Remote Code Execution

WWBN AVideo open source video platform versions 25.0 and below ship with a hardcoded default administrator password ('password') in official Docker deployment files that is automatically used during installation without any forced change mechanism. Attackers can gain immediate administrative access to unpatched instances, enabling user data exposure, content manipulation, and potential remote code execution via file upload and plugin management features. The issue is compounded by weak MD5 password hashing and similarly insecure default database credentials (avideo/avideo).

SQLBot, an intelligent data query system based on large language models and RAG, contains a critical SQL injection vulnerability in the /api/v1/datasource/uploadExcel endpoint that allows authenticated users with minimal privileges to achieve remote code execution on the backend server. SQLBot versions prior to 1.7.0 are affected, and attackers can exploit unsafe concatenation of Excel sheet names into PostgreSQL table names and COPY statements to inject malicious SQL commands. The vulnerability enables arbitrary command execution as the postgres user, database takeover, and sensitive file exfiltration including /etc/passwd and /etc/shadow.

A sandbox escape vulnerability exists in Google Chrome's V8 JavaScript engine prior to version 146.0.7680.153, allowing remote attackers to execute arbitrary code within the Chrome sandbox through a crafted HTML page. This is a High severity issue affecting millions of Chrome users across Windows, macOS, and Linux platforms. The vulnerability is triggered via web-based attack vector (HTML page delivery) and does not require user interaction beyond visiting a malicious website.

Sandboxed arbitrary code execution in Google Chrome's WebAudio component (versions prior to 146.0.7680.153) can be triggered remotely through malicious HTML, requiring only user interaction. An attacker can craft a weaponized webpage to break out of the Chrome sandbox and execute arbitrary code on affected systems. This high-severity vulnerability impacts Chrome, Ubuntu, and Debian users, with patches now available.

Xerte Online Toolkits 3.14 and earlier contain an unauthenticated arbitrary file upload vulnerability allowing remote code execution with a CVSS score of 9.8. The template import functionality at /website_code/php/import/import.php lacks authentication checks, enabling attackers to upload ZIP archives containing malicious PHP files that are extracted to web-accessible directories. This is a critical severity issue with network-based attack vector requiring no privileges or user interaction, and a proof-of-concept has been published by VulnCheck.

A file upload vulnerability exists in multiple Terrapack software components from ASTER TEC / ASTER S.p.A. that permits remote code execution when attackers upload malicious files. The affected products include Terrapack TkWebCoreNG version 1.0.20200914, Terrapack TKServerCGI version 2.5.4.150, and Terrapack TpkWebGIS Client version 1.0.0. Proof-of-concept code is available in public repositories, and the vulnerability enables arbitrary code execution on affected systems.

SysAK v2.0 and before is vulnerable to command execution via aaa;cat /etc/passwd. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

A critical remote code execution vulnerability in SuiteCRM versions 7.15.0 and 8.9.2 allows authenticated administrators to execute arbitrary system commands through a bypass of previous security patches. This vulnerability circumvents the ModuleScanner.php security controls by exploiting improper PHP token parsing that resets security checks when encountering single-character tokens, enabling attackers to hide dangerous function calls. The vulnerability represents a direct bypass of the previously patched CVE-2024-49774 and has been assigned a CVSS score of 9.1.

An authenticated remote code execution vulnerability exists in SuiteCRM modules that allows high-privileged users to execute arbitrary code on the server. The vulnerability affects SuiteCRM versions prior to 7.15.1 and 8.9.3, and stems from improper code injection protections (CWE-94). While exploitation requires high privileges (admin-level), successful attacks grant complete control over the CRM system containing sensitive customer data.

A symlink traversal vulnerability in OpenClaw allows authenticated attackers to read and write arbitrary files on the host system through the agents.files.get and agents.files.set methods. The vulnerability affects OpenClaw versions prior to 2026.2.25 and can lead to remote code execution through strategic file overwrites. With a high CVSS score of 8.8 and an RCE tag, this represents a critical security risk for organizations using affected versions.

Remote code execution in OpenWrt's mDNS daemon (versions before 24.10.6 and 25.12.1) allows unauthenticated attackers to overflow a 46-byte stack buffer by sending malformed IPv6 PTR queries over multicast DNS on UDP port 5353. The vulnerability stems from insufficient validation of domain name length before copying to a fixed-size buffer, enabling arbitrary code execution on affected embedded devices. No patch is currently available.

A configuration injection vulnerability in Kubernetes ingress-nginx controller allows authenticated attackers to inject arbitrary nginx configuration through specially crafted Ingress annotations, leading to remote code execution with controller privileges and exposure of all cluster Secrets. The vulnerability has a high CVSS score of 8.8 and affects the ingress-nginx controller's annotation parsing mechanism. No active exploitation (not in KEV) or public POC has been reported, though the attack requires only low privileges and network access.

Remote code execution in SQLBot 1.5.0 and below allows authenticated users to inject malicious prompts through unsanitized terminology uploads, enabling attackers to manipulate the LLM into generating arbitrary PostgreSQL commands executed with database privileges. The vulnerability stems from missing permission checks on the Excel upload API combined with inadequate semantic isolation when injecting user-controlled data into the system prompt. An attacker can exploit this to achieve code execution on the database or application server running as the postgres user.

Authenticated file read vulnerability in PHP and Docker deployments allows users to exfiltrate arbitrary files from the server by exploiting insufficient path validation in the video upload endpoint, which copies attacker-specified local files to publicly accessible storage. An authenticated attacker can leverage this to read sensitive files from broad server directories including application roots, cache, and temporary locations. No patch is currently available, and the vulnerability carries a 10% exploit prediction score.

Improper path sanitization in OpenEMR's DICOM export feature prior to version 8.0.0.2 allows authenticated users with DICOM permissions to write arbitrary files outside the intended directory through path traversal sequences. An attacker could exploit this to place malicious PHP files within the web root, potentially achieving remote code execution. The vulnerability requires valid credentials but poses significant risk to systems containing sensitive healthcare data.

An authenticated path traversal vulnerability in Langflow's file upload functionality allows attackers to write arbitrary files anywhere on the host system, leading to remote code execution. The vulnerability affects Langflow version 1.7.3 and earlier, where the multipart upload filename bypasses security checks due to missing boundary containment in the LocalStorageService layer. A proof-of-concept exploit is publicly available demonstrating successful arbitrary file write outside the intended user directory.

Prototype pollution in flatted's parse() function allows unauthenticated remote attackers to corrupt Array.prototype by injecting malicious JSON with "__proto__" keys, enabling global object manipulation and potential code execution in dependent applications. The vulnerability stems from insufficient validation of array index keys, allowing attacker-controlled strings to access inherited prototype properties. With no patch available and a critical CVSS score of 9.8, this affects any system using the flatted library for JSON deserialization.

Remote code execution in wgcloud version 2.3.7 and earlier allows unauthenticated attackers to execute arbitrary code through the test connection function. The vulnerability carries a critical CVSS score of 9.8 with network-based exploitation requiring no privileges or user interaction. No public exploit has been identified at time of analysis, though the EPSS score of 0.29% (52nd percentile) indicates low predicted exploitation probability despite the critical severity rating.

BMC FootPrints ITSM contains a critical deserialization vulnerability in ASP.NET VIEWSTATE handling that allows authenticated attackers to execute arbitrary code remotely. Versions 20.20.02 through 20.24.01.001 are affected, and attackers with valid credentials can fully compromise the application by injecting malicious serialized objects. Security researchers from watchTowr have published detailed analysis of this vulnerability, significantly increasing exploitation risk.

A command injection vulnerability (CVSS 5.9). Remediation should follow standard vulnerability management procedures.

A remote code execution vulnerability in Instant Popup Builder (CVSS 5.3). Remediation should follow standard vulnerability management procedures.

OpenClaw versions prior to 2026.2.22 contain an authorization bypass vulnerability in its allow-always wrapper persistence mechanism that enables remote code execution. Attackers with high privileges and user interaction can approve benign wrapped system.run commands, then subsequently execute arbitrary different payloads without requiring additional approval, compromising both gateway and node-host execution environments. A patch is available from the vendor, and this vulnerability is tagged as enabling both RCE and command injection attacks.

A remote code execution vulnerability in DedeCMS v.5.7.118 and (CVSS 9.8) that allows a remote attacker. Critical severity with potential for significant impact on affected systems.

OS command injection in the CWMP client (/ftl/bin/cwmp) of Small Cell Sercomm SCE4255W (FreedomFi Englewood) firmware before DG3934v3@2308041842 allows remote attackers controlling the ACS endpoint to execute arbitrary commands as root via a crafted...

A security vulnerability in version 5.1.1 and (CVSS 2.3) that allows users. Remediation should follow standard vulnerability management procedures.

MLflow, a popular open-source machine learning lifecycle platform, contains a path traversal vulnerability in its pyfunc extraction process that allows arbitrary file writes. The vulnerability stems from unsafe use of tarfile.extractall without proper path validation, enabling attackers to craft malicious tar.gz files with directory traversal sequences or absolute paths to write files outside the intended extraction directory. This poses critical risk in multi-tenant environments and can lead to remote code execution, with a CVSS score of 8.1 and confirmed exploit details available via Huntr.

OmniGen2-RL reward server component contains an unauthenticated remote code execution vulnerability allowing attackers to execute arbitrary commands through malicious HTTP POST requests exploiting insecure pickle deserialization. The vulnerability affects Beijing Academy of Artificial Intelligence (BAAI)'s OmniGen2-RL software with a critical CVSS score of 9.8. A public proof-of-concept exploit is available and a patch has been released by the vendor, making this an immediate priority for organizations running exposed instances.

Dynaconf, a Python configuration management library, contains a Server-Side Template Injection (SSTI) vulnerability in its @jinja resolver that allows arbitrary command execution when attackers can control configuration sources such as environment variables, .env files, or CI/CD secrets. The vulnerability affects pip package dynaconf and includes a public proof-of-concept demonstrating command execution via Jinja2 template evaluation without sandboxing. The @format resolver additionally enables object graph traversal to expose sensitive runtime data including API keys and credentials.

An unauthenticated remote code execution vulnerability exists in the mesop Python package's debugging Flask server endpoint (/exec-py) that accepts and executes arbitrary base64-encoded Python code without any authentication or validation. The vulnerability affects the mesop pip package, with a publicly disclosed proof-of-concept demonstrating trivial exploitation requiring only a single HTTP POST request. With a CVSS score of 9.8 (Critical) and detailed PoC availability, this represents an immediately exploitable vulnerability for any exposed instance.

HTSlib, a widely-used bioinformatics library for reading and writing sequence alignment formats, contains a critical buffer overflow vulnerability in its CRAM format decoder. The vulnerability exists in the `cram_byte_array_len_decode()` function which fails to validate that unpacked data matches the output buffer size, affecting HTSlib versions prior to 1.23.1, 1.22.2, and 1.21.1. An attacker can craft a malicious CRAM file that, when opened by a user, triggers either a heap or stack overflow with attacker-controlled bytes, potentially leading to arbitrary code execution, program crash, or memory corruption.

HTSlib versions prior to 1.23.1, 1.22.2, and 1.21.1 contain a heap buffer overflow vulnerability in the GZI index loading function `bgzf_index_load_hfile()`. An integer overflow during buffer allocation allows attackers to craft malicious `.gzi` files that trigger heap memory corruption, potentially leading to denial of service, data corruption, or remote code execution when a user opens the compromised file. No evidence of active exploitation in the wild has been reported, but the vulnerability is demonstrable and patch availability is confirmed.

HTSlib versions prior to 1.21.1, 1.22.2, and 1.23.1 contain an out-by-one error in the CRAM decoder's `cram_byte_array_stop_decode_char()` function that allows a single attacker-controlled byte to be written beyond the end of a heap allocation. This heap buffer overflow (CWE-122) affects bioinformatics applications using HTSlib to process CRAM-formatted DNA sequence alignment files, and could enable arbitrary code execution if exploited. No public exploit code or KEV status is currently documented, but patch availability exists for multiple stable release branches.

HTSlib contains a buffer overflow vulnerability in its CRAM format decoder affecting the VARINT and CONST encoding handlers, where incomplete context validation allows writes of up to eight bytes beyond heap allocation boundaries or into stack-allocated single-byte variables. This vulnerability affects HTSlib versions prior to 1.23.1, 1.22.2, and 1.21.1, and impacts any application using the library to process CRAM-formatted bioinformatics data files. An attacker can craft a malicious CRAM file to trigger heap or stack overflow conditions, potentially leading to denial of service, memory corruption, or arbitrary code execution when processed by a vulnerable application.

HTSlib contains a heap buffer overflow vulnerability in its CRAM decoder caused by an out-by-one error when validating feature boundaries. When a user opens a maliciously crafted CRAM file, an attacker can write one controlled byte beyond the end of a heap buffer, potentially causing application crashes, data corruption, or arbitrary code execution. Versions 1.23.1, 1.22.2, and 1.21.1 include fixes, and patches are available via the official GitHub repository.

HTSlib versions prior to 1.23.1, 1.22.2, and 1.21.1 contain a heap buffer overflow vulnerability in the cram_decode_seq() function when processing CRAM-formatted bioinformatics files with omitted sequence and quality data. An attacker can craft a malicious CRAM file that triggers an out-of-bounds read followed by an attacker-controlled single-byte write to heap memory, potentially enabling arbitrary code execution, data corruption, or denial of service when a user opens the file. No public exploit proof-of-concept has been identified, but the vulnerability is confirmed and patched by the HTSlib project.

A Process Control vulnerability (CWE-114) exists in Dell Integrated Dell Remote Access Controller (iDRAC) across multiple generations that allows a high-privileged attacker with adjacent network access to achieve code execution. Affected versions include iDRAC 9 (14G prior to 7.00.00.181, 15G and 16G prior to 7.20.10.50) and iDRAC 10 (17G prior to 1.20.25.00). While the CVSS score of 5.3 is moderate, the integrity impact is rated high and remote code execution capability presents significant risk to out-of-band management infrastructure.

PySpector versions 0.1.6 and earlier contain a security validation bypass in the plugin system that allows arbitrary code execution. The validate_plugin_code() function fails to detect dangerous API calls when invoked indirectly via getattr(), allowing malicious plugins to execute system commands. A public proof-of-concept exploit exists demonstrating the bypass, and while exploitation requires user interaction (installing and trusting a malicious plugin), successful exploitation grants full system access including filesystem manipulation, credential theft, and persistence mechanisms.

The NextGEN Gallery plugin for WordPress contains a Local File Inclusion vulnerability in the 'template' parameter of gallery shortcodes, affecting all versions up to and including 4.0.3. Authenticated attackers with Author-level privileges or higher can include and execute arbitrary PHP files on the server, potentially leading to remote code execution, data theft, or complete site compromise. This is a confirmed vulnerability reported by Wordfence with a high CVSS score of 8.8, though no active exploitation (KEV) status has been reported at this time.

SiYuan's Bazaar marketplace fails to sanitize package metadata (displayName, description) before rendering in the Electron desktop application, allowing stored XSS that escalates to arbitrary remote code execution. Any SiYuan user (versions ≤3.5.9) who browses the Bazaar will automatically execute attacker-controlled code with full OS-level privileges when a malicious package card renders-no installation or user interaction required. A functional proof-of-concept exists demonstrating command execution via img onerror handlers, and this vulnerability is actively tracked in GitHub's advisory database (GHSA-mvpm-v6q4-m2pf), making it a critical supply-chain risk to the SiYuan user community.

SiYuan's Bazaar (community package marketplace) fails to sanitize HTML in package README files during rendering, allowing stored XSS that escalates to remote code execution due to unsafe Electron configuration. An attacker can submit a malicious package with embedded JavaScript in the README that executes with full Node.js access when any user views the package details in the Bazaar. This affects SiYuan versions 3.5.9 and earlier across Windows, macOS, and Linux, with a CVSS score of 9.6 and multiple real-world exploitation vectors including data theft, reverse shells, and persistent backdoors.

OpenClaw versions prior to 2026.2.23 contain an arbitrary code execution vulnerability in shell-env that allows local attackers with low privileges to execute attacker-controlled binaries by manipulating the $SHELL environment variable through trusted-prefix fallback logic. An attacker who can write to directories like /opt/homebrew/bin can trick OpenClaw into executing malicious binaries in its process context, potentially escalating privileges or compromising system integrity. A patch is available from the vendor, and this vulnerability has been documented by VulnCheck and tracked under EUVD-2026-12730.

OpenClaw versions prior to 2026.2.21 contain an environment variable injection vulnerability that allows authenticated local attackers to execute arbitrary code at startup time by injecting dangerous process-control variables (such as NODE_OPTIONS or LD_*) through the configuration env.vars mechanism. An attacker with local privileges can manipulate the gateway service's runtime environment to achieve code execution in the service context, potentially compromising the entire OpenClaw deployment. A patch is available from the vendor, and this vulnerability has been documented by VulnCheck with supporting references to the GitHub security advisory and corresponding commit fix.

xiaoheiFS versions up to and including 0.3.15 contain a critical remote code execution vulnerability in the plugin upload mechanism. Administrators can upload plugin ZIP files containing arbitrary binaries which the server executes without validation based on the manifest.json 'binaries' field. This allows authenticated administrators with high privileges to achieve full system compromise by uploading malicious plugin packages.

LDAP Account Manager (LAM), a web-based interface for managing LDAP directory entries, contains a local file inclusion vulnerability in its PDF export functionality that allows authenticated users to include and execute arbitrary PHP files. When chained with GHSA-88hf-2cjm-m9g8, this vulnerability enables complete remote code execution on the affected server. The vulnerability affects all versions prior to 9.5 and requires low-privilege authentication (CVSS 8.8, PR:L), tracking across 7 Ubuntu and 4 Debian releases indicates significant deployment in enterprise LDAP environments.

aaPanel v7.57.0 contains an arbitrary file upload vulnerability that allows unauthenticated or low-privileged attackers to upload malicious files and achieve remote code execution on affected systems. The vulnerability exists in the file upload functionality of the web-based server management panel, enabling attackers to bypass file type validation and execute arbitrary code with the privileges of the aaPanel process. While no CVSS score or EPSS probability is available in current sources, the Remote Code Execution impact combined with file upload attack vectors suggests critical severity; exploitation feasibility is indicated by the existence of public vulnerability research repositories.

Insufficient file extension validation in the PDF export component of LDAP Account Manager prior to version 9.5 permits authenticated attackers to upload arbitrary file types, including PHP files, to the server. When combined with GHSA-w7xq-vjr3-p9cf, this vulnerability enables remote code execution with web server privileges. Affected users should upgrade to version 9.5 or restrict web server write access to the LAM configuration directory.

Langflow (a visual LLM pipeline builder) contains a critical unauthenticated code execution vulnerability (CVE-2026-33017, CVSS 9.3) in the public flow build API that allows attackers to execute arbitrary Python code by supplying malicious flow data. KEV-listed with public PoC, this vulnerability enables anyone with network access to a Langflow instance to achieve server compromise through the API that builds public flows without authentication.

A critical authentication bypass vulnerability in AVideo's installation endpoint allows unauthenticated remote attackers to take over uninitialized deployments by completing the installation process with attacker-controlled credentials and database settings. The vulnerability affects AVideo installations where the configuration file does not exist (fresh deployments, container restarts without persistent storage, or re-deployments), enabling attackers to become the sole administrator with full control over the application. A detailed proof-of-concept is publicly available, and while no active exploitation has been reported in KEV, the vulnerability has a moderate EPSS score and requires only network access to exploit.

CVE-2026-32953 is a security vulnerability. Remediation should follow standard vulnerability management procedures. Vendor patch is available.

A trust boundary enforcement vulnerability in Kiro IDE allows remote attackers to execute arbitrary code when a local user opens a maliciously crafted project directory. The vulnerability affects all versions of Kiro IDE prior to 0.8.0 on all supported platforms and bypasses workspace trust protections designed to prevent unauthorized code execution. While not currently listed in CISA KEV or showing high EPSS scores, the vulnerability enables remote code execution through local user interaction.

A type confusion vulnerability in the EMF (Enhanced Metafile) functionality of Canva Affinity allows attackers to achieve arbitrary code execution through specially crafted EMF files. The vulnerability affects Affinity version 3.0.1.3808 and requires user interaction to trigger, as victims must open a malicious EMF file. With a CVSS score of 7.8 and local attack vector, this represents a significant risk for users handling untrusted graphic files, though no active exploitation or public POC has been reported.

An out-of-bounds write vulnerability in Canva Affinity's EMF file processing allows attackers to achieve code execution by crafting malicious EMF (Enhanced Metafile) image files. The vulnerability affects Affinity version 3.0.1.3808 and requires user interaction to open the malicious file, but then grants full system compromise with high impact to confidentiality, integrity, and availability. No evidence of active exploitation or public proof-of-concept exists, and the local attack vector with user interaction requirement reduces immediate risk.

A security vulnerability in A vulnerability exists in the Community Tier of Harden-Runner that (CVSS 4.9). Remediation should follow standard vulnerability management procedures.

A remote code execution vulnerability in A vulnerability exists in the Community Tier of Harden-Runner that (CVSS 2.7). Remediation should follow standard vulnerability management procedures.

Privilege escalation in Wazuh Manager versions 3.9.0 through 4.14.2 allows authenticated cluster nodes to achieve unauthenticated root code execution by exploiting insecure file permissions in the cluster synchronization protocol. An attacker with cluster node access can overwrite the manager's configuration file to inject malicious commands that are subsequently executed with root privileges by the logcollector service. This vulnerability affects multi-node Wazuh deployments and has no available patch.

Remote code execution in Atlassian Bamboo Data Center versions 9.6.0 through 12.1.0 allows authenticated attackers with high privileges to execute arbitrary code on affected systems with a CVSS score of 8.6. The vulnerability impacts multiple major versions with no patch currently available, requiring immediate upgrade to patched releases such as 9.6.24, 10.2.16, or 12.1.3. Organizations unable to upgrade should prioritize access controls for high-privileged accounts until remediation is possible.

A critical deserialization vulnerability in Wazuh's cluster mode allows attackers with access to any worker node to achieve remote code execution with root privileges on the master node. The vulnerability affects Wazuh versions 4.0.0 through 4.14.2 and poses severe risk to organizations using Wazuh in distributed deployments, as compromise of any single worker node can lead to full cluster takeover. While no active exploitation has been reported (not in KEV), proof-of-concept materials are publicly available via the Google Drive link in the advisory.

Unsafe deserialization in TYPO3's mail transport extension permits arbitrary code execution when an attacker with write access to the configured spool directory supplies malicious serialized objects during transport failure handling. The vulnerability stems from inadequate class whitelisting during deserialization and requires local filesystem access to exploit. No patch is currently available.

A critical unrestricted file upload vulnerability in Admidio's Documents & Files module allows authenticated users with upload permissions to bypass file extension restrictions by submitting an invalid CSRF token, enabling upload of PHP scripts that lead to Remote Code Execution. The vulnerability affects Admidio versions prior to the patch and has a published proof-of-concept demonstrating webshell upload and command execution. With a CVSS score of 8.8 and detailed exploitation steps available, this represents a high-priority risk for organizations using Admidio for document management.

An arbitrary file upload vulnerability in Chamilo LMS allows authenticated users with Teacher role to achieve Remote Code Execution by uploading malicious H5P packages. The flaw affects versions prior to 1.11.36 and stems from inadequate validation of H5P package contents, which only checks for h5p.json existence but fails to block .htaccess or PHP files with alternative extensions. With a CVSS score of 8.8 and high exploitation potential, attackers can upload webshells disguised as text files along with .htaccess configurations to bypass security controls.

SiYuan's mobile file tree fails to sanitize notebook names in WebSocket rename events, allowing authenticated users to inject arbitrary HTML and JavaScript that executes in other clients' browsers. When combined with Electron's insecure configuration (nodeIntegration enabled, contextIsolation disabled), this stored XSS escalates to remote code execution with full Node.js privileges on affected desktop and mobile clients. The vulnerability affects users with notebook rename permissions across Docker, Node.js, Python, and Apple platforms.

Remote code execution in Bedrock AgentCore Starter Toolkit versions before v0.1.13 allows unauthenticated attackers to inject malicious code during the build process by exploiting missing S3 ownership verification, affecting only users who built the toolkit after September 24, 2025. An attacker can achieve arbitrary code execution within the AgentCore Runtime environment. Users must upgrade to version v0.1.13 to remediate this vulnerability, as no patch is currently available for earlier versions.

A critical remote code execution vulnerability exists in the Fields plugin for GLPI that allows authenticated users with dropdown creation privileges to execute arbitrary PHP code on the server. The vulnerability affects Fields plugin versions prior to 1.23.3 and has a CVSS score of 9.1, indicating severe impact with the ability to compromise the entire system. While no active exploitation has been reported in KEV and no public proof-of-concept is mentioned, the straightforward attack vector and high privileges requirement suggest targeted insider threat or compromised account scenarios.

A security vulnerability in renders user-supplied template content (CVSS 8.5) that allows an authenticated user with access. High severity vulnerability requiring prompt remediation. Vendor patch is available.

The Glances system monitoring application accepts arbitrary HTTP Host headers on its REST API and WebUI endpoints, enabling DNS rebinding attacks that bypass browser same-origin policy and expose sensitive system data. While the MCP endpoint was recently hardened with host validation, the main FastAPI application for REST/WebUI/token routes lacks equivalent TrustedHostMiddleware protection, allowing attackers to rebind attacker-controlled domains to the victim's local Glances instance and read API responses as same-origin content. A proof-of-concept is code-validated through source inspection, and a patch is available in version 4.5.2 and later.

Authlib's OpenID Connect ID Token validation silently passes verification when encountering unsupported cryptographic algorithms, allowing attackers to bypass hash integrity checks on forged tokens. This fail-open behavior in the `_verify_hash` function affects applications using Authlib for OIDC authentication and could enable token forgery attacks. A patch is available.

Authlib's implementation of the JWE RSA1_5 key management algorithm contains a padding oracle vulnerability that leaks decryption failures through timing and exception patterns, allowing attackers to decrypt sensitive data without the private key. The library disabled the constant-time protections provided by the underlying cryptography library and raises exceptions before tag validation completes, creating a reliable side-channel. Public exploit code exists for this vulnerability affecting Authlib users in Python and related Oracle products.

Command injection in D-Link NAS devices (DNS-120, DNR-202L, DNS-315L, DNS-320 series, DNS-325 series, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05, and DNS-1550-04 up to firmware version 20260205) allows authenticated remote attackers to execute arbitrary commands through the /cgi-bin/download_mgr.cgi file's RSS management functions. Public exploit code exists for this vulnerability, and no patch is currently available.

Command injection in D-Link NAS devices (DNS-120, DNR-202L, DNS-315L, DNS-320 series, DNS-323-327L, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05, DNS-1550-04 through firmware version 20260205) allows authenticated remote attackers to execute arbitrary commands via the /cgi-bin/remote_backup.cgi backup scheduling functions. Public exploit code exists for this vulnerability and no patch is currently available.

Command injection in D-Link NAS devices (DNS-120, DNR-202L, DNS-315L, DNS-320 series, DNS-323 through DNS-1550-04 with firmware prior to 20260205) allows authenticated remote attackers to execute arbitrary commands via the /cgi-bin/wizard_mgr.cgi endpoint. Public exploit code is available and no patch is currently available for affected users.

This vulnerability in Mattermost allows unauthenticated attackers to achieve remote code execution and exfiltrate sensitive credentials through malicious plugin installation on CI test instances that retain default admin credentials. Affected versions include Mattermost 10.11.x through 10.11.10, 11.2.x through 11.2.2, and 11.3.0, with the core issue stemming from insufficient access controls on plugin installation combined with default credential exposure. An attacker can upload a malicious plugin after modifying the import directory to gain full system compromise and access AWS and SMTP credentials stored in configuration files.

A code injection vulnerability in Raytha CMS's Functions module allows privileged users to execute arbitrary .NET operations through unrestricted JavaScript code execution, effectively bypassing application sandboxing. The vulnerability affects Raytha CMS versions prior to 1.4.6 and enables authenticated administrators to compromise the application's hosting environment. No active exploitation has been reported (not in KEV), no public POC is available, and EPSS data is not yet available for this recently disclosed vulnerability.

A code injection vulnerability in SOLIDWORKS Desktop releases 2025 through 2026 allows attackers to execute arbitrary code on victim machines by tricking users into opening specially crafted files. The vulnerability requires local access and user interaction but provides complete system compromise with high impact to confidentiality, integrity, and availability (CVSS 7.8). No evidence of active exploitation or proof-of-concept code has been reported.

A DLL search order hijacking vulnerability in Thermalright TR-VISION HOME allows local attackers to execute arbitrary code with administrative privileges through DLL side-loading. The vulnerability affects versions up to 2.0.5 and occurs because the application loads DLLs using Windows' default search order without verifying integrity or signatures, allowing malicious DLLs placed in writable directories to be loaded when the application runs. No active exploitation has been reported (not in KEV), no public POC is available, and EPSS data is not yet available for this CVE.

An out-of-bounds write vulnerability (CWE-787) exists in OpenHarmony versions up to and including v5.1.0, enabling local attackers to execute arbitrary code within pre-installed applications. The vulnerability requires local access and low privileges but can result in complete confidentiality compromise. This is a memory corruption issue that, while restricted to specific scenarios, poses a meaningful risk to OpenHarmony device security given the local attack vector and high impact on confidentiality.

An out-of-bounds write vulnerability in OpenHarmony v5.1.0 and earlier versions allows local attackers with limited privileges to achieve arbitrary code execution within pre-installed applications through memory corruption. The vulnerability, tracked as CVE-2025-41432 and assigned CVSS 5.5, exploits CWE-787 (out-of-bounds write) and is limited to restricted attack scenarios that require local access and low privilege levels. While not currently listed in CISA's Known Exploited Vulnerabilities (KEV) catalog, the availability of vulnerability disclosure documentation and the nature of memory corruption bugs suggest heightened risk for motivated threat actors.

This vulnerability allows arbitrary code execution in OpenHarmony pre-installed applications through improper handling of incompatible types, enabling local attackers to escalate privileges and execute arbitrary code within the context of trusted system applications. Affected versions include OpenHarmony v5.0.3 through v5.1.0.x, impacting the core application framework across the OpenHarmony ecosystem. While the CVSS score of 6.3 reflects moderate severity, the vulnerability requires local access and high attack complexity, limiting real-world exploitability to restricted scenarios as noted by the vendor.

Command injection in D-Link NAS devices (DNS-320, DNS-327L, DNS-345 and others) through the time_machine.cgi script allows authenticated remote attackers to execute arbitrary commands with network access. Public exploit code exists for this vulnerability, and no patch is currently available.

Command injection in D-Link NAS devices (DNS-120, DNS-325, DNR-322L, DNS-327L and others) allows authenticated remote attackers to execute arbitrary commands through multiple user and group management CGI functions. Public exploit code exists for this vulnerability, and patches are not currently available. An attacker with valid credentials could leverage this to compromise the NAS system and potentially access or manipulate stored data.

Command injection in D-Link NAS devices (DNS-320, DNS-325, DNS-343, DNR-322L and others) through the /cgi-bin/system_mgr.cgi interface allows authenticated remote attackers to execute arbitrary commands. Public exploit code exists for this vulnerability, and no patch is currently available.

A security vulnerability in A vulnerability (CVSS 6.3). Risk factors: public PoC available.

A security vulnerability in A vulnerability (CVSS 6.3). Risk factors: public PoC available.

An unauthenticated arbitrary file upload vulnerability in Telesquare SKT LTE Router SDT-CS3B1 version 1.2.0 allows remote attackers to upload malicious files and execute code through improperly enabled WebDAV HTTP methods. Attackers can achieve remote code execution or denial of service without any authentication, making this a critical risk for exposed devices. Multiple proof-of-concept exploits are publicly available through security research publications.

A security vulnerability in A flaw (CVSS 6.3). Risk factors: public PoC available.

Command injection in D-Link DNS and DNR network attached storage devices allows authenticated remote attackers to execute arbitrary commands through multiple CGI functions in the network management interface. The vulnerability affects numerous models up to firmware version 20260205, and public exploit code is available. An attacker with valid credentials can leverage this to compromise device integrity and potentially access the network.

Command injection in bazinga012 mcp_code_executor up to version 0.3.0 allows local attackers with user-level privileges to execute arbitrary commands through the installDependencies function in src/index.ts. Public exploit code exists for this vulnerability, affecting Python and Node.js environments. A patch is available and should be applied to remediate this local privilege escalation risk.

The `flow/admin/moniteur.php` script in Use It Flow administration website before 10.0.0 is vulnerable to Remote Code Execution.

A command injection vulnerability in the minimal_wrapper.py component of kubectl-mcp-server v1.2.0 allows attackers to execute arbitrary commands via injecting arbitrary shell metacharacters.

A critical write-what-where memory corruption vulnerability exists in p2r3 Bareiron (commit 8e4d40) that allows unauthenticated remote attackers to write arbitrary values to memory locations, enabling arbitrary code execution through specially crafted network packets. The vulnerability carries a CVSS score of 9.8 and is remotely exploitable without authentication, though it is not currently listed in CISA KEV and has no EPSS score data available. A proof-of-concept appears to exist based on the GitHub reference to a dedicated CVE repository.

A local, non-privileged attacker can abuse a vulnerable IOCTL interface exposed by the OpenEDR 2.5.1.0 kernel driver to modify the DLL injection path used by the product.