Remote Code Execution
Remote Code Execution (RCE) vulnerabilities allow an attacker to execute arbitrary code on a remote system without authorization. These are among the most severe vulnerabilities as they can lead to complete system compromise.
289
CRITICAL
Execution
Understanding Remote Code Execution
Remote Code Execution vulnerabilities represent the most critical class of security flaws. When exploited, they allow attackers to run arbitrary commands on a target system, often with the same privileges as the vulnerable application.
RCE vulnerabilities commonly arise from unsafe deserialization, command injection, or memory corruption bugs. They're frequently found in web applications, network services, and system utilities.
How to Identify
- •Look for input validation bypasses in file upload functionality
- •Check for unsafe deserialization of user-controlled data
- •Test command execution functions with special characters
- •Review template engines for server-side template injection
Prevention Best Practices
- ✓Use parameterized queries and prepared statements
- ✓Implement strict input validation and sanitization
- ✓Run applications with minimal privileges
- ✓Keep all software dependencies up to date
- ✓Use security headers and Content Security Policy
Remote Code Execution CVEs (289)
| Description | Vendor / Product | Exploit Status | |||
|---|---|---|---|---|---|
| CVE-2026-2386 | 4.3 | This vulnerability allows authenticated attackers with Author-level access or higher to create unauthorized draft posts of restricted types, such as pages, by manipulating a specific parameter. The issue arises because the plugin does not properly check if the user has the right permissions for the specific post type they are trying to create. | Unknown | Exploit Available | about 2 months agoFeb 18, 2026 |
| CVE-2025-7630 | 5.3 | This vulnerability allows an attacker to repeatedly guess passwords for user accounts, potentially gaining unauthorized access. It affects specific versions of the Wispotter software, and the issue arises because the system does not properly limit the number of login attempts. | Unknown | Exploit Available | about 2 months agoFeb 18, 2026 |
| CVE-2026-1943 | 4.4 | This vulnerability allows an attacker with Shop Manager-level permissions or higher to inject malicious scripts into web pages, which can then execute when other users visit those pages. It only affects multi-site WordPress installations where certain HTML filtering settings are disabled. | Unknown | Exploit Available | about 2 months agoFeb 18, 2026 |
| CVE-2026-1938 | 5.3 | An attacker with Shop Manager-level access or higher can delete the YayMail plugin's license key, potentially disrupting email functionalities for the WooCommerce store. To exploit this vulnerability, the attacker must first obtain a specific security token used by the plugin's API. | Unknown | Exploit Available | about 2 months agoFeb 18, 2026 |
| CVE-2026-1860 | 4.3 | This vulnerability allows attackers with Contributor-level access or higher to view sensitive form configuration data belonging to other users, including administrators, by simply guessing form IDs. They can access information such as form structures, secret keys for Google reCAPTCHA, and email templates, without needing proper authorization. | Unknown | Exploit Available | about 2 months agoFeb 18, 2026 |
| CVE-2026-1831 | 2.7 | This vulnerability allows an attacker with Shop Manager-level access or higher to install and activate the YaySMTP plugin on a WordPress site without proper authorization. This could lead to unauthorized changes in email settings and potential exploitation of the site’s email functionality. | Unknown | Exploit Available | about 2 months agoFeb 18, 2026 |
| CVE-2026-2296 | 7.2 | This vulnerability allows an attacker with Shop Manager-level access or higher to run any PHP code on the server, which could lead to full control over the website. The issue arises from a lack of proper checks on user input in a specific plugin, enabling the attacker to manipulate the system by exploiting a feature meant for customizing product options. | Unknown | Exploit Available | about 2 months agoFeb 18, 2026 |
| CVE-2026-2019 | 7.2 | This vulnerability allows an attacker with Administrator-level access to run any PHP code on the server, potentially taking full control of the website. It occurs because the plugin does not properly check the input in a specific field, making it easy for attackers to exploit it. | Unknown | Exploit Available | about 2 months agoFeb 18, 2026 |
| CVE-2026-1937 | 9.8 | This vulnerability allows attackers with Shop Manager-level access or higher to change important settings on a WordPress site, potentially giving them administrative access. They can exploit this flaw to allow new users to register as administrators, which could lead to full control over the site. | Unknown | Exploit Available | about 2 months agoFeb 18, 2026 |
| CVE-2025-13108 | 7.5 | This vulnerability allows an attacker to access sensitive information stored in memory, which could include confidential data from the database. It occurs because the system fails to properly clear memory resources, and an attacker would need access to the affected DB2 Merge Backup system to exploit this weakness. | ibmdb2 merge backup | Exploit Available | about 2 months agoFeb 17, 2026 |
| CVE-2025-66614 | 0.0 | An attacker can bypass client certificate authentication in Apache Tomcat by sending different host names in the SNI extension and the HTTP host header, potentially gaining unauthorized access to resources. This vulnerability only affects configurations where client certificate authentication is enforced at the Connector level, not at the web application level, and it impacts specific versions of Tomcat. | Unknown | Theoretical | about 2 months agoFeb 17, 2026 |
| CVE-2025-36247 | 8.2 | An attacker can exploit a vulnerability in IBM Db2 to access sensitive information or overload the system by sending specially crafted XML data. This can happen if the database is configured to process XML without proper security measures in place. | ibmdb2 | Exploit Available | about 2 months agoFeb 17, 2026 |
| CVE-2025-67905 | 8.7 | This vulnerability allows an attacker to gain full control of a system by tricking a legitimate application into deleting a log file in a location they control. To exploit this, the attacker needs to create a specific file in a designated folder and then wait for the application to delete its logs, which it does with elevated permissions. | Unknown | Exploit Available | about 2 months agoFeb 17, 2026 |
| CVE-2026-2617 | 5.3 | An attacker on the local network can exploit a flaw in the Beetel 777VR1 firmware to gain unauthorized access to the device by taking advantage of insecure default settings in its Telnet and SSH services. This vulnerability is particularly concerning because it has been publicly disclosed, and the vendor has not responded to warnings about it. | beetel777vr1 firmware | Exploit Available | about 2 months agoFeb 17, 2026 |
| CVE-2026-25087 | 7.0 | This vulnerability allows an attacker to potentially cause crashes or corrupt memory in applications using Apache Arrow C++ when reading specific types of files, particularly if pre-buffering is enabled. However, exploiting this for more serious attacks, like stealing data, is difficult and depends on specific conditions that are hard for an attacker to control. | Unknown | Exploit Available | about 2 months agoFeb 17, 2026 |
| CVE-2026-25903 | 8.7 | This vulnerability allows a less privileged user to change settings on certain components that should only be modified by more privileged users, potentially leading to unauthorized access or manipulation of data flows. It affects specific versions of Apache NiFi and requires that the installation does not have proper authorization controls in place for restricted components; upgrading to the latest version is necessary to fix this issue. | Unknown | Theoretical | about 2 months agoFeb 17, 2026 |
| CVE-2026-2557 | 5.1 | This vulnerability allows an attacker to inject malicious scripts into the cskefu application, which can then be executed in the browsers of users who visit affected pages. The attack can be carried out remotely, meaning the attacker doesn't need physical access to the system, and it affects versions up to 8.0.1. | cskefucskefu | Exploit Available | about 2 months agoFeb 16, 2026 |
| CVE-2026-2556 | 5.3 | This vulnerability allows an attacker to trick the server into making unauthorized requests to other internal systems, potentially exposing sensitive information. It can be exploited remotely without needing direct access to the server, making it a significant risk for users of the affected software version. | cskefucskefu | Exploit Available | about 2 months agoFeb 16, 2026 |
| CVE-2025-14573 | 2.7 | This vulnerability allows team administrators to improperly add users to their team through API requests, even if they don't have the necessary permissions. It affects specific versions of Mattermost and requires the attacker to have administrative access to the team settings. | mattermostmattermost server | Exploit Available | about 2 months agoFeb 16, 2026 |
| CVE-2026-2577 | 10.0 | An attacker can take control of a user's WhatsApp account by connecting to an unprotected WebSocket server that is open to anyone on the network. This requires the attacker to have network access to the server, allowing them to send and receive messages as if they were the user, and even capture sensitive information like authentication codes. | Unknown | Exploit Available | about 2 months agoFeb 16, 2026 |