Remote-Code-Execution

The `Oj.dump` function in the `Oj` Ruby gem is vulnerable to a stack-based buffer overflow (CVE-2026-54502) due to improper validation of the `:indent` parameter, allowing an attacker to trigger a process crash or potentially remote code execution by providing an excessively large integer value, affecting all `Oj` gem versions prior to `3.17.2`.

A policy bypass vulnerability in PraisonAI (CVE-NONE) allows untrusted recipes to self-approve and execute default-denied critical shell tools, such as `execute_command`, by declaring them in `workflow.yaml` instead of `TEMPLATE.yaml requires.tools`, leading to arbitrary command execution with the privileges of the PraisonAI process.

CERT-FR has disclosed 31 vulnerabilities in various Microsoft Office products, including CVE-2026-44803 and CVE-2026-47635, which could allow remote code execution, privilege escalation, and data confidentiality compromise.

Multiple critical vulnerabilities (CVE-2025-67862, CVE-2026-25089, CVE-2026-49938) have been discovered across Fortinet products including FortiOS, FortiPortal, FortiProxy, and FortiSandbox, enabling unauthenticated attackers to achieve remote arbitrary code execution and compromise data confidentiality.

A critical remote code execution vulnerability, tracked as CVE-2026-44963, has been discovered in Veeam Backup & Replication versions prior to 12.3.2.4854, which could allow an unauthenticated attacker to execute arbitrary code on affected systems, leading to full compromise of the backup infrastructure and potential data exfiltration or destruction.

A stack-based buffer overflow vulnerability (CVE-2026-10292) exists in the strcpy function of /goform/formTaskEdit in UTT HiPER 1200GW up to version 2.5.3-170306, allowing for remote code execution.

A stack-based buffer overflow vulnerability, CVE-2026-10187, exists in the setWiFiBasicConfig function of the wireless.so file in the Web Management Interface of Totolink N300RH version 6.1c.1353_B20190305, allowing a remote attacker to execute arbitrary code by manipulating the KeyStr argument.

A stack-based buffer overflow vulnerability (CVE-2026-10123) exists in TRENDnet TEW-432BRP version 3.10B20 within the formSetDomainFilter function, allowing a remote attacker to execute arbitrary code by manipulating specific arguments in a request to /goform/formSetDomainFilter.

SIM-PKH 2.4.1 contains an arbitrary file upload vulnerability (CVE-2018-25409) that allows authenticated attackers to upload malicious PHP files via the fupload parameter through the aksi_pengurus.php endpoint, leading to remote code execution.

A public exploit demonstrates improper privilege management in Apache CouchDB (CVE-2017-12635) leading to privilege escalation, which can be combined with CVE-2017-12636 for remote code execution by modifying server configurations via the HTTP API.

Dulwich versions before 1.2.5 are vulnerable to an arbitrary file write leading to remote code execution on Windows systems when cloning or checking out a malicious Git repository due to improper path validation, as tracked by CVE-2026-42305.

The GutenBee – Gutenberg Blocks plugin for WordPress is vulnerable to arbitrary file upload, allowing authenticated attackers with author-level access to achieve remote code execution by uploading executable files with double extensions.

Pimcore v11 and earlier is vulnerable to unsafe PHP deserialization in multiple locations due to missing `allowed_classes` restrictions when calling `unserialize()` on data from database columns and filesystem files; an attacker with control over serialized data sources (e.g., via SQL injection or file write vulnerabilities) can inject PHP gadget chains, leading to remote code execution.

IBM Aspera High-Speed Transfer Endpoint and Server are vulnerable to a buffer overflow in the asperahttpd component, potentially leading to denial of service, authentication bypass, or remote code execution.

A remote, anonymous attacker can exploit a vulnerability in 7-Zip to execute arbitrary program code on Windows, Linux, and macOS systems.

A buffer overflow vulnerability exists in the AdminCenter component of Synology BeeStation Manager (BSM) and BeeStation OS before version 1.3.2-65648, allowing remote attackers to execute arbitrary code through unspecified vectors (CVE-2025-12686).

IBM HTTP Server 8.5 and 9.0 are vulnerable to a heap-based buffer overflow, allowing a privileged, authenticated user to execute arbitrary code or cause a denial of service.

CVE-2026-23652 is a critical command injection vulnerability in Microsoft Power Pages, allowing an unauthorized attacker to execute arbitrary code over the network by injecting commands.

A remote buffer overflow vulnerability (CVE-2026-9381) exists in the `formPPPoESetup` function of the Edimax BR-6675nD 1.12 router's web management interface, allowing unauthenticated attackers to potentially execute arbitrary code by manipulating the `pppUserName` argument in a POST request.

A vulnerability in NousResearch hermes-agent up to version 2026.4.16 allows for remote exploitation of the execute_code function, leading to a sandbox escape.

A remote code injection vulnerability (CVE-2026-9353) exists in NousResearch hermes-agent up to version 2026.4.23, allowing attackers to inject malicious code by manipulating the THREAT_PATTERNS argument in the Skills Guard Multi-Word Prompt Handler component.

LMDeploy <= 0.12.3 is vulnerable to remote code execution (CVE-2026-46517) because it hardcodes `trust_remote_code=True` when calling `transformers.AutoConfig.from_pretrained()`, allowing a malicious Hugging Face repository to execute arbitrary Python code when loaded without user opt-out.

Windows-MCP versions prior to 0.7.5 are vulnerable to unauthenticated PowerShell control via HTTP transports due to wildcard CORS and missing authentication, allowing a remote attacker to execute arbitrary PowerShell commands as the user running Windows-MCP.

A remote, anonymous attacker can exploit a vulnerability in vllm to achieve arbitrary code execution.

A remote, authenticated attacker can exploit a vulnerability in vllm and PyTorch to cause a denial-of-service condition or potentially achieve remote code execution.

Adobe Acrobat and Reader contain a heap-based buffer overflow vulnerability, tracked as CVE-2009-3459, that could allow remote attackers to execute arbitrary code via a crafted PDF file.

Microsoft Internet Explorer is vulnerable to a use-after-free vulnerability (CVE-2010-0249) that allows remote attackers to execute arbitrary code by accessing a pointer associated with a deleted object.

A use-after-free vulnerability in the DNS-over-HTTPS implementation of BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1 could allow an attacker to cause a denial of service or potentially execute arbitrary code.

The Penpot MCP module's ReplServer binds to all interfaces and exposes an unauthenticated /execute endpoint, allowing remote attackers to execute arbitrary code by sending a POST request with JavaScript code, leading to potential information disclosure and command execution.

The Shai-Hulud campaign is back and targets maintainer accounts to publish malicious code directly into the software supply chain via npm, recently hitting the Ant Design (AntV) ecosystem and potentially exposing downstream developers to credential theft and remote code execution.

A remote buffer overflow vulnerability exists in the UpdateWanParams function of the /goform/aspForm file in H3C Magic B3 devices up to version 100R002, which can be exploited by manipulating the 'param' argument, leading to potential remote code execution.

HS Brand Logo Slider version 2.1 contains an unrestricted file upload vulnerability (CVE-2020-37227) allowing authenticated users to bypass client-side validation and upload arbitrary files, leading to remote code execution by intercepting upload requests and renaming files to executable extensions.

jsonpickle version 2.0.0 contains a remote code execution vulnerability, allowing attackers to execute arbitrary Python commands by deserializing malicious JSON payloads containing py/repr objects, which invoke the eval function.

Two distinct flaws in the `splitPos()` function in `cgi.go` allows an attacker to mislead FrankenPHP into treating a non-`.php` file as a `.php` script, leading to remote code execution where the attacker can control file content.

A remote code execution vulnerability exists in Remote Sunrise Helper for Windows version 2026.14, which can be exploited without authentication, as demonstrated by a public exploit published on Exploit-DB.

A remote, anonymous attacker can exploit a vulnerability in Apache Camel to execute arbitrary program code with the privileges of the service.

Vvveb before 1.0.8.3 is vulnerable to unrestricted file upload, allowing super_admin users to execute arbitrary PHP code by uploading a malicious plugin ZIP file containing PHP code which is then accessible via HTTP requests.

A heap-based buffer overflow vulnerability in Siemens Simcenter Femap, tracked as CVE-2025-12659, can be exploited by tricking a user into opening a malicious IPT file, leading to remote code execution.

Flowise versions 3.1.1 and earlier are vulnerable to remote code execution (RCE) due to multiple MCP security bypasses, allowing attackers to execute arbitrary commands on the Flowise server by exploiting blocklist weaknesses in docker build, npx, and node command handling.

The Career Section plugin for WordPress is vulnerable to arbitrary file upload in versions up to 1.7 due to missing file type validation in the CV upload handler, potentially leading to remote code execution.

An unauthenticated remote code injection vulnerability (CVE-2026-44672) exists in Mapfish Print's Dynamic table functionality, allowing attackers to execute arbitrary code on the server.

CVE-2026-42833 is a critical vulnerability in Microsoft Dynamics 365 (on-premises) allowing an authorized attacker with high privileges to execute arbitrary code over the network due to execution with unnecessary privileges.

CVE-2026-41096 is a critical heap-based buffer overflow vulnerability in Microsoft Windows DNS that allows an unauthenticated attacker to achieve remote code execution over a network.

Detects suspicious behavior related to SolarWinds Web Help Desk, specifically the loading of untrusted native modules (DLLs) or the spawning of suspicious child processes (cmd, PowerShell, rundll32) by the Java process, potentially indicating exploitation of deserialization vulnerabilities CVE-2025-40536 and CVE-2025-40551.

A remote, anonymous attacker can exploit multiple vulnerabilities in Red Hat Enterprise Linux to execute arbitrary code or cause a denial-of-service condition.

CVE-2026-44477 allows a low-privileged database user to escalate to PostgreSQL superuser and achieve OS command execution as the `postgres` user within the primary pod by exploiting the metrics exporter's superuser connection via custom metric queries or the default configuration.

WordPress MStore API 2.0.6 contains an arbitrary file upload vulnerability, allowing unauthenticated attackers to upload malicious files via POST requests to the REST API, leading to remote code execution.

Snipe-IT versions prior to 8.4.1 are vulnerable to remote code execution due to insecure permissions on file uploads, where an attacker can upload arbitrary files and execute code on the server.

A remote code execution vulnerability exists in Electerm versions 3.7.8 and earlier, where a malicious SSH server can inject arbitrary commands into a victim's system by crafting filenames with shell metacharacters that are executed when the user attempts to open or edit the file using the 'open with system editor' or 'edit with custom editor' feature.

A buffer overflow vulnerability (CVE-2026-8137) exists in the Totolink X5000R router version 9.1.0u.6369_B20230113, allowing remote attackers to execute arbitrary code via manipulation of the 'submit-url' argument in the /boafrm/formDdns file.

CVE-2026-7928 is a use-after-free vulnerability in the WebRTC component of Chromium, affecting Google Chrome and Microsoft Edge (Chromium-based) and potentially allowing for arbitrary code execution.

AI coding agents like Claude Code, Gemini CLI, Cursor CLI, and GitHub Copilot Agents can be manipulated to introduce malicious code into software supply chains by accessing attacker-controlled repositories, leading to potential remote code execution and supply chain compromises.

Cisco released security advisories on May 6, 2026, addressing vulnerabilities including remote code execution, server-side request forgery, and denial of service in Crosswork Network Controller, IoT Field Network Director, Network Services Orchestrator, SG350/SG350X Managed Switches, and Unity Connection.

A remote buffer overflow vulnerability exists in the sprintf function of the /user_group.asp file within the CGI Handler component of D-Link DI-8100 version 16.07.26A1, potentially leading to arbitrary code execution.

Eclipse Equinox OSGi 3.7.2 and earlier is vulnerable to remote code execution, allowing unauthenticated attackers to execute arbitrary commands by sending specially crafted payloads to the console interface, potentially leading to reverse shell creation.

Funadmin versions up to 7.1.0-rc6 are vulnerable to unrestricted file uploads due to improper handling of the File argument in the UploadService::chunkUpload function, potentially leading to remote code execution.

A buffer overflow vulnerability exists in Totolink WA300 version 5.2cu.7112_B20190227 within the loginauth function of the /cgi-bin/cstecgi.cgi file, specifically affecting the POST Request Handler component, triggerable via manipulation of the http_host argument, and remotely exploitable with a publicly available exploit.

A remote buffer overflow vulnerability exists in the UploadCustomModule function of the /cgi-bin/cstecgi.cgi file in the POST Request Handler component of Totolink WA300 version 5.2cu.7112_B20190227, which can be exploited by manipulating the File argument.

A buffer overflow vulnerability exists in Shenzhen Libituo Technology LBT-T300-HW1 version 1.2.8 and earlier, allowing remote attackers to execute arbitrary code by manipulating the Channel/ApCliSsid argument in the start_lan function of the /apply.cgi file.

CVE-2026-7333 is a use-after-free vulnerability in the GPU component of Chromium, affecting Google Chrome and Microsoft Edge, potentially leading to arbitrary code execution.

CVE-2026-7338 is a use-after-free vulnerability in the Cast component of Chromium, affecting Google Chrome and Microsoft Edge, potentially leading to arbitrary code execution.

A buffer overflow vulnerability (CVE-2026-7503) exists in code-projects Plugin 4.1.2cu.5137, allowing a remote attacker to execute arbitrary code by manipulating the 'wepkey2' argument in the 'setWiFiMultipleConfig' function of the '/lib/cste_modules/wireless.so' library, posing a critical risk due to publicly available exploits.

A buffer overflow vulnerability in UTT HiPER 1250GW devices (versions up to 3.2.7-210907-180535) allows remote attackers to execute arbitrary code by manipulating the 'Profile' argument in the `strcpy` function of the `route/goform/ConfigAdvideo` file, due to insufficient bounds checking.

A remote buffer overflow vulnerability exists in the UTT HiPER 1250GW device due to improper handling of the 'Profile' argument in the NTP configuration, potentially allowing for arbitrary code execution.

A buffer overflow vulnerability in Tenda F456 version 1.0.0.5 allows remote attackers to execute arbitrary code via a crafted request to the fromWrlclientSet function in the /goform/WrlclientSet file of the httpd component.

A buffer overflow vulnerability in Tenda F456 router version 1.0.0.5 allows a remote attacker to execute arbitrary code by exploiting the fromSafeClientFilter function in the /goform/SafeClientFilter endpoint through manipulation of the 'menufacturer/Go' argument.

Ray Data is vulnerable to remote code execution via Parquet Arrow Extension Type Deserialization; specifically, a maliciously crafted Parquet file can trigger arbitrary code execution due to the unsafe deserialization of Arrow extension metadata, affecting Ray versions 2.49.0 through 2.54.0.

A remote code execution vulnerability exists in OpenMage LTS versions prior to 20.16.1 due to Phar deserialization, where an attacker can upload a malicious phar file disguised as an image and trigger deserialization via functions like `getimagesize()`, `file_exists()`, or `is_readable()` when processing `phar://` stream wrapper paths, leading to arbitrary code execution.

A code injection vulnerability exists in modelscope agentscope up to version 1.0.18, specifically affecting the execute_python_code/execute_shell_command functions, allowing for remote code execution.

Microsoft's April 2026 Patch Tuesday addresses 163 vulnerabilities, including 8 critical ones, ranging from Tampering to Remote Code Execution and Privilege Escalation, affecting various Microsoft products; it is recommended to apply patches immediately.

Openfind MailGates/MailAudit is vulnerable to a stack-based buffer overflow (CVE-2026-6350) allowing unauthenticated remote attackers to execute arbitrary code by controlling the program's execution flow.

A double free vulnerability in the Windows IKE Extension, tracked as CVE-2026-33824, allows an unauthenticated remote attacker to execute arbitrary code over the network.

PraisonAI versions before 4.5.139 and praisonaiagents versions before 1.5.140 are vulnerable to unauthenticated remote session hijacking due to missing authentication and a bypassable origin check on the /ws WebSocket endpoint, enabling unauthorized remote control and data leakage.

Smart Slider 3 Pro version 3.5.1.35 for WordPress and Joomla contains a multi-stage remote access toolkit injected through a compromised update system allowing unauthenticated remote code execution and system takeover.

CVE-2026-33466 describes a vulnerability in Logstash where improper validation of file paths within compressed archives allows arbitrary file writes, potentially leading to remote code execution.

The Gerador de Certificados – DevApps WordPress plugin is vulnerable to arbitrary file uploads due to missing file type validation, potentially leading to remote code execution.

Windmill versions 1.56.0 through 1.614.0 contain a missing authorization vulnerability (CVE-2026-22683) that allows users with the Operator role to bypass intended restrictions and perform unauthorized entity creation and modification actions via the backend API, potentially leading to privilege escalation and remote code execution.

A stack-based buffer overflow vulnerability (CVE-2026-5686) exists in the Tenda CX12L router version 16.03.53.12, allowing remote attackers to potentially execute arbitrary code by manipulating the 'page' argument in the `/goform/RouteStatic` endpoint.

Emlog versions 2.6.2 and prior are vulnerable to path traversal via crafted ZIP uploads, allowing authenticated admins to write arbitrary files and achieve remote code execution.

A remote heap-based buffer overflow vulnerability exists in Cesanta Mongoose versions up to 7.20 due to improper handling of the pubkey argument in the mg_tls_recv_cert function, potentially leading to code execution.

A remote, anonymous attacker can exploit multiple vulnerabilities in libpng to execute arbitrary program code or cause a denial of service.

OpenClaw before 2026.3.11 is vulnerable to privilege escalation in the device.token.rotate function, allowing attackers with limited operator.pairing scope to mint tokens with elevated operator.admin privileges, potentially leading to remote code execution.

Crashmail 1.6 is vulnerable to a stack-based buffer overflow, allowing remote attackers to execute arbitrary code via malicious input and potentially leading to denial of service.

A buffer overflow vulnerability in Totolink LR350 version 9.3.5u.6369_B20220309 allows a remote attacker to execute arbitrary code by manipulating the 'ssid' argument in the setWiFiGuestCfg function.

The WP Job Portal plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation, allowing authenticated attackers with subscriber-level access or higher to delete arbitrary files, potentially leading to remote code execution.

A heap buffer overflow vulnerability (CVE-2026-4675) exists in Google Chrome's WebGL implementation prior to version 146.0.7680.165, allowing a remote attacker to perform an out-of-bounds memory read via a specially crafted HTML page, potentially leading to information disclosure or arbitrary code execution.

Multiple vulnerabilities in Apache Tomcat can be exploited by a remote, authenticated or anonymous attacker to execute arbitrary code, bypass security measures, manipulate data, and cause a denial of service.

A remote, authenticated attacker can exploit an arbitrary file upload vulnerability in Census CSWeb 8.0.1 (CVE-2025-60947) to upload malicious files, potentially leading to remote code execution.

A stack-based buffer overflow vulnerability (CVE-2026-4567) exists in the UploadCfg function of the /cgi-bin/UploadCfg file in Tenda A15 firmware version 15.13.07.13, allowing remote attackers to execute arbitrary code by manipulating the File argument.

Multiple vulnerabilities in GStreamer allow a remote, anonymous attacker to cause a denial-of-service condition or execute arbitrary code.

CVE-2024-1708 is a path traversal vulnerability in ConnectWise ScreenConnect that could allow an attacker to execute remote code or directly impact confidential data and critical systems.

A vulnerability in gitoxide's `gix_submodule::File::update()` allows arbitrary command execution via a crafted `.gitmodules` file by incorrectly validating the source of the `update` command, enabling an attacker to inject malicious commands after a submodule has been initialized.

FUXA 1.2.8 and earlier is vulnerable to an authentication bypass vulnerability (CVE-2025-69985) that allows remote command execution by exploiting the /api/runscript endpoint with a crafted JavaScript payload.

Xerte Online Toolkits 3.15 and earlier are vulnerable to relative path traversal, allowing attackers to move files and potentially achieve remote code execution.

A vulnerability exists in vm2 version 3.10.5 where NodeVM's `require.root` path restriction can be bypassed using filesystem symlinks, allowing sandboxed code to load modules from outside the allowed root directory in host context, leading to remote code execution.

CVE-2023-21716 is a critical heap-based buffer overflow vulnerability in Microsoft Word 2016's RTF parser, triggered by a malformed RTF file, leading to remote code execution on Windows 7.

D-Link DI-8100 version 16.07.26A1 is vulnerable to a remote buffer overflow in the `sprintf` function within the `/auto_reboot.asp` file's HTTP handler component due to improper handling of the `enable/time` argument, potentially leading to arbitrary code execution.

A newline injection vulnerability in GitPython's `config_writer().set_value()` function enables remote code execution by manipulating the `core.hooksPath` Git configuration.

A critical vulnerability, CVE-2025-62373, exists in Pipecat's LivekitFrameSerializer where the deserialize() method uses Python's pickle.loads() on WebSocket data without validation, allowing a malicious WebSocket client to execute arbitrary code on the Pipecat server if LivekitFrameSerializer is explicitly enabled.