Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Tag: rce Clear
ID Title
CVE-2026-36387 Unrestricted File Upload in CVE-2026-36387 (CVE-2026-36387)
vulnerability in CVE-2026-36387 (CVE-2026-36387). Risk of unauthorized operations or information disclosure.
CVE-2025-63703 Vulnerability in npm (CVE-2025-63703)
vulnerability in npm (CVE-2025-63703). Successful exploitation can lead to full system takeover.
CVE-2025-63706 Code Injection in npm (CVE-2025-63706)
code injection in npm (CVE-2025-63706). Successful exploitation can lead to full system takeover.
CVE-2026-8094 Code Injection in firefox (CVE-2026-8094)
code injection in firefox (CVE-2026-8094). Successful exploitation can lead to full system takeover.
CVE-2025-1978 Code Injection in hitachi (CVE-2025-1978)
code injection in hitachi (CVE-2025-1978). Risk of unauthorized operations or information disclosure.
CVE-2026-44513 Code Injection in diffusers (CVE-2026-44513)
code injection in diffusers (CVE-2026-44513). Successful exploitation can lead to full system takeover. Exploitable via ``trust_remote_code``. Mitigation: upgrade to `0.38.0` or later.
CVE-2026-44827 Code Injection in diffusers (CVE-2026-44827)
code injection in diffusers (CVE-2026-44827). Successful exploitation can lead to full system takeover. Exploitable via ``DiffusionPipeline.from_pretrained``. Mitigation: upgrade to `0.38.0` or later.
CVE-2026-6973 KEV [KEV] Vulnerability in Ivanti endpoint-manager-mobile-epmm (CVE-2026-6973)
vulnerability in Ivanti endpoint-manager-mobile-epmm (CVE-2026-6973). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2026-43208 Vulnerability in linux (CVE-2026-43208)
vulnerability in linux (CVE-2026-43208). Successful exploitation can lead to full system takeover.
CVE-2026-43205 In the Linux kernel, the following vulnerability has been resolved: dpaa2-switch: validate...
In the Linux kernel, the following vulnerability has been resolved: dpaa2-switch: validate...
CVE-2026-43197 Vulnerability in linux (CVE-2026-43197)
vulnerability in linux (CVE-2026-43197). Confidential information can be exposed externally.
CVE-2026-43185 Vulnerability in linux (CVE-2026-43185)
vulnerability in linux (CVE-2026-43185). Successful exploitation can lead to full system takeover.
CVE-2026-43125 Out-of-Bounds Write in linux (CVE-2026-43125)
out-of-bounds write in linux (CVE-2026-43125). Successful exploitation can lead to full system takeover.
CVE-2026-7841 Code Injection in CVE-2026-7841 (CVE-2026-7841)
code injection in CVE-2026-7841 (CVE-2026-7841). Successful exploitation can lead to full system takeover.
CVE-2026-0300 KEV [KEV] Out-of-Bounds Write in Palo alto networks palo-alto-networks (CVE-2026-0300)
out-of-bounds write in Palo alto networks palo-alto-networks (CVE-2026-0300). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2026-34084 Unsafe Deserialization in phpoffice/phpspreadsheet (CVE-2026-34084)
vulnerability in phpoffice/phpspreadsheet (CVE-2026-34084). Successful exploitation can lead to full system takeover. Exploitable via ``is_file``. Mitigation: upgrade to `1.30.3` or later.
CVE-2026-33324 SQL Injection in fit2cloud (CVE-2026-33324)
SQL injection in fit2cloud (CVE-2026-33324). Successful exploitation can lead to full system takeover.
CVE-2026-23631 Use-After-Free in redis (CVE-2026-23631)
vulnerability in redis (CVE-2026-23631). Data can be tampered with by attackers.
CVE-2026-25243 Vulnerability in redis (CVE-2026-25243)
vulnerability in redis (CVE-2026-25243). Successful exploitation can lead to full system takeover.
CVE-2026-23479 Use-After-Free in redis (CVE-2026-23479)
vulnerability in redis (CVE-2026-23479). Successful exploitation can lead to full system takeover. Exploitable via ``processCommandAndResetClient``.
CVE-2026-43067 Vulnerability in linux (CVE-2026-43067)
vulnerability in linux (CVE-2026-43067). Successful exploitation can lead to full system takeover.
CVE-2026-41922 OS Command Injection in CVE-2026-41922 (CVE-2026-41922)
OS command injection in CVE-2026-41922 (CVE-2026-41922). Risk of unauthorized operations or information disclosure.
CVE-2026-42027 Vulnerability in org.apache.opennlp:opennlp-tools (CVE-2026-42027)
vulnerability in org.apache.opennlp:opennlp-tools (CVE-2026-42027). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.0.0-M3` or later.
CVE-2026-42796 Vulnerability in workiva (CVE-2026-42796)
vulnerability in workiva (CVE-2026-42796). Successful exploitation can lead to full system takeover.
CVE-2026-40076 Path Traversal in org.openmrs.web:openmrs-web (CVE-2026-40076)
path traversal in org.openmrs.web:openmrs-web (CVE-2026-40076). Successful exploitation can lead to full system takeover. Exploitable via `POST /openmrs/ws/rest/v1/module`.
CVE-2026-42090 Cross-Site Scripting (XSS) in streetwriters (CVE-2026-42090)
cross-site scripting in streetwriters (CVE-2026-42090). Successful exploitation can lead to full system takeover.
CVE-2026-29514 Vulnerability in CVE-2026-29514 (CVE-2026-29514)
vulnerability in CVE-2026-29514 (CVE-2026-29514). Successful exploitation can lead to full system takeover.
CVE-2026-26956 Vulnerability in vm2-project (CVE-2026-26956)
vulnerability in vm2-project (CVE-2026-26956). Successful exploitation can lead to full system takeover. Exploitable via ``catch``.
CVE-2026-24118 Code Injection in vm2-project (CVE-2026-24118)
code injection in vm2-project (CVE-2026-24118). Successful exploitation can lead to full system takeover. Exploitable via ``__lookupGetter__``.
CVE-2026-24120 Code Injection in vm2-project (CVE-2026-24120)
code injection in vm2-project (CVE-2026-24120). Successful exploitation can lead to full system takeover. Exploitable via ``resetPromiseSpecies``.
CVE-2026-24781 Code Injection in vm2-project (CVE-2026-24781)
code injection in vm2-project (CVE-2026-24781). Successful exploitation can lead to full system takeover. Exploitable via ``inspect``.
CVE-2026-37530 Vulnerability in c (CVE-2026-37530)
vulnerability in c (CVE-2026-37530). Risk of unauthorized operations or information disclosure.
CVE-2026-43038 Vulnerability in linux (CVE-2026-43038)
vulnerability in linux (CVE-2026-43038). Successful exploitation can lead to full system takeover.
CVE-2026-44015 SSRF (Server-Side Request Forgery) in github.com/0xJacky/Nginx-UI (CVE-2026-44015)
SSRF in github.com/0xJacky/Nginx-UI (CVE-2026-44015). Confidential information can be exposed externally. Exploitable via `GET /api/settings`.
CVE-2026-42249 Path Traversal in path-traversal (CVE-2026-42249)
path traversal in path-traversal (CVE-2026-42249). Successful exploitation can lead to full system takeover.
CVE-2025-10539 Vulnerability in draugiemgroup (CVE-2025-10539)
vulnerability in draugiemgroup (CVE-2025-10539). Risk of unauthorized operations or information disclosure.
CVE-2024-1708 KEV [KEV] Path Traversal in Connectwise screenconnect (CVE-2024-1708)
path traversal in Connectwise screenconnect (CVE-2024-1708). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2026-30352 Command Injection in CVE-2026-30352 (CVE-2026-30352)
command injection in CVE-2026-30352 (CVE-2026-30352). Successful exploitation can lead to full system takeover.
CVE-2026-33453 Vulnerability in apache (CVE-2026-33453)
vulnerability in apache (CVE-2026-33453). Successful exploitation can lead to full system takeover.
CVE-2026-40860 Unsafe Deserialization in apache (CVE-2026-40860)
vulnerability in apache (CVE-2026-40860). Successful exploitation can lead to full system takeover.
CVE-2026-40453 Vulnerability in org.apache.camel:camel-coap (CVE-2026-40453)
vulnerability in org.apache.camel:camel-coap (CVE-2026-40453). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `4.20.0` or later.
CVE-2026-6951 Code Injection in simple-git (CVE-2026-6951)
code injection in simple-git (CVE-2026-6951). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.36.0` or later.
CVE-2024-7399 KEV [KEV] Path Traversal in Samsung magicinfo-9-server (CVE-2024-7399)
path traversal in Samsung magicinfo-9-server (CVE-2024-7399). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2024-57728 KEV [KEV] Path Traversal in Simplehelp path-traversal (CVE-2024-57728)
path traversal in Simplehelp path-traversal (CVE-2024-57728). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2024-57726 KEV [KEV] Vulnerability in Simplehelp auth (CVE-2024-57726)
vulnerability in Simplehelp auth (CVE-2024-57726). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2026-6942 OS Command Injection in radare (CVE-2026-6942)
OS command injection in radare (CVE-2026-6942). Successful exploitation can lead to full system takeover.
CVE-2026-3960 Code Injection in h2o (CVE-2026-3960)
code injection in h2o (CVE-2026-3960). Successful exploitation can lead to full system takeover.
CVE-2026-39987 KEV [KEV] Vulnerability in Marimo remote-attack (CVE-2026-39987)
vulnerability in Marimo remote-attack (CVE-2026-39987). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2026-41144 Vulnerability in cpp (CVE-2026-41144)
vulnerability in cpp (CVE-2026-41144). Risk of unauthorized operations or information disclosure.
CVE-2026-31019 OS Command Injection in dolibarr (CVE-2026-31019)
OS command injection in dolibarr (CVE-2026-31019). Successful exploitation can lead to full system takeover.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →