Remote Code Execution

CVE-2026-1281 is a critical code injection vulnerability in Ivanti Endpoint Manager Mobile that allows unauthenticated remote code execution. The vulnerability …

CVE-2026-0300 is a critical buffer overflow vulnerability (CWE-787) in the User-ID Authentication Portal of Palo Alto Networks PAN-OS, allowing unauthenticated …

CVE-2026-45247 is a critical remote code execution vulnerability in Mirasvit Full Page Cache Warmer for Magento 2 versions prior to 1.11.12. The flaw stems from…

CVE-2026-1340 is a critical code injection vulnerability (CWE-94) in Ivanti Endpoint Manager Mobile that allows unauthenticated remote code execution. The vulne…

CVE-2026-35616 is a critical improper access control vulnerability (CWE-284) in Fortinet FortiClientEMS versions 7.4.5 through 7.4.6, allowing unauthenticated a…

Adobe Acrobat Reader versions 24.001.30356, 26.001.21367, and earlier are affected by a Prototype Pollution vulnerability (CWE-1321) that allows for arbitrary c…

CVE-2026-6973 is a high-severity (CVSS 7.2) remote code execution vulnerability in Ivanti EPMM versions prior to 12.6.1.1, 12.7.0.1, and 12.8.0.1, caused by imp…

CVE-2026-39987 is a critical Pre-Auth Remote Code Execution vulnerability in Marimo prior to version 0.23.0, classified under CWE-306. The flaw stems from the /…

CVE-2009-0238 is a remote code execution vulnerability affecting Microsoft Office Excel versions 2000 through 2007 and Excel Viewer, caused by an invalid object…

Langflow versions prior to 1.9.0 contain a critical remote code execution vulnerability in the POST /api/v1/build_public_tmp/{flow_id}/flow endpoint. The flaw a…

Craft CMS versions 3.0.0-RC1 through 3.9.14, 4.0.0-RC1 through 4.14.14, and 5.0.0-RC1 through 5.6.16 are vulnerable to remote code execution due to improper con…

CVE-2025-54068 is a critical remote code execution vulnerability in Livewire v3 up to v3.6.3, affecting the Laravel vendor's product. The flaw stems from improp…

CVE-2026-3910 is a high-severity vulnerability in Google Chrome prior to version 146.0.7680.75, specifically affecting the V8 engine. It allows a remote attacke…

CVE-2025-68613 is a critical Remote Code Execution vulnerability in n8n versions 0.211.0 through 1.120.3, 1.121.0, and 1.121.9, caused by insufficient isolation…

SolarWinds Web Help Desk contains a critical unauthenticated AjaxProxy deserialization vulnerability (CVE-2025-26399) that allows remote code execution on the h…

CVE-2021-30952 is an integer overflow vulnerability (CWE-190) affecting Apple products including tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2, iPadOS 1…

CVE-2024-7694 affects TeamT5's ThreatSonar Anti-Ransomware, allowing remote attackers with administrator privileges to upload malicious files that execute arbit…

CVE-2026-1731 is a critical remote code execution vulnerability in BeyondTrust Remote Support (RS) and older versions of Privileged Remote Access (PRA). It allo…

Notepad++ versions prior to 8.8.9 contain an update integrity verification vulnerability (CWE-494) where the WinGUp updater fails to cryptographically verify do…

CVE-2024-43468 is a critical remote code execution vulnerability in Microsoft Configuration Manager, classified under CWE-89. It carries a CVSS v3.1 score of 9.…

CVE-2026-24423 is a critical remote code execution vulnerability in SmarterTools SmarterMail versions prior to build 9511, classified under CWE-306. It allows u…

CVE-2026-20045 is a critical remote code execution vulnerability in Cisco Unified Communications Manager and related products, classified under CWE-94 due to im…

CVE-2025-37164 is a critical remote code execution vulnerability in HPE OneView, classified under CWE-94. It carries a CVSS v3.1 score of 10.0, indicating the h…

CVE-2025-20393 is a critical remote code execution vulnerability in the Spam Quarantine feature of Cisco AsyncOS Software for Cisco Secure Email Gateway and Cis…

CVE-2025-55182 is a critical remote code execution vulnerability in Meta's React Server Components versions 19.0.0 through 19.2.0, specifically affecting react-…

CVE-2025-48703 is a critical remote code execution vulnerability in Control Web Panel (CWP) versions prior to 0.9.8.1205, classified under CWE-78. It allows una…

CVE-2025-24893 is a critical remote code execution vulnerability in XWiki Platform affecting versions prior to 15.10.11, 16.4.1, and 16.5.0RC1. It allows unauth…

CVE-2025-61932 is a critical vulnerability in Motex LANSCOPE Endpoint Manager (On-Premises) affecting the Client program (MR) and Detection agent (DA). The flaw…

Adobe Experience Manager versions 6.5.23 and earlier are affected by a critical misconfiguration vulnerability (CWE-863) that allows arbitrary code execution wi…

CVE-2016-7836 is a critical remote code execution vulnerability in SKYSEA Client View versions 11.221.03 and earlier, caused by a flaw in authentication process…

CVE-2010-3765 is a critical remote code execution vulnerability affecting Mozilla Firefox 3.5.x through 3.5.14, 3.6.x through 3.6.11, Thunderbird 3.1.6 and earl…

Jenkins versions 2.56 and earlier, as well as 2.46.1 LTS and earlier, are vulnerable to an unauthenticated remote code execution flaw involving insecure deseria…

CVE-2024-8069 is a high-severity vulnerability in Citrix Session Recording that allows limited remote code execution with the privileges of a NetworkService acc…

CVE-2019-0211 is a high-severity privilege escalation vulnerability in Apache HTTP Server versions 2.4.17 through 2.4.38 affecting non-Unix systems. It allows c…

CVE-2024-38094 is a remote code execution vulnerability in Microsoft SharePoint, classified under CWE-502. It carries a CVSS v3.1 score of 7.2, indicating a hig…

CVE-2024-38475 is a critical vulnerability in Apache HTTP Server versions 2.4.59 and earlier, classified as CWE-116 (Improper Output Neutralization for Logs). I…

CVE-2025-47812 is a critical remote code execution vulnerability in Wing FTP Server versions prior to 7.4.4, caused by mishandling of null bytes in web interfac…

CVE-2016-10033 is a critical remote code execution vulnerability in PHPMailer versions prior to 5.2.18, classified under CWE-88 (Improper Neutralization of Spec…

CVE-2025-32433 is a critical remote code execution vulnerability in Erlang/OTP SSH servers affecting versions prior to OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2…

CVE-2025-3935 affects ConnectWise ScreenConnect versions 25.2.3 and earlier, involving a ViewState code injection vulnerability (CWE-502) that can lead to remot…

CVE-2024-56145 is a critical remote code execution vulnerability in Craft CMS affecting versions prior to 3.9.14, 4.13.2, and 5.5.2 when the php.ini directive r…

CVE-2025-4428 is a high-severity remote code execution vulnerability in the API component of Ivanti Endpoint Manager Mobile versions 12.5.0.0 and prior. It is c…

CVE-2025-32756 is a critical stack-based buffer overflow vulnerability affecting multiple versions of Fortinet FortiCamera, FortiMail, FortiNDR, FortiRecorder, …

CVE-2025-30397 is a high-severity vulnerability in Microsoft Scripting Engine affecting Windows, classified as a type confusion issue (CWE-843) that allows unau…

CVE-2025-1976 affects Broadcom Brocade Fabric OS versions 9.1.0 through 9.1.1d6, allowing a local user with admin privileges to execute arbitrary code with full…

CVE-2025-22457 is a critical stack-based buffer overflow vulnerability affecting Ivanti Connect Secure, Policy Secure, and ZTA Gateways prior to specific 22.7/2…

CVE-2025-24813 is a critical vulnerability in Apache Tomcat versions 11.0.0-M1 through 11.0.2, 10.1.0-M1 through 10.1.34, and 9.0.0.M1 through 9.0.98, allowing …

CVE-2025-1316 is a critical remote code execution vulnerability in the Edimax IC-7100 IP Camera, classified under CWE-78 (Improper Neutralization of Special Ele…

CVE-2024-4885 is a critical Remote Code Execution vulnerability in Progress WhatsUp Gold versions prior to 2023.1.3, allowing unauthenticated attackers to execu…

CVE-2022-43769 is a HIGH severity vulnerability (CVSS 8.8) in Hitachi Vantara Pentaho Business Analytics Server versions prior to 9.4.0.1 and 9.3.0.2, including…

CVE-2025-2749 is a high-severity (CVSS 7.2) vulnerability in Kentico Xperience through version 13.0.178, allowing authenticated users to achieve remote code exe…

CVE-2025-23209 is a remote code execution vulnerability in Craft CMS versions 4 and 5, classified under CWE-94, with a CVSS v3.1 score of 8.0 (HIGH). The vulner…

CVE-2020-15069 is a critical remote code execution vulnerability in Sophos XG Firewall versions 17.x through v17.5 MR12, caused by a buffer overflow in the HTTP…

CVE-2024-21413 is a critical remote code execution vulnerability in Microsoft Outlook with a CVSS v3.1 score of 9.8. The vulnerability is classified under CWE-2…

CVE-2023-48365 is a critical remote code execution vulnerability in Qlik Sense Enterprise for Windows affecting versions prior to August 2023 Patch 2 and severa…

CVE-2025-0282 is a critical stack-based buffer overflow vulnerability affecting Ivanti Connect Secure, Policy Secure, and Neurons for ZTA gateways prior to spec…

CVE-2020-2883 is a critical vulnerability in Oracle WebLogic Server affecting versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, and 12.2.1.4.0, allowing unauthentica…

CVE-2018-14933 is a critical remote command execution vulnerability affecting NUUO NVRmini devices, classified under CWE-78. It allows unauthenticated attackers…

CVE-2024-50623 is a critical remote code execution vulnerability in Cleo Harmony, VLTrader, and LexiCom versions prior to 5.8.0.21, caused by unrestricted file …

CyberPanel versions before 1c0c6cb, including 2.3.6 and unpatched 2.3.7, are affected by a critical remote code execution vulnerability due to improper input va…