Code Execution

An authenticated, remote attacker can exploit a vulnerability in Rancher to execute arbitrary program code and manipulate files, potentially leading to privilege escalation and system compromise.

An authenticated remote attacker can exploit multiple unspecified vulnerabilities in Langflow to achieve arbitrary code execution.

A local attacker can exploit a vulnerability in libexif to potentially execute arbitrary code, cause a denial of service, or disclose sensitive information.

Multiple vulnerabilities in GNU InetUtils allow a remote attacker to execute arbitrary code and disclose sensitive information.

A remote, anonymous attacker can exploit a vulnerability in the xz utility to achieve arbitrary code execution on affected systems.

A remote, authenticated attacker can exploit a vulnerability in MariaDB to perform a denial of service attack and potentially execute arbitrary program code.

A privileged remote attacker can exploit CVE-2026-7490 in Sunnet CTMS and CPAS to upload and execute web shell backdoors, leading to arbitrary code execution on the server.

A heap buffer overflow vulnerability exists in the WebRTC component of Google Chrome and Microsoft Edge (Chromium-based), potentially leading to code execution.

Multiple vulnerabilities in FreeBSD OS could allow an attacker to gain elevated privileges, execute arbitrary code, manipulate data, disclose sensitive information, or cause a denial of service.

Multiple vulnerabilities in Google Chrome could allow an attacker to execute arbitrary code, bypass security mechanisms, disclose and manipulate data, and cause a denial-of-service condition.

A sandbox escape vulnerability exists in n8n's Python Task Runner that allows an authenticated user with workflow creation/modification permissions to achieve arbitrary code execution on the task runner container, impacting n8n instances with the Python Task Runner enabled; upgrade to versions 1.123.32, 2.17.4, 2.18.1 or later to remediate the vulnerability.

Alloksoft Video Joiner 4.6.1217 is vulnerable to a local buffer overflow (CVE-2018-25315) allowing attackers to execute arbitrary code via a crafted license name.

Allok Soft WMV to AVI MPEG DVD WMV Converter 4.6.1217 is vulnerable to a buffer overflow, allowing local attackers to execute arbitrary code via a crafted License Name field.

Prime95 version 29.4b8 contains a local buffer overflow vulnerability, allowing attackers to execute arbitrary code by exploiting structured exception handling (SEH) mechanisms through a malicious payload in the PrimeNet proxy hostname field.

Free Download Manager 2.0 Built 417 contains a local buffer overflow vulnerability in the URL import functionality that allows attackers to trigger a structured exception handler (SEH) chain exploitation, leading to arbitrary code execution.

OpenClaw before 2026.3.24 is vulnerable to environment variable injection, allowing attackers to inject malicious environment variables through crafted workspace configurations in the CLI backend, leading to potential code execution or sensitive data exposure.

A remote, anonymous attacker can exploit multiple vulnerabilities in GNU libc to execute arbitrary program code, cause a denial-of-service condition, or disclose sensitive information.

Multiple vulnerabilities in Red Hat Enterprise Linux's LibRaw component allow a remote attacker to execute arbitrary code or cause a denial-of-service condition.

A DLL hijacking vulnerability in eMPIA Technology's AVACAST (CVE-2026-7279) allows authenticated local attackers to achieve arbitrary code execution with system privileges by placing a malicious DLL in a specific directory.

Multiple vulnerabilities in Atlassian Bamboo, Bitbucket, Confluence, and Jira allow attackers to execute arbitrary code, bypass security measures, manipulate data, disclose information, or perform cross-site scripting attacks.

A vulnerability in Claude Code allowed for trust dialog bypass via git worktree spoofing, potentially leading to arbitrary code execution by crafting a malicious repository with a `commondir` file pointing to a previously trusted path, bypassing the trust dialog, and executing malicious hooks defined in `.claude/settings.json`.

OpenClaw before 2026.3.31 allows attackers to execute arbitrary code by overriding the OPENCLAW_BUNDLED_HOOKS_DIR environment variable using a workspace .env file, enabling the loading of attacker-controlled hook code.

Multiple vulnerabilities in Microsoft Azure, Microsoft 365 Copilot, Microsoft Dynamics 365, and Microsoft Power Apps could allow an attacker to escalate privileges, execute arbitrary code, and conduct spoofing attacks.

Multiple vulnerabilities in Flowise allow an attacker to execute arbitrary code, bypass security measures, disclose information, and manipulate files.

An unauthenticated remote attacker can exploit an arbitrary file upload vulnerability (CVE-2026-6885) in Borg SPM 2007 to upload and execute web shell backdoors, leading to arbitrary code execution on the server.

LanSpy 2.0.1.159 is vulnerable to a local buffer overflow, allowing an attacker to overwrite the instruction pointer by providing a crafted payload to the scan field, potentially leading to code execution.

InstructLab is vulnerable to arbitrary code execution because the `linux_train.py` script hardcodes `trust_remote_code=True` when loading models from HuggingFace, allowing remote attackers to execute code by convincing a user to load a malicious model.

Multiple vulnerabilities in Fortinet FortiSandbox allow attackers to perform cross-site scripting attacks, disclose information, bypass security measures, and execute arbitrary code, potentially leading to system compromise.

Remote, anonymous attackers can exploit vulnerabilities in Red Hat Hardened Images RPMs to bypass security measures, cause denial of service, disclose sensitive information, or potentially execute code.

A remote, anonymous attacker can exploit multiple vulnerabilities in GIMP to execute arbitrary program code, potentially leading to system compromise.

A remote attacker can exploit a vulnerability in libarchive to achieve arbitrary code execution on a vulnerable system.

Multiple vulnerabilities in Microsoft Visual Studio, .NET Framework, .NET, PowerShell, and Visual Studio Code can be exploited by an attacker to disclose sensitive information, conduct spoofing attacks, cause a denial of service, or bypass security measures, potentially leading to arbitrary code execution.

OpenClaw before 2026.4.2 contains an improper trust boundary vulnerability (CVE-2026-41295) allowing attackers to execute unintended code by cloning a workspace with a malicious plugin claiming a bundled channel id.

Unrestricted access to the JVM via Spring Expression Language (SPeL) in Spinnaker's Echo service allows for arbitrary code execution, enabling attackers to invoke commands and access files.

A compromised SecureDrop server can achieve code execution on the SecureDrop client's virtual machine by exploiting improper filename validation during gzip archive extraction, allowing for the overwriting of critical files.

An authenticated user with CREATE FUNCTION privileges can exploit a path traversal vulnerability in Firebird versions prior to 5.0.4, 4.0.7, and 3.0.14, to load an arbitrary shared library leading to code execution as the server's OS account.

A type confusion vulnerability in Google Chrome's Turbofan component (CVE-2026-6301) allows a remote attacker to execute arbitrary code within a sandbox by exploiting a crafted HTML page, impacting system integrity and availability.

Creolabs Gravity before 0.9.6 is vulnerable to a heap buffer overflow in the gravity_vm_exec function, allowing attackers to achieve arbitrary code execution by crafting scripts with many string literals at global scope that exploit insufficient bounds checking in gravity_fiber_reassign().

CVE-2026-33827 is a race condition vulnerability in Windows TCP/IP that allows an attacker to execute arbitrary code over the network by exploiting improper synchronization during concurrent execution using shared resources.

CVE-2026-32149 is a vulnerability in Windows Hyper-V due to improper input validation, which allows an authorized, local attacker to execute arbitrary code.

CVE-2026-23657 is a use-after-free vulnerability in Microsoft Office Word allowing a local attacker to execute arbitrary code with user privileges.

A use-after-free vulnerability in Microsoft Office Word (CVE-2026-33095) could allow a local attacker to execute arbitrary code by opening a specially crafted document.

CVE-2026-32198 is a use-after-free vulnerability in Microsoft Office Excel that allows an attacker to execute code locally on a vulnerable system.

CVE-2026-32189 is a use-after-free vulnerability in Microsoft Excel that allows a local attacker to execute arbitrary code by exploiting memory corruption.

An improper input validation vulnerability (CVE-2026-33826) in Windows Active Directory could allow an authenticated attacker on an adjacent network to execute code.

An out-of-bounds read vulnerability (CVE-2026-27289) in Adobe Photoshop Desktop versions 27.4 and earlier allows for potential code execution via a crafted file, requiring user interaction to trigger the exploit.

An improper input validation vulnerability in Adobe ColdFusion versions 2023.18, 2025.6, and earlier (CVE-2026-27306) could lead to arbitrary code execution if a privileged user opens a specially crafted malicious file.

A heap-based buffer overflow vulnerability in Adobe Bridge versions 16.0.2, 15.1.4 and earlier can lead to arbitrary code execution if a user opens a malicious file.

A prototype pollution vulnerability in Adobe Acrobat Reader versions 26.001.21411, 24.001.30360, 24.001.30362 and earlier (CVE-2026-34622) allows for arbitrary code execution when a user opens a specially crafted malicious file.

A remote, anonymous attacker can exploit multiple vulnerabilities in Red Hat Ansible Automation Platform to perform denial of service, execute arbitrary code, bypass security measures, manipulate data, disclose information, or conduct XSS attacks.

CVE-2026-32156 is a use-after-free vulnerability in the Windows Universal Plug and Play (UPnP) Device Host service that allows an unauthorized attacker to execute code locally.

CVE-2026-32200 is a use-after-free vulnerability in Microsoft Office PowerPoint that allows an unauthorized attacker to achieve local code execution by enticing a user to open a specially crafted PowerPoint document.

A remote, anonymous attacker can exploit a vulnerability in libTIFF to potentially execute arbitrary code or cause a denial-of-service condition.

PraisonAI versions 4.5.138 and below are vulnerable to arbitrary code execution due to the unsanitized import of a malicious tools.py file, leading to potential system compromise.

HTML5 Video Player version 1.2.5 is vulnerable to a local buffer overflow, allowing attackers to execute arbitrary code by providing an oversized key code string through the Help Register dialog.

OpenClaw before 2026.3.24 is vulnerable to arbitrary code execution via local plugin and hook installation, where an attacker can craft a .npmrc file with a git executable override to execute malicious code during npm install.

A remote, anonymous attacker can exploit a vulnerability in IBM Semeru Runtime and IBM DB2 to execute arbitrary program code.

A local attacker can exploit a vulnerability in Vim to execute arbitrary code on a vulnerable system.

Multiple vulnerabilities in Zammad allow a remote attacker to execute arbitrary code, bypass security measures, disclose sensitive information, and perform cross-site scripting attacks.

MemProcFS before 5.17 is susceptible to DLL and shared-library hijacking due to unsafe library-loading patterns, allowing attackers to achieve arbitrary code execution by placing malicious libraries or manipulating the library search path.

A path traversal vulnerability exists in The Sleuth Kit through 4.14.0 (tsk_recover), enabling attackers to write files to arbitrary locations via crafted filenames with path traversal sequences in a filesystem image, potentially leading to code execution.

A vulnerability in mise allows an attacker who can place a malicious .mise.toml file in a repository to bypass trust checks and execute arbitrary code via `[env] _.source` due to improper loading of trust settings.

text-generation-webui versions prior to 4.1.1 are vulnerable to path traversal, allowing a high-privileged user to overwrite Python files and achieve arbitrary code execution by triggering the 'download-model.py' file through the application's 'Model' menu.

A critical vulnerability in Vim versions prior to 9.2.0276 allows arbitrary OS command execution via a crafted file that bypasses the modeline sandbox due to missing security checks, potentially leading to code execution.

R i386 version 3.5.0 is susceptible to a local buffer overflow in the GUI Preferences dialog, allowing a local attacker to overwrite the structured exception handler (SEH) by supplying a malicious string to the 'Language for menus and messages' field, leading to arbitrary code execution.

Snes9K 0.0.9z is vulnerable to a buffer overflow in the Netplay Socket Port Number field, enabling local attackers to execute arbitrary code via a crafted payload.

A path traversal vulnerability exists in prompts.chat prior to commit 0f8d4c3, allowing attackers to write arbitrary files to the client system by crafting malicious ZIP archives with unsanitized filenames.

BentoML versions 1.4.37 and earlier are vulnerable to server-side template injection (SSTI), where the Dockerfile generation function uses an unsandboxed jinja2.Environment allowing arbitrary Python code execution on the host machine when a malicious bento archive is imported and containerized, bypassing container isolation and potentially granting full access to the host filesystem and environment variables.

CVE-2026-5429 is a code execution vulnerability in Kiro IDE before version 0.8.140 that allows a remote, unauthenticated attacker to execute arbitrary code by exploiting a crafted color theme name when a local user opens a workspace.

goshs versions 1.1.0 to before 2.0.0-beta.2 are vulnerable to authentication bypass via Share Token, potentially allowing code execution (CVE-2026-34581).

V-SFT versions 6.2.10.0 and prior are susceptible to a stack-based buffer overflow vulnerability that could allow arbitrary code execution when a malicious V7 file is opened.

Goshs is vulnerable to an authentication bypass via share tokens, allowing attackers to bypass authentication checks by using a valid share token in conjunction with other functionalities like WebSocket connections to gain unauthorized access and execute arbitrary commands on the server.

A remote, anonymous attacker can exploit a vulnerability in gdk-pixbuf to cause a denial of service and potentially execute arbitrary code.

Multiple vulnerabilities in 7-Zip allow an attacker to execute arbitrary program code with the privileges of the service, potentially leading to system compromise.

Multiple vulnerabilities in PowerDNS could be exploited by an attacker to disclose information, bypass security measures, cause a denial of service, and potentially execute code.

A local attacker can exploit a vulnerability in libxslt on Red Hat Enterprise Linux to cause a denial of service or execute arbitrary program code.

CVE-2026-3779 is a use-after-free vulnerability in a Foxit application where stale references to page/form objects can lead to arbitrary code execution via crafted documents.

CVE-2026-5190 is an out-of-bounds write vulnerability in the aws-c-event-stream library before version 0.6.0 that allows a malicious third-party server to cause memory corruption and potential arbitrary code execution on client applications.

UXGROUP LLC Cast to TV Screen Mirroring v2.2.77 is vulnerable to arbitrary file overwrite (CVE-2026-30282) via the file import process, allowing attackers to overwrite critical internal files and potentially achieve arbitrary code execution or information exposure.

OpenClaw before 2026.3.11 exhibits an approval-integrity vulnerability where attackers can place wrapper binaries to execute local code after operators approve misleading command text, due to the system displaying extracted shell payloads instead of the actual executed arguments.

Vim versions before 9.2.0272 allow code execution upon opening a specially crafted file due to %{expr} injection in tabpanel lacking P_MLE in the default configuration, potentially leading to arbitrary code execution.

Multiple vulnerabilities in Wazuh allow an attacker to perform denial-of-service attacks, execute arbitrary code, manipulate data, and disclose sensitive information, potentially leading to significant data breaches and system compromise.

Multiple vulnerabilities in Grafana allow a remote attacker to conduct a denial-of-service attack, execute code, or disclose information.

Multiple vulnerabilities in NGINX Plus and NGINX can be exploited by an attacker to perform a denial of service attack, manipulate data, bypass security measures, and potentially execute arbitrary program code, leading to significant impact.

Gigabyte Control Center has an Arbitrary File Write vulnerability (CVE-2026-4415) that allows unauthenticated remote attackers to write arbitrary files to any location on the underlying operating system, leading to arbitrary code execution or privilege escalation.

OpenClaw before 2026.3.11 is vulnerable to an approval integrity issue (CVE-2026-32979) allowing attackers to execute arbitrary code by modifying approved local scripts before they are executed.

SC v7.16 is vulnerable to a stack-based buffer overflow, allowing local attackers to execute arbitrary code by providing oversized input exceeding 1052 bytes, leading to potential arbitrary code execution.

EChat Server 3.1 is vulnerable to a buffer overflow in the chat.ghp endpoint, allowing remote attackers to execute arbitrary code by sending a crafted GET request with an oversized username parameter.

Multi Emulator Super System 0.154-3.1 is vulnerable to a buffer overflow (CVE-2016-20039) allowing local attackers to achieve arbitrary code execution by supplying a malicious gamma parameter, leading to potential system compromise.

A stack-based buffer overflow vulnerability exists in xwpe version 1.5.30a-2.1 and prior, allowing a local attacker to execute arbitrary code or cause denial of service by supplying a crafted command-line argument with an overly long input string.

Cisco Talos disclosed multiple vulnerabilities in Canva Affinity, TP-Link Archer AX53, and HikVision Ultra Face Recognition Terminal products which could lead to sensitive information disclosure, arbitrary code execution, or credentials leak if exploited.

A SpEL injection vulnerability exists in Spring AI's SimpleVectorStore when a user-supplied value is used as a filter expression key, potentially allowing malicious actors to execute arbitrary code in vulnerable applications.

A stack-based buffer overflow vulnerability exists in EVerest's IsoMux certificate filename handling before version 2026.02.0, potentially allowing code execution via a crafted filename.

Multiple vulnerabilities exist in GnuPG and Gpg4win that could allow a remote attacker to execute arbitrary code or cause a denial-of-service condition.

A remote attacker can exploit a heap buffer overflow vulnerability (CVE-2026-4673) in Google Chrome's WebAudio component before version 146.0.7680.165 by crafting a malicious HTML page, potentially leading to an out-of-bounds memory write and arbitrary code execution.

A vulnerability in Langflow allows an attacker to execute arbitrary code, potentially leading to system compromise.

Multiple vulnerabilities in Redis allow an attacker to execute arbitrary program code and perform a denial-of-service attack.

Multiple vulnerabilities in Red Hat Developer Hub allow a remote attacker to perform denial of service, execute arbitrary code, bypass security measures, and manipulate data.

An anonymous remote attacker can exploit multiple vulnerabilities in IBM Tivoli Netcool/OMNIbus to achieve arbitrary code execution, information disclosure, file manipulation, or denial of service.

An authenticated remote attacker can exploit vulnerabilities in Asterisk and Digium Certified Asterisk to achieve arbitrary code execution, denial of service, or information disclosure.

A remote, authenticated attacker can exploit a vulnerability in Red Hat Enterprise Linux (specifically 389-ds-base) to achieve arbitrary code execution and potentially cause a denial of service.

Multiple vulnerabilities in vim allow a local attacker to execute arbitrary code, cause a denial-of-service condition, or manipulate data.

Multiple vulnerabilities in Langflow could be exploited by an attacker to execute arbitrary program code, disclose information, and potentially manipulate data, leading to potential system compromise.

Multiple vulnerabilities in GStreamer allow a remote, anonymous attacker to cause a denial-of-service condition, memory corruption, and potentially execute arbitrary code.

A remote, authenticated attacker can exploit multiple vulnerabilities in Cpython to manipulate files or execute arbitrary code.

A local attacker can exploit a vulnerability in GNU libc to execute arbitrary program code on Linux systems.

A vulnerability in libpng allows a remote, anonymous attacker to potentially execute arbitrary code, disclose sensitive information, or cause a denial-of-service condition.

Tabs Mail Carrier 2.5.1 is vulnerable to a buffer overflow in the MAIL FROM SMTP command, allowing remote attackers to execute arbitrary code by sending a crafted MAIL FROM parameter with an oversized buffer to overwrite the EIP register and execute a bind shell payload via port 25.

X-NetStat Pro 5.63 contains a local buffer overflow vulnerability (CVE-2019-25637) allowing local attackers to execute arbitrary code by overwriting the EIP register.

Base64 Decoder 1.1.2 is vulnerable to a stack-based buffer overflow (CVE-2019-25634) allowing local attackers to achieve arbitrary code execution via a crafted input file that triggers an SEH overwrite.

A local attacker can exploit multiple vulnerabilities in OpenSSH to execute arbitrary code, potentially leading to privilege escalation and system compromise.

Multiple vulnerabilities in libpng allow a remote, anonymous attacker to perform denial of service attacks and execute arbitrary code.

A remote, anonymous attacker can exploit a vulnerability in GIMP to execute arbitrary code on a targeted system.

A remote, anonymous attacker can exploit multiple vulnerabilities in FreeRDP to cause a denial of service or potentially execute arbitrary program code.

A local attacker can exploit a vulnerability in libxslt in Red Hat Enterprise Linux to execute arbitrary program code or manipulate files.

FTP Shell Server 6.83 contains a buffer overflow vulnerability (CVE-2019-25619) in the 'Account name to ban' field, enabling a local attacker to execute arbitrary code by injecting shellcode through a crafted string in the Manage FTP Accounts dialog.

TuneClone 2.20 is vulnerable to a structured exception handler (SEH) buffer overflow, allowing local attackers to execute arbitrary code by supplying a malicious license code string via the application's license registration feature.

A server-side template injection vulnerability in LiteLLM versions 1.80.5 to before 1.83.7 allows authenticated users to execute arbitrary code within the LiteLLM Proxy process via a crafted prompt template, potentially exposing sensitive information and enabling command execution on the host.

An authenticated remote attacker can exploit a vulnerability in Grafana to execute arbitrary code, potentially leading to system compromise and data exfiltration.

CI4MS versions 0.26.0.0 through 0.31.6.0 are vulnerable to remote code execution; an authenticated backend user with theme upload permissions can upload a crafted ZIP file containing a PHP file, which is then installed into the web-accessible public directory without filtering, allowing direct execution via HTTP.

i18next-fs-backend versions before 2.6.4 are vulnerable to path traversal due to insufficient sanitization of the lng and ns values, potentially allowing attackers to read arbitrary files, overwrite files, or execute code if .js or .ts locale files are in use.

A vulnerability in GitPython versions prior to 3.1.47 allows for command execution during repository cloning by manipulating the `multi_options` parameter to inject malicious Git configurations, such as `core.hooksPath`, leading to the execution of attacker-controlled hooks.