Skip to main content
COSMICBYTEZLABS
NewsSecurityHOWTOsToolsStudyTraining
ProjectsNewsletterHire MeAbout
Subscribe

Press Enter to search or Esc to close

News
Security
HOWTOs
Tools
Study
Training
Projects
Newsletter
Hire Me
About
RSS Feed
Reading List
Subscribe

Stay in the Loop

Get the latest security alerts, tutorials, and tech insights delivered to your inbox.

Subscribe NowFree forever. No spam.
COSMICBYTEZLABS

Your trusted source for IT intelligence, cybersecurity insights, and hands-on technical guides.

1310+ Articles
157+ Guides

CONTENT

  • Latest News
  • Security Alerts
  • HOWTOs
  • Checklists
  • Projects
  • Exam Prep

RESOURCES

  • Search
  • Browse Tags
  • Newsletter Archive
  • Reading List
  • RSS Feed

COMPANY

  • About Us
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CosmicBytez Labs. All rights reserved.

System Status: Operational
All tags
63 articles

#Remote Code Execution

All CosmicBytez Labs articles tagged #Remote Code Execution, across news, security advisories, how-to guides, and projects.

  • SecurityJun 1, 2026

    CVE-2026-10187: Totolink N300RH Stack Buffer Overflow in WiFi Config

    A critical-severity stack buffer overflow in the Totolink N300RH wireless router allows remote attackers to execute arbitrary code via a crafted KeyStr argument in the setWiFiBasicConfig function.

  • SecurityMay 31, 2026

    CVE-2018-25412: Arbitrary File Upload RCE in Delta Sql 1.8.2

    A critical unauthenticated arbitrary file upload vulnerability in Delta Sql 1.8.2 allows attackers to upload malicious PHP files and achieve remote code...

  • SecurityMay 30, 2026

    CVE-2026-7465: RCE in Spectra Gutenberg Blocks WordPress Plugin (CVSS 8.8)

    A high-severity remote code execution vulnerability in the Spectra Gutenberg Blocks plugin for WordPress allows authenticated Contributor-level attackers...

  • NewsMay 28, 2026

    Critical Gogs RCE Vulnerability Lets Any Authenticated User Execute Arbitrary Code

    Rapid7 discloses a critical CVSS 9.4 RCE in Gogs, the popular self-hosted Git service, letting any authenticated user run arbitrary code on the server.

  • NewsMay 28, 2026

    New Gogs Zero-Day Flaw Lets Hackers Get Remote Code Execution

    An unpatched Gogs zero-day lets attackers gain RCE on internet-facing instances of the self-hosted Git service — no patch is currently available.

  • SecurityMay 28, 2026

    CVE-2026-45083 — Goobi Viewer Unauthenticated RCE via Solr Streaming Expression Injection

    CVSS 9.8 in Goobi Viewer REST API lets unauthenticated clients inject Solr streaming expressions, enabling RCE on affected digital heritage platforms.

  • SecurityMay 27, 2026

    CVE-2026-45247 — Mirasvit Magento 2 Cache Warmer PHP Object Injection RCE

    CVSS 9.8 PHP object injection in Mirasvit Full Page Cache Warmer for Magento 2 lets unauthenticated attackers achieve RCE — patch to 1.11.12 now.

  • NewsMay 21, 2026

    Drupal Patches Highly Critical Vulnerability Exposing

    Drupal has released an urgent security update for CVE-2026-9082, a highly critical flaw that can be exploited without authentication to achieve...

  • NewsMay 21, 2026

    Highly Critical Drupal Core Flaw Exposes PostgreSQL Sites

    Drupal has released emergency security updates for CVE-2026-9082, a highly critical vulnerability in Drupal Core that allows remote code execution,...

  • SecurityMay 21, 2026

    CVE-2026-33278 — NLnet Labs Unbound DNSSEC Validator RCE

    A critical heap-corruption flaw in NLnet Labs Unbound's DNSSEC validator allows denial of service and possible remote code execution. Affects versions...

  • SecurityMay 21, 2026

    CVE-2026-44050 — Netatalk CNID Daemon Heap Buffer Overflow

    A heap-based buffer overflow in the Netatalk CNID daemon comm_rcv() function allows a remote authenticated attacker to execute arbitrary code with...

  • SecurityMay 21, 2026

    CVE-2026-6279: Avada Builder Unauthenticated RCE via PHP

    A critical CVSS 9.8 vulnerability in the Avada Builder (fusion-builder) WordPress plugin allows unauthenticated attackers to execute arbitrary PHP...

  • SecurityMay 20, 2026

    GlassFish Administration Console Authenticated RCE

    An authenticated Remote Code Execution vulnerability in GlassFish's Administration Console (CVSS 9.1) allows users with panel access to execute arbitrary...

  • SecurityMay 20, 2026

    GlassFish Gadget Handler Expression Language RCE

    A critical CVSS 9.6 Remote Code Execution vulnerability in GlassFish's server-side gadget handler allows attackers to inject Expression Language...

  • SecurityMay 20, 2026

    CVE-2026-34234 — CtrlPanel Installer Unauthenticated Remote

    A CVSS 10.0 RCE vulnerability in CtrlPanel's web-based installer allows unauthenticated attackers to execute arbitrary code by exploiting a logic flaw...

  • NewsMay 12, 2026

    Fortinet Warns of Critical RCE Flaws in FortiSandbox and

    Fortinet has released emergency security patches for two critical vulnerabilities in FortiSandbox and FortiAuthenticator that could enable attackers to...

  • NewsMay 12, 2026

    SAP Fixes Critical Vulnerabilities in Commerce Cloud and

    SAP's May 2026 Security Patch Day addresses 15 vulnerabilities across multiple enterprise products, including two critical-severity flaws in Commerce...

  • SecurityMay 12, 2026

    CVE-2026-34263 — SAP Commerce Cloud Unauthenticated RCE

    A critical unauthenticated remote code execution vulnerability in SAP Commerce Cloud allows any unauthenticated user to upload malicious configurations...

  • SecurityMay 11, 2026

    CVE-2021-47933: WordPress MStore API 2.0.6 Arbitrary File

    MStore API 2.0.6 for WordPress allows unauthenticated attackers to upload arbitrary PHP files via the REST API config_file endpoint, achieving remote code...

  • SecurityMay 11, 2026

    CVE-2021-47936: OpenCATS 0.9.4 Unauthenticated RCE via PHP

    OpenCATS 0.9.4 allows unauthenticated attackers to upload malicious PHP files through the careers job application endpoint, achieving remote code...

  • SecurityMay 11, 2026

    CVE-2026-6433: WordPress Plugin SQLi Enables

    The Custom css-js-php WordPress plugin through version 2.0.7 fails to sanitize user input before using it in a SQL query, and passes the result to dynamic...

  • NewsMay 10, 2026

    Critical Apache HTTP/2 Flaw (CVE-2026-23918) Enables DoS

    The Apache Software Foundation has released urgent security updates for the Apache HTTP Server addressing a severe vulnerability in the HTTP/2 protocol...

  • NewsMay 10, 2026

    Ollama Out-of-Bounds Read Flaw Allows Remote Process Memory

    Researchers have disclosed a critical out-of-bounds read vulnerability in Ollama that enables remote unauthenticated attackers to leak the entire process...

  • NewsMay 9, 2026

    Ivanti Warns of New EPMM Flaw Exploited in Zero-Day Attacks

    Ivanti has issued an urgent advisory warning customers to patch a high-severity remote code execution vulnerability in Endpoint Manager Mobile (EPMM) that...

  • SecurityMay 8, 2026

    CVE-2026-33109: Azure Managed Instance for Apache Cassandra

    A critical improper access control flaw in Azure Managed Instance for Apache Cassandra allows an authorized network attacker to execute arbitrary code,...

  • SecurityMay 2, 2026

    CVE-2026-4882: Unauthenticated File Upload in WordPress

    A critical unauthenticated arbitrary file upload vulnerability in the User Registration Advanced Fields plugin for WordPress allows attackers to upload...

  • NewsApr 28, 2026

    Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw

    Cybersecurity researchers have disclosed a critical remote code execution vulnerability in GitHub.com and GitHub Enterprise Server that allows an...

  • SecurityApr 24, 2026

    CVE-2026-6885: Borg SPM 2007 Arbitrary File Upload Enables

    A critical arbitrary file upload vulnerability in the end-of-life Borg SPM 2007 application allows unauthenticated attackers to upload web shell backdoors...

  • SecurityApr 23, 2026

    CVE-2018-25270: ThinkPHP 5.0.23 Remote Code Execution via

    ThinkPHP 5.0.23 contains a critical unauthenticated remote code execution vulnerability allowing attackers to invoke arbitrary PHP functions via a crafted...

  • SecurityApr 23, 2026

    CVE-2018-25272: ELBA5 5.8.0 RCE via Default Database

    ELBA5 5.8.0 contains a critical remote code execution vulnerability where default database connector credentials allow attackers to connect to the...

  • SecurityApr 23, 2026

    CVE-2026-3844 — Breeze Cache WordPress Plugin

    A critical unauthenticated file upload vulnerability in the Breeze Cache WordPress plugin allows attackers to upload arbitrary files to affected servers...

  • SecurityApr 23, 2026

    CVE-2026-41228 — Froxlor Path Traversal via def_language

    A critical path traversal vulnerability in Froxlor's Customers.update and Admins.update API endpoints allows authenticated low-privilege users to traverse...

  • SecurityApr 23, 2026

    CVE-2026-41229 — Froxlor PHP Code Injection via MySQL

    A critical PHP code injection vulnerability in Froxlor allows an admin with change_serversettings permission to inject arbitrary PHP code via unescaped...

  • SecurityApr 22, 2026

    CVE-2017-20230: Perl Storable Stack Overflow — CVSS 10.0

    A stack overflow vulnerability in Perl's Storable module (versions before 3.05) stems from a signed/unsigned integer mismatch in retrieve_hook(), enabling...

  • NewsApr 20, 2026

    Anthropic MCP Design Vulnerability Enables RCE, Threatening

    Cybersecurity researchers have discovered a critical by-design weakness in the Model Context Protocol architecture that enables arbitrary command...

  • SecurityApr 18, 2026

    CVE-2026-6518: WordPress CMP Plugin Arbitrary File Upload

    The CMP Coming Soon & Maintenance Plugin for WordPress contains a critical arbitrary file upload flaw that allows subscriber-level authenticated users to...

  • SecurityApr 17, 2026

    CVE-2026-6443: WordPress Accordion Plugin Backdoor in

    The Accordion and Accordion Slider WordPress plugin version 1.4.6 was sold to a malicious threat actor who embedded a persistent backdoor, granting...

  • SecurityApr 11, 2026

    CVE-2026-4149: Sonos Era 300 Unauthenticated RCE via SMB

    A CVSS 10 critical vulnerability in the Sonos Era 300 smart speaker allows unauthenticated remote attackers to execute arbitrary code by exploiting an...

  • SecurityApr 11, 2026

    CVE-2026-6057: FalkorDB Browser Unauthenticated Path

    FalkorDB Browser 1.9.3 contains a critical unauthenticated path traversal vulnerability in its file upload API that allows remote attackers to write...

  • SecurityApr 9, 2026

    CVE-2026-1830: WordPress Quick Playground Plugin RCE via

    A critical CVSS 9.8 vulnerability in the Quick Playground WordPress plugin (versions up to 1.3.1) allows unauthenticated attackers to upload arbitrary...

  • SecurityApr 9, 2026

    CVE-2026-25776: Movable Type Critical Code Injection (CVSS

    Six Apart's Movable Type CMS contains a critical code injection vulnerability allowing unauthenticated attackers to execute arbitrary Perl scripts on...

  • SecurityApr 9, 2026

    CVE-2026-39888: PraisonAI Sandbox Escape Enables Remote

    A critical sandbox escape vulnerability in PraisonAI's multi-agent framework allows attackers to bypass the Python code execution sandbox, defeating the...

  • SecurityApr 9, 2026

    CVE-2026-39890: PraisonAI YAML Injection Achieves Remote

    A critical code injection vulnerability in PraisonAI's AgentService allows attackers to craft malicious YAML files using dangerous js-yaml tags such as...

  • SecurityApr 8, 2026

    CVE-2021-4473: Tianxin Behavior Management System

    A critical unauthenticated command injection vulnerability in the Tianxin Internet Behavior Management System's Reporter component allows attackers to...

  • SecurityApr 8, 2026

    CVE-2026-22679: Weaver E-cology 10.0 Unauthenticated Remote

    A critical unauthenticated RCE vulnerability in Weaver (Fanwei) E-cology 10.0 allows attackers to execute arbitrary commands by abusing an exposed Dubbo...

  • SecurityApr 8, 2026

    CVE-2026-5731: Firefox and Thunderbird Critical Memory

    Mozilla has patched critical memory safety bugs in Firefox, Firefox ESR, and Thunderbird that showed evidence of memory corruption. Exploiting these flaws...

  • SecurityApr 5, 2026

    CVE-2016-20052: Snews CMS 1.7 Unrestricted File Upload

    Snews CMS 1.7 contains a critical unrestricted file upload vulnerability allowing unauthenticated attackers to upload PHP webshells to the snews_files...

  • NewsApr 2, 2026

    Cisco Patches Critical and High-Severity Vulnerabilities

    Cisco has released security advisories addressing a batch of critical and high-severity vulnerabilities across multiple products, covering flaws that...

  • SecurityApr 2, 2026

    CVE-2026-1540: Spam Protect CF7 WordPress Plugin PHP Log RCE

    The Spam Protect for Contact Form 7 WordPress plugin before 1.2.10 allows an editor-level attacker to achieve Remote Code Execution by logging a crafted...

  • SecurityApr 2, 2026

    CVE-2026-3502: TrueConf Client Update Integrity Bypass

    TrueConf Client fails to verify the integrity of downloaded update payloads, allowing an attacker who can influence the update delivery path to substitute...

  • SecurityApr 1, 2026

    CVE-2026-5272: Chrome GPU Heap Buffer Overflow Enables

    A high-severity heap buffer overflow in Chrome's GPU component allows remote attackers to execute arbitrary code via a crafted HTML page. Affects all...

  • SecurityMar 30, 2026

    CVE-2025-15379: MLflow Command Injection in Model Serving

    A maximum-severity command injection vulnerability in MLflow's model serving container initialization allows attackers to execute arbitrary OS commands...

  • NewsMar 29, 2026

    CISA: New Langflow Flaw Actively Exploited to Hijack AI

    CISA has added CVE-2026-33017, a critical unauthenticated remote code execution vulnerability in the Langflow AI framework, to its Known Exploited...

  • SecurityMar 29, 2026

    CVE-2016-20049: JAD Java Decompiler Stack-Based Buffer

    JAD 1.5.8e-1kali1 and prior contains a critical stack-based buffer overflow vulnerability allowing attackers to execute arbitrary code by supplying input...

  • SecurityMar 29, 2026

    CVE-2017-20225: TiEmu TI Calculator Emulator Stack Buffer

    TiEmu 2.08 and prior contains a critical stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by passing oversized...

  • NewsMar 21, 2026

    Critical Langflow RCE Flaw Exploited Within 20 Hours of

    CVE-2026-33017, a CVSS 9.3 unauthenticated remote code execution vulnerability in the Langflow AI platform, was weaponized by threat actors within 20...

  • SecurityMar 16, 2026

    CVE-2016-20026: ZKTeco ZKBioSecurity 3.0 Hardcoded Tomcat

    ZKTeco ZKBioSecurity 3.0 ships a bundled Apache Tomcat server with hardcoded credentials stored in tomcat-users.xml, granting unauthenticated attackers...

  • NewsMar 13, 2026

    Veeam Patches Five Critical RCE Vulnerabilities Exposing

    Veeam Software has released a critical security update for Backup & Replication, patching five remote code execution vulnerabilities with CVSS scores...

  • SecurityMar 13, 2026

    Veeam Backup & Replication Auth RCE — CVE-2026-21666

    A critical remote code execution vulnerability in Veeam Backup & Replication allows any authenticated domain user to execute arbitrary code on the Backup...

  • SecurityMar 13, 2026

    Veeam Backup & Replication 2nd Auth RCE — CVE-2026-21667

    A second critical remote code execution vulnerability in Veeam Backup & Replication lets any authenticated domain user execute code on the Backup Server,...

  • SecurityMar 13, 2026

    Critical RCE in Veeam Backup & Replication — Third Domain

    A third concurrent critical RCE vulnerability in Veeam Backup & Replication enables domain-authenticated attackers to execute code on the Backup Server,...

  • SecurityMar 13, 2026

    Critical RCE in Veeam Backup & Replication HA Deployments

    A critical RCE vulnerability in Veeam Backup & Replication high-availability deployments allows users with the Backup Administrator role to execute...

  • SecurityMar 13, 2026

    Critical RCE in Veeam Backup & Replication — Backup Viewer

    A critical CVSS 9.9 vulnerability in Veeam Backup & Replication allows users with the lowest-privileged Backup Viewer role to execute arbitrary code as...