Skip to main content

RCE

31869 CVEs technique

Monthly

CVE-2024-58351 npm CRITICAL PATCH Act Now

Flowise before 2.1.4 allows configuration to be injected into the Chainflow during execution via the overrideConfig option, supported in both the frontend web integration and the backend Prediction. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Denial Of Service SSRF Flowise
NVD GitHub VulDB
CVSS 4.0
9.3
EPSS
0.6%
CVE-2022-50972 CRITICAL POC Act Now

WooCommerce 7.1.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary PHP code by injecting shell commands through the product-type parameter. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE WordPress PHP Woocommerce
NVD Exploit-DB VulDB
CVSS 4.0
9.3
EPSS
0.6%
CVE-2026-48909 CRITICAL POC Act Now

Unauthenticated remote code execution in JoomShaper's SP LMS (com_splms) Joomla extension versions 1.0.0 through 4.1.3 allows network attackers to run arbitrary code on the server by sending a crafted cookie that the component deserializes without validation. The flaw is a textbook PHP object injection (CWE-502) with a CVSS 4.0 base score of 9.5, but at time of analysis there is no public exploit identified and the issue is not on the CISA KEV list. Risk is elevated because the trigger is a cookie value parsed before any authentication check.

RCE Deserialization Sp Lms Extension For Joomla
NVD VulDB Exploit-DB
CVSS 4.0
9.5
EPSS
0.8%
CVE-2026-11911 HIGH This Week

Unauthenticated arbitrary file deletion in the Simple File List WordPress plugin (versions up to and including 6.3.7) allows remote attackers to delete any file the web server can write to, including wp-config.php, which can escalate to remote code execution. The flaw lives in the eeSFL_DeleteFile function and is reachable via the simplefilelist_edit_job AJAX action registered through wp_ajax_nopriv_, with the is_admin() guard rendered ineffective because that function always returns true on admin-ajax.php. No public exploit identified at time of analysis, but the trivial reachability and high-value target (WordPress) make weaponization straightforward.

Path Traversal PHP WordPress RCE Simple File List
NVD VulDB
CVSS 3.1
7.5
EPSS
0.8%
CVE-2026-9843 HIGH This Week

Arbitrary file deletion in the Database for Contact Form 7, WPforms, Elementor forms WordPress plugin (versions ≤1.5.1) allows remote unauthenticated attackers to poison form entries with traversal payloads that, when later viewed by an administrator, delete arbitrary server files and can be escalated to remote code execution by removing wp-config.php. Reported by Wordfence with publicly available exploit code exists via the Wordfence advisory; no public exploit identified at time of analysis as weaponized in-the-wild attacks, and the issue is not in CISA KEV.

Path Traversal PHP WordPress RCE Database For Contact Form 7 Wpforms Elementor Forms
NVD VulDB
CVSS 3.1
8.1
EPSS
0.7%
CVE-2026-55878 PHP HIGH PATCH GHSA This Week

Arbitrary file write and read in Symfony UX Toolkit's `ux:install` console command allows a crafted or compromised recipe kit to escape the intended installation directory and overwrite or read attacker-controlled files on a developer's machine or CI runner. Because overwriting controllers, git hooks, or `.env` files yields code execution, this path-traversal flaw escalates to local RCE, and no public exploit identified at time of analysis though the fix and root cause are documented in the upstream GHSA.

Path Traversal RCE
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-55770 Go MEDIUM PATCH GHSA This Month

LDAP injection in OpenBao versions 0.1.0 through 2.5.4 allows an attacker with a valid low-privileged LDAP account to impersonate arbitrary directory users, including administrators, by supplying filter metacharacters in the username field at login. The root cause is a function selection error in `sdk/helper/ldaputil/client.go`: `EscapeLDAPValue()` (RFC 4514, DN escaping) is used in LDAP filter construction instead of `ldap.EscapeFilter()` (RFC 4515), leaving characters `*`, `(`, `)`, `\`, and NUL unescaped and injectable. Publicly available exploit code exists in the vendor advisory; no confirmed active exploitation (CISA KEV) has been identified at time of analysis.

LDAP Code Injection RCE
NVD GitHub VulDB
CVSS 3.1
6.8
CVE-2026-55447 PyPI CRITICAL PATCH GHSA Act Now

Arbitrary file read leading to remote code execution affects Langflow versions prior to 1.9.2 in any flow that uses BaseFileComponent-derived nodes (Read File, Docling, Docling Serve, NVIDIA Retriever Extraction, Video File, Unstructured API). An attacker who can submit a TAR archive containing symlinks - for example through a RAG ingestion pipeline that accepts user documents - causes the server to follow those links and ingest arbitrary host files such as Langflow's JWT secret_key, which can then be used to forge admin tokens and execute Python via the Code Interpreter node. Publicly available exploit code exists (researcher-published PoC archive and demo video); not listed in CISA KEV.

Nvidia Python RCE
NVD GitHub VulDB
CVSS 3.1
9.6
EPSS
0.3%
CVE-2026-55791 PHP MEDIUM PATCH GHSA This Month

Server-Side Request Forgery and arbitrary JavaScript injection in Craft CMS 4.x (before 4.18) and 5.x (before 5.10) allow remote unauthenticated attackers to poison the Host or X-Forwarded-Host header against the /actions/app/resource-js endpoint, forcing the backend Guzzle client to proxy attacker-controlled content as application/javascript. When the instance sits behind a caching layer, this chains into web cache poisoning, stored XSS in the Control Panel, and 1-click RCE via session-riding the plugin install action. No public exploit identified at time of analysis, though the GitHub Security Advisory (GHSA-c55v-343g-5xff) provides detailed exploitation mechanics.

SSRF RCE Apache XSS Nginx
NVD GitHub
CVSS 4.0
6.9
EPSS
0.3%
CVE-2026-54074 npm HIGH PATCH GHSA This Week

Code injection in @tinacms/cli versions prior to 2.4.3 allows an attacker who controls a Forestry-style project to achieve remote code execution on a developer's workstation when the `tinacms init` Forestry migration runs and the developer subsequently executes `tinacms dev` or `tinacms build`. The `addVariablesToCode` helper unquotes any value matching the marker `__TINA_INTERNAL__:::(.*?):::` placed in a stringified collection JSON, and user-supplied `label`/`name` fields from `.forestry/**/*.yml` are inserted into that JSON without sanitisation, yielding a top-level IIFE in the generated `tina/templates.ts`. A detailed end-to-end PoC is published in the GHSA-4936-9hrh-qqpw advisory; no public exploit identified at time of analysis beyond the disclosure PoC, and the CVE is not in CISA KEV.

Node.js Microsoft Code Injection RCE
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-48787 HIGH This Week

Authenticated remote code execution in gin-vue-admin 2.9.1 lets attackers with access to the code-generation and MCP management features inject arbitrary Go source via POST /autoCode/addFunc and trigger a rebuild/restart through POST /autoCode/mcpStart, yielding OS command execution as the application service account. No public exploit identified at time of analysis, and as of publication a patched version is not confirmed; the upstream GHSA-22cv-9jv2-6m62 advisory only documents allowlist-based workarounds.

Command Injection RCE Gin Vue Admin
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.5%
CVE-2026-54897 Ruby LOW PATCH GHSA Monitor

Heap use-after-free in the Oj Ruby gem's `Oj::Doc` iterators (`each_value`, `each_child`, `each_leaf`) allows a Ruby block executed during iteration to free the underlying document buffer via `doc.close`, after which the native C iterator in `ext/oj/fast.c` dereferences the freed region. The flaw is reachable from pure Ruby and confirmed by an AddressSanitizer report against version 3.17.1, with no public exploit identified at time of analysis but a clear reproducer published in the GHSA advisory. Applications that parse attacker-influenced JSON with Oj::Doc and pass user-supplied callbacks into these iterators are most at risk.

Use After Free Memory Corruption RCE
NVD GitHub
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-54527 LIB CRITICAL PATCH GHSA Act Now

Stored cross-site scripting in the jupyterlab-git extension (versions 0.30.0b3 through 0.53.x) escalates to remote code execution when a victim views a rename diff in the Git History tab. The PlainTextDiff.ts createHeader() method injects unsanitized Git filenames into innerHTML, so a filename such as <img src=x onerror=eval(atob(...))>.py fires JavaScript that reads the _xsrf cookie, spawns a JupyterLab terminal via POST /api/terminals, and runs arbitrary shell commands. Reported by AWS Security; no public exploit identified at time of analysis, though the vendor advisory (GHSA-f962-v9hr-pfg5) documents a detailed reproduction path, and it is not listed in CISA KEV.

XSS RCE
NVD GitHub VulDB
CVSS 4.0
9.3
EPSS
0.3%
CVE-2026-54499 PyPI HIGH PATCH GHSA This Week

Arbitrary code execution in Stanford NLP's Stanza 1.12.0 (and ≤1.12.1) occurs when the library loads a malicious PyTorch checkpoint, because its pretrain loader silently falls back from torch.load(weights_only=True) to weights_only=False whenever an UnpicklingError is raised - a condition the attacker fully controls by embedding one unsupported pickle global. Publicly available exploit code exists (working PoC in the GHSA advisory), and any developer, CI pipeline, or production NLP service that downloads Stanza model files from HuggingFace, GitHub, or a shared cache can be compromised. Fixed in Stanza 1.12.2.

Checkpoint Deserialization Python RCE
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-54297 Ruby HIGH POC PATCH GHSA This Week

Denial of service in the Faraday Ruby HTTP client library (versions up to and including 2.14.2) allows remote attackers to crash worker threads by submitting query strings with deeply nested bracket-notation parameters. The Faraday::NestedParamsEncoder recursively walks attacker-controlled nested Hash structures without a depth ceiling, raising an uncaught SystemStackError at roughly 3,000+ levels of nesting (~9.4 KB payload). Publicly available exploit code exists in the GHSA-98m9-hrrm-r99r advisory itself; no public exploit identified at time of analysis in the active-exploitation sense, and impact is limited to availability - no RCE, auth bypass, or data disclosure, despite the input tags listing those categories.

Denial Of Service Authentication Bypass Information Disclosure RCE
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-49345 MEDIUM PATCH This Month

Server-Side Request Forgery in Mercator's CVE configuration panel allows authenticated users holding the low-privilege 'configure' permission to coerce the application server into issuing arbitrary outbound network requests to any internal or external host. Affected versions prior to 2025.05.19 pass user-supplied URLs directly to curl_init() in ConfigurationController::testProvider() with no scheme, hostname, or private-IP validation; the intended /api/dbInfo suffix restriction is trivially defeated by appending a # fragment character, granting full URL control. Support for the telnet:// scheme enables internal TCP port scanning, while gopher:// permits raw protocol-level interaction with unauthenticated internal services such as Redis and Memcached, creating a realistic path to Remote Code Execution on those systems under common deployment conditions. No public exploit code or CISA KEV listing has been identified at time of analysis.

RCE Redis SSRF Mercator
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2026-23879 PyPI HIGH PATCH GHSA This Week

Arbitrary file write in py7zr versions 1.1.0 through 1.1.2 allows attackers to escape the destination directory during archive extraction by chaining malicious symbolic links that resolve outside the target path. A victim who calls extractall() on a crafted 7z archive can have files written to arbitrary host filesystem locations, potentially escalating to remote code execution, privilege escalation, or data corruption. Publicly available exploit code exists (PoC published in the GHSA advisory), but there is no public exploit identified for active campaigns at time of analysis.

Python Privilege Escalation RCE Denial Of Service Red Hat +1
NVD GitHub VulDB
CVSS 3.1
8.0
EPSS
0.4%
CVE-2019-25760 MEDIUM POC This Month

Joomla!. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP LFI Easy Shop
NVD Exploit-DB
CVSS 4.0
6.9
EPSS
0.4%
CVE-2019-25758 HIGH POC This Week

Joomla!. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Vbizz
NVD Exploit-DB
CVSS 4.0
8.7
EPSS
0.7%
CVE-2026-49290 HIGH PATCH This Week

Arbitrary file write via path traversal in Slopsmith (a self-hosted Rocksmith 2014 CDLC web app) prior to 0.2.9-alpha.5 allows an attacker who can supply a malicious PSARC or sloppak archive to write files outside the extraction directory, escalating to remote code execution under the default Docker image which runs as root and exposes a writable plugin directory. The CVSS 4.0 vector reports high privileges required (PR:H), reflecting that the attacker must reach the archive-upload/open functionality of an authenticated user. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Path Traversal Python RCE Docker Slopsmith
NVD GitHub VulDB
CVSS 4.0
7.6
EPSS
0.6%
CVE-2026-56211 HIGH This Week

Remote code execution in libaom (reference AV1 codec) is possible when services use the SVC encoder with attacker-supplied frames, allowing crafted pixel data to overlap encoder layer context structures and hijack the cyclic refresh map pointer. The flaw chains a heap out-of-bounds write (CWE-787) with a crash-oracle ASLR bypass to redirect control flow in fork-based video processing services. No public exploit identified at time of analysis, but the issue is tracked under Red Hat and Chromium security trackers and an upstream fix commit has landed in aomedia.

RCE Memory Corruption Buffer Overflow Oracle
NVD VulDB
CVSS 3.1
7.1
EPSS
0.4%
CVE-2026-56209 HIGH This Week

Arbitrary address write in libaom, the reference AV1 video codec implementation, allows remote attackers to corrupt memory by supplying crafted pixel values to an encoder that has Scalable Video Coding (SVC) enabled, leading to denial of service or potential code execution. The flaw stems from a missing bounds check in the SVC layer ID control function that lets pixel data inject an attacker-controlled pointer into the cyclic refresh map, after which ~1,200 bytes are written deterministically to the chosen address. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

RCE Memory Corruption Buffer Overflow Denial Of Service
NVD VulDB
CVSS 3.1
7.1
EPSS
0.3%
CVE-2026-56208 HIGH This Week

Heap buffer overflow in libaom's AV1 encoder allows attackers who influence encoder configuration to trigger a 232-byte out-of-bounds heap write on every frame after the second, when Look-Ahead Processing (LAP) mode is active with g_lag_in_frames >= 1. Affected deployments include transcoding pipelines and WebRTC servers that pass user-controlled encoder parameters to libaom. No public exploit identified at time of analysis, and the flaw primarily yields a reliable denial of service with a theoretical path to remote code execution via heap corruption.

RCE Heap Overflow Buffer Overflow Denial Of Service
NVD VulDB
CVSS 3.1
7.6
EPSS
0.3%
CVE-2026-51846 CRITICAL Act Now

Remote code execution in Tenda AC7 routers (firmware v15.03.06.44) is possible via a stack buffer overflow in the wanSpeed parameter of the /goform/AdvSetMacMtuWan endpoint. The CVSS 9.8 vector (AV:N/AC:L/PR:N/UI:N) indicates unauthenticated network-based exploitation with full confidentiality, integrity, and availability impact, though no public exploit identified at time of analysis and the device is not listed in CISA KEV.

Stack Overflow RCE Buffer Overflow Tenda Ac7 Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2026-49286 PHP HIGH PATCH GHSA This Week

PHAR deserialization in PhpWeasyPrint versions prior to 2.6.0 allows remote code execution by bypassing the case-sensitive phar:// blacklist introduced for CVE-2023-28115 - because PHP stream wrappers are case-insensitive, schemes like PHAR:// or PhAr:// pass the check and reach file_exists() in prepareOutput(). When the library runs on PHP 7.4+ and an attacker can influence the output filename argument passed to generation methods, a crafted PHAR archive's metadata is unserialized via a gadget chain, yielding code execution. No CISA KEV listing and no public exploit identified at time of analysis for this specific CVE, although the equivalent upstream KnpLabs/snappy advisory (GHSA-92rv-4j2h-8mjj) ships a working phpggc-based PoC that is directly portable.

PHP Deserialization RCE Php Weasyprint
NVD GitHub
CVSS 3.1
8.1
EPSS
0.6%
CVE-2026-49358 PHP LOW POC PATCH GHSA Monitor

Arbitrary file deletion in PhpWeasyPrint prior to version 2.6.0 allows any code holding a reference to a generator instance to inject arbitrary filesystem paths into the public `AbstractGenerator::$temporaryFiles` array, which are then passed to `unlink()` without path-containment validation during script shutdown or object destruction. The vulnerability mirrors a previously disclosed pattern in the related KnpLabs/snappy library (GHSA-87qc-37cw-84h4), and is exploitable by malicious dependencies, plugin code, or any PHP code co-located in the same process with access to the generator object. No public exploit has been identified at time of analysis, and exploitation is substantially constrained by the requirement for high privileges and local code access.

PHP RCE Php Weasyprint
NVD GitHub VulDB
CVSS 3.1
3.0
EPSS
0.1%
CVE-2026-55832 Cargo MEDIUM PATCH GHSA This Month

Arbitrary local file disclosure in the Rust crate tract-onnx (by Sonos) allows an attacker who supplies a malicious ONNX model file to read arbitrary files from the victim's filesystem at model-load time, with file contents surfaced directly in inference tensor output. The root cause is that `get_external_resources()` in `onnx/src/tensor.rs` passes the attacker-controlled `location` field of ONNX external-data tensors directly to `PathBuf::join()` without sanitization, enabling both absolute-path overrides and relative `../` traversal. A secondary denial-of-service (panic) is possible via out-of-bounds `offset`/`length` values. Publicly available exploit code exists (full PoC confirmed on tract-onnx 0.21.16); no active exploitation has been confirmed by CISA KEV at time of analysis.

Path Traversal Denial Of Service Python RCE
NVD GitHub
CVSS 3.1
6.1
CVE-2026-55773 Maven HIGH PATCH GHSA This Week

Cedar policy injection in CedarJava (com.cedarpolicy:cedar-java) versions below 2.3.6, 3.4.1, and 4.9.0 allows attackers to alter authorization outcomes by smuggling Cedar expressions through unescaped string values. The flaw is in toCedarExpr() on Cedar Value types, which fails to escape quote and backslash characters when serializing user-controlled values into policy text. No public exploit identified at time of analysis, but the integrity impact is severe because injected fragments like '|| true' can neutralize permit/forbid logic in fine-grained authorization decisions.

Code Injection Java RCE
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-54353 HIGH POC This Week

Chromacam 4.0.3.0 contains an unquoted service path vulnerability in the PsyFrameGrabberService that allows local attackers to execute arbitrary code by placing malicious executables in unquoted path. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Chromacam
NVD Exploit-DB VulDB
CVSS 4.0
8.5
EPSS
0.1%
CVE-2020-37252 HIGH POC This Week

Realtek Audio Service 1.0.0.55 contains an unquoted service path vulnerability in RtkAudioService64.exe that allows local attackers to escalate privileges by injecting malicious code. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Realtek Audio Service
NVD Exploit-DB VulDB
CVSS 4.0
8.5
EPSS
0.1%
CVE-2020-37251 HIGH POC This Week

RealTimes Desktop Service 18.1.4 contains an unquoted service path vulnerability in the rpdsvc.exe binary that allows local attackers to escalate privileges. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Realtimes Desktop Service
NVD Exploit-DB VulDB
CVSS 4.0
8.5
EPSS
0.1%
CVE-2020-37250 HIGH POC This Week

TFTP Broadband 4.3.0.1465 contains an unquoted service path vulnerability in the tftpt.exe service binary that allows local attackers to execute arbitrary code with system privileges. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Tftp Broadband
NVD Exploit-DB
CVSS 4.0
8.5
EPSS
0.1%
CVE-2019-25747 HIGH POC This Week

Network Inventory Advisor 5.0.26.0 installs the niaservice service with an unquoted binary path that allows local attackers to escalate privileges by placing malicious executables in intermediate. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Network Inventory Advisor
NVD Exploit-DB
CVSS 4.0
8.5
EPSS
0.1%
CVE-2016-20095 HIGH POC This Week

Matrix42 Remote Control Host 3.20.0031 contains an unquoted service path vulnerability in the FastViewerRemoteService and FastViewerRemoteProxy services that allows local users to execute arbitrary. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Matrix42 Remote Control Host
NVD Exploit-DB
CVSS 4.0
8.5
EPSS
0.1%
CVE-2016-20094 HIGH POC This Week

AnyDesk 2.5.0 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with SYSTEM privileges by exploiting the service installation. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Anydesk
NVD Exploit-DB
CVSS 4.0
8.5
EPSS
0.1%
CVE-2016-20093 HIGH POC This Week

Wise Care 365 4.27 and Wise Disk Cleaner 9.29 contain unquoted service path vulnerabilities in the WiseBootAssistant and SpyHunter 4 Service respectively, allowing local users to execute arbitrary. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Wisecleaner
NVD Exploit-DB
CVSS 4.0
8.5
EPSS
0.1%
CVE-2016-20092 HIGH POC This Week

NetDrive 2.6.12 contains an unquoted service path vulnerability in the Netdrive2_Service_Netdrive2 service that allows local users to execute arbitrary code with SYSTEM privileges. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Privilege Escalation Netdrive
NVD Exploit-DB VulDB
CVSS 4.0
8.5
EPSS
0.1%
CVE-2016-20090 HIGH POC This Week

Comodo Dragon Browser versions up to 52.15.25.663 contain a privilege escalation vulnerability in the DragonUpdater service due to an unquoted service path running with SYSTEM privileges. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Privilege Escalation Dragon Browser
NVD Exploit-DB
CVSS 4.0
8.5
EPSS
0.1%
CVE-2016-20089 HIGH POC This Week

Iperius Remote 1.7.0 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with SYSTEM privileges by exploiting the service installation path. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Iperius Remote
NVD Exploit-DB
CVSS 4.0
8.5
EPSS
0.1%
CVE-2016-20088 HIGH POC This Week

Comodo Chromodo Browser 52.15.25.664 contains an unquoted service path vulnerability in the ChromodoUpdater service that runs with SYSTEM privileges. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Chromodo Browser
NVD Exploit-DB
CVSS 4.0
8.5
EPSS
0.1%
CVE-2016-20087 HIGH POC This Week

Fortitude HTTP 1.0.4.0 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated privileges by exploiting the service binary path. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Fortitude Http
NVD Exploit-DB
CVSS 4.0
8.5
EPSS
0.1%
CVE-2026-54051 npm CRITICAL PATCH GHSA Act Now

Command injection in the Network-AI npm package (network-ai < 5.9.1) lets any agent or caller granted a wildcard allowlist entry such as `git *`, `npm *`, or `node *` execute arbitrary shell commands as the orchestrator process. The flaw stems from `SandboxPolicy.isCommandAllowed` glob-matching the entire command string while `ShellExecutor` runs it through `/bin/sh -c`, so shell metacharacters like `;`, `|`, and `$(...)` smuggle additional commands past the sandbox. A working PoC is published in the GHSA advisory, though there is no public exploit identified at time of analysis in the wild and no CISA KEV listing.

RCE Command Injection Node.js
NVD GitHub
CVSS 3.1
9.9
CVE-2026-48137 CRITICAL Act Now

Remote code execution in NI grpc-device 2.17.0 and earlier is possible when an attacker sends a specially crafted Moniker protobuf message to the sideband streaming API, triggering an untrusted pointer dereference (CWE-822). The flaw is reachable without authentication or user interaction over the network, yielding a CVSS 4.0 base score of 9.3. No public exploit identified at time of analysis, but vendor advisories from NI and the upstream GitHub Security Advisory GHSA-ww59-ghm9-mm63 are published.

RCE Grpc Device Instrumentstudio
NVD GitHub VulDB
CVSS 4.0
9.3
EPSS
0.5%
CVE-2026-53915 HIGH PATCH This Week

Remote code execution in JetBrains GoLand before 2026.1.3 lets an attacker run arbitrary code on a developer's machine when the victim opens a maliciously crafted project whose configuration is untrusted. The flaw, reported by JetBrains itself and assigned CVSS 8.8 with high confidentiality, integrity, and availability impact, requires the user to open the booby-trapped project (UI:R) but no prior authentication on the IDE. There is no public exploit identified at time of analysis, and the EPSS probability is low at 0.21% (11th percentile).

RCE Goland
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-54414 CRITICAL PATCH Act Now

Unauthenticated administrator account takeover in FileRise before 3.16.0 is possible via a path traversal flaw in the shared-folder upload endpoint (/api/folder/uploadToSharedFolder.php), where URL-encoded path separators bypass filename validation and allow arbitrary file write outside the upload directory. Any actor holding a valid, non-expired, upload-enabled shared-folder token - tokens explicitly designed to be shared publicly - can overwrite users/users.txt to plant an admin account and, depending on configuration, achieve remote code execution. No public exploit identified at time of analysis, but the upstream fix in v3.16.0 documents the exact bypass, lowering the bar for weaponization.

Path Traversal PHP RCE Filerise
NVD GitHub VulDB
CVSS 4.0
9.3
EPSS
0.7%
CVE-2026-7515 CRITICAL Act Now

Unauthenticated remote code execution in BetterDocs Pro for WordPress (versions through 3.8.0) is achievable by abusing the `doc_style` parameter to include arbitrary local PHP files. Wordfence has assigned a critical 9.8 CVSS score, and while no public exploit identified at time of analysis, the unauthenticated network-reachable nature of the flaw on a widely deployed WordPress documentation plugin makes opportunistic mass-exploitation likely once details propagate.

Information Disclosure WordPress RCE LFI PHP +1
NVD VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2026-8713 CRITICAL Act Now

Arbitrary file deletion in the Avada (Fusion) Builder WordPress plugin through version 3.15.3 allows remote unauthenticated attackers to delete any file on the server via path traversal in the maybe_delete_files function, which commonly escalates to remote code execution when wp-config.php is removed and WordPress enters setup mode. Wordfence reports the flaw is reachable through the wp_ajax_nopriv_fusion_form_submit_ajax handler on sites that have a published Avada form saving entries to the database. No public exploit identified at time of analysis, but the CVSS 9.1 score reflects trivial network exploitation with no authentication or user interaction.

Path Traversal PHP WordPress RCE Avada Fusion Builder
NVD
CVSS 3.1
9.1
EPSS
1.2%
CVE-2026-50195 Go MEDIUM PATCH GHSA This Month

Checkpoint image poisoning in containerd's CRI implementation allows an attacker with pod-creation permissions to corrupt the node-local image cache, causing victim pods to silently execute malicious images in place of legitimate ones. The root cause is missing validation of image references embedded in checkpoint image configurations: containerd trusts attacker-controlled strings in the checkpoint archive to drive image pulls and local tag assignment. Subsequent pods using an IfNotPresent or Never pull policy then inherit the poisoned tag and execute arbitrary code under the victim pod's Kubernetes identity. No active exploitation has been confirmed (not in CISA KEV), and no public exploit code has been identified at time of analysis; vendor-released patches are available.

RCE Checkpoint Containerd
NVD VulDB GitHub
CVSS 4.0
5.6
EPSS
0.3%
CVE-2026-40624 CRITICAL CISA Emergency

Remote code execution in AVer PTC500S, PTC115, PTC500+, and PTC115+ cameras allows unauthenticated attackers to run arbitrary code by sending a specially crafted web request to the device's HTTP interface. The flaw was reported through CISA's ICS-CERT coordination process and carries a CVSS 4.0 base score of 9.3, but there is no public exploit identified at time of analysis and the CVE is not on the CISA KEV list.

Path Traversal Information Disclosure RCE Ptc500S Ptc115 +1
NVD GitHub
CVSS 4.0
9.3
EPSS
0.6%
CVE-2026-12046 CRITICAL PATCH Act Now

Remote unauthenticated access to two SQL Editor endpoints in pgAdmin 4 server-mode deployments (versions 6.9 through 9.15) exposes a pickle.loads sink that can be reached without a valid pgAdmin session. The defect is the missing @pga_login_required decorator on DELETE /sqleditor/close/<trans_id> and POST /sqleditor/initialize/sqleditor/update_connection/<sgid>/<sid>/<did>; turning this into code execution additionally requires an attacker to possess the Flask SECRET_KEY and write access to the sessions/ directory from a separate channel. No public exploit identified at time of analysis, and the issue does not appear on CISA KEV.

Python Authentication Bypass Deserialization RCE Pgadmin 4
NVD GitHub VulDB
CVSS 4.0
9.5
EPSS
0.7%
CVE-2026-12045 CRITICAL PATCH Act Now

Remote SQL injection via prompt injection in pgAdmin 4 versions 9.13 through 9.15 allows attackers who can write content into database objects the AI Assistant inspects to bypass the read-only transaction wrapper and execute arbitrary SQL with the pgAdmin user's database role. When that role is a PostgreSQL superuser or holds pg_execute_server_program, the chain escalates to remote code execution on the database host via COPY ... TO PROGRAM. No public exploit identified at time of analysis; CVSS 4.0 base score is 9.4 (Critical) and an upstream fix is available.

PostgreSQL SQLi RCE Pgadmin 4
NVD GitHub VulDB
CVSS 4.0
9.4
EPSS
0.5%
CVE-2026-56078 PyPI HIGH PATCH This Week

Path traversal in PraisonAI's MultiAgentMonitor component (versions <= 1.5.114) lets remote attackers who can supply agent identifiers read, write, or overwrite arbitrary files on the host by embedding '../' sequences in agent IDs. The flaw, disclosed by VulnCheck and tracked as GHSA-766v-q9x3-g744, enables information disclosure, denial of service, and potential code execution in multi-agent AI deployments; no public exploit identified at time of analysis but a detailed PoC is included in the advisory.

Path Traversal Denial Of Service RCE Praisonai
NVD GitHub
CVSS 4.0
8.7
EPSS
0.7%
CVE-2026-56076 HIGH PATCH This Week

Cross-origin agent execution in PraisonAI's AGUI endpoint allows any attacker-controlled website to silently invoke locally-running agents and exfiltrate their streaming responses, including tool execution results and sensitive environment data. The flaw stems from a triad of issues - no authentication on POST /agui, a hardcoded wildcard CORS header, and Starlette's Content-Type-agnostic JSON parsing - that together let a simple cross-origin request bypass the browser's preflight check. No public exploit identified at time of analysis, but the GHSA advisory publishes a complete attack flow making weaponization trivial.

Cors Misconfiguration RCE Praisonai
NVD GitHub
CVSS 4.0
8.6
EPSS
0.5%
CVE-2026-25865 HIGH This Week

Local privilege escalation and arbitrary code execution affects Yandex Punto Switcher through version 4.5.0.583 due to an unquoted search path passed to WinExec when launching RunDll32.exe to invoke shell32.dll's Control_RunDLL with input.dll. An authenticated local attacker who can drop an executable into an earlier directory in the Windows search order can hijack execution and run code in the context of the affected user. No public exploit identified at time of analysis, but the technique (CWE-428) is well-understood and trivially weaponized.

RCE Punto Switcher
NVD
CVSS 4.0
8.5
EPSS
0.1%
CVE-2026-12390 HIGH CISA Act Now

Code execution in AzeoTech DAQFactory versions 21.1 and prior is achievable when a user opens a maliciously crafted .ctl project file, triggering a CWE-843 type confusion that corrupts memory. The flaw was reported through CISA ICS-CERT, which is significant because DAQFactory is HMI/SCADA software where engineering project files are routinely shared between integrators and operators. There is no public exploit identified at time of analysis, but the file-borne delivery pattern is well-suited to phishing or supply-chain handoffs targeting OT engineers.

Memory Corruption RCE Daqfactory
NVD VulDB
CVSS 4.0
8.4
EPSS
0.1%
CVE-2026-50188 PHP MEDIUM PATCH GHSA This Month

HTTP header injection (CRLF injection) in Kirby CMS's `Kirby\Http\Remote` class allows attackers who can influence outgoing request header values to inject or override arbitrary HTTP headers sent to upstream services. Affected are sites running Kirby versions up to 4.9.3 or 5.0.0-alpha.1 through 5.4.3 where custom code, plugins, or integrations pass user-controlled data into the `headers` option of `Remote` requests - the default Kirby installation is not affected. The attack targets the remote service receiving the manipulated request, enabling overrides of security-critical headers such as `Authorization`, `Host`, or `Cookie`, with downstream effects including unauthorized API access or upstream cache poisoning. No public exploit code and no CISA KEV listing have been identified at time of analysis; the 'RCE' tag in the source data appears to be a misclassification of this CWE-93 flaw.

RCE
NVD GitHub
CVSS 4.0
6.9
EPSS
0.3%
CVE-2026-44691 npm HIGH PATCH GHSA This Week

Arbitrary command execution in Eclipse Theia versions prior to 1.69.0 allows a malicious repository to run host commands with the user's privileges when its workspace is opened, because custom task definitions in .theia/tasks.json or .vscode/tasks.json bypass the workspace trust gate. When the victim has also enabled AI chat with tool confirmation disabled via a workspace .theia/settings.json, the chain triggers automatically on the first chat message. No public exploit identified at time of analysis, but the attack pattern mirrors well-known VS Code workspace-trust bypass classes.

RCE Eclipse Theia
NVD VulDB
CVSS 4.0
8.4
EPSS
0.2%
CVE-2026-55885 PHP MEDIUM PATCH GHSA This Month

Grav CMS (getgrav/grav < 1.7.53) exposes admin bcrypt password hashes, SMTP credentials, and full site configuration to any actor who can obtain a session-static admin-nonce value - via XSS, Referrer header leakage, browser history, or proxy logs - because the backup download endpoint enforces only a single URL-embedded nonce with no form-level CSRF token and no session binding. The default backup profile archives the entire GRAV_ROOT directory including user/accounts/ and user/config/ without exclusions, and the download handler Base64-encodes the absolute filesystem path in the response URL, leaking server internals. A fully functional public PoC is available; no CISA KEV listing exists at time of analysis, but downstream risk includes offline hashcat cracking followed by unauthenticated admin login with no server-side rate limiting.

CSRF Information Disclosure RCE XSS Path Traversal +1
NVD GitHub VulDB
CVSS 3.1
6.8
EPSS
0.2%
CVE-2026-55388 npm HIGH PATCH GHSA This Week

{signal} for abort support), the polluted prototype value flows into worker_threads.Worker and the attacker's exported function is invoked with every legitimate caller's task data. Publicly available exploit code exists (full PoC in the GHSA advisory), but no public exploit identified at time of analysis as in-the-wild abuse and the CVE is not in CISA KEV.

Code Injection RCE Red Hat
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.3%
CVE-2026-55887 Go HIGH PATCH GHSA This Week

Arbitrary code execution as root on the host running Docker MCP Gateway via argument injection in the `docker run` command line. A malicious OCI image author can craft an `io.docker.server.metadata` label that YAML-unmarshals into runtime-shaping fields of the `catalog.Server` struct, causing the gateway to append attacker-chosen flags like `-v /:/host` and `-u root` when launching the MCP server container. No public exploit identified at time of analysis, but the upstream advisory describes a full exploitation path.

Privilege Escalation RCE Docker
NVD GitHub
CVE-2026-54223 HIGH This Week

Remote code execution in UBB.threads forum software (version 7.7.5 confirmed) is achievable by authenticated users holding template-edit privileges, who can abuse a path traversal weakness to read and write arbitrary files within the web application's privilege scope. CERT-PL reported the issue after vendor contact attempts failed, and there is no public exploit identified at time of analysis. The flaw escalates a routine administrative capability into full server compromise without requiring user interaction.

Path Traversal RCE Ubb Threads
NVD
CVSS 4.0
8.6
EPSS
0.6%
CVE-2026-8461 HIGH PATCH This Week

Out-of-bounds write in FFmpeg's libavcodec MagicYUV decoder (libavcodec/magicyuv.c) affects all FFmpeg versions before 8.1.2, allowing remote attackers to cause denial-of-service and potentially achieve remote code execution when a victim processes a crafted MagicYUV-encoded media file. No public exploit identified at time of analysis, but the broad deployment of FFmpeg across media players, transcoding pipelines, browsers, and server-side processing makes this a high-priority patch. EPSS and CISA KEV data were not provided in the input.

RCE Memory Corruption Buffer Overflow Ffmpeg
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2026-55742 PHP CRITICAL GHSA Act Now

Cross-site request forgery in Cotonti 1.0.0 (commit f43f1fc3) lets a remote attacker escalate privileges to administrator by tricking a logged-in admin into loading an attacker-controlled page that submits a forged rights-update request to system/admin/admin.rights.php. Because Cotonti administrators can edit templates and configuration, the resulting account can be pivoted to remote code execution on the host. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.

CSRF PHP RCE Cotonti
NVD GitHub VulDB
CVSS 4.0
9.4
EPSS
0.2%
CVE-2026-9815 MEDIUM POC This Month

Unrestricted PHP file upload in the MagicForm WordPress plugin (through version 0.1.3) enables unauthenticated remote code execution on any WordPress server running an affected installation whose form fields have an empty extension allowlist. The vulnerability is reachable via an unauthenticated AJAX endpoint, requires no privileges or user interaction, and a publicly available proof-of-concept exploit exists per WPScan. Despite the plugin's limited adoption, the combination of a public exploit, zero authentication requirement, and full server-side code execution makes this a materially higher-risk issue than the vendor-assigned CVSS score of 6.5 suggests.

PHP WordPress RCE Magicform
NVD WPScan VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-9860 HIGH This Week

Remote code execution in the Offload, AI & Optimize with Cloudflare Images WordPress plugin (versions ≤1.10.2) allows authenticated Author-level users to inject PHP into wp-config.php via the 'account-id' or 'api-key' parameters of the cf_images_do_setup AJAX handler. The handler enforces only the upload_files capability instead of manage_options, and a single-quote escape flaw lets attackers break out of a PHP string literal during the define() write. No public exploit is identified at time of analysis, but the vulnerability is reported by Wordfence with detailed root-cause analysis.

File Upload PHP WordPress RCE Offload Ai Optimize With Cloudflare Images +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2026-12569 CRITICAL POC KEV THREAT Emergency

Remote code execution in PTC Windchill PDMlink and PTC FlexPLM allows unauthenticated network attackers to execute arbitrary code via deserialization of untrusted data. All releases prior to 11.0 M030 are affected, as are all CPS versions, and no public exploit identified at time of analysis. Reported by PTC themselves, the flaw carries a CVSS 4.0 base score of 9.3 (critical) reflecting high impact across confidentiality, integrity, and availability without requiring authentication or user interaction.

Deserialization RCE Windchill Pdmlink Flexplm
NVD VulDB
CVSS 4.0
9.3
EPSS
0.5%
Threat
4.9
CVE-2026-53676 HIGH This Week

Sandbox escape via prototype pollution in ThingsBoard (versions prior to v4.3.1.2) allows a TENANT_ADMIN-authenticated user to achieve arbitrary code execution within the tb-js-executor sandboxed JavaScript context. The flaw lets a rule-chain script reach the host realm through the `args.constructor.constructor` chain (e.g., synthesizing a Function that returns `process`), defeating the intended VM isolation. No public exploit identified at time of analysis, though the upstream regression test in PR #15600 effectively documents the escape technique.

Prototype Pollution RCE Thingsboard
NVD GitHub VulDB
CVSS 4.0
8.6
EPSS
0.8%
CVE-2026-12530 PyPI HIGH PATCH GHSA This Week

Command injection in the AWS Bedrock AgentCore Python SDK (versions >= 1.1.3, < 1.6.1) allows remote authenticated users to execute arbitrary commands within the Code Interpreter sandbox by supplying crafted package name arguments to the install_packages() method. The flaw stems from improper neutralization of argument delimiters (CWE-88), letting attacker-controlled strings break out of the intended pip-install argument context. No public exploit identified at time of analysis, but a vendor patch and advisory are available from AWS.

Python RCE Bedrock Agentcore
NVD GitHub VulDB
CVSS 4.0
8.4
EPSS
0.3%
CVE-2026-11407 PHP HIGH PATCH GHSA This Week

Twig sandbox bypass in Pimcore CMS/DXP 12.3.8 lets authenticated administrators escape the template sandbox by abusing empty checkMethodAllowed() and checkPropertyAllowed() implementations, enabling arbitrary method calls on internal PHP objects such as the DAO layer, Doctrine DBAL Connection, and PDO. Exploitation goes through a malicious Twig template injected via the DataObject ClassDefinition Layout\Text component and can lead to arbitrary file reads, arbitrary SQL execution, and potential remote code execution via PHP object gadget chains; the pimcore_* function wildcard broadens the bypass to every Pimcore Twig function. No public exploit identified at time of analysis, but VulnCheck has published an advisory describing the technique.

Ssti PHP RCE Pimcore Cms Dxp
NVD GitHub
CVSS 4.0
8.6
EPSS
0.6%
CVE-2026-55200 CRITICAL POC PATCH Act Now

Remote code execution in libssh2 through version 1.11.1 stems from an unchecked packet_length field in ssh2_transport_read() that allows attackers to send oversized SSH packets and corrupt heap memory. The flaw was reported by VulnCheck and is fixed upstream in commit 97acf3df (PR #2052), which adds an upper-bound check against LIBSSH2_PACKET_MAXPAYLOAD. No public exploit has been identified at time of analysis, but the CVSS 4.0 score of 9.2 reflects pre-authentication network reach with high impact on confidentiality, integrity, and availability.

Buffer Overflow RCE Libssh2
NVD GitHub VulDB
CVSS 4.0
9.2
EPSS
0.6%
CVE-2026-22555 Go HIGH PATCH GHSA This Week

Authorization bypass in Gitea versions prior to 1.26.0 lets a read-only organization member create repositories in the organization namespace via the API fork endpoint, despite a team configuration that denies repository creation (can_create_org_repo=false). Because the fork creator receives admin rights on the resulting repo, the attacker can enable Actions and push a workflow that exfiltrates all organization-level CI/CD secrets (deploy keys, cloud credentials, API tokens). Publicly available exploit code exists in the GHSA advisory with a full step-by-step PoC; no public exploit identified at time of analysis beyond the reporter's reproduction.

Docker RCE Authentication Bypass Ubuntu Gitea
NVD GitHub
CVSS 3.1
8.1
EPSS
0.3%
CVE-2026-53805 CRITICAL PATCH Act Now

Unauthenticated remote code execution in NVIDIA Spatial Intelligence Lab's GEN3C inference API server allows network attackers to execute arbitrary Python code by sending crafted pickle payloads to the /request-inference and /seed-model endpoints. The endpoints feed raw HTTP bodies directly into pickle.loads() with no authentication or validation, so a standard __reduce__ gadget yields code execution as the inference process. No public exploit identified at time of analysis, but the upstream patch and a VulnCheck advisory document the precise vulnerable code path.

Nvidia Deserialization Python RCE Gen3C
NVD GitHub
CVSS 4.0
9.3
EPSS
0.7%
CVE-2026-53875 PyPI HIGH PATCH This Week

Scanner evasion in picklescan versions prior to 1.0.3 lets an attacker smuggle malicious PyTorch pickle payloads past the scan_pytorch detection routine and gain arbitrary code execution when the model is later loaded with torch.load(). The bypass exploits a parser-differential between picklescan's pickletools.genops()-based magic-number extraction and PyTorch's pickle_module.load(), allowing a __reduce__(eval, ('MAGIC_NUMBER',)) trick to produce files that scan as clean but still deserialize correctly. A detailed proof-of-concept is published in the GHSA advisory and the VulnCheck writeup; no CISA KEV listing or EPSS score was supplied in the input.

Code Injection RCE Picklescan
NVD GitHub
CVSS 4.0
7.1
EPSS
0.4%
CVE-2026-53874 PyPI CRITICAL PATCH Act Now

Arbitrary code execution in picklescan versions prior to 1.0.1 allows attackers to bypass the scanner's malicious pickle detection by obfuscating eval calls nested under callable objects via getattr, causing the very tool intended to detect malicious pickles to miss them. Publicly available exploit code exists via the GHSA advisory PoC, though no public exploit identified at time of analysis as actively used in attacks; the CVSS 4.0 score of 9.3 reflects unauthenticated network-reachable impact on confidentiality, integrity, and availability.

Deserialization RCE Picklescan
NVD GitHub VulDB
CVSS 4.0
9.3
EPSS
0.5%
CVE-2026-53873 PyPI CRITICAL PATCH GHSA Act Now

Arbitrary code execution bypass in picklescan before 1.0.4 allows attackers to smuggle malicious pickle files past the scanner by invoking the module-level profile.run() function, which is missing from the blocklist that only covers Profile.run and Profile.runctx. The scanner reports zero issues while pickle.loads() triggers exec() of attacker-controlled Python. No public exploit identified at time of analysis beyond the proof-of-concept in the GHSA advisory, and the issue is not listed in CISA KEV.

Python RCE Picklescan
NVD GitHub
CVSS 4.0
9.3
EPSS
0.5%
CVE-2026-3490 PyPI CRITICAL PATCH GHSA Act Now

Remote code execution against users of picklescan versions prior to 1.0.4 is achievable by smuggling any blocked function past its scanner using pkgutil.resolve_name as an indirection primitive. Because pkgutil.resolve_name is not on the blocklist, an attacker can chain two REDUCE opcodes to resolve and invoke os.system, builtins.exec, subprocess.call, or any other dangerous function while the scanner reports the pickle as CLEAN - a universal blocklist bypass that defeats picklescan's entire safety premise. No public exploit is identified in CISA KEV, but the GHSA advisory authored by VulnCheck publishes a complete working technique, so weaponization is trivial.

RCE Picklescan
NVD GitHub
CVSS 4.0
10.0
EPSS
0.6%
CVE-2025-71323 PyPI CRITICAL PATCH Act Now

Remote code execution in picklescan before 0.0.33 enables attackers to bypass the tool's malicious-pickle detection by smuggling the unblocked ctypes module into a pickle payload. A working POC demonstrates loading kernel32.dll via ctypes.WinDLL and invoking WinExec to launch arbitrary commands during pickle deserialization scans or downstream loads. Publicly available exploit code exists in the GHSA-4675-36f9-wf6r advisory, and the flaw undermines the very security guarantee picklescan is deployed to provide for ML model pipelines.

RCE Picklescan
NVD GitHub
CVSS 4.0
9.3
EPSS
0.8%
CVE-2025-71322 PyPI HIGH PATCH This Week

Security check bypass in PickleScan versions before 0.0.33 allows attackers to smuggle arbitrary code execution payloads past the scanner by invoking the pty.spawn function, which was omitted from the unsafe globals deny-list. Publicly available exploit code exists (released as part of the HeroCTF 2025 'Irreductible 2' challenge writeup), and the flaw is particularly impactful for platforms like Hugging Face and other ML pipelines that rely on PickleScan to vet PyTorch model files. No public exploit identified at time of analysis in CISA KEV.

RCE Picklescan
NVD GitHub
CVSS 4.0
8.7
EPSS
0.4%
CVE-2025-71321 PyPI CRITICAL PATCH Act Now

Arbitrary file write in picklescan before 0.0.33 lets attackers bypass the tool's dangerous-call blocklist by abusing distutils.file_util.write_file inside crafted pickle payloads. Because picklescan is used as a safety gate before loading ML model pickles, a bypass means malicious models pass scanning and can overwrite files on disk to achieve denial of service or remote code execution. Publicly available exploit code exists in the GHSA advisory, though there is no public exploit identified at time of analysis indicating active exploitation.

Denial Of Service Deserialization RCE Picklescan
NVD GitHub
CVSS 4.0
9.3
EPSS
0.6%
CVE-2025-71320 PyPI CRITICAL PATCH Act Now

Arbitrary code execution in picklescan before 0.0.33 allows remote attackers to bypass the scanner's malicious-pickle detection by using pydoc.locate and operator.methodcaller, which were missing from the deny-list. Any downstream tool that trusts a 'clean' picklescan verdict and then deserializes the pickle (e.g., ML model loaders) will execute attacker-supplied code. Publicly available exploit code exists (GHSA PoC), and CVSS 4.0 is rated 9.3 Critical, though no public exploit identified at time of analysis in CISA KEV.

RCE Picklescan
NVD GitHub
CVSS 4.0
9.3
EPSS
0.6%
CVE-2026-35065 HIGH This Week

Missing authentication on a critical function in Dell PowerFlex Manager allows an adjacent-network attacker to invoke privileged operations without credentials, yielding code execution, denial of service, information disclosure, tampering, and unauthorized access. No public exploit identified at time of analysis, and the affected version range was not populated in the source advisory placeholder. Dell self-reported the issue under DSA-2026-066.

Information Disclosure Denial Of Service RCE Dell Authentication Bypass +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2026-47103 PyPI CRITICAL PATCH GHSA Act Now

Remote code execution in python-statemachine 3.0.0 through 3.1.x allows attackers to run arbitrary Python in the host process by supplying a crafted SCXML document whose `<data expr="...">` attributes are passed unsandboxed to eval() inside SCXMLProcessor. Reported by VulnCheck with publicly available exploit code and a vendor advisory (GHSA-v4jc-pm6r-3vj8); no public exploit identified at time of analysis as actively in the wild, and the flaw is not listed in CISA KEV.

Python Code Injection RCE Python Statemachine
NVD GitHub VulDB
CVSS 4.0
9.3
EPSS
0.8%
CVE-2026-55743 CRITICAL PATCH Act Now

Remote code execution in OpenHuman desktop agent through 0.54.0 allows attackers to escape the Supervised SecurityPolicy sandbox and run arbitrary OS commands as the desktop user via indirect prompt injection. Two allowlist bypasses in src/openhuman/security/policy.rs - missing coverage of find's -execdir/-okdir flags and pre-validation stripping of inline KEY=value env assignments (e.g. GIT_EXTERNAL_DIFF, GIT_SSH_COMMAND) - let an attacker turn an allowlisted command into arbitrary execution. No public exploit identified at time of analysis, but the vendor has shipped a fix in commit 60050aa (first stable release 0.56.0).

Command Injection RCE Openhuman
NVD GitHub
CVSS 3.1
9.6
EPSS
0.7%
CVE-2026-54328 npm HIGH PATCH GHSA This Week

Local privilege escalation in the Pi coding agent (npm packages @earendil-works/pi-coding-agent 0.74.0-0.78.0 and @mariozechner/pi-coding-agent 0.50.0-0.73.1) allows a co-resident attacker on a shared Linux host to pre-stage attacker-controlled extension code in a predictable `os.tmpdir()/pi-extensions` path that pi later loads as the victim user. No public exploit identified at time of analysis, but the issue was reported by CrowdStrike researchers and patched in 0.78.1 of the renamed package. Affects shared dev boxes, CI runners, and HPC login nodes; Windows/macOS default per-user temp directories typically avoid exposure.

Microsoft Apple Crowdstrike Privilege Escalation RCE +2
NVD GitHub
CVSS 3.1
7.3
EPSS
0.1%
CVE-2026-55738 HIGH This Week

Stack-based buffer overflow in rxi microtar 0.1.0 allows remote attackers to crash or potentially execute arbitrary code in applications that parse attacker-supplied TAR archives. The flaw lies in raw_to_header() (src/microtar.c:112), which uses strcpy() on fixed-width 100-byte ustar name/linkname fields that are not guaranteed to be null-terminated, enabling a 356-byte out-of-bounds read confirmed via AddressSanitizer. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

RCE Stack Overflow Buffer Overflow Denial Of Service Microtar
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2026-54816 HIGH This Week

Remote code execution in the Monetizemore Advanced Ads WordPress plugin through version 2.0.21 allows authenticated attackers with low privileges to inject and execute arbitrary code via a code injection flaw (CWE-94). The issue was disclosed by Patchstack and carries a CVSS 3.1 base score of 7.5 (high) with high attack complexity. No public exploit identified at time of analysis.

Code Injection RCE Advanced Ads
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-59872 CRITICAL Act Now

Unrestricted file upload in HCL ZIE for Web (Z and I Emulator) version 16.0 allows remote attackers to upload a web shell that can yield arbitrary command execution on the server, but only when the server is configured to execute uploaded code and the file lands inside the Webroot. The CVSS 3.1 base score is 9.8, yet CISA's SSVC framework rates exploitation as 'none' and not automatable with only partial technical impact, and EPSS sits at just 0.34% (26th percentile). No public exploit is identified at time of analysis and the issue is not listed in CISA KEV.

File Upload Information Disclosure RCE Zie
NVD VulDB
CVSS 3.1
9.8
EPSS
0.3%
CVE-2026-11857 HIGH This Week

Local privilege escalation in Quanos SCHEMA ST4 on-premises allows an authenticated local user to gain NT AUTHORITY\SYSTEM by abusing insecure .NET Remoting deserialization in the Client Update Service. The endpoint, reachable through a local named pipe with TypeFilterLevel.Full, accepts attacker-controlled serialized objects and yields arbitrary code execution in the update process context. No public exploit identified at time of analysis, though a SEC-Consult/SEC-VLab advisory documents the issue.

Privilege Escalation Deserialization RCE Schema St4
NVD
CVSS 4.0
8.4
EPSS
0.3%
CVE-2026-40783 CRITICAL Act Now

Remote code execution in Blocksy Companion Pro (Creative Themes) versions 2.1.37 and earlier allows authenticated users with Contributor-level WordPress privileges to inject and execute arbitrary code on the underlying server. The flaw carries a CVSS 3.1 base score of 9.9 with scope change, reflecting that successful exploitation breaks out of the WordPress application context. No public exploit identified at time of analysis, but Patchstack has catalogued the issue in its WordPress vulnerability database.

Code Injection RCE Blocksy Companion Pro
NVD
CVSS 3.1
9.9
EPSS
0.5%
CVE-2026-12466 HIGH PATCH This Week

Heap buffer overflow in WebRTC in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Google Microsoft Heap Overflow RCE Buffer Overflow +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.4%
EPSS 1% CVSS 9.3
CRITICAL PATCH Act Now

Flowise before 2.1.4 allows configuration to be injected into the Chainflow during execution via the overrideConfig option, supported in both the frontend web integration and the backend Prediction. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Denial Of Service +2
NVD GitHub VulDB
EPSS 1% CVSS 9.3
CRITICAL POC Act Now

WooCommerce 7.1.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary PHP code by injecting shell commands through the product-type parameter. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE WordPress +2
NVD Exploit-DB VulDB
EPSS 1% CVSS 9.5
CRITICAL POC Act Now

Unauthenticated remote code execution in JoomShaper's SP LMS (com_splms) Joomla extension versions 1.0.0 through 4.1.3 allows network attackers to run arbitrary code on the server by sending a crafted cookie that the component deserializes without validation. The flaw is a textbook PHP object injection (CWE-502) with a CVSS 4.0 base score of 9.5, but at time of analysis there is no public exploit identified and the issue is not on the CISA KEV list. Risk is elevated because the trigger is a cookie value parsed before any authentication check.

RCE Deserialization Sp Lms Extension For Joomla
NVD VulDB Exploit-DB
EPSS 1% CVSS 7.5
HIGH This Week

Unauthenticated arbitrary file deletion in the Simple File List WordPress plugin (versions up to and including 6.3.7) allows remote attackers to delete any file the web server can write to, including wp-config.php, which can escalate to remote code execution. The flaw lives in the eeSFL_DeleteFile function and is reachable via the simplefilelist_edit_job AJAX action registered through wp_ajax_nopriv_, with the is_admin() guard rendered ineffective because that function always returns true on admin-ajax.php. No public exploit identified at time of analysis, but the trivial reachability and high-value target (WordPress) make weaponization straightforward.

Path Traversal PHP WordPress +2
NVD VulDB
EPSS 1% CVSS 8.1
HIGH This Week

Arbitrary file deletion in the Database for Contact Form 7, WPforms, Elementor forms WordPress plugin (versions ≤1.5.1) allows remote unauthenticated attackers to poison form entries with traversal payloads that, when later viewed by an administrator, delete arbitrary server files and can be escalated to remote code execution by removing wp-config.php. Reported by Wordfence with publicly available exploit code exists via the Wordfence advisory; no public exploit identified at time of analysis as weaponized in-the-wild attacks, and the issue is not in CISA KEV.

Path Traversal PHP WordPress +2
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Arbitrary file write and read in Symfony UX Toolkit's `ux:install` console command allows a crafted or compromised recipe kit to escape the intended installation directory and overwrite or read attacker-controlled files on a developer's machine or CI runner. Because overwriting controllers, git hooks, or `.env` files yields code execution, this path-traversal flaw escalates to local RCE, and no public exploit identified at time of analysis though the fix and root cause are documented in the upstream GHSA.

Path Traversal RCE
NVD GitHub VulDB
CVSS 6.8
MEDIUM PATCH This Month

LDAP injection in OpenBao versions 0.1.0 through 2.5.4 allows an attacker with a valid low-privileged LDAP account to impersonate arbitrary directory users, including administrators, by supplying filter metacharacters in the username field at login. The root cause is a function selection error in `sdk/helper/ldaputil/client.go`: `EscapeLDAPValue()` (RFC 4514, DN escaping) is used in LDAP filter construction instead of `ldap.EscapeFilter()` (RFC 4515), leaving characters `*`, `(`, `)`, `\`, and NUL unescaped and injectable. Publicly available exploit code exists in the vendor advisory; no confirmed active exploitation (CISA KEV) has been identified at time of analysis.

LDAP Code Injection RCE
NVD GitHub VulDB
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Arbitrary file read leading to remote code execution affects Langflow versions prior to 1.9.2 in any flow that uses BaseFileComponent-derived nodes (Read File, Docling, Docling Serve, NVIDIA Retriever Extraction, Video File, Unstructured API). An attacker who can submit a TAR archive containing symlinks - for example through a RAG ingestion pipeline that accepts user documents - causes the server to follow those links and ingest arbitrary host files such as Langflow's JWT secret_key, which can then be used to forge admin tokens and execute Python via the Code Interpreter node. Publicly available exploit code exists (researcher-published PoC archive and demo video); not listed in CISA KEV.

Nvidia Python RCE
NVD GitHub VulDB
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Server-Side Request Forgery and arbitrary JavaScript injection in Craft CMS 4.x (before 4.18) and 5.x (before 5.10) allow remote unauthenticated attackers to poison the Host or X-Forwarded-Host header against the /actions/app/resource-js endpoint, forcing the backend Guzzle client to proxy attacker-controlled content as application/javascript. When the instance sits behind a caching layer, this chains into web cache poisoning, stored XSS in the Control Panel, and 1-click RCE via session-riding the plugin install action. No public exploit identified at time of analysis, though the GitHub Security Advisory (GHSA-c55v-343g-5xff) provides detailed exploitation mechanics.

SSRF RCE Apache +2
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Code injection in @tinacms/cli versions prior to 2.4.3 allows an attacker who controls a Forestry-style project to achieve remote code execution on a developer's workstation when the `tinacms init` Forestry migration runs and the developer subsequently executes `tinacms dev` or `tinacms build`. The `addVariablesToCode` helper unquotes any value matching the marker `__TINA_INTERNAL__:::(.*?):::` placed in a stringified collection JSON, and user-supplied `label`/`name` fields from `.forestry/**/*.yml` are inserted into that JSON without sanitisation, yielding a top-level IIFE in the generated `tina/templates.ts`. A detailed end-to-end PoC is published in the GHSA-4936-9hrh-qqpw advisory; no public exploit identified at time of analysis beyond the disclosure PoC, and the CVE is not in CISA KEV.

Node.js Microsoft Code Injection +1
NVD GitHub
EPSS 0% CVSS 7.4
HIGH This Week

Authenticated remote code execution in gin-vue-admin 2.9.1 lets attackers with access to the code-generation and MCP management features inject arbitrary Go source via POST /autoCode/addFunc and trigger a rebuild/restart through POST /autoCode/mcpStart, yielding OS command execution as the application service account. No public exploit identified at time of analysis, and as of publication a patched version is not confirmed; the upstream GHSA-22cv-9jv2-6m62 advisory only documents allowlist-based workarounds.

Command Injection RCE Gin Vue Admin
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW PATCH Monitor

Heap use-after-free in the Oj Ruby gem's `Oj::Doc` iterators (`each_value`, `each_child`, `each_leaf`) allows a Ruby block executed during iteration to free the underlying document buffer via `doc.close`, after which the native C iterator in `ext/oj/fast.c` dereferences the freed region. The flaw is reachable from pure Ruby and confirmed by an AddressSanitizer report against version 3.17.1, with no public exploit identified at time of analysis but a clear reproducer published in the GHSA advisory. Applications that parse attacker-influenced JSON with Oj::Doc and pass user-supplied callbacks into these iterators are most at risk.

Use After Free Memory Corruption RCE
NVD GitHub
EPSS 0% CVSS 9.3
CRITICAL PATCH Act Now

Stored cross-site scripting in the jupyterlab-git extension (versions 0.30.0b3 through 0.53.x) escalates to remote code execution when a victim views a rename diff in the Git History tab. The PlainTextDiff.ts createHeader() method injects unsanitized Git filenames into innerHTML, so a filename such as <img src=x onerror=eval(atob(...))>.py fires JavaScript that reads the _xsrf cookie, spawns a JupyterLab terminal via POST /api/terminals, and runs arbitrary shell commands. Reported by AWS Security; no public exploit identified at time of analysis, though the vendor advisory (GHSA-f962-v9hr-pfg5) documents a detailed reproduction path, and it is not listed in CISA KEV.

XSS RCE
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Arbitrary code execution in Stanford NLP's Stanza 1.12.0 (and ≤1.12.1) occurs when the library loads a malicious PyTorch checkpoint, because its pretrain loader silently falls back from torch.load(weights_only=True) to weights_only=False whenever an UnpicklingError is raised - a condition the attacker fully controls by embedding one unsupported pickle global. Publicly available exploit code exists (working PoC in the GHSA advisory), and any developer, CI pipeline, or production NLP service that downloads Stanza model files from HuggingFace, GitHub, or a shared cache can be compromised. Fixed in Stanza 1.12.2.

Checkpoint Deserialization Python +1
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

Denial of service in the Faraday Ruby HTTP client library (versions up to and including 2.14.2) allows remote attackers to crash worker threads by submitting query strings with deeply nested bracket-notation parameters. The Faraday::NestedParamsEncoder recursively walks attacker-controlled nested Hash structures without a depth ceiling, raising an uncaught SystemStackError at roughly 3,000+ levels of nesting (~9.4 KB payload). Publicly available exploit code exists in the GHSA-98m9-hrrm-r99r advisory itself; no public exploit identified at time of analysis in the active-exploitation sense, and impact is limited to availability - no RCE, auth bypass, or data disclosure, despite the input tags listing those categories.

Denial Of Service Authentication Bypass Information Disclosure +1
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Server-Side Request Forgery in Mercator's CVE configuration panel allows authenticated users holding the low-privilege 'configure' permission to coerce the application server into issuing arbitrary outbound network requests to any internal or external host. Affected versions prior to 2025.05.19 pass user-supplied URLs directly to curl_init() in ConfigurationController::testProvider() with no scheme, hostname, or private-IP validation; the intended /api/dbInfo suffix restriction is trivially defeated by appending a # fragment character, granting full URL control. Support for the telnet:// scheme enables internal TCP port scanning, while gopher:// permits raw protocol-level interaction with unauthenticated internal services such as Redis and Memcached, creating a realistic path to Remote Code Execution on those systems under common deployment conditions. No public exploit code or CISA KEV listing has been identified at time of analysis.

RCE Redis SSRF +1
NVD GitHub VulDB
EPSS 0% CVSS 8.0
HIGH PATCH This Week

Arbitrary file write in py7zr versions 1.1.0 through 1.1.2 allows attackers to escape the destination directory during archive extraction by chaining malicious symbolic links that resolve outside the target path. A victim who calls extractall() on a crafted 7z archive can have files written to arbitrary host filesystem locations, potentially escalating to remote code execution, privilege escalation, or data corruption. Publicly available exploit code exists (PoC published in the GHSA advisory), but there is no public exploit identified for active campaigns at time of analysis.

Python Privilege Escalation RCE +3
NVD GitHub VulDB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

Joomla!. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP LFI +1
NVD Exploit-DB
EPSS 1% CVSS 8.7
HIGH POC This Week

Joomla!. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload +1
NVD Exploit-DB
EPSS 1% CVSS 7.6
HIGH PATCH This Week

Arbitrary file write via path traversal in Slopsmith (a self-hosted Rocksmith 2014 CDLC web app) prior to 0.2.9-alpha.5 allows an attacker who can supply a malicious PSARC or sloppak archive to write files outside the extraction directory, escalating to remote code execution under the default Docker image which runs as root and exposes a writable plugin directory. The CVSS 4.0 vector reports high privileges required (PR:H), reflecting that the attacker must reach the archive-upload/open functionality of an authenticated user. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Path Traversal Python RCE +2
NVD GitHub VulDB
EPSS 0% CVSS 7.1
HIGH This Week

Remote code execution in libaom (reference AV1 codec) is possible when services use the SVC encoder with attacker-supplied frames, allowing crafted pixel data to overlap encoder layer context structures and hijack the cyclic refresh map pointer. The flaw chains a heap out-of-bounds write (CWE-787) with a crash-oracle ASLR bypass to redirect control flow in fork-based video processing services. No public exploit identified at time of analysis, but the issue is tracked under Red Hat and Chromium security trackers and an upstream fix commit has landed in aomedia.

RCE Memory Corruption Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 7.1
HIGH This Week

Arbitrary address write in libaom, the reference AV1 video codec implementation, allows remote attackers to corrupt memory by supplying crafted pixel values to an encoder that has Scalable Video Coding (SVC) enabled, leading to denial of service or potential code execution. The flaw stems from a missing bounds check in the SVC layer ID control function that lets pixel data inject an attacker-controlled pointer into the cyclic refresh map, after which ~1,200 bytes are written deterministically to the chosen address. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

RCE Memory Corruption Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 7.6
HIGH This Week

Heap buffer overflow in libaom's AV1 encoder allows attackers who influence encoder configuration to trigger a 232-byte out-of-bounds heap write on every frame after the second, when Look-Ahead Processing (LAP) mode is active with g_lag_in_frames >= 1. Affected deployments include transcoding pipelines and WebRTC servers that pass user-controlled encoder parameters to libaom. No public exploit identified at time of analysis, and the flaw primarily yields a reliable denial of service with a theoretical path to remote code execution via heap corruption.

RCE Heap Overflow Buffer Overflow +1
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

Remote code execution in Tenda AC7 routers (firmware v15.03.06.44) is possible via a stack buffer overflow in the wanSpeed parameter of the /goform/AdvSetMacMtuWan endpoint. The CVSS 9.8 vector (AV:N/AC:L/PR:N/UI:N) indicates unauthenticated network-based exploitation with full confidentiality, integrity, and availability impact, though no public exploit identified at time of analysis and the device is not listed in CISA KEV.

Stack Overflow RCE Buffer Overflow +2
NVD VulDB
EPSS 1% CVSS 8.1
HIGH PATCH This Week

PHAR deserialization in PhpWeasyPrint versions prior to 2.6.0 allows remote code execution by bypassing the case-sensitive phar:// blacklist introduced for CVE-2023-28115 - because PHP stream wrappers are case-insensitive, schemes like PHAR:// or PhAr:// pass the check and reach file_exists() in prepareOutput(). When the library runs on PHP 7.4+ and an attacker can influence the output filename argument passed to generation methods, a crafted PHAR archive's metadata is unserialized via a gadget chain, yielding code execution. No CISA KEV listing and no public exploit identified at time of analysis for this specific CVE, although the equivalent upstream KnpLabs/snappy advisory (GHSA-92rv-4j2h-8mjj) ships a working phpggc-based PoC that is directly portable.

PHP Deserialization RCE +1
NVD GitHub
EPSS 0% CVSS 3.0
LOW POC PATCH Monitor

Arbitrary file deletion in PhpWeasyPrint prior to version 2.6.0 allows any code holding a reference to a generator instance to inject arbitrary filesystem paths into the public `AbstractGenerator::$temporaryFiles` array, which are then passed to `unlink()` without path-containment validation during script shutdown or object destruction. The vulnerability mirrors a previously disclosed pattern in the related KnpLabs/snappy library (GHSA-87qc-37cw-84h4), and is exploitable by malicious dependencies, plugin code, or any PHP code co-located in the same process with access to the generator object. No public exploit has been identified at time of analysis, and exploitation is substantially constrained by the requirement for high privileges and local code access.

PHP RCE Php Weasyprint
NVD GitHub VulDB
CVSS 6.1
MEDIUM PATCH This Month

Arbitrary local file disclosure in the Rust crate tract-onnx (by Sonos) allows an attacker who supplies a malicious ONNX model file to read arbitrary files from the victim's filesystem at model-load time, with file contents surfaced directly in inference tensor output. The root cause is that `get_external_resources()` in `onnx/src/tensor.rs` passes the attacker-controlled `location` field of ONNX external-data tensors directly to `PathBuf::join()` without sanitization, enabling both absolute-path overrides and relative `../` traversal. A secondary denial-of-service (panic) is possible via out-of-bounds `offset`/`length` values. Publicly available exploit code exists (full PoC confirmed on tract-onnx 0.21.16); no active exploitation has been confirmed by CISA KEV at time of analysis.

Path Traversal Denial Of Service Python +1
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Cedar policy injection in CedarJava (com.cedarpolicy:cedar-java) versions below 2.3.6, 3.4.1, and 4.9.0 allows attackers to alter authorization outcomes by smuggling Cedar expressions through unescaped string values. The flaw is in toCedarExpr() on Cedar Value types, which fails to escape quote and backslash characters when serializing user-controlled values into policy text. No public exploit identified at time of analysis, but the integrity impact is severe because injected fragments like '|| true' can neutralize permit/forbid logic in fine-grained authorization decisions.

Code Injection Java RCE
NVD GitHub
EPSS 0% CVSS 8.5
HIGH POC This Week

Chromacam 4.0.3.0 contains an unquoted service path vulnerability in the PsyFrameGrabberService that allows local attackers to execute arbitrary code by placing malicious executables in unquoted path. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Chromacam
NVD Exploit-DB VulDB
EPSS 0% CVSS 8.5
HIGH POC This Week

Realtek Audio Service 1.0.0.55 contains an unquoted service path vulnerability in RtkAudioService64.exe that allows local attackers to escalate privileges by injecting malicious code. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Realtek Audio Service
NVD Exploit-DB VulDB
EPSS 0% CVSS 8.5
HIGH POC This Week

RealTimes Desktop Service 18.1.4 contains an unquoted service path vulnerability in the rpdsvc.exe binary that allows local attackers to escalate privileges. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Realtimes Desktop Service
NVD Exploit-DB VulDB
EPSS 0% CVSS 8.5
HIGH POC This Week

TFTP Broadband 4.3.0.1465 contains an unquoted service path vulnerability in the tftpt.exe service binary that allows local attackers to execute arbitrary code with system privileges. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Tftp Broadband
NVD Exploit-DB
EPSS 0% CVSS 8.5
HIGH POC This Week

Network Inventory Advisor 5.0.26.0 installs the niaservice service with an unquoted binary path that allows local attackers to escalate privileges by placing malicious executables in intermediate. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Network Inventory Advisor
NVD Exploit-DB
EPSS 0% CVSS 8.5
HIGH POC This Week

Matrix42 Remote Control Host 3.20.0031 contains an unquoted service path vulnerability in the FastViewerRemoteService and FastViewerRemoteProxy services that allows local users to execute arbitrary. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Matrix42 Remote Control Host
NVD Exploit-DB
EPSS 0% CVSS 8.5
HIGH POC This Week

AnyDesk 2.5.0 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with SYSTEM privileges by exploiting the service installation. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Anydesk
NVD Exploit-DB
EPSS 0% CVSS 8.5
HIGH POC This Week

Wise Care 365 4.27 and Wise Disk Cleaner 9.29 contain unquoted service path vulnerabilities in the WiseBootAssistant and SpyHunter 4 Service respectively, allowing local users to execute arbitrary. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Wisecleaner
NVD Exploit-DB
EPSS 0% CVSS 8.5
HIGH POC This Week

NetDrive 2.6.12 contains an unquoted service path vulnerability in the Netdrive2_Service_Netdrive2 service that allows local users to execute arbitrary code with SYSTEM privileges. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Privilege Escalation Netdrive
NVD Exploit-DB VulDB
EPSS 0% CVSS 8.5
HIGH POC This Week

Comodo Dragon Browser versions up to 52.15.25.663 contain a privilege escalation vulnerability in the DragonUpdater service due to an unquoted service path running with SYSTEM privileges. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Privilege Escalation Dragon Browser
NVD Exploit-DB
EPSS 0% CVSS 8.5
HIGH POC This Week

Iperius Remote 1.7.0 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with SYSTEM privileges by exploiting the service installation path. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Iperius Remote
NVD Exploit-DB
EPSS 0% CVSS 8.5
HIGH POC This Week

Comodo Chromodo Browser 52.15.25.664 contains an unquoted service path vulnerability in the ChromodoUpdater service that runs with SYSTEM privileges. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Chromodo Browser
NVD Exploit-DB
EPSS 0% CVSS 8.5
HIGH POC This Week

Fortitude HTTP 1.0.4.0 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated privileges by exploiting the service binary path. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Fortitude Http
NVD Exploit-DB
CVSS 9.9
CRITICAL PATCH Act Now

Command injection in the Network-AI npm package (network-ai < 5.9.1) lets any agent or caller granted a wildcard allowlist entry such as `git *`, `npm *`, or `node *` execute arbitrary shell commands as the orchestrator process. The flaw stems from `SandboxPolicy.isCommandAllowed` glob-matching the entire command string while `ShellExecutor` runs it through `/bin/sh -c`, so shell metacharacters like `;`, `|`, and `$(...)` smuggle additional commands past the sandbox. A working PoC is published in the GHSA advisory, though there is no public exploit identified at time of analysis in the wild and no CISA KEV listing.

RCE Command Injection Node.js
NVD GitHub
EPSS 0% CVSS 9.3
CRITICAL Act Now

Remote code execution in NI grpc-device 2.17.0 and earlier is possible when an attacker sends a specially crafted Moniker protobuf message to the sideband streaming API, triggering an untrusted pointer dereference (CWE-822). The flaw is reachable without authentication or user interaction over the network, yielding a CVSS 4.0 base score of 9.3. No public exploit identified at time of analysis, but vendor advisories from NI and the upstream GitHub Security Advisory GHSA-ww59-ghm9-mm63 are published.

RCE Grpc Device Instrumentstudio
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in JetBrains GoLand before 2026.1.3 lets an attacker run arbitrary code on a developer's machine when the victim opens a maliciously crafted project whose configuration is untrusted. The flaw, reported by JetBrains itself and assigned CVSS 8.8 with high confidentiality, integrity, and availability impact, requires the user to open the booby-trapped project (UI:R) but no prior authentication on the IDE. There is no public exploit identified at time of analysis, and the EPSS probability is low at 0.21% (11th percentile).

RCE Goland
NVD VulDB
EPSS 1% CVSS 9.3
CRITICAL PATCH Act Now

Unauthenticated administrator account takeover in FileRise before 3.16.0 is possible via a path traversal flaw in the shared-folder upload endpoint (/api/folder/uploadToSharedFolder.php), where URL-encoded path separators bypass filename validation and allow arbitrary file write outside the upload directory. Any actor holding a valid, non-expired, upload-enabled shared-folder token - tokens explicitly designed to be shared publicly - can overwrite users/users.txt to plant an admin account and, depending on configuration, achieve remote code execution. No public exploit identified at time of analysis, but the upstream fix in v3.16.0 documents the exact bypass, lowering the bar for weaponization.

Path Traversal PHP RCE +1
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

Unauthenticated remote code execution in BetterDocs Pro for WordPress (versions through 3.8.0) is achievable by abusing the `doc_style` parameter to include arbitrary local PHP files. Wordfence has assigned a critical 9.8 CVSS score, and while no public exploit identified at time of analysis, the unauthenticated network-reachable nature of the flaw on a widely deployed WordPress documentation plugin makes opportunistic mass-exploitation likely once details propagate.

Information Disclosure WordPress RCE +3
NVD VulDB
EPSS 1% CVSS 9.1
CRITICAL Act Now

Arbitrary file deletion in the Avada (Fusion) Builder WordPress plugin through version 3.15.3 allows remote unauthenticated attackers to delete any file on the server via path traversal in the maybe_delete_files function, which commonly escalates to remote code execution when wp-config.php is removed and WordPress enters setup mode. Wordfence reports the flaw is reachable through the wp_ajax_nopriv_fusion_form_submit_ajax handler on sites that have a published Avada form saving entries to the database. No public exploit identified at time of analysis, but the CVSS 9.1 score reflects trivial network exploitation with no authentication or user interaction.

Path Traversal PHP WordPress +2
NVD
EPSS 0% CVSS 5.6
MEDIUM PATCH This Month

Checkpoint image poisoning in containerd's CRI implementation allows an attacker with pod-creation permissions to corrupt the node-local image cache, causing victim pods to silently execute malicious images in place of legitimate ones. The root cause is missing validation of image references embedded in checkpoint image configurations: containerd trusts attacker-controlled strings in the checkpoint archive to drive image pulls and local tag assignment. Subsequent pods using an IfNotPresent or Never pull policy then inherit the poisoned tag and execute arbitrary code under the victim pod's Kubernetes identity. No active exploitation has been confirmed (not in CISA KEV), and no public exploit code has been identified at time of analysis; vendor-released patches are available.

RCE Checkpoint Containerd
NVD VulDB GitHub
EPSS 1% CVSS 9.3
CRITICAL Emergency

Remote code execution in AVer PTC500S, PTC115, PTC500+, and PTC115+ cameras allows unauthenticated attackers to run arbitrary code by sending a specially crafted web request to the device's HTTP interface. The flaw was reported through CISA's ICS-CERT coordination process and carries a CVSS 4.0 base score of 9.3, but there is no public exploit identified at time of analysis and the CVE is not on the CISA KEV list.

Path Traversal Information Disclosure RCE +3
NVD GitHub
EPSS 1% CVSS 9.5
CRITICAL PATCH Act Now

Remote unauthenticated access to two SQL Editor endpoints in pgAdmin 4 server-mode deployments (versions 6.9 through 9.15) exposes a pickle.loads sink that can be reached without a valid pgAdmin session. The defect is the missing @pga_login_required decorator on DELETE /sqleditor/close/<trans_id> and POST /sqleditor/initialize/sqleditor/update_connection/<sgid>/<sid>/<did>; turning this into code execution additionally requires an attacker to possess the Flask SECRET_KEY and write access to the sessions/ directory from a separate channel. No public exploit identified at time of analysis, and the issue does not appear on CISA KEV.

Python Authentication Bypass Deserialization +2
NVD GitHub VulDB
EPSS 1% CVSS 9.4
CRITICAL PATCH Act Now

Remote SQL injection via prompt injection in pgAdmin 4 versions 9.13 through 9.15 allows attackers who can write content into database objects the AI Assistant inspects to bypass the read-only transaction wrapper and execute arbitrary SQL with the pgAdmin user's database role. When that role is a PostgreSQL superuser or holds pg_execute_server_program, the chain escalates to remote code execution on the database host via COPY ... TO PROGRAM. No public exploit identified at time of analysis; CVSS 4.0 base score is 9.4 (Critical) and an upstream fix is available.

PostgreSQL SQLi RCE +1
NVD GitHub VulDB
EPSS 1% CVSS 8.7
HIGH PATCH This Week

Path traversal in PraisonAI's MultiAgentMonitor component (versions <= 1.5.114) lets remote attackers who can supply agent identifiers read, write, or overwrite arbitrary files on the host by embedding '../' sequences in agent IDs. The flaw, disclosed by VulnCheck and tracked as GHSA-766v-q9x3-g744, enables information disclosure, denial of service, and potential code execution in multi-agent AI deployments; no public exploit identified at time of analysis but a detailed PoC is included in the advisory.

Path Traversal Denial Of Service RCE +1
NVD GitHub
EPSS 1% CVSS 8.6
HIGH PATCH This Week

Cross-origin agent execution in PraisonAI's AGUI endpoint allows any attacker-controlled website to silently invoke locally-running agents and exfiltrate their streaming responses, including tool execution results and sensitive environment data. The flaw stems from a triad of issues - no authentication on POST /agui, a hardcoded wildcard CORS header, and Starlette's Content-Type-agnostic JSON parsing - that together let a simple cross-origin request bypass the browser's preflight check. No public exploit identified at time of analysis, but the GHSA advisory publishes a complete attack flow making weaponization trivial.

Cors Misconfiguration RCE Praisonai
NVD GitHub
EPSS 0% CVSS 8.5
HIGH This Week

Local privilege escalation and arbitrary code execution affects Yandex Punto Switcher through version 4.5.0.583 due to an unquoted search path passed to WinExec when launching RunDll32.exe to invoke shell32.dll's Control_RunDLL with input.dll. An authenticated local attacker who can drop an executable into an earlier directory in the Windows search order can hijack execution and run code in the context of the affected user. No public exploit identified at time of analysis, but the technique (CWE-428) is well-understood and trivially weaponized.

RCE Punto Switcher
NVD
EPSS 0% CVSS 8.4
HIGH Act Now

Code execution in AzeoTech DAQFactory versions 21.1 and prior is achievable when a user opens a maliciously crafted .ctl project file, triggering a CWE-843 type confusion that corrupts memory. The flaw was reported through CISA ICS-CERT, which is significant because DAQFactory is HMI/SCADA software where engineering project files are routinely shared between integrators and operators. There is no public exploit identified at time of analysis, but the file-borne delivery pattern is well-suited to phishing or supply-chain handoffs targeting OT engineers.

Memory Corruption RCE Daqfactory
NVD VulDB
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

HTTP header injection (CRLF injection) in Kirby CMS's `Kirby\Http\Remote` class allows attackers who can influence outgoing request header values to inject or override arbitrary HTTP headers sent to upstream services. Affected are sites running Kirby versions up to 4.9.3 or 5.0.0-alpha.1 through 5.4.3 where custom code, plugins, or integrations pass user-controlled data into the `headers` option of `Remote` requests - the default Kirby installation is not affected. The attack targets the remote service receiving the manipulated request, enabling overrides of security-critical headers such as `Authorization`, `Host`, or `Cookie`, with downstream effects including unauthorized API access or upstream cache poisoning. No public exploit code and no CISA KEV listing have been identified at time of analysis; the 'RCE' tag in the source data appears to be a misclassification of this CWE-93 flaw.

RCE
NVD GitHub
EPSS 0% CVSS 8.4
HIGH PATCH This Week

Arbitrary command execution in Eclipse Theia versions prior to 1.69.0 allows a malicious repository to run host commands with the user's privileges when its workspace is opened, because custom task definitions in .theia/tasks.json or .vscode/tasks.json bypass the workspace trust gate. When the victim has also enabled AI chat with tool confirmation disabled via a workspace .theia/settings.json, the chain triggers automatically on the first chat message. No public exploit identified at time of analysis, but the attack pattern mirrors well-known VS Code workspace-trust bypass classes.

RCE Eclipse Theia
NVD VulDB
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Grav CMS (getgrav/grav < 1.7.53) exposes admin bcrypt password hashes, SMTP credentials, and full site configuration to any actor who can obtain a session-static admin-nonce value - via XSS, Referrer header leakage, browser history, or proxy logs - because the backup download endpoint enforces only a single URL-embedded nonce with no form-level CSRF token and no session binding. The default backup profile archives the entire GRAV_ROOT directory including user/accounts/ and user/config/ without exclusions, and the download handler Base64-encodes the absolute filesystem path in the response URL, leaking server internals. A fully functional public PoC is available; no CISA KEV listing exists at time of analysis, but downstream risk includes offline hashcat cracking followed by unauthenticated admin login with no server-side rate limiting.

CSRF Information Disclosure RCE +3
NVD GitHub VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

{signal} for abort support), the polluted prototype value flows into worker_threads.Worker and the attacker's exported function is invoked with every legitimate caller's task data. Publicly available exploit code exists (full PoC in the GHSA advisory), but no public exploit identified at time of analysis as in-the-wild abuse and the CVE is not in CISA KEV.

Code Injection RCE Red Hat
NVD GitHub VulDB
HIGH PATCH This Week

Arbitrary code execution as root on the host running Docker MCP Gateway via argument injection in the `docker run` command line. A malicious OCI image author can craft an `io.docker.server.metadata` label that YAML-unmarshals into runtime-shaping fields of the `catalog.Server` struct, causing the gateway to append attacker-chosen flags like `-v /:/host` and `-u root` when launching the MCP server container. No public exploit identified at time of analysis, but the upstream advisory describes a full exploitation path.

Privilege Escalation RCE Docker
NVD GitHub
EPSS 1% CVSS 8.6
HIGH This Week

Remote code execution in UBB.threads forum software (version 7.7.5 confirmed) is achievable by authenticated users holding template-edit privileges, who can abuse a path traversal weakness to read and write arbitrary files within the web application's privilege scope. CERT-PL reported the issue after vendor contact attempts failed, and there is no public exploit identified at time of analysis. The flaw escalates a routine administrative capability into full server compromise without requiring user interaction.

Path Traversal RCE Ubb Threads
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Out-of-bounds write in FFmpeg's libavcodec MagicYUV decoder (libavcodec/magicyuv.c) affects all FFmpeg versions before 8.1.2, allowing remote attackers to cause denial-of-service and potentially achieve remote code execution when a victim processes a crafted MagicYUV-encoded media file. No public exploit identified at time of analysis, but the broad deployment of FFmpeg across media players, transcoding pipelines, browsers, and server-side processing makes this a high-priority patch. EPSS and CISA KEV data were not provided in the input.

RCE Memory Corruption Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 9.4
CRITICAL Act Now

Cross-site request forgery in Cotonti 1.0.0 (commit f43f1fc3) lets a remote attacker escalate privileges to administrator by tricking a logged-in admin into loading an attacker-controlled page that submits a forged rights-update request to system/admin/admin.rights.php. Because Cotonti administrators can edit templates and configuration, the resulting account can be pivoted to remote code execution on the host. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.

CSRF PHP RCE +1
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM POC This Month

Unrestricted PHP file upload in the MagicForm WordPress plugin (through version 0.1.3) enables unauthenticated remote code execution on any WordPress server running an affected installation whose form fields have an empty extension allowlist. The vulnerability is reachable via an unauthenticated AJAX endpoint, requires no privileges or user interaction, and a publicly available proof-of-concept exploit exists per WPScan. Despite the plugin's limited adoption, the combination of a public exploit, zero authentication requirement, and full server-side code execution makes this a materially higher-risk issue than the vendor-assigned CVSS score of 6.5 suggests.

PHP WordPress RCE +1
NVD WPScan VulDB
EPSS 1% CVSS 8.8
HIGH This Week

Remote code execution in the Offload, AI & Optimize with Cloudflare Images WordPress plugin (versions ≤1.10.2) allows authenticated Author-level users to inject PHP into wp-config.php via the 'account-id' or 'api-key' parameters of the cf_images_do_setup AJAX handler. The handler enforces only the upload_files capability instead of manage_options, and a single-quote escape flaw lets attackers break out of a PHP string literal during the define() write. No public exploit is identified at time of analysis, but the vulnerability is reported by Wordfence with detailed root-cause analysis.

File Upload PHP WordPress +3
NVD VulDB
EPSS 0% 4.9 CVSS 9.3
CRITICAL POC KEV THREAT Emergency

Remote code execution in PTC Windchill PDMlink and PTC FlexPLM allows unauthenticated network attackers to execute arbitrary code via deserialization of untrusted data. All releases prior to 11.0 M030 are affected, as are all CPS versions, and no public exploit identified at time of analysis. Reported by PTC themselves, the flaw carries a CVSS 4.0 base score of 9.3 (critical) reflecting high impact across confidentiality, integrity, and availability without requiring authentication or user interaction.

Deserialization RCE Windchill Pdmlink +1
NVD VulDB
EPSS 1% CVSS 8.6
HIGH This Week

Sandbox escape via prototype pollution in ThingsBoard (versions prior to v4.3.1.2) allows a TENANT_ADMIN-authenticated user to achieve arbitrary code execution within the tb-js-executor sandboxed JavaScript context. The flaw lets a rule-chain script reach the host realm through the `args.constructor.constructor` chain (e.g., synthesizing a Function that returns `process`), defeating the intended VM isolation. No public exploit identified at time of analysis, though the upstream regression test in PR #15600 effectively documents the escape technique.

Prototype Pollution RCE Thingsboard
NVD GitHub VulDB
EPSS 0% CVSS 8.4
HIGH PATCH This Week

Command injection in the AWS Bedrock AgentCore Python SDK (versions >= 1.1.3, < 1.6.1) allows remote authenticated users to execute arbitrary commands within the Code Interpreter sandbox by supplying crafted package name arguments to the install_packages() method. The flaw stems from improper neutralization of argument delimiters (CWE-88), letting attacker-controlled strings break out of the intended pip-install argument context. No public exploit identified at time of analysis, but a vendor patch and advisory are available from AWS.

Python RCE Bedrock Agentcore
NVD GitHub VulDB
EPSS 1% CVSS 8.6
HIGH PATCH This Week

Twig sandbox bypass in Pimcore CMS/DXP 12.3.8 lets authenticated administrators escape the template sandbox by abusing empty checkMethodAllowed() and checkPropertyAllowed() implementations, enabling arbitrary method calls on internal PHP objects such as the DAO layer, Doctrine DBAL Connection, and PDO. Exploitation goes through a malicious Twig template injected via the DataObject ClassDefinition Layout\Text component and can lead to arbitrary file reads, arbitrary SQL execution, and potential remote code execution via PHP object gadget chains; the pimcore_* function wildcard broadens the bypass to every Pimcore Twig function. No public exploit identified at time of analysis, but VulnCheck has published an advisory describing the technique.

Ssti PHP RCE +1
NVD GitHub
EPSS 1% CVSS 9.2
CRITICAL POC PATCH Act Now

Remote code execution in libssh2 through version 1.11.1 stems from an unchecked packet_length field in ssh2_transport_read() that allows attackers to send oversized SSH packets and corrupt heap memory. The flaw was reported by VulnCheck and is fixed upstream in commit 97acf3df (PR #2052), which adds an upper-bound check against LIBSSH2_PACKET_MAXPAYLOAD. No public exploit has been identified at time of analysis, but the CVSS 4.0 score of 9.2 reflects pre-authentication network reach with high impact on confidentiality, integrity, and availability.

Buffer Overflow RCE Libssh2
NVD GitHub VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Authorization bypass in Gitea versions prior to 1.26.0 lets a read-only organization member create repositories in the organization namespace via the API fork endpoint, despite a team configuration that denies repository creation (can_create_org_repo=false). Because the fork creator receives admin rights on the resulting repo, the attacker can enable Actions and push a workflow that exfiltrates all organization-level CI/CD secrets (deploy keys, cloud credentials, API tokens). Publicly available exploit code exists in the GHSA advisory with a full step-by-step PoC; no public exploit identified at time of analysis beyond the reporter's reproduction.

Docker RCE Authentication Bypass +2
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL PATCH Act Now

Unauthenticated remote code execution in NVIDIA Spatial Intelligence Lab's GEN3C inference API server allows network attackers to execute arbitrary Python code by sending crafted pickle payloads to the /request-inference and /seed-model endpoints. The endpoints feed raw HTTP bodies directly into pickle.loads() with no authentication or validation, so a standard __reduce__ gadget yields code execution as the inference process. No public exploit identified at time of analysis, but the upstream patch and a VulnCheck advisory document the precise vulnerable code path.

Nvidia Deserialization Python +2
NVD GitHub
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Scanner evasion in picklescan versions prior to 1.0.3 lets an attacker smuggle malicious PyTorch pickle payloads past the scan_pytorch detection routine and gain arbitrary code execution when the model is later loaded with torch.load(). The bypass exploits a parser-differential between picklescan's pickletools.genops()-based magic-number extraction and PyTorch's pickle_module.load(), allowing a __reduce__(eval, ('MAGIC_NUMBER',)) trick to produce files that scan as clean but still deserialize correctly. A detailed proof-of-concept is published in the GHSA advisory and the VulnCheck writeup; no CISA KEV listing or EPSS score was supplied in the input.

Code Injection RCE Picklescan
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL PATCH Act Now

Arbitrary code execution in picklescan versions prior to 1.0.1 allows attackers to bypass the scanner's malicious pickle detection by obfuscating eval calls nested under callable objects via getattr, causing the very tool intended to detect malicious pickles to miss them. Publicly available exploit code exists via the GHSA advisory PoC, though no public exploit identified at time of analysis as actively used in attacks; the CVSS 4.0 score of 9.3 reflects unauthenticated network-reachable impact on confidentiality, integrity, and availability.

Deserialization RCE Picklescan
NVD GitHub VulDB
EPSS 0% CVSS 9.3
CRITICAL PATCH Act Now

Arbitrary code execution bypass in picklescan before 1.0.4 allows attackers to smuggle malicious pickle files past the scanner by invoking the module-level profile.run() function, which is missing from the blocklist that only covers Profile.run and Profile.runctx. The scanner reports zero issues while pickle.loads() triggers exec() of attacker-controlled Python. No public exploit identified at time of analysis beyond the proof-of-concept in the GHSA advisory, and the issue is not listed in CISA KEV.

Python RCE Picklescan
NVD GitHub
EPSS 1% CVSS 10.0
CRITICAL PATCH Act Now

Remote code execution against users of picklescan versions prior to 1.0.4 is achievable by smuggling any blocked function past its scanner using pkgutil.resolve_name as an indirection primitive. Because pkgutil.resolve_name is not on the blocklist, an attacker can chain two REDUCE opcodes to resolve and invoke os.system, builtins.exec, subprocess.call, or any other dangerous function while the scanner reports the pickle as CLEAN - a universal blocklist bypass that defeats picklescan's entire safety premise. No public exploit is identified in CISA KEV, but the GHSA advisory authored by VulnCheck publishes a complete working technique, so weaponization is trivial.

RCE Picklescan
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL PATCH Act Now

Remote code execution in picklescan before 0.0.33 enables attackers to bypass the tool's malicious-pickle detection by smuggling the unblocked ctypes module into a pickle payload. A working POC demonstrates loading kernel32.dll via ctypes.WinDLL and invoking WinExec to launch arbitrary commands during pickle deserialization scans or downstream loads. Publicly available exploit code exists in the GHSA-4675-36f9-wf6r advisory, and the flaw undermines the very security guarantee picklescan is deployed to provide for ML model pipelines.

RCE Picklescan
NVD GitHub
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Security check bypass in PickleScan versions before 0.0.33 allows attackers to smuggle arbitrary code execution payloads past the scanner by invoking the pty.spawn function, which was omitted from the unsafe globals deny-list. Publicly available exploit code exists (released as part of the HeroCTF 2025 'Irreductible 2' challenge writeup), and the flaw is particularly impactful for platforms like Hugging Face and other ML pipelines that rely on PickleScan to vet PyTorch model files. No public exploit identified at time of analysis in CISA KEV.

RCE Picklescan
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL PATCH Act Now

Arbitrary file write in picklescan before 0.0.33 lets attackers bypass the tool's dangerous-call blocklist by abusing distutils.file_util.write_file inside crafted pickle payloads. Because picklescan is used as a safety gate before loading ML model pickles, a bypass means malicious models pass scanning and can overwrite files on disk to achieve denial of service or remote code execution. Publicly available exploit code exists in the GHSA advisory, though there is no public exploit identified at time of analysis indicating active exploitation.

Denial Of Service Deserialization RCE +1
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL PATCH Act Now

Arbitrary code execution in picklescan before 0.0.33 allows remote attackers to bypass the scanner's malicious-pickle detection by using pydoc.locate and operator.methodcaller, which were missing from the deny-list. Any downstream tool that trusts a 'clean' picklescan verdict and then deserializes the pickle (e.g., ML model loaders) will execute attacker-supplied code. Publicly available exploit code exists (GHSA PoC), and CVSS 4.0 is rated 9.3 Critical, though no public exploit identified at time of analysis in CISA KEV.

RCE Picklescan
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

Missing authentication on a critical function in Dell PowerFlex Manager allows an adjacent-network attacker to invoke privileged operations without credentials, yielding code execution, denial of service, information disclosure, tampering, and unauthorized access. No public exploit identified at time of analysis, and the affected version range was not populated in the source advisory placeholder. Dell self-reported the issue under DSA-2026-066.

Information Disclosure Denial Of Service RCE +3
NVD VulDB
EPSS 1% CVSS 9.3
CRITICAL PATCH Act Now

Remote code execution in python-statemachine 3.0.0 through 3.1.x allows attackers to run arbitrary Python in the host process by supplying a crafted SCXML document whose `<data expr="...">` attributes are passed unsandboxed to eval() inside SCXMLProcessor. Reported by VulnCheck with publicly available exploit code and a vendor advisory (GHSA-v4jc-pm6r-3vj8); no public exploit identified at time of analysis as actively in the wild, and the flaw is not listed in CISA KEV.

Python Code Injection RCE +1
NVD GitHub VulDB
EPSS 1% CVSS 9.6
CRITICAL PATCH Act Now

Remote code execution in OpenHuman desktop agent through 0.54.0 allows attackers to escape the Supervised SecurityPolicy sandbox and run arbitrary OS commands as the desktop user via indirect prompt injection. Two allowlist bypasses in src/openhuman/security/policy.rs - missing coverage of find's -execdir/-okdir flags and pre-validation stripping of inline KEY=value env assignments (e.g. GIT_EXTERNAL_DIFF, GIT_SSH_COMMAND) - let an attacker turn an allowlisted command into arbitrary execution. No public exploit identified at time of analysis, but the vendor has shipped a fix in commit 60050aa (first stable release 0.56.0).

Command Injection RCE Openhuman
NVD GitHub
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Local privilege escalation in the Pi coding agent (npm packages @earendil-works/pi-coding-agent 0.74.0-0.78.0 and @mariozechner/pi-coding-agent 0.50.0-0.73.1) allows a co-resident attacker on a shared Linux host to pre-stage attacker-controlled extension code in a predictable `os.tmpdir()/pi-extensions` path that pi later loads as the victim user. No public exploit identified at time of analysis, but the issue was reported by CrowdStrike researchers and patched in 0.78.1 of the renamed package. Affects shared dev boxes, CI runners, and HPC login nodes; Windows/macOS default per-user temp directories typically avoid exposure.

Microsoft Apple Crowdstrike +4
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

Stack-based buffer overflow in rxi microtar 0.1.0 allows remote attackers to crash or potentially execute arbitrary code in applications that parse attacker-supplied TAR archives. The flaw lies in raw_to_header() (src/microtar.c:112), which uses strcpy() on fixed-width 100-byte ustar name/linkname fields that are not guaranteed to be null-terminated, enabling a 356-byte out-of-bounds read confirmed via AddressSanitizer. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

RCE Stack Overflow Buffer Overflow +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Remote code execution in the Monetizemore Advanced Ads WordPress plugin through version 2.0.21 allows authenticated attackers with low privileges to inject and execute arbitrary code via a code injection flaw (CWE-94). The issue was disclosed by Patchstack and carries a CVSS 3.1 base score of 7.5 (high) with high attack complexity. No public exploit identified at time of analysis.

Code Injection RCE Advanced Ads
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Unrestricted file upload in HCL ZIE for Web (Z and I Emulator) version 16.0 allows remote attackers to upload a web shell that can yield arbitrary command execution on the server, but only when the server is configured to execute uploaded code and the file lands inside the Webroot. The CVSS 3.1 base score is 9.8, yet CISA's SSVC framework rates exploitation as 'none' and not automatable with only partial technical impact, and EPSS sits at just 0.34% (26th percentile). No public exploit is identified at time of analysis and the issue is not listed in CISA KEV.

File Upload Information Disclosure RCE +1
NVD VulDB
EPSS 0% CVSS 8.4
HIGH This Week

Local privilege escalation in Quanos SCHEMA ST4 on-premises allows an authenticated local user to gain NT AUTHORITY\SYSTEM by abusing insecure .NET Remoting deserialization in the Client Update Service. The endpoint, reachable through a local named pipe with TypeFilterLevel.Full, accepts attacker-controlled serialized objects and yields arbitrary code execution in the update process context. No public exploit identified at time of analysis, though a SEC-Consult/SEC-VLab advisory documents the issue.

Privilege Escalation Deserialization RCE +1
NVD
EPSS 1% CVSS 9.9
CRITICAL Act Now

Remote code execution in Blocksy Companion Pro (Creative Themes) versions 2.1.37 and earlier allows authenticated users with Contributor-level WordPress privileges to inject and execute arbitrary code on the underlying server. The flaw carries a CVSS 3.1 base score of 9.9 with scope change, reflecting that successful exploitation breaks out of the WordPress application context. No public exploit identified at time of analysis, but Patchstack has catalogued the issue in its WordPress vulnerability database.

Code Injection RCE Blocksy Companion Pro
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap buffer overflow in WebRTC in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Google Microsoft Heap Overflow +4
NVD VulDB
Prev Page 8 of 355 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy