rce 52
- Adobe Patches 7 CVSS 10.0 Flaws in ColdFusion and Campaign Classic
- Critical Cursor Flaws Let Prompt Injection Escape Sandbox
- Progress Kemp LoadMaster Pre-Auth RCE Under Active Exploitation
- Microsoft Fixes AutoGen Studio Flaw That Enabled Code Execution
- F5 Patches Two Critical NGINX Open Source RCE Flaws
- Critical Flaw in AVer PTC Cameras (CVSS 9.8) Allows Arbitrary Code Execution
- Chrome and Firefox Patch Critical Memory Safety Bugs
- Attackers Exploit Three Fortinet FortiSandbox Flaws Including CVSS 9.1
- Vertex AI Python SDK Flaw Allows Cross-Tenant RCE via Bucket Squatting
- LiteLLM Vulnerability Chain Lets Low-Privilege Users Take Over AI Gateway Servers
- Critical Splunk Enterprise Flaw (CVE-2026-20253, CVSS 9.8) Allows Unauthenticated Remote Code Execution
- Veeam Backup & Replication Critical RCE CVE-2026-44963 (CVSS 9.4)
- Chrome V8 Zero-Day CVE-2026-11645 Actively Exploited — Patch Now
- CVE-2026-3300: Critical Everest Forms Pro Flaw Actively Exploited for WordPress Takeover
- Cisco Catalyst SD-WAN Manager Zero-Day CVE-2026-20245 Actively Exploited, No Patch Available
- Actively Exploited Magento RCE CVE-2026-45247 Added to CISA KEV
- Oracle WebLogic CVE-2024-21182 Under Active Exploitation, Added to CISA KEV
- Critical Stack Overflow in HP VoIP Phones Enables Unauthenticated Remote Code Execution
- Gogs Zero-Day RCE Lets Any Authenticated User Execute Arbitrary Code
- KnowledgeDeliver LMS Zero-Day Exploited to Deploy Godzilla Web Shell and Cobalt Strike
- ExifTool CVE-2026-3102: Malicious Image File Triggers macOS Compromise
- ScadaBR 1.2.0 Hit by Four CVEs Including Unauthenticated RCE (CVSS 9.1)
- Critical SEPPMail Gateway Vulnerabilities Enable RCE and Full Mail Traffic Read
- Pwn2Own Berlin 2026 Day 2: 15 Zero-Days in Windows 11, Exchange, and RHEL Earn $385K
- Microsoft Exchange CVE-2026-42897 Zero-Day Exploited via Crafted Email
- 18-Year-Old NGINX Rewrite Module Bug Enables Unauthenticated RCE
- Critical Exim Mail Server Flaw Allows Unauthenticated Remote Code Execution
- May 2026 Patch Tuesday: 138 CVEs Including Critical Zero-Click Outlook Flaw CVE-2026-40361
- Google Project Zero Demonstrates 0-Click Exploit Chain for Pixel 10
- Fortinet Patches Critical RCE Flaws in FortiSandbox and FortiAuthenticator
- JDownloader Website Compromised to Distribute Python RAT via Malicious Installers
- cPanel and WHM Patch Three Vulnerabilities Including RCE and Privilege Escalation
- Dozen Critical Vulnerabilities in vm2 Node.js Library Enable Sandbox Escape and RCE
- PAN-OS Zero-Day CVE-2026-0300 Enables Unauthenticated RCE via Captive Portal
- Palo Alto PAN-OS RCE Zero-Day CVE-2026-0300 Actively Exploited
- MetInfo CMS CVE-2026-29014 Under Active Exploitation — Unauthenticated RCE (CVSS 9.8)
- Weaver E-cology CVE-2026-22679 Actively Exploited — CVSS 9.8 Unauthenticated RCE via Debug API
- Critical Gemini CLI Flaw Enabled Host Code Execution and Supply Chain Attacks
- Google Patches CVSS 10 Gemini CLI RCE Enabling Supply-Chain Code Execution
- GitHub RCE Flaw CVE-2026-3854 Exposed Millions of Private Repositories
- Critical GitHub RCE CVE-2026-3854 Exposed Millions of Repositories
- 15-Year-Old OpenSSH Flaw Allowed Full Root Shell Access via Certificate Principal Parsing Bug
- CVE-2026-1731: Critical Bomgar RMM RCE Actively Exploited to Spread Ransomware
- Google Antigravity AI IDE: Prompt Injection Chained to Sandbox Escape and Code Execution
- Splunk Enterprise Patches RCE Flaw Exploitable by Low-Privileged Users via File Upload
- CVE-2026-33032 (MCPwn): Critical Nginx UI Authentication Bypass Actively Exploited
- Fortinet Patches Critical FortiSandbox Vulnerabilities Enabling Auth Bypass and RCE
- April 2026 Patch Tuesday: SharePoint Zero-Day Among 167 CVEs Fixed
- ShowDoc RCE Flaw CVE-2025-0520 Actively Exploited on Unpatched Servers
- Adobe Patches Actively Exploited Acrobat Reader RCE — CVE-2026-34621
- Apache ActiveMQ Classic Carries 13-Year-Old RCE Risk via Unauthenticated Jolokia API
- CVE-2026-1337 — RCE in Widely-Used Python ORM