Skip to main content

RCE

31891 CVEs technique

Monthly

CVE-2026-27206 PHP HIGH PATCH This Week

Zumba Json Serializer versions 3.2.2 and below allow unrestricted PHP object instantiation during JSON deserialization, enabling attackers to trigger arbitrary class constructors and magic methods via malicious @type fields. When processing untrusted JSON input, this vulnerability can lead to PHP Object Injection and remote code execution if vulnerable gadget chains are present in the application or its dependencies. The vulnerability affects applications using affected PHP serialization libraries and currently lacks a patched version.

PHP RCE Deserialization
NVD GitHub
CVSS 3.1
8.1
EPSS
0.4%
CVE-2026-27194 PyPI CRITICAL PATCH Act Now

RCE in D-Tale pandas data visualizer before 3.20.0 via /save-column-filter. Patch available.

RCE AI / ML D Tale
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2026-2635 PyPI HIGH PATCH This Week

Authentication bypass leading to administrator-level remote code execution affects MLflow installations that use the built-in basic authentication, which ships a basic_auth.ini file containing hard-coded default credentials. Remote unauthenticated attackers who know these well-known defaults can log in as the administrator and execute arbitrary code in that context. No public exploit has been identified at time of analysis and it is not in CISA KEV, but the EPSS score of 1.39% (80th percentile) reflects above-average exploitation interest for a Trend Micro ZDI-disclosed flaw with an available vendor patch.

Authentication Bypass RCE
NVD GitHub VulDB
CVSS 3.1
7.3
EPSS
1.4%
CVE-2026-2492 HIGH This Week

Local privilege escalation in TensorFlow's HDF5 plugin-loading mechanism lets a low-privileged user run arbitrary code as a higher-privileged target user. The flaw stems from TensorFlow loading plugins from an unsecured, attacker-writable search-path location (CWE-427), so an attacker who can already execute low-privileged code plants a malicious plugin that is later loaded in the victim's context. There is no public exploit identified at time of analysis, EPSS risk is very low (0.02%), and it is not listed in CISA KEV, but the issue is credibly reported by Trend Micro ZDI (ZDI-26-116) and patched by upstream and Red Hat.

Privilege Escalation RCE
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-2048 HIGH PATCH This Week

GIMP is vulnerable to out-of-bounds memory write during XWD file parsing due to insufficient input validation, enabling arbitrary code execution when a user opens a malicious image file. This high-severity vulnerability (CVSS 7.8) affects local attackers who can craft specially crafted XWD files to corrupt memory and execute code with the privileges of the GIMP process. No patch is currently available.

RCE Gimp Buffer Overflow Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-2047 HIGH PATCH This Week

Remote code execution in GIMP through heap buffer overflow during ICNS file parsing allows attackers to execute arbitrary code when a user opens a malicious image file. The vulnerability stems from insufficient validation of user-supplied data lengths before copying to heap memory, requiring only user interaction to trigger. A patch is available for affected installations.

RCE Buffer Overflow Heap Overflow Gimp
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-2045 HIGH PATCH This Week

Out-of-bounds write in GIMP 3.0.6's XWD (X Window Dump) image file parser allows remote attackers to execute arbitrary code in the context of the user running GIMP, provided the victim is lured into opening a malicious XWD file or visiting a page that delivers one. The CVSS 3.1 vector (AV:L/UI:R) shows this is not a remote-network attack but a user-interaction-driven file-parsing flaw, scored 7.3 (High). There is no public exploit identified at time of analysis, and EPSS is very low (0.08%, 23rd percentile), consistent with an attack that depends on social engineering rather than mass automation.

RCE Gimp Buffer Overflow Memory Corruption
NVD VulDB
CVSS 3.1
7.3
EPSS
0.1%
CVE-2026-2044 HIGH PATCH This Week

Remote code execution in GIMP 3.0.6 allows attackers to run arbitrary code by tricking a user into opening a malicious PGM (Portable Gray Map) image file or visiting a page that delivers one. The PGM parser accesses memory before it is properly initialized (CWE-908), letting a crafted file corrupt program state and hijack execution in the context of the current user. Discovered and reported via Trend Micro's Zero Day Initiative (ZDI-26-118 / ZDI-CAN-28158); no public exploit identified at time of analysis and EPSS exploitation probability is low (0.06%, 20th percentile).

RCE Gimp
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-2043 HIGH This Week

Remote code execution in Nagios Xi through command injection in the esensors_websensor_configwizard_func method allows authenticated attackers to execute arbitrary commands with service account privileges. The vulnerability stems from insufficient input validation on user-supplied parameters passed to system calls. With a CVSS score of 8.8 and no patch currently available, this poses a significant risk to authenticated users of affected Nagios installations.

RCE Command Injection Nagios Xi
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2026-2042 HIGH This Week

Remote code execution in Nagios Xi's monitoringwizard module allows authenticated attackers to execute arbitrary commands through insufficient input validation in system calls. An attacker with valid credentials can exploit this command injection vulnerability to gain code execution with service account privileges on affected installations. No patch is currently available for this high-severity vulnerability.

RCE Command Injection Nagios Xi
NVD
CVSS 3.1
8.8
EPSS
2.2%
CVE-2026-2041 HIGH This Week

Nagios Xi for iOS is vulnerable to command injection in the zabbixagent_configwizard_func method due to insufficient input validation, allowing authenticated attackers to execute arbitrary code with service account privileges. The vulnerability requires valid credentials but no user interaction to exploit, and no patch is currently available. Exploitation could grant attackers full system access on affected Nagios installations.

RCE Command Injection Nagios Xi
NVD
CVSS 3.1
8.8
EPSS
2.2%
CVE-2026-2037 HIGH This Week

Unsafe deserialization in GFI Archiver's MArc.Core.Remoting service (port 8017) enables authenticated remote attackers to achieve unauthenticated remote code execution with SYSTEM privileges, despite the authentication requirement being bypassable. The vulnerability stems from insufficient validation of untrusted data during the deserialization process, allowing arbitrary code execution on affected systems. No patch is currently available.

RCE Deserialization Archiver
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2026-2036 HIGH This Week

Remote code execution in GFI Archiver's MArc.Store.Remoting.exe component stems from unsafe deserialization of untrusted data, allowing authenticated attackers to execute arbitrary code with SYSTEM privileges despite the authentication requirement being bypassable. The vulnerability affects the deserialization and archiver products due to insufficient validation of user-supplied input, enabling full system compromise. No patch is currently available.

RCE Deserialization Archiver
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2026-2035 MEDIUM This Month

Remote code execution in Deciso OPNsense's backup functionality allows authenticated network-adjacent attackers to execute arbitrary commands with root privileges through insufficient input validation in the diag_backup.php file. An attacker with valid credentials can inject malicious commands into backup filename parameters to achieve code execution on the affected system. No patch is currently available for this vulnerability.

PHP RCE Command Injection
NVD GitHub
CVSS 3.0
6.8
EPSS
0.2%
CVE-2026-2034 HIGH This Week

Remote code execution in Sante DICOM Viewer Pro via buffer overflow when parsing malicious DCM files allows attackers to execute arbitrary code on affected systems. The vulnerability stems from insufficient validation of user-supplied data length before copying to a buffer, requiring user interaction such as opening a malicious file or visiting a compromised page. No patch is currently available for this high-severity flaw.

RCE Buffer Overflow Dicom Viewer Pro
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2026-2033 PyPI HIGH PATCH Act Now

Remote code execution in the MLflow Tracking Server allows unauthenticated attackers (PR:N) to abuse the artifact handler's path processing to read or write files outside the intended artifact root and ultimately run code as the server's service account. The flaw is a CWE-22 path traversal in artifact file-path handling reachable over the network with low complexity. No public exploit is identified at time of analysis, but the EPSS score of 15.58% (95th percentile) signals notably elevated near-term exploitation likelihood for an MLOps component frequently exposed on internal and cloud networks.

RCE Path Traversal
NVD GitHub VulDB
CVSS 3.1
7.3
EPSS
15.6%
CVE-2026-27112 Go CRITICAL PATCH Act Now

Authorization bypass in Kargo Kubernetes promotion tool from 1.7.0 before 1.7.8/1.8.11/1.9.3. Batch resource creation bypasses authorization checks. Patch available.

Golang Kubernetes RCE Kargo Suse
NVD GitHub
CVSS 3.1
9.9
EPSS
0.2%
CVE-2026-0797 HIGH PATCH This Week

Remote code execution in GIMP 3.2.0-rc1 lets attackers run arbitrary code by tricking a user into opening a malicious ICO image file or visiting a page that delivers one. The flaw is a heap-based buffer overflow in the ICO file parser caused by missing length validation before a copy operation, and it executes code in the context of the GIMP process. No public exploit has been identified at time of analysis, and EPSS estimates exploitation probability at just 0.06% (19th percentile), consistent with a user-interaction-gated client-side bug rather than mass-exploited infrastructure.

RCE Buffer Overflow Heap Overflow Gimp
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-0777 HIGH This Week

Xmind fails to display adequate security warnings when users open file attachments, enabling remote code execution with the privileges of the current user. An attacker can exploit this by tricking users into opening malicious files or visiting crafted pages, with the unsafe action proceeding without proper user notification. No patch is currently available.

RCE
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2026-24892 HIGH POC PATCH This Week

Unsafe PHP deserialization in openITCOCKPIT Community Edition 5.3.1 and earlier allows authenticated attackers to inject malicious serialized objects through changelog entries, with public exploit code available. While no current attack path has been identified, an unrestricted unserialize() call creates a latent remote code execution vulnerability that could be exploited if future code changes introduce exploitable object types into the deserialization path. Authenticated access is required, but the HIGH severity rating reflects the potential for complete system compromise if this latent flaw is activated.

PHP Prometheus RCE Deserialization Openitcockpit
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2026-2473 PyPI PATCH Monitor

Predictable bucket naming in Vertex AI Experiments in Google Cloud Vertex AI from version 1.21.0 up to (but not including) 1.133.0 on Google Cloud Platform allows an unauthenticated remote attacker to achieve cross-tenant remote code execution, model theft, and poisoning via pre-creating predictably named Cloud Storage buckets (Bucket Squatting).

Google RCE
NVD
EPSS
0.3%
CVE-2026-26746 HIGH POC This Week

Open Source Point Of Sale versions up to 3.4.1 is affected by unrestricted upload of file with dangerous type (CVSS 8.8).

PHP RCE LFI Open Source Point Of Sale
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-70831 CRITICAL Act Now

RCE in Smanga 3.2.7 via command injection in /php/path/rescan.php. EPSS 0.29%.

PHP RCE Smanga
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-68549 CRITICAL Act Now

Unrestricted file upload in Wiguard (wiguard) WordPress theme allows uploading web shells for remote code execution.

WordPress PHP RCE
NVD
CVSS 3.1
9.9
EPSS
0.0%
CVE-2025-52744 HIGH This Week

Improper Control of Generation of Code ('Code Injection') vulnerability in inpersttion Inpersttion For Theme err-our-team allows Code Injection.This issue affects Inpersttion For Theme: from n/a through <= 1.0. [CVSS 7.6 HIGH]

Code Injection RCE
NVD
CVSS 3.1
7.7
EPSS
0.1%
CVE-2026-26050 HIGH This Week

Arbitrary code execution with administrative privileges in RICOH Job Log Aggregation Tool versions before 1.3.7 due to insecure DLL search path handling. Local attackers with user interaction can execute malicious code by placing a crafted DLL in the installer's search path. No patch is currently available.

Privilege Escalation RCE
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2026-26064 HIGH POC PATCH This Week

Remote code execution in Calibre 9.2.1 and earlier allows authenticated users to write arbitrary files via a path traversal flaw in the extract_pictures() function that fails to properly sanitize directory traversal sequences. On Windows systems, attackers can exploit this to write malicious payloads to the Startup folder, achieving code execution upon the next user login. Public exploit code exists for this vulnerability, and a patch is available in version 9.3.0.

Windows RCE Path Traversal Calibre Suse
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-26975 HIGH This Week

Remote code execution in Music Assistant Server 2.6.3 and below enables unauthenticated network-adjacent attackers to execute arbitrary code through path traversal in the playlist update API, which fails to enforce file extension restrictions and allows writing malicious Python files to site-packages. The vulnerability is particularly critical because affected containers typically run as root, amplifying the impact of successful exploitation. No patch is currently available, leaving installations at risk until an upgrade to version 2.7.0 or later is performed.

Python RCE Path Traversal Music Assistant Server
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-26959 HIGH This Week

Arbitrary code execution in ADB Explorer version 0.9.26020 and earlier on Windows allows local attackers to execute malicious binaries by manipulating the ManualAdbPath configuration setting without integrity validation. An attacker can exploit this through social engineering by distributing a crafted settings file that redirects the application to a malicious executable, gaining code execution with user privileges. The vulnerability requires user interaction to launch the application with a malicious configuration directory.

Windows RCE
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-27013 npm HIGH POC PATCH This Week

Stored XSS in Fabric.js prior to version 7.2.0 allows attackers to inject arbitrary SVG elements and event handlers when user-supplied JSON is loaded and exported via toSVG(), affecting applications that process collaborative designs, imports, or CMS plugins. Public exploit code exists for this vulnerability. Applications rendering the SVG output in browsers are vulnerable to arbitrary JavaScript execution.

RCE XSS Fabric.Js
NVD GitHub
CVSS 3.1
7.6
EPSS
0.0%
CVE-2026-26200 HIGH POC PATCH This Week

Heap buffer overflow in HDF5 versions prior to 1.14.4-2 allows attackers to trigger denial-of-service or potentially achieve code execution by crafting malicious h5 files. The vulnerability affects any system parsing untrusted HDF5 data files and has public exploit code available. A patch is not yet available, leaving affected deployments at risk.

RCE Buffer Overflow Heap Overflow Hdf5
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-23621 MEDIUM This Month

GFI MailEssentials AI versions prior to 22.4 allow authenticated users to enumerate arbitrary directories on the server through the ListServer.IsPathExist() web method, which fails to validate filesystem paths before checking their existence. An attacker with valid credentials can exploit this information disclosure vulnerability to map the server's directory structure and identify sensitive locations. No patch is currently available for this vulnerability.

RCE Mailessentials
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-26339 CRITICAL Act Now

Remote code execution in Hyland's Alfresco Transform Service (and the related Alfresco Transform Core component) lets unauthenticated network attackers inject crafted arguments into the document-processing pipeline to run arbitrary commands on the transformation host. Any exposed Alfresco deployment relying on these transform components is affected, with no login required and full compromise of confidentiality, integrity and availability. No public exploit has been identified at time of analysis, and the EPSS probability is currently low (0.22%, 44th percentile).

RCE Alfresco Transform Core Alfresco Transform Service SSRF
NVD
CVSS 4.0
9.3
EPSS
0.2%
CVE-2026-23620 MEDIUM This Month

GFI MailEssentials AI versions before 22.4 expose a file enumeration vulnerability in the ListServer.IsDBExist() web method that allows authenticated users to probe arbitrary filesystem paths and determine file existence on the server. An attacker can exploit this by submitting unrestricted paths via the JSON "path" parameter, which are processed without validation, disclosing sensitive information about the server's filesystem structure. No patch is currently available for this vulnerability.

RCE Mailessentials
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-26030 PyPI CRITICAL PATCH GHSA Act Now

Remote code execution in Microsoft Semantic Kernel Python SDK before 1.39.4. Code injection in the AI orchestration framework. Patch available.

Microsoft Linux Python RCE AI / ML +1
NVD GitHub
CVSS 3.1
9.9
EPSS
0.1%
CVE-2026-24834 Go HIGH POC PATCH This Week

Privilege escalation in Kata Containers (versions prior to 3.27.0) running on the Cloud Hypervisor backend lets a sufficiently-privileged container user write to the guest micro-VM's root filesystem and gain arbitrary code execution as root inside that VM. The root cause is that the read-only DAX/virtio-pmem rootfs image is never actually enforced read-only, so guest writes to /dev/pmem0 are observed by the guest. Publicly available exploit detail exists (GitHub Security Advisory GHSA-wwj6-vghv-5p64), though EPSS exploitation probability is negligible (0.01%) and it is not on CISA KEV.

RCE Kata Containers
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-71243 CRITICAL POC THREAT Emergency

The Saisies plugin for SPIP CMS versions 5.4.0 through 5.11.0 contains a critical remote code execution vulnerability. Attackers can exploit the vulnerability to execute arbitrary code on the SPIP server, compromising the content management system and its database.

RCE Saisies
NVD
CVSS 3.1
9.8
EPSS
73.5%
Threat
5.7
CVE-2026-25755 npm HIGH POC PATCH This Week

PDF object injection in the jsPDF JavaScript library (npm package 'jspdf', versions prior to 4.2.0) lets an attacker who controls the string passed to the addJS method break out of the PDF JavaScript string delimiter and inject arbitrary PDF dictionary objects, including auto-executing Additional Actions (/AA). Any user who later opens the generated PDF in a JavaScript-capable viewer executes the injected actions, affecting confidentiality, integrity and availability of their document session. Publicly available exploit code exists (a documented payload is published in the GitHub advisory), but EPSS is very low (0.04%, 10th percentile) and the issue is not in CISA KEV.

RCE Code Injection Jspdf
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-15562 MEDIUM This Month

The server API endpoint /report/internet/urls reflects received data into the HTML response without applying proper encoding or filtering. This allows an attacker to execute arbitrary JavaScript in the victim's browser if the victim opens a URL prepared by the attacker. [CVSS 6.1 MEDIUM]

RCE XSS Worktime
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-13590 Maven HIGH PATCH This Week

Authenticated remote code execution affects multiple WSO2 products (API Manager 4.2.0-4.6.0, API Control Plane 4.5.0-4.6.0, Universal Gateway 4.5.0, and Traffic Manager 4.5.0-4.6.0) through an unrestricted file upload exposed via a system REST API. An administrator-level attacker can place an arbitrary file at a user-controlled path and trigger code execution on the host. No public exploit identified at time of analysis, EPSS is low at 0.28%, and a vendor patch is available per WSO2 advisory WSO2-2025-4849.

RCE Api Manager Universal Gateway Traffic Manager Api Control Plane +1
NVD VulDB
CVSS 3.1
7.2
EPSS
0.3%
CVE-2025-12107 HIGH This Week

Identity Server versions up to 5.11.0 contains a vulnerability that allows attackers to a malicious actor with admin privilege to inject and execute arbitrary template (CVSS 8.4).

RCE Identity Server
NVD
CVSS 3.1
8.4
EPSS
0.4%
CVE-2026-1405 CRITICAL POC Act Now

Arbitrary file upload in Slider Future WordPress plugin.

WordPress RCE
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-0974 HIGH This Week

The Orderable WordPress plugin through version 1.20.0 fails to properly verify user permissions on plugin installation functions, enabling authenticated subscribers to install malicious plugins and achieve remote code execution. An attacker with minimal WordPress account privileges can exploit this capability check bypass to gain full server compromise without administrator credentials. No patch is currently available for this vulnerability (CVSS 8.8).

WordPress RCE Authentication Bypass
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-0926 CRITICAL POC Act Now

Local File Inclusion in Prodigy Commerce WordPress plugin <= 3.2.9.

WordPress PHP LFI Information Disclosure RCE
NVD Exploit-DB VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-12975 HIGH This Week

The CTX Feed - WooCommerce Product Feed Manager plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the woo_feed_plugin_installing() function in all versions up to, and including, 6.6.11. [CVSS 7.2 HIGH]

WordPress RCE PHP
NVD
CVSS 3.1
7.2
EPSS
0.2%
CVE-2025-12821 HIGH This Week

The NewsBlogger theme for WordPress is vulnerable to Cross-Site Request Forgery in versions 0.2.5.6 to 0.2.6.1. This is due to missing or incorrect nonce validation on the newsblogger_install_and_activate_plugin() function. [CVSS 8.8 HIGH]

WordPress RCE CSRF PHP
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-25548 CRITICAL POC PATCH Act Now

Remote Code Execution in InvoicePlane self-hosted invoicing application through code injection. PoC and patch available.

PHP RCE LFI Invoiceplane
NVD GitHub
CVSS 3.1
9.1
EPSS
0.4%
CVE-2026-27182 HIGH This Week

Saturn Remote Mouse Server on local networks is vulnerable to unauthenticated command injection through specially crafted UDP JSON packets sent to port 27000, enabling attackers to execute arbitrary code with service account privileges. Affected systems lack input validation on command parameters, allowing network-adjacent threat actors to achieve remote code execution without authentication. No patch is currently available for this high-severity vulnerability.

RCE Command Injection
NVD
CVSS 3.1
8.4
EPSS
0.2%
CVE-2026-27180 CRITICAL POC THREAT Emergency

MajorDoMo home automation platform is vulnerable to unauthenticated remote code execution through supply chain compromise via update URL poisoning. The saverestore module exposes its admin() method without authentication due to improper use of gr() (which reads from $_REQUEST), allowing attackers to redirect update URLs and push malicious code packages.

PHP TLS RCE Majordomo
NVD GitHub
CVSS 3.1
9.8
EPSS
61.8%
Threat
5.3
CVE-2026-27175 CRITICAL POC THREAT Emergency

Unauthenticated OS command injection in MajorDoMo via rc/index.php. EPSS 41.7% — the $param variable is passed unsanitized to shell commands. PoC available.

PHP RCE Command Injection Race Condition Majordomo
NVD GitHub
CVSS 3.1
9.8
EPSS
41.7%
Threat
4.7
CVE-2026-27174 CRITICAL POC THREAT Emergency

MajorDoMo home automation platform allows unauthenticated remote code execution through the admin panel's PHP console. An include order bug in panel.class.php causes execution to continue past a redirect() call that lacks an exit statement, allowing unauthenticated requests to reach the PHP code execution functionality in inc_panel_ajax.php.

PHP RCE Majordomo
NVD GitHub
CVSS 3.1
9.8
EPSS
60.3%
Threat
5.3
CVE-2019-25365 CRITICAL POC Act Now

Buffer overflow in ChaosPro 2.0 fractal generator via configuration file path handling allows code execution through crafted configuration files. PoC available.

Windows RCE Buffer Overflow
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2019-25360 HIGH POC This Week

Aida64 Engineer 6.10.5200 contains a buffer overflow vulnerability in the CSV logging configuration that allows attackers to execute malicious code by crafting a specially designed payload. [CVSS 9.8 CRITICAL]

RCE Buffer Overflow Stack Overflow Aida64
NVD Exploit-DB VulDB
CVSS 4.0
8.4
EPSS
0.2%
CVE-2026-0573 CRITICAL Act Now

URL redirection vulnerability in GitHub Enterprise Server allows attacker-controlled redirects through crafted URLs, potentially enabling credential theft via phishing.

Github RCE Enterprise Server
NVD GitHub
CVSS 3.1
9.0
EPSS
0.1%
CVE-2025-12343 LOW PATCH Monitor

Ffmpeg contains a vulnerability that allows attackers to a double-free condition, potentially causing FFmpeg or any application using it (CVSS 3.3).

Denial Of Service RCE Tensorflow AI / ML
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-70151 HIGH POC This Week

Scholars Tracking System versions up to 1.0 is affected by unrestricted upload of file with dangerous type (CVSS 8.8).

PHP RCE Scholars Tracking System
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-14009 PyPI HIGH POC PATCH GHSA This Week

Arbitrary code execution in the NLTK (Natural Language Toolkit) Python library affects all versions through its data downloader: the _unzip_iter function in nltk/downloader.py calls zipfile.extractall() with no path validation, so a malicious data package can drop attacker-controlled Python files (e.g. __init__.py) that execute automatically on import. Any application that downloads NLTK data from an attacker-influenced source is exposed to full remote code execution. Publicly available exploit code exists (huntr.com bounty), EPSS is modest at 0.57% (68th percentile), and there is no public exploit identified as actively exploited in CISA KEV.

Python RCE Nltk Code Injection
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2025-15579 This Week

Deserialization of Untrusted Data vulnerability in OpenText™ Directory Services allows Object Injection. The vulnerability could lead to remote code execution, denial of service, or privilege escalation.

RCE Denial Of Service Privilege Escalation Deserialization
NVD
EPSS
0.4%
CVE-2026-2329 CRITICAL POC PATCH THREAT Act Now

Unauthenticated stack-based buffer overflow in /cgi-bin/api.values.get HTTP API endpoint. EPSS 41.1% indicates very high exploitation probability. Patch available.

RCE Buffer Overflow Stack Overflow Gxp1628 Firmware Gxp1630 Firmware +4
NVD GitHub
CVSS 3.1
9.8
EPSS
41.1%
Threat
4.7
CVE-2025-61982 HIGH This Week

An arbitrary code execution vulnerability exists in the Code Stream directive functionality of OpenCFD OpenFOAM 2506. A specially crafted OpenFOAM simulation file can lead to arbitrary code execution. [CVSS 7.8 HIGH]

RCE Code Injection
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-60038 HIGH This Week

A vulnerability has been identified in Rexroth IndraWorks. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data. [CVSS 7.8 HIGH]

RCE Deserialization Rexroth Indraworks
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-60037 HIGH This Week

A vulnerability has been identified in Rexroth IndraWorks. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data. [CVSS 7.8 HIGH]

RCE Deserialization Rexroth Indraworks
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-60036 HIGH This Week

A vulnerability has been identified in the UA.Testclient utility, which is included in Rexroth IndraWorks. All versions prior to 15V24 are affected. [CVSS 7.8 HIGH]

RCE Deserialization Rexroth Ua.Testclient Rexroth Indraworks
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-60035 HIGH This Week

A vulnerability has been identified in the OPC.Testclient utility, which is included in Rexroth IndraWorks. All versions prior to 15V24 are affected. [CVSS 7.8 HIGH]

RCE Deserialization Rexroth Indraworks
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-33253 PyPI HIGH PATCH This Week

NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution by convincing a user to load a maliciously crafted file. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering. [CVSS 7.8 HIGH]

RCE Denial Of Service Information Disclosure AI / ML Nemo
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-33252 HIGH This Week

NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering. [CVSS 7.8 HIGH]

RCE Denial Of Service Information Disclosure AI / ML Nemo
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2025-33251 HIGH This Week

NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering. [CVSS 7.8 HIGH]

RCE Denial Of Service Information Disclosure AI / ML Nemo
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-33250 HIGH This Week

NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering. [CVSS 7.8 HIGH]

RCE Denial Of Service Information Disclosure AI / ML Nemo
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-33245 PyPI HIGH PATCH This Week

NVIDIA NeMo Framework contains a vulnerability where malicious data could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. [CVSS 8.0 HIGH]

RCE Privilege Escalation Information Disclosure AI / ML Nemo
NVD
CVSS 3.1
8.0
EPSS
0.3%
CVE-2025-33243 HIGH This Week

NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution in distributed environments. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. [CVSS 7.8 HIGH]

RCE Privilege Escalation Information Disclosure AI / ML Nemo
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2025-33241 HIGH This Week

NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution by loading a maliciously crafted file. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. [CVSS 7.8 HIGH]

RCE Privilege Escalation Information Disclosure AI / ML Nemo
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2025-33240 HIGH This Week

NVIDIA Megatron Bridge contains a vulnerability in a data shuffling tutorial, where malicious input could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. [CVSS 7.8 HIGH]

Code Injection Information Disclosure Megatron Bridge Nvidia RCE
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-33239 HIGH This Week

NVIDIA Megatron Bridge contains a vulnerability in a data merging tutorial, where malicious input could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. [CVSS 7.8 HIGH]

Code Injection Information Disclosure Megatron Bridge Nvidia RCE
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-2426 MEDIUM This Month

Arbitrary file deletion in WP-DownloadManager plugin versions up to 1.69 allows high-privileged WordPress administrators to bypass path validation and remove critical system files through directory traversal in the file deletion parameter. Deletion of essential files like wp-config.php can result in remote code execution or complete site compromise. No patch is currently available.

WordPress PHP RCE Path Traversal
NVD GitHub
CVSS 3.1
6.5
EPSS
2.6%
CVE-2026-22769 CRITICAL KEV PATCH THREAT Act Now

Dell RecoverPoint for Virtual Machines prior to 6.0.3.1 HF1 contains hardcoded credentials (CVE-2026-22769, CVSS 10.0) that allow unauthenticated remote attackers with knowledge of the credentials to gain root-level access to the underlying operating system. KEV-listed, this vulnerability exposes disaster recovery infrastructure to complete compromise, potentially affecting the integrity of backup and replication data.

Dell Authentication Bypass Privilege Escalation RCE Recoverpoint For Virtual Machines
NVD
CVSS 3.1
10.0
EPSS
34.2%
Threat
4.5
CVE-2025-59793 CRITICAL Act Now

Path traversal in Rocket TRUfusion Enterprise through 7.10.5 via /axis2/services endpoint allows authenticated attackers to read and write arbitrary files on the host. EPSS 0.32%.

RCE Path Traversal Trufusion Enterprise
NVD
CVSS 4.0
9.4
EPSS
0.3%
CVE-2025-70830 CRITICAL Act Now

Server-Side Template Injection (SSTI) in Datart v1.0.0-rc.3 via Freemarker template engine allows authenticated users to execute arbitrary code on the server.

Code Injection RCE
NVD GitHub
CVSS 3.1
9.9
EPSS
0.0%
CVE-2025-70828 HIGH This Week

An issue in Datart v1.0.0-rc.3 allows attackers to execute arbitrary code via the url parameter in the JDBC configuration [CVSS 8.8 HIGH]

Command Injection RCE Datart
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-22208 CRITICAL Act Now

Remote code execution in OpenS100 (S-100 viewer reference implementation) prior to commit 753cf29. Malicious S-100 dataset files can trigger code execution when opened. CVSS 9.6.

RCE
NVD GitHub VulDB
CVSS 4.0
9.4
EPSS
0.2%
CVE-2026-26220 CRITICAL Act Now

Remote code execution in LightLLM 1.1.0 and prior lets unauthenticated attackers run arbitrary code on the PD master node when the framework runs in prefill-decode (PD) disaggregation mode. The PD master exposes WebSocket endpoints that feed inbound binary frames straight into Python's pickle.loads(), so any attacker able to reach that socket can execute code in the serving process. No CISA KEV listing exists and EPSS is modest at 0.83% (74th percentile), but a public technical write-up (chocapikk.com) plus a VulnCheck advisory mean publicly available exploit code exists, so this should be treated as an urgent internal-exposure risk.

RCE Deserialization
NVD GitHub
CVSS 4.0
9.3
EPSS
0.8%
CVE-2026-2001 HIGH This Week

Arbitrary plugin installation in WowRevenue for WordPress (versions up to 2.1.3) allows authenticated subscribers to bypass capability checks and install malicious plugins, potentially enabling remote code execution on vulnerable sites. The vulnerability requires only low-privilege user access and network connectivity, affecting WordPress instances running the vulnerable plugin without an available patch.

WordPress RCE
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-65716 HIGH POC This Week

An issue in Visual Studio Code Extensions Markdown Preview Enhanced v0.8.18 allows attackers to execute arbitrary code via uploading a crafted .Md file. [CVSS 8.8 HIGH]

RCE Code Injection Markdown Preview Enhanced
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-65715 HIGH POC This Week

An issue in the code-runner.executorMap setting of Visual Studio Code Extensions Code Runner v0.12.2 allows attackers to execute arbitrary code when opening a crafted workspace. [CVSS 7.8 HIGH]

RCE Code Injection Coderunner
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-1335 HIGH This Week

Arbitrary code execution in SOLIDWORKS eDrawings 2025-2026 via out-of-bounds write in EPRT file parsing allows local attackers to gain code execution when opening malicious files. The vulnerability requires user interaction and affects both confidentiality, integrity, and availability. No patch is currently available.

Buffer Overflow RCE Solidworks Edrawings
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-1334 HIGH This Week

Arbitrary code execution in SOLIDWORKS eDrawings 2025-2026 results from an out-of-bounds read flaw in EPRT file processing, enabling attackers to compromise systems by tricking users into opening malicious files. The vulnerability affects local users with no privilege requirements and carries a high severity rating, though no patch is currently available.

Buffer Overflow RCE Information Disclosure Solidworks Edrawings
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-1333 HIGH This Week

Solidworks Edrawings versions up to 2025 contains a vulnerability that allows attackers to execute arbitrary code while opening a specially crafted EPRT file (CVSS 7.8).

RCE Solidworks Edrawings
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-32062 HIGH This Week

The specific flaw exists within the Bluetooth stack developed by Alps Alpine of the Infotainment ECU manufactured by Bosch. [CVSS 8.8 HIGH]

RCE Buffer Overflow Stack Overflow
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-32061 HIGH This Week

The specific flaw exists within the Bluetooth stack developed by Alps Alpine of the Infotainment ECU manufactured by Bosch. [CVSS 8.8 HIGH]

RCE Buffer Overflow Stack Overflow
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-32059 HIGH This Week

The specific flaw exists within the Bluetooth stack developed by Alps Alpine of the Infotainment ECU manufactured by Bosch. [CVSS 8.8 HIGH]

RCE Buffer Overflow Stack Overflow
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-32058 CRITICAL Act Now

Bosch Infotainment ECU's RH850 CAN module has a stack buffer overflow enabling potential code execution through crafted CAN bus messages.

Buffer Overflow RCE
NVD
CVSS 3.1
9.3
EPSS
0.0%
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Zumba Json Serializer versions 3.2.2 and below allow unrestricted PHP object instantiation during JSON deserialization, enabling attackers to trigger arbitrary class constructors and magic methods via malicious @type fields. When processing untrusted JSON input, this vulnerability can lead to PHP Object Injection and remote code execution if vulnerable gadget chains are present in the application or its dependencies. The vulnerability affects applications using affected PHP serialization libraries and currently lacks a patched version.

PHP RCE Deserialization
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

RCE in D-Tale pandas data visualizer before 3.20.0 via /save-column-filter. Patch available.

RCE AI / ML D Tale
NVD GitHub
EPSS 1% CVSS 7.3
HIGH PATCH This Week

Authentication bypass leading to administrator-level remote code execution affects MLflow installations that use the built-in basic authentication, which ships a basic_auth.ini file containing hard-coded default credentials. Remote unauthenticated attackers who know these well-known defaults can log in as the administrator and execute arbitrary code in that context. No public exploit has been identified at time of analysis and it is not in CISA KEV, but the EPSS score of 1.39% (80th percentile) reflects above-average exploitation interest for a Trend Micro ZDI-disclosed flaw with an available vendor patch.

Authentication Bypass RCE
NVD GitHub VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Local privilege escalation in TensorFlow's HDF5 plugin-loading mechanism lets a low-privileged user run arbitrary code as a higher-privileged target user. The flaw stems from TensorFlow loading plugins from an unsecured, attacker-writable search-path location (CWE-427), so an attacker who can already execute low-privileged code plants a malicious plugin that is later loaded in the victim's context. There is no public exploit identified at time of analysis, EPSS risk is very low (0.02%), and it is not listed in CISA KEV, but the issue is credibly reported by Trend Micro ZDI (ZDI-26-116) and patched by upstream and Red Hat.

Privilege Escalation RCE
NVD GitHub VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

GIMP is vulnerable to out-of-bounds memory write during XWD file parsing due to insufficient input validation, enabling arbitrary code execution when a user opens a malicious image file. This high-severity vulnerability (CVSS 7.8) affects local attackers who can craft specially crafted XWD files to corrupt memory and execute code with the privileges of the GIMP process. No patch is currently available.

RCE Gimp Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Remote code execution in GIMP through heap buffer overflow during ICNS file parsing allows attackers to execute arbitrary code when a user opens a malicious image file. The vulnerability stems from insufficient validation of user-supplied data lengths before copying to heap memory, requiring only user interaction to trigger. A patch is available for affected installations.

RCE Buffer Overflow Heap Overflow +1
NVD VulDB
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Out-of-bounds write in GIMP 3.0.6's XWD (X Window Dump) image file parser allows remote attackers to execute arbitrary code in the context of the user running GIMP, provided the victim is lured into opening a malicious XWD file or visiting a page that delivers one. The CVSS 3.1 vector (AV:L/UI:R) shows this is not a remote-network attack but a user-interaction-driven file-parsing flaw, scored 7.3 (High). There is no public exploit identified at time of analysis, and EPSS is very low (0.08%, 23rd percentile), consistent with an attack that depends on social engineering rather than mass automation.

RCE Gimp Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in GIMP 3.0.6 allows attackers to run arbitrary code by tricking a user into opening a malicious PGM (Portable Gray Map) image file or visiting a page that delivers one. The PGM parser accesses memory before it is properly initialized (CWE-908), letting a crafted file corrupt program state and hijack execution in the context of the current user. Discovered and reported via Trend Micro's Zero Day Initiative (ZDI-26-118 / ZDI-CAN-28158); no public exploit identified at time of analysis and EPSS exploitation probability is low (0.06%, 20th percentile).

RCE Gimp
NVD VulDB
EPSS 1% CVSS 8.8
HIGH This Week

Remote code execution in Nagios Xi through command injection in the esensors_websensor_configwizard_func method allows authenticated attackers to execute arbitrary commands with service account privileges. The vulnerability stems from insufficient input validation on user-supplied parameters passed to system calls. With a CVSS score of 8.8 and no patch currently available, this poses a significant risk to authenticated users of affected Nagios installations.

RCE Command Injection Nagios Xi
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Remote code execution in Nagios Xi's monitoringwizard module allows authenticated attackers to execute arbitrary commands through insufficient input validation in system calls. An attacker with valid credentials can exploit this command injection vulnerability to gain code execution with service account privileges on affected installations. No patch is currently available for this high-severity vulnerability.

RCE Command Injection Nagios Xi
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Nagios Xi for iOS is vulnerable to command injection in the zabbixagent_configwizard_func method due to insufficient input validation, allowing authenticated attackers to execute arbitrary code with service account privileges. The vulnerability requires valid credentials but no user interaction to exploit, and no patch is currently available. Exploitation could grant attackers full system access on affected Nagios installations.

RCE Command Injection Nagios Xi
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Unsafe deserialization in GFI Archiver's MArc.Core.Remoting service (port 8017) enables authenticated remote attackers to achieve unauthenticated remote code execution with SYSTEM privileges, despite the authentication requirement being bypassable. The vulnerability stems from insufficient validation of untrusted data during the deserialization process, allowing arbitrary code execution on affected systems. No patch is currently available.

RCE Deserialization Archiver
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Remote code execution in GFI Archiver's MArc.Store.Remoting.exe component stems from unsafe deserialization of untrusted data, allowing authenticated attackers to execute arbitrary code with SYSTEM privileges despite the authentication requirement being bypassable. The vulnerability affects the deserialization and archiver products due to insufficient validation of user-supplied input, enabling full system compromise. No patch is currently available.

RCE Deserialization Archiver
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Remote code execution in Deciso OPNsense's backup functionality allows authenticated network-adjacent attackers to execute arbitrary commands with root privileges through insufficient input validation in the diag_backup.php file. An attacker with valid credentials can inject malicious commands into backup filename parameters to achieve code execution on the affected system. No patch is currently available for this vulnerability.

PHP RCE Command Injection
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

Remote code execution in Sante DICOM Viewer Pro via buffer overflow when parsing malicious DCM files allows attackers to execute arbitrary code on affected systems. The vulnerability stems from insufficient validation of user-supplied data length before copying to a buffer, requiring user interaction such as opening a malicious file or visiting a compromised page. No patch is currently available for this high-severity flaw.

RCE Buffer Overflow Dicom Viewer Pro
NVD
EPSS 16% CVSS 7.3
HIGH PATCH Act Now

Remote code execution in the MLflow Tracking Server allows unauthenticated attackers (PR:N) to abuse the artifact handler's path processing to read or write files outside the intended artifact root and ultimately run code as the server's service account. The flaw is a CWE-22 path traversal in artifact file-path handling reachable over the network with low complexity. No public exploit is identified at time of analysis, but the EPSS score of 15.58% (95th percentile) signals notably elevated near-term exploitation likelihood for an MLOps component frequently exposed on internal and cloud networks.

RCE Path Traversal
NVD GitHub VulDB
EPSS 0% CVSS 9.9
CRITICAL PATCH Act Now

Authorization bypass in Kargo Kubernetes promotion tool from 1.7.0 before 1.7.8/1.8.11/1.9.3. Batch resource creation bypasses authorization checks. Patch available.

Golang Kubernetes RCE +2
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in GIMP 3.2.0-rc1 lets attackers run arbitrary code by tricking a user into opening a malicious ICO image file or visiting a page that delivers one. The flaw is a heap-based buffer overflow in the ICO file parser caused by missing length validation before a copy operation, and it executes code in the context of the GIMP process. No public exploit has been identified at time of analysis, and EPSS estimates exploitation probability at just 0.06% (19th percentile), consistent with a user-interaction-gated client-side bug rather than mass-exploited infrastructure.

RCE Buffer Overflow Heap Overflow +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Xmind fails to display adequate security warnings when users open file attachments, enabling remote code execution with the privileges of the current user. An attacker can exploit this by tricking users into opening malicious files or visiting crafted pages, with the unsafe action proceeding without proper user notification. No patch is currently available.

RCE
NVD
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

Unsafe PHP deserialization in openITCOCKPIT Community Edition 5.3.1 and earlier allows authenticated attackers to inject malicious serialized objects through changelog entries, with public exploit code available. While no current attack path has been identified, an unrestricted unserialize() call creates a latent remote code execution vulnerability that could be exploited if future code changes introduce exploitable object types into the deserialization path. Authenticated access is required, but the HIGH severity rating reflects the potential for complete system compromise if this latent flaw is activated.

PHP Prometheus RCE +2
NVD GitHub
EPSS 0%
PATCH Monitor

Predictable bucket naming in Vertex AI Experiments in Google Cloud Vertex AI from version 1.21.0 up to (but not including) 1.133.0 on Google Cloud Platform allows an unauthenticated remote attacker to achieve cross-tenant remote code execution, model theft, and poisoning via pre-creating predictably named Cloud Storage buckets (Bucket Squatting).

Google RCE
NVD
EPSS 0% CVSS 8.8
HIGH POC This Week

Open Source Point Of Sale versions up to 3.4.1 is affected by unrestricted upload of file with dangerous type (CVSS 8.8).

PHP RCE LFI +1
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

RCE in Smanga 3.2.7 via command injection in /php/path/rescan.php. EPSS 0.29%.

PHP RCE Smanga
NVD GitHub
EPSS 0% CVSS 9.9
CRITICAL Act Now

Unrestricted file upload in Wiguard (wiguard) WordPress theme allows uploading web shells for remote code execution.

WordPress PHP RCE
NVD
EPSS 0% CVSS 7.7
HIGH This Week

Improper Control of Generation of Code ('Code Injection') vulnerability in inpersttion Inpersttion For Theme err-our-team allows Code Injection.This issue affects Inpersttion For Theme: from n/a through <= 1.0. [CVSS 7.6 HIGH]

Code Injection RCE
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution with administrative privileges in RICOH Job Log Aggregation Tool versions before 1.3.7 due to insecure DLL search path handling. Local attackers with user interaction can execute malicious code by placing a crafted DLL in the installer's search path. No patch is currently available.

Privilege Escalation RCE
NVD
EPSS 0% CVSS 8.8
HIGH POC PATCH This Week

Remote code execution in Calibre 9.2.1 and earlier allows authenticated users to write arbitrary files via a path traversal flaw in the extract_pictures() function that fails to properly sanitize directory traversal sequences. On Windows systems, attackers can exploit this to write malicious payloads to the Startup folder, achieving code execution upon the next user login. Public exploit code exists for this vulnerability, and a patch is available in version 9.3.0.

Windows RCE Path Traversal +2
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

Remote code execution in Music Assistant Server 2.6.3 and below enables unauthenticated network-adjacent attackers to execute arbitrary code through path traversal in the playlist update API, which fails to enforce file extension restrictions and allows writing malicious Python files to site-packages. The vulnerability is particularly critical because affected containers typically run as root, amplifying the impact of successful exploitation. No patch is currently available, leaving installations at risk until an upgrade to version 2.7.0 or later is performed.

Python RCE Path Traversal +1
NVD GitHub VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in ADB Explorer version 0.9.26020 and earlier on Windows allows local attackers to execute malicious binaries by manipulating the ManualAdbPath configuration setting without integrity validation. An attacker can exploit this through social engineering by distributing a crafted settings file that redirects the application to a malicious executable, gaining code execution with user privileges. The vulnerability requires user interaction to launch the application with a malicious configuration directory.

Windows RCE
NVD GitHub
EPSS 0% CVSS 7.6
HIGH POC PATCH This Week

Stored XSS in Fabric.js prior to version 7.2.0 allows attackers to inject arbitrary SVG elements and event handlers when user-supplied JSON is loaded and exported via toSVG(), affecting applications that process collaborative designs, imports, or CMS plugins. Public exploit code exists for this vulnerability. Applications rendering the SVG output in browsers are vulnerable to arbitrary JavaScript execution.

RCE XSS Fabric.Js
NVD GitHub
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

Heap buffer overflow in HDF5 versions prior to 1.14.4-2 allows attackers to trigger denial-of-service or potentially achieve code execution by crafting malicious h5 files. The vulnerability affects any system parsing untrusted HDF5 data files and has public exploit code available. A patch is not yet available, leaving affected deployments at risk.

RCE Buffer Overflow Heap Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 4.3
MEDIUM This Month

GFI MailEssentials AI versions prior to 22.4 allow authenticated users to enumerate arbitrary directories on the server through the ListServer.IsPathExist() web method, which fails to validate filesystem paths before checking their existence. An attacker with valid credentials can exploit this information disclosure vulnerability to map the server's directory structure and identify sensitive locations. No patch is currently available for this vulnerability.

RCE Mailessentials
NVD
EPSS 0% CVSS 9.3
CRITICAL Act Now

Remote code execution in Hyland's Alfresco Transform Service (and the related Alfresco Transform Core component) lets unauthenticated network attackers inject crafted arguments into the document-processing pipeline to run arbitrary commands on the transformation host. Any exposed Alfresco deployment relying on these transform components is affected, with no login required and full compromise of confidentiality, integrity and availability. No public exploit has been identified at time of analysis, and the EPSS probability is currently low (0.22%, 44th percentile).

RCE Alfresco Transform Core Alfresco Transform Service +1
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

GFI MailEssentials AI versions before 22.4 expose a file enumeration vulnerability in the ListServer.IsDBExist() web method that allows authenticated users to probe arbitrary filesystem paths and determine file existence on the server. An attacker can exploit this by submitting unrestricted paths via the JSON "path" parameter, which are processed without validation, disclosing sensitive information about the server's filesystem structure. No patch is currently available for this vulnerability.

RCE Mailessentials
NVD
EPSS 0% CVSS 9.9
CRITICAL PATCH Act Now

Remote code execution in Microsoft Semantic Kernel Python SDK before 1.39.4. Code injection in the AI orchestration framework. Patch available.

Microsoft Linux Python +3
NVD GitHub
EPSS 0% CVSS 8.8
HIGH POC PATCH This Week

Privilege escalation in Kata Containers (versions prior to 3.27.0) running on the Cloud Hypervisor backend lets a sufficiently-privileged container user write to the guest micro-VM's root filesystem and gain arbitrary code execution as root inside that VM. The root cause is that the read-only DAX/virtio-pmem rootfs image is never actually enforced read-only, so guest writes to /dev/pmem0 are observed by the guest. Publicly available exploit detail exists (GitHub Security Advisory GHSA-wwj6-vghv-5p64), though EPSS exploitation probability is negligible (0.01%) and it is not on CISA KEV.

RCE Kata Containers
NVD GitHub VulDB
EPSS 74% 5.7 CVSS 9.8
CRITICAL POC THREAT Emergency

The Saisies plugin for SPIP CMS versions 5.4.0 through 5.11.0 contains a critical remote code execution vulnerability. Attackers can exploit the vulnerability to execute arbitrary code on the SPIP server, compromising the content management system and its database.

RCE Saisies
NVD
EPSS 0% CVSS 8.8
HIGH POC PATCH This Week

PDF object injection in the jsPDF JavaScript library (npm package 'jspdf', versions prior to 4.2.0) lets an attacker who controls the string passed to the addJS method break out of the PDF JavaScript string delimiter and inject arbitrary PDF dictionary objects, including auto-executing Additional Actions (/AA). Any user who later opens the generated PDF in a JavaScript-capable viewer executes the injected actions, affecting confidentiality, integrity and availability of their document session. Publicly available exploit code exists (a documented payload is published in the GitHub advisory), but EPSS is very low (0.04%, 10th percentile) and the issue is not in CISA KEV.

RCE Code Injection Jspdf
NVD GitHub VulDB
EPSS 0% CVSS 6.1
MEDIUM This Month

The server API endpoint /report/internet/urls reflects received data into the HTML response without applying proper encoding or filtering. This allows an attacker to execute arbitrary JavaScript in the victim's browser if the victim opens a URL prepared by the attacker. [CVSS 6.1 MEDIUM]

RCE XSS Worktime
NVD
EPSS 0% CVSS 7.2
HIGH PATCH This Week

Authenticated remote code execution affects multiple WSO2 products (API Manager 4.2.0-4.6.0, API Control Plane 4.5.0-4.6.0, Universal Gateway 4.5.0, and Traffic Manager 4.5.0-4.6.0) through an unrestricted file upload exposed via a system REST API. An administrator-level attacker can place an arbitrary file at a user-controlled path and trigger code execution on the host. No public exploit identified at time of analysis, EPSS is low at 0.28%, and a vendor patch is available per WSO2 advisory WSO2-2025-4849.

RCE Api Manager Universal Gateway +3
NVD VulDB
EPSS 0% CVSS 8.4
HIGH This Week

Identity Server versions up to 5.11.0 contains a vulnerability that allows attackers to a malicious actor with admin privilege to inject and execute arbitrary template (CVSS 8.4).

RCE Identity Server
NVD
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Arbitrary file upload in Slider Future WordPress plugin.

WordPress RCE
NVD
EPSS 0% CVSS 8.8
HIGH This Week

The Orderable WordPress plugin through version 1.20.0 fails to properly verify user permissions on plugin installation functions, enabling authenticated subscribers to install malicious plugins and achieve remote code execution. An attacker with minimal WordPress account privileges can exploit this capability check bypass to gain full server compromise without administrator credentials. No patch is currently available for this vulnerability (CVSS 8.8).

WordPress RCE Authentication Bypass
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Local File Inclusion in Prodigy Commerce WordPress plugin <= 3.2.9.

WordPress PHP LFI +2
NVD Exploit-DB VulDB
EPSS 0% CVSS 7.2
HIGH This Week

The CTX Feed - WooCommerce Product Feed Manager plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the woo_feed_plugin_installing() function in all versions up to, and including, 6.6.11. [CVSS 7.2 HIGH]

WordPress RCE PHP
NVD
EPSS 0% CVSS 8.8
HIGH This Week

The NewsBlogger theme for WordPress is vulnerable to Cross-Site Request Forgery in versions 0.2.5.6 to 0.2.6.1. This is due to missing or incorrect nonce validation on the newsblogger_install_and_activate_plugin() function. [CVSS 8.8 HIGH]

WordPress RCE CSRF +1
NVD
EPSS 0% CVSS 9.1
CRITICAL POC PATCH Act Now

Remote Code Execution in InvoicePlane self-hosted invoicing application through code injection. PoC and patch available.

PHP RCE LFI +1
NVD GitHub
EPSS 0% CVSS 8.4
HIGH This Week

Saturn Remote Mouse Server on local networks is vulnerable to unauthenticated command injection through specially crafted UDP JSON packets sent to port 27000, enabling attackers to execute arbitrary code with service account privileges. Affected systems lack input validation on command parameters, allowing network-adjacent threat actors to achieve remote code execution without authentication. No patch is currently available for this high-severity vulnerability.

RCE Command Injection
NVD
EPSS 62% 5.3 CVSS 9.8
CRITICAL POC THREAT Emergency

MajorDoMo home automation platform is vulnerable to unauthenticated remote code execution through supply chain compromise via update URL poisoning. The saverestore module exposes its admin() method without authentication due to improper use of gr() (which reads from $_REQUEST), allowing attackers to redirect update URLs and push malicious code packages.

PHP TLS RCE +1
NVD GitHub
EPSS 42% 4.7 CVSS 9.8
CRITICAL POC THREAT Emergency

Unauthenticated OS command injection in MajorDoMo via rc/index.php. EPSS 41.7% — the $param variable is passed unsanitized to shell commands. PoC available.

PHP RCE Command Injection +2
NVD GitHub
EPSS 60% 5.3 CVSS 9.8
CRITICAL POC THREAT Emergency

MajorDoMo home automation platform allows unauthenticated remote code execution through the admin panel's PHP console. An include order bug in panel.class.php causes execution to continue past a redirect() call that lacks an exit statement, allowing unauthenticated requests to reach the PHP code execution functionality in inc_panel_ajax.php.

PHP RCE Majordomo
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Buffer overflow in ChaosPro 2.0 fractal generator via configuration file path handling allows code execution through crafted configuration files. PoC available.

Windows RCE Buffer Overflow
NVD Exploit-DB
EPSS 0% CVSS 8.4
HIGH POC This Week

Aida64 Engineer 6.10.5200 contains a buffer overflow vulnerability in the CSV logging configuration that allows attackers to execute malicious code by crafting a specially designed payload. [CVSS 9.8 CRITICAL]

RCE Buffer Overflow Stack Overflow +1
NVD Exploit-DB VulDB
EPSS 0% CVSS 9.0
CRITICAL Act Now

URL redirection vulnerability in GitHub Enterprise Server allows attacker-controlled redirects through crafted URLs, potentially enabling credential theft via phishing.

Github RCE Enterprise Server
NVD GitHub
EPSS 0% CVSS 3.3
LOW PATCH Monitor

Ffmpeg contains a vulnerability that allows attackers to a double-free condition, potentially causing FFmpeg or any application using it (CVSS 3.3).

Denial Of Service RCE Tensorflow +1
NVD
EPSS 0% CVSS 8.8
HIGH POC This Week

Scholars Tracking System versions up to 1.0 is affected by unrestricted upload of file with dangerous type (CVSS 8.8).

PHP RCE Scholars Tracking System
NVD
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

Arbitrary code execution in the NLTK (Natural Language Toolkit) Python library affects all versions through its data downloader: the _unzip_iter function in nltk/downloader.py calls zipfile.extractall() with no path validation, so a malicious data package can drop attacker-controlled Python files (e.g. __init__.py) that execute automatically on import. Any application that downloads NLTK data from an attacker-influenced source is exposed to full remote code execution. Publicly available exploit code exists (huntr.com bounty), EPSS is modest at 0.57% (68th percentile), and there is no public exploit identified as actively exploited in CISA KEV.

Python RCE Nltk +1
NVD
EPSS 0%
This Week

Deserialization of Untrusted Data vulnerability in OpenText™ Directory Services allows Object Injection. The vulnerability could lead to remote code execution, denial of service, or privilege escalation.

RCE Denial Of Service Privilege Escalation +1
NVD
EPSS 41% 4.7 CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

Unauthenticated stack-based buffer overflow in /cgi-bin/api.values.get HTTP API endpoint. EPSS 41.1% indicates very high exploitation probability. Patch available.

RCE Buffer Overflow Stack Overflow +6
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

An arbitrary code execution vulnerability exists in the Code Stream directive functionality of OpenCFD OpenFOAM 2506. A specially crafted OpenFOAM simulation file can lead to arbitrary code execution. [CVSS 7.8 HIGH]

RCE Code Injection
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A vulnerability has been identified in Rexroth IndraWorks. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data. [CVSS 7.8 HIGH]

RCE Deserialization Rexroth Indraworks
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A vulnerability has been identified in Rexroth IndraWorks. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data. [CVSS 7.8 HIGH]

RCE Deserialization Rexroth Indraworks
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A vulnerability has been identified in the UA.Testclient utility, which is included in Rexroth IndraWorks. All versions prior to 15V24 are affected. [CVSS 7.8 HIGH]

RCE Deserialization Rexroth Ua.Testclient +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A vulnerability has been identified in the OPC.Testclient utility, which is included in Rexroth IndraWorks. All versions prior to 15V24 are affected. [CVSS 7.8 HIGH]

RCE Deserialization Rexroth Indraworks
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution by convincing a user to load a maliciously crafted file. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering. [CVSS 7.8 HIGH]

RCE Denial Of Service Information Disclosure +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering. [CVSS 7.8 HIGH]

RCE Denial Of Service Information Disclosure +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering. [CVSS 7.8 HIGH]

RCE Denial Of Service Information Disclosure +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering. [CVSS 7.8 HIGH]

RCE Denial Of Service Information Disclosure +2
NVD
EPSS 0% CVSS 8.0
HIGH PATCH This Week

NVIDIA NeMo Framework contains a vulnerability where malicious data could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. [CVSS 8.0 HIGH]

RCE Privilege Escalation Information Disclosure +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution in distributed environments. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. [CVSS 7.8 HIGH]

RCE Privilege Escalation Information Disclosure +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution by loading a maliciously crafted file. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. [CVSS 7.8 HIGH]

RCE Privilege Escalation Information Disclosure +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

NVIDIA Megatron Bridge contains a vulnerability in a data shuffling tutorial, where malicious input could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. [CVSS 7.8 HIGH]

Code Injection Information Disclosure Megatron Bridge +2
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

NVIDIA Megatron Bridge contains a vulnerability in a data merging tutorial, where malicious input could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. [CVSS 7.8 HIGH]

Code Injection Information Disclosure Megatron Bridge +2
NVD VulDB
EPSS 3% CVSS 6.5
MEDIUM This Month

Arbitrary file deletion in WP-DownloadManager plugin versions up to 1.69 allows high-privileged WordPress administrators to bypass path validation and remove critical system files through directory traversal in the file deletion parameter. Deletion of essential files like wp-config.php can result in remote code execution or complete site compromise. No patch is currently available.

WordPress PHP RCE +1
NVD GitHub
EPSS 34% 4.5 CVSS 10.0
CRITICAL KEV PATCH THREAT Act Now

Dell RecoverPoint for Virtual Machines prior to 6.0.3.1 HF1 contains hardcoded credentials (CVE-2026-22769, CVSS 10.0) that allow unauthenticated remote attackers with knowledge of the credentials to gain root-level access to the underlying operating system. KEV-listed, this vulnerability exposes disaster recovery infrastructure to complete compromise, potentially affecting the integrity of backup and replication data.

Dell Authentication Bypass Privilege Escalation +2
NVD
EPSS 0% CVSS 9.4
CRITICAL Act Now

Path traversal in Rocket TRUfusion Enterprise through 7.10.5 via /axis2/services endpoint allows authenticated attackers to read and write arbitrary files on the host. EPSS 0.32%.

RCE Path Traversal Trufusion Enterprise
NVD
EPSS 0% CVSS 9.9
CRITICAL Act Now

Server-Side Template Injection (SSTI) in Datart v1.0.0-rc.3 via Freemarker template engine allows authenticated users to execute arbitrary code on the server.

Code Injection RCE
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

An issue in Datart v1.0.0-rc.3 allows attackers to execute arbitrary code via the url parameter in the JDBC configuration [CVSS 8.8 HIGH]

Command Injection RCE Datart
NVD GitHub
EPSS 0% CVSS 9.4
CRITICAL Act Now

Remote code execution in OpenS100 (S-100 viewer reference implementation) prior to commit 753cf29. Malicious S-100 dataset files can trigger code execution when opened. CVSS 9.6.

RCE
NVD GitHub VulDB
EPSS 1% CVSS 9.3
CRITICAL Act Now

Remote code execution in LightLLM 1.1.0 and prior lets unauthenticated attackers run arbitrary code on the PD master node when the framework runs in prefill-decode (PD) disaggregation mode. The PD master exposes WebSocket endpoints that feed inbound binary frames straight into Python's pickle.loads(), so any attacker able to reach that socket can execute code in the serving process. No CISA KEV listing exists and EPSS is modest at 0.83% (74th percentile), but a public technical write-up (chocapikk.com) plus a VulnCheck advisory mean publicly available exploit code exists, so this should be treated as an urgent internal-exposure risk.

RCE Deserialization
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

Arbitrary plugin installation in WowRevenue for WordPress (versions up to 2.1.3) allows authenticated subscribers to bypass capability checks and install malicious plugins, potentially enabling remote code execution on vulnerable sites. The vulnerability requires only low-privilege user access and network connectivity, affecting WordPress instances running the vulnerable plugin without an available patch.

WordPress RCE
NVD
EPSS 0% CVSS 8.8
HIGH POC This Week

An issue in Visual Studio Code Extensions Markdown Preview Enhanced v0.8.18 allows attackers to execute arbitrary code via uploading a crafted .Md file. [CVSS 8.8 HIGH]

RCE Code Injection Markdown Preview Enhanced
NVD GitHub
EPSS 0% CVSS 7.8
HIGH POC This Week

An issue in the code-runner.executorMap setting of Visual Studio Code Extensions Code Runner v0.12.2 allows attackers to execute arbitrary code when opening a crafted workspace. [CVSS 7.8 HIGH]

RCE Code Injection Coderunner
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in SOLIDWORKS eDrawings 2025-2026 via out-of-bounds write in EPRT file parsing allows local attackers to gain code execution when opening malicious files. The vulnerability requires user interaction and affects both confidentiality, integrity, and availability. No patch is currently available.

Buffer Overflow RCE Solidworks Edrawings
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in SOLIDWORKS eDrawings 2025-2026 results from an out-of-bounds read flaw in EPRT file processing, enabling attackers to compromise systems by tricking users into opening malicious files. The vulnerability affects local users with no privilege requirements and carries a high severity rating, though no patch is currently available.

Buffer Overflow RCE Information Disclosure +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Solidworks Edrawings versions up to 2025 contains a vulnerability that allows attackers to execute arbitrary code while opening a specially crafted EPRT file (CVSS 7.8).

RCE Solidworks Edrawings
NVD
EPSS 0% CVSS 8.8
HIGH This Week

The specific flaw exists within the Bluetooth stack developed by Alps Alpine of the Infotainment ECU manufactured by Bosch. [CVSS 8.8 HIGH]

RCE Buffer Overflow Stack Overflow
NVD
EPSS 0% CVSS 8.8
HIGH This Week

The specific flaw exists within the Bluetooth stack developed by Alps Alpine of the Infotainment ECU manufactured by Bosch. [CVSS 8.8 HIGH]

RCE Buffer Overflow Stack Overflow
NVD
EPSS 0% CVSS 8.8
HIGH This Week

The specific flaw exists within the Bluetooth stack developed by Alps Alpine of the Infotainment ECU manufactured by Bosch. [CVSS 8.8 HIGH]

RCE Buffer Overflow Stack Overflow
NVD
EPSS 0% CVSS 9.3
CRITICAL Act Now

Bosch Infotainment ECU's RH850 CAN module has a stack buffer overflow enabling potential code execution through crafted CAN bus messages.

Buffer Overflow RCE
NVD
Prev Page 36 of 355 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy