Skip to main content

RCE

31891 CVEs technique

Monthly

CVE-2026-1490 CRITICAL Act Now

CleanTalk Anti-Spam WordPress plugin has an authorization bypass enabling unauthenticated attackers to perform file operations on the WordPress server.

WordPress DNS RCE
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-1306 CRITICAL POC Act Now

Arbitrary file upload in midi-Synth WordPress plugin via 'export' AJAX action.

WordPress RCE File Upload
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-26335 CRITICAL POC Act Now

Static ASP.NET machineKey in Calero VeraSMART before 2022 R1. Hardcoded key enables ViewState deserialization attacks and cookie forgery.

IIS .NET RCE Deserialization Verasmart
NVD Exploit-DB VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-26333 CRITICAL Act Now

Unauthenticated .NET Remoting endpoint in Calero VeraSMART before 2022 R1. TCP port 8001 exposes default Object URIs enabling deserialization attacks. EPSS 0.17%.

IIS .NET RCE Verasmart
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-26208 HIGH This Week

ADB Explorer on Windows versions prior to Beta 0.9.26020 allows local attackers to achieve remote code execution by crafting a malicious App.txt settings file that exploits insecure JSON deserialization with enabled type name handling. An attacker can inject a gadget chain payload into the configuration file that executes arbitrary code when the application launches and processes settings. No patch is currently available for affected versions.

Windows RCE Deserialization
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2026-26268 HIGH This Week

Cursor versions before 2.5 allow sandbox escape through improper .git configuration file protections, enabling malicious prompts or agents to write git hooks that execute arbitrary code when git commands are triggered. An attacker can achieve remote code execution without user interaction since git automatically executes these hooks, potentially compromising systems where Cursor is used for AI-assisted development. A patch is available in version 2.5.

RCE AI / ML Cursor
NVD GitHub
CVSS 3.1
8.0
EPSS
0.0%
CVE-2026-26221 CRITICAL Act Now

Hyland OnBase contains an unauthenticated .NET Remoting exposure in the OnBase Workflow Timer Service (Hyland.Core.Workflow.NTService.exe).

RCE Deserialization
NVD
CVSS 4.0
9.3
EPSS
1.3%
CVE-2025-70093 HIGH POC This Week

An issue in OpenSourcePOS v3.4.1 allows attackers to execute arbitrary code via returning a crafted AJAX response. [CVSS 7.4 HIGH]

Command Injection RCE Open Source Point Of Sale
NVD GitHub
CVSS 3.1
7.4
EPSS
0.1%
CVE-2019-25332 HIGH POC This Week

FTP Commander Pro 8.03 contains a local stack overflow vulnerability that allows attackers to execute arbitrary code by overwriting the EIP register through a custom command input. [CVSS 8.4 HIGH]

RCE Stack Overflow
NVD Exploit-DB
CVSS 3.1
8.4
EPSS
0.1%
CVE-2019-25323 MEDIUM POC This Month

Heatmiser Netmonitor v3.03 contains an HTML injection vulnerability in the outputSetup.htm page that allows attackers to inject malicious HTML code through the outputtitle parameter. [CVSS 6.1 MEDIUM]

RCE XSS
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2019-25321 CRITICAL POC Act Now

Stack overflow in FTP Navigator 8.03 via SEH overwrite. PoC available.

RCE Buffer Overflow Stack Overflow Ftp Navigator
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
0.3%
CVE-2026-26068 CRITICAL POC PATCH Act Now

Command injection in emp3r0r C2 framework before 3.21.1. Untrusted agent metadata (Transport, Hostname) injected into commands. PoC and patch available. EPSS 0.61%.

Linux RCE Command Injection Emp3r0r
NVD GitHub
CVSS 3.1
9.9
EPSS
0.6%
CVE-2026-26056 Go HIGH PATCH This Week

Arbitrary code execution in Yoke's Air Traffic Controller component allows authenticated users with CustomResource create/update permissions to execute malicious WebAssembly modules by injecting crafted URLs into the overrides.yoke.cd/flight annotation, potentially enabling cluster-admin privilege escalation. The vulnerability affects Yoke 0.19.0 and earlier, with no patch currently available and an 8.8 CVSS severity rating.

Kubernetes RCE Code Injection Suse
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-26020 HIGH PATCH This Week

Remote code execution in AutoGPT prior to version 0.6.48 allows authenticated users to execute arbitrary Python code on the backend server by embedding a disabled BlockInstallationBlock within a workflow graph, bypassing validation controls that only checked the disabled flag at direct execution endpoints. An attacker with valid credentials can exploit this to gain full control over the backend system and automate malicious workflows. The vulnerability has been patched in version 0.6.48 and all users should upgrade immediately.

Python RCE AI / ML Autogpt Platform
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-25227 CRITICAL PATCH Act Now

Code injection in authentik identity provider from 2021.3.1 through multiple versions. Users with delegated permissions can inject code. Patch available.

RCE Code Injection Authentik
NVD GitHub
CVSS 3.1
9.1
EPSS
0.0%
CVE-2025-63421 HIGH This Week

An issue in filosoft Comerc.32 Commercial Invoicing v.16.0.0.3 allows a local attacker to execute arbitrary code via the comeinst.exe file [CVSS 7.8 HIGH]

RCE Code Injection
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-54519 HIGH This Week

A DLL hijacking vulnerability in Doc Nav could allow a local attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. [CVSS 7.3 HIGH]

Privilege Escalation RCE
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-61880 HIGH PATCH This Week

In Infoblox NIOS through 9.0.7, insecure deserialization can result in remote code execution. [CVSS 8.8 HIGH]

RCE Deserialization Nios
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2026-26216 PyPI CRITICAL PATCH GHSA Act Now

Remote code execution in Crawl4AI Docker API before 0.8.0 via hooks parameter. The /crawl endpoint accepts Python code in hooks that executes on the server. EPSS 0.28%.

Python Docker RCE Crawl4ai Code Injection +1
NVD GitHub VulDB
CVSS 4.0
10.0
EPSS
0.3%
CVE-2023-31313 HIGH This Week

An unintended proxy or intermediary in the AMD power management firmware (PMFW) could allow a privileged attacker to send malformed messages to the system management unit (SMU) potentially resulting in arbitrary code execution. [CVSS 7.2 HIGH]

RCE
NVD
CVSS 3.1
7.2
EPSS
0.0%
CVE-2026-2006 HIGH PATCH This Week

Arbitrary code execution in PostgreSQL results from insufficient validation of multibyte character lengths in text manipulation functions, allowing authenticated database users to trigger buffer overflows and execute commands with database process privileges. Affected versions include PostgreSQL 14.x before 14.21, 15.x before 15.16, 16.x before 16.12, 17.x before 17.8, and all versions before 18.2. No patch is currently available, leaving databases vulnerable to privilege escalation attacks from database-level users.

PostgreSQL RCE
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-2005 HIGH PATCH This Week

Arbitrary code execution in PostgreSQL pgcrypto module (versions before 14.21, 15.16, 16.12, 17.8, and 18.2) stems from a heap buffer overflow that allows attackers with database access to execute commands with the privileges of the PostgreSQL system user. An authenticated attacker can exploit this vulnerability by providing specially crafted ciphertext to trigger the overflow condition. No patch is currently available, leaving affected PostgreSQL installations vulnerable to privilege escalation and full system compromise.

PostgreSQL Buffer Overflow Heap Overflow RCE
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-2004 HIGH PATCH This Week

PostgreSQL versions prior to 18.2, 17.8, 16.12, 15.16, and 14.21 contain insufficient input validation in the intarray extension's selectivity estimator function, enabling authenticated users with object creation privileges to execute arbitrary code with database server privileges. The vulnerability requires valid database credentials but allows complete system compromise through code execution at the OS level. No patch is currently available for affected deployments.

PostgreSQL RCE
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-25676 HIGH This Week

M-Track Duo HD version 1.0.0 installer is vulnerable to DLL hijacking due to improper library search path handling, enabling local attackers to execute arbitrary code with administrator privileges. An attacker with local access and user interaction can exploit this vulnerability by placing malicious DLLs in predictable locations to gain full system compromise. No patch is currently available for this high-severity vulnerability.

Privilege Escalation RCE
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2026-0969 npm HIGH PATCH This Week

Authenticated attackers can execute arbitrary code through next-mdx-remote's MDX compiler due to inadequate input validation in the serialization function, affecting applications processing untrusted MDX content. An authenticated user with access to compile MDX can inject and execute malicious code with full system privileges. No patch is currently available, leaving all versions vulnerable to this critical code execution risk.

RCE Code Injection
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-26215 CRITICAL Act Now

{method} and /execute/{method} feed attacker-supplied request bodies straight into pickle.loads(), and the intended nonce authorization gate is bypassed because the nonce defaults to an empty string and is skipped by default. A detailed technical write-up (chocapikk.com) and a VulnCheck advisory describe the flaw; it is not listed in CISA KEV and EPSS is low (0.14%, 34th percentile), indicating no evidence of widespread active exploitation.

RCE Deserialization
NVD GitHub VulDB
CVSS 4.0
9.3
EPSS
0.1%
CVE-2026-20700 HIGH POC KEV THREAT Act Now

Apple's kernel across all platforms (iOS, macOS, watchOS, visionOS, tvOS) contains a memory corruption vulnerability (CVE-2026-20700, CVSS 7.8) that allows attackers with memory write capability to execute arbitrary code at the kernel level. KEV-listed with Apple confirming reports of sophisticated in-the-wild exploitation, this represents an active zero-day targeting the Apple ecosystem at its most fundamental security boundary.

Apple RCE Buffer Overflow macOS iOS
NVD VulDB
CVSS 3.1
7.8
EPSS
0.4%
Threat
4.6
CVE-2026-26157 HIGH POC PATCH CISA Act Now

BusyBox archive extraction utilities contain insufficient path validation that enables attackers to write files outside intended directories through specially crafted archives, potentially leading to arbitrary file overwrite and code execution on affected systems. Local attackers with user interaction can exploit this vulnerability to modify sensitive system files and gain elevated privileges. No patch is currently available for this vulnerability.

RCE
NVD Exploit-DB VulDB
CVSS 3.1
7.0
EPSS
0.0%
Threat
4.9
CVE-2026-25924 HIGH POC PATCH This Week

Remote code execution in Kanboard prior to 1.2.50 allows authenticated administrators to bypass plugin installation restrictions and execute arbitrary code on the server. The vulnerability stems from a configuration validation flaw where the PLUGIN_INSTALLER setting is enforced only in the UI but not validated at the backend endpoint, enabling an attacker to force installation of malicious plugins. Public exploit code exists for this vulnerability.

RCE Kanboard
NVD GitHub
CVSS 3.1
8.4
EPSS
0.1%
CVE-2020-37186 CRITICAL POC Act Now

RCE in Chevereto 3.13.4 image hosting via code injection during database configuration. Allows injecting code during installation/setup. PoC available.

PHP RCE
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-69872 PyPI CRITICAL PATCH Act Now

Unsafe deserialization in DiskCache Python library through 5.6.3. Uses pickle by default, allowing attackers with cache directory write access to execute arbitrary code.

Python RCE Code Injection
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-65480 HIGH This Week

An issue was discovered in Pacom Unison Client 5.13.1. Authenticated users can inject malicious scripts in the Report Templates which are executed when certain script conditions are fulfilled, leading to Remote Code Execution. [CVSS 8.8 HIGH]

RCE Command Injection
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2026-2249 CRITICAL Act Now

Unauthenticated web shell in METIS DFS devices (versions <= oscore 2.1.234-r18). Same vulnerability as CVE-2026-2248 but on DFS product line.

Authentication Bypass Information Disclosure RCE
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2026-2248 CRITICAL Act Now

Unauthenticated web shell in METIS WIC devices (versions <= oscore 2.1.234-r18). The /console endpoint provides shell access without authentication. First of two related METIS CVEs.

Authentication Bypass Information Disclosure RCE
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-61969 Monitor

Incorrect permission assignment in AMD µProf may allow a local user-privileged attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.

Privilege Escalation RCE
NVD
EPSS
0.0%
CVE-2025-52541 HIGH This Week

A DLL hijacking vulnerability in Vivado could allow a local attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. [CVSS 7.3 HIGH]

Privilege Escalation RCE
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-48503 HIGH This Week

A DLL hijacking vulnerability in the AMD Software Installer could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution. [CVSS 7.8 HIGH]

Privilege Escalation RCE
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2023-20514 Monitor

Improper handling of parameters in the AMD Secure Processor (ASP) could allow a privileged attacker to pass an arbitrary memory value to functions in the trusted execution environment resulting in arbitrary code execution

RCE
NVD
EPSS
0.0%
CVE-2019-25310 HIGH POC This Week

ActiveFaxServiceNT service contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).

RCE
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2019-25309 HIGH POC This Week

Zilab Remote Console Server 3.2.9 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. [CVSS 7.8 HIGH]

RCE
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-1560 HIGH This Week

Remote code execution in the Custom Block Builder - Lazy Blocks WordPress plugin through version 4.2.0 allows authenticated users with Contributor privileges or higher to execute arbitrary code on the server via vulnerable functions in the LazyBlocks_Blocks class. This high-severity vulnerability (CVSS 8.8) affects all installations of the affected plugin versions with no patch currently available.

WordPress RCE
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-1357 CRITICAL POC Act Now

Unauthenticated arbitrary file upload in WPvivid Backup & Migration WordPress plugin. EPSS 0.44%.

WordPress PHP OpenSSL RCE Path Traversal
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2026-26079 MEDIUM PATCH This Month

Roundcube Webmail versions up to 1.5.13 is affected by inclusion of functionality from untrusted control sphere (CVSS 4.7).

RCE Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
4.7
EPSS
0.1%
CVE-2025-14541 HIGH This Week

Lucky Wheel Giveaway (WordPress plugin) versions up to 1.0.22 is affected by code injection (CVSS 7.2).

WordPress RCE PHP
NVD
CVSS 3.1
7.2
EPSS
0.3%
CVE-2026-21349 HIGH This Week

Arbitrary code execution in Adobe Lightroom Desktop 15.1 and earlier via an out-of-bounds write vulnerability when users open malicious files. Local exploitation requires user interaction but executes with the privileges of the current user. No patch is currently available.

Buffer Overflow RCE Lightroom
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-48515 This Week

Insufficient parameter sanitization in AMD Secure Processor (ASP) Boot Loader could allow an attacker with access to SPIROM upgrade to overwrite the memory, potentially resulting in arbitrary code execution.

Integer Overflow RCE
NVD
EPSS
0.0%
CVE-2025-29951 This Week

A buffer overflow in the AMD Secure Processor (ASP) bootloader could allow an attacker to overwrite memory, potentially resulting in privilege escalation and arbitrary code execution.

Buffer Overflow Privilege Escalation RCE
NVD
EPSS
0.0%
CVE-2025-29950 Monitor

Improper input validation in system management mode (SMM) could allow a privileged attacker to overwrite stack memory leading to arbitrary code execution.

RCE
NVD
EPSS
0.0%
CVE-2024-36355 This Week

Improper input validation in the SMM handler could allow an attacker with Ring0 access to write to SMRAM and modify execution flow for S3 (sleep) wake up, potentially resulting in arbitrary code execution.

Buffer Overflow RCE
NVD
EPSS
0.0%
CVE-2026-26009 CRITICAL Act Now

Command injection in Catalyst game server management platform. Install scripts in server templates allow injecting OS commands. EPSS 0.29%.

RCE
NVD GitHub
CVSS 3.1
9.9
EPSS
0.3%
CVE-2026-21352 HIGH This Week

Arbitrary code execution in DNG SDK 1.7.1 build 2410 and earlier via out-of-bounds write when processing malicious DNG files. An attacker can achieve code execution with user privileges by tricking a victim into opening a specially crafted file. No patch is currently available for this vulnerability.

Buffer Overflow RCE Dng Software Development Kit
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21346 HIGH This Week

Arbitrary code execution in Bridge 15.1.3, 16.0.1 and earlier through an out-of-bounds write vulnerability triggered when users open malicious files. An attacker can execute commands with the privileges of the affected user, though exploitation requires social engineering to convince a victim to open a crafted file. No patch is currently available.

Buffer Overflow RCE Bridge
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21342 HIGH This Week

Arbitrary code execution in Substance 3D Stager 3.1.6 and earlier results from an out-of-bounds write vulnerability that executes with user privileges. An attacker can exploit this by crafting a malicious file that, when opened by a victim, triggers the memory corruption and executes arbitrary code. No patch is currently available, making user education about untrusted files critical for mitigation.

Buffer Overflow RCE Substance 3d Stager
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21341 HIGH This Week

Arbitrary code execution in Substance 3D Stager 3.1.6 and earlier via an out-of-bounds write vulnerability allows local attackers to execute arbitrary code with user privileges when a victim opens a malicious file. The vulnerability requires user interaction but no special privileges, making it practical to exploit through social engineering. No patch is currently available.

Buffer Overflow RCE Substance 3d Stager
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21335 HIGH This Week

Arbitrary code execution in Substance 3D Designer 15.1.0 and earlier via an out-of-bounds write vulnerability that triggers when users open a crafted malicious file. This local attack requires user interaction but executes with the privileges of the affected user, and no patch is currently available.

Buffer Overflow RCE Substance 3d Designer
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21334 HIGH This Week

Arbitrary code execution in Substance 3D Designer 15.1.0 and earlier through an out-of-bounds write vulnerability that requires a user to open a malicious file. An attacker can execute code with the privileges of the targeted user by crafting a specially designed file. No patch is currently available for this high-severity vulnerability.

Buffer Overflow RCE Substance 3d Designer
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21330 HIGH This Week

Arbitrary code execution in Adobe After Effects 25.6 and earlier through type confusion allows attackers to execute malicious code with user privileges when a victim opens a crafted file. The vulnerability requires user interaction but poses a significant risk to creative professionals and organizations using affected versions. No patch is currently available.

Buffer Overflow RCE After Effects
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21328 HIGH This Week

Arbitrary code execution in Adobe After Effects 25.6 and earlier via out-of-bounds write vulnerability when users open malicious files. This local attack requires user interaction but grants the attacker full execution privileges within the victim's session. No patch is currently available.

Buffer Overflow RCE After Effects
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21327 HIGH This Week

Arbitrary code execution in Adobe After Effects 25.6 and earlier through out-of-bounds write vulnerability (CWE-787) when processing malicious files. An attacker can execute code with user privileges by convincing a victim to open a specially crafted file, with no patch currently available.

Buffer Overflow RCE After Effects
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21318 HIGH This Week

Arbitrary code execution in Adobe After Effects 25.6 and earlier via out-of-bounds write when processing malicious files. An attacker can achieve code execution with user privileges by tricking a victim into opening a crafted file. No patch is currently available.

Buffer Overflow RCE After Effects
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21312 HIGH This Week

Arbitrary code execution in Adobe Audition 25.3 and earlier through a local out-of-bounds write vulnerability that requires victims to open a specially crafted file. The vulnerability impacts all users running affected versions and allows attackers to execute code with the privileges of the current user. No patch is currently available.

Buffer Overflow RCE Audition
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-0653 MEDIUM This Month

Guest users on TP-Link Tapo C260 v1 cameras can modify protected device settings by exploiting inadequate access controls on synchronization endpoints. Authenticated attackers with limited privileges can bypass restrictions to change sensitive configuration parameters without authorization. No patch is currently available for this vulnerability.

TP-Link Authentication Bypass RCE Tapo C260 Firmware
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-0651 MEDIUM This Month

TP-Link Tapo C260 v1 firmware contains a path traversal vulnerability in HTTPS GET request handling that allows local network attackers to probe filesystem paths and determine file existence without authentication. While the vulnerability does not permit file read, write, or code execution, it enables information disclosure about the device's filesystem structure to unauthenticated local users. No patch is currently available.

TP-Link Path Traversal RCE
NVD VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2026-25656 HIGH This Week

Arbitrary code execution with SYSTEM privileges in SINEC NMS User Management Component (all versions prior to V2.15.2.1) stems from improper access controls allowing low-privileged users to modify configuration files and load malicious DLLs. An authenticated attacker can exploit this to achieve complete system compromise. No patch is currently available.

RCE Sinec Nms User Management Component
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-25655 HIGH This Week

Arbitrary code execution in Siemens SINEC NMS versions prior to V4.0 SP2 can be achieved when a low-privileged user modifies configuration files to load malicious DLLs, resulting in administrative privilege execution. This local vulnerability affects all current deployments and currently has no available patch. An authenticated attacker with local access can exploit this to gain full system compromise.

Privilege Escalation RCE Sinec Nms
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-22923 HIGH This Week

Nx versions prior to V2512 contain an insufficient input validation flaw in the PDF export functionality that permits local attackers to corrupt internal data structures and achieve arbitrary code execution. An attacker with local file system access can exploit this vulnerability to manipulate the export process and gain code execution privileges. No patch is currently available for this vulnerability.

Buffer Overflow RCE Nx
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-2097 HIGH This Week

Agentflow versions up to - is affected by unrestricted upload of file with dangerous type (CVSS 8.8).

File Upload RCE AI / ML Agentflow
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-11142 HIGH This Week

The VAPIX API mediaclip.cgi that did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator- privileged service account. [CVSS 7.1 HIGH]

RCE Axis Os
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2026-25951 npm HIGH PATCH This Week

Remote code execution in FUXA prior to 1.2.11 allows authenticated administrators to bypass path traversal protections using nested directory sequences, enabling arbitrary file writes to the server filesystem. An attacker with admin privileges can inject malicious scripts into runtime directories that execute when the server reloads, achieving complete system compromise. Update to version 1.2.11 or later to remediate.

SCADA RCE Path Traversal Fuxa
NVD GitHub
CVSS 3.1
7.2
EPSS
0.0%
CVE-2026-25881 npm CRITICAL POC PATCH Act Now

SandboxJS prior to 0.8.31 has yet another sandbox escape via prototype pollution, the sixth distinct escape technique discovered.

RCE Sandboxjs
NVD GitHub
CVSS 3.1
9.0
EPSS
0.1%
CVE-2026-25807 HIGH POC PATCH This Week

Unauthenticated remote code execution in Zai Shell prior to 9.0.3 via the unprotected P2P terminal sharing feature on port 5757, where attackers can inject arbitrary system commands that execute with user privileges if approved. Public exploit code exists for this vulnerability, and affected systems running --no-ai mode completely bypass safety checks during command execution. Update to version 9.0.3 to remediate.

RCE Code Injection Zai Shell
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-25498 PHP HIGH POC PATCH This Week

Craft is a platform for creating digital experiences. [CVSS 7.2 HIGH]

PHP RCE Craft Cms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.2%
CVE-2026-22904 CRITICAL Act Now

A device has a stack-based buffer overflow in cookie parsing (including TRACKID) enabling unauthenticated remote code execution.

RCE Buffer Overflow
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-22903 CRITICAL Act Now

A device has a stack-based buffer overflow in HTTP SESSION cookie processing allowing unauthenticated remote code execution.

RCE Buffer Overflow Denial Of Service
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2026-1615 npm HIGH PATCH This Week

Remote code execution in the jsonpath npm package (versions <1.2.0) allows unauthenticated attackers to execute arbitrary JavaScript code by injecting malicious JSON Path expressions. The vulnerability stems from unsafe evaluation through the static-eval module, which processes user-supplied JSON Path input without proper sanitization. All query methods (.query, .nodes, .paths, .value, .parent, .apply) are affected. While EPSS scoring indicates relatively low widespread exploitation probability (0.09%, 26th percentile), multiple vendor patches from Red Hat and SUSE confirm the severity, and publicly available exploit code exists (CVSS E:P). This represents critical risk for Node.js applications processing untrusted JSON Path expressions, with potential for both server-side RCE and browser-based XSS depending on execution context.

Node.js RCE XSS Code Injection
NVD GitHub VulDB
CVSS 4.0
8.2
EPSS
0.1%
CVE-2020-37161 CRITICAL POC Act Now

Wedding Slideshow Studio 1.36 has a buffer overflow allowing code execution through crafted project files.

RCE Buffer Overflow Wedding Slideshow Studio
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2020-37159 CRITICAL POC Act Now

Parallaxis Cuckoo Clock 5.0 has a buffer overflow enabling code execution through crafted input.

RCE Buffer Overflow
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2020-37154 HIGH POC This Week

eLection 2.0 contains an authenticated SQL injection vulnerability in the candidate management endpoint that allows attackers to manipulate database queries through the 'id' parameter. [CVSS 7.1 HIGH]

RCE SQLi
NVD GitHub Exploit-DB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-25763 CRITICAL Act Now

OpenProject has a CVSS 9.9 command injection vulnerability allowing authenticated users to execute OS commands on the project management server.

RCE Openproject
NVD GitHub
CVSS 3.1
9.9
EPSS
0.0%
CVE-2026-25732 PyPI HIGH POC PATCH GHSA This Week

Path traversal in NiceGUI before 3.7.0 allows remote attackers to write arbitrary files outside intended directories by exploiting unsanitized filename metadata in the FileUpload.name property, potentially leading to remote code execution when developers incorporate this value directly into file paths. Public exploit code exists for this vulnerability, affecting applications using common patterns like concatenating user-supplied filenames with upload directories. Developers are only protected if they use fixed paths, generate filenames server-side, or explicitly sanitize user input.

Python RCE Path Traversal Nicegui
NVD GitHub Exploit-DB VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-25533 npm HIGH POC PATCH This Week

Enclave versions up to 2.10.1 is affected by loop with unreachable exit condition (infinite loop) (CVSS 8.8).

Denial Of Service RCE AI / ML Enclave
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-1731 CRITICAL POC KEV EUVD KEV THREAT Emergency

BeyondTrust Remote Support (RS) and older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability (CVE-2026-1731) that allows unauthenticated attackers to execute OS commands through specially crafted requests. With EPSS 66% and KEV listing with public PoC, this vulnerability is devastating because these products are specifically designed for privileged remote access — compromising them grants attackers access to the most sensitive systems in an organization.

RCE Remote Support Privileged Remote Access
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
66.1%
Threat
6.9
CVE-2026-25731 HIGH POC PATCH This Week

calibre is an e-book manager. [CVSS 7.8 HIGH]

RCE Calibre Red Hat Suse
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-25635 HIGH POC PATCH This Week

Remote code execution in Calibre prior to version 9.2.0 through a path traversal flaw in the CHM reader allows local attackers to write arbitrary files with user permissions, enabling payload execution via the Windows Startup folder. Public exploit code exists for this vulnerability. Windows users should upgrade to Calibre 9.2.0 or later to remediate the risk.

Windows RCE Path Traversal Calibre Red Hat +1
NVD GitHub
CVSS 3.1
8.6
EPSS
0.2%
CVE-2026-25643 CRITICAL POC Act Now

Frigate NVR has a command injection vulnerability (CVSS 9.1) allowing authenticated attackers to execute OS commands on the network video recorder.

Command Injection RCE Frigate
NVD GitHub Exploit-DB VulDB
CVSS 3.1
9.1
EPSS
0.3%
CVE-2026-25587 npm CRITICAL POC PATCH Act Now

SandboxJS has a fourth CVSS 10.0 sandbox escape through Map's safe prototype being used as a gateway to inject arbitrary code.

Code Injection RCE Sandboxjs
NVD GitHub
CVSS 3.1
10.0
EPSS
0.0%
CVE-2026-25520 npm CRITICAL POC PATCH Act Now

SandboxJS has a second CVSS 10.0 sandbox escape where function return values aren't properly sanitized, allowing code execution outside the sandbox.

RCE Sandboxjs
NVD GitHub
CVSS 3.1
10.0
EPSS
0.0%
CVE-2026-25725 npm CRITICAL PATCH Act Now

Claude Code prior to version 2.1.2 has a CVSS 10.0 sandbox escape in the bubblewrap sandboxing mechanism, allowing code execution outside the intended sandbox boundary.

Privilege Escalation Code Injection RCE Docker Linux +2
NVD GitHub VulDB
CVSS 3.1
10.0
EPSS
0.1%
CVE-2019-25293 HIGH POC This Week

BstHdLogRotatorSvc service contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).

RCE
NVD Exploit-DB VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2019-25292 HIGH POC This Week

Alps HID Monitor Service 8.1.0.10 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. [CVSS 7.8 HIGH]

RCE
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
EPSS 0% CVSS 9.8
CRITICAL Act Now

CleanTalk Anti-Spam WordPress plugin has an authorization bypass enabling unauthenticated attackers to perform file operations on the WordPress server.

WordPress DNS RCE
NVD
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Arbitrary file upload in midi-Synth WordPress plugin via 'export' AJAX action.

WordPress RCE File Upload
NVD
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Static ASP.NET machineKey in Calero VeraSMART before 2022 R1. Hardcoded key enables ViewState deserialization attacks and cookie forgery.

IIS .NET RCE +2
NVD Exploit-DB VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

Unauthenticated .NET Remoting endpoint in Calero VeraSMART before 2022 R1. TCP port 8001 exposes default Object URIs enabling deserialization attacks. EPSS 0.17%.

IIS .NET RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

ADB Explorer on Windows versions prior to Beta 0.9.26020 allows local attackers to achieve remote code execution by crafting a malicious App.txt settings file that exploits insecure JSON deserialization with enabled type name handling. An attacker can inject a gadget chain payload into the configuration file that executes arbitrary code when the application launches and processes settings. No patch is currently available for affected versions.

Windows RCE Deserialization
NVD GitHub
EPSS 0% CVSS 8.0
HIGH This Week

Cursor versions before 2.5 allow sandbox escape through improper .git configuration file protections, enabling malicious prompts or agents to write git hooks that execute arbitrary code when git commands are triggered. An attacker can achieve remote code execution without user interaction since git automatically executes these hooks, potentially compromising systems where Cursor is used for AI-assisted development. A patch is available in version 2.5.

RCE AI / ML Cursor
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL Act Now

Hyland OnBase contains an unauthenticated .NET Remoting exposure in the OnBase Workflow Timer Service (Hyland.Core.Workflow.NTService.exe).

RCE Deserialization
NVD
EPSS 0% CVSS 7.4
HIGH POC This Week

An issue in OpenSourcePOS v3.4.1 allows attackers to execute arbitrary code via returning a crafted AJAX response. [CVSS 7.4 HIGH]

Command Injection RCE Open Source Point Of Sale
NVD GitHub
EPSS 0% CVSS 8.4
HIGH POC This Week

FTP Commander Pro 8.03 contains a local stack overflow vulnerability that allows attackers to execute arbitrary code by overwriting the EIP register through a custom command input. [CVSS 8.4 HIGH]

RCE Stack Overflow
NVD Exploit-DB
EPSS 0% CVSS 6.1
MEDIUM POC This Month

Heatmiser Netmonitor v3.03 contains an HTML injection vulnerability in the outputSetup.htm page that allows attackers to inject malicious HTML code through the outputtitle parameter. [CVSS 6.1 MEDIUM]

RCE XSS
NVD Exploit-DB
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Stack overflow in FTP Navigator 8.03 via SEH overwrite. PoC available.

RCE Buffer Overflow Stack Overflow +1
NVD Exploit-DB
EPSS 1% CVSS 9.9
CRITICAL POC PATCH Act Now

Command injection in emp3r0r C2 framework before 3.21.1. Untrusted agent metadata (Transport, Hostname) injected into commands. PoC and patch available. EPSS 0.61%.

Linux RCE Command Injection +1
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Arbitrary code execution in Yoke's Air Traffic Controller component allows authenticated users with CustomResource create/update permissions to execute malicious WebAssembly modules by injecting crafted URLs into the overrides.yoke.cd/flight annotation, potentially enabling cluster-admin privilege escalation. The vulnerability affects Yoke 0.19.0 and earlier, with no patch currently available and an 8.8 CVSS severity rating.

Kubernetes RCE Code Injection +1
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in AutoGPT prior to version 0.6.48 allows authenticated users to execute arbitrary Python code on the backend server by embedding a disabled BlockInstallationBlock within a workflow graph, bypassing validation controls that only checked the disabled flag at direct execution endpoints. An attacker with valid credentials can exploit this to gain full control over the backend system and automate malicious workflows. The vulnerability has been patched in version 0.6.48 and all users should upgrade immediately.

Python RCE AI / ML +1
NVD GitHub
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Code injection in authentik identity provider from 2021.3.1 through multiple versions. Users with delegated permissions can inject code. Patch available.

RCE Code Injection Authentik
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

An issue in filosoft Comerc.32 Commercial Invoicing v.16.0.0.3 allows a local attacker to execute arbitrary code via the comeinst.exe file [CVSS 7.8 HIGH]

RCE Code Injection
NVD
EPSS 0% CVSS 7.3
HIGH This Week

A DLL hijacking vulnerability in Doc Nav could allow a local attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. [CVSS 7.3 HIGH]

Privilege Escalation RCE
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

In Infoblox NIOS through 9.0.7, insecure deserialization can result in remote code execution. [CVSS 8.8 HIGH]

RCE Deserialization Nios
NVD
EPSS 0% CVSS 10.0
CRITICAL PATCH Act Now

Remote code execution in Crawl4AI Docker API before 0.8.0 via hooks parameter. The /crawl endpoint accepts Python code in hooks that executes on the server. EPSS 0.28%.

Python Docker RCE +3
NVD GitHub VulDB
EPSS 0% CVSS 7.2
HIGH This Week

An unintended proxy or intermediary in the AMD power management firmware (PMFW) could allow a privileged attacker to send malformed messages to the system management unit (SMU) potentially resulting in arbitrary code execution. [CVSS 7.2 HIGH]

RCE
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Arbitrary code execution in PostgreSQL results from insufficient validation of multibyte character lengths in text manipulation functions, allowing authenticated database users to trigger buffer overflows and execute commands with database process privileges. Affected versions include PostgreSQL 14.x before 14.21, 15.x before 15.16, 16.x before 16.12, 17.x before 17.8, and all versions before 18.2. No patch is currently available, leaving databases vulnerable to privilege escalation attacks from database-level users.

PostgreSQL RCE
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Arbitrary code execution in PostgreSQL pgcrypto module (versions before 14.21, 15.16, 16.12, 17.8, and 18.2) stems from a heap buffer overflow that allows attackers with database access to execute commands with the privileges of the PostgreSQL system user. An authenticated attacker can exploit this vulnerability by providing specially crafted ciphertext to trigger the overflow condition. No patch is currently available, leaving affected PostgreSQL installations vulnerable to privilege escalation and full system compromise.

PostgreSQL Buffer Overflow Heap Overflow +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

PostgreSQL versions prior to 18.2, 17.8, 16.12, 15.16, and 14.21 contain insufficient input validation in the intarray extension's selectivity estimator function, enabling authenticated users with object creation privileges to execute arbitrary code with database server privileges. The vulnerability requires valid database credentials but allows complete system compromise through code execution at the OS level. No patch is currently available for affected deployments.

PostgreSQL RCE
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

M-Track Duo HD version 1.0.0 installer is vulnerable to DLL hijacking due to improper library search path handling, enabling local attackers to execute arbitrary code with administrator privileges. An attacker with local access and user interaction can exploit this vulnerability by placing malicious DLLs in predictable locations to gain full system compromise. No patch is currently available for this high-severity vulnerability.

Privilege Escalation RCE
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Authenticated attackers can execute arbitrary code through next-mdx-remote's MDX compiler due to inadequate input validation in the serialization function, affecting applications processing untrusted MDX content. An authenticated user with access to compile MDX can inject and execute malicious code with full system privileges. No patch is currently available, leaving all versions vulnerable to this critical code execution risk.

RCE Code Injection
NVD
EPSS 0% CVSS 9.3
CRITICAL Act Now

{method} and /execute/{method} feed attacker-supplied request bodies straight into pickle.loads(), and the intended nonce authorization gate is bypassed because the nonce defaults to an empty string and is skipped by default. A detailed technical write-up (chocapikk.com) and a VulnCheck advisory describe the flaw; it is not listed in CISA KEV and EPSS is low (0.14%, 34th percentile), indicating no evidence of widespread active exploitation.

RCE Deserialization
NVD GitHub VulDB
EPSS 0% 4.6 CVSS 7.8
HIGH POC KEV THREAT Act Now

Apple's kernel across all platforms (iOS, macOS, watchOS, visionOS, tvOS) contains a memory corruption vulnerability (CVE-2026-20700, CVSS 7.8) that allows attackers with memory write capability to execute arbitrary code at the kernel level. KEV-listed with Apple confirming reports of sophisticated in-the-wild exploitation, this represents an active zero-day targeting the Apple ecosystem at its most fundamental security boundary.

Apple RCE Buffer Overflow +2
NVD VulDB
EPSS 0% 4.9 CVSS 7.0
HIGH POC PATCH Act Now

BusyBox archive extraction utilities contain insufficient path validation that enables attackers to write files outside intended directories through specially crafted archives, potentially leading to arbitrary file overwrite and code execution on affected systems. Local attackers with user interaction can exploit this vulnerability to modify sensitive system files and gain elevated privileges. No patch is currently available for this vulnerability.

RCE
NVD Exploit-DB VulDB
EPSS 0% CVSS 8.4
HIGH POC PATCH This Week

Remote code execution in Kanboard prior to 1.2.50 allows authenticated administrators to bypass plugin installation restrictions and execute arbitrary code on the server. The vulnerability stems from a configuration validation flaw where the PLUGIN_INSTALLER setting is enforced only in the UI but not validated at the backend endpoint, enabling an attacker to force installation of malicious plugins. Public exploit code exists for this vulnerability.

RCE Kanboard
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

RCE in Chevereto 3.13.4 image hosting via code injection during database configuration. Allows injecting code during installation/setup. PoC available.

PHP RCE
NVD GitHub Exploit-DB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Unsafe deserialization in DiskCache Python library through 5.6.3. Uses pickle by default, allowing attackers with cache directory write access to execute arbitrary code.

Python RCE Code Injection
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH This Week

An issue was discovered in Pacom Unison Client 5.13.1. Authenticated users can inject malicious scripts in the Report Templates which are executed when certain script conditions are fulfilled, leading to Remote Code Execution. [CVSS 8.8 HIGH]

RCE Command Injection
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

Unauthenticated web shell in METIS DFS devices (versions <= oscore 2.1.234-r18). Same vulnerability as CVE-2026-2248 but on DFS product line.

Authentication Bypass Information Disclosure RCE
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Unauthenticated web shell in METIS WIC devices (versions <= oscore 2.1.234-r18). The /console endpoint provides shell access without authentication. First of two related METIS CVEs.

Authentication Bypass Information Disclosure RCE
NVD
EPSS 0%
Monitor

Incorrect permission assignment in AMD µProf may allow a local user-privileged attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.

Privilege Escalation RCE
NVD
EPSS 0% CVSS 7.3
HIGH This Week

A DLL hijacking vulnerability in Vivado could allow a local attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. [CVSS 7.3 HIGH]

Privilege Escalation RCE
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A DLL hijacking vulnerability in the AMD Software Installer could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution. [CVSS 7.8 HIGH]

Privilege Escalation RCE
NVD
EPSS 0%
Monitor

Improper handling of parameters in the AMD Secure Processor (ASP) could allow a privileged attacker to pass an arbitrary memory value to functions in the trusted execution environment resulting in arbitrary code execution

RCE
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

ActiveFaxServiceNT service contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).

RCE
NVD Exploit-DB
EPSS 0% CVSS 7.8
HIGH POC This Week

Zilab Remote Console Server 3.2.9 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. [CVSS 7.8 HIGH]

RCE
NVD Exploit-DB
EPSS 0% CVSS 8.8
HIGH This Week

Remote code execution in the Custom Block Builder - Lazy Blocks WordPress plugin through version 4.2.0 allows authenticated users with Contributor privileges or higher to execute arbitrary code on the server via vulnerable functions in the LazyBlocks_Blocks class. This high-severity vulnerability (CVSS 8.8) affects all installations of the affected plugin versions with no patch currently available.

WordPress RCE
NVD
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Unauthenticated arbitrary file upload in WPvivid Backup & Migration WordPress plugin. EPSS 0.44%.

WordPress PHP OpenSSL +2
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

Roundcube Webmail versions up to 1.5.13 is affected by inclusion of functionality from untrusted control sphere (CVSS 4.7).

RCE Red Hat Suse
NVD GitHub VulDB
EPSS 0% CVSS 7.2
HIGH This Week

Lucky Wheel Giveaway (WordPress plugin) versions up to 1.0.22 is affected by code injection (CVSS 7.2).

WordPress RCE PHP
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe Lightroom Desktop 15.1 and earlier via an out-of-bounds write vulnerability when users open malicious files. Local exploitation requires user interaction but executes with the privileges of the current user. No patch is currently available.

Buffer Overflow RCE Lightroom
NVD
EPSS 0%
This Week

Insufficient parameter sanitization in AMD Secure Processor (ASP) Boot Loader could allow an attacker with access to SPIROM upgrade to overwrite the memory, potentially resulting in arbitrary code execution.

Integer Overflow RCE
NVD
EPSS 0%
This Week

A buffer overflow in the AMD Secure Processor (ASP) bootloader could allow an attacker to overwrite memory, potentially resulting in privilege escalation and arbitrary code execution.

Buffer Overflow Privilege Escalation RCE
NVD
EPSS 0%
Monitor

Improper input validation in system management mode (SMM) could allow a privileged attacker to overwrite stack memory leading to arbitrary code execution.

RCE
NVD
EPSS 0%
This Week

Improper input validation in the SMM handler could allow an attacker with Ring0 access to write to SMRAM and modify execution flow for S3 (sleep) wake up, potentially resulting in arbitrary code execution.

Buffer Overflow RCE
NVD
EPSS 0% CVSS 9.9
CRITICAL Act Now

Command injection in Catalyst game server management platform. Install scripts in server templates allow injecting OS commands. EPSS 0.29%.

RCE
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in DNG SDK 1.7.1 build 2410 and earlier via out-of-bounds write when processing malicious DNG files. An attacker can achieve code execution with user privileges by tricking a victim into opening a specially crafted file. No patch is currently available for this vulnerability.

Buffer Overflow RCE Dng Software Development Kit
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Bridge 15.1.3, 16.0.1 and earlier through an out-of-bounds write vulnerability triggered when users open malicious files. An attacker can execute commands with the privileges of the affected user, though exploitation requires social engineering to convince a victim to open a crafted file. No patch is currently available.

Buffer Overflow RCE Bridge
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Substance 3D Stager 3.1.6 and earlier results from an out-of-bounds write vulnerability that executes with user privileges. An attacker can exploit this by crafting a malicious file that, when opened by a victim, triggers the memory corruption and executes arbitrary code. No patch is currently available, making user education about untrusted files critical for mitigation.

Buffer Overflow RCE Substance 3d Stager
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Substance 3D Stager 3.1.6 and earlier via an out-of-bounds write vulnerability allows local attackers to execute arbitrary code with user privileges when a victim opens a malicious file. The vulnerability requires user interaction but no special privileges, making it practical to exploit through social engineering. No patch is currently available.

Buffer Overflow RCE Substance 3d Stager
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Substance 3D Designer 15.1.0 and earlier via an out-of-bounds write vulnerability that triggers when users open a crafted malicious file. This local attack requires user interaction but executes with the privileges of the affected user, and no patch is currently available.

Buffer Overflow RCE Substance 3d Designer
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Substance 3D Designer 15.1.0 and earlier through an out-of-bounds write vulnerability that requires a user to open a malicious file. An attacker can execute code with the privileges of the targeted user by crafting a specially designed file. No patch is currently available for this high-severity vulnerability.

Buffer Overflow RCE Substance 3d Designer
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe After Effects 25.6 and earlier through type confusion allows attackers to execute malicious code with user privileges when a victim opens a crafted file. The vulnerability requires user interaction but poses a significant risk to creative professionals and organizations using affected versions. No patch is currently available.

Buffer Overflow RCE After Effects
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe After Effects 25.6 and earlier via out-of-bounds write vulnerability when users open malicious files. This local attack requires user interaction but grants the attacker full execution privileges within the victim's session. No patch is currently available.

Buffer Overflow RCE After Effects
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe After Effects 25.6 and earlier through out-of-bounds write vulnerability (CWE-787) when processing malicious files. An attacker can execute code with user privileges by convincing a victim to open a specially crafted file, with no patch currently available.

Buffer Overflow RCE After Effects
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe After Effects 25.6 and earlier via out-of-bounds write when processing malicious files. An attacker can achieve code execution with user privileges by tricking a victim into opening a crafted file. No patch is currently available.

Buffer Overflow RCE After Effects
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe Audition 25.3 and earlier through a local out-of-bounds write vulnerability that requires victims to open a specially crafted file. The vulnerability impacts all users running affected versions and allows attackers to execute code with the privileges of the current user. No patch is currently available.

Buffer Overflow RCE Audition
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Guest users on TP-Link Tapo C260 v1 cameras can modify protected device settings by exploiting inadequate access controls on synchronization endpoints. Authenticated attackers with limited privileges can bypass restrictions to change sensitive configuration parameters without authorization. No patch is currently available for this vulnerability.

TP-Link Authentication Bypass RCE +1
NVD VulDB
EPSS 0% CVSS 6.9
MEDIUM This Month

TP-Link Tapo C260 v1 firmware contains a path traversal vulnerability in HTTPS GET request handling that allows local network attackers to probe filesystem paths and determine file existence without authentication. While the vulnerability does not permit file read, write, or code execution, it enables information disclosure about the device's filesystem structure to unauthenticated local users. No patch is currently available.

TP-Link Path Traversal RCE
NVD VulDB
EPSS 0% CVSS 8.5
HIGH This Week

Arbitrary code execution with SYSTEM privileges in SINEC NMS User Management Component (all versions prior to V2.15.2.1) stems from improper access controls allowing low-privileged users to modify configuration files and load malicious DLLs. An authenticated attacker can exploit this to achieve complete system compromise. No patch is currently available.

RCE Sinec Nms User Management Component
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Siemens SINEC NMS versions prior to V4.0 SP2 can be achieved when a low-privileged user modifies configuration files to load malicious DLLs, resulting in administrative privilege execution. This local vulnerability affects all current deployments and currently has no available patch. An authenticated attacker with local access can exploit this to gain full system compromise.

Privilege Escalation RCE Sinec Nms
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Nx versions prior to V2512 contain an insufficient input validation flaw in the PDF export functionality that permits local attackers to corrupt internal data structures and achieve arbitrary code execution. An attacker with local file system access can exploit this vulnerability to manipulate the export process and gain code execution privileges. No patch is currently available for this vulnerability.

Buffer Overflow RCE Nx
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Agentflow versions up to - is affected by unrestricted upload of file with dangerous type (CVSS 8.8).

File Upload RCE AI / ML +1
NVD
EPSS 0% CVSS 7.1
HIGH This Week

The VAPIX API mediaclip.cgi that did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator- privileged service account. [CVSS 7.1 HIGH]

RCE Axis Os
NVD
EPSS 0% CVSS 7.2
HIGH PATCH This Week

Remote code execution in FUXA prior to 1.2.11 allows authenticated administrators to bypass path traversal protections using nested directory sequences, enabling arbitrary file writes to the server filesystem. An attacker with admin privileges can inject malicious scripts into runtime directories that execute when the server reloads, achieving complete system compromise. Update to version 1.2.11 or later to remediate.

SCADA RCE Path Traversal +1
NVD GitHub
EPSS 0% CVSS 9.0
CRITICAL POC PATCH Act Now

SandboxJS prior to 0.8.31 has yet another sandbox escape via prototype pollution, the sixth distinct escape technique discovered.

RCE Sandboxjs
NVD GitHub
EPSS 0% CVSS 8.8
HIGH POC PATCH This Week

Unauthenticated remote code execution in Zai Shell prior to 9.0.3 via the unprotected P2P terminal sharing feature on port 5757, where attackers can inject arbitrary system commands that execute with user privileges if approved. Public exploit code exists for this vulnerability, and affected systems running --no-ai mode completely bypass safety checks during command execution. Update to version 9.0.3 to remediate.

RCE Code Injection Zai Shell
NVD GitHub
EPSS 0% CVSS 7.2
HIGH POC PATCH This Week

Craft is a platform for creating digital experiences. [CVSS 7.2 HIGH]

PHP RCE Craft Cms
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

A device has a stack-based buffer overflow in cookie parsing (including TRACKID) enabling unauthenticated remote code execution.

RCE Buffer Overflow
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

A device has a stack-based buffer overflow in HTTP SESSION cookie processing allowing unauthenticated remote code execution.

RCE Buffer Overflow Denial Of Service
NVD
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Remote code execution in the jsonpath npm package (versions <1.2.0) allows unauthenticated attackers to execute arbitrary JavaScript code by injecting malicious JSON Path expressions. The vulnerability stems from unsafe evaluation through the static-eval module, which processes user-supplied JSON Path input without proper sanitization. All query methods (.query, .nodes, .paths, .value, .parent, .apply) are affected. While EPSS scoring indicates relatively low widespread exploitation probability (0.09%, 26th percentile), multiple vendor patches from Red Hat and SUSE confirm the severity, and publicly available exploit code exists (CVSS E:P). This represents critical risk for Node.js applications processing untrusted JSON Path expressions, with potential for both server-side RCE and browser-based XSS depending on execution context.

Node.js RCE XSS +1
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Wedding Slideshow Studio 1.36 has a buffer overflow allowing code execution through crafted project files.

RCE Buffer Overflow Wedding Slideshow Studio
NVD Exploit-DB
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Parallaxis Cuckoo Clock 5.0 has a buffer overflow enabling code execution through crafted input.

RCE Buffer Overflow
NVD Exploit-DB
EPSS 0% CVSS 7.1
HIGH POC This Week

eLection 2.0 contains an authenticated SQL injection vulnerability in the candidate management endpoint that allows attackers to manipulate database queries through the 'id' parameter. [CVSS 7.1 HIGH]

RCE SQLi
NVD GitHub Exploit-DB
EPSS 0% CVSS 9.9
CRITICAL Act Now

OpenProject has a CVSS 9.9 command injection vulnerability allowing authenticated users to execute OS commands on the project management server.

RCE Openproject
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

Path traversal in NiceGUI before 3.7.0 allows remote attackers to write arbitrary files outside intended directories by exploiting unsanitized filename metadata in the FileUpload.name property, potentially leading to remote code execution when developers incorporate this value directly into file paths. Public exploit code exists for this vulnerability, affecting applications using common patterns like concatenating user-supplied filenames with upload directories. Developers are only protected if they use fixed paths, generate filenames server-side, or explicitly sanitize user input.

Python RCE Path Traversal +1
NVD GitHub Exploit-DB VulDB
EPSS 0% CVSS 8.8
HIGH POC PATCH This Week

Enclave versions up to 2.10.1 is affected by loop with unreachable exit condition (infinite loop) (CVSS 8.8).

Denial Of Service RCE AI / ML +1
NVD GitHub
EPSS 66% 6.9 CVSS 9.8
CRITICAL POC KEV EUVD KEV THREAT Emergency

BeyondTrust Remote Support (RS) and older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability (CVE-2026-1731) that allows unauthenticated attackers to execute OS commands through specially crafted requests. With EPSS 66% and KEV listing with public PoC, this vulnerability is devastating because these products are specifically designed for privileged remote access — compromising them grants attackers access to the most sensitive systems in an organization.

RCE Remote Support Privileged Remote Access
NVD GitHub VulDB
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

calibre is an e-book manager. [CVSS 7.8 HIGH]

RCE Calibre Red Hat +1
NVD GitHub
EPSS 0% CVSS 8.6
HIGH POC PATCH This Week

Remote code execution in Calibre prior to version 9.2.0 through a path traversal flaw in the CHM reader allows local attackers to write arbitrary files with user permissions, enabling payload execution via the Windows Startup folder. Public exploit code exists for this vulnerability. Windows users should upgrade to Calibre 9.2.0 or later to remediate the risk.

Windows RCE Path Traversal +3
NVD GitHub
EPSS 0% CVSS 9.1
CRITICAL POC Act Now

Frigate NVR has a command injection vulnerability (CVSS 9.1) allowing authenticated attackers to execute OS commands on the network video recorder.

Command Injection RCE Frigate
NVD GitHub Exploit-DB VulDB
EPSS 0% CVSS 10.0
CRITICAL POC PATCH Act Now

SandboxJS has a fourth CVSS 10.0 sandbox escape through Map's safe prototype being used as a gateway to inject arbitrary code.

Code Injection RCE Sandboxjs
NVD GitHub
EPSS 0% CVSS 10.0
CRITICAL POC PATCH Act Now

SandboxJS has a second CVSS 10.0 sandbox escape where function return values aren't properly sanitized, allowing code execution outside the sandbox.

RCE Sandboxjs
NVD GitHub
EPSS 0% CVSS 10.0
CRITICAL PATCH Act Now

Claude Code prior to version 2.1.2 has a CVSS 10.0 sandbox escape in the bubblewrap sandboxing mechanism, allowing code execution outside the intended sandbox boundary.

Privilege Escalation Code Injection RCE +4
NVD GitHub VulDB
EPSS 0% CVSS 7.8
HIGH POC This Week

BstHdLogRotatorSvc service contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).

RCE
NVD Exploit-DB VulDB
EPSS 0% CVSS 7.8
HIGH POC This Week

Alps HID Monitor Service 8.1.0.10 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. [CVSS 7.8 HIGH]

RCE
NVD Exploit-DB
Prev Page 37 of 355 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy