Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Tag: rce Clear
ID Title
CVE-2026-11419 Path Traversal in path-traversal (CVE-2026-11419)
path traversal in path-traversal (CVE-2026-11419). Successful exploitation can lead to full system takeover.
CVE-2026-5411 The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the...
The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the...
CVE-2026-46394 OS Command Injection in CVE-2026-46394 (CVE-2026-46394)
OS command injection in CVE-2026-46394 (CVE-2026-46394). Risk of unauthorized operations or information disclosure.
CVE-2026-46392 HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0 of HAX CMS PHP, the `saveFile` endpoint validates upload extensions case-insensitively and writes the filen...
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0 of HAX CMS PHP, the `saveFile` endpoint validates upload extensions case-insensitively and writes the filename to disk verbatim, but the `.htaccess` rule that forces `Content-Disposition: attachment` on HTML...
CVE-2026-45746 Vulnerability in termix (CVE-2026-45746)
vulnerability in termix (CVE-2026-45746). Successful exploitation can lead to full system takeover.
CVE-2026-10732 Vulnerability in path-traversal (CVE-2026-10732)
vulnerability in path-traversal (CVE-2026-10732). Data can be tampered with by attackers.
CVE-2026-7763 Vulnerability in c (CVE-2026-7763)
vulnerability in c (CVE-2026-7763). Successful exploitation can lead to full system takeover.
CVE-2026-7762 Vulnerability in dos (CVE-2026-7762)
vulnerability in dos (CVE-2026-7762). Successful exploitation can lead to full system takeover.
CVE-2026-25550 Vulnerability in csharp (CVE-2026-25550)
vulnerability in csharp (CVE-2026-25550). Successful exploitation can lead to full system takeover.
CVE-2026-8037 Command Injection in CVE-2026-8037 (CVE-2026-8037)
command injection in CVE-2026-8037 (CVE-2026-8037). Successful exploitation can lead to full system takeover.
CVE-2026-41065 Vulnerability in CVE-2026-41065 (CVE-2026-41065)
vulnerability in CVE-2026-41065 (CVE-2026-41065). Risk of unauthorized operations or information disclosure.
CVE-2026-45431 OS Command Injection in CVE-2026-45431 (CVE-2026-45431)
OS command injection in CVE-2026-45431 (CVE-2026-45431). Risk of unauthorized operations or information disclosure.
CVE-2026-41283 Authorization Flaw in CVE-2026-41283 (CVE-2026-41283)
vulnerability in CVE-2026-41283 (CVE-2026-41283). Successful exploitation can lead to full system takeover.
CVE-2026-10777 A vulnerability was identified in ealpha072 Student-Management-System up to...
A vulnerability was identified in ealpha072 Student-Management-System up to...
CVE-2026-44016 Code Injection in docling (CVE-2026-44016)
code injection in docling (CVE-2026-44016). Confidential information can be exposed externally. Exploitable via ``enable_remote_fetch``. Mitigation: upgrade to `2.91.0` or later.
CVE-2026-44017 Path Traversal in docling (CVE-2026-44017)
path traversal in docling (CVE-2026-44017). Successful exploitation can lead to full system takeover. Exploitable via ``SecurityError``. Mitigation: upgrade to `2.91.0` or later.
CVE-2026-5241 Vulnerability in huggingface (CVE-2026-5241)
vulnerability in huggingface (CVE-2026-5241). Successful exploitation can lead to full system takeover. Exploitable via ``trust_remote_code``.
CVE-2026-49143 Code Injection in browserstack-runner (CVE-2026-49143)
code injection in browserstack-runner (CVE-2026-49143). Successful exploitation can lead to full system takeover. Exploitable via ``context``.
CVE-2026-42211 React Router's vendored turbo-stream v2 allows arbitrary constructor invocation via TYPE_ERROR deserialization leading to Unauth RCE
React Router's vendored turbo-stream v2 allows arbitrary constructor invocation via TYPE_ERROR deserialization leading to Unauth RCE
CVE-2026-1829 The Content Visibility for Divi Builder plugin for WordPress is vulnerable to Remote Code...
The Content Visibility for Divi Builder plugin for WordPress is vulnerable to Remote Code...
CVE-2026-0611 Vulnerability in csharp (CVE-2026-0611)
vulnerability in csharp (CVE-2026-0611). Successful exploitation can lead to full system takeover.
CVE-2026-47117 Code Injection in openmed (CVE-2026-47117)
code injection in openmed (CVE-2026-47117). Successful exploitation can lead to full system takeover. Exploitable via ``model_name``. Mitigation: upgrade to `1.5.2` or later.
CVE-2026-7313 CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from...
CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from...
CVE-2026-7195 CWE-20: Improper Input Validation in web services in Progress Sitefinity 14.1.x through 14.3.x,...
CWE-20: Improper Input Validation in web services in Progress Sitefinity 14.1.x through 14.3.x,...
CVE-2026-39553 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
CVE-2026-39552 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
CVE-2025-68886 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
CVE-2026-34906 Vulnerability in CVE-2026-34906 (CVE-2026-34906)
vulnerability in CVE-2026-34906 (CVE-2026-34906). Risk of unauthorized operations or information disclosure.
CVE-2026-9330 Unsafe Deserialization in deserialization (CVE-2026-9330)
vulnerability in deserialization (CVE-2026-9330). Successful exploitation can lead to full system takeover.
CVE-2026-9311 Code Injection in ibm (CVE-2026-9311)
code injection in ibm (CVE-2026-9311). Successful exploitation can lead to full system takeover.
CVE-2026-9319 Unsafe Deserialization in deserialization (CVE-2026-9319)
vulnerability in deserialization (CVE-2026-9319). Successful exploitation can lead to full system takeover.
CVE-2026-7770 Vulnerability in CVE-2026-7770 (CVE-2026-7770)
vulnerability in CVE-2026-7770 (CVE-2026-7770). Successful exploitation can lead to full system takeover.
CVE-2026-49121 Unsafe Deserialization in amd (CVE-2026-49121)
vulnerability in amd (CVE-2026-49121). Successful exploitation can lead to full system takeover.
CVE-2026-8931 Code Injection in CVE-2026-8931 (CVE-2026-8931)
code injection in CVE-2026-8931 (CVE-2026-8931). Risk of unauthorized operations or information disclosure.
CVE-2026-0826 Vulnerability in CVE-2026-0826 (CVE-2026-0826)
vulnerability in CVE-2026-0826 (CVE-2026-0826). Risk of unauthorized operations or information disclosure.
CVE-2026-10532 Unsafe Deserialization in privilege-escalation (CVE-2026-10532)
vulnerability in privilege-escalation (CVE-2026-10532). Risk of unauthorized operations or information disclosure.
CVE-2026-7858 Unsafe Deserialization in deserialization (CVE-2026-7858)
vulnerability in deserialization (CVE-2026-7858). Successful exploitation can lead to full system takeover.
CVE-2026-42359 Unsafe Deserialization in apache-airflow (CVE-2026-42359)
vulnerability in apache-airflow (CVE-2026-42359). Successful exploitation can lead to full system takeover. Exploitable via `PATCH /api/v2/xcomEntries/{key}`. Mitigation: upgrade to `3.2.2` or later.
CVE-2024-21182 KEV Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core)...
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core)...
CVE-2018-25412 Vulnerability in deltasql-project (CVE-2018-25412)
vulnerability in deltasql-project (CVE-2018-25412). Successful exploitation can lead to full system takeover.
CVE-2026-7465 Privilege Escalation in wordpress (CVE-2026-7465)
vulnerability in wordpress (CVE-2026-7465). Successful exploitation can lead to full system takeover.
CVE-2026-44421 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP server can trigger a heap-buffer-overflow write in the FreeRDP client by sending crafted RDPGFX PDUs....
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP server can trigger a heap-buffer-overflow write in the FreeRDP client by sending crafted RDPGFX PDUs. The bug is in gdi_CacheToSurface: it validates a destination rectangle that is clamped to UINT16_MAX...
CVE-2026-49373 Vulnerability in jetbrains (CVE-2026-49373)
vulnerability in jetbrains (CVE-2026-49373). Confidential information can be exposed externally.
CVE-2026-49367 In JetBrains IntelliJ IDEA before 2026.1.1 command execution was possible via the guest user account
In JetBrains IntelliJ IDEA before 2026.1.1 command execution was possible via the guest user account
CVE-2026-45668 Path Traversal in path-traversal (CVE-2026-45668)
path traversal in path-traversal (CVE-2026-45668). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.102.2` or later.
CVE-2026-45661 Path Traversal in path-traversal (CVE-2026-45661)
path traversal in path-traversal (CVE-2026-45661). Successful exploitation can lead to full system takeover.
CVE-2026-45632 OS Command Injection in CVE-2026-45632 (CVE-2026-45632)
OS command injection in CVE-2026-45632 (CVE-2026-45632). Successful exploitation can lead to full system takeover.
CVE-2026-39292 Unrestricted File Upload in CVE-2026-39292 (CVE-2026-39292)
vulnerability in CVE-2026-39292 (CVE-2026-39292). Risk of unauthorized operations or information disclosure.
CVE-2026-10042 Unsafe Deserialization in deserialization (CVE-2026-10042)
vulnerability in deserialization (CVE-2026-10042). Successful exploitation can lead to full system takeover.
CVE-2026-45615 Vulnerability in c (CVE-2026-45615)
vulnerability in c (CVE-2026-45615). Risk of unauthorized operations or information disclosure. Exploitable via ``INTEGER_decode_oer``.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →