Skip to main content

Remote Code Execution

other CRITICAL

Remote Code Execution represents the critical moment when an attacker successfully runs arbitrary code on a target system without physical access.

How It Works

Remote Code Execution represents the critical moment when an attacker successfully runs arbitrary code on a target system without physical access. Unlike a single vulnerability class, RCE is an outcome—the catastrophic result of exploiting underlying weaknesses in how applications process input, manage memory, or handle executable content.

Attackers typically achieve RCE by chaining vulnerabilities or exploiting a single critical flaw. Common pathways include injecting malicious payloads through deserialization flaws (where untrusted data becomes executable objects), command injection (where user input flows into system commands), buffer overflows (overwriting memory to hijack execution flow), or unsafe file uploads (placing executable code on the server). Server-Side Template Injection and SQL injection can also escalate to code execution when attackers leverage database or template engine features.

The attack flow usually begins with reconnaissance to identify vulnerable endpoints, followed by crafting a payload that exploits the specific weakness, then executing commands to establish persistence or pivot deeper into the network. Modern exploits often use multi-stage payloads—initial lightweight code that downloads and executes more sophisticated tooling.

Impact

  • Complete system compromise — attacker gains shell access with application privileges, potentially escalating to root/SYSTEM
  • Data exfiltration — unrestricted access to databases, configuration files, credentials, and sensitive business data
  • Lateral movement — compromised server becomes a beachhead to attack internal networks and other systems
  • Ransomware deployment — direct pathway to encrypt files and disable backups
  • Persistence mechanisms — installation of backdoors, web shells, and rootkits for long-term access
  • Supply chain attacks — modification of application code or dependencies to compromise downstream users

Real-World Examples

The n8n workflow automation platform (CVE-2024-21858) demonstrated how RCE can emerge in unexpected places-attackers exploited unsafe workflow execution to run arbitrary code on self-hosted instances. The Log4j vulnerability (Log4Shell) showed RCE at massive scale when attackers sent specially crafted JNDI lookup strings that triggered remote class loading in Java applications worldwide.

Atlassian Confluence instances have faced multiple RCE vulnerabilities through OGNL injection flaws, where attackers inject Object-Graph Navigation Language expressions that execute with server privileges. These required no authentication, enabling attackers to compromise thousands of internet-exposed instances within hours of disclosure.

Mitigation

  • Input validation and sanitization — strict allowlists for all user-controlled data, especially in execution contexts
  • Sandboxing and containerization — isolate application processes with minimal privileges using containers, VMs, or security contexts
  • Disable dangerous functions — remove or restrict features like code evaluation, system command execution, and dynamic deserialization
  • Network segmentation — limit blast radius by isolating sensitive systems and restricting outbound connections
  • Web Application Firewalls — detect and block common RCE patterns in HTTP traffic
  • Runtime application self-protection (RASP) — monitor application behavior for execution anomalies
  • Regular patching — prioritize updates for components with known RCE vulnerabilities

Recent CVEs (31889)

EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in WebView in Google Chrome on Android prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Use After Free RCE Memory Corruption +5
NVD VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Use after free in Chromoting in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: High)

Use After Free RCE Memory Corruption +5
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Type Confusion in V8 in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Memory Corruption Google RCE +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in WebRTC in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Use After Free RCE Memory Corruption +5
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in media in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Use After Free RCE Memory Corruption +5
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in Codecs in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Use After Free RCE Memory Corruption +5
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Use after free in Cast in Google Chrome prior to 147.0.7727.138 allowed an attacker on the local network segment to execute arbitrary code inside a sandbox via malicious network traffic. (Chromium security severity: High)

Use After Free RCE Memory Corruption +5
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in Navigation in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Use After Free RCE Memory Corruption +5
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in Animation in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Use After Free RCE Memory Corruption +5
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in Canvas in Google Chrome on Linux, ChromeOS prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Critical)

Use After Free RCE Memory Corruption +5
NVD VulDB
EPSS 0% CVSS 5.8
MEDIUM PATCH This Month

OpenClaw before 2026.4.8 contains a remote code execution vulnerability caused by missing environment variable denylist entries for HGRCPATH, CARGO_BUILD_RUSTC_WRAPPER, RUSTC_WRAPPER, and MAKEFLAGS. Attackers can inject malicious build tool environment variables to influence host exec commands and achieve arbitrary code execution.

RCE Openclaw
NVD GitHub VulDB
EPSS 0% CVSS 8.5
HIGH PATCH This Week

Environment variable injection in OpenClaw's CLI backend runner enables local attackers to achieve arbitrary code execution or exfiltrate sensitive data by manipulating workspace configuration files. Attackers with the ability to supply malicious workspace configs can inject environment variables into backend processes during spawning, exploiting CWE-15 (external control of system or configuration setting). Vendor patch available via GitHub commit c2fb7f1. CVSS 8.5 reflects high impact across confidentiality, integrity, and availability, though exploitation requires local access and user interaction to load the malicious workspace config. No evidence of active exploitation (not in CISA KEV) or public proof-of-concept at time of analysis.

Information Disclosure RCE Openclaw
NVD GitHub
EPSS 0% CVSS 7.7
HIGH PATCH This Week

Remote code execution in OpenClaw gateway versions before 2026.3.31 allows attackers with trusted paired node credentials (role=node) to escalate privileges and execute arbitrary code on the gateway by abusing unrestricted agent.request dispatch functionality. The vulnerability stems from insufficient access controls on node.event agent requests, enabling low-privilege paired nodes to invoke gateway-side tools without restriction. EPSS exploitation probability and KEV status not yet available for this recently disclosed vulnerability, but a vendor patch and exploit details are publicly documented.

Authentication Bypass Privilege Escalation RCE +1
NVD GitHub
EPSS 0% CVSS 5.8
MEDIUM PATCH This Month

OpenClaw before 2026.3.31 allows authenticated users with approved host-exec requests to execute arbitrary code during build processes by overriding compiler binary environment variables (CC, CXX, CARGO_BUILD_RUSTC, CMAKE_C_COMPILER) through an incomplete host-env-security-policy.json configuration. The vulnerability requires local access and prior authentication to an OpenClaw instance, but enables full code execution with inherited privileges during compilation. No public exploit code has been identified at time of analysis.

RCE Openclaw
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

Remote code execution in NVIDIA FLARE SDK allows authenticated attackers to execute arbitrary code by sending maliciously crafted FOBS-encoded messages that exploit unsafe deserialization in the FOBS component. The vulnerability affects federated learning deployments where NVIDIA FLARE SDK processes messages from low-privileged authenticated users, enabling complete system compromise with high impact to confidentiality, integrity, and availability. No active exploitation confirmed (not in CISA KEV) and public exploit status unknown at time of analysis.

Nvidia Deserialization RCE
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Authentication bypass in NVIDIA NVFlare Dashboard allows remote unauthenticated attackers to escalate privileges through user-controlled key manipulation in the authentication system. The vulnerability affects the NVIDIA Flare SDK and enables complete system compromise including arbitrary code execution, data tampering, information disclosure, and denial of service. With a CVSS score of 9.8 (critical severity) and maximum exploitability metrics (AV:N/AC:L/PR:N/UI:N), this represents a severe security flaw requiring immediate remediation, though no active exploitation (KEV) or public exploit code has been identified at time of analysis.

RCE Authentication Bypass Nvidia +3
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Remote code execution in StellarGroup HPX 1.11.0 allows unauthenticated attackers to execute arbitrary code through insecure deserialization of untrusted input. Publicly available exploit code exists (GitHub Gist POC) with CISA SSVC classifying this as automatable with total technical impact, though EPSS indicates only 2% probability of exploitation in the wild. The CWE-502 vulnerability enables complete system compromise when untrusted data is deserialized under specific deployment conditions not detailed in the description.

Deserialization RCE Hpx
NVD GitHub VulDB
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Multiple memory corruption vulnerabilities in Firefox 150.0.0 and Thunderbird 150.0.0 enable remote code execution through memory safety bugs. Mozilla's security advisory confirms these flaws could allow arbitrary code execution with sufficient exploit development. No active exploitation confirmed at time of analysis, but SSVC framework rates this as automatable with partial technical impact. Vendor-released patch available in Firefox 150.0.1.

Buffer Overflow Mozilla RCE
NVD VulDB
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Memory safety bugs present in Firefox ESR 140.10.0, Thunderbird ESR 140.10.0, Firefox 150.0.0 and Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.1 and Firefox ESR 140.10.1.

Buffer Overflow Memory Corruption Mozilla +1
NVD VulDB
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Memory safety bugs present in Firefox ESR 115.35.0, Firefox ESR 140.10.0, Thunderbird ESR 140.10.0, Firefox 150.0.0 and Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.1, Firefox ESR 140.10.1, and Firefox ESR 115.35.1.

Buffer Overflow Mozilla RCE
NVD VulDB
EPSS 0% CVSS 9.2
CRITICAL POC PATCH Act Now

Remote code execution in OpenCATS installer allows unauthenticated attackers to inject and execute arbitrary PHP code by manipulating the AJAX endpoint's databaseConnectivity action parameter. The injected code persists in config.php and executes on every page load while the installation wizard remains incomplete. Publicly available exploit code demonstrates breakout from define() string context using quote and statement separator techniques. Patch available via GitHub commit 3002a29, though CVSS AC:H (high complexity) suggests exploitation requires specific timing or environmental conditions during installation phase.

PHP Code Injection RCE +1
NVD GitHub VulDB
EPSS 0% CVSS 8.4
HIGH This Week

Unquoted service path vulnerability in AVACAST by eMPIA Technology enables local privilege escalation from high-privileged user to SYSTEM. Attackers with administrative access can plant malicious executables in unquoted paths, achieving arbitrary code execution with system-level privileges upon service restart. Taiwan CERT (TWCERT) published advisories confirming the vulnerability. No public exploit code identified at time of analysis, and exploitation requires existing administrative privileges, limiting practical risk to environments where privileged user compromise is a concern.

RCE Avacast
NVD
EPSS 0% CVSS 8.5
HIGH This Week

Local privilege escalation in eMPIA Technology AVACAST allows authenticated local users to execute arbitrary code with SYSTEM privileges by placing a malicious DLL in a specific directory exploited during application startup. This DLL hijacking vulnerability (CWE-427) requires low-complexity exploitation with no user interaction once local access is obtained. Taiwan's TWCERT issued advisories on this vulnerability, indicating regional awareness though no CISA KEV listing or public exploit code has been identified at time of analysis.

RCE Avacast
NVD
EPSS 0% CVSS 4.8
MEDIUM PATCH This Month

Remote code execution in DeskTime Time Tracking App before version 1.3.674 via improper TLS certificate validation allows network-positioned attackers to serve malicious executables during application updates without requiring user interaction. The vulnerability exploits the update mechanism's failure to properly validate TLS certificates, enabling an attacker in a man-in-the-middle position to achieve user-level code execution. EPSS score of 0.02% suggests low real-world exploitation probability despite RCE severity, likely due to the requirement for network positioning and the attack's reliance on coinciding update requests.

RCE Desktime Time Tracking
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

Booking Package plugin for WordPress up to version 1.7.06 allows unauthenticated attackers to manipulate booking prices via the intentForStripe() function, which accepts unsanitized $_POST['amount'] values and passes them directly to the Stripe PaymentIntent API without validation. The vulnerability is compounded by commented-out code in CreditCard.php that would normally enforce server-calculated pricing, enabling attackers to complete bookings at arbitrary prices (e.g., $0.01 instead of $500.00) with no authentication required. This is a confirmed price manipulation vulnerability with no active KEV exploitation reported but represents significant financial fraud risk.

PHP WordPress RCE
NVD
EPSS 0% CVSS 8.6
HIGH PATCH This Week

Filter expression injection in Spring AI 1.0.0-1.0.5 and 1.1.0-1.1.4 allows remote unauthenticated attackers to manipulate vector store queries through unescaped keys and values in FilterExpressionConverter implementations. The vulnerability enables query language injection across multiple vector database backends, potentially exposing sensitive data (CVSS:C:H) and modifying query results (CVSS:I:L). VMware has released patches in versions 1.0.6 and 1.1.5. No active exploitation confirmed (not in CISA KEV), but the network-accessible attack vector (AV:N/AC:L/PR:N) and code injection classification (CWE-94) indicate significant risk for applications processing untrusted filter expressions.

Java Code Injection RCE
NVD
EPSS 0% CVSS 8.9
HIGH This Week

Stored Cross-Site Scripting in HTMLy 3.1.1 allows authenticated users with content creation privileges to inject malicious JavaScript via the image upload endpoint (/add/content?type=image), executing arbitrary code in victim browsers with scope change (S:C) indicating potential account takeover or session hijacking. Public proof-of-concept exists (YouTube demonstration and GitHub writeup), though EPSS score remains low (2%, 4th percentile) and no active exploitation has been confirmed by CISA KEV. CVSS 8.9 reflects high confidentiality and integrity impact but requires victim interaction.

XSS RCE N A
NVD GitHub
EPSS 0% CVSS 8.1
HIGH POC PATCH This Week

mod_sql in ProFTPD before 1.3.10rc1 allows remote attackers to execute arbitrary code via a username, in scenarios where there is logging of USER requests with an expansion such as %U, and the SQL backend allows commands (e.g., COPY TO PROGRAM).

SQLi RCE Proftpd
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Timing attack against Spring Boot DevTools remote secret comparison allows adjacent network attackers to recover the shared secret and achieve remote code execution by uploading malicious classes. Affects Spring Boot 2.7.x through 4.0.x when DevTools remote feature is enabled. Attacker must be on same network segment (AV:A) and overcome high attack complexity (timing-based cryptographic weakness), but requires no authentication or user interaction. CVSS 7.5 severity reflects adjacent vector limitation; real-world risk depends heavily on whether DevTools remote restart is enabled in production (not recommended practice) and network segmentation. No confirmed active exploitation (not in CISA KEV). Vendor-released patches available across all affected branches.

Java RCE Red Hat
NVD HeroDevs VulDB
EPSS 0% CVSS 8.6
HIGH PATCH This Week

Improper use of the static-eval npm package in the open source solution qnabot-on-aws versions 7.2.4 and earlier may allow an authenticated administrator to execute arbitrary code within the fulfillment Lambda execution context by injecting a crafted conditional chaining expression via the Content Designer interface, which bypasses the intended expression sandbox through JavaScript prototype manipulation. This may grant direct access to backend resources (Lambda environment variables, OpenSearch indices, S3 objects, DynamoDB tables) that are not exposed through normal administrative interfaces. We recommend you upgrade to version 7.3.0 or above.

Node.js Code Injection RCE
NVD GitHub VulDB
EPSS 0% CVSS 8.7
HIGH POC This Week

ProjeQtor versions 7.0 through 12.4.3 contain a ZipSlip path traversal vulnerability in the plugin upload functionality that allows authenticated attackers with upload permissions to write files outside the intended extraction directory by crafting ZIP archives with directory traversal sequences. Attackers can exploit unvalidated archive extraction to write a PHP webshell to a web-accessible directory and achieve remote code execution with the privileges of the web server process.

RCE PHP Path Traversal
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Use-after-free memory corruption in Foxit PDF Editor and Foxit PDF Reader allows local attackers to crash the application or execute arbitrary code by opening a crafted XFA PDF file during calculate event processing. The vulnerability requires user interaction (opening a malicious PDF) but impacts both products across all versions listed in CPE data. No public exploit code or active exploitation has been confirmed at this time.

Memory Corruption Use After Free RCE +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

The ConsulRegistry in the camel-consul component (class org.apache.camel.component.consul.ConsulRegistry and its inner ConsulRegistryUtils.deserialize method) read Java-serialized values from the Consul KV store and passed them to ObjectInputStream.readObject() without configuring an ObjectInputFilter. An attacker who can write to the Consul KV store backing a Camel ConsulRegistry instance could inject a malicious serialized Java object that is deserialized the next time Camel performs a lookup against that registry, leading to arbitrary code execution in the Camel process. The issue mirrors the class of vulnerability already addressed for other Camel components in CVE-2024-22369, CVE-2024-23114 and CVE-2026-25747, and was overlooked during the original remediation of those CVEs. This issue affects Apache Camel: from 3.0.0 before 4.14.6, from 4.15.0 before 4.18.1. Users are recommended to upgrade to version 4.19.0, which fixes the issue. If users are on the 4.14.x LTS releases stream, then they are suggested to upgrade to 4.14.6. If users are on the 4.18.x releases stream, then they are suggested to upgrade to 4.18.1.

RCE Java Deserialization +2
NVD VulDB
EPSS 1% CVSS 10.0
CRITICAL POC PATCH Act Now

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Apache Camel Camel-Coap component. Apache Camel's camel-coap component is vulnerable to Camel message header injection, leading to remote code execution when routes forward CoAP requests to header-sensitive producers (e.g. camel-exec) The camel-coap component maps incoming CoAP request URI query parameters directly into Camel Exchange In message headers without applying any HeaderFilterStrategy.   Specifically, CamelCoapResource.handleRequest() iterates over OptionSet.getUriQuery() and calls camelExchange.getIn().setHeader(...) for every query parameter. CoAPEndpoint extends DefaultEndpoint rather than DefaultHeaderFilterStrategyEndpoint, and CoAPComponent does not implement HeaderFilterStrategyComponent; the component contains no references to HeaderFilterStrategy at all. As a result, an unauthenticated attacker who can send a single CoAP UDP packet to a Camel route consuming from coap:// can inject arbitrary Camel internal headers (those prefixed with Camel*) into the Exchange. When the route delivers the message to a header-sensitive producer such as camel-exec, camel-sql, camel-bean, camel-file, or template components (camel-freemarker, camel-velocity), the injected headers can alter the producer's behavior. In the case of camel-exec, the CamelExecCommandExecutable and CamelExecCommandArgs headers override the executable and arguments configured on the endpoint, resulting in arbitrary OS command execution under the privileges of the Camel process. The producer's output is written back to the Exchange body and returned in the CoAP response payload by CamelCoapResource, giving the attacker an interactive RCE channel without any need for out-of-band exfiltration.                                                                                                                                                                         Exploitation prerequisites are minimal: a single unauthenticated UDP datagram to the CoAP port (default 5683). CoAP (RFC 7252) has no built-in authentication, and DTLS is optional and disabled by default. Because the protocol is UDP-based, HTTP-layer WAF/IDS controls do not apply. This issue affects Apache Camel: from 4.14.0 through 4.14.5, from 4.18.0 before 4.18.1, 4.19.0. Users are recommended to upgrade to version 4.18.1 or 4.19.0, fixing the issue.

RCE Microsoft Command Injection +2
NVD VulDB GitHub
EPSS 0% CVSS 8.8
HIGH POC PATCH This Week

The camel-infinispan component's ProtoStream-based remote aggregation repository deserializes data read from a remote Infinispan cache using java.io.ObjectInputStream without applying any ObjectInputFilter. An attacker who can write to the Infinispan cache used by a Camel application can inject a crafted serialized Java object that, when read during normal aggregation repository operations such as get or recover, results in arbitrary code execution in the context of the application. This issue affects Apache Camel: from 4.0.0 before 4.14.7, from 4.15.0 before 4.18.2, from 4.19.0 before 4.20.0. Users are recommended to upgrade to version 4.20.0, which fixes the issue. If users are on the 4.14.x LTS releases stream, then they are suggested to upgrade to 4.14.7. If users are on the 4.18.x releases stream, then they are suggested to upgrade to 4.18.2. The JIRA ticket: https://issues.apache.org/jira/browse/CAMEL-23322 refers to the various commits that resolved the issue, and have more details. This issue follows the same class of vulnerability previously addressed in CVE-2024-22369, CVE-2024-23114 and CVE-2026-25747.

RCE Java Atlassian +3
NVD VulDB GitHub
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Remote code execution in Apache MINA 2.0.0-2.0.27, 2.1.0-2.1.10, and 2.2.0-2.2.5 allows unauthenticated network attackers to execute arbitrary code by exploiting unsafe deserialization in AbstractIoBuffer.resolveClass(). The vulnerability bypasses classname allowlist protections due to incomplete validation of static classes and primitive types. CVSS 9.8 critical severity reflects trivial network-based exploitation requiring no authentication or user interaction. Applications using IoBuffer.getObject() are affected. Vendor-released patches available in versions 2.0.28, 2.1.11, and 2.2.6.

RCE Deserialization Apache +1
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

JmsBinding.extractBodyFromJms() in camel-jms, and the equivalent JmsBinding class in camel-sjms, deserialized the payload of incoming JMS ObjectMessage values via javax.jms.ObjectMessage.getObject() without applying any ObjectInputFilter, class allowlist or class denylist. Because this code path is reached whenever the mapJmsMessage option is enabled (the default) and Camel acts as a JMS consumer, an attacker able to publish a crafted ObjectMessage to a queue or topic consumed by a Camel application could achieve remote code execution when a deserialization gadget chain was present on the classpath. The same handling was reached transitively through camel-sjms2 (whose Sjms2Endpoint extends SjmsEndpoint) and through camel-amqp (whose AMQPJmsBinding extends JmsBinding), and by other JMS-family components built on JmsComponent such as camel-activemq and camel-activemq6. This issue affects Apache Camel: from 3.0.0 before 4.14.7, from 4.15.0 before 4.18.2, from 4.19.0 before 4.20.0. Users are recommended to upgrade to version 4.20.0, which fixes the issue. If users are on the 4.14.x LTS releases stream, then they are suggested to upgrade to 4.14.7. If users are on the 4.18.x releases stream, then they are suggested to upgrade to 4.18.2.

RCE Deserialization Apache +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH POC PATCH This Week

The camel-mina component's MinaConverter.toObjectInput(IoBuffer) type converter wraps an IoBuffer in a java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. When a Camel route uses camel-mina as a TCP or UDP consumer and requests conversion to ObjectInput (for example via getBody(ObjectInput.class) or @Body ObjectInput), an attacker sending a crafted serialized Java object over the network to the MINA consumer port can trigger arbitrary code execution in the context of the application during readObject(). This issue affects Apache Camel: from 3.0.0 before 4.14.6, from 4.15.0 before 4.18.2, from 4.19.0 before 4.20.0. Users are recommended to upgrade to version 4.20.0, which fixes the issue. If users are on the 4.14.x LTS releases stream, then they are suggested to upgrade to 4.14.6. If users are on the 4.18.x releases stream, then they are suggested to upgrade to 4.18.2.

RCE Java Deserialization +2
NVD GitHub VulDB
EPSS 0% CVSS 9.9
CRITICAL PATCH Act Now

The fix for CVE-2025-27636 added setLowerCase(true) to HttpHeaderFilterStrategy so that case-variant header names such as 'CAmelExecCommandExecutable' are filtered out alongside 'CamelExecCommandExecutable'. The same setLowerCase(true) call was not applied to five non-HTTP HeaderFilterStrategy implementations: JmsHeaderFilterStrategy and ClassicJmsHeaderFilterStrategy in camel-jms, SjmsHeaderFilterStrategy in camel-sjms, CoAPHeaderFilterStrategy in camel-coap, and GooglePubsubHeaderFilterStrategy in camel-google-pubsub. Because those strategies use case-sensitive String.startsWith('Camel'/'camel') filtering while the Camel Exchange stores headers in a case-insensitive map, an attacker with JMS (or equivalent) producer access to the broker consumed by a Camel route can inject case-variant Camel internal headers, which are then resolved by downstream components such as camel-exec and camel-file using their canonical casing. This enables remote code execution and arbitrary file write on routes that forward JMS messages to header-driven components. This issue affects Apache Camel: from 3.0.0 before 4.14.6, from 4.15.0 before 4.18.2, from 4.19.0 before 4.20.0. Users are recommended to upgrade to version 4.20.0, which fixes the issue. If users are on the 4.14.x LTS releases stream, then they are suggested to upgrade to 4.14.6. If users are on the 4.18.x releases stream, then they are suggested to upgrade to 4.18.2.

Microsoft RCE Google +3
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

The Camel-PQC FileBasedKeyLifecycleManager class deserializes the contents of `<keyId>.key` files in the configured key directory using java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. The cast to `java.security.KeyPair` is evaluated only after `readObject()` has already returned, so any `readObject()` side effects in the deserialized object run before the type check. An attacker who can write to the key directory used by a Camel application - for example through a path traversal into the directory, misconfigured filesystem permissions on the volume where keys are stored, a compromised key provisioning pipeline, or a symlink attack - can place a crafted serialized Java object that, when deserialized during normal key lifecycle operations, results in arbitrary code execution in the context of the application. This issue affects Apache Camel: from 4.19.0 before 4.20.0, from 4.18.0 before 4.18.2. Users are recommended to upgrade to version 4.20.0, which fixes the issue by replacing java.io.ObjectInputStream-based key and metadata storage with standard PKCS#8 (private key) / X.509 SubjectPublicKeyInfo (public key) Base64 JSON encoding. For users on the 4.18.x LTS releases stream, upgrade to 4.18.2.

RCE Java Apache +3
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

A remote code execution (RCE) vulnerability in the /devserver/start endpoint of leonvanzyl autocoder commit 79d02a allows attackers to execute arbitrary code via providing a crafted command parameter.

Command Injection RCE N A
NVD GitHub
EPSS 0% CVSS 8.6
HIGH POC This Week

iSmartViewPro 1.5 contains a structured exception handling (SEH) buffer overflow vulnerability in the 'Save Path for Snapshot and Record file' field that allows local attackers to execute arbitrary. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Ismartviewpro
NVD Exploit-DB VulDB
EPSS 0% CVSS 8.6
HIGH POC This Week

Faleemi Desktop Software 1.8.2 contains a local buffer overflow vulnerability in the Device alias field that allows local attackers to trigger a structured exception handler (SEH) overwrite. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Faleemi Desktop Software
NVD Exploit-DB VulDB
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Remote code execution in simple-git before 3.36.0 allows unauthenticated attackers to execute arbitrary commands via incomplete sanitization of command-line options. The vulnerability bypasses the prior CVE-2022-25912 fix by accepting --config instead of the blocked -c flag, enabling protocol.ext.allow=always configuration and malicious ext:: URLs. Publicly available exploit code exists (POC confirmed), with EPSS score of 0.08% indicating low current exploitation probability despite the theoretical severity. SSVC framework classifies this as automatable with total technical impact.

Code Injection RCE Simple Git
NVD GitHub VulDB
EPSS 1% CVSS 5.3
MEDIUM POC PATCH This Month

CyberPanel versions prior to 2.4.4 contain a stored cross-site scripting vulnerability in the AI Scanner dashboard where the POST /api/ai-scanner/callback endpoint lacks authentication and allows unauthenticated attackers to inject malicious JavaScript by overwriting the findings_json field of ScanHistory records. Attackers can inject JavaScript that executes in an administrator's authenticated session when they visit the AI Scanner dashboard, allowing them to issue same-origin requests to plant cron jobs and achieve remote code execution on the server.

XSS RCE Cyberpanel
NVD GitHub VulDB
EPSS 0% CVSS 4.8
MEDIUM PATCH This Month

Traefik versions prior to 2.11.43, 3.6.14, and 3.7.0-rc.2 fail to enforce cross-namespace isolation for middleware references nested inside Chain middlewares, allowing actors with permission to create CRDs in their own namespace to bypass the allowCrossNamespace=false restriction and apply middleware from arbitrary namespaces. This authorization bypass affects Kubernetes clusters relying on namespace isolation controls and can enable unauthorized reuse of security-sensitive middleware policies across namespace boundaries.

Kubernetes Information Disclosure RCE +2
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Authenticated local users can execute arbitrary code on Windows, macOS, and Linux via HTML injection in SiYuan desktop notification messages through version 3.6.4. The Electron-based desktop application mishandles notification rendering with unsafe settings (nodeIntegration enabled, contextIsolation disabled, webSecurity disabled), escalating XSS to full system compromise. Vendor-released patch available in version 3.6.5. No evidence of active exploitation (not in CISA KEV) or public exploit code at time of analysis.

XSS Microsoft Command Injection +1
NVD GitHub VulDB
EPSS 0% CVSS 7.4
HIGH This Week

GitHub Actions workflow injection in Skim's CI pipeline allows remote code execution with elevated privileges when any GitHub user opens a pull request from a fork. The vulnerable generate-files job automatically checks out and executes attacker-controlled Rust code (via cargo run) with access to SKIM_RS_BOT_PRIVATE_KEY secret and GITHUB_TOKEN with contents:write permissions, enabling repository compromise. User interaction (maintainer reviewing the PR) is required for context, though the exploit executes automatically on PR creation. Patch available via commit bf63404, no active exploitation confirmed at time of analysis.

Code Injection RCE Skim
NVD GitHub VulDB
EPSS 0% CVSS 7.4
HIGH POC PATCH This Week

Prototype pollution in Axios 1.x (prior to 1.15.1) and 0.x (prior to 0.31.1) enables HTTP header injection attacks when any dependency in the application pollutes Object.prototype with specific properties (getHeaders, append, pipe, on, once, Symbol.toStringTag). Attackers exploit the HTTP adapter's duck-type checking to inject arbitrary headers into outbound HTTP requests, potentially leading to authentication bypass, session hijacking, or cache poisoning. EPSS data unavailable; no confirmed active exploitation (CISA KEV) at time of analysis. Publicly available exploit code exists per vendor advisory GHSA-6chq-wfr3-2hj9.

Node.js RCE Red Hat
NVD GitHub VulDB
EPSS 0% CVSS 8.9
HIGH PATCH This Week

Remote code execution in Ray Data 2.49.0-2.54.0 allows attackers to execute arbitrary Python code by crafting malicious Parquet files containing Ray tensor extension types. When Ray Data reads these files, it deserializes untrusted metadata using cloudpickle.loads() without validation, triggering code execution during schema parsing before any data is read. The vulnerability requires only that a victim read a crafted Parquet file from any source (cloud storage, HuggingFace datasets, shared filesystems)-no cluster access or authentication needed. This reintroduces a vulnerability class previously fixed in May 2024, making it a regression introduced in July 2025 (PR #54831). Working proof-of-concept exists demonstrating exploitation via HuggingFace datasets following Ray's own documentation. EPSS data not available, not currently in CISA KEV.

Python Code Injection Deserialization +1
NVD GitHub VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Attackers can forge Stripe webhook events to obtain unlimited API quota without payment in QuantumNous new-api (Go package github.com/QuantumNous/new-api). The vulnerability exploits an empty default webhook secret that allows HMAC signature forgery, missing payment status validation, and cross-gateway order fulfillment logic that permits completing orders created through any payment provider (Epay, Creem, Waffo) via fabricated Stripe callbacks. Virtually all deployments with any payment method enabled are vulnerable in default configuration. Fixed in version 0.12.10. No public exploit code identified at time of analysis, but the detailed advisory includes a proof-of-concept pseudocode demonstrating the attack chain. CVSS 7.1 (High) with low attack complexity and low privileges required indicates practical exploitation risk for deployed instances.

Google Nginx Python +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Apache ActiveMQ allows authenticated attackers with admin console access to inject malicious Spring XML contexts that execute arbitrary code on the broker's JVM. Attackers exploit improper broker name validation to embed xbean bindings, then trigger VM transport creation via DestinationView mbean to load remote Spring XML files containing malicious bean factory methods like Runtime.exec(). EPSS score of 0.06% (19th percentile) indicates low observed exploitation probability despite CVSS 8.8, with CISA SSVC confirming no active exploitation and non-automatable attack chain. Vendor patches available: versions 5.19.6 and 6.2.5 address the vulnerability.

RCE Java Apache +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH POC PATCH This Week

Remote code execution in Apache ActiveMQ 5.x (before 5.19.6) and 6.x (before 6.2.5) allows authenticated attackers to bypass prior security fixes (CVE-2026-34197) by injecting malicious Spring XML configurations through HTTP Discovery transport connectors via Jolokia. Attackers leverage a VM transport loophole to invoke arbitrary bean factory methods like Runtime.exec() during Spring context initialization. EPSS score is low (0.06%, 19th percentile) with no confirmed active exploitation (not in CISA KEV), suggesting limited widespread targeting despite high CVSS 8.8 score. Exploitation requires authenticated Jolokia access and presence of activemq-http module on classpath.

RCE Java Apache +3
NVD VulDB GitHub
EPSS 0% CVSS 8.1
HIGH This Week

Remote code execution in Drag and Drop File Upload for Contact Form 7 plugin (≤1.1.3) allows unauthenticated attackers to upload arbitrary PHP files via a sanitization bypass vulnerability. The flaw exploits a race condition where file extension validation occurs on unsanitized input while the file saves with a sanitized extension, enabling special characters like '$' to be stripped mid-process. Exploitability is constrained by .htaccess restrictions and filename randomization, reducing real-world risk despite the 8.1 CVSS score. EPSS data not available; no active exploitation or POC publicly confirmed at time of analysis.

PHP WordPress File Upload +1
NVD
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Remote code execution in Ruby ERB library via unsafe deserialization allows unauthenticated attackers to execute arbitrary code by exploiting incomplete protection in Marshal.load workflows. While ERB 2.2.0+ added guards to prevent code execution during deserialization in result() and run() methods, the def_module(), def_method(), and def_class() methods remained unprotected, enabling attackers to bypass the @_init safeguard. Exploitation requires high complexity (AV:N/AC:H) as applications must deserialize untrusted Marshal data with ERB loaded. No EPSS or KEV data available; exploitation likelihood depends on prevalence of unsafe Marshal.load patterns in Ruby codebases.

Deserialization RCE Erb
NVD GitHub VulDB
EPSS 0% CVSS 7.4
HIGH PATCH This Week

Command injection in Roxy-WI versions prior to 8.2.6.4 enables authenticated attackers to execute arbitrary OS commands with sudo privileges on managed servers. The vulnerability stems from unsanitized input in the /config/<service>/find-in-config endpoint that breaks out of grep command context during remote SSH execution. A proof-of-concept exploit exists (CVSS E:P), and the CVSS 4.0 score of 7.4 reflects network-based attack with low complexity requiring only low-privilege authentication. Vendor-released patch 8.2.6.4 available via GitHub commit 02f147d.

RCE Nginx Command Injection +1
NVD GitHub
EPSS 0% CVSS 8.9
HIGH PATCH This Week

Remote code execution in Roxy-WI versions before 8.2.6.4 allows unauthenticated attackers to write malicious code into scheduled tasks via path traversal in the haproxy_section_save interface. The vulnerability chains CWE-22 path traversal with cron job manipulation, enabling arbitrary command execution on servers managing HAProxy, Nginx, Apache, and Keepalived infrastructure. CVSS 8.9 with network attack vector and no privileges required indicates critical risk, though EPSS data and KEV status are unavailable to confirm active exploitation.

RCE Nginx Apache +1
NVD GitHub
EPSS 0% CVSS 4.9
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Hostbill versions 2025-11-24 and 2025-12-01 allows high-privilege remote attackers to execute arbitrary code in admin and client interface contexts without user interaction. The CVSS score of 4.9 reflects the requirement for authenticated high-privilege access, but the presence of publicly available exploit code and the vulnerability's presence in both admin and client interfaces increase real-world risk beyond the base score. The discrepancy between the CWE-79 classification (XSS) and tags indicating RCE capability suggests stored XSS enabling indirect code execution or privilege escalation within the application.

XSS RCE
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

OpenShell before 2026.3.28 contains an arbitrary code execution vulnerability in mirror mode that converts untrusted sandbox files into workspace hooks. Attackers with mirror mode access can execute arbitrary code on the host during gateway startup by exploiting enabled workspace hooks.

RCE Openclaw
NVD GitHub VulDB
EPSS 0% CVSS 7.7
HIGH PATCH This Week

OpenClaw before 2026.3.31 contains a remote code execution vulnerability where a device-paired node can bypass the node scope gate authentication mechanism. Attackers with device pairing credentials can execute arbitrary node commands on the host system without proper node pairing validation.

Authentication Bypass RCE Openclaw
NVD GitHub
EPSS 0% CVSS 8.5
HIGH PATCH This Week

OpenClaw before 2026.3.31 allows workspace .env files to override the OPENCLAW_BUNDLED_HOOKS_DIR environment variable, enabling loading of attacker-controlled hook code. Attackers can replace trusted default-on bundled hooks from untrusted workspaces to execute arbitrary code.

RCE Openclaw
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

## Overview A critical Remote Code Execution (RCE) vulnerability was identified in the OpenLearnX code execution environment, allowing sandbox escape and arbitrary command execution. The issue has been fixed.

Command Injection RCE
NVD GitHub VulDB
EPSS 0% CVSS 9.3
CRITICAL POC PATCH Act Now

KTransformers through 0.5.3 contains an unsafe deserialization vulnerability in the balance_serve backend mode where the scheduler RPC server binds a ZMQ ROUTER socket to all interfaces with no authentication and deserializes incoming messages using pickle.loads() without validation. Attackers can send a crafted pickle payload to the exposed ZMQ socket to execute arbitrary code on the server with the privileges of the ktransformers process.

Deserialization RCE Ktransformers
NVD GitHub VulDB
EPSS 0% CVSS 7.6
HIGH PATCH This Week

### TL;DR This vulnerability affects all Kirby sites that use option fields (`checkboxes`, `color`, `multiselect`, `select`, `radio`, `tags` or `toggles`) with options from a query or API whose values may not be fully trusted. It also affects direct uses of the `OptionsApi` or `OptionsQuery` classes of Kirby's `Options` package from plugin or site code. The attack requires either an attacker in the group of authenticated Panel users or user interaction of another authenticated user. **This vulnerability is of high severity for affected sites.** Users' Kirby sites are *not* affected if they are not using any of the mentioned fields or the `Options` package, if all options are defined statically in the blueprints or if all dynamically gathered options are to be trusted. ---- ### Introduction Server-Side Template Injection vulnerabilities (SSTI) occur when user input is embedded in a template in an unsafe manner and results in remote code execution on the server. Injected user input is wrongly treated as a template command instead of as a literal string of text. This allows attackers to query arbitrary information from the affected system or call arbitrary methods to perform actions. In a Kirby site this can be used to access protected site information, alter site content or break site behavior. ### Impact Kirby provides field types (`checkboxes`, `color`, `multiselect`, `select`, `radio`, `tags` and `toggles`) that offer a fixed set of options from a configured list. This configured list can be statically defined in the blueprint or it can come from a Kirby query or (external) API source. Options coming from a query or API are treated as dynamic. Static options can contain queries in the form `{{ query }}` or `{< query >}` that are then evaluated to a static value. Because the queries are defined in the blueprint, they can be trusted and cannot be controlled by attackers. However, dynamic options can often not be trusted. This is why the "options from query" and "options from API" modes are intended to resolve the option values and text strings based on queries not defined within the data source but within the blueprint. Unfortunately, the results of these trusted queries on untrusted source data are run through the query parser a second time in affected Kirby releases. Because of the double-resolution of dynamic option values and text strings, attackers could place malicious query templates such as `{{ users.first.password }}` or `{{ page.delete }}` in the option sources such as page titles or external API data controlled by the attacker. These queries would then be executed when the field is loaded in the Panel. When the attacker directly accesses the respective Panel view, they could get access to information normally hidden from them. As the malicious query templates are loaded for all users, it could also lead to malicious write access when another user with a higher permission level accesses the manipulated Panel view. ### Patches The problem has been patched in [Kirby 4.9.0](https://github.com/getkirby/kirby/releases/tag/4.9.0) and [Kirby 5.4.0](https://github.com/getkirby/kirby/releases/tag/5.4.0). Please update to one of these or a [later version](https://github.com/getkirby/kirby/releases) to fix the vulnerability. In all of the mentioned releases, Kirby has updated the `Options` logic to no longer double-resolve queries in option values coming from `OptionsQuery` or `OptionsApi` sources. Kirby now only resolves queries that are directly configured in the blueprints. ### Credits Kirby thanks to @offset for responsibly reporting the identified issue.

Ssti RCE
NVD GitHub
EPSS 0% CVSS 9.3
CRITICAL POC PATCH Act Now

radare2-mcp version 1.6.0 and earlier contains an os command injection vulnerability that allows remote attackers to execute arbitrary commands by bypassing the command filter through shell metacharacters in user-controlled input passed to r2_cmd_str(). Attackers can inject shell metacharacters through the jsonrpc interface parameters to achieve remote code execution on the host running radare2-mcp without requiring authentication.

Command Injection RCE Radare2
NVD GitHub VulDB
EPSS 0% CVSS 9.3
CRITICAL Act Now

LeRobot contains an unsafe deserialization vulnerability in the async inference pipeline where pickle.loads() is used to deserialize data received over unauthenticated gRPC channels without TLS in the policy server and robot client components. An unauthenticated network-reachable attacker can achieve arbitrary code execution on the server or client by sending a crafted pickle payload through the SendPolicyInstructions, SendObservations, or GetActions gRPC calls.

Deserialization RCE Lerobot
NVD GitHub VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Contour is a Kubernetes ingress controller using Envoy proxy. From v1.19.0 to before v1.33.4, v1.32.5, and v1.31.6, Contour's Cookie Rewriting feature is vulnerable to Lua code injection. An attacker with RBAC permissions to create or modify HTTPProxy resources can craft a malicious value in spec.routes[].cookieRewritePolicies[].pathRewrite.value or spec.routes[].services[].cookieRewritePolicies[].pathRewrite.value that results in arbitrary code execution in the Envoy proxy. The cookie rewriting feature is internally implemented using Envoy's HTTP Lua filter. User-controlled values are interpolated into Lua source code using Go text/template without sufficient sanitization. The injected code only executes when processing traffic on the attacker's own route, which they already control. However, since Envoy runs as shared infrastructure, the injected code can also read Envoy's xDS client credentials from the filesystem or cause denial of service for other tenants sharing the Envoy instance. This vulnerability is fixed in v1.33.4, v1.32.5, and v1.31.6.

Kubernetes Denial Of Service Code Injection +2
NVD GitHub
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the Chatflow configuration file upload settings can be modified to allow the application/javascript MIME type. This lets an attacker upload .js files even though the frontend doesn’t normally allow JavaScript uploads. This enables attackers to persistently store malicious Node.js web shells on the server, potentially leading to Remote Code Execution (RCE). This vulnerability is fixed in 3.1.0.

Node.js File Upload RCE
NVD GitHub VulDB
EPSS 1% CVSS 9.4
CRITICAL PATCH Act Now

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, The CSVAgent allows providing a custom Pandas CSV read code. Due to lack of sanitization, an attacker can provide a command injection payload that will get interpolated and executed by the server. This vulnerability is fixed in 3.1.0.

Command Injection Code Injection RCE +2
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, there is a remote code execution vulnerability in AirtableAgent.ts caused by lack of input verification when using Pandas. The user’s input is directly applied to the question parameter within the prompt template and it is reflected to the Python code without any sanitization. This vulnerability is fixed in 3.1.0.

Python Code Injection RCE
NVD GitHub VulDB
EPSS 0% CVSS 7.4
HIGH POC This Week

This vulnerability allows an attacker to create a junction, enabling the deletion of arbitrary files with SYSTEM privileges. As a result, this condition potentially facilitates arbitrary code execution, whereby an attacker may exploit the vulnerability to execute malicious code with elevated SYSTEM privileges.

RCE Tenable Nessus Tenable Nessus Agent
NVD VulDB
EPSS 0% CVSS 9.3
CRITICAL POC Act Now

Kofax Capture, now referred to as Tungsten Capture, version 6.0.0.0 (other versions may be affected) exposes a deprecated .NET Remoting HTTP channel on port 2424 via the Ascent Capture Service that is accessible without authentication and uses a default, publicly known endpoint identifier. An unauthenticated remote attacker can exploit .NET Remoting object unmarshalling techniques to instantiate a remote System.Net.WebClient object and read arbitrary files from the server filesystem, write attacker-controlled files to the server, or coerce NTLMv2 authentication to an attacker-controlled host, enabling sensitive credential disclosure, denial of service, remote code execution, or lateral movement depending on service account privileges and network environment.

Denial Of Service Authentication Bypass RCE +1
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Pipecat is an open-source Python framework for building real-time voice and multimodal conversational agents. Versions 0.0.41 through 0.0.93 have a vulnerability in `LivekitFrameSerializer` - an optional, non-default, undocumented frame serializer class (now deprecated) intended for LiveKit integration. The class's `deserialize()` method uses Python's `pickle.loads()` on data received from WebSocket clients without any validation or sanitization. This means that a malicious WebSocket client can send a crafted pickle payload to execute arbitrary code on the Pipecat server. The vulnerable code resides in `src/pipecat/serializers/livekit.py` (around line 73), where untrusted WebSocket message data is passed directly into `pickle.loads()` for deserialization. If a Pipecat server is configured to use LivekitFrameSerializer and is listening on an external interface (e.g. 0.0.0.0), an attacker on the network (or the internet, if the service is exposed) could achieve remote code execution (RCE) on the server by sending a malicious pickle payload. Version 0.0.94 contains a fix. Users of Pipecat should avoid or replace unsafe deserialization and improve network security configuration. The best mitigation is to stop using the vulnerable LivekitFrameSerializer altogether. Those who require LiveKit functionality should upgrade to the latest Pipecat version and switch to the recommended `LiveKitTransport` or another secure method provided by the framework. Additionally, always follow secure coding practices: never trust client-supplied data, and avoid Python pickle (or similar unsafe deserialization) in network-facing components.

Python Deserialization RCE
NVD GitHub VulDB
EPSS 0% CVSS 9.3
CRITICAL Act Now

SocialEngine versions 7.8.0 and prior contain a SQL injection vulnerability in the /activity/index/get-memberall endpoint where user-supplied input passed via the text parameter is not sanitized before being incorporated into a SQL query. An unauthenticated remote attacker can exploit this vulnerability to read arbitrary data from the database, reset administrator account passwords, and gain unauthorized access to the Packages Manager in the Admin Panel, potentially enabling remote code execution.

SQLi Authentication Bypass RCE +1
NVD VulDB
EPSS 0% CVSS 9.9
CRITICAL Act Now

Remote code execution in FunnelFormsPro WordPress plugin (versions up to 3.8.1) allows authenticated attackers to inject and execute arbitrary code on vulnerable servers. The CVSS 9.9 Critical rating reflects the scope change (S:C) and complete system compromise (C:H/I:H/A:H). Exploitation requires low-privilege authentication (PR:L) but no user interaction, making it exploitable by subscriber-level WordPress accounts. EPSS and KEV status not provided in available data, limiting real-world exploitation confidence assessment.

Code Injection RCE Funnelformspro
NVD VulDB
EPSS 0% CVSS 9.3
CRITICAL Act Now

Remote code execution in Borg SPM 2007 allows unauthenticated attackers to upload and execute web shell backdoors via unrestricted file upload vulnerability. This discontinued product (sales ended 2008) remains exploitable over the network with no authentication required, enabling full server compromise. CVSS 9.3 (Critical) with network vector, low complexity, and no privileges required. EPSS and KEV data not available for this CVE, but the trivial attack requirements (AV:N/AC:L/PR:N/UI:N) indicate high exploitability if exposed systems exist.

File Upload RCE Borg Spm 2007
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Remote code execution in H2O-3 versions 3.46.0.9 and earlier allows unauthenticated attackers to execute arbitrary code via the /99/ImportSQLTable REST API by abusing PostgreSQL JDBC driver parameters that bypass an incomplete MySQL-only parameter blacklist. No active exploitation is recorded in CISA KEV and EPSS is low (0.19%), but a vendor patch is available and SSVC marks exploitation status as POC, indicating proof-of-concept-grade attacker capability against a network-reachable endpoint.

PostgreSQL Code Injection RCE
NVD GitHub VulDB
EPSS 0% CVSS 7.2
HIGH This Week

Authenticated Editor-level attackers can achieve Remote Code Execution in ExactMetrics WordPress plugin (all versions ≤9.1.2) by chaining exposed onboarding credentials to install and activate arbitrary plugin ZIP files from attacker-controlled URLs. The attack exploits a missing authorization check in the 'exactmetrics_connect_process' AJAX endpoint that accepts the one-time hash token obtained via the exposed 'onboarding_key' transient-effectively bypassing plugin installation controls. EPSS and KEV status unknown; CVSS 7.2 reflects high-privilege requirement (PR:H) but direct path to RCE makes this a critical risk for multi-author WordPress sites where Editors have dashboard viewing permissions. Wordfence advisory and source code references confirm the vulnerability chain across three distinct code locations in versions through 9.1.1.

RCE Google Authentication Bypass +1
NVD VulDB
EPSS 0% CVSS 5.1
MEDIUM PATCH This Month

DLL hijacking in EfficientLab Controlio before v1.3.95 allows local attackers with high privileges to achieve arbitrary code execution by placing a specially crafted DLL in the installation directory, leveraging weak folder permissions and the service's NT AUTHORITY\SYSTEM execution context. Real-world risk is constrained by the high privilege requirement (PR:H) and local-only attack vector; EPSS score of 0.01% and CISA SSVC framework marking exploitation as 'none' and technical impact as 'partial' indicate low current exploitation likelihood despite the RCE tag.

RCE Controlio
NVD VulDB
EPSS 0% CVSS 7.0
HIGH This Week

DLL hijacking in i-PRO Co., Ltd.'s IP Setting Software enables local attackers with low privileges to execute arbitrary code with administrative privileges when victims open the application. The vulnerability stems from insecure DLL search path handling (CWE-427), allowing attackers to plant malicious DLLs that load during software execution. While exploitation requires local access and user interaction (CVSS:3.0/AV:L/AC:L/PR:L/UI:R), successful attacks achieve complete system compromise with elevated privileges. No active exploitation confirmed at time of analysis, with EPSS and KEV data unavailable for this recently published CVE.

RCE Ip Setting Software
NVD VulDB
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Remote code execution in Froxlor server administration software versions prior to 2.3.6 allows authenticated administrators with change_serversettings permission to inject arbitrary PHP code through an unescaped MySQL server configuration parameter. The vulnerability enables persistent code execution on every subsequent HTTP request as the web server user due to improper input sanitization in PhpHelper::parseArrayToString(). Vendor patch available in version 2.3.6. CVSS score of 9.1 reflects the critical impact despite requiring high-privilege authentication, with scope change indicating the attacker can break out of the application's security context.

PHP Code Injection RCE
NVD GitHub VulDB
EPSS 0% CVSS 9.9
CRITICAL PATCH Act Now

Authenticated customers can achieve remote code execution in Froxlor server administration software versions prior to 2.3.6 through path traversal in the API's language parameter. By injecting malicious path traversal sequences into the `def_language` field via the `Customers.update` or `Admins.update` API endpoints, authenticated users can force the application to execute arbitrary PHP code as the web server user on subsequent requests. This vulnerability carries a CVSS score of 9.9 with scope change, indicating potential for full system compromise beyond the vulnerable component. Vendor-released patch version 2.3.6 addresses the vulnerability by implementing proper validation of language parameters against available language files.

PHP Path Traversal LFI +1
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Arbitrary file upload in Breeze Cache for WordPress allows unauthenticated remote attackers to upload malicious files and achieve remote code execution on vulnerable servers. Exploitation requires the non-default 'Host Files Locally - Gravatars' feature to be enabled. While CVSS rates this 9.8 critical, real-world exposure is limited by the disabled-by-default configuration requirement. No public exploit code or CISA KEV listing identified at time of analysis, though Wordfence threat intelligence has disclosed technical details including vulnerable code paths.

WordPress File Upload RCE
NVD VulDB GitHub
EPSS 0% CVSS 10.0
CRITICAL POC PATCH Act Now

Remote unauthenticated attackers achieve full code execution on Paperclip AI orchestration servers (versions prior to 2026.416.0) via authentication bypass through a six-step API call chain. The attack requires no credentials, no user interaction, and succeeds against default 'authenticated' mode deployments exposed to network access. CVSS 10.0 with scope change indicates container/host escape potential. No active exploitation confirmed in CISA KEV at time of analysis, though the vendor advisory (GitHub Security Advisory GHSA-68qg-g8mg-6pr7) confirms the critical authentication bypass mechanism in both @paperclipai/server and paperclip npm packages.

Node.js Authentication Bypass RCE
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Command injection in Paperclip @paperclipai/server (versions <2026.416.0) allows authenticated agents to execute arbitrary OS commands on the server host. Attackers with Agent API credentials can escalate from agent runtime to full server host control by injecting malicious shell commands through the adapterConfig.workspaceStrategy.provisionCommand field during workspace provisioning. CVSS 8.8 (high) with network-accessible attack vector and low complexity. Vendor patch available in version 2026.416.0. No public exploit or CISA KEV listing identified at time of analysis, but the vulnerability breaks critical trust boundaries in multi-agent AI orchestration systems.

Node.js Command Injection Privilege Escalation +1
NVD GitHub VulDB
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

PySpector versions prior to 0.1.8 allow arbitrary code execution within the PySpector process when a malicious plugin is supplied and executed. The plugin security validator uses incomplete AST-based static analysis that fails to block dangerous Python constructs, permitting attackers with write access to plugin files to bypass the blocklist and achieve remote code execution. The vulnerability is fixed in version 0.1.8.

Python RCE
NVD GitHub VulDB
EPSS 0% CVSS 9.0
CRITICAL PATCH Act Now

Remote code execution in Luanti 5.0.0 through 5.15.1 allows authenticated attackers to escape the Lua sandbox via malicious mods, achieving arbitrary code execution and full filesystem access on victim devices when LuaJIT is enabled. The vulnerability affects server-side mods, async/mapgen environments, and client-side mods (CSM), requiring only low privileges to exploit. A vendor patch is available in version 5.15.2, addressing a CWE-94 code injection flaw that enables complete compromise of the host system. No active exploitation or proof-of-concept has been publicly identified at time of analysis.

Code Injection RCE Luanti
NVD GitHub VulDB
EPSS 0% CVSS 6.4
MEDIUM PATCH This Month

An issue in Ntfy ntfy.sh before v.2.21 allows a remote attacker to execute arbitrary code via the parseActions function

RCE Code Injection N A
NVD GitHub VulDB
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Code injection in Microsoft Kiota versions prior to 1.31.1 allows attackers who control or tamper with OpenAPI descriptions to inject malicious code into generated HTTP client libraries. Exploitation requires developers to generate clients from untrusted or compromised OpenAPI specifications, then compile and execute the poisoned code. The attack chain culminates in arbitrary code execution within the context of applications using the tainted generated clients. CVSS 7.3 with local attack vector and user interaction required suggests lower immediate urgency, though EPSS data is unavailable. No public exploit code or active exploitation confirmed at time of analysis.

Code Injection Deserialization RCE +1
NVD GitHub VulDB
EPSS 0% CVSS 8.7
HIGH PATCH This Week

XML node injection in @xmldom/xmldom allows remote unauthenticated attackers to inject arbitrary XML elements by embedding the processing instruction closing delimiter `?>` in PI data. The serializer emits attacker-controlled data verbatim without escaping or validation, causing the remainder of the payload to be interpreted as active XML markup. Publicly available exploit code exists (GitHub PoC from April 2026). EPSS data not provided; CVSS 8.7 reflects high integrity impact (VI:H) with network vector and no authentication required. Patch available in versions 0.8.13+ and 0.9.10+ but requires opt-in `requireWellFormed: true` flag - default behavior remains vulnerable for backward compatibility.

Apple Google Mozilla +1
NVD GitHub VulDB
Prev Page 23 of 355 Next

Quick Facts

Typical Severity
CRITICAL
Category
other
Total CVEs
31889

Related CWEs

MITRE ATT&CK

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy