Remote Code Execution
Remote Code Execution (RCE) vulnerabilities allow an attacker to execute arbitrary code on a remote system without authorization. These are among the most severe vulnerabilities as they can lead to complete system compromise.
289
CRITICAL
Execution
Understanding Remote Code Execution
Remote Code Execution vulnerabilities represent the most critical class of security flaws. When exploited, they allow attackers to run arbitrary commands on a target system, often with the same privileges as the vulnerable application.
RCE vulnerabilities commonly arise from unsafe deserialization, command injection, or memory corruption bugs. They're frequently found in web applications, network services, and system utilities.
How to Identify
- •Look for input validation bypasses in file upload functionality
- •Check for unsafe deserialization of user-controlled data
- •Test command execution functions with special characters
- •Review template engines for server-side template injection
Prevention Best Practices
- ✓Use parameterized queries and prepared statements
- ✓Implement strict input validation and sanitization
- ✓Run applications with minimal privileges
- ✓Keep all software dependencies up to date
- ✓Use security headers and Content Security Policy
Remote Code Execution CVEs (289)
| Description | Vendor / Product | Exploit Status | |||
|---|---|---|---|---|---|
| CVE-2026-26884 | 2.7 | This vulnerability allows an attacker to manipulate the database of a men's salon management system by injecting harmful SQL commands through a specific page. To exploit this, the attacker needs access to the web application and must target the appointments viewing feature. | oretnom23simple online men\'s salon management system | Theoretical | about 1 month agoMar 3, 2026 |
| CVE-2026-26883 | 2.7 | This vulnerability allows an attacker to manipulate the database of a men's salon management system by sending specially crafted requests to delete appointments. To exploit this, the attacker needs access to the specific URL that handles appointment deletions, which could lead to unauthorized data removal or other malicious actions. | oretnom23simple online men\'s salon management system | Theoretical | about 1 month agoMar 3, 2026 |
| CVE-2025-66680 | 7.1 | This vulnerability allows an attacker to delete any files on a system running WiseCleaner Wise Force Deleter version 7.3.2 or earlier by sending a specially crafted request. The attacker needs access to the system where the software is installed to exploit this weakness. | wisecleanerwise force deleter | Exploit Available | about 1 month agoMar 3, 2026 |
| CVE-2026-3463 | 4.8 | This vulnerability allows an attacker to cause a heap-based buffer overflow, which can lead to unexpected behavior or crashes in the affected software. However, the attack can only be executed locally, meaning the attacker must have access to the system where the software is running. | Unknown | Exploit Available | about 1 month agoMar 3, 2026 |
| CVE-2026-22886 | 9.8 | This vulnerability allows an attacker to gain full control over the management features of OpenMQ by logging in as an administrator using the default username and password, which are often left unchanged. The attacker only needs access to the service port, making it easy for them to exploit this weakness if the default credentials are not updated. | Unknown | Theoretical | about 1 month agoMar 3, 2026 |
| CVE-2025-15598 | 6.3 | This vulnerability allows an attacker to bypass the security checks on cryptographic signatures in the SQLBot application, potentially allowing unauthorized access to sensitive data. However, exploiting this flaw requires a high level of skill and is considered complex, making it difficult for most attackers to take advantage of it. | fit2cloudsqlbot | Exploit Available | about 1 month agoMar 3, 2026 |
| CVE-2026-1876 | 8.7 | This vulnerability allows an attacker to crash the Mitsubishi Electric MELSEC iQ-F Series FX5-ENET/IP Ethernet Module by flooding it with UDP packets, causing it to become unresponsive. To recover the device, a system reset is necessary, making it a significant risk for systems relying on this equipment. | Unknown | Exploit Available | about 1 month agoMar 3, 2026 |
| CVE-2026-1875 | 8.7 | This vulnerability allows a remote attacker to crash Mitsubishi Electric's FX5-EIP EtherNet/IP Module by flooding it with UDP packets, leading to a denial-of-service situation where the device stops functioning. To recover, the affected system must be manually reset, making it vulnerable to disruption if targeted. | Unknown | Exploit Available | about 1 month agoMar 3, 2026 |
| CVE-2025-50189 | 7.2 | This vulnerability allows an attacker to manipulate the database of the Chamilo learning management system by injecting harmful SQL commands through specific user input fields. It can be exploited by anyone sending crafted data to the application before version 1.11.30, potentially leading to unauthorized access or data manipulation. | chamilochamilo lms | Theoretical | about 1 month agoMar 2, 2026 |
| CVE-2024-47886 | 8.7 | This vulnerability allows an attacker with administrative access to the Chamilo learning management system to run any code they want on the server, potentially taking full control of it. It affects versions 1.11.12 to 1.11.26, and has been fixed in the latest version, so it's crucial to update to protect against this risk. | chamilochamilo lms | Theoretical | about 1 month agoMar 2, 2026 |
| CVE-2026-3422 | 9.3 | This vulnerability allows attackers to run any code they want on the server without needing to log in, simply by sending specially crafted data. The only requirement is that the attacker must be able to send this malicious data to the server, making it a serious risk for exposed systems. | Unknown | Exploit Available | about 1 month agoMar 2, 2026 |
| CVE-2026-3413 | 6.9 | An attacker can remotely manipulate the ID argument in the university management system's admin page to execute unauthorized SQL commands, potentially accessing or altering sensitive data. This vulnerability can be exploited without needing special access, making it a significant risk for the system. | angeljudesuarezuniversity management system | Exploit Available | about 1 month agoMar 2, 2026 |
| CVE-2026-3000 | 9.3 | This vulnerability allows an attacker to remotely run malicious code on a system by tricking it into downloading and executing harmful files. The attacker does not need to log in or have any special access, making it particularly dangerous. | Unknown | Exploit Available | about 1 month agoMar 2, 2026 |
| CVE-2026-2999 | 9.3 | This vulnerability allows attackers to remotely execute malicious programs on a system without needing any authentication. They can trick the system into downloading and running harmful files from the internet, making it critical to secure the affected software. | Unknown | Exploit Available | about 1 month agoMar 2, 2026 |
| CVE-2026-3412 | 5.3 | This vulnerability allows an attacker to inject malicious scripts into the university management system, which can then be executed in the browsers of users visiting the affected page. The attack can be carried out remotely, meaning the attacker doesn't need physical access to the system, and it is now publicly known, increasing the risk of exploitation. | angeljudesuarezuniversity management system | Exploit Available | about 1 month agoMar 2, 2026 |
| CVE-2026-3411 | 6.9 | This vulnerability allows an attacker to execute malicious SQL commands on the university management system, potentially giving them access to sensitive data or the ability to manipulate the database. The attacker can exploit this issue remotely by manipulating the ID parameter in a specific admin file, making it a serious risk if not addressed. | angeljudesuarezuniversity management system | Exploit Available | about 1 month agoMar 2, 2026 |
| CVE-2026-3410 | 6.9 | This vulnerability allows an attacker to execute SQL injection attacks remotely by manipulating the student_id parameter in a specific admin file of the society management system. If successfully exploited, the attacker could gain unauthorized access to the database, potentially exposing sensitive information. | angeljudesuarezsociety management system | Exploit Available | about 1 month agoMar 2, 2026 |
| CVE-2026-3409 | 6.9 | This vulnerability allows an attacker to inject and execute malicious code on a server remotely by manipulating file imports in the affected application. It requires the attacker to send specially crafted requests to the Flow Import Endpoint, making it a serious risk if the application is exposed to the internet. | Unknown | Exploit Available | about 1 month agoMar 2, 2026 |
| CVE-2026-3401 | 2.3 | An attacker can potentially cause user sessions to expire in the web-based pharmacy management system, which could disrupt users' access. However, exploiting this vulnerability is difficult and requires specific knowledge, making it less likely to be used in real-world attacks. | senior-walterweb-based pharmacy product management system | Exploit Available | about 1 month agoMar 2, 2026 |
| CVE-2026-3394 | 4.8 | This vulnerability allows an attacker to corrupt memory by manipulating WAV files processed by the SoLoud audio library, potentially leading to crashes or arbitrary code execution. However, the attack can only be carried out locally, meaning the attacker needs access to the system where the vulnerable software is running. | solhsasoloud | Exploit Available | about 1 month agoMar 1, 2026 |