Remote Code Execution
Remote Code Execution (RCE) vulnerabilities allow an attacker to execute arbitrary code on a remote system without authorization. These are among the most severe vulnerabilities as they can lead to complete system compromise.
289
CRITICAL
Execution
Understanding Remote Code Execution
Remote Code Execution vulnerabilities represent the most critical class of security flaws. When exploited, they allow attackers to run arbitrary commands on a target system, often with the same privileges as the vulnerable application.
RCE vulnerabilities commonly arise from unsafe deserialization, command injection, or memory corruption bugs. They're frequently found in web applications, network services, and system utilities.
How to Identify
- •Look for input validation bypasses in file upload functionality
- •Check for unsafe deserialization of user-controlled data
- •Test command execution functions with special characters
- •Review template engines for server-side template injection
Prevention Best Practices
- ✓Use parameterized queries and prepared statements
- ✓Implement strict input validation and sanitization
- ✓Run applications with minimal privileges
- ✓Keep all software dependencies up to date
- ✓Use security headers and Content Security Policy
Remote Code Execution CVEs (289)
| Description | Vendor / Product | Exploit Status | |||
|---|---|---|---|---|---|
| CVE-2026-29048 | 6.9 | This vulnerability allows an attacker to inject and execute malicious scripts in a user's browser when they interact with certain buttons in the software. It occurs due to improper handling of user input in version 1.18.0, and users should upgrade to version 1.18.1 to protect themselves. | humhubhumhub | Exploit Available | about 1 month agoMar 6, 2026 |
| CVE-2026-29039 | 8.8 | This vulnerability allows an attacker to read any file on the server where the changedetection.io application is running by using specially crafted XPath expressions. It can be exploited by anyone who can access the application and does not require any special permissions, making it a significant risk if not updated to the latest version. | webtechnologieschangedetection | Theoretical | about 1 month agoMar 6, 2026 |
| CVE-2026-29038 | 6.1 | An attacker can exploit a vulnerability in changedetection.io to inject malicious JavaScript into the web page, which could then be executed in the browser of anyone visiting that page. This happens when a user accesses a specific URL with a manipulated tag identifier, allowing the attacker to run harmful scripts without needing any special access. | webtechnologieschangedetection | Theoretical | about 1 month agoMar 6, 2026 |
| CVE-2026-28804 | 6.9 | An attacker can create a specially crafted PDF that causes the pypdf library to run for an excessively long time, potentially leading to denial of service. This issue occurs when the PDF uses a specific decoding method and affects versions prior to 6.7.5, which has since been patched. | pypdf projectpypdf | Exploit Available | about 1 month agoMar 6, 2026 |
| CVE-2026-28801 | 7.8 | This vulnerability allows an attacker to execute malicious code on a user's system by sharing a specially crafted file that the Natro Macro program runs without the user's knowledge. It affects versions prior to 1.1.0, and since users often share these files, anyone using an unpatched version could unknowingly run harmful scripts in the background. | natroteamnatro macro | Theoretical | about 1 month agoMar 6, 2026 |
| CVE-2026-28800 | 8.0 | This vulnerability allows an attacker to take complete control of a user's computer, including the ability to type, click, and access files, if the user has set up Discord Remote Control in a public channel where anyone can send messages. To be exploited, the attacker just needs to be a member of that channel, making it crucial to keep such controls private. | natroteamnatro macro | Exploit Available | about 1 month agoMar 6, 2026 |
| CVE-2026-28799 | 8.7 | This vulnerability allows an attacker to potentially execute malicious code on a system using PJSIP by exploiting a flaw in the event subscription process when a user unsubscribes from presence updates. It can be triggered if the attacker can send a specific unsubscribe request, and it has been fixed in version 2.17 of the software. | pjsippjsip | Exploit Available | about 1 month agoMar 6, 2026 |
| CVE-2026-30796 | 8.7 | This vulnerability allows an attacker to intercept and read sensitive information, like passwords, that are sent in plain text between the RustDesk Server Pro and its clients. It affects versions up to 1.7.5 and requires the attacker to be on the same network to capture this unencrypted data during communication. | Unknown | Exploit Available | about 1 month agoMar 5, 2026 |
| CVE-2026-25048 | 8.7 | An attacker can crash applications using the xgrammar library by exploiting a flaw in its multi-level nested syntax, which leads to a segmentation fault. This issue affects versions before 0.1.32, so users need to update to the latest version to avoid this risk. | Unknown | Theoretical | about 1 month agoMar 5, 2026 |
| CVE-2025-11143 | 6.5 | This vulnerability allows an attacker to potentially bypass security measures by exploiting differences in how various components of a system interpret unusual web addresses (URIs). If different parts of the system use different rules for these URIs, it could lead to unauthorized access or reveal sensitive information about the system's setup. | eclipsejetty | Exploit Available | about 1 month agoMar 5, 2026 |
| CVE-2025-66319 | 5.5 | This vulnerability allows an attacker to manipulate resource scheduling on devices running HarmonyOS, potentially disrupting the integrity of services. To exploit this flaw, the attacker must have access to the system where the vulnerability exists. | huaweiharmonyos | Theoretical | about 1 month agoMar 5, 2026 |
| CVE-2025-70342 | 6.6 | An attacker can capture admin credentials entered during system reinstall or erase operations because the software saves this sensitive information in a publicly accessible file. This vulnerability can be exploited by an unauthenticated user who creates a specific type of communication channel on the system. | grahampugherase-install | Exploit Available | about 1 month agoMar 4, 2026 |
| CVE-2025-40896 | 6.3 | An attacker could intercept and manipulate the communication between an Arc agent and its server, allowing them to steal sensitive information or send false data. This vulnerability occurs because the server's identity isn't properly verified when the Arc agent connects, making it easier for the attacker to impersonate the server. | nozominetworksarc | Exploit Available | about 1 month agoMar 4, 2026 |
| CVE-2026-24732 | 6.6 | This vulnerability allows an attacker to access files or directories that should be restricted, effectively bypassing security controls meant to protect sensitive information. It affects specific versions of the BlueSpice software, so if you're using one of those versions, it's crucial to update to a patched release to prevent unauthorized access. | Unknown | Theoretical | about 1 month agoMar 4, 2026 |
| CVE-2026-27446 | 9.3 | An attacker can exploit this vulnerability to trick a vulnerable Apache Artemis broker into connecting to their malicious broker, allowing them to inject or steal messages from any queue. This can happen if the broker accepts connections from untrusted sources and is configured to connect to untrusted targets, making it crucial to secure these connections. | Unknown | Exploit Available | about 1 month agoMar 4, 2026 |
| CVE-2026-27444 | 7.8 | This vulnerability allows an attacker to spoof the sender's email address or decrypt emails by exploiting how the SEPPmail Secure Email Gateway handles email headers. It affects versions before 15.0.1, meaning users running older versions are at risk if they receive emails that take advantage of this flaw. | seppmailseppmail | Theoretical | about 1 month agoMar 4, 2026 |
| CVE-2026-28775 | 10.0 | An attacker can remotely take complete control of the SFX Series SuperFlex Satellite Receiver because it allows unauthorized access to its SNMP service, which is set up insecurely with a default password that gives full access. This vulnerability requires no authentication, meaning anyone can exploit it to run any command on the device as if they were the system's administrator. | datacastsfx2100 firmware | Theoretical | about 1 month agoMar 4, 2026 |
| CVE-2025-67840 | 7.2 | This vulnerability allows an attacker with admin access to the Cohesity TranZman appliance to run any command on the system, effectively taking full control of it. The attacker can exploit this by intercepting and modifying legitimate requests, which means they need to be authenticated as an admin to trigger the issue. | cohesitytranzman | Exploit Available | about 1 month agoMar 3, 2026 |
| CVE-2026-26886 | 2.7 | This vulnerability allows an attacker to manipulate the database of the online men's salon management system by injecting malicious SQL code through the admin service management page. To exploit this, the attacker needs access to the admin panel, which may require valid login credentials. | oretnom23simple online men\'s salon management system | Theoretical | about 1 month agoMar 3, 2026 |
| CVE-2026-26885 | 2.7 | This vulnerability allows an attacker to manipulate the database of a men's salon management system by injecting harmful SQL commands through a specific URL. To exploit it, the attacker needs to access the system's delete service function, which could lead to unauthorized data deletion or exposure. | oretnom23simple online men\'s salon management system | Exploit Available | about 1 month agoMar 3, 2026 |