Skip to main content

RCE

31892 CVEs technique

Monthly

CVE-2026-0793 CRITICAL Act Now

ALGO 8180 has a heap-based buffer overflow in InformaCast message processing enabling remote code execution through the emergency notification protocol.

Golang RCE Buffer Overflow Heap Overflow 8180 Ip Audio Alerter Firmware
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2026-0792 CRITICAL Act Now

ALGO 8180 has a stack-based buffer overflow in SIP INVITE Alert-Info header processing, enabling remote code execution through the VoIP protocol.

Golang RCE Buffer Overflow Stack Overflow 8180 Ip Audio Alerter Firmware
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2026-0791 CRITICAL Act Now

ALGO 8180 has a stack-based buffer overflow in SIP INVITE Replaces header processing enabling remote code execution through crafted VoIP calls.

Golang RCE Buffer Overflow Stack Overflow 8180 Ip Audio Alerter Firmware
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2026-0787 CRITICAL Act Now

ALGO 8180 IP Audio Alerter has a command injection in the SAC interface (EPSS 0.68%) allowing remote code execution on the emergency notification device.

Golang RCE Command Injection 8180 Ip Audio Alerter Firmware
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2026-0786 HIGH This Week

Remote code execution in ALGO 8180 IP Audio Alerter firmware results from insufficient input validation in the SCI module, allowing authenticated attackers to inject arbitrary commands and execute code with device privileges. The vulnerability affects Golang-based implementations and carries a high CVSS score of 8.8, with no patch currently available. Exploitation requires valid credentials but poses significant risk to networked audio alerting infrastructure.

Golang RCE Command Injection 8180 Ip Audio Alerter Firmware
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2026-0785 HIGH This Week

Remote code execution in ALGO 8180 IP Audio Alerter firmware via command injection in the API interface allows authenticated attackers to execute arbitrary system commands on affected devices due to insufficient input validation. The vulnerability has a high CVSS score of 8.8 and currently lacks a patch. With an EPSS score of 0.8%, exploitation is possible but not yet widely observed in the wild.

Golang RCE Command Injection 8180 Ip Audio Alerter Firmware
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2026-0784 HIGH This Week

Remote code execution in ALGO 8180 IP Audio Alerter firmware via command injection in the web UI allows authenticated attackers to execute arbitrary commands on vulnerable devices due to insufficient input validation. An attacker with valid credentials can inject malicious commands through unsanitized user input to compromise the device and execute code with device privileges. No patch is currently available for this vulnerability.

Golang RCE Command Injection 8180 Ip Audio Alerter Firmware
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2026-0783 HIGH This Week

Remote code execution in ALGO 8180 IP Audio Alerter firmware via command injection in the web UI allows authenticated attackers to execute arbitrary commands on affected devices through insufficient input validation. An attacker with valid credentials can inject malicious commands through unsanitized user input parameters to achieve code execution in the device context. No patch is currently available for this high-severity vulnerability.

Golang RCE Command Injection 8180 Ip Audio Alerter Firmware
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2026-0782 HIGH This Week

Remote code execution in ALGO 8180 IP Audio Alerter devices through command injection in the web management interface allows authenticated attackers to execute arbitrary commands with device privileges. The vulnerability stems from insufficient input validation of user-supplied parameters passed to system calls. A patch is not currently available for this high-severity flaw affecting Golang-based firmware.

Golang RCE Command Injection 8180 Ip Audio Alerter Firmware
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2026-0781 HIGH This Week

Remote code execution in ALGO 8180 IP Audio Alerter firmware via command injection in the web UI allows authenticated attackers to execute arbitrary commands on affected devices due to insufficient input validation. An attacker with valid credentials can exploit this vulnerability to achieve code execution in the device context. No patch is currently available for this high-severity vulnerability (CVSS 8.8).

Golang RCE Command Injection 8180 Ip Audio Alerter Firmware
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-0780 HIGH This Week

Remote code execution in ALGO 8180 IP Audio Alerter firmware through command injection in the web UI allows authenticated attackers to execute arbitrary commands on affected devices due to insufficient input validation. The vulnerability requires valid credentials to exploit but enables complete device compromise once authenticated. No patch is currently available for this high-severity flaw affecting the Golang-based firmware.

Golang RCE Command Injection 8180 Ip Audio Alerter Firmware
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-0779 HIGH This Week

Remote code execution in ALGO 8180 IP Audio Alerter firmware via command injection in the web interface allows authenticated attackers to execute arbitrary code on affected devices through insufficient input validation. The vulnerability requires valid credentials but no user interaction to exploit, presenting significant risk to networked audio alerting systems. No patch is currently available.

Golang RCE Command Injection 8180 Ip Audio Alerter Firmware
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-0778 HIGH This Week

Unauthenticated remote code execution in Enel X JuiceBox 40 charging stations via an exposed Telnet service on TCP port 2000 allows network-adjacent attackers to execute arbitrary commands without credentials. The vulnerability affects all installations of the JuiceBox 40 and runs with service account privileges, enabling full system compromise. No patch is currently available.

RCE
NVD
CVSS 3.0
8.8
EPSS
0.4%
CVE-2026-0775 HIGH PATCH This Week

npm cli contains an insecure module loading mechanism that enables local privilege escalation on Node.js installations. An attacker with low-privileged code execution can exploit this flaw to gain elevated privileges and execute arbitrary code with target user permissions. No patch is currently available for this vulnerability.

Node.js Privilege Escalation RCE
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-0774 HIGH This Week

WatchYourLAN's configuration page is vulnerable to argument injection through improper validation of the arpstrs parameter, enabling unauthenticated network-adjacent attackers to execute arbitrary code with service account privileges. The vulnerability stems from insufficient input sanitization before system command execution and currently lacks an available patch. An attacker on the same network can exploit this without authentication to achieve complete system compromise.

RCE
NVD
CVSS 3.0
8.8
EPSS
0.3%
CVE-2026-0773 CRITICAL Act Now

Upsonic has an insecure deserialization via cloudpickle (EPSS 1.3%) enabling remote code execution through crafted serialized AI agent data.

RCE Deserialization AI / ML
NVD
CVSS 3.0
9.8
EPSS
1.3%
CVE-2026-0772 HIGH This Week

Remote code execution in Langflow's disk cache service allows authenticated attackers to execute arbitrary code by exploiting improper deserialization of untrusted data. The vulnerability affects Langflow installations and requires valid authentication credentials to exploit, enabling attackers to gain code execution within the service account context. No patch is currently available.

RCE Deserialization AI / ML Langflow
NVD
CVSS 3.0
7.5
EPSS
0.9%
CVE-2026-0771 HIGH This Week

Langflow's PythonFunction component allows authenticated attackers with user interaction to inject and execute arbitrary Python code within application workflows, achieving remote code execution. The vulnerability affects Langflow deployments using Python-based AI/ML components, with exploitation feasibility depending on specific product configurations. No patch is currently available.

Python RCE Code Injection AI / ML Langflow
NVD
CVSS 3.0
7.1
EPSS
0.1%
CVE-2026-0770 PyPI CRITICAL POC THREAT Emergency

Langflow has a third RCE vulnerability via exec_globals (EPSS 10.0%) allowing inclusion of untrusted code that executes in the application's global scope.

RCE AI / ML Langflow
NVD Exploit-DB VulDB
CVSS 3.0
9.8
EPSS
10.0%
CVE-2026-0769 CRITICAL Act Now

Langflow has an eval injection in eval_custom_component_code (EPSS 2.0%) enabling remote code execution through crafted custom component definitions.

Python RCE AI / ML Langflow
NVD
CVSS 3.0
9.8
EPSS
2.0%
CVE-2026-0768 CRITICAL Act Now

Langflow has a code injection vulnerability in the code component (EPSS 2.6%) enabling remote code execution through the visual AI workflow builder.

Python RCE Code Injection AI / ML Langflow
NVD
CVSS 3.0
9.8
EPSS
2.6%
CVE-2026-0766 HIGH This Week

Remote code execution in Open WebUI through the load_tool_module_by_id function allows authenticated attackers to execute arbitrary Python code due to insufficient input validation on user-supplied strings. An attacker with valid credentials can leverage this vulnerability to achieve code execution with service account privileges. No patch is currently available, making this a critical risk for deployed Open WebUI instances.

Python RCE Command Injection AI / ML Open Webui
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2026-0765 HIGH This Week

Remote code execution in Open WebUI's install_frontmatter_requirements function allows authenticated attackers to execute arbitrary commands on the host system by bypassing input validation in system call parameters. The vulnerability affects AI/ML deployments using Open WebUI and requires valid authentication credentials to exploit. No patch is currently available.

RCE Command Injection AI / ML Open Webui
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2026-0764 CRITICAL Act Now

GPT Academic has a second insecure deserialization vulnerability in the upload function (EPSS 1.5%) allowing remote code execution through crafted file uploads.

RCE Deserialization AI / ML Gpt Academic
NVD
CVSS 3.0
9.8
EPSS
1.5%
CVE-2026-0763 CRITICAL Act Now

GPT Academic has an insecure deserialization in run_in_subprocess_wrapper_func (EPSS 1.7%) enabling remote code execution through crafted subprocess data.

RCE Deserialization AI / ML Gpt Academic
NVD
CVSS 3.0
9.8
EPSS
1.7%
CVE-2026-0762 HIGH This Week

Remote code execution in GPT Academic's stream_daas function results from improper deserialization of untrusted data when communicating with external servers, allowing unauthenticated attackers to execute arbitrary code with root privileges. The vulnerability requires interaction with a malicious DAAS server and currently has no available patch. Organizations using GPT Academic should implement network controls to restrict connections to untrusted DAAS services until patching is available.

RCE Deserialization AI / ML Gpt Academic
NVD
CVSS 3.0
8.1
EPSS
0.5%
CVE-2026-0761 CRITICAL Act Now

MetaGPT has a code injection vulnerability in actionoutput_str_to_mapping (EPSS 2.6%) allowing remote attackers to execute arbitrary code through crafted AI agent output processing.

Python RCE Code Injection AI / ML Metagpt
NVD
CVSS 3.0
9.8
EPSS
2.6%
CVE-2026-0760 CRITICAL Act Now

MetaGPT by Foundation Agents has an insecure deserialization in deserialize_message (EPSS 1.7%) enabling remote code execution through crafted serialized data in AI agent communications.

RCE Deserialization AI / ML Metagpt
NVD
CVSS 3.0
9.8
EPSS
1.7%
CVE-2026-0759 CRITICAL Act Now

Katana Network Development Starter Kit has a command injection in executeCommand enabling remote code execution through the development framework.

RCE Command Injection AI / ML
NVD
CVSS 3.0
9.8
EPSS
1.0%
CVE-2026-0756 CRITICAL Act Now

github-kanban-mcp-server has a command injection in execAsync (EPSS 1.0%) enabling remote code execution on developer machines using the GitHub Kanban MCP integration.

Github RCE Command Injection AI / ML
NVD
CVSS 3.0
9.8
EPSS
1.0%
CVE-2026-0755 npm CRITICAL POC PATCH GHSA Act Now

gemini-mcp-tool has a command injection in execAsync allowing remote code execution on systems using the Gemini AI MCP integration.

RCE Command Injection AI / ML
NVD GitHub VulDB
CVSS 3.0
9.8
EPSS
0.5%
CVE-2025-15351 HIGH This Week

Anritsu VectorStar CHX File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Anritsu VectorStar. [CVSS 7.8 HIGH]

RCE Deserialization Vectorstar
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2025-15350 HIGH This Week

Anritsu VectorStar CHX File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Anritsu VectorStar. [CVSS 7.8 HIGH]

RCE Deserialization Vectorstar
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2025-15349 HIGH This Week

Anritsu ShockLine SCPI Race Condition Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Anritsu ShockLine. [CVSS 7.5 HIGH]

RCE Race Condition Shockline
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2025-15348 HIGH This Week

Anritsu ShockLine CHX File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Anritsu ShockLine. [CVSS 7.8 HIGH]

RCE Deserialization Shockline
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2025-15063 CRITICAL Act Now

Ollama MCP Server has a command injection vulnerability in execAsync (EPSS 1.0%) allowing remote attackers to execute arbitrary commands on systems running the Ollama AI integration.

RCE Command Injection AI / ML Ollama
NVD
CVSS 3.0
9.8
EPSS
1.0%
CVE-2025-15062 HIGH This Week

Trimble SketchUp SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations ...

RCE Use After Free
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2025-15061 npm CRITICAL PATCH Act Now

Framelink Figma MCP Server has a command injection vulnerability in fetchWithRetry (EPSS 1.4%) enabling remote code execution on developer machines using the MCP integration.

RCE Command Injection AI / ML
NVD GitHub
CVSS 3.0
9.8
EPSS
1.4%
CVE-2025-15059 HIGH PATCH This Week

GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. [CVSS 7.8 HIGH]

RCE Buffer Overflow Heap Overflow Gimp
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-11002 HIGH PATCH This Week

7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. [CVSS 7.8 HIGH]

RCE Path Traversal 7 Zip Suse
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-0535 HIGH PATCH This Week

Stored cross-site scripting in the Autodesk Fusion desktop application allows a malicious actor to embed an HTML payload in a component's description that, when clicked by another user, can read local files or execute arbitrary code in the context of the Fusion process. The vulnerability requires user interaction but no authentication on the victim side, and Autodesk has released a patch via security advisory ADSK-SA-2026-0001. No public exploit identified at time of analysis and EPSS exploitation probability is very low at 0.02%.

XSS RCE Fusion
NVD VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-0534 HIGH PATCH This Week

Stored cross-site scripting in the Autodesk Fusion desktop application allows remote attackers to embed malicious HTML in a part's attribute that, when clicked by a victim, executes script in the application context. Because Fusion is a desktop Electron-style client rather than a sandboxed browser, successful exploitation can escalate to local file read or arbitrary code execution in the user's process. No public exploit identified at time of analysis, and EPSS exploitation probability is very low (0.02%, 4th percentile).

XSS RCE Fusion
NVD VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-0533 HIGH PATCH This Week

Stored cross-site scripting in the Autodesk Fusion desktop application allows remote attackers to embed a malicious HTML payload in a design name that executes when a user opens the delete confirmation dialog and clicks the rendered content. Successful exploitation can lead to local file disclosure or arbitrary code execution in the context of the Fusion process. No public exploit identified at time of analysis, and EPSS exploitation probability is low (0.04%, 11th percentile).

XSS RCE Fusion
NVD VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2025-68986 CRITICAL Act Now

Miion WordPress theme by zozothemes has an unrestricted file upload vulnerability allowing unauthenticated web shell deployment and server compromise.

WordPress PHP RCE
NVD
CVSS 3.1
9.9
EPSS
0.1%
CVE-2025-68910 CRITICAL Act Now

Blogzee WordPress theme by blazethemes has an unrestricted file upload vulnerability — the fourth blazethemes product affected by the same shared vulnerable upload component.

WordPress PHP RCE
NVD
CVSS 3.1
9.9
EPSS
0.1%
CVE-2025-68909 CRITICAL Act Now

Blogistic WordPress theme by blazethemes has an unrestricted file upload vulnerability enabling attackers to deploy web shells for persistent server access.

WordPress PHP RCE
NVD
CVSS 3.1
9.9
EPSS
0.1%
CVE-2025-68015 CRITICAL Act Now

Event Tickets with Ticket Scanner WordPress plugin has a code injection vulnerability allowing remote code execution through the event management system.

Code Injection RCE
NVD
CVSS 3.1
9.0
EPSS
0.1%
CVE-2025-67968 CRITICAL Act Now

Real Homes CRM WordPress plugin has an unrestricted file upload allowing web shell deployment for persistent remote code execution.

WordPress PHP RCE
NVD
CVSS 3.1
9.9
EPSS
0.1%
CVE-2025-67944 CRITICAL Act Now

Nelio AB Testing WordPress plugin has a code injection vulnerability allowing attackers to execute arbitrary code through the A/B testing functionality.

Code Injection RCE
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-62056 CRITICAL Act Now

News Event WordPress theme by blazethemes has an unrestricted file upload allowing web shell deployment and remote code execution.

WordPress PHP RCE
NVD
CVSS 3.1
9.9
EPSS
0.0%
CVE-2025-62050 CRITICAL Act Now

Blogmatic WordPress theme by blazethemes has an unrestricted file upload vulnerability allowing attackers to upload web shells for persistent server access.

WordPress PHP RCE
NVD
CVSS 3.1
9.9
EPSS
0.0%
CVE-2026-24009 PyPI HIGH PATCH This Week

Remote code execution in Docling Core versions 2.21.0 through 2.48.3 allows unauthenticated attackers to execute arbitrary code when applications deserialize untrusted YAML data using the `DoclingDocument.load_from_yaml()` method with vulnerable PyYAML versions. The vulnerability stems from unsafe deserialization practices (CWE-502) and affects document processing systems using affected library versions. No patch is currently available; mitigation requires upgrading to version 2.48.4 or ensuring PyYAML 5.4+ is installed.

RCE Deserialization Docling Core
NVD GitHub
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-69764 CRITICAL POC Act Now

Tenda AX3 firmware has another stack-based buffer overflow in formGetIptv through a different input path, enabling remote code execution.

RCE Buffer Overflow Stack Overflow Memory Corruption Ax3 Firmware +1
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-67684 HIGH This Week

Quick.Cart is vulnerable to Local File Inclusion and Path Traversal issues in the theme selection mechanism. Quick.Cart allows a privileged user to upload arbitrary file contents while only validating the filename extension. [CVSS 7.2 HIGH]

PHP RCE LFI Path Traversal Quick.Cart
NVD
CVSS 3.1
7.2
EPSS
0.6%
CVE-2026-1331 CRITICAL Act Now

HAMASTAR MeetingHub has an arbitrary file upload vulnerability allowing unauthenticated remote attackers to upload web shells and achieve full server compromise.

File Upload RCE Meetinghub Paperless Meetings
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-24049 PyPI MEDIUM POC PATCH This Month

Malicious wheel files can modify file permissions on critical system files during extraction in Python wheel versions 0.40.0-0.46.1, enabling attackers to alter SSH keys, configuration files, or executable scripts. This path traversal and permission manipulation flaw affects systems unpacking untrusted wheels and can lead to privilege escalation or arbitrary code execution. Public exploit code exists for this vulnerability, though a patch is available in version 0.46.2.

Python Privilege Escalation Wheel RCE Path Traversal
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-27380 HIGH This Week

HTML injection in Project Release in Altium Enterprise Server (AES) 7.0.3 on all platforms allows an authenticated attacker to execute arbitrary JavaScript in the victim’s browser via crafted HTML content. [CVSS 7.6 HIGH]

RCE XSS On Prem Enterprise Server
NVD
CVSS 3.1
7.6
EPSS
0.0%
CVE-2026-23946 PyPI MEDIUM POC PATCH This Month

Remote code execution in Tendenci CMS versions 15.3.11 and below allows authenticated staff users to execute arbitrary code through unsafe pickle deserialization in the Helpdesk module's reporting function. The vulnerability stems from incomplete patching of CVE-2020-14942, where the run_report() function continues to use unsafe pickle.loads() despite the ticket_list() function being corrected. Public exploit code exists for this issue, though impact is limited to the privileges of the application's runtime user.

Python RCE Deserialization Tendenci
NVD GitHub
CVSS 3.1
6.8
EPSS
0.4%
CVE-2026-23524 PHP CRITICAL PATCH Act Now

Laravel Reverb WebSocket server versions 1.6.3 and below have an insecure deserialization vulnerability enabling remote code execution on the backend server.

Redis Laravel RCE Deserialization Reverb
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2026-23516 MEDIUM PATCH This Month

CVAT is an open source interactive video and image annotation tool for computer vision. [CVSS 5.4 MEDIUM]

RCE AI / ML Computer Vision Annotation Tool
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-22807 PyPI CRITICAL PATCH GHSA Act Now

Remote code execution in vLLM 0.10.1 through 0.13.x lets an attacker who controls the model repository or path run arbitrary Python on the inference host: vLLM auto-loads Hugging Face `auto_map` dynamic modules during model resolution without honoring the `trust_remote_code` safety gate, so attacker-supplied code executes at server startup before any request is processed and without API access. The flaw carries a CVSS 9.8 and is fixed in 0.14.0, with Red Hat shipping multiple RHSA errata; however EPSS is only 0.06% (17th percentile) and there is no public exploit identified at time of analysis, so exploitation hinges on an attacker first influencing which model is loaded. This is a code-injection (CWE-94) trust-boundary bypass rather than a remotely reachable network service bug despite the AV:N rating.

Python Vllm Code Injection RCE
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-22793 CRITICAL POC Act Now

5ire MCP client prior to version 0.10.0 has a code injection vulnerability through MCP tool responses that enables arbitrary code execution on the user's desktop.

RCE 5ire
NVD GitHub
CVSS 3.1
9.6
EPSS
0.3%
CVE-2025-69209 This Week

ArduinoCore-avr contains the source code and configuration files of the Arduino AVR Boards platform. A vulnerability in versions prior to 1.8.7 allows an attacker to trigger a stack-based buffer overflow when converting floating-point values to strings with high precision. By passing very large `decimalPlaces` values to the affected String constructors or concat methods, the `dtostrf` function writes beyond fixed-size stack buffers, causing memory corruption and denial of service. Under speci...

Github Buffer Overflow Stack Overflow Memory Corruption Denial Of Service +1
NVD GitHub
EPSS
0.0%
CVE-2025-69766 CRITICAL POC Act Now

Tenda AX3 firmware has a third stack-based buffer overflow in formGetIptv, allowing unauthenticated remote code execution through the router's web interface.

RCE Buffer Overflow Stack Overflow Memory Corruption Ax3 Firmware +1
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-69763 CRITICAL POC Act Now

Tenda AX3 firmware has a second stack overflow in formSetIptv via the vlanId parameter, allowing remote code execution through the IPTV configuration endpoint.

RCE Stack Overflow Memory Corruption Ax3 Firmware Tenda
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-69762 CRITICAL POC Act Now

Tenda AX3 firmware v16.03.12.11 has a stack overflow in formSetIptv via the list parameter, enabling remote attackers to crash the router or execute arbitrary code.

RCE Stack Overflow Memory Corruption Ax3 Firmware Tenda
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2021-47887 HIGH POC This Week

OkiJaSvc service contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).

RCE
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2021-47886 HIGH POC This Week

PingzapperSvc service contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).

RCE
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2021-47884 HIGH POC This Week

OKI Local Port Manager service contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).

RCE
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2021-47869 HIGH POC This Week

BRA_Scheduler service contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).

RCE
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2021-47861 HIGH POC This Week

Event Log Explorer 4.9.3 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. [CVSS 7.8 HIGH]

RCE
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2021-47859 HIGH POC This Week

ac.sharedstore service contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).

RCE
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2021-47851 CRITICAL POC Act Now

Mini Mouse 9.2.0 remote control application has an RCE vulnerability allowing attackers to execute arbitrary OS commands through the remote control protocol.

RCE Mini Mouse
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2021-47830 MEDIUM POC This Month

GetSimple CMS My SMTP Contact Plugin 1.1.1 contains a cross-site request forgery (CSRF) vulnerability. Attackers can craft a malicious webpage that, when visited by an authenticated administrator, can change SMTP configuration settings in the plugin. [CVSS 6.5 MEDIUM]

RCE CSRF Getsimplecms
NVD GitHub Exploit-DB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2021-47778 HIGH POC This Week

GetSimple CMS My SMTP Contact Plugin 1.1.2 contains a PHP code injection vulnerability. An authenticated administrator can inject arbitrary PHP code through plugin configuration parameters, leading to remote code execution on the server. [CVSS 7.2 HIGH]

PHP RCE Code Injection Getsimplecms
NVD GitHub Exploit-DB
CVSS 3.1
7.2
EPSS
1.1%
CVE-2021-47770 HIGH POC This Week

OpenPLC v3 contains an authenticated remote code execution vulnerability that allows attackers with valid credentials to inject malicious code through the hardware configuration interface. [CVSS 8.8 HIGH]

RCE
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2021-47748 CRITICAL POC Act Now

Hasura GraphQL 1.3.3 has a remote code execution vulnerability allowing attackers to execute arbitrary shell commands through the GraphQL endpoint.

PostgreSQL RCE Graphql Engine
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2025-55131 HIGH PATCH This Week

A flaw in Node.js's buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using the `vm` module with the timeout option. [CVSS 7.1 HIGH]

Node.js RCE Buffer Overflow
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-56005 CRITICAL POC PATCH Act Now

PLY (Python Lex-Yacc) library 3.11 has an unsafe feature enabling remote code execution through pickle deserialization of cached parser tables, with EPSS 0.91%.

Python RCE Deserialization Ply
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2025-64087 Maven CRITICAL PATCH Act Now

A server-side template injection vulnerability (CWE-1336) with CVSS 9.8 allows remote attackers to execute arbitrary code through crafted template expressions.

RCE Xdocreport
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-22844 CRITICAL Act Now

Zoom Node Multimedia Routers (MMRs) before version 5.2.1716.0 have a CVSS 9.9 command injection vulnerability allowing meeting participants to execute OS commands on the router.

Zoom RCE Command Injection
NVD
CVSS 3.1
9.9
EPSS
0.4%
CVE-2026-1222 HIGH This Week

Remote code execution in BROWAN COMMUNICATIONS PrismX MX100 AP controller allows high-privileged remote attackers to upload arbitrary files and execute web shell backdoors without user interaction. This vulnerability affects administrators with elevated credentials and enables complete compromise of the affected access point. No patch is currently available to remediate this issue.

File Upload RCE
NVD
CVSS 3.1
7.2
EPSS
0.3%
CVE-2026-23950 npm MEDIUM POC PATCH This Month

Symlink poisoning via race condition in node-tar up to version 7.5.3 allows attackers to exploit Unicode normalization on case-insensitive filesystems like macOS APFS, where the path reservation system fails to serialize operations on colliding paths. Public exploit code exists for this vulnerability, enabling concurrent processing that bypasses internal safeguards. Node.js users and applications depending on vulnerable tar versions should update immediately, as attackers can leverage this to manipulate file operations during archive extraction.

Node.js Tar Apple RCE
NVD GitHub VulDB
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-23947 npm CRITICAL PATCH Act Now

Orval, a TypeScript API client generator, has a command injection vulnerability that allows code execution through malicious OpenAPI specifications.

Command Injection RCE Orval
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-23885 Ruby MEDIUM PATCH This Month

Arbitrary code execution in Alchemy CMS before versions 7.4.12 and 8.0.3 stems from unsafe use of Ruby's eval() function on the resource_handler.engine_name parameter in the ResourcesHelper class. An authenticated administrator can manipulate module configurations to inject and execute arbitrary system commands with the privileges of the Ruby process. The vulnerability requires high privileges and careful setup to exploit, but completely bypasses the Ruby sandbox once successful.

Code Injection RCE Alchemy Cms
NVD GitHub
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-23852 CRITICAL POC PATCH Act Now

SiYuan personal knowledge management system prior to 3.5.4 has a stored XSS vulnerability (CVSS 9.6) that allows code execution through crafted knowledge base entries.

RCE XSS Siyuan
NVD GitHub
CVSS 3.1
9.6
EPSS
0.2%
CVE-2025-55251 LOW Monitor

HCL AION is affected by an Unrestricted File Upload vulnerability. This can allow malicious file uploads, potentially resulting in unauthorized code execution or system compromise. [CVSS 3.1 LOW]

File Upload RCE Aion
NVD
CVSS 3.1
3.1
EPSS
0.0%
CVE-2025-52660 LOW Monitor

Aion versions up to 2.0 contains a vulnerability that allows attackers to malicious file uploads, potentially resulting in unauthorized code execution or (CVSS 2.7).

File Upload RCE Aion
NVD
CVSS 3.1
2.7
EPSS
0.1%
CVE-2026-23733 npm MEDIUM This Month

Stored XSS in LobeChat's Mermaid artifact renderer prior to version 2.0.0-next.180 enables attackers to execute arbitrary JavaScript, which can be escalated to remote code execution through the exposed electronAPI IPC bridge to run system commands. This affects users of the open source chat platform running vulnerable versions, requiring local interaction and high privileges to exploit but resulting in full system compromise. No patch is currently available.

RCE XSS AI / ML
NVD GitHub
CVSS 3.1
6.4
EPSS
0.1%
CVE-2026-23744 npm CRITICAL POC PATCH THREAT Act Now

MCPJam Inspector versions 1.4.2 and earlier allow unauthenticated remote code execution through missing authentication in the MCP server debugging platform, with EPSS 17.2% indicating active scanning.

RCE Authentication Bypass AI / ML Inspector
NVD GitHub VulDB Exploit-DB
CVSS 3.1
9.8
EPSS
17.2%
Threat
4.0
EPSS 1% CVSS 9.8
CRITICAL Act Now

ALGO 8180 has a heap-based buffer overflow in InformaCast message processing enabling remote code execution through the emergency notification protocol.

Golang RCE Buffer Overflow +2
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

ALGO 8180 has a stack-based buffer overflow in SIP INVITE Alert-Info header processing, enabling remote code execution through the VoIP protocol.

Golang RCE Buffer Overflow +2
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

ALGO 8180 has a stack-based buffer overflow in SIP INVITE Replaces header processing enabling remote code execution through crafted VoIP calls.

Golang RCE Buffer Overflow +2
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

ALGO 8180 IP Audio Alerter has a command injection in the SAC interface (EPSS 0.68%) allowing remote code execution on the emergency notification device.

Golang RCE Command Injection +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Remote code execution in ALGO 8180 IP Audio Alerter firmware results from insufficient input validation in the SCI module, allowing authenticated attackers to inject arbitrary commands and execute code with device privileges. The vulnerability affects Golang-based implementations and carries a high CVSS score of 8.8, with no patch currently available. Exploitation requires valid credentials but poses significant risk to networked audio alerting infrastructure.

Golang RCE Command Injection +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Remote code execution in ALGO 8180 IP Audio Alerter firmware via command injection in the API interface allows authenticated attackers to execute arbitrary system commands on affected devices due to insufficient input validation. The vulnerability has a high CVSS score of 8.8 and currently lacks a patch. With an EPSS score of 0.8%, exploitation is possible but not yet widely observed in the wild.

Golang RCE Command Injection +1
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Remote code execution in ALGO 8180 IP Audio Alerter firmware via command injection in the web UI allows authenticated attackers to execute arbitrary commands on vulnerable devices due to insufficient input validation. An attacker with valid credentials can inject malicious commands through unsanitized user input to compromise the device and execute code with device privileges. No patch is currently available for this vulnerability.

Golang RCE Command Injection +1
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Remote code execution in ALGO 8180 IP Audio Alerter firmware via command injection in the web UI allows authenticated attackers to execute arbitrary commands on affected devices through insufficient input validation. An attacker with valid credentials can inject malicious commands through unsanitized user input parameters to achieve code execution in the device context. No patch is currently available for this high-severity vulnerability.

Golang RCE Command Injection +1
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Remote code execution in ALGO 8180 IP Audio Alerter devices through command injection in the web management interface allows authenticated attackers to execute arbitrary commands with device privileges. The vulnerability stems from insufficient input validation of user-supplied parameters passed to system calls. A patch is not currently available for this high-severity flaw affecting Golang-based firmware.

Golang RCE Command Injection +1
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Remote code execution in ALGO 8180 IP Audio Alerter firmware via command injection in the web UI allows authenticated attackers to execute arbitrary commands on affected devices due to insufficient input validation. An attacker with valid credentials can exploit this vulnerability to achieve code execution in the device context. No patch is currently available for this high-severity vulnerability (CVSS 8.8).

Golang RCE Command Injection +1
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Remote code execution in ALGO 8180 IP Audio Alerter firmware through command injection in the web UI allows authenticated attackers to execute arbitrary commands on affected devices due to insufficient input validation. The vulnerability requires valid credentials to exploit but enables complete device compromise once authenticated. No patch is currently available for this high-severity flaw affecting the Golang-based firmware.

Golang RCE Command Injection +1
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Remote code execution in ALGO 8180 IP Audio Alerter firmware via command injection in the web interface allows authenticated attackers to execute arbitrary code on affected devices through insufficient input validation. The vulnerability requires valid credentials but no user interaction to exploit, presenting significant risk to networked audio alerting systems. No patch is currently available.

Golang RCE Command Injection +1
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Unauthenticated remote code execution in Enel X JuiceBox 40 charging stations via an exposed Telnet service on TCP port 2000 allows network-adjacent attackers to execute arbitrary commands without credentials. The vulnerability affects all installations of the JuiceBox 40 and runs with service account privileges, enabling full system compromise. No patch is currently available.

RCE
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

npm cli contains an insecure module loading mechanism that enables local privilege escalation on Node.js installations. An attacker with low-privileged code execution can exploit this flaw to gain elevated privileges and execute arbitrary code with target user permissions. No patch is currently available for this vulnerability.

Node.js Privilege Escalation RCE
NVD VulDB
EPSS 0% CVSS 8.8
HIGH This Week

WatchYourLAN's configuration page is vulnerable to argument injection through improper validation of the arpstrs parameter, enabling unauthenticated network-adjacent attackers to execute arbitrary code with service account privileges. The vulnerability stems from insufficient input sanitization before system command execution and currently lacks an available patch. An attacker on the same network can exploit this without authentication to achieve complete system compromise.

RCE
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Upsonic has an insecure deserialization via cloudpickle (EPSS 1.3%) enabling remote code execution through crafted serialized AI agent data.

RCE Deserialization AI / ML
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Remote code execution in Langflow's disk cache service allows authenticated attackers to execute arbitrary code by exploiting improper deserialization of untrusted data. The vulnerability affects Langflow installations and requires valid authentication credentials to exploit, enabling attackers to gain code execution within the service account context. No patch is currently available.

RCE Deserialization AI / ML +1
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Langflow's PythonFunction component allows authenticated attackers with user interaction to inject and execute arbitrary Python code within application workflows, achieving remote code execution. The vulnerability affects Langflow deployments using Python-based AI/ML components, with exploitation feasibility depending on specific product configurations. No patch is currently available.

Python RCE Code Injection +2
NVD
EPSS 10% CVSS 9.8
CRITICAL POC THREAT Emergency

Langflow has a third RCE vulnerability via exec_globals (EPSS 10.0%) allowing inclusion of untrusted code that executes in the application's global scope.

RCE AI / ML Langflow
NVD Exploit-DB VulDB
EPSS 2% CVSS 9.8
CRITICAL Act Now

Langflow has an eval injection in eval_custom_component_code (EPSS 2.0%) enabling remote code execution through crafted custom component definitions.

Python RCE AI / ML +1
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

Langflow has a code injection vulnerability in the code component (EPSS 2.6%) enabling remote code execution through the visual AI workflow builder.

Python RCE Code Injection +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Remote code execution in Open WebUI through the load_tool_module_by_id function allows authenticated attackers to execute arbitrary Python code due to insufficient input validation on user-supplied strings. An attacker with valid credentials can leverage this vulnerability to achieve code execution with service account privileges. No patch is currently available, making this a critical risk for deployed Open WebUI instances.

Python RCE Command Injection +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Remote code execution in Open WebUI's install_frontmatter_requirements function allows authenticated attackers to execute arbitrary commands on the host system by bypassing input validation in system call parameters. The vulnerability affects AI/ML deployments using Open WebUI and requires valid authentication credentials to exploit. No patch is currently available.

RCE Command Injection AI / ML +1
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

GPT Academic has a second insecure deserialization vulnerability in the upload function (EPSS 1.5%) allowing remote code execution through crafted file uploads.

RCE Deserialization AI / ML +1
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

GPT Academic has an insecure deserialization in run_in_subprocess_wrapper_func (EPSS 1.7%) enabling remote code execution through crafted subprocess data.

RCE Deserialization AI / ML +1
NVD
EPSS 0% CVSS 8.1
HIGH This Week

Remote code execution in GPT Academic's stream_daas function results from improper deserialization of untrusted data when communicating with external servers, allowing unauthenticated attackers to execute arbitrary code with root privileges. The vulnerability requires interaction with a malicious DAAS server and currently has no available patch. Organizations using GPT Academic should implement network controls to restrict connections to untrusted DAAS services until patching is available.

RCE Deserialization AI / ML +1
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

MetaGPT has a code injection vulnerability in actionoutput_str_to_mapping (EPSS 2.6%) allowing remote attackers to execute arbitrary code through crafted AI agent output processing.

Python RCE Code Injection +2
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

MetaGPT by Foundation Agents has an insecure deserialization in deserialize_message (EPSS 1.7%) enabling remote code execution through crafted serialized data in AI agent communications.

RCE Deserialization AI / ML +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Katana Network Development Starter Kit has a command injection in executeCommand enabling remote code execution through the development framework.

RCE Command Injection AI / ML
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

github-kanban-mcp-server has a command injection in execAsync (EPSS 1.0%) enabling remote code execution on developer machines using the GitHub Kanban MCP integration.

Github RCE Command Injection +1
NVD
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

gemini-mcp-tool has a command injection in execAsync allowing remote code execution on systems using the Gemini AI MCP integration.

RCE Command Injection AI / ML
NVD GitHub VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Anritsu VectorStar CHX File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Anritsu VectorStar. [CVSS 7.8 HIGH]

RCE Deserialization Vectorstar
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Anritsu VectorStar CHX File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Anritsu VectorStar. [CVSS 7.8 HIGH]

RCE Deserialization Vectorstar
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Anritsu ShockLine SCPI Race Condition Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Anritsu ShockLine. [CVSS 7.5 HIGH]

RCE Race Condition Shockline
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Anritsu ShockLine CHX File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Anritsu ShockLine. [CVSS 7.8 HIGH]

RCE Deserialization Shockline
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Ollama MCP Server has a command injection vulnerability in execAsync (EPSS 1.0%) allowing remote attackers to execute arbitrary commands on systems running the Ollama AI integration.

RCE Command Injection AI / ML +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Trimble SketchUp SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations ...

RCE Use After Free
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Framelink Figma MCP Server has a command injection vulnerability in fetchWithRetry (EPSS 1.4%) enabling remote code execution on developer machines using the MCP integration.

RCE Command Injection AI / ML
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. [CVSS 7.8 HIGH]

RCE Buffer Overflow Heap Overflow +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. [CVSS 7.8 HIGH]

RCE Path Traversal 7 Zip +1
NVD
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Stored cross-site scripting in the Autodesk Fusion desktop application allows a malicious actor to embed an HTML payload in a component's description that, when clicked by another user, can read local files or execute arbitrary code in the context of the Fusion process. The vulnerability requires user interaction but no authentication on the victim side, and Autodesk has released a patch via security advisory ADSK-SA-2026-0001. No public exploit identified at time of analysis and EPSS exploitation probability is very low at 0.02%.

XSS RCE Fusion
NVD VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Stored cross-site scripting in the Autodesk Fusion desktop application allows remote attackers to embed malicious HTML in a part's attribute that, when clicked by a victim, executes script in the application context. Because Fusion is a desktop Electron-style client rather than a sandboxed browser, successful exploitation can escalate to local file read or arbitrary code execution in the user's process. No public exploit identified at time of analysis, and EPSS exploitation probability is very low (0.02%, 4th percentile).

XSS RCE Fusion
NVD VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Stored cross-site scripting in the Autodesk Fusion desktop application allows remote attackers to embed a malicious HTML payload in a design name that executes when a user opens the delete confirmation dialog and clicks the rendered content. Successful exploitation can lead to local file disclosure or arbitrary code execution in the context of the Fusion process. No public exploit identified at time of analysis, and EPSS exploitation probability is low (0.04%, 11th percentile).

XSS RCE Fusion
NVD VulDB
EPSS 0% CVSS 9.9
CRITICAL Act Now

Miion WordPress theme by zozothemes has an unrestricted file upload vulnerability allowing unauthenticated web shell deployment and server compromise.

WordPress PHP RCE
NVD
EPSS 0% CVSS 9.9
CRITICAL Act Now

Blogzee WordPress theme by blazethemes has an unrestricted file upload vulnerability — the fourth blazethemes product affected by the same shared vulnerable upload component.

WordPress PHP RCE
NVD
EPSS 0% CVSS 9.9
CRITICAL Act Now

Blogistic WordPress theme by blazethemes has an unrestricted file upload vulnerability enabling attackers to deploy web shells for persistent server access.

WordPress PHP RCE
NVD
EPSS 0% CVSS 9.0
CRITICAL Act Now

Event Tickets with Ticket Scanner WordPress plugin has a code injection vulnerability allowing remote code execution through the event management system.

Code Injection RCE
NVD
EPSS 0% CVSS 9.9
CRITICAL Act Now

Real Homes CRM WordPress plugin has an unrestricted file upload allowing web shell deployment for persistent remote code execution.

WordPress PHP RCE
NVD
EPSS 0% CVSS 9.1
CRITICAL Act Now

Nelio AB Testing WordPress plugin has a code injection vulnerability allowing attackers to execute arbitrary code through the A/B testing functionality.

Code Injection RCE
NVD
EPSS 0% CVSS 9.9
CRITICAL Act Now

News Event WordPress theme by blazethemes has an unrestricted file upload allowing web shell deployment and remote code execution.

WordPress PHP RCE
NVD
EPSS 0% CVSS 9.9
CRITICAL Act Now

Blogmatic WordPress theme by blazethemes has an unrestricted file upload vulnerability allowing attackers to upload web shells for persistent server access.

WordPress PHP RCE
NVD
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Remote code execution in Docling Core versions 2.21.0 through 2.48.3 allows unauthenticated attackers to execute arbitrary code when applications deserialize untrusted YAML data using the `DoclingDocument.load_from_yaml()` method with vulnerable PyYAML versions. The vulnerability stems from unsafe deserialization practices (CWE-502) and affects document processing systems using affected library versions. No patch is currently available; mitigation requires upgrading to version 2.48.4 or ensuring PyYAML 5.4+ is installed.

RCE Deserialization Docling Core
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Tenda AX3 firmware has another stack-based buffer overflow in formGetIptv through a different input path, enabling remote code execution.

RCE Buffer Overflow Stack Overflow +3
NVD
EPSS 1% CVSS 7.2
HIGH This Week

Quick.Cart is vulnerable to Local File Inclusion and Path Traversal issues in the theme selection mechanism. Quick.Cart allows a privileged user to upload arbitrary file contents while only validating the filename extension. [CVSS 7.2 HIGH]

PHP RCE LFI +2
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

HAMASTAR MeetingHub has an arbitrary file upload vulnerability allowing unauthenticated remote attackers to upload web shells and achieve full server compromise.

File Upload RCE Meetinghub Paperless Meetings
NVD
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

Malicious wheel files can modify file permissions on critical system files during extraction in Python wheel versions 0.40.0-0.46.1, enabling attackers to alter SSH keys, configuration files, or executable scripts. This path traversal and permission manipulation flaw affects systems unpacking untrusted wheels and can lead to privilege escalation or arbitrary code execution. Public exploit code exists for this vulnerability, though a patch is available in version 0.46.2.

Python Privilege Escalation Wheel +2
NVD GitHub VulDB
EPSS 0% CVSS 7.6
HIGH This Week

HTML injection in Project Release in Altium Enterprise Server (AES) 7.0.3 on all platforms allows an authenticated attacker to execute arbitrary JavaScript in the victim’s browser via crafted HTML content. [CVSS 7.6 HIGH]

RCE XSS On Prem Enterprise Server
NVD
EPSS 0% CVSS 6.8
MEDIUM POC PATCH This Month

Remote code execution in Tendenci CMS versions 15.3.11 and below allows authenticated staff users to execute arbitrary code through unsafe pickle deserialization in the Helpdesk module's reporting function. The vulnerability stems from incomplete patching of CVE-2020-14942, where the run_report() function continues to use unsafe pickle.loads() despite the ticket_list() function being corrected. Public exploit code exists for this issue, though impact is limited to the privileges of the application's runtime user.

Python RCE Deserialization +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Laravel Reverb WebSocket server versions 1.6.3 and below have an insecure deserialization vulnerability enabling remote code execution on the backend server.

Redis Laravel RCE +2
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

CVAT is an open source interactive video and image annotation tool for computer vision. [CVSS 5.4 MEDIUM]

RCE AI / ML Computer Vision Annotation Tool
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Remote code execution in vLLM 0.10.1 through 0.13.x lets an attacker who controls the model repository or path run arbitrary Python on the inference host: vLLM auto-loads Hugging Face `auto_map` dynamic modules during model resolution without honoring the `trust_remote_code` safety gate, so attacker-supplied code executes at server startup before any request is processed and without API access. The flaw carries a CVSS 9.8 and is fixed in 0.14.0, with Red Hat shipping multiple RHSA errata; however EPSS is only 0.06% (17th percentile) and there is no public exploit identified at time of analysis, so exploitation hinges on an attacker first influencing which model is loaded. This is a code-injection (CWE-94) trust-boundary bypass rather than a remotely reachable network service bug despite the AV:N rating.

Python Vllm Code Injection +1
NVD GitHub VulDB
EPSS 0% CVSS 9.6
CRITICAL POC Act Now

5ire MCP client prior to version 0.10.0 has a code injection vulnerability through MCP tool responses that enables arbitrary code execution on the user's desktop.

RCE 5ire
NVD GitHub
EPSS 0%
This Week

ArduinoCore-avr contains the source code and configuration files of the Arduino AVR Boards platform. A vulnerability in versions prior to 1.8.7 allows an attacker to trigger a stack-based buffer overflow when converting floating-point values to strings with high precision. By passing very large `decimalPlaces` values to the affected String constructors or concat methods, the `dtostrf` function writes beyond fixed-size stack buffers, causing memory corruption and denial of service. Under speci...

Github Buffer Overflow Stack Overflow +3
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Tenda AX3 firmware has a third stack-based buffer overflow in formGetIptv, allowing unauthenticated remote code execution through the router's web interface.

RCE Buffer Overflow Stack Overflow +3
NVD
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Tenda AX3 firmware has a second stack overflow in formSetIptv via the vlanId parameter, allowing remote code execution through the IPTV configuration endpoint.

RCE Stack Overflow Memory Corruption +2
NVD
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Tenda AX3 firmware v16.03.12.11 has a stack overflow in formSetIptv via the list parameter, enabling remote attackers to crash the router or execute arbitrary code.

RCE Stack Overflow Memory Corruption +2
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

OkiJaSvc service contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).

RCE
NVD Exploit-DB
EPSS 0% CVSS 7.8
HIGH POC This Week

PingzapperSvc service contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).

RCE
NVD Exploit-DB
EPSS 0% CVSS 7.8
HIGH POC This Week

OKI Local Port Manager service contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).

RCE
NVD Exploit-DB
EPSS 0% CVSS 7.8
HIGH POC This Week

BRA_Scheduler service contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).

RCE
NVD Exploit-DB
EPSS 0% CVSS 7.8
HIGH POC This Week

Event Log Explorer 4.9.3 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. [CVSS 7.8 HIGH]

RCE
NVD Exploit-DB
EPSS 0% CVSS 7.8
HIGH POC This Week

ac.sharedstore service contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).

RCE
NVD Exploit-DB
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Mini Mouse 9.2.0 remote control application has an RCE vulnerability allowing attackers to execute arbitrary OS commands through the remote control protocol.

RCE Mini Mouse
NVD Exploit-DB
EPSS 0% CVSS 6.5
MEDIUM POC This Month

GetSimple CMS My SMTP Contact Plugin 1.1.1 contains a cross-site request forgery (CSRF) vulnerability. Attackers can craft a malicious webpage that, when visited by an authenticated administrator, can change SMTP configuration settings in the plugin. [CVSS 6.5 MEDIUM]

RCE CSRF Getsimplecms
NVD GitHub Exploit-DB
EPSS 1% CVSS 7.2
HIGH POC This Week

GetSimple CMS My SMTP Contact Plugin 1.1.2 contains a PHP code injection vulnerability. An authenticated administrator can inject arbitrary PHP code through plugin configuration parameters, leading to remote code execution on the server. [CVSS 7.2 HIGH]

PHP RCE Code Injection +1
NVD GitHub Exploit-DB
EPSS 0% CVSS 8.8
HIGH POC This Week

OpenPLC v3 contains an authenticated remote code execution vulnerability that allows attackers with valid credentials to inject malicious code through the hardware configuration interface. [CVSS 8.8 HIGH]

RCE
NVD GitHub Exploit-DB
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Hasura GraphQL 1.3.3 has a remote code execution vulnerability allowing attackers to execute arbitrary shell commands through the GraphQL endpoint.

PostgreSQL RCE Graphql Engine
NVD GitHub Exploit-DB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

A flaw in Node.js's buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using the `vm` module with the timeout option. [CVSS 7.1 HIGH]

Node.js RCE Buffer Overflow
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

PLY (Python Lex-Yacc) library 3.11 has an unsafe feature enabling remote code execution through pickle deserialization of cached parser tables, with EPSS 0.91%.

Python RCE Deserialization +1
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

A server-side template injection vulnerability (CWE-1336) with CVSS 9.8 allows remote attackers to execute arbitrary code through crafted template expressions.

RCE Xdocreport
NVD GitHub
EPSS 0% CVSS 9.9
CRITICAL Act Now

Zoom Node Multimedia Routers (MMRs) before version 5.2.1716.0 have a CVSS 9.9 command injection vulnerability allowing meeting participants to execute OS commands on the router.

Zoom RCE Command Injection
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Remote code execution in BROWAN COMMUNICATIONS PrismX MX100 AP controller allows high-privileged remote attackers to upload arbitrary files and execute web shell backdoors without user interaction. This vulnerability affects administrators with elevated credentials and enables complete compromise of the affected access point. No patch is currently available to remediate this issue.

File Upload RCE
NVD
EPSS 0% CVSS 5.9
MEDIUM POC PATCH This Month

Symlink poisoning via race condition in node-tar up to version 7.5.3 allows attackers to exploit Unicode normalization on case-insensitive filesystems like macOS APFS, where the path reservation system fails to serialize operations on colliding paths. Public exploit code exists for this vulnerability, enabling concurrent processing that bypasses internal safeguards. Node.js users and applications depending on vulnerable tar versions should update immediately, as attackers can leverage this to manipulate file operations during archive extraction.

Node.js Tar Apple +1
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Orval, a TypeScript API client generator, has a command injection vulnerability that allows code execution through malicious OpenAPI specifications.

Command Injection RCE Orval
NVD GitHub
EPSS 0% CVSS 6.4
MEDIUM PATCH This Month

Arbitrary code execution in Alchemy CMS before versions 7.4.12 and 8.0.3 stems from unsafe use of Ruby's eval() function on the resource_handler.engine_name parameter in the ResourcesHelper class. An authenticated administrator can manipulate module configurations to inject and execute arbitrary system commands with the privileges of the Ruby process. The vulnerability requires high privileges and careful setup to exploit, but completely bypasses the Ruby sandbox once successful.

Code Injection RCE Alchemy Cms
NVD GitHub
EPSS 0% CVSS 9.6
CRITICAL POC PATCH Act Now

SiYuan personal knowledge management system prior to 3.5.4 has a stored XSS vulnerability (CVSS 9.6) that allows code execution through crafted knowledge base entries.

RCE XSS Siyuan
NVD GitHub
EPSS 0% CVSS 3.1
LOW Monitor

HCL AION is affected by an Unrestricted File Upload vulnerability. This can allow malicious file uploads, potentially resulting in unauthorized code execution or system compromise. [CVSS 3.1 LOW]

File Upload RCE Aion
NVD
EPSS 0% CVSS 2.7
LOW Monitor

Aion versions up to 2.0 contains a vulnerability that allows attackers to malicious file uploads, potentially resulting in unauthorized code execution or (CVSS 2.7).

File Upload RCE Aion
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

Stored XSS in LobeChat's Mermaid artifact renderer prior to version 2.0.0-next.180 enables attackers to execute arbitrary JavaScript, which can be escalated to remote code execution through the exposed electronAPI IPC bridge to run system commands. This affects users of the open source chat platform running vulnerable versions, requiring local interaction and high privileges to exploit but resulting in full system compromise. No patch is currently available.

RCE XSS AI / ML
NVD GitHub
EPSS 17% 4.0 CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

MCPJam Inspector versions 1.4.2 and earlier allow unauthenticated remote code execution through missing authentication in the MCP server debugging platform, with EPSS 17.2% indicating active scanning.

RCE Authentication Bypass AI / ML +1
NVD GitHub VulDB Exploit-DB
Prev Page 40 of 355 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy