Skip to main content

RCE

31892 CVEs technique

Monthly

CVE-2020-37061 HIGH POC This Week

BOOTP Turbo 2.0.1214 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. [CVSS 7.8 HIGH]

RCE
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2020-37055 HIGH POC This Week

SpyHunter 4 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. [CVSS 7.8 HIGH]

RCE
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2020-37048 HIGH POC This Week

Iskysoft Application Framework Service 2.4.3.241 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated privileges. [CVSS 7.8 HIGH]

RCE
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2020-37045 HIGH POC This Week

NetBackup INET Daemon service contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).

RCE
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2022-50941 MEDIUM This Month

BootCommerce 3.2.1 contains persistent input validation vulnerabilities that allow remote attackers to inject malicious script code through guest order checkout input fields. [CVSS 6.4 MEDIUM]

RCE XSS
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2020-37052 CRITICAL POC Act Now

Pre-authentication RCE in AirControl 1.4.2 network management allows unauthenticated system command execution. PoC available.

Java RCE
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2020-37050 CRITICAL POC Act Now

Buffer overflow in Quick Player 1.3 via crafted .m3l playlist file allows arbitrary code execution. PoC available.

RCE Buffer Overflow
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2020-37043 CRITICAL POC Act Now

Buffer overflow in 10-Strike Bandwidth Monitor 3.9 bypasses SafeSEH, ASLR, and DEP protections. PoC available.

RCE Buffer Overflow
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2020-37032 HIGH POC This Week

Wing FTP Server 6.3.8 contains a remote code execution vulnerability in its Lua-based web console that allows authenticated users to execute system commands. [CVSS 8.8 HIGH]

RCE Wing Ftp Server
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
0.5%
CVE-2026-25153 npm HIGH PATCH This Week

Arbitrary Python code execution in Backstage's @backstage/plugin-techdocs-node (versions < 1.13.11 and = 1.14.0) lets a contributor who can add or edit a repository's mkdocs.yml inject a malicious MkDocs `hooks` directive that runs on the TechDocs build server whenever TechDocs is configured with `runIn: local`. The flaw also affects documentation built in CI/CD via @techdocs/cli, which bundles the same package. EPSS is very low (0.02%, 6th percentile) and there is no public exploit identified at time of analysis, but the CVSS of 8.8 reflects full host compromise of the build environment.

Python Node.js Docker Backstage Code Injection +1
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-25130 PyPI CRITICAL POC Act Now

Multiple command injection vulnerabilities in CAI (Cybersecurity AI) framework up to 0.5.10 allow OS command execution through the security testing platform.

RCE AI / ML
NVD GitHub
CVSS 3.1
9.6
EPSS
0.0%
CVE-2025-62348 PyPI HIGH PATCH This Week

Salt's junos execution module contained an unsafe YAML decode/load usage. A specially crafted YAML payload processed by the junos module could lead to unintended code execution under the context of the Salt process. [CVSS 7.8 HIGH]

RCE Deserialization Suse
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2020-37030 HIGH POC This Week

Outline Service 1.3.3 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. [CVSS 7.8 HIGH]

RCE
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-22623 HIGH This Week

Authenticated command injection in HIKSEMI NAS devices allows privileged users to execute arbitrary commands through improper input validation on the device interface. Attackers with valid credentials can craft malicious messages to achieve unauthenticated code execution on affected systems. No patch is currently available for this vulnerability.

Command Injection RCE
NVD
CVSS 3.1
7.2
EPSS
0.0%
CVE-2026-0963 CRITICAL Act Now

Path traversal in Crafty Controller game server management allows authenticated attackers to read/write files outside the intended directory. CVSS 9.9 with scope change.

RCE Path Traversal Crafty Controller
NVD
CVSS 3.1
9.9
EPSS
0.1%
CVE-2026-0805 HIGH This Week

Remote code execution in Crafty Controller's Backup Configuration feature results from insufficient path traversal validation, enabling authenticated attackers to manipulate files and execute arbitrary code on affected systems. The vulnerability requires valid credentials and specific conditions to exploit but carries high impact due to its ability to compromise system integrity and confidentiality. No patch is currently available.

RCE Path Traversal Crafty Controller
NVD
CVSS 3.1
8.2
EPSS
0.0%
CVE-2026-24729 This Week

An unrestricted upload of file with dangerous type vulnerability in the file upload function of Interinfo DreamMaker versions up to 2025 is affected by unrestricted upload of file with dangerous type.

File Upload RCE
NVD
EPSS
0.2%
CVE-2026-25116 HIGH POC This Week

Runtipi versions 4.5.0 through 4.7.1 contain an unauthenticated path traversal vulnerability in the UserConfigController that allows remote attackers to overwrite the docker-compose.yml configuration file through insecure URN parsing. An attacker can inject a malicious stack configuration that executes arbitrary code when the instance restarts, achieving full remote code execution and host compromise. Public exploit code exists and no patch is currently available.

Docker RCE Path Traversal Runtipi
NVD GitHub
CVSS 3.1
7.6
EPSS
0.1%
CVE-2026-25046 LOW Monitor

Kimi Agent SDK is a set of libraries that expose the Kimi Code (Kimi CLI) agent runtime in applications. The vsix-publish.js and ovsx-publish.js scripts pass filenames to execSync() as shell command strings. [CVSS 2.9 LOW]

Command Injection RCE
NVD GitHub
CVSS 3.1
2.9
EPSS
0.0%
CVE-2026-1340 CRITICAL POC KEV EUVD KEV THREAT Emergency

Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that allows unauthenticated attackers to achieve remote code execution on the mobile device management server. Compromising the MDM server provides access to all managed mobile device configurations, policies, and potentially the ability to push malicious profiles to enrolled devices.

Ivanti RCE Code Injection
NVD VulDB
CVSS 3.1
9.8
EPSS
50.9%
Threat
6.5
CVE-2026-1281 CRITICAL POC KEV EUVD KEV PATCH THREAT Act Now

Ivanti Endpoint Manager Mobile (EPMM) contains a critical code injection vulnerability (CVE-2026-1281, CVSS 9.8) that allows unauthenticated remote attackers to execute arbitrary code. With EPSS 64.8% and KEV listing, this vulnerability in the mobile device management platform threatens the security of every managed mobile device in the organization, as EPMM has the ability to push configurations, certificates, and apps to enrolled devices.

Ivanti RCE Code Injection Endpoint Manager Mobile
NVD VulDB
CVSS 3.1
9.8
EPSS
64.8%
Threat
6.9
CVE-2026-1457 HIGH This Week

Remote code execution in TP-Link VIGI C385 cameras results from improper input validation in the Web API that allows authenticated attackers to trigger buffer overflows and corrupt memory. An attacker with valid credentials can exploit this vulnerability to execute arbitrary code with elevated privileges on affected devices. No patch is currently available for this high-severity issue.

TP-Link RCE Buffer Overflow Memory Corruption Vigi C385 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-24780 PyPI HIGH POC This Week

Remote code execution in AutoGPT Platform prior to v0.6.44 allows authenticated users to execute disabled blocks and write arbitrary Python code to the server filesystem. The vulnerability stems from insufficient validation of the disabled flag in block execution endpoints, enabling attackers to achieve code execution via the BlockInstallationBlock component. Public exploit code exists, and self-hosted instances with Supabase signup enabled are particularly vulnerable to account creation and exploitation.

Python RCE AI / ML Autogpt Platform
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2020-37017 HIGH POC This Week

CodeMeter 6.60 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. [CVSS 7.8 HIGH]

RCE
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2020-37012 CRITICAL POC Act Now

Unauthenticated RCE in Tea LaTeX 1.0 via command injection in /api endpoint. EPSS 0.29% with PoC available.

PHP RCE
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
0.3%
CVE-2020-37009 HIGH POC This Week

MedDream PACS Server 6.8.3.751 contains an authenticated remote code execution vulnerability that allows authorized users to upload malicious PHP files. [CVSS 8.8 HIGH]

PHP RCE
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2020-37000 CRITICAL POC Act Now

Stack buffer overflow in Free MP3 CD Ripper 2.8 allows remote code execution via crafted WAV files. PoC available.

Windows RCE Buffer Overflow
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-24897 CRITICAL POC PATCH Act Now

Erugo file-sharing platform up to version 0.2.14 has a CVSS 10.0 path traversal allowing authenticated users to read any file on the server including secrets and configuration.

Golang RCE Erugo
NVD GitHub Exploit-DB VulDB
CVSS 3.1
10.0
EPSS
0.2%
CVE-2026-24856 HIGH POC PATCH This Week

Arbitrary code execution in iccDEV versions before 2.3.1.2 occurs when malformed ICC color profiles containing NaN floating-point values are parsed, causing undefined behavior during type conversion that corrupts memory structures. Local attackers can exploit this by crafting malicious ICC profiles that applications process, and public exploit code exists for this vulnerability. The issue affects any system using the iccDEV library to handle ICC profile data, with a patch available in version 2.3.1.2.

RCE Code Injection Iccdev
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-68119 Go HIGH PATCH This Week

Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial (hg) installed, downloading modules from non-standard sources (e.g., custom domains) can cause unexpected code execution due to how external VCS commands are constructed. [CVSS 7.0 HIGH]

Buffer Overflow RCE Go Red Hat Suse
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-57795 CRITICAL Act Now

Explorance Blue before 8.14.13 has an authenticated remote file download vulnerability in a web service that allows downloading arbitrary files from the server.

RCE Blue
NVD GitHub
CVSS 3.1
9.9
EPSS
0.3%
CVE-2025-57794 CRITICAL Act Now

Explorance Blue before 8.14.9 has an authenticated file upload vulnerability allowing administrators to upload executable files to the server.

RCE Blue
NVD GitHub
CVSS 3.1
9.1
EPSS
0.4%
CVE-2020-36973 MEDIUM POC This Month

PDW File Browser 1.3 contains a remote code execution vulnerability that allows authenticated users to upload and rename webshell files to arbitrary web server locations. [CVSS 6.5 MEDIUM]

PHP RCE Path Traversal
NVD GitHub Exploit-DB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2020-36967 CRITICAL POC Act Now

Zortam Mp3 Media Studio 27.60 has a buffer overflow in the library file selection dialog that allows code execution through crafted library files.

RCE Buffer Overflow
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-69517 HIGH This Week

An HTML injection vulnerability in Amidaware Inc Tactical RMM v1.3.1 and earlier allows authenticated users to inject arbitrary HTML content during the creation of a new agent via the POST /api/v3/newagent/ endpoint. The agent_id parameter accepts up to 255 characters and is improperly sanitized using DOMPurify.sanitize() with the html: true option enabled, which fails to adequately filter HTML input. The injected HTML is rendered in the Tactical RMM management panel when an administrator att...

RCE Code Injection
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-57283 npm HIGH PATCH This Week

The Node.js package browserstack-local 1.5.8 contains a command injection vulnerability. This occurs because the logfile variable is not properly sanitized in lib/Local.js. [CVSS 7.8 HIGH]

Node.js Command Injection Browserstack Local Code Injection RCE
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-1056 CRITICAL Act Now

Snow Monkey Forms WordPress plugin has an arbitrary file deletion vulnerability through insufficient path validation, enabling attackers to delete critical WordPress files.

WordPress PHP RCE
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2020-36991 HIGH POC This Week

ShareMouse 5.0.43 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. [CVSS 7.8 HIGH]

RCE
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2020-36989 HIGH POC This Week

ForensiT AppX Management Service 2.2.0.4 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. [CVSS 7.8 HIGH]

RCE
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-1400 HIGH This Week

Arbitrary file upload in AI Engine WordPress plugin versions up to 3.3.2 allows authenticated Editor-level users to bypass file type validation and execute remote code by uploading files through the `update_media_metadata` REST endpoint. An attacker can upload a benign image file and then rename it to PHP, placing executable code in the web-accessible uploads directory. The vulnerability affects WordPress installations with the plugin installed and requires Editor or higher privileges to exploit.

WordPress PHP RCE AI / ML
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-40553 CRITICAL Act Now

SolarWinds Web Help Desk has a second deserialization vulnerability (EPSS 11.9%) providing another unauthenticated RCE path alongside CVE-2025-40551.

RCE Deserialization Web Help Desk
NVD GitHub
CVSS 3.1
9.8
EPSS
11.9%
CVE-2025-40551 CRITICAL POC KEV THREAT Emergency

SolarWinds Web Help Desk contains an unauthenticated Java deserialization vulnerability (CVE-2025-40551, CVSS 9.8) that enables remote code execution. With EPSS 80.6% and KEV listing, this is the more severe of two concurrent WHD vulnerabilities, allowing attackers to execute arbitrary commands on the host server without any credentials.

RCE Deserialization Web Help Desk
NVD
CVSS 3.1
9.8
EPSS
80.6%
Threat
7.4
CVE-2026-23830 npm CRITICAL POC PATCH Act Now

SandboxJS library prior to 0.8.26 has a CVSS 10.0 sandbox escape via AsyncFunction constructor, allowing execution of arbitrary code outside the sandbox boundary.

RCE Sandboxjs
NVD GitHub
CVSS 3.1
10.0
EPSS
0.2%
CVE-2026-24770 CRITICAL POC PATCH Act Now

Path traversal vulnerability in RAGFlow RAG engine version 0.23.1 allows unauthenticated attackers to read arbitrary files from the server filesystem. PoC available, patch available.

RCE AI / ML Ragflow
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2026-24765 PHP HIGH POC PATCH GHSA This Week

Unsafe deserialization in PHPUnit versions before 8.5.52, 9.6.33, 10.5.62, 11.5.50, and 12.5.8 allows local attackers to execute arbitrary code by placing malicious serialized objects in `.coverage` files that are deserialized without validation during PHPT test execution. An attacker with file write access can exploit the `cleanupForCoverage()` method's lack of object class restrictions to trigger gadget chains through `__wakeup()` methods. This high-severity vulnerability (CVSS 7.8) affects developers and CI/CD systems running PHPUnit on Linux systems.

RCE Deserialization Debian Linux Phpunit Red Hat +1
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-24747 PyPI HIGH POC PATCH This Week

PyTorch is a Python package that provides tensor computation. [CVSS 8.8 HIGH]

Python Pytorch Checkpoint Code Injection RCE
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-24881 CRITICAL POC PATCH Act Now

Remote code execution and denial of service in GnuPG before 2.5.17 stem from a stack-based buffer overflow in gpg-agent when it processes a crafted CMS (S/MIME) EnvelopedData message containing an oversized wrapped session key during PKDECRYPT --kem=CMS handling. Any user or service decrypting attacker-supplied S/MIME mail with a vulnerable build can be crashed, and the memory corruption may be escalated to arbitrary code execution in the gpg-agent process that custodies private keys. Publicly available exploit code exists, but the issue is not in CISA KEV and EPSS is low (0.20%, 41st percentile), indicating no confirmed widespread exploitation yet.

RCE Buffer Overflow Stack Overflow Denial Of Service Gnupg +1
NVD VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2020-36983 HIGH POC This Week

Quick 'n Easy FTP Service 3.2 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code during service startup. [CVSS 7.8 HIGH]

RCE
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2020-36982 HIGH POC This Week

MotoHelperService.exe service contains a vulnerability that allows attackers to potentially inject malicious code (CVSS 7.8).

RCE
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2020-36981 HIGH POC This Week

PST Service contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).

RCE
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2020-36976 HIGH POC This Week

its service configuration contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).

RCE
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2020-36975 HIGH POC This Week

EPSON Status Monitor 3 version 8.0 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code by exploiting the service binary path. [CVSS 7.8 HIGH]

RCE
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2020-36974 HIGH POC This Week

Realtek Andrea RT Filters 1.0.64.7 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. [CVSS 7.8 HIGH]

RCE
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-23592 HIGH This Week

HPE Aruba Networking Fabric Composer's backup functionality contains insecure file operations that permit authenticated users to execute arbitrary OS commands, resulting in remote code execution on affected systems. An attacker with valid credentials could leverage this vulnerability to gain full system compromise through the backup restoration process. No patch is currently available to remediate this high-severity flaw.

RCE
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-69421 HIGH PATCH CISA This Week

Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function. Impact summary: A NULL pointer dereference can trigger a crash which leads to Denial of Service for an application processing PKCS#12 files. [CVSS 7.5 HIGH]

OpenSSL Null Pointer Dereference Denial Of Service RCE
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-15467 HIGH POC PATCH CISA Act Now

OpenSSL has a critical out-of-bounds write when parsing CMS AuthEnvelopedData/EnvelopedData with malicious AEAD parameters, enabling potential RCE.

OpenSSL RCE Buffer Overflow Memory Corruption
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.0%
Threat
5.3
CVE-2025-11187 MEDIUM POC PATCH This Month

Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation which can trigger a stack-based buffer overflow, invalid pointer or NULL pointer dereference during MAC verification. [CVSS 6.1 MEDIUM]

OpenSSL Buffer Overflow Null Pointer Dereference Denial Of Service RCE +2
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2021-47900 CRITICAL POC Act Now

Gila CMS before 2.0.0 has an RFI vulnerability enabling unauthenticated RCE.

PHP RCE
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
0.3%
CVE-2026-1470 npm CRITICAL POC PATCH Act Now

n8n has a fifth critical RCE vulnerability (CVSS 9.9) in the Expression evaluator, enabling code execution through crafted workflow expressions.

RCE AI / ML N8n
NVD GitHub
CVSS 3.1
9.9
EPSS
0.5%
CVE-2025-41726 HIGH This Week

A low privileged remote attacker can execute arbitrary code by sending specially crafted calls to the web service of the Device Manager or locally via an API and can cause integer overflows which then may lead to arbitrary code execution within privileged processes. [CVSS 8.8 HIGH]

Integer Overflow RCE
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-24806 Maven MEDIUM This Month

Improper Control of Generation of Code ('Code Injection') vulnerability in liuyueyi quick-media (plugins/svg-plugin/batik-codec-fix/src/main/java/org/apache/batik/ext/awt/image/codec/png modules). This vulnerability is associated with program files PNGImageEncoder.Java.

Apache Java Code Injection RCE
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2026-24344 This Week

Multiple Buffer Overflows in Admin UI of EZCast Pro II version 1.17478.146 allow attackers to cause a program crash and potential remote code execution

RCE Buffer Overflow Denial Of Service
NVD
EPSS
0.1%
CVE-2026-24480 This Week

QGIS is a free, open source, cross platform geographical information system (GIS) The repository contains a GitHub Actions workflow called "pre-commit checks" that, before commit 76a693cd91650f9b4e83edac525e5e4f90d954e9, was vulnerable to remote code execution and repository compromise because it used the `pull_request_target` trigger and then checked out and executed untrusted pull request code in a privileged context.

Github RCE
NVD GitHub
EPSS
0.4%
CVE-2026-24479 CRITICAL POC PATCH Act Now

HUSTOJ online judge has a path traversal vulnerability enabling arbitrary file access on the competition server.

Linux PHP MySQL RCE Path Traversal +1
NVD GitHub Exploit-DB VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2026-24478 HIGH POC This Week

AnythingLLM versions prior to 1.10.0 contain a path traversal vulnerability in the DrupalWiki integration that allows malicious administrators or attackers with admin privileges to write arbitrary files to the server, potentially achieving remote code execution through configuration file overwriting or malicious script injection. Public exploit code exists for this vulnerability, and no patch is currently available for affected deployments. The attack requires high-level privileges but carries critical risk due to the ability to completely compromise server integrity.

Drupal RCE Path Traversal AI / ML Anythingllm
NVD GitHub
CVSS 3.1
7.2
EPSS
0.2%
CVE-2025-9820 MEDIUM PATCH CISA This Month

A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. [CVSS 4.0 MEDIUM]

Denial Of Service Privilege Escalation RCE Stack Overflow Buffer Overflow
NVD VulDB
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-71178 Monitor

Crucial Storage Executive installer versions prior to 11.08.082025.00 contain a DLL preloading vulnerability. During installation, the installer runs with elevated privileges and loads Windows DLLs using an uncontrolled search path, which can cause a malicious DLL placed alongside the installer to be loaded instead of the intended system library. A local attacker who can convince a victim to run the installer from a directory containing the attacker-supplied DLL can achieve arbitrary code exe...

Windows RCE
NVD
EPSS
0.0%
CVE-2025-57785 MEDIUM This Month

Hiawatha Webserver versions up to 11.7 contains a vulnerability that allows attackers to arbitrary code execution (CVSS 6.5).

RCE Hiawatha Webserver
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2020-36959 HIGH POC This Week

IDT PC Audio 1.0.6499.0 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. [CVSS 7.8 HIGH]

RCE
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2020-36953 HIGH POC This Week

MTAgentService contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).

RCE
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-1284 HIGH This Week

Arbitrary code execution in SOLIDWORKS eDrawings 2025-2026 via out-of-bounds write when parsing specially crafted EPRT files. An attacker can exploit this vulnerability by distributing a malicious file that executes code with user privileges upon opening. No patch is currently available.

Buffer Overflow RCE
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2020-36935 HIGH POC This Week

Service KMSELDI configuration contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).

RCE
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-0911 HIGH This Week

Arbitrary file uploads in the Hustle WordPress plugin (versions up to 7.8.9.2) allow authenticated low-privileged users with granted module permissions to bypass file type validation and upload malicious files, potentially enabling remote code execution. An attacker with Subscriber-level access or higher can exploit improper validation in the action_import_module() function if an administrator grants them Hustle module editing capabilities. No patch is currently available, leaving affected WordPress installations vulnerable until an update is released.

WordPress RCE
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-13374 CRITICAL Act Now

Arbitrary file upload in Kalrav AI Agent WordPress plugin due to missing file type validation in the kalrav_upload_file AJAX action.

WordPress RCE AI / ML PHP
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-24411 HIGH POC PATCH This Week

iccDEV versions 2.3.1.1 and earlier contain unsafe handling of user-supplied input in the CIccTagXmlSegmentedCurve::ToXml() function, enabling remote attackers to trigger undefined behavior in ICC profile parsing. Public exploit code exists for this vulnerability, which can lead to denial of service, data manipulation, or arbitrary code execution. Upgrade to version 2.3.1.2 to remediate.

Denial Of Service RCE Code Injection Iccdev
NVD GitHub
CVSS 3.1
7.1
EPSS
0.2%
CVE-2026-24407 HIGH POC PATCH This Week

iccDEV versions 2.3.1.1 and earlier allow remote attackers to trigger undefined behavior in the icSigCalcOp() function through malicious ICC color profiles, enabling denial of service, data manipulation, or potential code execution. The vulnerability stems from unsafe handling of user-controllable input in binary profile data, and public exploit code exists. Affected organizations should upgrade to version 2.3.1.2 or later.

Denial Of Service RCE Code Injection Iccdev
NVD GitHub
CVSS 3.1
7.1
EPSS
0.2%
CVE-2026-24474 This Week

Dioxus Components is a shadcn-style component library for the Dioxus app framework. Prior to commit 41e4242ecb1062d04ae42a5215363c1d9fd4e23a, `use_animated_open` formats a string for `eval` with an `id` that can be user supplied.

RCE Code Injection
NVD GitHub
EPSS
0.0%
CVE-2025-70457 CRITICAL POC Act Now

Sourcecodester Modern Image Gallery App v1.0 has an arbitrary file upload in the gallery endpoint allowing unauthenticated remote code execution.

PHP RCE Modern Image Gallery App
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-67264 HIGH POC This Week

An OS command injection vulnerability in the com.sprd.engineermode component in Doogee Note59, Note59 Pro, and Note59 Pro+ allows a local attacker to execute arbitrary code and escalate privileges via the EngineerMode ADB shell, due to incomplete patching of CVE-2025-31710 [CVSS 7.8 HIGH]

Command Injection Note59 Pro Firmware Note59 Firmware RCE
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-24423 CRITICAL POC KEV THREAT Emergency

SmarterTools SmarterMail prior to build 9511 contains a second critical vulnerability (CVE-2026-24423) — an unauthenticated remote code execution flaw in the ConnectToHub API method. An attacker can redirect the SmarterMail server to connect to a malicious HTTP endpoint that serves OS commands for execution. KEV-listed with EPSS 29%, this is chainable with CVE-2026-23760 for complete server compromise.

RCE Command Injection Smartermail
NVD
CVSS 3.1
9.8
EPSS
29.3%
Threat
5.8
CVE-2021-47904 HIGH POC This Week

PhreeBooks 5.2.3 contains an authenticated file upload vulnerability in the Image Manager that allows remote code execution. Attackers can upload a malicious PHP web shell by exploiting unrestricted file type uploads to gain command execution on the server. [CVSS 8.8 HIGH]

PHP RCE
NVD GitHub Exploit-DB VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2021-47903 HIGH POC This Week

LiteSpeed Web Server Enterprise 5.4.11 contains an authenticated command injection vulnerability in the external app configuration interface. [CVSS 8.8 HIGH]

RCE Path Traversal Command Injection
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2021-47896 HIGH POC This Week

pdfcDispatcher service contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).

RCE
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2021-47891 CRITICAL POC Act Now

Unified Remote 3.9.0.2463 allows unauthenticated remote code execution by sending crafted network packets to the remote control service.

RCE
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2021-47889 HIGH POC This Week

SoftrosSpellChecker service contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).

RCE
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2021-47888 HIGH POC This Week

Textpattern versions up to 4.8.3 is affected by unrestricted upload of file with dangerous type (CVSS 8.8).

PHP RCE
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
0.5%
CVE-2025-3839 HIGH PATCH This Week

A flaw was found in Epiphany, a tool that allows websites to open external URL handler applications with minimal user interaction. This design can be misused to exploit vulnerabilities within those handlers, making them appear remotely exploitable. [CVSS 8.0 HIGH]

RCE Suse
NVD
CVSS 3.1
8.0
EPSS
0.0%
CVE-2026-0796 HIGH This Week

Remote code execution in ALGO 8180 IP Audio Alerter firmware via command injection in the web UI allows authenticated attackers to execute arbitrary commands on affected devices due to insufficient input validation. The vulnerability requires valid credentials to exploit but provides complete system compromise with high confidentiality, integrity, and availability impact. No patch is currently available for this issue.

Golang RCE Command Injection 8180 Ip Audio Alerter Firmware
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2026-0795 HIGH This Week

Remote code execution in ALGO 8180 IP Audio Alerter devices via command injection in the web UI allows authenticated attackers to execute arbitrary system commands due to insufficient input validation. An attacker with valid credentials can inject malicious commands through user-supplied parameters to gain code execution on the affected device. No patch is currently available for this vulnerability.

Golang RCE Command Injection 8180 Ip Audio Alerter Firmware
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2026-0794 CRITICAL Act Now

ALGO 8180 has a use-after-free in SIP session handling (EPSS 1.1%) enabling remote code execution through crafted VoIP signaling sequences.

Golang RCE Use After Free 8180 Ip Audio Alerter Firmware
NVD
CVSS 3.1
9.8
EPSS
1.1%
EPSS 0% CVSS 7.8
HIGH POC This Week

BOOTP Turbo 2.0.1214 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. [CVSS 7.8 HIGH]

RCE
NVD Exploit-DB
EPSS 0% CVSS 7.8
HIGH POC This Week

SpyHunter 4 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. [CVSS 7.8 HIGH]

RCE
NVD Exploit-DB
EPSS 0% CVSS 7.8
HIGH POC This Week

Iskysoft Application Framework Service 2.4.3.241 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated privileges. [CVSS 7.8 HIGH]

RCE
NVD Exploit-DB
EPSS 0% CVSS 7.8
HIGH POC This Week

NetBackup INET Daemon service contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).

RCE
NVD Exploit-DB
EPSS 0% CVSS 6.4
MEDIUM This Month

BootCommerce 3.2.1 contains persistent input validation vulnerabilities that allow remote attackers to inject malicious script code through guest order checkout input fields. [CVSS 6.4 MEDIUM]

RCE XSS
NVD
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Pre-authentication RCE in AirControl 1.4.2 network management allows unauthenticated system command execution. PoC available.

Java RCE
NVD Exploit-DB
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Buffer overflow in Quick Player 1.3 via crafted .m3l playlist file allows arbitrary code execution. PoC available.

RCE Buffer Overflow
NVD Exploit-DB
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Buffer overflow in 10-Strike Bandwidth Monitor 3.9 bypasses SafeSEH, ASLR, and DEP protections. PoC available.

RCE Buffer Overflow
NVD Exploit-DB
EPSS 0% CVSS 8.8
HIGH POC This Week

Wing FTP Server 6.3.8 contains a remote code execution vulnerability in its Lua-based web console that allows authenticated users to execute system commands. [CVSS 8.8 HIGH]

RCE Wing Ftp Server
NVD Exploit-DB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Arbitrary Python code execution in Backstage's @backstage/plugin-techdocs-node (versions < 1.13.11 and = 1.14.0) lets a contributor who can add or edit a repository's mkdocs.yml inject a malicious MkDocs `hooks` directive that runs on the TechDocs build server whenever TechDocs is configured with `runIn: local`. The flaw also affects documentation built in CI/CD via @techdocs/cli, which bundles the same package. EPSS is very low (0.02%, 6th percentile) and there is no public exploit identified at time of analysis, but the CVSS of 8.8 reflects full host compromise of the build environment.

Python Node.js Docker +3
NVD GitHub VulDB
EPSS 0% CVSS 9.6
CRITICAL POC Act Now

Multiple command injection vulnerabilities in CAI (Cybersecurity AI) framework up to 0.5.10 allow OS command execution through the security testing platform.

RCE AI / ML
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Salt's junos execution module contained an unsafe YAML decode/load usage. A specially crafted YAML payload processed by the junos module could lead to unintended code execution under the context of the Salt process. [CVSS 7.8 HIGH]

RCE Deserialization Suse
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

Outline Service 1.3.3 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. [CVSS 7.8 HIGH]

RCE
NVD Exploit-DB
EPSS 0% CVSS 7.2
HIGH This Week

Authenticated command injection in HIKSEMI NAS devices allows privileged users to execute arbitrary commands through improper input validation on the device interface. Attackers with valid credentials can craft malicious messages to achieve unauthenticated code execution on affected systems. No patch is currently available for this vulnerability.

Command Injection RCE
NVD
EPSS 0% CVSS 9.9
CRITICAL Act Now

Path traversal in Crafty Controller game server management allows authenticated attackers to read/write files outside the intended directory. CVSS 9.9 with scope change.

RCE Path Traversal Crafty Controller
NVD
EPSS 0% CVSS 8.2
HIGH This Week

Remote code execution in Crafty Controller's Backup Configuration feature results from insufficient path traversal validation, enabling authenticated attackers to manipulate files and execute arbitrary code on affected systems. The vulnerability requires valid credentials and specific conditions to exploit but carries high impact due to its ability to compromise system integrity and confidentiality. No patch is currently available.

RCE Path Traversal Crafty Controller
NVD
EPSS 0%
This Week

An unrestricted upload of file with dangerous type vulnerability in the file upload function of Interinfo DreamMaker versions up to 2025 is affected by unrestricted upload of file with dangerous type.

File Upload RCE
NVD
EPSS 0% CVSS 7.6
HIGH POC This Week

Runtipi versions 4.5.0 through 4.7.1 contain an unauthenticated path traversal vulnerability in the UserConfigController that allows remote attackers to overwrite the docker-compose.yml configuration file through insecure URN parsing. An attacker can inject a malicious stack configuration that executes arbitrary code when the instance restarts, achieving full remote code execution and host compromise. Public exploit code exists and no patch is currently available.

Docker RCE Path Traversal +1
NVD GitHub
EPSS 0% CVSS 2.9
LOW Monitor

Kimi Agent SDK is a set of libraries that expose the Kimi Code (Kimi CLI) agent runtime in applications. The vsix-publish.js and ovsx-publish.js scripts pass filenames to execSync() as shell command strings. [CVSS 2.9 LOW]

Command Injection RCE
NVD GitHub
EPSS 51% 6.5 CVSS 9.8
CRITICAL POC KEV EUVD KEV THREAT Emergency

Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that allows unauthenticated attackers to achieve remote code execution on the mobile device management server. Compromising the MDM server provides access to all managed mobile device configurations, policies, and potentially the ability to push malicious profiles to enrolled devices.

Ivanti RCE Code Injection
NVD VulDB
EPSS 65% 6.9 CVSS 9.8
CRITICAL POC KEV EUVD KEV PATCH THREAT Act Now

Ivanti Endpoint Manager Mobile (EPMM) contains a critical code injection vulnerability (CVE-2026-1281, CVSS 9.8) that allows unauthenticated remote attackers to execute arbitrary code. With EPSS 64.8% and KEV listing, this vulnerability in the mobile device management platform threatens the security of every managed mobile device in the organization, as EPMM has the ability to push configurations, certificates, and apps to enrolled devices.

Ivanti RCE Code Injection +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Remote code execution in TP-Link VIGI C385 cameras results from improper input validation in the Web API that allows authenticated attackers to trigger buffer overflows and corrupt memory. An attacker with valid credentials can exploit this vulnerability to execute arbitrary code with elevated privileges on affected devices. No patch is currently available for this high-severity issue.

TP-Link RCE Buffer Overflow +2
NVD
EPSS 0% CVSS 8.8
HIGH POC This Week

Remote code execution in AutoGPT Platform prior to v0.6.44 allows authenticated users to execute disabled blocks and write arbitrary Python code to the server filesystem. The vulnerability stems from insufficient validation of the disabled flag in block execution endpoints, enabling attackers to achieve code execution via the BlockInstallationBlock component. Public exploit code exists, and self-hosted instances with Supabase signup enabled are particularly vulnerable to account creation and exploitation.

Python RCE AI / ML +1
NVD GitHub
EPSS 0% CVSS 7.8
HIGH POC This Week

CodeMeter 6.60 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. [CVSS 7.8 HIGH]

RCE
NVD Exploit-DB
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Unauthenticated RCE in Tea LaTeX 1.0 via command injection in /api endpoint. EPSS 0.29% with PoC available.

PHP RCE
NVD GitHub Exploit-DB
EPSS 0% CVSS 8.8
HIGH POC This Week

MedDream PACS Server 6.8.3.751 contains an authenticated remote code execution vulnerability that allows authorized users to upload malicious PHP files. [CVSS 8.8 HIGH]

PHP RCE
NVD Exploit-DB
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Stack buffer overflow in Free MP3 CD Ripper 2.8 allows remote code execution via crafted WAV files. PoC available.

Windows RCE Buffer Overflow
NVD Exploit-DB
EPSS 0% CVSS 10.0
CRITICAL POC PATCH Act Now

Erugo file-sharing platform up to version 0.2.14 has a CVSS 10.0 path traversal allowing authenticated users to read any file on the server including secrets and configuration.

Golang RCE Erugo
NVD GitHub Exploit-DB VulDB
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

Arbitrary code execution in iccDEV versions before 2.3.1.2 occurs when malformed ICC color profiles containing NaN floating-point values are parsed, causing undefined behavior during type conversion that corrupts memory structures. Local attackers can exploit this by crafting malicious ICC profiles that applications process, and public exploit code exists for this vulnerability. The issue affects any system using the iccDEV library to handle ICC profile data, with a patch available in version 2.3.1.2.

RCE Code Injection Iccdev
NVD GitHub
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial (hg) installed, downloading modules from non-standard sources (e.g., custom domains) can cause unexpected code execution due to how external VCS commands are constructed. [CVSS 7.0 HIGH]

Buffer Overflow RCE Go +2
NVD VulDB
EPSS 0% CVSS 9.9
CRITICAL Act Now

Explorance Blue before 8.14.13 has an authenticated remote file download vulnerability in a web service that allows downloading arbitrary files from the server.

RCE Blue
NVD GitHub
EPSS 0% CVSS 9.1
CRITICAL Act Now

Explorance Blue before 8.14.9 has an authenticated file upload vulnerability allowing administrators to upload executable files to the server.

RCE Blue
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC This Month

PDW File Browser 1.3 contains a remote code execution vulnerability that allows authenticated users to upload and rename webshell files to arbitrary web server locations. [CVSS 6.5 MEDIUM]

PHP RCE Path Traversal
NVD GitHub Exploit-DB
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Zortam Mp3 Media Studio 27.60 has a buffer overflow in the library file selection dialog that allows code execution through crafted library files.

RCE Buffer Overflow
NVD Exploit-DB
EPSS 0% CVSS 8.8
HIGH This Week

An HTML injection vulnerability in Amidaware Inc Tactical RMM v1.3.1 and earlier allows authenticated users to inject arbitrary HTML content during the creation of a new agent via the POST /api/v3/newagent/ endpoint. The agent_id parameter accepts up to 255 characters and is improperly sanitized using DOMPurify.sanitize() with the html: true option enabled, which fails to adequately filter HTML input. The injected HTML is rendered in the Tactical RMM management panel when an administrator att...

RCE Code Injection
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

The Node.js package browserstack-local 1.5.8 contains a command injection vulnerability. This occurs because the logfile variable is not properly sanitized in lib/Local.js. [CVSS 7.8 HIGH]

Node.js Command Injection Browserstack Local +2
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

Snow Monkey Forms WordPress plugin has an arbitrary file deletion vulnerability through insufficient path validation, enabling attackers to delete critical WordPress files.

WordPress PHP RCE
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

ShareMouse 5.0.43 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. [CVSS 7.8 HIGH]

RCE
NVD Exploit-DB
EPSS 0% CVSS 7.8
HIGH POC This Week

ForensiT AppX Management Service 2.2.0.4 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. [CVSS 7.8 HIGH]

RCE
NVD Exploit-DB
EPSS 0% CVSS 7.2
HIGH This Week

Arbitrary file upload in AI Engine WordPress plugin versions up to 3.3.2 allows authenticated Editor-level users to bypass file type validation and execute remote code by uploading files through the `update_media_metadata` REST endpoint. An attacker can upload a benign image file and then rename it to PHP, placing executable code in the web-accessible uploads directory. The vulnerability affects WordPress installations with the plugin installed and requires Editor or higher privileges to exploit.

WordPress PHP RCE +1
NVD
EPSS 12% CVSS 9.8
CRITICAL Act Now

SolarWinds Web Help Desk has a second deserialization vulnerability (EPSS 11.9%) providing another unauthenticated RCE path alongside CVE-2025-40551.

RCE Deserialization Web Help Desk
NVD GitHub
EPSS 81% 7.4 CVSS 9.8
CRITICAL POC KEV THREAT Emergency

SolarWinds Web Help Desk contains an unauthenticated Java deserialization vulnerability (CVE-2025-40551, CVSS 9.8) that enables remote code execution. With EPSS 80.6% and KEV listing, this is the more severe of two concurrent WHD vulnerabilities, allowing attackers to execute arbitrary commands on the host server without any credentials.

RCE Deserialization Web Help Desk
NVD
EPSS 0% CVSS 10.0
CRITICAL POC PATCH Act Now

SandboxJS library prior to 0.8.26 has a CVSS 10.0 sandbox escape via AsyncFunction constructor, allowing execution of arbitrary code outside the sandbox boundary.

RCE Sandboxjs
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

Path traversal vulnerability in RAGFlow RAG engine version 0.23.1 allows unauthenticated attackers to read arbitrary files from the server filesystem. PoC available, patch available.

RCE AI / ML Ragflow
NVD GitHub
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

Unsafe deserialization in PHPUnit versions before 8.5.52, 9.6.33, 10.5.62, 11.5.50, and 12.5.8 allows local attackers to execute arbitrary code by placing malicious serialized objects in `.coverage` files that are deserialized without validation during PHPT test execution. An attacker with file write access can exploit the `cleanupForCoverage()` method's lack of object class restrictions to trigger gadget chains through `__wakeup()` methods. This high-severity vulnerability (CVSS 7.8) affects developers and CI/CD systems running PHPUnit on Linux systems.

RCE Deserialization Debian Linux +3
NVD GitHub
EPSS 0% CVSS 8.8
HIGH POC PATCH This Week

PyTorch is a Python package that provides tensor computation. [CVSS 8.8 HIGH]

Python Pytorch Checkpoint +2
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL POC PATCH Act Now

Remote code execution and denial of service in GnuPG before 2.5.17 stem from a stack-based buffer overflow in gpg-agent when it processes a crafted CMS (S/MIME) EnvelopedData message containing an oversized wrapped session key during PKDECRYPT --kem=CMS handling. Any user or service decrypting attacker-supplied S/MIME mail with a vulnerable build can be crashed, and the memory corruption may be escalated to arbitrary code execution in the gpg-agent process that custodies private keys. Publicly available exploit code exists, but the issue is not in CISA KEV and EPSS is low (0.20%, 41st percentile), indicating no confirmed widespread exploitation yet.

RCE Buffer Overflow Stack Overflow +3
NVD VulDB
EPSS 0% CVSS 7.8
HIGH POC This Week

Quick 'n Easy FTP Service 3.2 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code during service startup. [CVSS 7.8 HIGH]

RCE
NVD Exploit-DB
EPSS 0% CVSS 7.8
HIGH POC This Week

MotoHelperService.exe service contains a vulnerability that allows attackers to potentially inject malicious code (CVSS 7.8).

RCE
NVD Exploit-DB
EPSS 0% CVSS 7.8
HIGH POC This Week

PST Service contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).

RCE
NVD Exploit-DB
EPSS 0% CVSS 7.8
HIGH POC This Week

its service configuration contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).

RCE
NVD Exploit-DB
EPSS 0% CVSS 7.8
HIGH POC This Week

EPSON Status Monitor 3 version 8.0 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code by exploiting the service binary path. [CVSS 7.8 HIGH]

RCE
NVD Exploit-DB
EPSS 0% CVSS 7.8
HIGH POC This Week

Realtek Andrea RT Filters 1.0.64.7 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. [CVSS 7.8 HIGH]

RCE
NVD Exploit-DB
EPSS 0% CVSS 7.2
HIGH This Week

HPE Aruba Networking Fabric Composer's backup functionality contains insecure file operations that permit authenticated users to execute arbitrary OS commands, resulting in remote code execution on affected systems. An attacker with valid credentials could leverage this vulnerability to gain full system compromise through the backup restoration process. No patch is currently available to remediate this high-severity flaw.

RCE
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function. Impact summary: A NULL pointer dereference can trigger a crash which leads to Denial of Service for an application processing PKCS#12 files. [CVSS 7.5 HIGH]

OpenSSL Null Pointer Dereference Denial Of Service +1
NVD GitHub VulDB
EPSS 1% 5.3 CVSS 8.8
HIGH POC PATCH Act Now

OpenSSL has a critical out-of-bounds write when parsing CMS AuthEnvelopedData/EnvelopedData with malicious AEAD parameters, enabling potential RCE.

OpenSSL RCE Buffer Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 6.1
MEDIUM POC PATCH This Month

Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation which can trigger a stack-based buffer overflow, invalid pointer or NULL pointer dereference during MAC verification. [CVSS 6.1 MEDIUM]

OpenSSL Buffer Overflow Null Pointer Dereference +4
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Gila CMS before 2.0.0 has an RFI vulnerability enabling unauthenticated RCE.

PHP RCE
NVD GitHub Exploit-DB
EPSS 0% CVSS 9.9
CRITICAL POC PATCH Act Now

n8n has a fifth critical RCE vulnerability (CVSS 9.9) in the Expression evaluator, enabling code execution through crafted workflow expressions.

RCE AI / ML N8n
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

A low privileged remote attacker can execute arbitrary code by sending specially crafted calls to the web service of the Device Manager or locally via an API and can cause integer overflows which then may lead to arbitrary code execution within privileged processes. [CVSS 8.8 HIGH]

Integer Overflow RCE
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Improper Control of Generation of Code ('Code Injection') vulnerability in liuyueyi quick-media (plugins/svg-plugin/batik-codec-fix/src/main/java/org/apache/batik/ext/awt/image/codec/png modules). This vulnerability is associated with program files PNGImageEncoder.Java.

Apache Java Code Injection +1
NVD GitHub VulDB
EPSS 0%
This Week

Multiple Buffer Overflows in Admin UI of EZCast Pro II version 1.17478.146 allow attackers to cause a program crash and potential remote code execution

RCE Buffer Overflow Denial Of Service
NVD
EPSS 0%
This Week

QGIS is a free, open source, cross platform geographical information system (GIS) The repository contains a GitHub Actions workflow called "pre-commit checks" that, before commit 76a693cd91650f9b4e83edac525e5e4f90d954e9, was vulnerable to remote code execution and repository compromise because it used the `pull_request_target` trigger and then checked out and executed untrusted pull request code in a privileged context.

Github RCE
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

HUSTOJ online judge has a path traversal vulnerability enabling arbitrary file access on the competition server.

Linux PHP MySQL +3
NVD GitHub Exploit-DB VulDB
EPSS 0% CVSS 7.2
HIGH POC This Week

AnythingLLM versions prior to 1.10.0 contain a path traversal vulnerability in the DrupalWiki integration that allows malicious administrators or attackers with admin privileges to write arbitrary files to the server, potentially achieving remote code execution through configuration file overwriting or malicious script injection. Public exploit code exists for this vulnerability, and no patch is currently available for affected deployments. The attack requires high-level privileges but carries critical risk due to the ability to completely compromise server integrity.

Drupal RCE Path Traversal +2
NVD GitHub
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. [CVSS 4.0 MEDIUM]

Denial Of Service Privilege Escalation RCE +2
NVD VulDB
EPSS 0%
Monitor

Crucial Storage Executive installer versions prior to 11.08.082025.00 contain a DLL preloading vulnerability. During installation, the installer runs with elevated privileges and loads Windows DLLs using an uncontrolled search path, which can cause a malicious DLL placed alongside the installer to be loaded instead of the intended system library. A local attacker who can convince a victim to run the installer from a directory containing the attacker-supplied DLL can achieve arbitrary code exe...

Windows RCE
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Hiawatha Webserver versions up to 11.7 contains a vulnerability that allows attackers to arbitrary code execution (CVSS 6.5).

RCE Hiawatha Webserver
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

IDT PC Audio 1.0.6499.0 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. [CVSS 7.8 HIGH]

RCE
NVD Exploit-DB
EPSS 0% CVSS 7.8
HIGH POC This Week

MTAgentService contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).

RCE
NVD Exploit-DB
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in SOLIDWORKS eDrawings 2025-2026 via out-of-bounds write when parsing specially crafted EPRT files. An attacker can exploit this vulnerability by distributing a malicious file that executes code with user privileges upon opening. No patch is currently available.

Buffer Overflow RCE
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

Service KMSELDI configuration contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).

RCE
NVD Exploit-DB
EPSS 0% CVSS 7.5
HIGH This Week

Arbitrary file uploads in the Hustle WordPress plugin (versions up to 7.8.9.2) allow authenticated low-privileged users with granted module permissions to bypass file type validation and upload malicious files, potentially enabling remote code execution. An attacker with Subscriber-level access or higher can exploit improper validation in the action_import_module() function if an administrator grants them Hustle module editing capabilities. No patch is currently available, leaving affected WordPress installations vulnerable until an update is released.

WordPress RCE
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Arbitrary file upload in Kalrav AI Agent WordPress plugin due to missing file type validation in the kalrav_upload_file AJAX action.

WordPress RCE AI / ML +1
NVD GitHub
EPSS 0% CVSS 7.1
HIGH POC PATCH This Week

iccDEV versions 2.3.1.1 and earlier contain unsafe handling of user-supplied input in the CIccTagXmlSegmentedCurve::ToXml() function, enabling remote attackers to trigger undefined behavior in ICC profile parsing. Public exploit code exists for this vulnerability, which can lead to denial of service, data manipulation, or arbitrary code execution. Upgrade to version 2.3.1.2 to remediate.

Denial Of Service RCE Code Injection +1
NVD GitHub
EPSS 0% CVSS 7.1
HIGH POC PATCH This Week

iccDEV versions 2.3.1.1 and earlier allow remote attackers to trigger undefined behavior in the icSigCalcOp() function through malicious ICC color profiles, enabling denial of service, data manipulation, or potential code execution. The vulnerability stems from unsafe handling of user-controllable input in binary profile data, and public exploit code exists. Affected organizations should upgrade to version 2.3.1.2 or later.

Denial Of Service RCE Code Injection +1
NVD GitHub
EPSS 0%
This Week

Dioxus Components is a shadcn-style component library for the Dioxus app framework. Prior to commit 41e4242ecb1062d04ae42a5215363c1d9fd4e23a, `use_animated_open` formats a string for `eval` with an `id` that can be user supplied.

RCE Code Injection
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Sourcecodester Modern Image Gallery App v1.0 has an arbitrary file upload in the gallery endpoint allowing unauthenticated remote code execution.

PHP RCE Modern Image Gallery App
NVD GitHub
EPSS 0% CVSS 7.8
HIGH POC This Week

An OS command injection vulnerability in the com.sprd.engineermode component in Doogee Note59, Note59 Pro, and Note59 Pro+ allows a local attacker to execute arbitrary code and escalate privileges via the EngineerMode ADB shell, due to incomplete patching of CVE-2025-31710 [CVSS 7.8 HIGH]

Command Injection Note59 Pro Firmware Note59 Firmware +1
NVD GitHub
EPSS 29% 5.8 CVSS 9.8
CRITICAL POC KEV THREAT Emergency

SmarterTools SmarterMail prior to build 9511 contains a second critical vulnerability (CVE-2026-24423) — an unauthenticated remote code execution flaw in the ConnectToHub API method. An attacker can redirect the SmarterMail server to connect to a malicious HTTP endpoint that serves OS commands for execution. KEV-listed with EPSS 29%, this is chainable with CVE-2026-23760 for complete server compromise.

RCE Command Injection Smartermail
NVD
EPSS 0% CVSS 8.8
HIGH POC This Week

PhreeBooks 5.2.3 contains an authenticated file upload vulnerability in the Image Manager that allows remote code execution. Attackers can upload a malicious PHP web shell by exploiting unrestricted file type uploads to gain command execution on the server. [CVSS 8.8 HIGH]

PHP RCE
NVD GitHub Exploit-DB VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

LiteSpeed Web Server Enterprise 5.4.11 contains an authenticated command injection vulnerability in the external app configuration interface. [CVSS 8.8 HIGH]

RCE Path Traversal Command Injection
NVD Exploit-DB
EPSS 0% CVSS 7.8
HIGH POC This Week

pdfcDispatcher service contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).

RCE
NVD Exploit-DB
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Unified Remote 3.9.0.2463 allows unauthenticated remote code execution by sending crafted network packets to the remote control service.

RCE
NVD Exploit-DB
EPSS 0% CVSS 7.8
HIGH POC This Week

SoftrosSpellChecker service contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).

RCE
NVD Exploit-DB
EPSS 0% CVSS 8.8
HIGH POC This Week

Textpattern versions up to 4.8.3 is affected by unrestricted upload of file with dangerous type (CVSS 8.8).

PHP RCE
NVD Exploit-DB
EPSS 0% CVSS 8.0
HIGH PATCH This Week

A flaw was found in Epiphany, a tool that allows websites to open external URL handler applications with minimal user interaction. This design can be misused to exploit vulnerabilities within those handlers, making them appear remotely exploitable. [CVSS 8.0 HIGH]

RCE Suse
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Remote code execution in ALGO 8180 IP Audio Alerter firmware via command injection in the web UI allows authenticated attackers to execute arbitrary commands on affected devices due to insufficient input validation. The vulnerability requires valid credentials to exploit but provides complete system compromise with high confidentiality, integrity, and availability impact. No patch is currently available for this issue.

Golang RCE Command Injection +1
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Remote code execution in ALGO 8180 IP Audio Alerter devices via command injection in the web UI allows authenticated attackers to execute arbitrary system commands due to insufficient input validation. An attacker with valid credentials can inject malicious commands through user-supplied parameters to gain code execution on the affected device. No patch is currently available for this vulnerability.

Golang RCE Command Injection +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

ALGO 8180 has a use-after-free in SIP session handling (EPSS 1.1%) enabling remote code execution through crafted VoIP signaling sequences.

Golang RCE Use After Free +1
NVD
Prev Page 39 of 355 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy