Rce

CVE-2026-34197 exposes Apache ActiveMQ to remote code execution via the Jolokia API. Horizon3 researcher used Claude to uncover the flaw in under 10 minutes. Patch now.

Critical code injection vulnerability CVE-2025-59528 in Flowise AI agent builder scores maximum CVSS 10.0 and is under active exploitation. Over 12,000 instances are publicly accessible.

AI-discovered vulnerabilities bypass all security policies including 'secure' mode. Most servers won't receive fixes until 2027 without manual intervention.

CVE-2026-34838 lets authenticated attackers achieve RCE on Group-Office CRM servers via insecure deserialization. Upgrade to patched versions immediately.

CVE-2026-2699 and CVE-2026-2701 combine to let unauthenticated attackers take over ShareFile Storage Zone Controllers. Patches available since March 10.

CVE-2026-35616 lets attackers bypass API authentication in FortiClient EMS 7.4.5-7.4.6 for unauthenticated RCE. Exploitation began March 31. Emergency hotfixes available.

CVE-2026-34938 lets attackers escape PraisonAI's three-layer Python sandbox to execute arbitrary OS commands. CVSS 10 — patch to version 1.5.90 immediately.

CVE-2026-32746 (CVSS 9.8) in GNU InetUtils telnetd enables unauthenticated root RCE via buffer overflow. FreeBSD, NetBSD, Citrix NetScaler affected.

Trend Micro ZDI disclosed a CVSS 9.8 flaw enabling device takeover via animated stickers. Telegram says the vulnerability doesn't exist. No patch until July 2026.

CVE-2026-21643 exploitation began March 26, six weeks after Fortinet's patch. Around 1,000 internet-exposed EMS instances remain vulnerable to unauthenticated RCE.

CVE-2026-33660 (CVSS 9.4) lets authenticated users escape n8n's AlaSQL sandbox via the Merge node. Over 615,000 public instances potentially vulnerable.

Critical deserialization flaw CVE-2026-4681 in PTC Windchill and FlexPLM threatens manufacturing sector. German federal police dispatched to warn companies of imminent exploitation.

n8n patches CVE-2026-27577, CVE-2026-27493, and two more sandbox escapes. One flaw allows unauthenticated attackers to execute commands via public form endpoints.

Three vulnerabilities in AVideo's CloneSite plugin chain together for unauthenticated remote code execution. CVE-2026-33478 has no patch available as attackers can extract admin credentials and inject OS commands.

CVE-2026-21992 scores CVSS 9.8 and allows unauthenticated remote code execution on Oracle Identity Manager and Web Services Manager. Patch immediately.

Veeam releases emergency patches for five critical RCE vulnerabilities (CVSS 9.9) affecting Backup & Replication. Domain users can fully compromise backup servers.

CVE-2025-68613 allows authenticated attackers to execute arbitrary code on n8n workflow servers. CISA gives federal agencies until March 25 to patch.

Critical command injection and SQL bypass vulnerabilities in Tencent's WeKnora LLM framework allow unauthenticated RCE. Patch to versions 0.2.10 and 0.2.12 now.

CVE-2026-28289 allows unauthenticated attackers to achieve full server compromise by sending a single crafted email. CVSS 10.0—patch to 1.8.207 now.

Critical insecure deserialization vulnerability in U-Office Force allows remote attackers to execute arbitrary code without authentication. CVSS 9.8, no patch available yet.

Critical CVE-2026-21902 in Junos OS Evolved allows remote attackers to gain root access on PTX routers via exposed anomaly detection service. Patch now.

CVE-2026-2251 is a CVSS 9.8 path traversal vulnerability in Xerox FreeFlow Core that enables unauthenticated remote code execution. Upgrade to version 8.1.0 now.

CVE-2025-40540 is a critical type confusion vulnerability in SolarWinds Serv-U with CVSS 9.1. Attackers with admin access can execute arbitrary code.

New n8n RCE flaw bypasses December patch through type confusion. CVSS 9.4 vulnerability enables unauthenticated command execution via malicious workflows.

CVE-2026-21643 allows unauthenticated attackers to chain SQL injection with command execution in FortiClient EMS. CVSS 9.8 affects version 7.4.4—upgrade to 7.4.5 immediately.

CVE-2026-1731 allows unauthenticated remote code execution on BeyondTrust Remote Support and Privileged Remote Access products. CVSS 9.9 vulnerability affects 11,000+ exposed instances.

CVE-2026-22778 chains a heap leak and buffer overflow in vLLM's video processing to achieve full RCE on AI inference servers. Patch to 0.14.1 now.

CVE-2026-25049 bypasses n8n's previous sandbox fix to enable system command execution. Four additional vulnerabilities disclosed simultaneously.

Tenable discloses 'LookOut' vulnerabilities in Google Looker enabling remote code execution and full database theft. Self-hosted deployments at 60,000+ organizations exposed.

CVE-2025-8110 allows authenticated attackers to achieve RCE on self-hosted Git servers via path traversal. Over 700 instances already compromised.

JFrog researchers develop working remote code execution exploit for CVE-2025-62507, a stack buffer overflow in Redis discovered by Google's AI security agent.

Deserialization bugs and authentication bypasses enable unauthenticated RCE. Attackers have targeted WHD vulnerabilities before.

CVE-2025-15467 allows attackers to crash or compromise systems by sending malicious CMS messages. All AI-discovered in OpenSSL's largest coordinated security release.

JFrog discloses CVE-2026-1470 and CVE-2026-0863 in workflow automation platform. Both vulnerabilities enable authenticated remote code execution.

CVE-2026-22844 allowed meeting participants to execute arbitrary code on Zoom's on-premises multimedia routers. No active exploitation reported yet.

CVE-2025-68668 bypasses Python code restrictions in workflow automation platform. CVSS 9.9 flaw affects versions 1.0.0 through 1.x.

CVE-2025-64155 in Fortinet's SIEM product enables unauthenticated command injection via phMonitor service. CVSS 9.4, patches now available.

Five critical vulnerabilities in the self-hosting platform allow authenticated users to execute arbitrary commands as root. Over 52,000 instances are exposed globally.

CVE-2026-21858 scores CVSS 10.0 and requires no credentials to exploit. Attackers can read files, forge admin sessions, and execute commands.

CVE-2026-0625 allows unauthenticated remote code execution on legacy DSL routers. Affected models reached end-of-life in 2020 and won't receive fixes.

CVE-2025-66398 lets unauthenticated attackers achieve code execution on boat navigation servers. CVSS 9.6 vulnerability affects all versions before 2.19.0.

Singapore's CSA warns of a critical SmarterMail vulnerability allowing remote code execution through file upload without authentication. Patch immediately.

CVE-2025-68613 in the workflow automation platform scores CVSS 9.9 with public PoC code now available. Patch to version 1.122.0 immediately.

CVE-2025-55182 exploitation escalates as Weaxor ransomware operators use critical React Server Components flaw for initial access across 60+ organizations.

CVE-2025-37164 allows unauthenticated remote code execution against HPE OneView infrastructure management platforms running versions prior to 11.00.