Remote Code Execution
Remote Code Execution (RCE) vulnerabilities allow an attacker to execute arbitrary code on a remote system without authorization. These are among the most severe vulnerabilities as they can lead to complete system compromise.
289
CRITICAL
Execution
Understanding Remote Code Execution
Remote Code Execution vulnerabilities represent the most critical class of security flaws. When exploited, they allow attackers to run arbitrary commands on a target system, often with the same privileges as the vulnerable application.
RCE vulnerabilities commonly arise from unsafe deserialization, command injection, or memory corruption bugs. They're frequently found in web applications, network services, and system utilities.
How to Identify
- •Look for input validation bypasses in file upload functionality
- •Check for unsafe deserialization of user-controlled data
- •Test command execution functions with special characters
- •Review template engines for server-side template injection
Prevention Best Practices
- ✓Use parameterized queries and prepared statements
- ✓Implement strict input validation and sanitization
- ✓Run applications with minimal privileges
- ✓Keep all software dependencies up to date
- ✓Use security headers and Content Security Policy
Remote Code Execution CVEs (289)
| Description | Vendor / Product | Exploit Status | |||
|---|---|---|---|---|---|
| CVE-2025-12690 | 7.3 | This vulnerability allows an attacker to gain higher-level access on a system running the Forcepoint NGFW Engine, potentially letting them execute unauthorized actions. To exploit this, the attacker must already have local access to the system, meaning they need to be physically present or have some form of legitimate access. | Unknown | Exploit Available | 27 days agoMar 11, 2026 |
| CVE-2026-32062 | 8.7 | This vulnerability allows attackers to connect to a service without needing to log in, which can let them keep connections open and use up resources, making it harder for legitimate users to access the service. It affects specific versions of OpenClaw and requires the attacker to exploit the system before it can properly check if they are allowed to connect. | Unknown | Theoretical | 27 days agoMar 11, 2026 |
| CVE-2026-3944 | 6.9 | An attacker can exploit a vulnerability in the university management system to manipulate a specific input, allowing them to execute unauthorized SQL commands and potentially access or modify the database remotely. This attack can be carried out without needing physical access to the system, making it a significant risk for any installation of this software. | angeljudesuarezuniversity management system | Exploit Available | 27 days agoMar 11, 2026 |
| CVE-2026-3231 | 7.2 | This vulnerability allows attackers to inject malicious scripts into the WooCommerce checkout process, which can then run when an administrator views the order details. It can be exploited by anyone, even without authentication, by submitting specially crafted data through the checkout API. | Unknown | Exploit Available | 28 days agoMar 11, 2026 |
| CVE-2026-29773 | 4.3 | An attacker with special permissions can exploit a flaw in Kubewarden to read sensitive information about Ingresses, Namespaces, and Services in a Kubernetes cluster. This requires the attacker to have been granted specific "AdmissionPolicy" create permissions, which are not typically given by default. | Unknown | Theoretical | 28 days agoMar 10, 2026 |
| CVE-2026-28281 | 7.1 | This vulnerability allows attackers to gain moderator privileges, execute tasks, delete posts, and accept friend requests on behalf of users without their consent. It occurs because the system fails to properly check security tokens, and it affects versions prior to 2.18.1, so upgrading is essential to protect against these risks. | instantcmsinstantcms | Exploit Available | 28 days agoMar 10, 2026 |
| CVE-2026-27689 | 7.7 | An attacker with regular user access can exploit this vulnerability by sending a request that causes the system to enter a long-running loop, which uses up too many resources and can make the system unavailable to other users. This requires the attacker to be authenticated and have network access to the system. | Unknown | Theoretical | 28 days agoMar 10, 2026 |
| CVE-2025-11158 | 9.1 | This vulnerability allows an attacker to run malicious code on the server by inserting harmful scripts into reports created by users. It affects specific versions of Hitachi Vantara Pentaho Data Integration & Analytics and requires that the attacker has the ability to publish new reports. | Unknown | Exploit Available | 28 days agoMar 10, 2026 |
| CVE-2026-30937 | 6.8 | This vulnerability allows an attacker to potentially overwrite memory by manipulating the way ImageMagick handles extremely large images, which could lead to crashes or execution of malicious code. It affects versions before 7.1.2-16 and 6.9.13-41, so users need to update to these versions or later to protect against this issue. | Unknown | Exploit Available | 29 days agoMar 10, 2026 |
| CVE-2026-30936 | 5.5 | An attacker can create a specially crafted image that, when processed by vulnerable versions of ImageMagick using the wavelet denoise feature, can lead to unintended memory changes, potentially allowing them to execute arbitrary code. This issue affects versions prior to 7.1.2-16 and 6.9.13-41, so updating to these versions or later is essential to mitigate the risk. | imagemagickimagemagick | Exploit Available | 29 days agoMar 10, 2026 |
| CVE-2026-30935 | 4.4 | This vulnerability allows an attacker to cause an application using ImageMagick to read data from memory that it shouldn't, potentially exposing sensitive information. It occurs when processing specially crafted images with the bilateral blur feature, and it affects versions prior to 7.1.2-16. | imagemagickimagemagick | Exploit Available | 29 days agoMar 10, 2026 |
| CVE-2026-30931 | 7.8 | This vulnerability allows an attacker to exploit a flaw in ImageMagick's UHDR encoder, potentially leading to unauthorized access or control over the system by writing data outside the intended memory space. It affects versions prior to 7.1.2-16, so users must upgrade to this version or later to protect against this risk. | imagemagickimagemagick | Exploit Available | 29 days agoMar 10, 2026 |
| CVE-2026-30929 | 7.8 | This vulnerability allows an attacker to crash the ImageMagick software or potentially execute malicious code by sending a specially crafted image that overflows a fixed-size memory area. It affects versions prior to 7.1.2-16 and 6.9.13-41, so users should update to these versions or later to protect against this risk. | imagemagickimagemagick | Exploit Available | 29 days agoMar 10, 2026 |
| CVE-2026-30926 | 7.1 | This vulnerability allows low-privilege users to modify existing notebook content in the SiYuan knowledge management system, even though they should only have read-only access. It occurs because the system doesn't properly check user permissions, enabling these users to add new content to documents through a specific API. | b3logsiyuan | Exploit Available | 29 days agoMar 10, 2026 |
| CVE-2026-30883 | 7.8 | This vulnerability allows an attacker to crash the ImageMagick software or potentially execute harmful code by sending a specially crafted PNG image with an excessively large profile. It affects versions prior to 7.1.2-16 and 6.9.13-41, so using an updated version is crucial to avoid exploitation. | imagemagickimagemagick | Exploit Available | 29 days agoMar 10, 2026 |
| CVE-2026-28693 | 8.1 | This vulnerability allows an attacker to manipulate images in a way that can lead to reading or writing data outside of the intended memory space, potentially causing crashes or executing malicious code. It affects specific older versions of ImageMagick, so users need to upgrade to the latest versions to protect against this risk. | imagemagickimagemagick | Theoretical | 29 days agoMar 10, 2026 |
| CVE-2026-28692 | 4.8 | This vulnerability allows an attacker to potentially read sensitive data from the memory of a system running vulnerable versions of ImageMagick when processing specially crafted image files. To exploit this, the attacker must be able to upload or manipulate images that the software will decode, which could lead to unauthorized access to information. | imagemagickimagemagick | Theoretical | 29 days agoMar 10, 2026 |
| CVE-2026-28691 | 7.5 | An attacker can exploit a flaw in ImageMagick's JBIG decoder to crash the software or potentially run harmful code on a system that processes specially crafted image files. This vulnerability affects versions prior to 7.1.2-16 and 6.9.13-41, so using an updated version is crucial for protection. | imagemagickimagemagick | Exploit Available | 29 days agoMar 10, 2026 |
| CVE-2026-28690 | 6.5 | An attacker can exploit a flaw in the MNG image handling of ImageMagick to overwrite parts of the program's memory, potentially allowing them to run malicious code. This vulnerability affects versions prior to 7.1.2-16 and 6.9.13-41, and it requires the attacker to trick a user into processing a specially crafted MNG image. | imagemagickimagemagick | Theoretical | 29 days agoMar 10, 2026 |
| CVE-2026-28689 | 6.3 | This vulnerability allows an attacker to bypass security checks in ImageMagick, enabling them to read or write files they shouldn't have access to by tricking the software into using a different file than intended. To exploit this, the attacker needs to create a symbolic link (symlink) that swaps the intended file with a malicious one before the software opens it. | imagemagickimagemagick | Theoretical | 29 days agoMar 10, 2026 |