#remote-code-execution
17 articles
Technology, enterprise, and government sectors are the primary targets in the 18 articles tagged remote-code-execution, published between April 14 and June 1, 2026. The coverage includes 11 critical and 7 high-severity vulnerabilities, with top CVEs including CVE-2026-8836 (CVSS 10), CVE-2026-41089 (CVSS 9.8), CVE-2026-41265 (CVSS 9.8), CVE-2026-45185 (CVSS 9.8), and CVE-2026-5760 (CVSS 9.8). These flaws affect organizations globally, with particular impact across Europe and North America, spanning telecommunications and software development sectors.
CRITICALCVE-2026-41089: Windows Netlogon RCE Exploited in Wild
CVE-2026-41089 is a critical Windows Netlogon RCE now reported as exploited in the wild, with Microsoft CNA scoring it CVSS 9.8.
CRITICALCVE-2026-8836: CVSS 10.0 Stack Overflow in lwIP SNMPv3 Parser
CVE-2026-8836 is a CVSS 10.0 stack-based buffer overflow in lwIP up to 2.2.1's SNMPv3 USM handler. Remote unauthenticated attackers can trigger code execution via crafted...
HIGHCVE-2024-57728: SimpleHelp Path Traversal Lets Admins Upload
CISA adds CVE-2024-57728 to Known Exploited Vulnerabilities: SimpleHelp path traversal via zip slip allows admin users to upload arbitrary files and execute code. Due May 8, 2026.
HIGHChrome 148.0.7778.168 Patches Integer Overflows, Sandbox Escape Risk
CVE-2026-8573 (CVSS 8.3) and CVE-2026-8577 (CVSS 8.8) in Chrome 148 on Windows allow sandbox escape and RCE via crafted video or HTML pages. Update now.
CRITICALF5 Patches 51 Flaws: NGINX DoS, BIG-IP RCE Among Critical Fixes
F5 fixed 19 high-severity and 32 medium-severity bugs across BIG-IP, BIG-IQ, and NGINX. The most severe, CVE-2026-42945 (CVSS 9.2), enables heap overflow DoS in NGINX rewrite...
CRITICALExim BDAT Use-After-Free Flaw CVE-2026-45185 Enables Remote Code
CVE-2026-45185 (Dead.Letter) is a use-after-free in Exim's BDAT handling affecting GnuTLS builds — CVSS 9.8, remote code execution risk. Patches released.
CRITICALCustom css-js-php WordPress Plugin SQLi Leads to RCE (CVE-2026-6433)
CVE-2026-6433: Unauthenticated SQL injection in Custom css-js-php plugin ≤2.0.7 lets attackers execute arbitrary PHP via eval(). No patch available.
HIGHAero CMS 0.0.1 PHP Code Injection Flaw Lets Authenticated Attackers
CVE-2022-50944 (CVSS 8.8): Authenticated attackers can upload malicious PHP files via the image parameter in Aero CMS 0.0.1, achieving remote code execution on the server.
CRITICALCVE-2025-69690: Netgate pfSense CE Module Installer RCE via Backup
CVE-2025-69690 (CVSS 9.1) lets authenticated admins achieve remote code execution on pfSense CE 2.7.2 by crafting a backup file with a serialized PHP object.
HIGHDrayTek Vigor 2960 OS Command Injection Flaw Allows Unauthenticated
CVE-2022-50994 (CVSS 8.1): Unauthenticated attackers can inject shell commands via the formpassword parameter in the CGI login handler of DrayTek Vigor 2960 routers running...
HIGHIvanti EPMM Zero-Day CVE-2026-6973 Exploited in Limited Attacks
Ivanti warns CVE-2026-6973, a high-severity RCE in EPMM 12.8.0.0 and earlier, is under limited zero-day exploitation. Patches available; 850+ EPMM instances exposed online.
CRITICALPalo Alto PAN-OS CVE-2026-0300 Attacked via Captive Portal
CVE-2026-0300 is a critical PAN-OS buffer overflow in the User-ID Authentication Portal. Fixed builds are upcoming, so disable or restrict the portal immediately.
CRITICALApache Patches Critical HTTP/2 Double-Free Flaw CVE-2026-23918
Apache HTTP Server CVE-2026-23918 (CVSS 8.8) enables DoS and potential RCE via double-free in HTTP/2 handling. Affects all mod_http2 users. Patch now.
CRITICALFlowise RCE Vulnerability CVE-2026-41265 Carries CVSS 9.8
CVE-2026-41265 in Flowise Airtable_Agent allows unauthenticated remote code execution with CVSS 9.8. ZDI advisory details code injection in default installations.
CRITICALCVE-2026-25874: Unpatched RCE Flaw in Hugging Face LeRobot
CVE-2026-25874 (CVSS 9.3) in Hugging Face LeRobot enables unauthenticated RCE via unsafe deserialization.
HIGHGitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push
CVE-2026-3854 (CVSS 8.7) lets authenticated users with push access achieve remote code execution on GitHub.com and GitHub Enterprise Server via a crafted git push command.
CRITICALSGLang Vulnerability CVE-2026-5760 Enables Remote Code Execution via GGUF Files
CVE-2026-5760, a critical 9.8 CVSS flaw in the SGLang inference engine, allows attackers to execute arbitrary code by uploading malicious GGUF model files, compromising AI/ML serving deployments.
Stay Updated
Get the latest cybersecurity news delivered to your inbox.