Export limit exceeded: 10555 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10555 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-33943 | 1 Capricorn86 | 2 Happy-dom, Happy Dom | 2026-04-14 | 8.8 High |
| Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. In versions 15.10.0 through 20.8.7, a code injection vulnerability in `ECMAScriptModuleCompiler` allows an attacker to achieve Remote Code Execution (RCE) by injecting arbitrary JavaScript expressions inside `export { }` declarations in ES module scripts processed by happy-dom. The compiler directly interpolates unsanitized content into generated code as an executable expression, and the quote filter does not strip backticks, allowing template literal-based payloads to bypass sanitization. Version 20.8.8 fixes the issue. | ||||
| CVE-2026-34607 | 1 Emlog | 1 Emlog | 2026-04-14 | 7.2 High |
| Emlog is an open source website building system. In versions 2.6.2 and prior, a path traversal vulnerability exists in the emUnZip() function (include/lib/common.php:793). When extracting ZIP archives (plugin/template uploads, backup imports), the function calls $zip->extractTo($path) without sanitizing ZIP entry names. An authenticated admin can upload a crafted ZIP containing entries with ../ sequences to write arbitrary files to the server filesystem, including PHP webshells, achieving Remote Code Execution (RCE). At time of publication, there are no publicly available patches. | ||||
| CVE-2026-34612 | 2 Kestra, Kestra-io | 2 Kestra, Kestra | 2026-04-14 | 10 Critical |
| Kestra is an open-source, event-driven orchestration platform. Prior to version 1.3.7, Kestra (default docker-compose deployment) contains a SQL Injection vulnerability that leads to Remote Code Execution (RCE) in the following endpoint "GET /api/v1/main/flows/search". Once a user is authenticated, simply visiting a crafted link is enough to trigger the vulnerability. The injected payload is executed by PostgreSQL using COPY ... TO PROGRAM ..., which in turn runs arbitrary OS commands on the host. This issue has been patched in version 1.3.7. | ||||
| CVE-2026-35171 | 2 Kedro-org, Linuxfoundation | 2 Kedro, Kedro | 2026-04-14 | 9.8 Critical |
| Kedro is a toolbox for production-ready data science. Prior to 1.3.0, Kedro allows the logging configuration file path to be set via the KEDRO_LOGGING_CONFIG environment variable and loads it without validation. The logging configuration schema supports the special () key, which enables arbitrary callable instantiation. An attacker can exploit this to execute arbitrary system commands during application startup. This is a critical remote code execution (RCE) vulnerability caused by unsafe use of logging.config.dictConfig() with user-controlled input. This vulnerability is fixed in 1.3.0. | ||||
| CVE-2026-35174 | 2 Chyrplite, Xenocrat Project | 2 Chyrp Lite, Chyrp-lite | 2026-04-14 | 9.1 Critical |
| Chyrp Lite is an ultra-lightweight blogging engine. Prior to 2026.01, a path traversal vulnerability exists in the administration console that allows an administrator or a user with Change Settings permission to change the uploads path to any folder. This vulnerability allows the user to download any file on the server, including config.json.php with database credentials and overwrite critical system files, leading to remote code execution. This vulnerability is fixed in 2026.01. | ||||
| CVE-2023-21529 | 1 Microsoft | 1 Exchange Server | 2026-04-14 | 8.8 High |
| Microsoft Exchange Server Remote Code Execution Vulnerability | ||||
| CVE-2022-3602 | 5 Fedoraproject, Netapp, Nodejs and 2 more | 5 Fedora, Clustered Data Ontap, Node.js and 2 more | 2026-04-14 | 7.5 High |
| A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution. Many platforms implement stack overflow protections which would mitigate against the risk of remote code execution. The risk may be further mitigated based on stack layout for any given platform/compiler. Pre-announcements of CVE-2022-3602 described this issue as CRITICAL. Further analysis based on some of the mitigating factors described above have led this to be downgraded to HIGH. Users are still encouraged to upgrade to a new version as soon as possible. In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects. Fixed in OpenSSL 3.0.7 (Affected 3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6). | ||||
| CVE-2026-5058 | 1 Aws | 1 Aws-mcp-server | 2026-04-13 | N/A |
| aws-mcp-server Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of aws-mcp-server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the allowed commands list. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the MCP server. Was ZDI-CAN-27968. | ||||
| CVE-2026-5059 | 1 Aws | 1 Aws-mcp-server | 2026-04-13 | N/A |
| aws-mcp-server AWS CLI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of aws-mcp-server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the allowed commands list. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the MCP server. Was ZDI-CAN-27969. | ||||
| CVE-2026-6057 | 1 Falkordb | 1 Falkordb Browser | 2026-04-13 | 9.8 Critical |
| FalkorDB Browser 1.9.3 contains an unauthenticated path traversal vulnerability in the file upload API that allows remote attackers to write arbitrary files and achieve remote code execution. | ||||
| CVE-2026-35043 | 1 Bentoml | 1 Bentoml | 2026-04-13 | 7.8 High |
| BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.38, the cloud deployment path in src/bentoml/_internal/cloud/deployment.py was not included in the fix for CVE-2026-33744. Line 1648 interpolates system_packages directly into a shell command using an f-string without any quoting. The generated script is uploaded to BentoCloud as setup.sh and executed on the cloud build infrastructure during deployment, making this a remote code execution on the CI/CD tier. This vulnerability is fixed in 1.4.38. | ||||
| CVE-2026-35047 | 1 Ajax30 | 2 Bravecms, Bravecms-2.0 | 2026-04-13 | 9.8 Critical |
| Brave CMS is an open-source CMS. Prior to 2.0.6, an Unrestricted File Upload vulnerability in the CKEditor endpoint allows attackers to upload arbitrary files, including executable scripts. This may lead to Remote Code Execution (RCE) on the server, potentially resulting in full system compromise, data exfiltration, or service disruption. All users running affected versions of BraveCMS are impacted. This vulnerability is fixed in 2.0.6. | ||||
| CVE-2026-30460 | 2 Daylightstudio, Thedaylightstudio | 2 Fuel Cms, Fuel Cms | 2026-04-13 | 8.8 High |
| Daylight Studio FuelCMS v1.5.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability in the Blocks module. | ||||
| CVE-2026-35573 | 1 Churchcrm | 1 Churchcrm | 2026-04-13 | 9.1 Critical |
| ChurchCRM is an open-source church management system. Prior to 6.5.3, a path traversal vulnerability in ChurchCRM's backup restore functionality allows authenticated administrators to upload arbitrary files and achieve remote code execution by overwriting Apache .htaccess configuration files. The vulnerability exists in src/ChurchCRM/Backup/RestoreJob.php. The $rawUploadedFile['name'] parameter is user-controlled and allows uploading files with arbitrary names to /var/www/html/tmp_attach/ChurchCRMBackups/. This vulnerability is fixed in 6.5.3. | ||||
| CVE-2026-39337 | 1 Churchcrm | 1 Churchcrm | 2026-04-13 | 10 Critical |
| ChurchCRM is an open-source church management system. Prior to 7.1.0, critical pre-authentication remote code execution vulnerability in ChurchCRM's setup wizard allows unauthenticated attackers to inject arbitrary PHP code during the initial installation process, leading to complete server compromise. The "$dbPassword" variable is not sanitized. This vulnerability exists due to an incomplete fix for CVE-2025-62521. This vulnerability is fixed in 7.1.0. | ||||
| CVE-2025-59710 | 2 Biztalk360, Kovai | 2 Biztalk360, Biztalk360 | 2026-04-10 | 8.8 High |
| An issue was discovered in Biztalk360 before 11.5. Because of incorrect access control, any user is able to request the loading a DLL file. During the loading, a method is called. An attacker can craft a malicious DLL, upload it to the server, and use it to achieve remote code execution on the server. | ||||
| CVE-2023-53959 | 1 Filezilla-project | 1 Filezilla Client | 2026-04-09 | 9.8 Critical |
| FileZilla Client 3.63.1 contains a DLL hijacking vulnerability that allows attackers to execute malicious code by placing a crafted TextShaping.dll in the application directory. Attackers can generate a reverse shell payload using msfvenom and replace the missing DLL to achieve remote code execution when the application launches. | ||||
| CVE-2026-35216 | 1 Budibase | 1 Budibase | 2026-04-09 | 9.1 Critical |
| Budibase is an open-source low-code platform. Prior to version 3.33.4, an unauthenticated attacker can achieve Remote Code Execution (RCE) on the Budibase server by triggering an automation that contains a Bash step via the public webhook endpoint. No authentication is required to trigger the exploit. The process executes as root inside the container. This issue has been patched in version 3.33.4. | ||||
| CVE-2026-3535 | 2 Mlfactory, Wordpress | 2 Dsgvo Google Web Fonts Gdpr, Wordpress | 2026-04-08 | 9.8 Critical |
| The DSGVO Google Web Fonts GDPR plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the `DSGVOGWPdownloadGoogleFonts()` function in all versions up to, and including, 1.1. The function is exposed via a `wp_ajax_nopriv_` hook, requiring no authentication. It fetches a user-supplied URL as a CSS file, extracts URLs from its content, and downloads those files to a publicly accessible directory without validating the file type. This makes it possible for unauthenticated attackers to upload arbitrary files including PHP webshells, leading to remote code execution. The exploit requires the site to use one of a handful of specific themes (twentyfifteen, twentyseventeen, twentysixteen, storefront, salient, or shapely). | ||||
| CVE-2026-4808 | 2 Tidevapps, Wordpress | 2 Gerador De Certificados – Devapps, Wordpress | 2026-04-08 | 7.2 High |
| The Gerador de Certificados – DevApps plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the moveUploadedFile() function in all versions up to, and including, 1.3.6. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. | ||||