using java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. [CVSS 8.8 HIGH]

Apache Java Deserialization Camel RCE
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-2998 HIGH This Week

eAI Technologies' ERP application is vulnerable to DLL hijacking attacks that enable authenticated local users to achieve arbitrary code execution by placing a malicious DLL in the application directory. The vulnerability affects any system where non-administrative users have local access and can write to the ERP installation folder. No patch is currently available to remediate this issue.

Privilege Escalation RCE
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-2964 LOW Monitor

Prototype pollution in Webaudiorecorder.js versions 0.1 and 0.1.1 allows authenticated remote attackers to modify object properties through the extend function in Dynamic Config Handling, potentially leading to information disclosure or data manipulation. Public exploit code exists for this vulnerability, though exploitation requires high complexity and specific preconditions. The vendor has not released a patch and did not respond to disclosure attempts.

RCE Code Injection Webaudiorecorder Js
NVD VulDB
CVSS 4.0
1.3
EPSS
0.0%
EPSS 0% CVSS 4.6
MEDIUM This Month

Mattermost Desktop is affected by inclusion of functionality from untrusted control sphere (CVSS 4.6).

RCE Mattermost Desktop
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

DobryCMS has an unauthenticated file upload vulnerability allowing remote attackers to upload and execute arbitrary files on the web server.

RCE Dorbycms
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

IDExpert Windows Logon Agent has a second RCE vulnerability through another unsigned code download path.

Windows RCE Idexpert
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

IDExpert Windows Logon Agent by Changing has an RCE vulnerability through download of code without integrity check, allowing malicious update injection.

Windows RCE Idexpert
NVD
EPSS 0% CVSS 8.0
HIGH PATCH This Week

Remote code execution in Statmatic CMS versions prior to 5.73.11 and 6.4.0 allows authenticated users with control panel access and permission to modify Antlers-enabled fields to execute arbitrary code in the application context. An attacker exploiting this vulnerability can fully compromise the application, including stealing sensitive configuration data, modifying or exfiltrating user data, and disrupting availability. A patch is available and exploitation requires authenticated access with specific field configuration permissions.

RCE Code Injection Statamic
NVD GitHub VulDB
EPSS 0% CVSS 10.0
CRITICAL POC Act Now

Critical RCE via OS command injection in WeGIA before 3.6.5. Unauthenticated attackers can execute arbitrary commands on the server. CVSS 10.0 with PoC available.

RCE Authentication Bypass Command Injection +1
NVD GitHub
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Path traversal in Kaniko 1.25.4 through 1.25.9 allows attackers to extract tar archives outside the intended destination directory, enabling arbitrary file writes on the build system. When combined with Docker credential helpers in registry authentication scenarios, this vulnerability can be leveraged for code execution within the Kaniko executor process. Docker and Kubernetes environments using the affected Kaniko versions are at risk.

Docker Kubernetes Kaniko +2
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

Group Office versions before 26.0.9, 25.0.87, and 6.8.154 allow authenticated attackers to execute arbitrary commands through maliciously crafted TNEF attachments, where attacker-controlled filenames in winmail.dat are processed unsafely with zip wildcard expansion. An attacker with valid credentials can exploit this to achieve remote code execution with full system privileges. No patch is currently available for affected deployments.

RCE Group Office
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

Unauthenticated RCE and information disclosure via Local File Inclusion in Johnson Controls Frick Controls. Fifth critical vulnerability in the product line, enabling arbitrary file reads and code execution.

RCE LFI Information Disclosure +1
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Unauthenticated remote code execution via code injection in Johnson Controls Frick Controls Quantum HD. Fourth critical vulnerability — this one explicitly noted as unauthenticated RCE.

RCE Code Injection Frick Controls Quantum Hd Firmware
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Remote code execution in intra-mart Accel Platform's IM-LogicDesigner module through insecure deserialization of crafted files imported by administrative users. An attacker with admin privileges can execute arbitrary code by importing a malicious file, with no patch currently available. The vulnerability affects all deployments where IM-LogicDesigner is enabled.

Deserialization RCE Accel Platform
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Remote code execution in Red Hat Satellite's rubyipmi BMC component allows authenticated users with host creation or update permissions to execute arbitrary code by injecting malicious input into the BMC username field. An attacker with these privileges can compromise the underlying system through command injection. No patch is currently available for this vulnerability.

Red Hat RCE Command Injection
NVD VulDB
EPSS 0% CVSS 6.7
MEDIUM This Month

Soliton Systems installers for Securebrowser For Onegate, Secureworkspace, and Securebrowser II fail to set proper file permissions during installation, enabling local authenticated users to execute arbitrary code with SYSTEM privileges. An attacker with user-level access can exploit this misconfiguration to achieve full system compromise. No patch is currently available.

Privilege Escalation RCE Securebrowser For Onegate +2
NVD VulDB
EPSS 0% CVSS 9.1
CRITICAL POC PATCH Act Now

Code injection in OpenStack Vitrage query parser allows authenticated users to execute arbitrary Python code through crafted queries. Affects versions before 12.0.1, 13.0.0, 14.0.0, and 15.0.0. PoC available.

RCE Code Injection Authentication Bypass +1
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Heap memory corruption in the OCaml runtime (before 4.14.3 and 5.x before 5.4.1) lets an attacker who can feed crafted Marshal-format data into an application's deserialization path read past buffer bounds and, through a multi-phase chain, achieve code execution. The flaw lives in the readblock() routine of runtime/intern.c, which copies blocks using attacker-controlled lengths without bounds checks. There is no public exploit identified at time of analysis and EPSS is very low (0.04%), but multiple vendors (SUSE, Red Hat) have shipped fixed packages.

RCE Buffer Overflow Deserialization +1
NVD GitHub
EPSS 0% CVSS 8.0
HIGH This Week

Remote code execution in XWEB Pro firmware (versions 1.12.1 and earlier) allows authenticated attackers to execute arbitrary OS commands by injecting malicious payloads into the MBird SMS service URL parameters processed during system setup. The vulnerability affects Xweb 500d Pro, 500b Pro, and 300d Pro models, with no patch currently available. Exploitation requires high privilege access but carries high impact due to complete system compromise potential.

RCE Command Injection Xweb 500d Pro Firmware +2
NVD GitHub
EPSS 0% CVSS 8.0
HIGH This Week

Remote code execution in XWEB Pro firmware versions 1.12.1 and earlier allows authenticated attackers to execute arbitrary OS commands by injecting malicious payloads into the server username or password fields during restore operations via the API V1 endpoint. The vulnerability affects Xweb 300d Pro, 500b Pro, and 500d Pro devices and requires high-level privileges but could compromise the entire system. No patch is currently available for this vulnerability.

RCE Command Injection Xweb 500b Pro Firmware +2
NVD GitHub
EPSS 0% CVSS 8.0
HIGH This Week

Remote code execution in XWEB Pro firmware (versions 1.12.1 and earlier) allows authenticated attackers to execute arbitrary OS commands by injecting malicious payloads into Wi-Fi SSID or password configuration fields. The vulnerability affects multiple Xweb Pro models (300d, 500b, 500d) and requires high privilege access to exploit, though successful exploitation grants complete system compromise across the network. No patch is currently available.

RCE Command Injection Xweb 500b Pro Firmware +2
NVD GitHub
EPSS 0% CVSS 8.0
HIGH This Week

Remote code execution in XWEB Pro firmware versions 1.12.1 and earlier allows authenticated attackers to execute arbitrary OS commands by injecting malicious input into the Modbus command tool parameters accessible through the debug route. The vulnerability affects Xweb 300d Pro, 500d Pro, and 500b Pro devices, with a CVSS score of 8.0 indicating high severity. No patch is currently available for this command injection flaw.

RCE Command Injection Xweb 300d Pro Firmware +2
NVD GitHub
EPSS 0% CVSS 8.0
HIGH This Week

Remote code execution in XWEB Pro firmware versions 1.12.1 and prior allows authenticated attackers to execute arbitrary OS commands by injecting malicious payloads through crafted LCD state configurations that are processed during system initialization. This vulnerability affects Xweb 300d Pro, 500b Pro, and 500d Pro devices and requires high-level privileges to exploit, though the impact extends across connected systems. No patch is currently available for this high-severity vulnerability (CVSS 8.0).

RCE Command Injection Xweb 500b Pro Firmware +2
NVD GitHub
EPSS 0% CVSS 8.0
HIGH This Week

Remote code execution in Xweb Pro firmware (versions 1.12.1 and prior) allows authenticated attackers to execute arbitrary OS commands by uploading a malicious template file through the devices route. This vulnerability affects Xweb 300d Pro, 500b Pro, and 500d Pro models, with no patch currently available. The high CVSS score of 8.0 reflects the severity of achieving code execution with administrative privileges on vulnerable devices.

RCE Command Injection Xweb 300d Pro Firmware +2
NVD GitHub
EPSS 0% CVSS 8.0
HIGH This Week

Remote code execution in XWEB Pro firmware versions 1.12.1 and earlier (affecting Xweb 500b Pro, 500d Pro, and 300d Pro models) allows authenticated attackers to execute arbitrary OS commands by injecting malicious input into the server username field during the import preconfiguration API action. An attacker with administrative privileges can exploit this OS command injection vulnerability to gain complete system compromise. No patch is currently available for this vulnerability.

RCE Command Injection Xweb 500b Pro Firmware +2
NVD GitHub
EPSS 0% CVSS 8.0
HIGH This Week

Authenticated attackers can execute arbitrary OS commands on Xweb Pro devices (versions 1.12.1 and earlier across 300d, 500b, and 500d models) by injecting malicious payloads into the hostname configuration parameter during system setup. This command injection vulnerability grants remote code execution with high privileges on affected systems. No patch is currently available, requiring organizations to implement network access controls or disable affected devices until remediation is released.

RCE Command Injection Xweb 500b Pro Firmware +2
NVD GitHub
EPSS 0% CVSS 8.0
HIGH This Week

Remote code execution in XWEB Pro firmware versions 1.12.1 and earlier allows authenticated attackers to execute arbitrary OS commands by submitting a malicious firmware update file through the update mechanism. The vulnerability affects multiple XWEB Pro models (300d, 500d, and 500b) and requires high-level privileges to exploit. No patch is currently available for this high-severity command injection flaw (CVSS 8.0).

RCE Command Injection Xweb 300d Pro Firmware +2
NVD GitHub
EPSS 0% CVSS 8.0
HIGH This Week

Remote code execution in XWEB Pro versions 1.12.1 and earlier allows authenticated attackers to execute arbitrary OS commands via malicious input submitted to the restore functionality. The vulnerability affects Xweb 500d Pro, 500b Pro, and 300d Pro firmware versions, with no patch currently available. An attacker with valid credentials could compromise the affected device and gain full system control.

RCE Command Injection Xweb 500d Pro Firmware +2
NVD GitHub
EPSS 0% CVSS 8.0
HIGH This Week

Remote code execution in Xweb 300d Pro, 500d Pro, and 500b Pro firmware versions 1.12.1 and earlier allows authenticated attackers to execute arbitrary OS commands by injecting malicious input through the devices field in the setup route. An attacker with valid credentials can exploit this command injection vulnerability to gain complete system control. No patch is currently available for this vulnerability.

RCE Command Injection Xweb 500b Pro Firmware +2
NVD GitHub VulDB
EPSS 0% CVSS 8.0
HIGH This Week

Remote code execution in XWEB Pro firmware versions 1.12.1 and earlier allows authenticated attackers to execute arbitrary commands by injecting malicious input into OpenSSL parameter fields. An attacker with valid credentials can exploit this command injection vulnerability through the utility route to gain complete system compromise. No patch is currently available for affected XWEB 500b Pro and 300d Pro devices.

OpenSSL TLS RCE +4
NVD GitHub
EPSS 0% CVSS 8.0
HIGH This Week

Remote code execution in XWEB Pro firmware (versions 1.12.1 and earlier) allows authenticated attackers to execute arbitrary OS commands by injecting malicious input into the devices field during firmware updates. The vulnerability affects multiple Xweb Pro models (500d, 300d, and 500b) and requires high privileges to exploit, though it can impact the entire system. No patch is currently available for this HIGH severity issue.

RCE Command Injection Xweb 500d Pro Firmware +2
NVD GitHub
EPSS 0% CVSS 8.0
HIGH This Week

Remote code execution in Xweb 300d/500b/500d Pro firmware versions 1.12.1 and earlier allows authenticated attackers to execute arbitrary OS commands by injecting malicious input into the firmware update endpoint. The vulnerability stems from insufficient input validation in command processing and requires high privileges but affects the entire system scope. No patch is currently available for this HIGH severity issue.

RCE Command Injection Xweb 300d Pro Firmware +2
NVD GitHub
EPSS 0% CVSS 8.0
HIGH This Week

Remote code execution in XWEB Pro firmware (versions 1.12.1 and earlier) allows authenticated attackers to execute arbitrary OS commands by submitting malicious input through the contacts import endpoint. The vulnerability affects multiple Xweb Pro models (500d, 300d, and 500b) and requires high-level privileges but can compromise the entire system. No patch is currently available.

RCE Command Injection Xweb 500d Pro Firmware +2
NVD GitHub
EPSS 0% CVSS 8.0
HIGH This Week

Remote code execution in XWEB Pro firmware versions 1.12.1 and earlier allows authenticated attackers to execute arbitrary OS commands by injecting malicious input through the devices field during firmware update operations. The vulnerability affects multiple Xweb Pro models (500d, 500b, and 300d) and requires high-level privileges to exploit, though it can impact the entire system. No patch is currently available for this HIGH severity issue.

RCE Command Injection Xweb 300d Pro Firmware +2
NVD GitHub VulDB
EPSS 0% CVSS 8.0
HIGH This Week

Remote code execution in Xweb 300d Pro, 500b Pro, and 500d Pro firmware (version 1.12.1 and prior) allows authenticated attackers to execute arbitrary OS commands by injecting malicious payloads into the map filename field during file upload operations. An attacker with valid credentials can exploit this command injection flaw to gain full system control. No patch is currently available for this vulnerability.

RCE Command Injection Xweb 300d Pro Firmware +2
NVD GitHub
EPSS 0% CVSS 8.0
HIGH This Week

Remote code execution in XWEB Pro firmware versions 1.12.1 and earlier allows authenticated attackers to execute arbitrary OS commands by injecting malicious input through the templates route. Affected versions include Xweb 500d Pro, 300d Pro, and 500b Pro. No patch is currently available for this vulnerability.

RCE Command Injection Xweb 500d Pro Firmware +2
NVD GitHub
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Remote code execution in osctrl prior to version 0.5.0 allows authenticated administrators to inject arbitrary OS commands through the hostname parameter during environment configuration, which are then executed on all endpoints enrolling via the compromised environment. The injected commands execute with root/SYSTEM privileges before osquery installation, providing complete system compromise with minimal audit trails. A patch is available in version 0.5.0 and later.

RCE Command Injection Osctrl +1
NVD GitHub
EPSS 0% CVSS 5.9
MEDIUM POC PATCH This Month

Junrar versions prior to 7.5.8 contain a path traversal vulnerability in LocalFolderExtractor that allows attackers to write arbitrary files to the filesystem when processing malicious RAR archives on Linux/Unix systems. Public exploit code exists for this vulnerability, which can facilitate remote code execution through file overwrite attacks such as modifying shell profiles or cron jobs. Users should upgrade to version 7.5.8 or later to remediate this issue.

Linux Java RCE +3
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

SQL injection in SPIP prior to 4.4.10 enables authenticated users with low privileges to execute arbitrary SQL commands and achieve remote code execution through union-based injection combined with PHP tag processing. The vulnerability affects SPIP and PHP environments, requiring only network access and valid credentials to exploit. No patch is currently available, presenting significant risk to production SPIP installations.

PHP RCE SQLi +1
NVD
EPSS 0% CVSS 9.6
CRITICAL POC Act Now

Remote control vulnerability in Unitree Go2 robot dog firmware 1.1.7-1.1.11. The companion Android app allows remote attackers to take control of the robot. PoC available.

Android Python RCE +2
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Arbitrary file upload in User Frontend plugin for WordPress (versions up to 4.2.8) allows authenticated users with Author-level privileges to bypass file type validation and upload malicious files to the server. This can lead to remote code execution if an attacker uploads executable files to web-accessible directories. The vulnerability remains unpatched and affects all versions through 4.2.8.

WordPress RCE
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

FTP command injection in GVfs backend allows remote attackers to execute arbitrary FTP commands by embedding CRLF sequences in crafted file paths, potentially leading to unauthorized access or code execution. The vulnerability requires user interaction and affects systems utilizing the FTP GVfs backend for file operations. A patch is available to remediate this input validation weakness.

RCE Red Hat Suse
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in FinalCode Client installer (Digital Arts Inc.) results from unsafe DLL loading that allows an attacker to place a malicious library in the same directory as the installer and execute it with elevated privileges when a user runs the installation. This local attack requires user interaction to place the malicious file and execute the installer, but poses significant risk as there is currently no available patch.

Privilege Escalation RCE
NVD
EPSS 0% CVSS 7.8
HIGH This Week

FinalCode Client installer by Digital Arts Inc. improperly configures file permissions, enabling local non-administrative users to execute arbitrary code with SYSTEM-level privileges. This privilege escalation affects all users of the affected installer versions and allows attackers to achieve complete system compromise. No patch is currently available for this vulnerability.

Privilege Escalation RCE
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Remote code execution in WordPress Worry Proof Backup plugin through path traversal in the backup upload feature allows authenticated users with Subscriber privileges or higher to write arbitrary files, including PHP executables, to the server by uploading specially crafted ZIP archives. The vulnerability affects all versions up to 0.2.4 and currently has no available patch, enabling attackers to achieve full server compromise.

WordPress PHP RCE +1
NVD
EPSS 0% CVSS 9.8
CRITICAL POC PATCH Act Now

Code injection in Langflow CSV Agent node before 1.8.0. The node hardcodes allow_dangerous_code=True, enabling arbitrary code execution through crafted CSV files. EPSS 0.41% with PoC and patch available.

Python RCE Command Injection +3
NVD GitHub
EPSS 0% CVSS 8.9
HIGH PATCH This Week

Remote code execution in c3p0 (a Java JDBC connection-pooling library) before v0.12.0 allows an attacker who can set the `userOverridesAsString` property of a `ConnectionPoolDataSource` - or inject a crafted serialized object or `javax.naming.Reference` - to load and run arbitrary code on the application's CLASSPATH. The flaw stems from storing this writable Java-Bean property as a hex-encoded Java-serialized object, and is amplified by its dependency mchange-commons-java, which mirrored legacy JNDI behavior with ungated support for remote `factoryClassLocation` values, enabling download and execution of attacker-hosted classes. EPSS is low (0.15%) and there is no public exploit identified at time of analysis, though deserialization/JNDI gadget techniques against this library are publicly documented.

Java Deserialization Code Injection +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Zed, a code editor, has an extension installer allows tar/gzip downloads. [CVSS 8.8 HIGH]

RCE Zed
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC This Week

Remote code execution in Manyfold prior to version 0.133.0 allows authenticated users to execute arbitrary commands by uploading a ZIP archive with specially crafted filenames containing shell metacharacters that are passed unsanitized to Ruby backtick execution. The vulnerability affects the model render generation feature and requires an attacker to be logged in, with public exploit code currently available. A patch is available in version 0.133.0 and later.

Ruby RCE Manyfold
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Unauthenticated command injection in TinyWeb HTTP/HTTPS server for Win32 before 2.01 allows remote attackers to execute arbitrary commands. Patch available.

PHP RCE Tinyweb
NVD GitHub
EPSS 0% CVSS 9.9
CRITICAL PATCH Act Now

Additional expression evaluation exploits in n8n before 2.10.1/2.9.3/1.123.22. Fourth distinct code execution path through the expression engine. Patch available.

RCE Code Injection Command Injection +2
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in n8n workflow automation platform allows authenticated users with workflow creation or modification permissions to execute arbitrary shell commands by chaining file write operations with git functions to manipulate configuration files. Versions prior to 2.2.0 and 1.123.8 are affected, and administrators should upgrade immediately or restrict workflow editing permissions to trusted users only.

RCE AI / ML N8n
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Authenticated users with workflow modification permissions in n8n versions prior to 2.10.1, 2.9.3, and 1.123.22 can exploit the Merge node's SQL query mode to execute arbitrary code and write files on the server. This high-severity vulnerability (CVSS 8.8) affects the AI/ML and workflow automation platform, allowing attackers with legitimate access to achieve complete system compromise. No patch is currently available, and administrators should restrict workflow permissions or disable the Merge node as temporary mitigations.

RCE SQLi AI / ML +1
NVD GitHub
EPSS 0% CVSS 9.9
CRITICAL PATCH Act Now

Code injection in n8n workflow automation before 2.10.1/2.9.3/1.123.22 allows authenticated users to execute arbitrary code by creating or editing workflows with malicious expressions. Third n8n RCE CVE in this release.

Code Injection RCE AI / ML +1
NVD GitHub
EPSS 0% CVSS 9.0
CRITICAL PATCH Act Now

Second-order expression injection in n8n workflow automation before 2.10.1/2.9.3/1.123.22. Crafted workflow data triggers expression evaluation leading to code execution. Patch available.

RCE AI / ML N8n
NVD GitHub
EPSS 0% CVSS 8.9
HIGH PATCH This Week

Cross-site WebSocket hijacking leading to persistent XSS and Remote Code Execution affects Storybook's dev server prior to versions 7.6.23, 8.6.17, 9.1.19, and 10.2.10. Because the dev server's story create/save WebSocket handlers fail to validate the connection origin and do not sanitize the componentFilePath field, a malicious website silently injects WebSocket messages into a developer's locally running instance to plant XSS or execute code; publicly exposed dev servers can be hit directly by any unauthenticated attacker. No public exploit identified at time of analysis, and EPSS is low at 0.17% (38th percentile), but the high CVSS 4.0 score of 8.9 and confirmed RCE impact make this a meaningful developer-workstation risk.

RCE XSS Storybook
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

Remote code execution in LORIS neuroimaging platform allows authenticated users with sufficient privileges to bypass path traversal protections and upload malicious files to arbitrary server locations. An attacker can leverage the uploaded file to achieve code execution on the underlying system, though read-only server configurations may prevent actual execution. The vulnerability affects versions prior to 26.0.5, 27.0.2, and 28.0.0, with no patch currently available.

RCE Path Traversal Loris
NVD GitHub
EPSS 0%
Monitor

ServiceNow has addressed a remote code execution vulnerability that was identified in the ServiceNow AI platform. This vulnerability could enable an unauthenticated user, in certain circumstances, to execute code within the ServiceNow Sandbox.

RCE
NVD
EPSS 7% CVSS 8.1
HIGH KEV PATCH THREAT Act Now

VMware Aria Operations contains a command injection vulnerability (CVE-2026-22719, CVSS 8.1) that allows unauthenticated remote attackers to execute arbitrary commands during support-assisted product migration. KEV-listed with patches available, this vulnerability targets the infrastructure monitoring platform that has visibility into the entire virtualized environment.

VMware Broadcom RCE +5
NVD
EPSS 0% CVSS 8.8
HIGH POC PATCH This Week

SQL injection in OpenEMR's Immunization module prior to version 8.0.0 enables authenticated users to execute arbitrary database queries through unparameterized patient_id inputs. This allows attackers to exfiltrate protected health information, steal credentials, and potentially achieve remote code execution with complete database compromise. Public exploit code exists for this vulnerability; organizations should upgrade to version 8.0.0 immediately.

RCE SQLi Openemr
NVD GitHub
EPSS 0% CVSS 6.6
MEDIUM PATCH This Month

Remote code execution in LangGraph's caching layer affects applications that explicitly enable cache backends inheriting from BaseCache with nodes opted into caching via CachePolicy. An attacker can exploit unsafe deserialization through pickle when msgpack serialization fails, allowing arbitrary code execution on affected systems. This vulnerability requires explicit cache configuration and does not affect default deployments.

Redis RCE SQLi +3
NVD GitHub
EPSS 0% CVSS 9.6
CRITICAL Act Now

Arbitrary file upload via subtitle loading in asbplayer v1.13.0 allows execution of malicious files through crafted subtitle files.

File Upload RCE Asbplayer
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Remote code execution in Advanced Woo Labels plugin for WordPress through version 2.37 allows authenticated users with Contributor access or higher to execute arbitrary PHP functions and system commands via an unsanitized callback parameter in an AJAX handler. The vulnerability stems from improper use of call_user_func_array() without adequate input validation or capability restrictions. No patch is currently available for this high-severity flaw affecting WordPress environments.

WordPress PHP RCE
NVD
EPSS 0% CVSS 8.1
HIGH This Week

Arbitrary file write vulnerability in Data Master ADM versions 4.1.0-4.3.3.ROF1 and 5.0.0-5.1.2.RE51 allows remote or man-in-the-middle attackers to bypass filename sanitization in FTP backup operations and place malicious files outside the intended directory. An attacker can exploit this path traversal flaw to overwrite critical system files and potentially execute code with elevated privileges. No patch is currently available, and exploitation requires moderate attack complexity but no user interaction.

RCE Privilege Escalation Path Traversal +1
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in SPIP's interface_traduction_objets plugin prior to version 2.2.2 allows authenticated editors to execute arbitrary code by injecting malicious content into unfiltered form fields that bypass output protection mechanisms. The vulnerability exploits how underscore-prefixed fields circumvent SPIP's security filters and are processed through the template engine without sanitization. An attacker with editor-level privileges can leverage this to achieve full code execution within the web server context.

RCE Interface Traduction Objets
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Unauthenticated RCE in SPIP tickets plugin before 4.3.3 via code injection. Allows executing arbitrary PHP code without authentication. Patch available.

RCE Tickets
NVD
EPSS 0% CVSS 9.8
CRITICAL POC PATCH Act Now

Path traversal and extension bypass in Flask-Reuploaded file upload library. Allows uploading files with arbitrary extensions to arbitrary directories. PoC and patch available.

Flask RCE Path Traversal +1
NVD GitHub
EPSS 0% CVSS 8.8
HIGH POC PATCH Act Now

Remote code execution in FreeScout prior to version 1.8.206 allows authenticated users to upload `.htaccess` files that bypass file upload restrictions, enabling arbitrary code execution on Apache servers with `AllowOverride All` enabled. Public exploit code exists for this vulnerability. The attack requires valid user credentials but affects all FreeScout installations using the vulnerable PHP Laravel framework configuration.

Apache PHP Laravel +2
NVD GitHub
EPSS 1% CVSS 10.0
CRITICAL POC PATCH Act Now

Sandbox escape in Enclave JavaScript sandbox before 2.11.1. Enclave is designed for safe AI agent code execution — the escape allows agents to execute arbitrary code outside the sandbox. CVSS 10.0, PoC and patch available.

RCE AI / ML Enclave
NVD GitHub
EPSS 0% CVSS 5.9
MEDIUM This Month

InvenTree prior to version 1.2.3 allows authenticated staff users to inject malicious Jinja2 template code into batch code generation functionality, enabling server-side template injection that can expose sensitive data or execute arbitrary code. Once a staff member modifies the template maliciously, any user triggering batch code generation via the API will execute the injected code within their user context. This vulnerability requires staff-level access to set up but can be exploited by lower-privileged users once the malicious template is in place.

RCE Inventree
NVD GitHub
EPSS 0% CVSS 9.9
CRITICAL POC PATCH Act Now

OS command injection in OliveTin web shell interface through version 3000.10.0. OliveTin provides web-based access to predefined shell commands — the injection allows executing arbitrary commands beyond the whitelist. PoC available.

RCE Command Injection Olivetin +1
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

Arbitrary file write via path traversal in the Rollup JavaScript module bundler lets an attacker who can influence build inputs write or overwrite files anywhere the build process can reach, escalating to persistent remote code execution by clobbering system or user configuration files. Affected are 4.x releases before 4.59.0 (and the 2.x/3.x lines before 2.80.0 and 3.30.0), where insecure output filename sanitization permits `../` traversal through CLI named inputs, manual chunk aliases, or malicious plugins. Publicly available exploit code exists (GitHub Security Advisory GHSA-mw96-cpmx-2vgc), though no public exploit is identified as active in-the-wild use; EPSS is modest at 0.62% (70th percentile).

RCE Path Traversal Rollup
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

Arbitrary file write in Dagu workflow engine up to version 1.16.7 allows authenticated users with DAG write permissions to place malicious YAML files anywhere on the filesystem due to insufficient name validation in the CreateNewDAG API endpoint. Since Dagu executes DAG files as shell commands, an attacker can achieve remote code execution by overwriting existing DAGs or configuration files. Public exploit code exists for this vulnerability, and a patch is available.

RCE Dagu Suse
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

OS command injection in InSAT MasterSCADA BUK-TS through MMadmServ web interface. Unauthenticated RCE on SCADA management server. EPSS 1.26%.

SCADA RCE Command Injection +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

SQL injection in InSAT MasterSCADA BUK-TS through the main web interface. ICS/SCADA system with unauthenticated SQL injection enabling full database compromise.

SCADA RCE SQLi +1
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM This Month

A cross-site scripting (XSS) vulnerability in a FileMaker WebDirect custom homepage could lead to unauthorized access and remote code execution. This vulnerability has been fully addressed in FileMaker Server 22.0.4 and FileMaker Server 21.1.7. [CVSS 6.1 MEDIUM]

RCE XSS Filemaker Server
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Insecure .NET Remoting deserialization in Altec DocLink (Beyond Limits) 4.0.336.0. Exposed TCP endpoints allow unauthenticated remote code execution via .NET Remoting deserialization attacks.

.NET RCE Denial Of Service +1
NVD
EPSS 0% CVSS 9.8
CRITICAL POC PATCH Act Now

FastCGI path splitting vulnerability in Caddy before 2.11.1 allows request smuggling or path confusion when proxying to FastCGI backends (PHP-FPM). EPSS 0.19% with PoC available.

PHP TLS RCE +2
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM This Month

Stored cross-site scripting in Binardat 10G08-0800GSM network switch firmware through version V300SP10260209 enables attackers to execute arbitrary JavaScript within authenticated user sessions via the web interface. An attacker with network access can inject malicious scripts that execute in the context of legitimate users, potentially leading to session hijacking, credential theft, or unauthorized configuration changes. No patch is currently available.

RCE XSS 10g08 0800gsm Firmware
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Authentication bypass in FUXA SCADA/HMI system 1.2.8 and prior leading to Remote Code Execution. Unauthenticated attackers can execute arbitrary code on industrial control HMI systems. EPSS 0.64% with PoC available.

Node.js RCE Authentication Bypass +1
NVD GitHub Exploit-DB VulDB
EPSS 0% CVSS 6.8
MEDIUM This Month

Cryptopro Secure Disk contains a vulnerability that allows attackers to execute arbitrary code in the context of the root user and enables an attacker t (CVSS 6.8).

Linux RCE Cryptopro Secure Disk +2
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Memory safety bugs in Firefox 147 and Thunderbird 147 with evidence of memory corruption. Mainline-only bugs not present in ESR branches.

Memory Corruption Mozilla Buffer Overflow +2
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Memory safety bugs in Firefox ESR 115.32, ESR 140.7, and Firefox 147. Broader set of memory corruption issues than CVE-2026-2792.

Memory Corruption Mozilla Buffer Overflow +2
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Memory safety bugs in Firefox ESR 140.7 and Firefox 147 with evidence of memory corruption and potential code execution exploitability.

Memory Corruption Mozilla Buffer Overflow +2
NVD VulDB
EPSS 0% CVSS 8.4
HIGH PATCH This Week

DAG Author (who already has quite a lot of permissions) could manipulate database of Airflow 2 in the way to execute arbitrary code in the web-server context, which they should normally not be able to do, leading to potentially remote code execution in the context of web-server (server-side) as a result of a user viewing historical task information. [CVSS 8.4 HIGH]

RCE AI / ML Airflow
NVD GitHub
EPSS 0% CVSS 5.7
MEDIUM PATCH This Month

Arbitrary code injection in ImageMagick's PostScript and HTML encoders allows attackers to inject malicious code that executes when files are processed by downstream applications like Ghostscript or web viewers. The vulnerability affects versions prior to 7.1.2-15 and 6.9.13-40 due to insufficient input sanitization in the ps and html coders. Users processing untrusted image files are at risk of code execution, though no patch is currently available.

RCE Code Injection Imagemagick +2
NVD GitHub VulDB
EPSS 0%
This Week

The Print Service component of Fiserv Originate Loans Peripherals (formerly Velocity Services) in unsupported version 2021.2.4 (build 4.7.3155.0011) uses deprecated .NET Remoting TCP channels that allow unsafe deserialization of untrusted data.

.NET RCE Deserialization
NVD
EPSS 0% CVSS 8.7
HIGH POC This Week

Traccar versions 6.11.1 and later allow authenticated users to inject malicious JavaScript into other users' browsers by uploading unsanitized SVG files as device images, exploiting improper Content-Type handling. Public exploit code exists for this reflected cross-site scripting vulnerability, which could enable session hijacking or credential theft with no patch currently available.

File Upload RCE XSS +1
NVD GitHub
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Response-stream injection in Valkey (the Redis fork) lets an authenticated user abuse Lua scripting commands to smuggle arbitrary bytes into the reply stream, corrupting or tampering with data returned to other users sharing the same connection. The flaw stems from the Lua script error-handling path mishandling null characters. It affects all releases prior to 9.0.2, 8.1.6, 8.0.7, and 7.2.12. No public exploit identified at time of analysis; EPSS exploitation probability is negligible (0.02%, 4th percentile) and the issue is not in CISA KEV.

RCE Valkey
NVD GitHub VulDB
EPSS 0% CVSS 7.2
HIGH PATCH This Week

A flaw was found in the 389-ds-base server. A heap buffer overflow vulnerability exists in the `schema_attr_enum_callback` function within the `schema.c` file. [CVSS 7.2 HIGH]

RCE Buffer Overflow Heap Overflow +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH POC PATCH This Week

Deserialization of Untrusted Data vulnerability in Apache Camel LevelDB component. The Camel-LevelDB DefaultLevelDBSerializer class deserializes data read from the LevelDB aggregation repository using java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. [CVSS 8.8 HIGH]

Apache Java Deserialization +2
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

eAI Technologies' ERP application is vulnerable to DLL hijacking attacks that enable authenticated local users to achieve arbitrary code execution by placing a malicious DLL in the application directory. The vulnerability affects any system where non-administrative users have local access and can write to the ERP installation folder. No patch is currently available to remediate this issue.

Privilege Escalation RCE
NVD
EPSS 0% CVSS 1.3
LOW Monitor

Prototype pollution in Webaudiorecorder.js versions 0.1 and 0.1.1 allows authenticated remote attackers to modify object properties through the extend function in Dynamic Config Handling, potentially leading to information disclosure or data manipulation. Public exploit code exists for this vulnerability, though exploitation requires high complexity and specific preconditions. The vendor has not released a patch and did not respond to disclosure attempts.

RCE Code Injection Webaudiorecorder Js
NVD VulDB
Prev Page 35 of 355 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy