Remote Code Execution
Remote Code Execution (RCE) vulnerabilities allow an attacker to execute arbitrary code on a remote system without authorization. These are among the most severe vulnerabilities as they can lead to complete system compromise.
289
CRITICAL
Execution
Understanding Remote Code Execution
Remote Code Execution vulnerabilities represent the most critical class of security flaws. When exploited, they allow attackers to run arbitrary commands on a target system, often with the same privileges as the vulnerable application.
RCE vulnerabilities commonly arise from unsafe deserialization, command injection, or memory corruption bugs. They're frequently found in web applications, network services, and system utilities.
How to Identify
- •Look for input validation bypasses in file upload functionality
- •Check for unsafe deserialization of user-controlled data
- •Test command execution functions with special characters
- •Review template engines for server-side template injection
Prevention Best Practices
- ✓Use parameterized queries and prepared statements
- ✓Implement strict input validation and sanitization
- ✓Run applications with minimal privileges
- ✓Keep all software dependencies up to date
- ✓Use security headers and Content Security Policy
Remote Code Execution CVEs (289)
| Description | Vendor / Product | Exploit Status | |||
|---|---|---|---|---|---|
| CVE-2026-30832 | 9.1 | This vulnerability allows an authenticated user to trick the Git server into making unauthorized HTTP requests to internal services by using a specially crafted URL. An attacker needs access to the server and can exploit this to gain read access to sensitive internal data by manipulating the server's response. | charmsoft serve | Exploit Available | about 1 month agoMar 7, 2026 |
| CVE-2026-29787 | 5.3 | An attacker can access sensitive system information, such as the operating system version and database paths, through an unsecured endpoint if the service is configured to allow anonymous access. This is particularly risky if the service is set to listen on all network interfaces, making it visible to anyone on the network. | doobidoomcp-memory-service | Theoretical | about 1 month agoMar 7, 2026 |
| CVE-2026-29778 | 6.5 | This vulnerability allows an attacker to manipulate file paths in the pyLoad download manager, potentially accessing unauthorized files on the server. It occurs in specific versions of the software when the attacker crafts special input to bypass basic security checks, so users should upgrade to the latest version to protect against this risk. | pyload-ng projectpyload-ng | Theoretical | about 1 month agoMar 7, 2026 |
| CVE-2026-29194 | 8.6 | This vulnerability allows an attacker to use a valid host token to access, modify, or delete resources belonging to other hosts in the Netmaker system. To exploit this, the attacker only needs to know the identifiers for the targeted nodes or hosts and can do so without proper authorization checks, making it a serious risk if not updated to the patched version. | gravitlnetmaker | Theoretical | about 1 month agoMar 7, 2026 |
| CVE-2026-29190 | 5.3 | This vulnerability allows an attacker to read any file on the system running Karapace by providing a specially crafted backup file. It mainly affects setups that use the backup feature and process files from untrusted sources, with the actual risk depending on the permissions of the Karapace application. | aivenkarapace | Theoretical | about 1 month agoMar 7, 2026 |
| CVE-2026-3664 | 4.8 | This vulnerability allows an attacker to read sensitive data from memory by manipulating how the software processes encrypted XLSX files. However, the attack can only be carried out locally, meaning the attacker needs access to the system where the software is running. | xlnt-communityxlnt | Exploit Available | about 1 month agoMar 7, 2026 |
| CVE-2026-3663 | 4.8 | This vulnerability allows an attacker with local access to read beyond the intended limits of memory in the xlnt XLSX file parser, potentially exposing sensitive information. It is important to apply the provided patch to fix this issue, as the exploit has already been made public. | xlnt-communityxlnt | Exploit Available | about 1 month agoMar 7, 2026 |
| CVE-2026-29193 | 8.2 | This vulnerability allows an attacker to create new accounts or log in with a password, even if those options are supposed to be disabled by the organization. It affects versions 4.0.0 to 4.12.0 of the Zitadel identity management platform, and users must be able to access the login interface to exploit this issue. | zitadelzitadel | Theoretical | about 1 month agoMar 7, 2026 |
| CVE-2026-29192 | 7.7 | This vulnerability allows an attacker to take over user accounts by exploiting a flaw in Zitadel's login system, specifically through a default redirect link. It affects versions 4.0.0 to 4.11.1, so users need to upgrade to version 4.12.0 to protect themselves. | zitadelzitadel | Theoretical | about 1 month agoMar 7, 2026 |
| CVE-2026-29191 | 9.3 | This vulnerability allows an attacker to take over user accounts by exploiting a flaw in Zitadel's login interface, specifically through a cross-site scripting (XSS) attack on the /saml-post endpoint. It affects versions 4.0.0 to 4.11.1, and users should upgrade to version 4.12.0 to protect against this critical issue. | zitadelzitadel | Theoretical | about 1 month agoMar 7, 2026 |
| CVE-2026-29067 | 9.3 | An attacker can exploit a flaw in ZITADEL's password reset process to potentially intercept or manipulate the confirmation link sent to users, allowing them to reset passwords without authorization. This vulnerability affects versions from 4.0.0-rc.1 to 4.7.0 and requires the attacker to be able to send requests that include specific headers to the server. | zitadelzitadel | Theoretical | about 1 month agoMar 7, 2026 |
| CVE-2018-25171 | 8.8 | This vulnerability allows attackers to run their own SQL commands on the database without needing to log in, simply by manipulating a specific part of the URL. By doing this, they can access sensitive information like user passwords and database details, making it a serious risk for any system using this software. | Unknown | Theoretical | about 1 month agoMar 6, 2026 |
| CVE-2018-25169 | 8.7 | This vulnerability allows attackers to crash the AMPPS service by overwhelming it with bad data sent to its default HTTP port. They can do this remotely by opening multiple connections, which can exhaust the server's resources and make it unavailable to legitimate users. | Unknown | Exploit Available | about 1 month agoMar 6, 2026 |
| CVE-2018-25165 | 7.1 | This vulnerability allows an attacker who is already logged into the game to manipulate the database by sending specially crafted requests, potentially exposing sensitive information like usernames and database details. The attacker can exploit this by injecting harmful code through a specific parameter in the game's ads.php file. | Unknown | Exploit Available | about 1 month agoMar 6, 2026 |
| CVE-2026-3589 | 7.5 | This vulnerability allows an attacker to create new admin user accounts on a WooCommerce site without needing to log in, potentially giving them full control over the store. It can be exploited by anyone, as long as they can trick a logged-in admin into executing a malicious request. | Unknown | Exploit Available | about 1 month agoMar 6, 2026 |
| CVE-2026-2330 | 9.4 | An attacker can gain unauthorized access to sensitive areas of a device's filesystem, allowing them to upload harmful files that can change important settings, like network configurations, after a reboot. This vulnerability occurs because some internal directories meant for testing are not properly protected, meaning an attacker doesn't need to log in to exploit it. | Unknown | Exploit Available | about 1 month agoMar 6, 2026 |
| CVE-2026-29062 | 8.7 | This vulnerability allows an attacker to crash an application by sending a JSON document that is too deeply nested, which can overwhelm the system and cause it to stop working. It affects versions of the jackson-core library from 3.0.0 up to, but not including, 3.1.0, so updating to the latest version is essential to prevent this issue. | fasterxmljackson-core | Theoretical | about 1 month agoMar 6, 2026 |
| CVE-2026-29059 | 6.9 | An attacker can exploit a flaw in Windmill to read any file on the server by manipulating the filename in a specific API request, as long as they know the file's path. This vulnerability affects versions before 1.603.3 and has been fixed in the latest update. | Unknown | Exploit Available | about 1 month agoMar 6, 2026 |
| CVE-2026-29068 | 8.7 | This vulnerability allows an attacker to crash the application or potentially execute malicious code by sending specially crafted RTP data that contains more frames than the software can handle. It affects versions prior to 2.17 of the PJSIP library, so using an updated version is crucial to prevent exploitation. | pjsippjsip | Theoretical | about 1 month agoMar 6, 2026 |
| CVE-2026-29065 | 8.8 | This vulnerability allows an attacker to overwrite files on the server by uploading a specially crafted ZIP file, which can lead to unauthorized changes or access to sensitive data. It affects versions prior to 0.54.4 of the changedetection tool, so users should upgrade to the latest version to protect against this risk. | webtechnologieschangedetection | Theoretical | about 1 month agoMar 6, 2026 |