Skip to main content

RCE

31868 CVEs technique

Monthly

CVE-2026-9785 HIGH This Week

Remote code execution in Quest NetVault Backup arises from a SQL injection flaw in the handling of NVBULibrarySlot JSON-RPC messages, where a user-supplied string is concatenated into a SQL query without validation. Although the JSON-RPC interface nominally requires authentication, ZDI notes the existing authentication mechanism can be bypassed, so a remote attacker can reach the vulnerable code path and execute arbitrary code in the context of the NETWORK SERVICE account. No public exploit has been identified at time of analysis and the issue is not listed in CISA KEV; EPSS data was not provided.

SQLi RCE Netvault Backup
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2026-9784 HIGH This Week

SQL injection in Quest NetVault Backup's NVBULibraryPort JSON-RPC handler allows remote attackers to execute arbitrary code as NETWORK SERVICE on affected installations. While exploitation nominally requires authentication (CVSS PR:L), the ZDI advisory states the existing authentication mechanism can be bypassed, effectively lowering the barrier to remote attackers. There is no public exploit identified at time of analysis and no CISA KEV listing, but the issue was coordinated through Trend Micro's Zero Day Initiative (ZDI-CAN-27631 / ZDI-26-373) and carries a CVSS 3.0 base score of 8.8.

SQLi RCE Netvault Backup
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2026-9783 HIGH This Week

SQL injection leading to remote code execution affects Quest NetVault Backup, where the NVBURemovableMedia component fails to validate a user-supplied string before constructing SQL queries. Although authentication is nominally required, ZDI notes the existing authentication mechanism can be bypassed, effectively lowering the barrier to network-based attackers who can then execute code in the context of the NETWORK SERVICE account. No public exploit identified at time of analysis; the issue was reported privately by Trend Micro's Zero Day Initiative (ZDI-CAN-27632 / ZDI-26-372).

SQLi RCE Netvault Backup
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2026-9782 HIGH This Week

Remote code execution in Quest NetVault Backup arises from SQL injection in the NVBUDeviceDrive JSON-RPC message handler, where a user-supplied string is concatenated into a SQL query without validation (CWE-89). Although the product requires authentication, the existing authentication mechanism can be bypassed, so remote attackers can reach the flaw and execute arbitrary code in the context of the NETWORK SERVICE account. Discovered and reported through Trend Micro's Zero Day Initiative (ZDI-26-371, formerly ZDI-CAN-27633); no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

SQLi RCE Netvault Backup
NVD VulDB
CVSS 3.0
8.8
EPSS
0.7%
CVE-2026-9781 HIGH This Week

Remote code execution in Quest NetVault Backup arises from SQL injection in the NVBURASDevice JSON-RPC message handler, where attacker-controlled input is concatenated into SQL queries. Although authentication is nominally required, ZDI notes the existing authentication mechanism can be bypassed, so attackers can reach the vulnerable endpoint and execute code in the NETWORK SERVICE context. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV; it was reported privately via Trend Micro's Zero Day Initiative (ZDI-26-370 / ZDI-CAN-27648).

SQLi RCE Netvault Backup
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2026-9780 HIGH This Week

Authentication bypass via cross-site scripting in Quest NetVault Backup's addclient3 webpage allows remote attackers to inject arbitrary script that executes in a victim's authenticated session, bypassing access controls. Disclosed through Trend Micro's Zero Day Initiative (ZDI-26-369, formerly ZDI-CAN-27666), the flaw requires user interaction - the target must visit a malicious page or open a malicious file - and can be chained with other weaknesses to achieve code execution in the SYSTEM context. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV, though the high CVSS of 8.8 reflects the serious downstream RCE potential.

Authentication Bypass XSS RCE Netvault Backup
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2026-7570 HIGH This Week

SQL injection leading to remote code execution in Quest NetVault Backup allows attackers to run arbitrary code as the NETWORK SERVICE account by sending crafted JSON-RPC messages to the NVBUDashboard component. While the JSON-RPC interface nominally requires authentication, ZDI reports the existing authentication mechanism can be bypassed, effectively lowering the access barrier. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV, but it was responsibly disclosed through Trend Micro's Zero Day Initiative (ZDI-26-368, formerly ZDI-CAN-27809).

SQLi RCE Netvault Backup
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2026-7569 HIGH This Week

Authentication bypass via cross-site scripting in the Quest NetVault Backup viewclient web interface lets remote attackers inject arbitrary script that, when a victim visits a malicious page or opens a malicious file, runs in the application context and circumvents authentication. Disclosed through Trend Micro's Zero Day Initiative (ZDI-26-377, ZDI-CAN-28202), the flaw can be chained with additional vulnerabilities to achieve code execution as SYSTEM. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the CVSS 8.8 rating reflects the high impact of the auth-bypass-plus-RCE chain.

Authentication Bypass XSS RCE Netvault Backup
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2026-2050 HIGH This Week

Arbitrary code execution in GIMP results from a heap-based buffer overflow in the HDR file parser, where attacker-controlled length data is copied into an undersized heap buffer without bounds validation. Any user who opens a maliciously crafted HDR image (or visits a page that delivers one) can be exploited, with code running in the context of the GIMP process. There is no public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Heap Overflow Buffer Overflow RCE Gimp
NVD VulDB
CVSS 3.1
7.8
EPSS
0.5%
CVE-2026-9779 HIGH This Week

Authenticated remote code execution in ATEN Unizon stems from a broken cryptographic signature check in the updateWar method (reachable via doCryptoHugeFileToFile), letting a high-privileged remote attacker push a forged WAR update and run arbitrary code as SYSTEM. The flaw (CWE-347) was reported by Trend Micro ZDI as ZDI-CAN-28590 and carries a CVSS 3.0 base score of 7.2; no public exploit identified at time of analysis.

Jwt Attack RCE Unizon
NVD
CVSS 3.0
7.2
EPSS
0.4%
CVE-2026-9778 HIGH This Week

Authenticated remote code execution in ATEN Unizon arises from a directory traversal flaw in the ImportDeviceList method, where a user-supplied file path is used in file operations without proper validation. A high-privileged remote attacker can traverse outside intended directories to write or manipulate files and ultimately execute arbitrary code in the SYSTEM context, fully compromising the host. Discovered and reported via the Zero Day Initiative (ZDI-26-382 / ZDI-CAN-28579); no public exploit identified at time of analysis and it is not listed in CISA KEV.

Path Traversal RCE Unizon
NVD
CVSS 3.0
7.2
EPSS
1.5%
CVE-2026-9777 HIGH This Week

Authenticated remote code execution in ATEN Unizon arises from a directory traversal flaw in the restoreDB method, where a user-supplied path is used in file operations without validation, letting a high-privileged attacker write or restore files outside the intended directory and run code as SYSTEM. The flaw was reported through Trend Micro's Zero Day Initiative (ZDI-CAN-28578 / ZDI-26-381) and carries a CVSS 3.0 base score of 7.2 (PR:H). There is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Path Traversal RCE Unizon
NVD
CVSS 3.0
7.2
EPSS
1.5%
CVE-2026-10043 HIGH PATCH This Week

Arbitrary code execution in MosaicML Composer arises when the library loads a model or resumption checkpoint, because checkpoint parsing deserializes attacker-controlled pickle data without validation (CWE-502). A user who loads a maliciously crafted checkpoint (.pt) file - for example one downloaded from a model hub or shared by a collaborator - runs arbitrary Python code in the context of the training process. Reported through ZDI (ZDI-26-384, ZDI-CAN-27990); no public exploit identified at time of analysis and the issue is not listed in CISA KEV, but an upstream source fix is available.

Deserialization RCE Composer
NVD GitHub
CVSS 3.0
7.8
EPSS
0.3%
CVE-2026-9773 HIGH This Week

Remote authenticated command injection in Unraid's web management server allows attackers to execute arbitrary OS commands as the www-data user by abusing unsanitized input in ToggleState.php. Any user with low-privilege authenticated web access can chain this CWE-78 flaw into full code execution on the underlying NAS host. Discovered and reported through ZDI (ZDI-CAN-30134 / ZDI-26-386); no public exploit identified at time of analysis and no CISA KEV listing.

Command Injection RCE PHP Unraid
NVD
CVSS 3.0
8.8
EPSS
1.1%
CVE-2026-9772 HIGH This Week

Authenticated remote code execution in Unraid stems from OS command injection in the web server's FileUpload.php, where a user-supplied string is passed to a system call without validation, letting any logged-in attacker run arbitrary commands as the www-data user. Tracked as ZDI-CAN-30116 and disclosed via the Zero Day Initiative, it carries a CVSS 8.8 rating; no public exploit identified at time of analysis, and it is not listed in CISA KEV.

Command Injection RCE PHP Unraid
NVD
CVSS 3.0
8.8
EPSS
1.1%
CVE-2026-50551 Go CRITICAL PATCH GHSA Act Now

Stored cross-site scripting in SiYuan's Attribute View (database) asset cell renderer escalates to remote code execution on the Electron desktop client for all versions prior to 3.7.0. An attacker who can persist crafted content into a database asset cell has malicious JavaScript executed in the privileged Electron context, breaking out to the host operating system; the issue carries a 9.9 CVSS and is fixed in 3.7.0. No public exploit identified at time of analysis, and the flaw is not listed in CISA KEV.

XSS RCE Siyuan
NVD GitHub
CVSS 3.1
9.9
EPSS
0.4%
CVE-2026-45689 CRITICAL PATCH Act Now

OAuth token theft in Rocket.Chat allows an unauthenticated remote attacker to mint a valid bearer access token for any user — including administrators — by POSTing MongoDB query operators to the /oauth/token endpoint. Because grant parameters are passed to findOne() without type validation, substituting {"$ne": null} for client_id, client_secret, and refresh_token returns a live token bound to whatever user Mongo matches first; iterating with $nin/$regex walks the entire token collection. No public exploit identified at time of analysis, but exploitation is trivial and capturing an admin token yields full /api/v1/* control and Apps-Engine app installation (server-side code execution). Fixed in the 8.5.0/8.4.1/8.3.3/8.2.3/8.1.4/8.0.5/7.13.7/7.10.11 release line.

Nosql Injection RCE
NVD GitHub
CVSS 3.1
9.1
EPSS
0.3%
CVE-2026-7539 HIGH PATCH This Week

Local privilege escalation and arbitrary code execution in the HP Accessory WMI Provider installer bundled with certain HP Docking Stations allows a low-privileged local user to gain elevated (likely SYSTEM) execution. The root cause is insecure temporary-file/directory permissions used during installation (CWE-379), which an attacker can abuse to introduce or replace executable content that a privileged installer process runs. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV; HP has published advisory hpsbhf04129 and is releasing software updates.

HP Privilege Escalation RCE Hp Dock Accessory
NVD
CVSS 4.0
7.3
EPSS
0.1%
CVE-2026-13037 HIGH PATCH This Week

Arbitrary code execution within the renderer sandbox affects Google Chrome on Android before 149.0.7827.197 via a use-after-free defect in the WebView component, reachable when a victim renders a crafted HTML page. The flaw lets an attacker corrupt freed memory in the rendering process to gain code execution confined to the sandbox; CVSS is 7.8 (High) and Chromium rates it High severity. There is no public exploit identified at time of analysis, and CISA SSVC marks exploitation status as none, but a vendor patch is already available.

Memory Corruption Google Denial Of Service Use After Free RCE
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-13036 HIGH PATCH This Week

Remote code execution in Google Chrome's Blink rendering engine (versions prior to 149.0.7827.197) allows a remote attacker to run arbitrary code within the renderer sandbox by luring a victim to a crafted HTML page. The flaw is a use-after-free (CWE-416) rated High by Chromium with a CVSS of 8.8; it requires user interaction (visiting a malicious page) but no authentication. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, with the CISA SSVC framework recording exploitation status as none.

Memory Corruption Google Denial Of Service Use After Free RCE
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-13035 HIGH PATCH This Week

Remote code execution in Google Chrome for macOS prior to 149.0.7827.197 stems from a use-after-free in the browser's Bluetooth subsystem, letting a malicious Bluetooth peripheral corrupt memory and execute arbitrary code in the browser process. The flaw is rated High severity by Chromium with a CVSS 8.8, requires user interaction (UI:R) but no privileges, and currently has no public exploit identified at time of analysis; CISA SSVC marks exploitation status as none.

Memory Corruption Google Denial Of Service Use After Free RCE
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-13031 HIGH PATCH This Week

Remote code execution in Google Chrome's Blink rendering engine (versions prior to 149.0.7827.197) allows a remote attacker to run arbitrary code within the renderer sandbox when a victim visits a crafted HTML page. The flaw is a use-after-free (CWE-416) rated High by Chromium with a CVSS 8.8; no public exploit identified at time of analysis and it is not listed in CISA KEV, though Chrome browser bugs of this class are historically high-value targets. Exploitation requires user interaction (loading a malicious page) but no authentication.

Memory Corruption Google Denial Of Service Use After Free RCE +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-13038 HIGH PATCH This Week

Remote code execution in Google Chrome on Windows prior to 149.0.7827.197 stems from a use-after-free condition in the Autofill component, letting a remote attacker run arbitrary code in the renderer when a victim opens a malicious web page. Chromium rates the flaw Critical and CVSS 8.8 reflects high impact across confidentiality, integrity, and availability, tempered by the requirement that the user load attacker-controlled content. There is no public exploit identified at time of analysis, and SSVC records exploitation status as none, but the 'total' technical impact makes prompt patching important.

Memory Corruption Google Microsoft Denial Of Service Use After Free +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-13033 HIGH PATCH This Week

Remote code execution in Google Chrome's Blink rendering engine (InterestGroups component, part of the Privacy Sandbox/Protected Audience ad-auction API) affects all desktop versions prior to 149.0.7827.197. A crafted HTML page triggers an out-of-bounds read and write that a remote attacker can leverage to execute arbitrary code in the renderer; Chromium rates this Critical and assigns CVSS 8.8. There is no public exploit identified at time of analysis, but a vendor patch is already available, making prompt updating the priority.

Google RCE Buffer Overflow Information Disclosure Red Hat
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-53541 Go MEDIUM POC PATCH GHSA This Month

Unvalidated `ot_`-prefixed argument injection in OliveTin allows any authenticated user with action-trigger access to bypass input filtering, inject arbitrary environment variables into action execution contexts, and pollute Go template rendering data. All OliveTin versions prior to commit `ebffd9f040f7` (Go pseudo-version `< 0.0.0-20260531214440-ebffd9f040f7`) are affected. While direct standalone RCE is not confirmed, a public proof-of-concept exists in GHSA-prj9-97mp-mwh2 and secondary command injection is achievable wherever triggered action scripts consume `OT_`-prefixed environment variables in shell-unsafe ways.

RCE
NVD GitHub
CVSS 3.1
4.3
CVE-2026-45051 Maven CRITICAL PATCH GHSA Act Now

Arbitrary code execution affects the WebAuthn authentication module of Open Identity Platform OpenAM Community Edition through 16.0.6, where untrusted Java deserialization (CWE-502) of a user-controllable storage attribute lets an attacker run code as the application server user. The vendor advisory (GHSA-6c99-87fr-6q7r) characterizes this as a pre-authentication RCE, but it is reachable only in non-default deployments where the WebAuthn storage/userAttribute has become attacker-writable. No public exploit has been identified at time of analysis, and the issue is fixed in 16.1.1.

Deserialization RCE
NVD GitHub
CVE-2026-56121 CRITICAL POC PATCH Act Now

Remote code execution in Feast (the open-source ML feature store) before 0.63.0 lets remote attackers run OS commands as the feast service account by sending a crafted ApplyFeatureView gRPC request to the registry server. The registry base64-decodes the user_defined_function.body field of an OnDemandFeatureView and passes it to dill.loads() before any authorization check, so no credentials are required. A publicly available exploit code exists (reported by VulnCheck via huntr) and a vendor patch is available, though the flaw is not listed in CISA KEV.

Deserialization Python RCE Feast
NVD GitHub
CVSS 4.0
9.3
EPSS
0.8%
CVE-2026-12986 HIGH PATCH This Week

Full unauthenticated administrative takeover of Payara Server Full (4.x through 7.2026.x, including 6.2024.x and 6.2025.x) is achievable by chaining a Server-Side Request Forgery in the Admin GUI's DownloadServlet with the absence of CSRF protection (CWE-352). An attacker who lures a logged-in administrator into a crafted request exfiltrates the admin REST session token (gfresttoken) to an attacker-controlled host, then replays it for full domain control and arbitrary code execution via WAR deployment. The CVSS 4.0 vector carries E:P (proof-of-concept maturity), so publicly available exploit code exists; there is no CISA KEV listing and no EPSS score in the provided data.

CSRF SSRF RCE Payara Server
NVD
CVSS 4.0
7.3
EPSS
0.2%
CVE-2026-12537 npm CRITICAL PATCH Act Now

Pre-sandbox host-level code execution in Google Gemini CLI (versions prior to 0.39.1) and the run-gemini-cli GitHub Action (prior to 0.1.22) allows an unprivileged attacker to run arbitrary commands on CI/CD runner hosts by planting a malicious .gemini/.env file in an untrusted workspace. In headless mode the tool automatically trusted workspace folders and loaded their environment variables before sandboxing, so a workflow that processes attacker-controlled content (for example reviewing a submitted pull request) would execute attacker-supplied commands on the host. No public exploit has been identified at time of analysis, but Google rates this CVSS 4.0 10.0 and a vendor advisory (GHSA-wpqr-6v78-jr5g) with fixed releases is available.

Command Injection RCE Google Gemini Cli Run Gemini Cli Github Action
NVD GitHub VulDB
CVSS 4.0
10.0
EPSS
0.3%
CVE-2026-57301 HIGH This Week

Jenkins OWASP ZAP Plugin 1.0.7 and earlier performs build operations on the Jenkins controller rather than the assigned agent, allowing attackers with Item/Configure permission to execute arbitrary code on the Jenkins controller.

Jenkins RCE Jenkins Owasp Zap Plugin
NVD VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2026-57296 HIGH This Week

Path traversal in the Jenkins External Workspace Manager Plugin (versions 1.3.2 and earlier) lets an attacker with Item/Configure permission supply traversal sequences in the custom workspace path of the exwsAllocate Pipeline step to read arbitrary files from the Jenkins controller filesystem, which the vendor notes can escalate to remote code execution. The flaw requires an authenticated low-privileged user (CVSS:3.1 PR:L, base 8.8) and is reported directly by the Jenkins security team. No public exploit identified at time of analysis, and CISA SSVC marks exploitation as none.

Path Traversal Jenkins RCE Jenkins External Workspace Manager Plugin
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2026-12242 HIGH This Week

Authenticated PHP code injection in the AdRotate Banner Manager WordPress plugin (versions ≤5.17.7) allows Contributor-level users to execute arbitrary PHP on the server by abusing the 'banner' attribute of the [adrotate] shortcode. Exploitation requires W3 Total Cache or Borlabs Cache support to be enabled in AdRotate settings, where unsanitized input is concatenated into a PHP string wrapped in mfunc/fragment cache markers. Reported by Wordfence; no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Code Injection WordPress PHP RCE Adrotate Banner Manager
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2026-56370 NuGet MEDIUM PATCH This Month

Out-of-bounds read in ImageMagick's ConnectedComponentsImage() function allows local attackers to trigger access violations by supplying malformed connected-components artifact definitions via the CLI, leading to denial of service or potential arbitrary code execution. All ImageMagick releases before 7.1.2-19 are affected, as are Magick.NET NuGet packages before 14.12.0. No public exploit has been identified at time of analysis and the vulnerability is not listed in CISA KEV, but the RCE and information-disclosure tags warrant attention in environments that process untrusted image inputs through automated pipelines.

Denial Of Service RCE Buffer Overflow Information Disclosure Imagemagick +2
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-71361 PyPI HIGH PATCH This Week

Detection bypass in picklescan before 0.0.29 allows malicious pickle files to evade scanning by abusing the undetected idlelib.calltip.Calltip.fetch_tip function, enabling arbitrary code execution when the file is later loaded via pickle.load(). Affects ML supply chains relying on picklescan to vet PyTorch models; publicly available exploit code exists in the GHSA advisory, but no public exploit identified in active campaigns at time of analysis.

Code Injection RCE Picklescan
NVD GitHub
CVSS 4.0
7.6
EPSS
0.3%
CVE-2026-13006 HIGH This Week

Arbitrary code execution in QOS.CH logback-core versions up to and including 1.5.34 allows a local attacker with existing privilege to run code in the context of any Java application that loads Logback when the Janino library is on the classpath. The flaw circumvents prior hardening for CVE-2025-11226 via conditional configuration file processing, and is triggered either by writing to an existing logback configuration file or by injecting an environment variable that points the process at a malicious configuration. No public exploit identified at time of analysis, though the bypass nature of the issue makes weaponization of existing CVE-2025-11226 exploit code plausible.

RCE Java Logback Core
NVD VulDB
CVSS 4.0
7.0
EPSS
0.1%
CVE-2026-12416 CRITICAL POC Act Now

Account takeover in the Invoice Generator WordPress plugin (versions through 1.0.0) allows unauthenticated remote attackers to reset the password of any user, including administrators, by abusing the nopriv `pravel_invoice_change_password()` AJAX handler. Reported by Wordfence with a CVSS of 9.8 and tagged for RCE potential via subsequent admin compromise; no public exploit identified at time of analysis, though the trivial nature of the bug makes weaponization straightforward.

RCE WordPress Invoice Generator
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2026-7574 HIGH This Week

Persistent local code execution affects Anthropic Claude Desktop Cowork on macOS (v1.1348.0 through v1.2278.0) because the Cowork VM bootstrap validates only the presence of rootfs.img and a version marker string without verifying image content integrity at time-of-use. A local attacker with unprivileged code execution as the victim user can swap or modify the root filesystem image so subsequent Cowork VM boots trust the tampered image, yielding persistent arbitrary code execution inside the VM and access to host-mounted directories. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.

RCE Apple Claude Desktop Cowork
NVD
CVSS 3.1
8.7
EPSS
0.1%
CVE-2026-41862 HIGH PATCH This Week

Remote code execution in Spring Statemachine 3.2.0-3.2.4 and 4.0.0-4.0.1 allows authenticated attackers to execute arbitrary code inside the application JVM by injecting malicious serialized Java objects into the Kryo-based persistence backends (JPA, MongoDB, Redis, or ZooKeeper). The flaw stems from deserializing persisted state-machine contexts without enforcing a class allowlist, a classic CWE-502 pattern that has historically yielded reliable gadget-chain exploitation in Java applications. No public exploit identified at time of analysis, but the deserialization sink and Kryo gadget ecosystem make weaponization straightforward once an attacker can write to the persistence store.

Redis Deserialization RCE Java
NVD HeroDevs VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2026-54503 CRITICAL Act Now

Stored cross-site scripting in Plone CMS enables persistent script injection by spoofing file MIME types within the plone.app.textfield and plone.restapi packages, announced June 5, 2026. An attacker with content-upload access can craft a file whose declared MIME type bypasses Plone's content-type enforcement, causing browsers to render the payload as HTML or JavaScript when other users access the stored content. No public exploit code or CISA KEV listing has been identified at time of analysis; the moderate severity rating (4.3) reflects the stored persistence risk offset by the upload-privilege requirement.

XSS Denial Of Service RCE
NVD
CVE-2026-55248 CRITICAL Act Now

Denial of service in Plone's RSS feed portlet component (plone.app.portlets) allows an attacker to exhaust server resources by supplying or triggering the parsing of a maliciously crafted RSS/Atom feed, rendering the Plone application unavailable. Disclosed June 23, 2026 as part of a coordinated Plone security release, the issue carries a critical severity rating of 9.1. No public exploit code or CISA KEV listing has been identified at time of analysis.

XSS Denial Of Service RCE
NVD
CVE-2026-55247 CRITICAL Act Now

Denial-of-service via malformed iCalendar import in Plone's plone.app.event package, rated 9.1 critical, enables remote disruption of affected Plone installations by submitting a crafted ICS file to the event import endpoint. Disclosed June 23, 2026 as part of a coordinated Plone security release addressing six distinct vulnerabilities across multiple packages. No public exploit code or CISA KEV listing has been identified at time of analysis, though the critical severity rating and co-disclosure of a related icalendar library CVE (CVE-2026-55099) the same week warrant prompt patching.

XSS Denial Of Service RCE
NVD
CVE-2026-55099 CRITICAL Act Now

Denial of Service in the collective/icalendar Python library allows attackers to crash or hang applications that process externally supplied iCalendar data. The vulnerability carries a CVSS score of 7.5 High and affects Plone CMS deployments as well as any Python application using the library to parse .ics input. No public exploit code has been identified at time of analysis, and the issue is not listed in CISA KEV.

XSS Denial Of Service RCE
NVD
CVE-2026-12112 HIGH PATCH This Week

Session hijacking in the foreman-mcp-server component (shipped with Red Hat Satellite 6) allows local attackers to take over active administrative sessions by reusing leaked session IDs that the server caches without re-validating authentication tokens. Because session IDs are written to standard logs, any user with log read access can replay them to gain administrative control and pivot to infrastructure-wide code execution. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.

RCE Authentication Bypass Privilege Escalation Red Hat Satellite 6
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-54320 HIGH PATCH This Week

Authentication bypass in Daytona prior to 0.184.0 allows attackers to join organizations via pending invitations using unverified email addresses. The invitation accept and decline paths failed to enforce email verification (unlike organization creation), so on OIDC identity providers permitting self-service signup with pre-verification sessions, an attacker registering an email matching a pending invite can claim it and inherit the assigned role - up to Owner. No public exploit identified at time of analysis, but the path to full Owner-level organization takeover makes this a high-priority fix.

Elastic RCE Authentication Bypass Daytona
NVD GitHub
CVSS 3.1
8.4
EPSS
0.2%
CVE-2026-54323 MEDIUM PATCH This Month

Git credential exposure in Daytona's daemon (all versions prior to 0.185.0) allows a network-positioned attacker to silently harvest HTTP Basic Authorization headers by exploiting a complete absence of TLS certificate validation on both the go-git and native git CLI clone code paths. An attacker with man-in-the-middle capability on clone traffic can present any fraudulent TLS certificate, capture the Git credentials supplied for the clone, and simultaneously inject tampered repository content into the execution sandbox - threatening both credential confidentiality and supply-chain integrity of AI-generated code workflows. No public exploit or active exploitation has been identified at time of analysis; a vendor-released fix is available in version 0.185.0.

RCE Elastic Daytona
NVD GitHub
CVSS 3.1
5.9
EPSS
0.1%
CVE-2020-9695 HIGH This Week

Acrobat Reader versions 2020.009.20074, 2020.001.30002, 2017.011.30171, 2015.006.30523 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Adobe Buffer Overflow Memory Corruption Acrobat Reader
NVD VulDB
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-52813 Go CRITICAL POC PATCH GHSA Act Now

Remote code execution in Gogs self-hosted Git service before 0.14.3 allows unauthenticated attackers (where self-registration is enabled) to abuse unsanitized organization names containing '../' sequences to write Git repository files outside the intended storage root, then overwrite a repository's hooks/update script and trigger arbitrary command execution as the git user. The flaw carries a CVSS 10.0 (AV:N/AC:L/PR:N/UI:N/S:C) rating, and a fully working public proof-of-concept is published alongside the GHSA advisory, though no CISA KEV listing or EPSS data is provided in the input.

Docker RCE PostgreSQL Path Traversal
NVD GitHub
CVSS 3.1
10.0
EPSS
1.1%
CVE-2026-52811 Go CRITICAL PATCH GHSA Act Now

Authenticated arbitrary file write in Gogs (self-hosted Git service) versions below 0.14.3 on Linux/macOS lets a user with repository write access escape the working tree and overwrite any file the gogs UID can touch, escalating to remote code execution. The flaw stems from `UploadRepoFiles` validating symlinks only on the leaf path while sibling functions correctly walk every component; combined with a crafted multipart filename containing a literal backslash, the write is redirected through a previously committed directory symlink to targets like `~git/.ssh/authorized_keys` or `<repo>.git/hooks/post-receive`. No CISA KEV listing and no EPSS provided, but a detailed, tested proof-of-concept is published in the vendor advisory, so publicly available exploit code exists.

Apple Linux CSRF Ubuntu Microsoft +3
NVD GitHub VulDB
CVSS 4.0
9.0
EPSS
0.5%
CVE-2026-52806 Go CRITICAL PATCH GHSA Act Now

Remote code execution in Gogs through 0.14.2 allows authenticated users (and unauthenticated attackers on default-configured instances with open registration) to execute arbitrary commands as the Gogs server process by crafting a pull request whose base branch name injects a `--exec` flag into the underlying `git rebase` invocation. A working Python proof-of-concept exists and has been validated end-to-end against Docker, Linux binary, and Windows installations, yielding shell access as the `git` user. No CISA KEV listing or EPSS data is provided, so this is treated as publicly available exploit code rather than confirmed active exploitation.

Command Injection Docker Apple Privilege Escalation Ubuntu +3
NVD GitHub VulDB
CVSS 3.1
9.9
EPSS
1.0%
CVE-2026-34916 HIGH This Week

Authenticated PHP code injection in Revive Adserver 6.0.6 and earlier allows a low-privileged user to embed arbitrary PHP into the compiledlimitations database field via the logical parameter of delivery limitations, with execution occurring later during banner delivery. The flaw is exploitable over the network with low complexity and yields full confidentiality, integrity, and availability impact (CVSS 8.8), though no public exploit identified at time of analysis.

PHP RCE Code Injection Revive Adserver
NVD
CVSS 3.0
8.8
EPSS
0.4%
CVE-2026-44959 HIGH This Week

Authenticated PHP code injection in Revive Adserver 6.0.6 and earlier allows a low-privileged user to smuggle an unexpected parameter into the delivery limitations save flow, planting attacker-controlled PHP into the compiledlimitations field that is then evaluated when banners are served. With CVSS 8.8 and a CWE-94 root cause, successful exploitation yields full code execution under the web/ad-delivery process, though there is no public exploit identified at time of analysis and the vulnerability is not in CISA KEV.

PHP RCE Code Injection Adserver
NVD
CVSS 3.0
8.8
EPSS
0.4%
CVE-2026-12957 HIGH PATCH NEWS This Week

Arbitrary code execution in AWS Language Servers prior to version 1.65.0 allows attackers to run commands on a developer's machine when a victim opens and trusts a maliciously crafted workspace. The flaw stems from improper trust boundary enforcement (CWE-732) that causes commands embedded in project configuration files to execute automatically. No public exploit identified at time of analysis, but the requirement for only passive user interaction (workspace trust prompt) makes this a credible developer-targeting threat.

RCE Language Servers For Aws
NVD GitHub
CVSS 4.0
8.5
EPSS
0.1%
CVE-2026-28496 CRITICAL POC PATCH Act Now

Server-side template injection in FOSSBilling versions prior to 0.8.0 allows authenticated administrators to execute arbitrary code and disclose sensitive information by injecting Twig expressions into template-rendering features. The unsandboxed Twig environment exposes the application's dependency injection container, turning any admin-accessible template surface into a full RCE primitive. No public exploit identified at time of analysis, but a related auth-bypass chain (GHSA-78x5-c8gw-8279) is documented by VulnCheck and could lower the practical privilege bar.

Ssti RCE Information Disclosure Fossbilling
NVD GitHub
CVSS 4.0
9.4
EPSS
1.9%
CVE-2026-35018 HIGH PATCH This Week

Authenticated remote code execution in NetComm NF20MESH routers running firmware R6B031 and earlier allows low-privileged authenticated attackers to gain full root-level OS control via OS command injection. The dalStorage_addUserAccount function unsafely concatenates attacker-supplied JSON username input into a shell command string executed by rut_doSystemAction without sanitization, enabling shell metacharacter injection. No public exploit identified at time of analysis and no CISA KEV listing, but a detailed public advisory from signal11.io documents the attack surface, and a vendor patch (implied R6B032) is available.

Command Injection RCE Nf20Mesh
NVD
CVSS 4.0
8.7
EPSS
0.7%
CVE-2026-56315 PyPI CRITICAL PATCH Act Now

Remote code execution in picklescan versions prior to 1.0.4 allows attackers to bypass the scanner's safety validation by crafting malicious pickle files that import unblocked Python standard library modules. The tool's blocklist (scanner.py _unsafe_globals) omits at least seven stdlib modules - including uuid, _osx_support, _aix_support, _pyrepl.pager, and imaplib - exposing eight functions that execute arbitrary commands via subprocess or os.system. Publicly available exploit code exists in the GHSA advisory, demonstrating CLEAN scan results for files that achieve full RCE on load; this is especially concerning because picklescan is relied on by HuggingFace Hub and similar ML pipelines.

RCE Python Picklescan
NVD GitHub
CVSS 4.0
9.3
EPSS
0.8%
CVE-2026-56258 PyPI CRITICAL PATCH Act Now

Arbitrary file write in Crawl4AI Docker API server before 0.8.8 lets unauthenticated remote attackers escape the ALLOWED_OUTPUT_DIR via symlinks and a TOCTOU race on the output_path parameter of the /screenshot and /pdf endpoints, potentially escalating to code execution where the runtime user can write to executable or cron paths. No public exploit identified at time of analysis, but the API is unauthenticated by default and the GHSA confirms the issue was found in an internal security audit.

RCE Path Traversal Crawl4ai
NVD GitHub
CVSS 4.0
9.2
EPSS
0.7%
CVE-2025-71370 PyPI HIGH PATCH This Week

Detection bypass in picklescan before 0.0.28 allows attackers to embed malicious torch.jit.unsupported_tensor_ops.execWrapper calls in pickle files that evade the scanner and execute arbitrary code when later loaded via pickle.load(). Publicly available exploit code exists in the GHSA advisory, and the flaw directly undermines the security guarantee picklescan is meant to provide for PyTorch model files. No CISA KEV listing and no EPSS data are provided, but the scanner bypass nature makes this a meaningful supply-chain risk for ML pipelines.

RCE Deserialization Picklescan
NVD GitHub VulDB
CVSS 4.0
7.6
EPSS
0.4%
CVE-2025-71365 PyPI HIGH PATCH This Week

Detection bypass in picklescan before 0.0.33 allows attackers to smuggle arbitrary code through malicious pickle files by abusing numpy.f2py.crackfortran.myeval in a __reduce__ method, which the scanner fails to flag as dangerous. Any ML pipeline or model-hosting workflow that trusts picklescan's verdict before calling pickle.load() will execute attacker-controlled commands; publicly available exploit code exists in the GHSA advisory, and the CVSS 4.0 score of 7.6 reflects high confidentiality and integrity impact contingent on user interaction.

RCE Deserialization Picklescan
NVD GitHub
CVSS 4.0
7.6
EPSS
0.3%
CVE-2025-71341 PyPI HIGH PATCH This Week

Detection bypass in picklescan prior to 0.0.29 allows attackers to smuggle remote code execution payloads through pickle files that the scanner incorrectly classifies as safe. The library fails to flag the built-in profile.Profile.runctx function when used in a __reduce__ method, so a downstream pickle.load() of the scanned file executes arbitrary Python. Publicly available exploit code exists in the GHSA-6vqj-c2q5-j97w advisory, though no active exploitation has been reported.

RCE Deserialization Picklescan
NVD GitHub
CVSS 4.0
7.6
EPSS
0.5%
CVE-2026-12866 CRITICAL Act Now

Arbitrary JavaScript code execution in the expr-eval npm package affects all released versions when applications pass user-controlled expressions to the toJSFunction() API, which compiles them via new Function() and executes them in the host process context. Snyk discloses no public exploit identified at time of analysis, but the trivial attack pattern (sandbox escape via crafted math expressions) and CVSS 4.0 score of 9.2 make this a high-priority issue for any Node.js or browser application that exposes expr-eval to untrusted input.

RCE Code Injection Expr Eval
NVD GitHub VulDB
CVSS 4.0
9.2
EPSS
0.5%
CVE-2026-39253 HIGH This Week

Remote code execution in Pivotal CRM 6.6.04.08 Smart Client arises from insecure deserialization in the Pivotal.Core.Common.dll and Pivotal.Engine.Client.Services.Conversion.dll components, allowing remote attackers to execute arbitrary code on affected installations. The vendor (Aurea/Pivotal) has published a remediation advisory and a researcher has released a public technical advisory, but the issue is not currently listed in CISA KEV and SSVC indicates no observed exploitation. CVSS 8.1 reflects high impact tempered by high attack complexity, while no public exploit identified at time of analysis is corroborated by SSVC's 'Exploitation: none'.

Deserialization RCE N A
NVD VulDB
CVSS 3.1
8.1
EPSS
0.8%
CVE-2026-52673 MEDIUM This Month

SQL Injection vulnerability in Cboard v.0.4.2 and before allows a remote attacker to execute arbitrary code via the getDimensionsValues component

SQLi RCE N A
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2026-54351 npm CRITICAL PATCH GHSA Act Now

Cross-workspace automation execution in Budibase (npm @budibase/server, all versions before 3.39.9) lets a builder-authenticated attacker run their own automations inside any other workspace on the same instance by overwriting the server-derived appId. The public, unauthenticated webhook trigger endpoint mass-assigns the raw POST body over internal parameters, and because Execute Script steps run JavaScript, this escalates to arbitrary code execution and full data theft in the victim's context. A detailed proof-of-concept is published in the vendor advisory (GHSA-rgvg-3wpc-h44p); publicly available exploit code exists, though it is not listed in CISA KEV and EPSS exploitation probability is modest at 0.41% (33rd percentile).

RCE
NVD GitHub VulDB
CVSS 3.1
9.6
EPSS
0.4%
CVE-2026-54232 PyPI HIGH PATCH This Week

Remote code execution in vLLM versions prior to 0.22.1 allows attackers to backdoor production LLM inference deployments through a dependency confusion attack in the project's Dockerfile. Because flashinfer-jit-cache was pulled via --extra-index-url with UV_INDEX_STRATEGY=unsafe-best-match while the name remained unregistered on PyPI, any attacker who claimed the name on PyPI with a higher version would have their code executed as root during every Docker build. No public exploit identified at time of analysis, but the supply-chain primitive is well understood and trivially weaponizable.

Docker RCE Vllm Red Hat
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2026-46672 npm MEDIUM PATCH GHSA This Month

CSV formula injection in @actual-app/cli versions prior to 26.6.0 allows an attacker who can write user-controlled strings into an Actual Budget database to execute arbitrary spreadsheet formulas when the victim exports data using the --format csv flag and opens the resulting file in Excel, LibreOffice Calc, or Google Sheets. The vulnerable `escapeCsv` helper in `packages/cli/src/output.ts` neutralizes only RFC 4180 delimiters and quotes but does not strip formula-trigger prefixes (=, +, -, @, tab, CR), meaning payloads in payee names, account names, categories, notes, or tags survive into the CSV output unchanged. A publicly available proof-of-concept is included in the GHSA-7gh7-258j-4mpq advisory; no CISA KEV listing exists at time of analysis.

Google RCE Microsoft Node.js
NVD GitHub
CVSS 3.1
4.6
EPSS
0.2%
CVE-2026-46611 PyPI MEDIUM PATCH GHSA This Month

DNS rebinding against the Glances XML-RPC server (`glances -s`) allows a network-adjacent or remote attacker to exfiltrate the full system monitoring dataset - including process command lines that routinely contain secrets - from a victim's browser without any authentication. The `GlancesXMLRPCHandler` in `glances/server.py` accepts arbitrary HTTP `Host` headers without validation, an omission that persists while the REST/WebUI server received an equivalent fix (TrustedHostMiddleware, v4.5.2) and the MCP server was protected since v4.5.1. No active exploitation is confirmed (not in CISA KEV), but a detailed proof-of-concept is published in the vendor's GitHub security advisory GHSA-w856-8p3r-p338 and the attack is materially amplified by the companion CORS wildcard issue CVE-2026-46608.

Kubernetes Docker RCE Python Red Hat +1
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2026-46607 PyPI HIGH PATCH GHSA This Week

Local arbitrary code execution in Glances versions prior to 4.5.5 occurs when the daemon deserializes its version-check cache file via pickle.load() without integrity validation. An attacker with write access to the Glances user's XDG cache directory (~/.cache/glances/glances-version.db) can plant a malicious pickle that executes as the Glances process user - frequently root - on next startup. Publicly available exploit code exists in the GHSA advisory, but no public exploit identified at time of analysis as actively weaponized.

Docker Python Privilege Escalation RCE Deserialization +1
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-46606 PyPI HIGH PATCH GHSA This Week

Local privilege escalation via command injection in Glances 4.5.5_dev1 and earlier allows users with libvirt domain-creation rights to execute arbitrary commands as the Glances process owner (typically root on hypervisor hosts). The flaw lives in the KVM/QEMU monitoring plugin, where VM domain names parsed from `virsh list --all` are interpolated into command strings handled by `secure_popen()`, which intentionally treats `&&`, `|`, and `>` as control operators. No public exploit identified at time of analysis, but a detailed PoC accompanies the GHSA-v5r2-qh84-fjx5 advisory.

Command Injection Ubuntu Debian RCE Python +1
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-46495 Maven CRITICAL PATCH GHSA Act Now

Unauthenticated remote code execution in OpenDJ Community Edition through 5.1.0 occurs when the JMX RMI connector deserializes attacker-controlled Java objects before authentication is performed. Any deployment with the JMX Connection Handler enabled (commonly turned on for monitoring integrations) is exposed to pre-auth RCE over TCP, as demonstrated against OpenDJ 4.4.15 on JDK 11 with Jackson 2.12.6.1. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

RCE Java Deserialization
NVD GitHub
CVE-2025-71344 PyPI HIGH PATCH This Week

Detection bypass in picklescan versions 0.0.26 and earlier (fixed in 0.0.30) allows attackers to smuggle arbitrary code through malicious pickle files by abusing Python's built-in ensurepip._run_pip function, which the scanner failed to flag as dangerous. Organizations relying on picklescan to vet PyTorch models or other serialized Python objects will load the file as safe and trigger remote code execution upon pickle.load(). Publicly available exploit code exists via the GHSA advisory PoC, though no public exploit identified in active campaigns at time of analysis.

RCE Deserialization Picklescan
NVD GitHub
CVSS 4.0
7.6
EPSS
0.4%
CVE-2025-71339 PyPI HIGH PATCH This Week

Arbitrary code execution in Picklescan before 0.0.33 occurs because the scanner fails to flag the numpy.f2py.crackfortran._eval_length gadget when used inside a pickle __reduce__ method, allowing crafted pickle files to be marked safe while still executing attacker-supplied Python on load. Workflows that rely on Picklescan to vet untrusted pickle or PyTorch model artifacts are exposed to supply-chain poisoning, and publicly available exploit code exists in the GHSA advisory.

RCE Deserialization Python Picklescan
NVD GitHub
CVSS 4.0
7.6
EPSS
0.3%
CVE-2026-44778 Go LOW PATCH GHSA Monitor

Denial of service in Inspektor Gadget's USDT note parser (pkg/uprobetracer/usdt.go) allows an unprivileged container process to crash or OOM-kill the privileged IG host process by placing a crafted ELF binary at a path targeted by a custom USDT gadget. Two distinct attack vectors exist: a panic from out-of-bounds slice access when DescSize is artificially small, and unbounded memory allocation (~4 GiB) when NameSize or DescSize is set to 0xFFFFFFFF. No public exploit identified at time of analysis; critically, no gadget shipped by the Inspektor Gadget project uses USDT probes, so only deployments running operator-developed custom USDT gadgets are exposed.

RCE Denial Of Service Privilege Escalation Kubernetes
NVD GitHub
CVE-2026-44179 Maven CRITICAL PATCH GHSA Act Now

Remote code execution in XWiki Pro Macros (com.xwiki.pro:xwiki-pro-macros) versions >=1.13 and <1.14.5 allows any authenticated user with page-edit rights to execute arbitrary Groovy code via the excerpt-include macro, which fails to escape the included page's title and renders excerpt content with the macro's elevated rights. A working proof-of-concept is published in the GHSA advisory demonstrating injection through both a crafted page title and excerpt body. No public exploit identified at time of analysis as actively used, but the publicly available exploit code exists in the advisory itself.

Atlassian RCE Code Injection
NVD GitHub
CVSS 3.1
9.9
CVE-2026-33731 PHP MEDIUM PATCH GHSA This Month

Wallet balance inflation in AVideo's Authorize.Net payment plugin (versions <= 28.0) allows a low-privileged attacker to credit arbitrary amounts to any user account by forging webhook requests. Three code flaws chain together: a logical OR in the signature check lets a real transaction ID bypass HMAC validation entirely, attacker-controlled payload fields take precedence over authoritative API-fetched amounts and user IDs, and the payment approval status is never verified before crediting the wallet. A detailed proof-of-concept with working curl commands is publicly documented in GitHub Advisory GHSA-95jh-7r58-xmxw. No confirmed active exploitation (CISA KEV) at time of analysis, but the PoC lowers the bar to exploitation significantly.

RCE PHP
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-33646 Cargo CRITICAL PATCH GHSA Act Now

Arbitrary code execution in mise (jdx/mise) versions prior to 2026.3.10 allows attackers to run shell commands as the victim user simply by having them `cd` into a directory containing a malicious `.tool-versions` file. Unlike `.mise.toml`, `.tool-versions` files bypass the trust verification gate in non-paranoid mode, so the Tera template engine's `exec()` function fires silently from the shell `hook-env`. No public exploit identified at time of analysis beyond the detailed reporter PoC, but exploitation is trivial and a working PoC is embedded in the advisory.

RCE Python Apple Privilege Escalation Code Injection
NVD GitHub
CVSS 3.1
9.6
EPSS
0.7%
CVE-2026-10789 CRITICAL PATCH Act Now

Remote code execution in Autodesk Fusion Desktop's MCP (Model Context Protocol) extension allows attackers to execute arbitrary code with current user privileges when a victim visits a malicious webpage while Fusion is running with the MCP extension enabled. The flaw is rated CVSS 9.6 (Critical) due to its network-reachable nature and scope change, though successful exploitation requires user interaction (visiting a crafted page) and the non-default MCP extension being enabled. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.

RCE Code Injection Fusion
NVD VulDB
CVSS 3.1
9.6
EPSS
0.3%
CVE-2026-9072 CRITICAL PATCH Act Now

Remote code execution and denial of service in IBM WebSphere Application Server and WebSphere Application Server Liberty (including IBM i 7.3-7.6) occurs when the WebServer Plug-in component is deployed with Intelligent Management enabled. An attacker who can impersonate a backend application server and return crafted responses can trigger code injection (CWE-94) against the plug-in, yielding full confidentiality, integrity, and availability impact. No public exploit identified at time of analysis; EPSS 0.38% and SSVC exploitation 'none' indicate no observed weaponization despite the 9.8 CVSS rating.

RCE IBM Denial Of Service Code Injection
NVD VulDB
CVSS 3.1
9.8
EPSS
0.4%
CVE-2026-8858 HIGH PATCH This Week

Remote code execution and denial of service in the IBM WebSphere Web Server Plug-in shipped with IBM i 7.3, 7.4, 7.5, and 7.6 (through 1.8.4) allows an attacker positioned on the adjacent network to abuse the plug-in's handling of responses from an upstream WebSphere Application Server. By impersonating the application server and returning crafted responses, the attacker can trigger code injection (CWE-94) against the plug-in, leading to full compromise of confidentiality, integrity, and availability. There is no public exploit identified at time of analysis and EPSS is low (0.25%), but SSVC rates the technical impact as total.

RCE IBM Denial Of Service Code Injection
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-10561 CRITICAL PATCH Act Now

Unauthenticated remote code execution in IBM Langflow OSS versions 1.0.0 through 1.9.3 allows attackers to fully compromise the host by bypassing authentication and abusing improper Python execution isolation. The maximum CVSS 10.0 score (AV:N/AC:L/PR:N/UI:N with scope change) reflects trivial network-based exploitation against any internet-exposed instance, though no public exploit identified at time of analysis. IBM has confirmed the issue and released a patch via support advisory node/7277242.

Code Injection IBM Python RCE Authentication Bypass +1
NVD VulDB
CVSS 3.1
10.0
EPSS
0.5%
CVE-2026-56447 CRITICAL PATCH Act Now

Authenticated arbitrary code execution in MISP allows a site administrator to abuse the Kafka_rdkafka_config setting to load an attacker-controlled INI file, which is parsed and passed to rdkafka with options such as plugin.library.paths to load an arbitrary shared library. The flaw (CWE-829, inclusion of functionality from untrusted control sphere) yields code execution as the MISP process user; no public exploit identified at time of analysis, but a vendor patch is available.

RCE Misp
NVD GitHub VulDB
CVSS 4.0
9.3
EPSS
0.3%
CVE-2026-12602 HIGH PATCH This Week

Local privilege escalation in ArubaSign prior to v4.6.6 stems from overly permissive ACLs applied at installation, granting the 'Everyone' group write access to the main executable and supporting files under C:\Program Files. An unprivileged local user can swap these binaries for malicious payloads that subsequently execute under the privileges of any user (potentially Administrator or SYSTEM) who later launches the application. No public exploit identified at time of analysis and the issue is not on CISA KEV.

RCE Privilege Escalation Arubasign
NVD
CVSS 4.0
8.8
EPSS
0.1%
CVE-2026-56446 HIGH PATCH This Week

Remote code execution in MISP allows authenticated site administrators to abuse the JsonLogTool NDJSON error log configuration to write attacker-controlled content to a PHP file under the webroot, yielding code execution as the web server user. No public exploit identified at time of analysis, but a vendor patch is available via the MISP GitHub repository.

RCE PHP Code Injection Misp
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.3%
CVE-2026-56397 Go CRITICAL PATCH Act Now

Remote code execution in SiYuan note-taking application (before v3.6.1) allows any malicious Bazaar marketplace package author to compromise users via unsanitized HTML rendering of package displayName, description, and README content. Because the Electron renderer is configured with nodeIntegration:true and contextIsolation:false, injected JavaScript pivots directly to arbitrary OS command execution. No public exploit identified at time of analysis, but VulnCheck published a detailed technical advisory documenting both zero-click (metadata) and one-click (README) vectors.

RCE XSS Siyuan
NVD GitHub VulDB
CVSS 4.0
9.4
EPSS
0.4%
CVE-2026-56395 Go CRITICAL PATCH Act Now

Remote code execution in SiYuan note-taking application before v3.6.1 occurs when users browse the built-in Bazaar marketplace, because package metadata (displayName, description) and README content are rendered without HTML sanitization. Because the Electron shell ships with nodeIntegration:true and contextIsolation:false, an injected script in the renderer executes arbitrary OS commands as the user. Reported by VulnCheck with detailed vulnerable-code analysis published in the GHSA advisory; no public exploit identified at time of analysis and not listed in CISA KEV.

RCE XSS Siyuan
NVD GitHub VulDB
CVSS 4.0
9.4
EPSS
0.4%
CVE-2026-56382 PHP HIGH POC PATCH This Week

Authenticated remote code execution in Craft CMS versions 5.5.0 through 5.9.13 allows admin users to execute arbitrary PHP by injecting Yii2 event handlers via the fieldLayoutConfig POST parameter to FieldsController::actionRenderCardPreview(). The flaw stems from missing Component::cleanseConfig() sanitization, enabling disclosure of environment variables including database credentials and CRAFT_SECURITY_KEY. No public exploit identified at time of analysis, though VulnCheck has published a detailed advisory describing the attack technique.

Code Injection RCE PHP Cms
NVD GitHub VulDB
CVSS 4.0
8.6
EPSS
0.5%
CVE-2025-71378 PyPI HIGH PATCH This Week

Detection bypass in picklescan versions before 0.0.30 allows malicious pickle files to evade security scanning by using cProfile.runctx in __reduce__ methods, leading to arbitrary code execution when the file is loaded via pickle.load(). The flaw undermines the core purpose of picklescan as a defensive tool for ML model security and was reported by VulnCheck with a published proof-of-concept in the GitHub Security Advisory. No public exploit identified at time of analysis as a weaponized in-the-wild attack, but PoC code is published in the GHSA.

Deserialization RCE Picklescan
NVD GitHub VulDB
CVSS 4.0
7.6
EPSS
0.3%
CVE-2025-71351 PyPI HIGH PATCH This Week

Detection bypass in picklescan versions before 0.0.25 allows attackers to embed remote code execution payloads in pickle files by abusing the built-in timeit.timeit() function inside a __reduce__ method, which is not on the unsafe-globals blacklist. Any organization using picklescan to vet PyTorch or other pickle-based model files is affected, and a working PoC is publicly documented in the GHSA advisory (no public exploit identified at time of analysis as a weaponized tool, but POC code is published).

RCE Picklescan
NVD GitHub VulDB
CVSS 4.0
7.6
EPSS
0.4%
CVE-2025-71348 PyPI HIGH PATCH This Week

Detection bypass in picklescan before 0.0.28 allows attackers to smuggle arbitrary code through pickle files by abusing torch.utils._config_module.load_config inside __reduce__ methods, defeating the library's malicious-pickle scanning and enabling remote code execution when the file is later loaded. Publicly available exploit code exists (GHSA-vv6j-3g6g-2pvj includes a working PoC), and the flaw is significant for any ML pipeline that trusts picklescan to vet third-party PyTorch model files. No CISA KEV listing at time of analysis, so exploitation status is limited to public POC rather than confirmed in-the-wild use.

Deserialization RCE Picklescan
NVD GitHub VulDB
CVSS 4.0
7.6
EPSS
0.4%
CVE-2026-5366 CRITICAL Act Now

Remote code execution in Prefect 3.6.23 allows any user holding deployment-creation permissions to run arbitrary commands on shared worker machines by abusing the GitRepository storage class. The commit_sha and directories parameters are concatenated into git invocations without a `--` separator or validation, letting attackers smuggle flags such as `--upload-pack` to execute external programs. No public exploit identified at time of analysis, but the bug was reported via huntr and is particularly dangerous for multi-tenant work pools where worker compromise crosses trust boundaries.

RCE Code Injection Prefecthq Prefect
NVD VulDB
CVSS 3.0
9.9
EPSS
0.6%
CVE-2024-58351 npm CRITICAL PATCH Act Now

Flowise before 2.1.4 allows configuration to be injected into the Chainflow during execution via the overrideConfig option, supported in both the frontend web integration and the backend Prediction. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Denial Of Service SSRF Flowise
NVD GitHub VulDB
CVSS 4.0
9.3
EPSS
0.6%
EPSS 1% CVSS 8.8
HIGH This Week

Remote code execution in Quest NetVault Backup arises from a SQL injection flaw in the handling of NVBULibrarySlot JSON-RPC messages, where a user-supplied string is concatenated into a SQL query without validation. Although the JSON-RPC interface nominally requires authentication, ZDI notes the existing authentication mechanism can be bypassed, so a remote attacker can reach the vulnerable code path and execute arbitrary code in the context of the NETWORK SERVICE account. No public exploit has been identified at time of analysis and the issue is not listed in CISA KEV; EPSS data was not provided.

SQLi RCE Netvault Backup
NVD
EPSS 1% CVSS 8.8
HIGH This Week

SQL injection in Quest NetVault Backup's NVBULibraryPort JSON-RPC handler allows remote attackers to execute arbitrary code as NETWORK SERVICE on affected installations. While exploitation nominally requires authentication (CVSS PR:L), the ZDI advisory states the existing authentication mechanism can be bypassed, effectively lowering the barrier to remote attackers. There is no public exploit identified at time of analysis and no CISA KEV listing, but the issue was coordinated through Trend Micro's Zero Day Initiative (ZDI-CAN-27631 / ZDI-26-373) and carries a CVSS 3.0 base score of 8.8.

SQLi RCE Netvault Backup
NVD
EPSS 1% CVSS 8.8
HIGH This Week

SQL injection leading to remote code execution affects Quest NetVault Backup, where the NVBURemovableMedia component fails to validate a user-supplied string before constructing SQL queries. Although authentication is nominally required, ZDI notes the existing authentication mechanism can be bypassed, effectively lowering the barrier to network-based attackers who can then execute code in the context of the NETWORK SERVICE account. No public exploit identified at time of analysis; the issue was reported privately by Trend Micro's Zero Day Initiative (ZDI-CAN-27632 / ZDI-26-372).

SQLi RCE Netvault Backup
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Remote code execution in Quest NetVault Backup arises from SQL injection in the NVBUDeviceDrive JSON-RPC message handler, where a user-supplied string is concatenated into a SQL query without validation (CWE-89). Although the product requires authentication, the existing authentication mechanism can be bypassed, so remote attackers can reach the flaw and execute arbitrary code in the context of the NETWORK SERVICE account. Discovered and reported through Trend Micro's Zero Day Initiative (ZDI-26-371, formerly ZDI-CAN-27633); no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

SQLi RCE Netvault Backup
NVD VulDB
EPSS 1% CVSS 8.8
HIGH This Week

Remote code execution in Quest NetVault Backup arises from SQL injection in the NVBURASDevice JSON-RPC message handler, where attacker-controlled input is concatenated into SQL queries. Although authentication is nominally required, ZDI notes the existing authentication mechanism can be bypassed, so attackers can reach the vulnerable endpoint and execute code in the NETWORK SERVICE context. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV; it was reported privately via Trend Micro's Zero Day Initiative (ZDI-26-370 / ZDI-CAN-27648).

SQLi RCE Netvault Backup
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Authentication bypass via cross-site scripting in Quest NetVault Backup's addclient3 webpage allows remote attackers to inject arbitrary script that executes in a victim's authenticated session, bypassing access controls. Disclosed through Trend Micro's Zero Day Initiative (ZDI-26-369, formerly ZDI-CAN-27666), the flaw requires user interaction - the target must visit a malicious page or open a malicious file - and can be chained with other weaknesses to achieve code execution in the SYSTEM context. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV, though the high CVSS of 8.8 reflects the serious downstream RCE potential.

Authentication Bypass XSS RCE +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

SQL injection leading to remote code execution in Quest NetVault Backup allows attackers to run arbitrary code as the NETWORK SERVICE account by sending crafted JSON-RPC messages to the NVBUDashboard component. While the JSON-RPC interface nominally requires authentication, ZDI reports the existing authentication mechanism can be bypassed, effectively lowering the access barrier. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV, but it was responsibly disclosed through Trend Micro's Zero Day Initiative (ZDI-26-368, formerly ZDI-CAN-27809).

SQLi RCE Netvault Backup
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Authentication bypass via cross-site scripting in the Quest NetVault Backup viewclient web interface lets remote attackers inject arbitrary script that, when a victim visits a malicious page or opens a malicious file, runs in the application context and circumvents authentication. Disclosed through Trend Micro's Zero Day Initiative (ZDI-26-377, ZDI-CAN-28202), the flaw can be chained with additional vulnerabilities to achieve code execution as SYSTEM. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the CVSS 8.8 rating reflects the high impact of the auth-bypass-plus-RCE chain.

Authentication Bypass XSS RCE +1
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Arbitrary code execution in GIMP results from a heap-based buffer overflow in the HDR file parser, where attacker-controlled length data is copied into an undersized heap buffer without bounds validation. Any user who opens a maliciously crafted HDR image (or visits a page that delivers one) can be exploited, with code running in the context of the GIMP process. There is no public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Heap Overflow Buffer Overflow RCE +1
NVD VulDB
EPSS 0% CVSS 7.2
HIGH This Week

Authenticated remote code execution in ATEN Unizon stems from a broken cryptographic signature check in the updateWar method (reachable via doCryptoHugeFileToFile), letting a high-privileged remote attacker push a forged WAR update and run arbitrary code as SYSTEM. The flaw (CWE-347) was reported by Trend Micro ZDI as ZDI-CAN-28590 and carries a CVSS 3.0 base score of 7.2; no public exploit identified at time of analysis.

Jwt Attack RCE Unizon
NVD
EPSS 1% CVSS 7.2
HIGH This Week

Authenticated remote code execution in ATEN Unizon arises from a directory traversal flaw in the ImportDeviceList method, where a user-supplied file path is used in file operations without proper validation. A high-privileged remote attacker can traverse outside intended directories to write or manipulate files and ultimately execute arbitrary code in the SYSTEM context, fully compromising the host. Discovered and reported via the Zero Day Initiative (ZDI-26-382 / ZDI-CAN-28579); no public exploit identified at time of analysis and it is not listed in CISA KEV.

Path Traversal RCE Unizon
NVD
EPSS 1% CVSS 7.2
HIGH This Week

Authenticated remote code execution in ATEN Unizon arises from a directory traversal flaw in the restoreDB method, where a user-supplied path is used in file operations without validation, letting a high-privileged attacker write or restore files outside the intended directory and run code as SYSTEM. The flaw was reported through Trend Micro's Zero Day Initiative (ZDI-CAN-28578 / ZDI-26-381) and carries a CVSS 3.0 base score of 7.2 (PR:H). There is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Path Traversal RCE Unizon
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Arbitrary code execution in MosaicML Composer arises when the library loads a model or resumption checkpoint, because checkpoint parsing deserializes attacker-controlled pickle data without validation (CWE-502). A user who loads a maliciously crafted checkpoint (.pt) file - for example one downloaded from a model hub or shared by a collaborator - runs arbitrary Python code in the context of the training process. Reported through ZDI (ZDI-26-384, ZDI-CAN-27990); no public exploit identified at time of analysis and the issue is not listed in CISA KEV, but an upstream source fix is available.

Deserialization RCE Composer
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

Remote authenticated command injection in Unraid's web management server allows attackers to execute arbitrary OS commands as the www-data user by abusing unsanitized input in ToggleState.php. Any user with low-privilege authenticated web access can chain this CWE-78 flaw into full code execution on the underlying NAS host. Discovered and reported through ZDI (ZDI-CAN-30134 / ZDI-26-386); no public exploit identified at time of analysis and no CISA KEV listing.

Command Injection RCE PHP +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Authenticated remote code execution in Unraid stems from OS command injection in the web server's FileUpload.php, where a user-supplied string is passed to a system call without validation, letting any logged-in attacker run arbitrary commands as the www-data user. Tracked as ZDI-CAN-30116 and disclosed via the Zero Day Initiative, it carries a CVSS 8.8 rating; no public exploit identified at time of analysis, and it is not listed in CISA KEV.

Command Injection RCE PHP +1
NVD
EPSS 0% CVSS 9.9
CRITICAL PATCH Act Now

Stored cross-site scripting in SiYuan's Attribute View (database) asset cell renderer escalates to remote code execution on the Electron desktop client for all versions prior to 3.7.0. An attacker who can persist crafted content into a database asset cell has malicious JavaScript executed in the privileged Electron context, breaking out to the host operating system; the issue carries a 9.9 CVSS and is fixed in 3.7.0. No public exploit identified at time of analysis, and the flaw is not listed in CISA KEV.

XSS RCE Siyuan
NVD GitHub
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

OAuth token theft in Rocket.Chat allows an unauthenticated remote attacker to mint a valid bearer access token for any user — including administrators — by POSTing MongoDB query operators to the /oauth/token endpoint. Because grant parameters are passed to findOne() without type validation, substituting {"$ne": null} for client_id, client_secret, and refresh_token returns a live token bound to whatever user Mongo matches first; iterating with $nin/$regex walks the entire token collection. No public exploit identified at time of analysis, but exploitation is trivial and capturing an admin token yields full /api/v1/* control and Apps-Engine app installation (server-side code execution). Fixed in the 8.5.0/8.4.1/8.3.3/8.2.3/8.1.4/8.0.5/7.13.7/7.10.11 release line.

Nosql Injection RCE
NVD GitHub
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Local privilege escalation and arbitrary code execution in the HP Accessory WMI Provider installer bundled with certain HP Docking Stations allows a low-privileged local user to gain elevated (likely SYSTEM) execution. The root cause is insecure temporary-file/directory permissions used during installation (CWE-379), which an attacker can abuse to introduce or replace executable content that a privileged installer process runs. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV; HP has published advisory hpsbhf04129 and is releasing software updates.

HP Privilege Escalation RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Arbitrary code execution within the renderer sandbox affects Google Chrome on Android before 149.0.7827.197 via a use-after-free defect in the WebView component, reachable when a victim renders a crafted HTML page. The flaw lets an attacker corrupt freed memory in the rendering process to gain code execution confined to the sandbox; CVSS is 7.8 (High) and Chromium rates it High severity. There is no public exploit identified at time of analysis, and CISA SSVC marks exploitation status as none, but a vendor patch is already available.

Memory Corruption Google Denial Of Service +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome's Blink rendering engine (versions prior to 149.0.7827.197) allows a remote attacker to run arbitrary code within the renderer sandbox by luring a victim to a crafted HTML page. The flaw is a use-after-free (CWE-416) rated High by Chromium with a CVSS of 8.8; it requires user interaction (visiting a malicious page) but no authentication. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, with the CISA SSVC framework recording exploitation status as none.

Memory Corruption Google Denial Of Service +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome for macOS prior to 149.0.7827.197 stems from a use-after-free in the browser's Bluetooth subsystem, letting a malicious Bluetooth peripheral corrupt memory and execute arbitrary code in the browser process. The flaw is rated High severity by Chromium with a CVSS 8.8, requires user interaction (UI:R) but no privileges, and currently has no public exploit identified at time of analysis; CISA SSVC marks exploitation status as none.

Memory Corruption Google Denial Of Service +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome's Blink rendering engine (versions prior to 149.0.7827.197) allows a remote attacker to run arbitrary code within the renderer sandbox when a victim visits a crafted HTML page. The flaw is a use-after-free (CWE-416) rated High by Chromium with a CVSS 8.8; no public exploit identified at time of analysis and it is not listed in CISA KEV, though Chrome browser bugs of this class are historically high-value targets. Exploitation requires user interaction (loading a malicious page) but no authentication.

Memory Corruption Google Denial Of Service +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome on Windows prior to 149.0.7827.197 stems from a use-after-free condition in the Autofill component, letting a remote attacker run arbitrary code in the renderer when a victim opens a malicious web page. Chromium rates the flaw Critical and CVSS 8.8 reflects high impact across confidentiality, integrity, and availability, tempered by the requirement that the user load attacker-controlled content. There is no public exploit identified at time of analysis, and SSVC records exploitation status as none, but the 'total' technical impact makes prompt patching important.

Memory Corruption Google Microsoft +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome's Blink rendering engine (InterestGroups component, part of the Privacy Sandbox/Protected Audience ad-auction API) affects all desktop versions prior to 149.0.7827.197. A crafted HTML page triggers an out-of-bounds read and write that a remote attacker can leverage to execute arbitrary code in the renderer; Chromium rates this Critical and assigns CVSS 8.8. There is no public exploit identified at time of analysis, but a vendor patch is already available, making prompt updating the priority.

Google RCE Buffer Overflow +2
NVD VulDB
CVSS 4.3
MEDIUM POC PATCH This Month

Unvalidated `ot_`-prefixed argument injection in OliveTin allows any authenticated user with action-trigger access to bypass input filtering, inject arbitrary environment variables into action execution contexts, and pollute Go template rendering data. All OliveTin versions prior to commit `ebffd9f040f7` (Go pseudo-version `< 0.0.0-20260531214440-ebffd9f040f7`) are affected. While direct standalone RCE is not confirmed, a public proof-of-concept exists in GHSA-prj9-97mp-mwh2 and secondary command injection is achievable wherever triggered action scripts consume `OT_`-prefixed environment variables in shell-unsafe ways.

RCE
NVD GitHub
CRITICAL PATCH Act Now

Arbitrary code execution affects the WebAuthn authentication module of Open Identity Platform OpenAM Community Edition through 16.0.6, where untrusted Java deserialization (CWE-502) of a user-controllable storage attribute lets an attacker run code as the application server user. The vendor advisory (GHSA-6c99-87fr-6q7r) characterizes this as a pre-authentication RCE, but it is reachable only in non-default deployments where the WebAuthn storage/userAttribute has become attacker-writable. No public exploit has been identified at time of analysis, and the issue is fixed in 16.1.1.

Deserialization RCE
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL POC PATCH Act Now

Remote code execution in Feast (the open-source ML feature store) before 0.63.0 lets remote attackers run OS commands as the feast service account by sending a crafted ApplyFeatureView gRPC request to the registry server. The registry base64-decodes the user_defined_function.body field of an OnDemandFeatureView and passes it to dill.loads() before any authorization check, so no credentials are required. A publicly available exploit code exists (reported by VulnCheck via huntr) and a vendor patch is available, though the flaw is not listed in CISA KEV.

Deserialization Python RCE +1
NVD GitHub
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Full unauthenticated administrative takeover of Payara Server Full (4.x through 7.2026.x, including 6.2024.x and 6.2025.x) is achievable by chaining a Server-Side Request Forgery in the Admin GUI's DownloadServlet with the absence of CSRF protection (CWE-352). An attacker who lures a logged-in administrator into a crafted request exfiltrates the admin REST session token (gfresttoken) to an attacker-controlled host, then replays it for full domain control and arbitrary code execution via WAR deployment. The CVSS 4.0 vector carries E:P (proof-of-concept maturity), so publicly available exploit code exists; there is no CISA KEV listing and no EPSS score in the provided data.

CSRF SSRF RCE +1
NVD
EPSS 0% CVSS 10.0
CRITICAL PATCH Act Now

Pre-sandbox host-level code execution in Google Gemini CLI (versions prior to 0.39.1) and the run-gemini-cli GitHub Action (prior to 0.1.22) allows an unprivileged attacker to run arbitrary commands on CI/CD runner hosts by planting a malicious .gemini/.env file in an untrusted workspace. In headless mode the tool automatically trusted workspace folders and loaded their environment variables before sandboxing, so a workflow that processes attacker-controlled content (for example reviewing a submitted pull request) would execute attacker-supplied commands on the host. No public exploit has been identified at time of analysis, but Google rates this CVSS 4.0 10.0 and a vendor advisory (GHSA-wpqr-6v78-jr5g) with fixed releases is available.

Command Injection RCE Google +2
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Jenkins OWASP ZAP Plugin 1.0.7 and earlier performs build operations on the Jenkins controller rather than the assigned agent, allowing attackers with Item/Configure permission to execute arbitrary code on the Jenkins controller.

Jenkins RCE Jenkins Owasp Zap Plugin
NVD VulDB
EPSS 1% CVSS 8.8
HIGH This Week

Path traversal in the Jenkins External Workspace Manager Plugin (versions 1.3.2 and earlier) lets an attacker with Item/Configure permission supply traversal sequences in the custom workspace path of the exwsAllocate Pipeline step to read arbitrary files from the Jenkins controller filesystem, which the vendor notes can escalate to remote code execution. The flaw requires an authenticated low-privileged user (CVSS:3.1 PR:L, base 8.8) and is reported directly by the Jenkins security team. No public exploit identified at time of analysis, and CISA SSVC marks exploitation as none.

Path Traversal Jenkins RCE +1
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Authenticated PHP code injection in the AdRotate Banner Manager WordPress plugin (versions ≤5.17.7) allows Contributor-level users to execute arbitrary PHP on the server by abusing the 'banner' attribute of the [adrotate] shortcode. Exploitation requires W3 Total Cache or Borlabs Cache support to be enabled in AdRotate settings, where unsanitized input is concatenated into a PHP string wrapped in mfunc/fragment cache markers. Reported by Wordfence; no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Code Injection WordPress PHP +2
NVD
EPSS 0% CVSS 4.8
MEDIUM PATCH This Month

Out-of-bounds read in ImageMagick's ConnectedComponentsImage() function allows local attackers to trigger access violations by supplying malformed connected-components artifact definitions via the CLI, leading to denial of service or potential arbitrary code execution. All ImageMagick releases before 7.1.2-19 are affected, as are Magick.NET NuGet packages before 14.12.0. No public exploit has been identified at time of analysis and the vulnerability is not listed in CISA KEV, but the RCE and information-disclosure tags warrant attention in environments that process untrusted image inputs through automated pipelines.

Denial Of Service RCE Buffer Overflow +4
NVD GitHub VulDB
EPSS 0% CVSS 7.6
HIGH PATCH This Week

Detection bypass in picklescan before 0.0.29 allows malicious pickle files to evade scanning by abusing the undetected idlelib.calltip.Calltip.fetch_tip function, enabling arbitrary code execution when the file is later loaded via pickle.load(). Affects ML supply chains relying on picklescan to vet PyTorch models; publicly available exploit code exists in the GHSA advisory, but no public exploit identified in active campaigns at time of analysis.

Code Injection RCE Picklescan
NVD GitHub
EPSS 0% CVSS 7.0
HIGH This Week

Arbitrary code execution in QOS.CH logback-core versions up to and including 1.5.34 allows a local attacker with existing privilege to run code in the context of any Java application that loads Logback when the Janino library is on the classpath. The flaw circumvents prior hardening for CVE-2025-11226 via conditional configuration file processing, and is triggered either by writing to an existing logback configuration file or by injecting an environment variable that points the process at a malicious configuration. No public exploit identified at time of analysis, though the bypass nature of the issue makes weaponization of existing CVE-2025-11226 exploit code plausible.

RCE Java Logback Core
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Account takeover in the Invoice Generator WordPress plugin (versions through 1.0.0) allows unauthenticated remote attackers to reset the password of any user, including administrators, by abusing the nopriv `pravel_invoice_change_password()` AJAX handler. Reported by Wordfence with a CVSS of 9.8 and tagged for RCE potential via subsequent admin compromise; no public exploit identified at time of analysis, though the trivial nature of the bug makes weaponization straightforward.

RCE WordPress Invoice Generator
NVD GitHub
EPSS 0% CVSS 8.7
HIGH This Week

Persistent local code execution affects Anthropic Claude Desktop Cowork on macOS (v1.1348.0 through v1.2278.0) because the Cowork VM bootstrap validates only the presence of rootfs.img and a version marker string without verifying image content integrity at time-of-use. A local attacker with unprivileged code execution as the victim user can swap or modify the root filesystem image so subsequent Cowork VM boots trust the tampered image, yielding persistent arbitrary code execution inside the VM and access to host-mounted directories. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.

RCE Apple Claude Desktop Cowork
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Spring Statemachine 3.2.0-3.2.4 and 4.0.0-4.0.1 allows authenticated attackers to execute arbitrary code inside the application JVM by injecting malicious serialized Java objects into the Kryo-based persistence backends (JPA, MongoDB, Redis, or ZooKeeper). The flaw stems from deserializing persisted state-machine contexts without enforcing a class allowlist, a classic CWE-502 pattern that has historically yielded reliable gadget-chain exploitation in Java applications. No public exploit identified at time of analysis, but the deserialization sink and Kryo gadget ecosystem make weaponization straightforward once an attacker can write to the persistence store.

Redis Deserialization RCE +1
NVD HeroDevs VulDB
CRITICAL Act Now

Stored cross-site scripting in Plone CMS enables persistent script injection by spoofing file MIME types within the plone.app.textfield and plone.restapi packages, announced June 5, 2026. An attacker with content-upload access can craft a file whose declared MIME type bypasses Plone's content-type enforcement, causing browsers to render the payload as HTML or JavaScript when other users access the stored content. No public exploit code or CISA KEV listing has been identified at time of analysis; the moderate severity rating (4.3) reflects the stored persistence risk offset by the upload-privilege requirement.

XSS Denial Of Service RCE
NVD
CRITICAL Act Now

Denial of service in Plone's RSS feed portlet component (plone.app.portlets) allows an attacker to exhaust server resources by supplying or triggering the parsing of a maliciously crafted RSS/Atom feed, rendering the Plone application unavailable. Disclosed June 23, 2026 as part of a coordinated Plone security release, the issue carries a critical severity rating of 9.1. No public exploit code or CISA KEV listing has been identified at time of analysis.

XSS Denial Of Service RCE
NVD
CRITICAL Act Now

Denial-of-service via malformed iCalendar import in Plone's plone.app.event package, rated 9.1 critical, enables remote disruption of affected Plone installations by submitting a crafted ICS file to the event import endpoint. Disclosed June 23, 2026 as part of a coordinated Plone security release addressing six distinct vulnerabilities across multiple packages. No public exploit code or CISA KEV listing has been identified at time of analysis, though the critical severity rating and co-disclosure of a related icalendar library CVE (CVE-2026-55099) the same week warrant prompt patching.

XSS Denial Of Service RCE
NVD
CRITICAL Act Now

Denial of Service in the collective/icalendar Python library allows attackers to crash or hang applications that process externally supplied iCalendar data. The vulnerability carries a CVSS score of 7.5 High and affects Plone CMS deployments as well as any Python application using the library to parse .ics input. No public exploit code has been identified at time of analysis, and the issue is not listed in CISA KEV.

XSS Denial Of Service RCE
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Session hijacking in the foreman-mcp-server component (shipped with Red Hat Satellite 6) allows local attackers to take over active administrative sessions by reusing leaked session IDs that the server caches without re-validating authentication tokens. Because session IDs are written to standard logs, any user with log read access can replay them to gain administrative control and pivot to infrastructure-wide code execution. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.

RCE Authentication Bypass Privilege Escalation +1
NVD VulDB
EPSS 0% CVSS 8.4
HIGH PATCH This Week

Authentication bypass in Daytona prior to 0.184.0 allows attackers to join organizations via pending invitations using unverified email addresses. The invitation accept and decline paths failed to enforce email verification (unlike organization creation), so on OIDC identity providers permitting self-service signup with pre-verification sessions, an attacker registering an email matching a pending invite can claim it and inherit the assigned role - up to Owner. No public exploit identified at time of analysis, but the path to full Owner-level organization takeover makes this a high-priority fix.

Elastic RCE Authentication Bypass +1
NVD GitHub
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

Git credential exposure in Daytona's daemon (all versions prior to 0.185.0) allows a network-positioned attacker to silently harvest HTTP Basic Authorization headers by exploiting a complete absence of TLS certificate validation on both the go-git and native git CLI clone code paths. An attacker with man-in-the-middle capability on clone traffic can present any fraudulent TLS certificate, capture the Git credentials supplied for the clone, and simultaneously inject tampered repository content into the execution sandbox - threatening both credential confidentiality and supply-chain integrity of AI-generated code workflows. No public exploit or active exploitation has been identified at time of analysis; a vendor-released fix is available in version 0.185.0.

RCE Elastic Daytona
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

Acrobat Reader versions 2020.009.20074, 2020.001.30002, 2017.011.30171, 2015.006.30523 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Adobe Buffer Overflow +2
NVD VulDB
EPSS 1% CVSS 10.0
CRITICAL POC PATCH Act Now

Remote code execution in Gogs self-hosted Git service before 0.14.3 allows unauthenticated attackers (where self-registration is enabled) to abuse unsanitized organization names containing '../' sequences to write Git repository files outside the intended storage root, then overwrite a repository's hooks/update script and trigger arbitrary command execution as the git user. The flaw carries a CVSS 10.0 (AV:N/AC:L/PR:N/UI:N/S:C) rating, and a fully working public proof-of-concept is published alongside the GHSA advisory, though no CISA KEV listing or EPSS data is provided in the input.

Docker RCE PostgreSQL +1
NVD GitHub
EPSS 0% CVSS 9.0
CRITICAL PATCH Act Now

Authenticated arbitrary file write in Gogs (self-hosted Git service) versions below 0.14.3 on Linux/macOS lets a user with repository write access escape the working tree and overwrite any file the gogs UID can touch, escalating to remote code execution. The flaw stems from `UploadRepoFiles` validating symlinks only on the leaf path while sibling functions correctly walk every component; combined with a crafted multipart filename containing a literal backslash, the write is redirected through a previously committed directory symlink to targets like `~git/.ssh/authorized_keys` or `<repo>.git/hooks/post-receive`. No CISA KEV listing and no EPSS provided, but a detailed, tested proof-of-concept is published in the vendor advisory, so publicly available exploit code exists.

Apple Linux CSRF +5
NVD GitHub VulDB
EPSS 1% CVSS 9.9
CRITICAL PATCH Act Now

Remote code execution in Gogs through 0.14.2 allows authenticated users (and unauthenticated attackers on default-configured instances with open registration) to execute arbitrary commands as the Gogs server process by crafting a pull request whose base branch name injects a `--exec` flag into the underlying `git rebase` invocation. A working Python proof-of-concept exists and has been validated end-to-end against Docker, Linux binary, and Windows installations, yielding shell access as the `git` user. No CISA KEV listing or EPSS data is provided, so this is treated as publicly available exploit code rather than confirmed active exploitation.

Command Injection Docker Apple +5
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Authenticated PHP code injection in Revive Adserver 6.0.6 and earlier allows a low-privileged user to embed arbitrary PHP into the compiledlimitations database field via the logical parameter of delivery limitations, with execution occurring later during banner delivery. The flaw is exploitable over the network with low complexity and yields full confidentiality, integrity, and availability impact (CVSS 8.8), though no public exploit identified at time of analysis.

PHP RCE Code Injection +1
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Authenticated PHP code injection in Revive Adserver 6.0.6 and earlier allows a low-privileged user to smuggle an unexpected parameter into the delivery limitations save flow, planting attacker-controlled PHP into the compiledlimitations field that is then evaluated when banners are served. With CVSS 8.8 and a CWE-94 root cause, successful exploitation yields full code execution under the web/ad-delivery process, though there is no public exploit identified at time of analysis and the vulnerability is not in CISA KEV.

PHP RCE Code Injection +1
NVD
EPSS 0% CVSS 8.5
HIGH PATCH This Week

Arbitrary code execution in AWS Language Servers prior to version 1.65.0 allows attackers to run commands on a developer's machine when a victim opens and trusts a maliciously crafted workspace. The flaw stems from improper trust boundary enforcement (CWE-732) that causes commands embedded in project configuration files to execute automatically. No public exploit identified at time of analysis, but the requirement for only passive user interaction (workspace trust prompt) makes this a credible developer-targeting threat.

RCE Language Servers For Aws
NVD GitHub
EPSS 2% CVSS 9.4
CRITICAL POC PATCH Act Now

Server-side template injection in FOSSBilling versions prior to 0.8.0 allows authenticated administrators to execute arbitrary code and disclose sensitive information by injecting Twig expressions into template-rendering features. The unsandboxed Twig environment exposes the application's dependency injection container, turning any admin-accessible template surface into a full RCE primitive. No public exploit identified at time of analysis, but a related auth-bypass chain (GHSA-78x5-c8gw-8279) is documented by VulnCheck and could lower the practical privilege bar.

Ssti RCE Information Disclosure +1
NVD GitHub
EPSS 1% CVSS 8.7
HIGH PATCH This Week

Authenticated remote code execution in NetComm NF20MESH routers running firmware R6B031 and earlier allows low-privileged authenticated attackers to gain full root-level OS control via OS command injection. The dalStorage_addUserAccount function unsafely concatenates attacker-supplied JSON username input into a shell command string executed by rut_doSystemAction without sanitization, enabling shell metacharacter injection. No public exploit identified at time of analysis and no CISA KEV listing, but a detailed public advisory from signal11.io documents the attack surface, and a vendor patch (implied R6B032) is available.

Command Injection RCE Nf20Mesh
NVD
EPSS 1% CVSS 9.3
CRITICAL PATCH Act Now

Remote code execution in picklescan versions prior to 1.0.4 allows attackers to bypass the scanner's safety validation by crafting malicious pickle files that import unblocked Python standard library modules. The tool's blocklist (scanner.py _unsafe_globals) omits at least seven stdlib modules - including uuid, _osx_support, _aix_support, _pyrepl.pager, and imaplib - exposing eight functions that execute arbitrary commands via subprocess or os.system. Publicly available exploit code exists in the GHSA advisory, demonstrating CLEAN scan results for files that achieve full RCE on load; this is especially concerning because picklescan is relied on by HuggingFace Hub and similar ML pipelines.

RCE Python Picklescan
NVD GitHub
EPSS 1% CVSS 9.2
CRITICAL PATCH Act Now

Arbitrary file write in Crawl4AI Docker API server before 0.8.8 lets unauthenticated remote attackers escape the ALLOWED_OUTPUT_DIR via symlinks and a TOCTOU race on the output_path parameter of the /screenshot and /pdf endpoints, potentially escalating to code execution where the runtime user can write to executable or cron paths. No public exploit identified at time of analysis, but the API is unauthenticated by default and the GHSA confirms the issue was found in an internal security audit.

RCE Path Traversal Crawl4ai
NVD GitHub
EPSS 0% CVSS 7.6
HIGH PATCH This Week

Detection bypass in picklescan before 0.0.28 allows attackers to embed malicious torch.jit.unsupported_tensor_ops.execWrapper calls in pickle files that evade the scanner and execute arbitrary code when later loaded via pickle.load(). Publicly available exploit code exists in the GHSA advisory, and the flaw directly undermines the security guarantee picklescan is meant to provide for PyTorch model files. No CISA KEV listing and no EPSS data are provided, but the scanner bypass nature makes this a meaningful supply-chain risk for ML pipelines.

RCE Deserialization Picklescan
NVD GitHub VulDB
EPSS 0% CVSS 7.6
HIGH PATCH This Week

Detection bypass in picklescan before 0.0.33 allows attackers to smuggle arbitrary code through malicious pickle files by abusing numpy.f2py.crackfortran.myeval in a __reduce__ method, which the scanner fails to flag as dangerous. Any ML pipeline or model-hosting workflow that trusts picklescan's verdict before calling pickle.load() will execute attacker-controlled commands; publicly available exploit code exists in the GHSA advisory, and the CVSS 4.0 score of 7.6 reflects high confidentiality and integrity impact contingent on user interaction.

RCE Deserialization Picklescan
NVD GitHub
EPSS 0% CVSS 7.6
HIGH PATCH This Week

Detection bypass in picklescan prior to 0.0.29 allows attackers to smuggle remote code execution payloads through pickle files that the scanner incorrectly classifies as safe. The library fails to flag the built-in profile.Profile.runctx function when used in a __reduce__ method, so a downstream pickle.load() of the scanned file executes arbitrary Python. Publicly available exploit code exists in the GHSA-6vqj-c2q5-j97w advisory, though no active exploitation has been reported.

RCE Deserialization Picklescan
NVD GitHub
EPSS 0% CVSS 9.2
CRITICAL Act Now

Arbitrary JavaScript code execution in the expr-eval npm package affects all released versions when applications pass user-controlled expressions to the toJSFunction() API, which compiles them via new Function() and executes them in the host process context. Snyk discloses no public exploit identified at time of analysis, but the trivial attack pattern (sandbox escape via crafted math expressions) and CVSS 4.0 score of 9.2 make this a high-priority issue for any Node.js or browser application that exposes expr-eval to untrusted input.

RCE Code Injection Expr Eval
NVD GitHub VulDB
EPSS 1% CVSS 8.1
HIGH This Week

Remote code execution in Pivotal CRM 6.6.04.08 Smart Client arises from insecure deserialization in the Pivotal.Core.Common.dll and Pivotal.Engine.Client.Services.Conversion.dll components, allowing remote attackers to execute arbitrary code on affected installations. The vendor (Aurea/Pivotal) has published a remediation advisory and a researcher has released a public technical advisory, but the issue is not currently listed in CISA KEV and SSVC indicates no observed exploitation. CVSS 8.1 reflects high impact tempered by high attack complexity, while no public exploit identified at time of analysis is corroborated by SSVC's 'Exploitation: none'.

Deserialization RCE N A
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

SQL Injection vulnerability in Cboard v.0.4.2 and before allows a remote attacker to execute arbitrary code via the getDimensionsValues component

SQLi RCE N A
NVD GitHub
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Cross-workspace automation execution in Budibase (npm @budibase/server, all versions before 3.39.9) lets a builder-authenticated attacker run their own automations inside any other workspace on the same instance by overwriting the server-derived appId. The public, unauthenticated webhook trigger endpoint mass-assigns the raw POST body over internal parameters, and because Execute Script steps run JavaScript, this escalates to arbitrary code execution and full data theft in the victim's context. A detailed proof-of-concept is published in the vendor advisory (GHSA-rgvg-3wpc-h44p); publicly available exploit code exists, though it is not listed in CISA KEV and EPSS exploitation probability is modest at 0.41% (33rd percentile).

RCE
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in vLLM versions prior to 0.22.1 allows attackers to backdoor production LLM inference deployments through a dependency confusion attack in the project's Dockerfile. Because flashinfer-jit-cache was pulled via --extra-index-url with UV_INDEX_STRATEGY=unsafe-best-match while the name remained unregistered on PyPI, any attacker who claimed the name on PyPI with a higher version would have their code executed as root during every Docker build. No public exploit identified at time of analysis, but the supply-chain primitive is well understood and trivially weaponizable.

Docker RCE Vllm +1
NVD GitHub VulDB
EPSS 0% CVSS 4.6
MEDIUM PATCH This Month

CSV formula injection in @actual-app/cli versions prior to 26.6.0 allows an attacker who can write user-controlled strings into an Actual Budget database to execute arbitrary spreadsheet formulas when the victim exports data using the --format csv flag and opens the resulting file in Excel, LibreOffice Calc, or Google Sheets. The vulnerable `escapeCsv` helper in `packages/cli/src/output.ts` neutralizes only RFC 4180 delimiters and quotes but does not strip formula-trigger prefixes (=, +, -, @, tab, CR), meaning payloads in payee names, account names, categories, notes, or tags survive into the CSV output unchanged. A publicly available proof-of-concept is included in the GHSA-7gh7-258j-4mpq advisory; no CISA KEV listing exists at time of analysis.

Google RCE Microsoft +1
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

DNS rebinding against the Glances XML-RPC server (`glances -s`) allows a network-adjacent or remote attacker to exfiltrate the full system monitoring dataset - including process command lines that routinely contain secrets - from a victim's browser without any authentication. The `GlancesXMLRPCHandler` in `glances/server.py` accepts arbitrary HTTP `Host` headers without validation, an omission that persists while the REST/WebUI server received an equivalent fix (TrustedHostMiddleware, v4.5.2) and the MCP server was protected since v4.5.1. No active exploitation is confirmed (not in CISA KEV), but a detailed proof-of-concept is published in the vendor's GitHub security advisory GHSA-w856-8p3r-p338 and the attack is materially amplified by the companion CORS wildcard issue CVE-2026-46608.

Kubernetes Docker RCE +3
NVD GitHub VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local arbitrary code execution in Glances versions prior to 4.5.5 occurs when the daemon deserializes its version-check cache file via pickle.load() without integrity validation. An attacker with write access to the Glances user's XDG cache directory (~/.cache/glances/glances-version.db) can plant a malicious pickle that executes as the Glances process user - frequently root - on next startup. Publicly available exploit code exists in the GHSA advisory, but no public exploit identified at time of analysis as actively weaponized.

Docker Python Privilege Escalation +3
NVD GitHub VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation via command injection in Glances 4.5.5_dev1 and earlier allows users with libvirt domain-creation rights to execute arbitrary commands as the Glances process owner (typically root on hypervisor hosts). The flaw lives in the KVM/QEMU monitoring plugin, where VM domain names parsed from `virsh list --all` are interpolated into command strings handled by `secure_popen()`, which intentionally treats `&&`, `|`, and `>` as control operators. No public exploit identified at time of analysis, but a detailed PoC accompanies the GHSA-v5r2-qh84-fjx5 advisory.

Command Injection Ubuntu Debian +3
NVD GitHub VulDB
CRITICAL PATCH Act Now

Unauthenticated remote code execution in OpenDJ Community Edition through 5.1.0 occurs when the JMX RMI connector deserializes attacker-controlled Java objects before authentication is performed. Any deployment with the JMX Connection Handler enabled (commonly turned on for monitoring integrations) is exposed to pre-auth RCE over TCP, as demonstrated against OpenDJ 4.4.15 on JDK 11 with Jackson 2.12.6.1. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

RCE Java Deserialization
NVD GitHub
EPSS 0% CVSS 7.6
HIGH PATCH This Week

Detection bypass in picklescan versions 0.0.26 and earlier (fixed in 0.0.30) allows attackers to smuggle arbitrary code through malicious pickle files by abusing Python's built-in ensurepip._run_pip function, which the scanner failed to flag as dangerous. Organizations relying on picklescan to vet PyTorch models or other serialized Python objects will load the file as safe and trigger remote code execution upon pickle.load(). Publicly available exploit code exists via the GHSA advisory PoC, though no public exploit identified in active campaigns at time of analysis.

RCE Deserialization Picklescan
NVD GitHub
EPSS 0% CVSS 7.6
HIGH PATCH This Week

Arbitrary code execution in Picklescan before 0.0.33 occurs because the scanner fails to flag the numpy.f2py.crackfortran._eval_length gadget when used inside a pickle __reduce__ method, allowing crafted pickle files to be marked safe while still executing attacker-supplied Python on load. Workflows that rely on Picklescan to vet untrusted pickle or PyTorch model artifacts are exposed to supply-chain poisoning, and publicly available exploit code exists in the GHSA advisory.

RCE Deserialization Python +1
NVD GitHub
LOW PATCH Monitor

Denial of service in Inspektor Gadget's USDT note parser (pkg/uprobetracer/usdt.go) allows an unprivileged container process to crash or OOM-kill the privileged IG host process by placing a crafted ELF binary at a path targeted by a custom USDT gadget. Two distinct attack vectors exist: a panic from out-of-bounds slice access when DescSize is artificially small, and unbounded memory allocation (~4 GiB) when NameSize or DescSize is set to 0xFFFFFFFF. No public exploit identified at time of analysis; critically, no gadget shipped by the Inspektor Gadget project uses USDT probes, so only deployments running operator-developed custom USDT gadgets are exposed.

RCE Denial Of Service Privilege Escalation +1
NVD GitHub
CVSS 9.9
CRITICAL PATCH Act Now

Remote code execution in XWiki Pro Macros (com.xwiki.pro:xwiki-pro-macros) versions >=1.13 and <1.14.5 allows any authenticated user with page-edit rights to execute arbitrary Groovy code via the excerpt-include macro, which fails to escape the included page's title and renders excerpt content with the macro's elevated rights. A working proof-of-concept is published in the GHSA advisory demonstrating injection through both a crafted page title and excerpt body. No public exploit identified at time of analysis as actively used, but the publicly available exploit code exists in the advisory itself.

Atlassian RCE Code Injection
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Wallet balance inflation in AVideo's Authorize.Net payment plugin (versions <= 28.0) allows a low-privileged attacker to credit arbitrary amounts to any user account by forging webhook requests. Three code flaws chain together: a logical OR in the signature check lets a real transaction ID bypass HMAC validation entirely, attacker-controlled payload fields take precedence over authoritative API-fetched amounts and user IDs, and the payment approval status is never verified before crediting the wallet. A detailed proof-of-concept with working curl commands is publicly documented in GitHub Advisory GHSA-95jh-7r58-xmxw. No confirmed active exploitation (CISA KEV) at time of analysis, but the PoC lowers the bar to exploitation significantly.

RCE PHP
NVD GitHub
EPSS 1% CVSS 9.6
CRITICAL PATCH Act Now

Arbitrary code execution in mise (jdx/mise) versions prior to 2026.3.10 allows attackers to run shell commands as the victim user simply by having them `cd` into a directory containing a malicious `.tool-versions` file. Unlike `.mise.toml`, `.tool-versions` files bypass the trust verification gate in non-paranoid mode, so the Tera template engine's `exec()` function fires silently from the shell `hook-env`. No public exploit identified at time of analysis beyond the detailed reporter PoC, but exploitation is trivial and a working PoC is embedded in the advisory.

RCE Python Apple +2
NVD GitHub
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Remote code execution in Autodesk Fusion Desktop's MCP (Model Context Protocol) extension allows attackers to execute arbitrary code with current user privileges when a victim visits a malicious webpage while Fusion is running with the MCP extension enabled. The flaw is rated CVSS 9.6 (Critical) due to its network-reachable nature and scope change, though successful exploitation requires user interaction (visiting a crafted page) and the non-default MCP extension being enabled. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.

RCE Code Injection Fusion
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Remote code execution and denial of service in IBM WebSphere Application Server and WebSphere Application Server Liberty (including IBM i 7.3-7.6) occurs when the WebServer Plug-in component is deployed with Intelligent Management enabled. An attacker who can impersonate a backend application server and return crafted responses can trigger code injection (CWE-94) against the plug-in, yielding full confidentiality, integrity, and availability impact. No public exploit identified at time of analysis; EPSS 0.38% and SSVC exploitation 'none' indicate no observed weaponization despite the 9.8 CVSS rating.

RCE IBM Denial Of Service +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution and denial of service in the IBM WebSphere Web Server Plug-in shipped with IBM i 7.3, 7.4, 7.5, and 7.6 (through 1.8.4) allows an attacker positioned on the adjacent network to abuse the plug-in's handling of responses from an upstream WebSphere Application Server. By impersonating the application server and returning crafted responses, the attacker can trigger code injection (CWE-94) against the plug-in, leading to full compromise of confidentiality, integrity, and availability. There is no public exploit identified at time of analysis and EPSS is low (0.25%), but SSVC rates the technical impact as total.

RCE IBM Denial Of Service +1
NVD VulDB
EPSS 1% CVSS 10.0
CRITICAL PATCH Act Now

Unauthenticated remote code execution in IBM Langflow OSS versions 1.0.0 through 1.9.3 allows attackers to fully compromise the host by bypassing authentication and abusing improper Python execution isolation. The maximum CVSS 10.0 score (AV:N/AC:L/PR:N/UI:N with scope change) reflects trivial network-based exploitation against any internet-exposed instance, though no public exploit identified at time of analysis. IBM has confirmed the issue and released a patch via support advisory node/7277242.

Code Injection IBM Python +3
NVD VulDB
EPSS 0% CVSS 9.3
CRITICAL PATCH Act Now

Authenticated arbitrary code execution in MISP allows a site administrator to abuse the Kafka_rdkafka_config setting to load an attacker-controlled INI file, which is parsed and passed to rdkafka with options such as plugin.library.paths to load an arbitrary shared library. The flaw (CWE-829, inclusion of functionality from untrusted control sphere) yields code execution as the MISP process user; no public exploit identified at time of analysis, but a vendor patch is available.

RCE Misp
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Local privilege escalation in ArubaSign prior to v4.6.6 stems from overly permissive ACLs applied at installation, granting the 'Everyone' group write access to the main executable and supporting files under C:\Program Files. An unprivileged local user can swap these binaries for malicious payloads that subsequently execute under the privileges of any user (potentially Administrator or SYSTEM) who later launches the application. No public exploit identified at time of analysis and the issue is not on CISA KEV.

RCE Privilege Escalation Arubasign
NVD
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Remote code execution in MISP allows authenticated site administrators to abuse the JsonLogTool NDJSON error log configuration to write attacker-controlled content to a PHP file under the webroot, yielding code execution as the web server user. No public exploit identified at time of analysis, but a vendor patch is available via the MISP GitHub repository.

RCE PHP Code Injection +1
NVD GitHub VulDB
EPSS 0% CVSS 9.4
CRITICAL PATCH Act Now

Remote code execution in SiYuan note-taking application (before v3.6.1) allows any malicious Bazaar marketplace package author to compromise users via unsanitized HTML rendering of package displayName, description, and README content. Because the Electron renderer is configured with nodeIntegration:true and contextIsolation:false, injected JavaScript pivots directly to arbitrary OS command execution. No public exploit identified at time of analysis, but VulnCheck published a detailed technical advisory documenting both zero-click (metadata) and one-click (README) vectors.

RCE XSS Siyuan
NVD GitHub VulDB
EPSS 0% CVSS 9.4
CRITICAL PATCH Act Now

Remote code execution in SiYuan note-taking application before v3.6.1 occurs when users browse the built-in Bazaar marketplace, because package metadata (displayName, description) and README content are rendered without HTML sanitization. Because the Electron shell ships with nodeIntegration:true and contextIsolation:false, an injected script in the renderer executes arbitrary OS commands as the user. Reported by VulnCheck with detailed vulnerable-code analysis published in the GHSA advisory; no public exploit identified at time of analysis and not listed in CISA KEV.

RCE XSS Siyuan
NVD GitHub VulDB
EPSS 0% CVSS 8.6
HIGH POC PATCH This Week

Authenticated remote code execution in Craft CMS versions 5.5.0 through 5.9.13 allows admin users to execute arbitrary PHP by injecting Yii2 event handlers via the fieldLayoutConfig POST parameter to FieldsController::actionRenderCardPreview(). The flaw stems from missing Component::cleanseConfig() sanitization, enabling disclosure of environment variables including database credentials and CRAFT_SECURITY_KEY. No public exploit identified at time of analysis, though VulnCheck has published a detailed advisory describing the attack technique.

Code Injection RCE PHP +1
NVD GitHub VulDB
EPSS 0% CVSS 7.6
HIGH PATCH This Week

Detection bypass in picklescan versions before 0.0.30 allows malicious pickle files to evade security scanning by using cProfile.runctx in __reduce__ methods, leading to arbitrary code execution when the file is loaded via pickle.load(). The flaw undermines the core purpose of picklescan as a defensive tool for ML model security and was reported by VulnCheck with a published proof-of-concept in the GitHub Security Advisory. No public exploit identified at time of analysis as a weaponized in-the-wild attack, but PoC code is published in the GHSA.

Deserialization RCE Picklescan
NVD GitHub VulDB
EPSS 0% CVSS 7.6
HIGH PATCH This Week

Detection bypass in picklescan versions before 0.0.25 allows attackers to embed remote code execution payloads in pickle files by abusing the built-in timeit.timeit() function inside a __reduce__ method, which is not on the unsafe-globals blacklist. Any organization using picklescan to vet PyTorch or other pickle-based model files is affected, and a working PoC is publicly documented in the GHSA advisory (no public exploit identified at time of analysis as a weaponized tool, but POC code is published).

RCE Picklescan
NVD GitHub VulDB
EPSS 0% CVSS 7.6
HIGH PATCH This Week

Detection bypass in picklescan before 0.0.28 allows attackers to smuggle arbitrary code through pickle files by abusing torch.utils._config_module.load_config inside __reduce__ methods, defeating the library's malicious-pickle scanning and enabling remote code execution when the file is later loaded. Publicly available exploit code exists (GHSA-vv6j-3g6g-2pvj includes a working PoC), and the flaw is significant for any ML pipeline that trusts picklescan to vet third-party PyTorch model files. No CISA KEV listing at time of analysis, so exploitation status is limited to public POC rather than confirmed in-the-wild use.

Deserialization RCE Picklescan
NVD GitHub VulDB
EPSS 1% CVSS 9.9
CRITICAL Act Now

Remote code execution in Prefect 3.6.23 allows any user holding deployment-creation permissions to run arbitrary commands on shared worker machines by abusing the GitRepository storage class. The commit_sha and directories parameters are concatenated into git invocations without a `--` separator or validation, letting attackers smuggle flags such as `--upload-pack` to execute external programs. No public exploit identified at time of analysis, but the bug was reported via huntr and is particularly dangerous for multi-tenant work pools where worker compromise crosses trust boundaries.

RCE Code Injection Prefecthq Prefect
NVD VulDB
EPSS 1% CVSS 9.3
CRITICAL PATCH Act Now

Flowise before 2.1.4 allows configuration to be injected into the Chainflow during execution via the overrideConfig option, supported in both the frontend web integration and the backend Prediction. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Denial Of Service +2
NVD GitHub VulDB
Prev Page 7 of 355 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy