Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Tag: rce Clear
ID Title
CVE-2026-42555 Code Injection in com.ritense.valtimo:document (CVE-2026-42555)
code injection in com.ritense.valtimo:document (CVE-2026-42555). Successful exploitation can lead to full system takeover. Exploitable via `POST /api/management/v1/document-definition/migrate`. Mitigation: upgrade to `12.32.0` or later.
CVE-2026-44791 Vulnerability in n8n (CVE-2026-44791)
vulnerability in n8n (CVE-2026-44791). Successful exploitation can lead to full system takeover. Exploitable via ``NODES_EXCLUDE``. Mitigation: upgrade to `2.20.7` or later.
CVE-2026-44789 Vulnerability in n8n (CVE-2026-44789)
vulnerability in n8n (CVE-2026-44789). Successful exploitation can lead to full system takeover. Exploitable via ``NODES_EXCLUDE``. Mitigation: upgrade to `2.20.7` or later.
CVE-2025-69443 Code Injection in CVE-2025-69443 (CVE-2025-69443)
code injection in CVE-2025-69443 (CVE-2025-69443). Risk of unauthorized operations or information disclosure.
CVE-2026-46442 Code Injection in flowise (CVE-2026-46442)
code injection in flowise (CVE-2026-46442). Successful exploitation can lead to full system takeover. Exploitable via `POST /api/v1/node-custom-function`. Mitigation: upgrade to `3.1.2` or later.
CVE-2026-41249 Code Injection in coreshop/core-shop (CVE-2026-41249)
code injection in coreshop/core-shop (CVE-2026-41249). Confidential information can be exposed externally. Exploitable via ``pull_request_target``.
CVE-2026-24000 Vulnerability in github.com/fleetdm/fleet/v4 (CVE-2026-24000)
vulnerability in github.com/fleetdm/fleet/v4 (CVE-2026-24000). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.80.1` or later.
CVE-2026-6271 Unrestricted File Upload in wordpress (CVE-2026-6271)
vulnerability in wordpress (CVE-2026-6271). Successful exploitation can lead to full system takeover.
CVE-2026-8500 OS Command Injection in CVE-2026-8500 (CVE-2026-8500)
OS command injection in CVE-2026-8500 (CVE-2026-8500). Successful exploitation can lead to full system takeover.
CVE-2026-45158 Vulnerability in opnsense (CVE-2026-45158)
vulnerability in opnsense (CVE-2026-45158). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `26.1.8` or later.
CVE-2026-44193 Vulnerability in opnsense (CVE-2026-44193)
vulnerability in opnsense (CVE-2026-44193). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `26.1.7` or later.
CVE-2026-44194 OS Command Injection in opnsense (CVE-2026-44194)
OS command injection in opnsense (CVE-2026-44194). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `26.1.8` or later.
CVE-2026-45714 Code Injection in CVE-2026-45714 (CVE-2026-45714)
code injection in CVE-2026-45714 (CVE-2026-45714). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `6.7.0` or later.
CVE-2026-45053 Unrestricted File Upload in CVE-2026-45053 (CVE-2026-45053)
vulnerability in CVE-2026-45053 (CVE-2026-45053). Successful exploitation can lead to full system takeover. Exploitable via `POST /api/v1/files`. Mitigation: upgrade to `6.7.0` or later.
CVE-2026-44377 Code Injection in CVE-2026-44377 (CVE-2026-44377)
code injection in CVE-2026-44377 (CVE-2026-44377). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `6.7.0` or later.
CVE-2026-22599 SQL Injection in @strapi/content-type-builder (CVE-2026-22599)
SQL injection in @strapi/content-type-builder (CVE-2026-22599). Successful exploitation can lead to full system takeover. Exploitable via ``column.defaultTo``. Mitigation: upgrade to `5.33.2` or later.
CVE-2026-43998 Vulnerability in vm2 (CVE-2026-43998)
vulnerability in vm2 (CVE-2026-43998). Successful exploitation can lead to full system takeover. Exploitable via ``require.root``. Mitigation: upgrade to `3.11.0` or later.
CVE-2026-43999 Authorization Flaw in vm2 (CVE-2026-43999)
vulnerability in vm2 (CVE-2026-43999). Successful exploitation can lead to full system takeover. Exploitable via ``builtin``. Mitigation: upgrade to `3.11.0` or later.
CVE-2026-41957 Unsafe Deserialization in f5 (CVE-2026-41957)
vulnerability in f5 (CVE-2026-41957). Successful exploitation can lead to full system takeover.
CVE-2026-43680 Code Injection in claris (CVE-2026-43680)
code injection in claris (CVE-2026-43680). Successful exploitation can lead to full system takeover.
CVE-2026-42288 Code Injection in CVE-2026-42288 (CVE-2026-42288)
code injection in CVE-2026-42288 (CVE-2026-42288). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `7.3.2` or later.
CVE-2026-43685 OS Command Injection in claris (CVE-2026-43685)
OS command injection in claris (CVE-2026-43685). Successful exploitation can lead to full system takeover.
CVE-2026-42854 Vulnerability in espressif (CVE-2026-42854)
vulnerability in espressif (CVE-2026-42854). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.3.8` or later.
CVE-2026-44403 Code Injection in wftpserver (CVE-2026-44403)
code injection in wftpserver (CVE-2026-44403). Successful exploitation can lead to full system takeover.
CVE-2026-44854 Command Injection in arubanetworks (CVE-2026-44854)
command injection in arubanetworks (CVE-2026-44854). Successful exploitation can lead to full system takeover.
CVE-2026-44853 Command Injection in arubanetworks (CVE-2026-44853)
command injection in arubanetworks (CVE-2026-44853). Successful exploitation can lead to full system takeover.
CVE-2026-44852 Vulnerability in arubanetworks (CVE-2026-44852)
vulnerability in arubanetworks (CVE-2026-44852). Successful exploitation can lead to full system takeover.
CVE-2026-23827 Vulnerability in dos (CVE-2026-23827)
vulnerability in dos (CVE-2026-23827). Risk of unauthorized operations or information disclosure.
CVE-2026-8430 Code Injection in nginx (CVE-2026-8430)
code injection in nginx (CVE-2026-8430). Successful exploitation can lead to full system takeover.
CVE-2026-8429 Code Injection in CVE-2026-8429 (CVE-2026-8429)
code injection in CVE-2026-8429 (CVE-2026-8429). Successful exploitation can lead to full system takeover.
CVE-2026-31233 Code Injection in guardrails-ai (CVE-2026-31233)
code injection in guardrails-ai (CVE-2026-31233). Successful exploitation can lead to full system takeover.
CVE-2026-31232 Unsafe Deserialization in deserialization (CVE-2026-31232)
vulnerability in deserialization (CVE-2026-31232). Successful exploitation can lead to full system takeover.
CVE-2026-31234 Unsafe Deserialization in horovod (CVE-2026-31234)
vulnerability in horovod (CVE-2026-31234). Successful exploitation can lead to full system takeover.
CVE-2026-31229 Unsafe Deserialization in deserialization (CVE-2026-31229)
vulnerability in deserialization (CVE-2026-31229). Successful exploitation can lead to full system takeover.
CVE-2026-31231 Code Injection in CVE-2026-31231 (CVE-2026-31231)
code injection in CVE-2026-31231 (CVE-2026-31231). Successful exploitation can lead to full system takeover.
CVE-2026-43892 Cross-Site Scripting (XSS) in CVE-2026-43892 (CVE-2026-43892)
cross-site scripting in CVE-2026-43892 (CVE-2026-43892). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.1.16` or later.
CVE-2026-20887 Vulnerability in dos (CVE-2026-20887)
vulnerability in dos (CVE-2026-20887). Risk of unauthorized operations or information disclosure.
CVE-2026-31228 Code Injection in CVE-2026-31228 (CVE-2026-31228)
code injection in CVE-2026-31228 (CVE-2026-31228). Successful exploitation can lead to full system takeover.
CVE-2026-31226 OS Command Injection in CVE-2026-31226 (CVE-2026-31226)
OS command injection in CVE-2026-31226 (CVE-2026-31226). Successful exploitation can lead to full system takeover.
CVE-2026-31225 Code Injection in superduper-framework (CVE-2026-31225)
code injection in superduper-framework (CVE-2026-31225). Successful exploitation can lead to full system takeover.
CVE-2026-31220 Code Injection in syft (CVE-2026-31220)
code injection in syft (CVE-2026-31220). Successful exploitation can lead to full system takeover.
CVE-2026-8111 SQL Injection in sqli (CVE-2026-8111)
SQL injection in sqli (CVE-2026-8111). Successful exploitation can lead to full system takeover.
CVE-2026-8051 OS Command Injection in ivanti (CVE-2026-8051)
OS command injection in ivanti (CVE-2026-8051). Successful exploitation can lead to full system takeover.
CVE-2026-5029 Vulnerability in CVE-2026-5029 (CVE-2026-5029)
vulnerability in CVE-2026-5029 (CVE-2026-5029). Risk of unauthorized operations or information disclosure.
CVE-2025-40947 OS Command Injection in siemens (CVE-2025-40947)
OS command injection in siemens (CVE-2025-40947). Successful exploitation can lead to full system takeover.
CVE-2026-43899 Vulnerability in CVE-2026-43899 (CVE-2026-43899)
vulnerability in CVE-2026-43899 (CVE-2026-43899). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.0.4-beta.1` or later.
CVE-2026-43893 Vulnerability in exiftool-vendored (CVE-2026-43893)
vulnerability in exiftool-vendored (CVE-2026-43893). Data can be tampered with by attackers. Exploitable via ``WriteTask``. Mitigation: upgrade to `35.19.0` or later.
CVE-2026-42046 Vulnerability in CVE-2026-42046 (CVE-2026-42046)
vulnerability in CVE-2026-42046 (CVE-2026-42046). Successful exploitation can lead to full system takeover.
CVE-2026-2614 MLflow allows an unauthenticated remote attacker to read arbitrary files from the server's filesystem
MLflow allows an unauthenticated remote attacker to read arbitrary files from the server's filesystem
CVE-2026-39850 Vulnerability in yiisoft/yii2 (CVE-2026-39850)
vulnerability in yiisoft/yii2 (CVE-2026-39850). Confidential information can be exposed externally. Exploitable via ``require``. Mitigation: upgrade to `2.0.55` or later.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →