All CosmicBytez Labs articles tagged #RCE, across news, security advisories, how-to guides, and projects.
A stack-based buffer overflow flaw in HP OfficeConnect VoIP phones can be exploited remotely to achieve code execution, potentially allowing attackers to pivot into enterprise networks from compromised desk phones.
A critical stack-based buffer overflow vulnerability in Arm Whois 3.11 (CVSS 9.8) allows remote attackers to execute arbitrary code by supplying oversized input, overwriting the structured exception handler with shellcode.
Belgium's national cybersecurity authority (CCB) has issued an urgent warning that threat actors are actively exploiting a recently patched critical Windows Netlogon Remote Protocol vulnerability that allows unauthenticated remote code execution on domain controllers.
Oracle WebLogic Server contains an unspecified vulnerability allowing unauthenticated attackers network access via T3 and IIOP protocols, potentially exposing all server data. CISA added this to its KEV catalog on June 1, 2026.
Google has released Chrome 148 with patches for 151 security vulnerabilities, including critical-severity flaws that could allow remote code execution....
A critical CVSS 9.8 remote code execution vulnerability in manga-image-translator allows unauthenticated attackers to execute arbitrary commands by...
A high-severity remote code execution vulnerability in the Spectra Gutenberg Blocks plugin for WordPress allows authenticated Contributor-level attackers...
A Server-Side Template Injection flaw in Mautic's Twig-based theme engine allows authenticated users with theme upload permissions to execute arbitrary...
A CVSS 9.0 OS command injection flaw in Samba allows remote attackers to execute arbitrary commands on file servers and domain controllers using the %u...
Buffer overflow in Synology BeeStation OS AdminCenter lets unauthenticated attackers execute code remotely (CVSS 9.8) — patch to 1.3.2-65648 now.
CVSS 9.8 in Goobi Viewer REST API lets unauthenticated clients inject Solr streaming expressions, enabling RCE on affected digital heritage platforms.
Critical Lumiverse <0.9.7 flaw lets malicious extensions execute arbitrary code via package.json lifecycle scripts run by the Spindle build pipeline.
CVSS 9.8 PHP object injection in Mirasvit Full Page Cache Warmer for Magento 2 lets unauthenticated attackers achieve RCE — patch to 1.11.12 now.
OS command injection (CVSS 9.1) in Perl's HTTP::Daemon lets attackers run arbitrary commands via magic prefix abuse in send_file's two-arg open().
A hardcoded machineKey value in KnowledgeDeliver's configuration enabled ViewState deserialization attacks leading to remote code execution and web shell.
Attackers exploited a critical zero-day vulnerability in KnowledgeDeliver LMS servers to deploy the Godzilla web shell, giving persistent backdoor access to.
Microsoft has released updates fixing CVE-2026-45659, a CVSS 8.8 remote code execution vulnerability in SharePoint Server that requires no specialized.
Microsoft patches a CVSS 8.8 SharePoint RCE; the Megalodon campaign poisons 5,561 GitHub repos in six hours; 7-Eleven's ShinyHunters breach hits 185,000; and a.
A CVSS 10.0 command injection vulnerability in UniFi OS allows any network-accessible attacker with no credentials to execute arbitrary OS commands,...
A critical deserialization vulnerability in Apache Fury's Python library PyFury allows attackers to bypass DeserializationPolicy validation hooks via the...
A CVSS 9.1 critical command injection vulnerability in Honeywell's Control Network Module web interface allows remote attackers to execute arbitrary...
Google accidentally leaked information about an unpatched Chromium vulnerability that allows JavaScript to continue running in the background even after...
Drupal has released emergency security updates for CVE-2026-9082, a highly critical vulnerability in Drupal Core that allows remote code execution,...
A critical heap-corruption flaw in NLnet Labs Unbound's DNSSEC validator allows denial of service and possible remote code execution. Affects versions...
A heap-based buffer overflow in the Netatalk CNID daemon comm_rcv() function allows a remote authenticated attacker to execute arbitrary code with...
A critical authentication bypass vulnerability in NVIDIA Triton Inference Server could allow unauthenticated attackers to execute code, escalate...
An authenticated Remote Code Execution vulnerability in GlassFish's Administration Console (CVSS 9.1) allows users with panel access to execute arbitrary...
A critical CVSS 9.6 Remote Code Execution vulnerability in GlassFish's server-side gadget handler allows attackers to inject Expression Language...
A CVSS 10.0 RCE vulnerability in CtrlPanel's web-based installer allows unauthenticated attackers to execute arbitrary code by exploiting a logic flaw...
Critical security vulnerabilities in SEPPMail Secure E-Mail Gateway — an enterprise email security appliance — could allow attackers to achieve remote...
A command injection vulnerability in WebdriverIO below version 9.24.0 allows remote code execution through malicious git branch names containing shell...
Dokploy versions 0.26.6 and below contain a critical OS command injection vulnerability in the appName parameter, enabling unauthenticated remote code...
A critical CVSS 9.8 vulnerability in SGLang's multimodal AI runtime scheduler binds its ROUTER socket to 0.0.0.0 by default and passes incoming messages...
The Amazon Redshift Python driver before version 2.1.14 contains a critical vulnerability where the vector_in() function executes arbitrary code received...
ACL Analytics versions 11.x through 13.0.0.579 contain a critical arbitrary code execution vulnerability (CVSS 9.8) allowing attackers to run arbitrary OS...
A critical heap out-of-bounds write vulnerability in Crypt::OpenSSL::PKCS12 for Perl (versions through 1.94) can be triggered by parsing a malformed...
A critical unsandboxed Apache Velocity template injection vulnerability in OpenMRS Core allows authenticated attackers to execute arbitrary code on the...
Researchers have disclosed multiple critical vulnerabilities in NGINX Plus and NGINX Open Source, including a heap buffer overflow in...
An autonomous scanning system has uncovered an 18-year-old flaw in the NGINX open-source web server that can be exploited for denial of service and, under...
An authenticated Server-Side Template Injection vulnerability in CubeCart prior to 6.7.0 allows attackers with API key access to execute arbitrary code...
A critical arbitrary file upload vulnerability in CubeCart's REST API File Manager allows holders of a files:rw API key to upload PHP webshells to the web...
Microsoft's May 2026 Patch Tuesday delivers security updates for 120 vulnerabilities across Windows, Edge, Office, Azure, and more — with no zero-days...
Microsoft's May 2026 Patch Tuesday addresses 138 security vulnerabilities across its product portfolio, including 30 rated Critical — with notable DNS...
A critical vulnerability in certain configurations of the Exim open-source mail transfer agent allows unauthenticated remote attackers to execute...
Exim has released security updates to patch a severe vulnerability affecting GnuTLS-compiled builds of the world's most widely deployed mail transfer...
Fortinet has released emergency security patches for two critical vulnerabilities in FortiSandbox and FortiAuthenticator that could enable attackers to...
A critical unauthenticated remote code execution vulnerability in SAP Commerce Cloud allows any unauthenticated user to upload malicious configurations...
Ivanti has disclosed a high-severity improper input validation vulnerability in Endpoint Manager Mobile (EPMM) that is being actively exploited in the...
Palo Alto Networks has disclosed that CVE-2026-0300, a critical CVSS 9.3 buffer overflow in the PAN-OS User-ID Authentication service, is being actively...
A critical command injection vulnerability in the electerm terminal client allows remote attackers to achieve unauthenticated code execution on macOS...
A critical command injection flaw in electerm's Linux installer allows remote attackers to execute arbitrary shell commands by injecting into unsanitized...
Claroty researchers have disclosed two vulnerabilities in the EnOcean SmartServer IQ building management controller that can be chained for security...
Apache MINA versions 2.1.X and 2.2.X remain vulnerable to unauthenticated remote code execution because the fix for CVE-2026-41409 was never backported,...
A critical CVSS 9.8 stack-based buffer overflow in the Totolink NR1800X router's lighttpd component allows unauthenticated remote code execution via a...
A critical vulnerability in Google's Gemini CLI allowed an attacker to plant a malicious configuration file that executed commands outside the sandbox,...
A critical CVSS 9.8 command injection vulnerability in TOTOLINK N200RE V5 allows unauthenticated remote code execution via the macstr and bandstr...
A critical remote code execution vulnerability, CVE-2026-3854, was found to impact GitHub.com and GitHub Enterprise Server, potentially exposing millions...
GitHub has patched CVE-2026-3854, a critical remote code execution vulnerability exploitable via a single HTTP request that could have granted attackers...
Threat actors are actively exploiting two authentication bypass vulnerabilities in the Qinglong open-source task scheduling tool to deploy cryptomining...
ConnectWise ScreenConnect contains a path traversal vulnerability (CVE-2024-1708) that allows attackers to execute remote code or directly access...
A CVSS 9.8 critical vulnerability in Snap One WattBox 800 and 820 series firmware exposes undisclosed diagnostic HTTP endpoints protected only by the...
Cybersecurity researchers have disclosed CVE-2026-25874, a critical unauthenticated remote code execution vulnerability (CVSS 9.3) in Hugging Face's...
Cybersecurity researchers have disclosed a critical remote code execution vulnerability in GitHub.com and GitHub Enterprise Server that allows an...
A critical remote code execution vulnerability in the /devserver/start endpoint of the leonvanzyl autocoder AI coding tool allows unauthenticated...
A critical incomplete fix in Apache Camel leaves five non-HTTP HeaderFilterStrategy implementations vulnerable to case-variant header injection, allowing...
Apache Camel's JmsBinding class in camel-jms and camel-sjms deserializes incoming JMS ObjectMessage payloads via javax.jms.ObjectMessage.getObject()...
Apache MINA's AbstractIoBuffer.resolveClass() contains a branch for static classes and primitive types that skips allowlist validation entirely, letting...
A critical OS command injection vulnerability in the Totolink A8000RU router allows remote attackers to execute arbitrary commands by manipulating the...
A critical unauthenticated OS command injection vulnerability in the Totolink A8000RU router firmware 7.1cu.643_b20200521 allows remote attackers to...
ShinyHunters hits Medtronic and ADT in the same week, exposing millions of records; a critical one-push RCE lands in GitHub; LiteLLM's pre-auth SQL...
Multiple memory safety bugs in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird ESR 140.9 carry a CVSS 8.1 High rating. Some bugs show...
A critical remote code execution vulnerability in the simple-git npm package allows attackers to inject arbitrary git config options via the --config...
A critical vulnerability in Pipecat's optional LivekitFrameSerializer class allows unauthenticated remote code execution in the popular AI voice agent...
A critical unauthenticated RCE vulnerability in Kofax Capture (Tungsten Capture) exposes a deprecated .NET Remoting HTTP channel on port 2424 with no...
KTransformers through version 0.5.3 contains a critical unsafe deserialization vulnerability in its balance_serve backend mode, where an unauthenticated...
A critical OS command injection vulnerability in radare2-mcp 1.6.0 and earlier allows remote attackers to execute arbitrary commands by bypassing the...
A critical pre-authorization remote code execution vulnerability in Marimo, the open-source reactive Python notebook, allows unauthenticated attackers to...
A critical path traversal vulnerability in Froxlor's Customers.update and Admins.update API endpoints allows authenticated low-privilege users to traverse...
A critical PHP code injection vulnerability in Froxlor allows an admin with change_serversettings permission to inject arbitrary PHP code via unescaped...
A new Mirai-based malware campaign is actively exploiting CVE-2025-29635, a high-severity command-injection vulnerability in end-of-life D-Link DIR-823X...
A stack overflow vulnerability in Perl's Storable module (versions before 3.05) stems from a signed/unsigned integer mismatch in retrieve_hook(), enabling...
A critical CVSS 9.8 uninitialized memory vulnerability in Firefox and Thunderbird's Audio/Video Web Codecs component allows remote code execution. Update...
A critical unauthenticated RCE vulnerability in Spinnaker's clouddriver service allows attackers to execute arbitrary commands on clouddriver pods,...
A critical code injection flaw in Spinnaker's Echo service allows unrestricted Spring Expression Language (SPeL) execution via artifact processing,...
Vvveb CMS versions prior to 1.0.8.1 allow unauthenticated attackers to inject arbitrary PHP code through the installation endpoint's unsanitized subdir...
A critical CVSS 9.8 command injection vulnerability in the SGLang AI inference framework allows attackers to achieve remote code execution by supplying a...
silex technology SD-330AC and AMC Manager contain a CVSS 9.8 heap-based buffer overflow in redirect URL processing. Unauthenticated attackers can execute...
Adobe has patched an actively exploited zero-day in Acrobat and Reader that threat actors have been weaponizing via malicious PDF files since at least...
A critical remote code execution vulnerability in protobuf.js, the widely used JavaScript implementation of Google's Protocol Buffers, has been disclosed...
CVE-2026-34197, a remote code execution vulnerability in Apache ActiveMQ's Jolokia management API, is being actively exploited in the wild. CISA has added...
Multiple vulnerabilities in the widely-used Orthanc open-source DICOM server expose medical imaging systems to denial-of-service, information disclosure,...
Adobe Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by a critical prototype pollution vulnerability (CWE-1321) that can lead...
FalkorDB Browser 1.9.3 contains a critical unauthenticated path traversal vulnerability in its file upload API that allows remote attackers to write...
Security researchers discovered a remote code execution vulnerability in Apache ActiveMQ Classic that went undetected for 13 years, allowing attackers to...
Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability in the Android File Transfer module allowing unauthenticated remote code...
A critical heap-based buffer overflow in LibRaw's x3f_thumb_loader allows an attacker to trigger memory corruption via a specially crafted RAW image file,...
A critical heap-based buffer overflow in LibRaw's HuffTable::initval function allows an attacker to corrupt heap memory via a malicious RAW image file,...
A critical heap-based buffer overflow in LibRaw's lossless_jpeg_load_raw function allows an attacker to cause memory corruption and potential code...
Attackers are actively exploiting a critical unauthenticated arbitrary file upload vulnerability in the Ninja Forms File Uploads premium add-on for...
GLPI versions 11.0.0 through 11.0.5 contain a server-side template injection vulnerability in the administrator interface that allows authenticated admins...
A critical authentication bypass in Hirschmann Industrial HiVision versions prior to 06.0.07 and 07.0.03 allows unauthenticated remote attackers to...
Two newly disclosed vulnerabilities in Progress ShareFile can be chained together to enable unauthenticated remote code execution and file exfiltration,...
Internet security watchdog Shadowserver has found over 14,000 BIG-IP APM instances exposed online amid ongoing attacks exploiting a critical-severity...
A critical CVSS 9.8 buffer overflow in TOTOlink A3600R v5.9c.4959 allows remote attackers to exploit the rootSsid parameter in the setAppEasyWizardConfig...
Anthropic's Claude AI assistant discovered remote code execution vulnerabilities in both Vim and GNU Emacs text editors using simple security research...
CVE-2025-53521, initially disclosed as a high-severity denial-of-service flaw in F5 BIG-IP APM, has been reclassified as a remote code execution...
F5 has reclassified a BIG-IP APM vulnerability from denial-of-service to critical remote code execution, warning that attackers are actively exploiting...
A maximum-severity command injection vulnerability in MLflow's model serving container initialization allows attackers to execute arbitrary OS commands...
A chained attack exploiting SQL Expressions combined with a Grafana Enterprise plugin can lead to remote arbitrary code execution. All Grafana users...
A critical unauthenticated RCE vulnerability in F5 BIG-IP APM is being actively exploited in the wild. Malicious traffic targeting access policy virtual...
Mass exploitation is underway against Magento 2 and Adobe Commerce installations using the 'PolyShell' polyglot file upload vulnerability, with attackers...
PTC is warning customers of an imminent exploit threat against a critical deserialization vulnerability in Windchill and FlexPLM — CVE-2026-4681, CVSS...
A critical chain of vulnerabilities in WWBN AVideo's CloneSite plugin allows fully unauthenticated attackers to achieve remote code execution via key...
A CVSS 9.8 Critical stack-based buffer overflow in Tenda A15 firmware 15.13.07.13 allows unauthenticated remote attackers to execute arbitrary code by...
A CVSS 8.8 stack-based buffer overflow in D-Link DHP-1320 firmware 1.00WWB04 allows unauthenticated remote attackers to execute arbitrary code via a...
A critical code injection vulnerability in Laravel Livewire v3 allows unauthenticated remote attackers to execute arbitrary commands. Over 130,000...
Oracle has released an out-of-band security update to fix a critical unauthenticated remote code execution vulnerability in Oracle Identity Manager and...
A critical code injection vulnerability in Craft CMS allows unauthenticated remote attackers to execute arbitrary code on affected servers. Added to...
Oracle's March 2026 Critical Patch Update includes CVE-2026-21992, a CVSS 9.8 unauthenticated remote code execution vulnerability in Oracle Identity...
OpenEMR versions prior to 8.0.0.2 contain a CVSS 9.1 command injection vulnerability in the backup functionality. Authenticated attackers with high...
A CVSS 9.8 deserialization vulnerability in the Shinetheme Traveler WordPress plugin allows unauthenticated remote attackers to inject arbitrary PHP...
Researchers have disclosed a critical unauthenticated remote code execution vulnerability in the GNU InetUtils telnet daemon (telnetd). CVE-2026-32746...
A critical unauthenticated remote code execution vulnerability (CVSS 9.8) in Oracle's Edge Cloud Infrastructure Designer and Visualisation Toolkit allows...
A critical remote code execution vulnerability (CVSS 9.1) in Wazuh versions 4.0.0–4.14.2 allows an attacker with access to a worker node to achieve root...
Security researchers disclosed critical flaws across three major AI platforms: Amazon Bedrock AgentCore's sandbox can be bypassed via DNS to exfiltrate...
CISA added CVE-2025-47813 to its Known Exploited Vulnerabilities catalog on March 16, warning that the medium-severity path disclosure flaw is being...
Microsoft has pushed an out-of-band hotpatch (KB5084597) to Windows 11 Enterprise devices to address three integer-overflow RCE flaws in RRAS, one rated...
China's CNCERT has warned that OpenClaw (formerly Clawdbot/Moltbot), the viral self-hosted AI agent, carries over 250 disclosed vulnerabilities including...
Veeam Software has released a critical security update for Backup & Replication, patching five remote code execution vulnerabilities with CVSS scores...
A critical remote code execution vulnerability in Veeam Backup & Replication allows any authenticated domain user to execute arbitrary code on the Backup...
A second critical remote code execution vulnerability in Veeam Backup & Replication lets any authenticated domain user execute code on the Backup Server,...
A third concurrent critical RCE vulnerability in Veeam Backup & Replication enables domain-authenticated attackers to execute code on the Backup Server,...
A critical RCE vulnerability in Veeam Backup & Replication high-availability deployments allows users with the Backup Administrator role to execute...
A critical CVSS 9.9 vulnerability in Veeam Backup & Replication allows users with the lowest-privileged Backup Viewer role to execute arbitrary code as...
CISA added CVE-2025-68613 — a CVSS 9.9 remote code execution flaw in n8n's workflow expression evaluator — to its Known Exploited Vulnerabilities catalog...
CISA mandated all federal civilian agencies patch CVE-2025-68613, a CVSS 9.9 remote code execution flaw in the n8n workflow automation platform, after...
Security researchers have published details of two newly patched critical vulnerabilities in n8n — CVE-2026-27577 (CVSS 9.4), an expression sandbox escape...
CISA adds CVE-2025-68613 to the Known Exploited Vulnerabilities catalog — a CVSS 9.9 flaw in n8n's workflow expression evaluation system that enables...
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 fail to restrict Groovy scripts in PRPT reports, allowing privileged users...
A critical CVSS 9.8 stack-based buffer overflow in Delta Electronics COMMGR2 allows unauthenticated remote code execution, posing severe risk to...
A critical unauthenticated RCE vulnerability in International Datacasting Corporation's SFX Series satellite receivers allows attackers to execute...
A maximum-severity zero-click vulnerability dubbed Mail2Shell allows unauthenticated attackers to compromise FreeScout mail servers by simply sending a...
CISA has added CVE-2026-22719, a high-severity command injection vulnerability in VMware Aria Operations allowing unauthenticated remote code execution,...
A critical pre-authentication remote code execution vulnerability in BeyondTrust Remote Support and Privileged Remote Access is under active exploitation,...
A maximum-severity code injection vulnerability in Microsoft's Semantic Kernel Python SDK allows authenticated attackers to execute arbitrary code through...
A critical CVSS 9.3 stack-based buffer overflow in Grandstream GXP1600 series VoIP phones allows unauthenticated remote code execution, enabling attackers...
A critical pre-authentication OS command injection vulnerability in BeyondTrust Remote Support and Privileged Remote Access with CVSS 9.9 is being...
An actively exploited zero-day in Cisco Unified Communications allows unauthenticated remote code execution with root privileges via crafted HTTP...
Multiple high-severity command injection vulnerabilities discovered in GitHub Copilot extensions for VS Code, Visual Studio, and JetBrains could allow...
A critical unauthenticated arbitrary file upload vulnerability in the WPvivid Backup & Migration plugin allows remote code execution on over 900,000...
A critical zero-day in BeyondTrust Remote Support and Privileged Remote Access enables unauthenticated command execution, potentially compromising entire...
A critical unauthenticated remote code execution vulnerability in Palo Alto Networks PAN-OS GlobalProtect gateway allows complete firewall takeover. CVSS 9.8.
Fortinet patches a critical heap-based buffer overflow in FortiOS SSL VPN that allows unauthenticated remote code execution on FortiGate appliances....
Popular workflow automation platform n8n hit with eight high-to-critical CVEs including a CVSS 10.0 unauthenticated RCE and sandbox escape bypassing...
A new critical OGNL injection vulnerability in Apache Struts allows unauthenticated remote code execution, reminiscent of the 2017 Equifax breach vector....
Fortinet patches a CVSS 9.8 SQL injection in FortiClientEMS 7.4.4 allowing unauthenticated remote code execution. Endpoint management servers across...
A server-side request forgery vulnerability in Exchange Server is being chained with deserialization flaws for unauthenticated remote code execution....
Critical deserialization vulnerability in SolarWinds Web Help Desk enables unauthenticated remote code execution. CISA confirms active exploitation.
Two severe vulnerabilities in Google Looker, dubbed 'LookOut', could allow attackers to gain complete control of self-hosted deployments affecting 60,000+...
A maximum-severity flaw dubbed 'Ni8mare' in the popular workflow automation platform n8n allows unauthenticated attackers to gain full control of...
Cisco has released emergency patches for a critical vulnerability in Webex that could allow unauthenticated remote code execution. Organizations urged to...
CVE-2026-0625 allows unauthenticated remote code execution on legacy D-Link DSL routers. Devices are end-of-life with no patches forthcoming. Immediate...