rce
rce
- GHSA-q6xx-5vr8-p898 - Nezha WebSocket stream ownership bypass
- CVE-2025-71336 - Flowise Custom MCP auth bypass RCE
- CVE-2026-45051 - OpenAM WebAuthn deserialization RCE
- CVE-2026-6933 - Premmerce Dev Tools plugin creation RCE
- CVE-2026-53633 - Vitest Browser Mode CDP API RCE
- CVE-2026-48062 - CodeIgniter4 ext_in upload validation bypass
- CVE-2026-54090 - File Browser shell metacharacter command injection
- GHSA-gv7w-rqvm-qjhr - esbuild Deno binary integrity RCE
- CVE-2025-11953 - React Native CLI Metro command injection
- CVE-2025-12735 - expr-eval context function RCE
- CVE-2025-3248 - Langflow validate/code unauthenticated RCE
- CVE-2025-49596 - MCP Inspector proxy unauthenticated RCE
- CVE-2025-53967 - Framelink Figma MCP curl command injection
- CVE-2025-55182 - React Server Components RCE
- CVE-2025-6514 - mcp-remote OAuth command injection
- CVE-2026-5058 - aws-mcp-server command injection RCE
- CVE-2026-27494 - n8n Python Code node sandbox escape
- CVE-2026-24425 - Twig SourcePolicyInterface callback bypass
- CVE-2026-27606 - Rollup path traversal arbitrary write
- CVE-2026-27893 - vLLM trust_remote_code bypass
- CVE-2026-33696 - n8n GSuiteAdmin prototype pollution RCE
- CVE-2026-44181 - Jupyter Enterprise Gateway Jinja2 SSTI RCE
- CVE-2026-44632 - Yamcs Janino expression RCE
- CVE-2026-45505 - Apache ActiveMQ Jolokia discovery wrapper bypass
- CVE-2026-46640 - Twig macro-reference compilation RCE
- CVE-2026-47391 - PraisonAI A2A eval tool RCE
- CVE-2026-47668 - DbGate JSON script runner unauthenticated RCE
- CVE-2026-47669 - DbGate archive unzip arbitrary write RCE
- CVE-2026-47670 - DbGate loadReader dynamic import RCE
- CVE-2026-49143 - browserstack-runner log handler RCE
- CVE-2026-25049 - n8n expression escape RCE
- CVE-2026-30861 - WeKnora MCP stdio command injection
- CVE-2026-42211 - React Router Framework Mode deserialization RCE
- CVE-2026-47428 - Vitest browser otelCarrier token RCE
- CVE-2026-47429 - Vitest UI API file read and RCE
- CVE-2026-48017 - DbGate loadReader functionName RCE
- CVE-2026-45395 - Open WebUI tool update authorization RCE
- GHSA-m99r-2hxc-cp3q - Flowise MCP security bypass RCE
- CVE-2026-43898 - SandboxJS Function.caller sandbox escape
- CVE-2026-44477 - CloudNativePG metrics exporter RCE
- GHSA-6xcp-7mpr-m7wm - Open WebUI CORS and session RCE chain
- CVE-2026-45033 - GitHub Copilot CLI nested bare repo RCE
- CVE-2026-40933 - Flowise MCP adapter command execution
- CVE-2026-42601 - ArchiveBox AddView config override RCE
- CVE-2026-41265 - Flowise Airtable Agent code injection RCE
- CVE-2026-41507 - math-codegen string literal RCE
- CVE-2026-42231 - n8n XML webhook prototype pollution RCE
- CVE-2026-42232 - n8n XML node prototype pollution RCE
- CVE-2026-42779 - Apache MINA resolveClass deserialization RCE
- CVE-2025-60455 - Modular Max Serve unsafe deserialization
- CVE-2026-24159 — NVIDIA NeMo deserialization RCE
- CVE-2026-24164 — NVIDIA BioNeMo deserialization RCE
- CVE-2026-33824 — Windows IKEv2 remote code execution
- CVE-2026-39987 — Marimo pre-auth RCE
- CVE-2026-5760 — SGLang GGUF template RCE
- CVE-2014-6271 — Shellshock
- CVE-2021-44228 — Log4Shell
- CVE-2024-6387 — regreSSHion