Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1020 CNY

100%
Buy Us a Coffee

type:rce — CVE vulnerabilities tagged 12379

12379 CVE security advisories tagged "type:rce" with AI Chinese analysis, CVSS, references and POCs.

The tag "type:rce" identifies vulnerabilities classified as Remote Code Execution, a critical security flaw allowing attackers to execute arbitrary commands on a target system over a network without prior authentication. This class matters profoundly because it often grants full control over the affected machine, enabling data theft, system compromise, or lateral movement within an organization’s infrastructure. Typical scenarios involve exploiting flaws in web applications, network services, or APIs where input validation is insufficient, allowing malicious payloads to bypass security controls. With over twelve thousand such CVEs documented, RCE remains a persistent threat vector, highlighting the urgent need for rigorous input sanitization, secure coding practices, and continuous monitoring to prevent unauthorized access and mitigate severe operational disruptions across diverse digital environments.

CVE IDTitleCVSSSeverityPublished
CVE-2026-22554 MediaInfoLib通道分裂堆溢出漏洞 — MediaInfoLibCWE-122 7.8 High2026-05-20
CVE-2026-8467 Unauthenticated remote code execution via HEEx template injection in phoenix_storybook playground — phoenix_storybookCWE-94--2026-05-20
CVE-2026-3593 Heap use-after-free vulnerability in BIND 9 DNS-over-HTTPS implementation — BIND 9CWE-416 7.4 High2026-05-20
CVE-2026-33278 Possible arbitrary code execution during DNSSEC validation — UnboundCWE-416--2026-05-20
CVE-2026-24163 NVIDIA TRT-LLM反序列化漏洞 — TensorRT-LLMCWE-502 7.5 High2026-05-20
CVE-2026-7637 Boost <= 2.0.3 - Unauthenticated PHP Object Injection via STYXKEY-BOOST_USER_LOCATION Cookie — BoostCWE-502 9.8 Critical2026-05-20
CVE-2026-6555 ProSolution WP Client <= 2.0.0 - Unauthenticated Arbitrary File Upload via 'files' — ProSolution WP ClientCWE-434 9.8 Critical2026-05-20
CVE-2026-35593 Trilium Notes has Local File Inclusion via upload modified file API endpoint — TriliumCWE-22 6.8 Medium2026-05-19
CVE-2026-34234 CtrlPanel: Unauthenticated RCE using installer script — panelCWE-78 10.0 Critical2026-05-19
CVE-2026-34216 CtrlPanel: Authenticated Remote Code Execution via Dynamic Class Instantiation in SettingsController.php — panelCWE-470 6.6 Medium2026-05-19
CVE-2026-33633 Kitty has a Heap Buffer Overflow in its Graphics Protocol Handler — kittyCWE-122 7.5 High2026-05-19
CVE-2026-6009 Jaspersoft Library Deserialisation Vulnerability — JasperReports Library Community EditionCWE-502--2026-05-19
CVE-2026-2586 GlassFish管理控制台认证绕过导致远程代码执行 — Eclipse GlassfishCWE-94 9.1 Critical2026-05-19
CVE-2026-8711 NGINX JavaScript vulnerability — NGINX JavaScriptCWE-122 8.1 High2026-05-19
CVE-2026-2587 Glassfish服务端模板渲染RCE漏洞 — Eclipse GlassfishCWE-917 9.6 Critical2026-05-19
CVE-2026-47100 Funnel Builder for WooCommerce Checkout < 3.15.0.3 Missing Authorization via AJAX — Funnel Builder for WooCommerce CheckoutCWE-862 7.5 High2026-05-19
CVE-2026-42099 Race Condition in Sparx Pro Cloud Server — Pro Cloud ServerCWE-362--2026-05-19
CVE-2026-8975 Memory safety bugs fixed in Thunderbird 140.11 and Thunderbird 151 — Firefox--2026-05-19
CVE-2026-8974 Memory safety bugs fixed in Thunderbird 140.11 and Thunderbird 151 — Firefox--2026-05-19
CVE-2026-47323 Apache Camel: Camel-CXF Message Header Injection via Missing Inbound Filtering — Apache CamelCWE-178--2026-05-19
CVE-2026-4883 Piotnet Forms <= 2.1.40 - Unauthenticated Arbitrary File Upload via Form File Upload — Piotnet FormsCWE-434 9.8 Critical2026-05-19
CVE-2026-46586 Apache OFBiz: Improper Validation in traverseContent Service Enables Authenticated Groovy Code Execution — Apache OFBizCWE-94--2026-05-19
CVE-2026-45434 Apache OFBiz: Authentication Bypass via Password-Change Logic Flaw Leading to RCE — Apache OFBizCWE-287--2026-05-19
CVE-2026-46725 Remote Code Execution in extension "Content Element Selector" (ceselector) — Extension "Content Element Selector"CWE-502--2026-05-19
CVE-2026-8727 Remote Code Execution in extension "Site Crawler" (crawler) — Extension "Site Crawler"CWE-502--2026-05-19
CVE-2026-4885 Piotnet Addons for Elementor Pro <= 7.1.70 - Unauthenticated Arbitrary File Upload via Form File Upload — Piotnet Addons For Elementor ProCWE-434 9.8 Critical2026-05-19
CVE-2026-47311 Escargot堆缓冲区溢出漏洞 — EscargotCWE-122 7.8 High2026-05-19
CVE-2026-33233 AutoGPT Platform: Remote Code Execution via Unsafe Pickle Deserialization of Redis Cache Entries — AutoGPTCWE-502 7.6 High2026-05-19
CVE-2026-31072 APScheduler反序列化漏洞致RCE — n/a--2026-05-19
CVE-2026-27891 Remote Code Execution (RCE) via Zip Slip in Plugin Upload Mechanism — facturascriptsCWE-20 7.2 High2026-05-18

Vulnerabilities classified as type:rce represent 12379 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.