Remote Code Execution
Allows attackers to execute arbitrary code remotely
24 CVEs tagged.
The SportsPress WordPress plugin has a Local File Inclusion vulnerability in all versions up to 2.7.26. Authenticated attackers with contributor-level...
Feb 4, 2026A stack-based buffer overflow vulnerability in ELECOM wireless LAN access point devices allows remote attackers to execute arbitrary code by sending s...
Feb 3, 2026An OS command injection vulnerability in ELECOM WRC-X1500GS-B and WRC-X1500GSA-B wireless routers allows authenticated attackers to execute arbitrary ...
Feb 3, 2026This vulnerability in Brocade Fabric OS allows authenticated remote attackers with administrative credentials to execute arbitrary commands as root us...
Feb 3, 2026This vulnerability allows attackers to intercept Notepad++ update traffic and replace legitimate updates with malicious installers. When users update ...
Feb 3, 2026This vulnerability allows remote code execution in Group-Office by exploiting improper input validation in the MaintenanceController's zipLanguage act...
Feb 2, 2026CVE-2026-25142 is a critical sandbox escape vulnerability in SandboxJS library versions before 0.8.27. Attackers can use the __lookupGetter__ method t...
Feb 2, 2026OpenClaw (formerly Clawdbot) versions prior to 2026.1.29 contain a command injection vulnerability in the Docker sandbox execution mechanism. Authenti...
Feb 2, 2026Signal K Server versions before 1.5.0 contain a command injection vulnerability in the set-system-time plugin that allows authenticated users with wri...
Feb 2, 2026OpenTelemetry-Go SDK versions v1.20.0 through v1.39.0 on macOS/Darwin systems are vulnerable to path hijacking attacks. An attacker with local access ...
Feb 2, 2026This vulnerability in vLLM allows attackers to leak heap memory addresses by sending invalid images to the multimodal endpoint, which reduces ASLR ent...
Feb 2, 2026This vulnerability allows a privileged user in IBM WebSphere Application Server Liberty to upload a zip archive containing path traversal sequences, w...
Feb 2, 2026A stack-based buffer overflow vulnerability in libsoup allows remote attackers to execute arbitrary code or crash applications by sending specially cr...
Feb 2, 2026This vulnerability in h2o-3 allows remote attackers to write arbitrary data to any file on the server, potentially leading to remote code execution an...
Feb 2, 2026This CVE describes a local privilege escalation vulnerability in mlflow versions before 3.4.0 where temporary directories for Python virtual environme...
Feb 2, 2026This CVE describes a Local File Inclusion vulnerability in the lollms-webui application that allows attackers to execute arbitrary Python code remotel...
Feb 2, 2026CVE-2026-20418 is a critical out-of-bounds write vulnerability in Thread protocol implementations that allows remote attackers to execute arbitrary co...
Feb 2, 2026CVE-2025-9974 is an OS command injection vulnerability in the unified WEBUI application of Nokia ONT/Beacon devices. Authenticated attackers with low ...
Feb 2, 2026An unauthenticated attacker can upload arbitrary files to MagicInfo9 Server, leading to remote code execution and privilege escalation. This affects M...
Feb 2, 2026CVE-2026-24788 is an OS command injection vulnerability in RaspAP raspap-webgui that allows authenticated users to execute arbitrary commands on the u...
Feb 2, 2026This CVE describes a backdoor vulnerability in the EFM ipTIME A8004T router's debug interface. Attackers can remotely manipulate the 'cmd' parameter t...
Feb 2, 2026OpenClaw (also known as clawdbot or Moltbot) versions before 2026.1.29 automatically establish WebSocket connections using gatewayUrl values from quer...
Feb 1, 2026This vulnerability allows remote attackers to upload malicious files to the Soar Cloud HRD Human Resource Management System, which can lead to arbitra...
Jun 6, 2025A critical deserialization vulnerability in Soar Cloud HRD Human Resource Management System allows remote attackers to execute arbitrary system comman...
Jun 6, 2025