High
CVE-2025-0586
The a+HRD from aEnrich Technology has an Insecure Deserialization vulnerability, allowing remote attackers with database modification privileges and regular system privileges to perform arbitrary cod…
Tag: Remote Code Execution
All CVEs associated with "Remote Code Execution". Page 49/345 • 41325 CVEs.
Subscribe CVEs: RSS for “Remote Code Execution” · RSS (High+Critical only)
About “Remote Code Execution”
A curated feed of “Remote Code Execution”-related CVEs appears below. We currently track 41325 CVEs for this tag (all time). In the last 365 days, 4660 were published. Average CVSS is 8.3 (all time; 8.2 over 365d), and 86% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-94 - Improper Control of Generation of Code ('Code Injection'), CWE-434 - Unrestricted Upload of File with Dangerous Type, CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection').
In our taxonomy this topic maps to a VERY HIGH impact class. Common exploitation patterns for this weakness can lead to very high. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2025-01-20
2025-01-18
High
CVE-2025-23209
Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. This is an remote code execution (RCE) vulnerability that affects Craft 4 and 5 installs where yo…
High
CVE-2023-50739
A buffer overflow vulnerability has been identified in the Internet Printing Protocol (IPP) in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code.
High
CVE-2018-9389
In ip6_append_data of ip6_output.c, there is a possible way to achieve code execution due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution priv…
2025-01-17
High
CVE-2025-21606
stats is a macOS system monitor in for the menu bar. The Stats application is vulnerable to a local privilege escalation due to the insecure implementation of its XPC service. The application registe…
Critical
CVE-2024-13503
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Newtec NTC2218, NTC2250, NTC2299 on Linux, PowerPC, ARM (Updating signaling process in the swdownload binary mo…
High
CVE-2024-12703
CWE-502: Deserialization of untrusted data vulnerability exists that could lead to loss of confidentiality, integrity and potential remote code execution on workstation when a non-admin authenticated…
High
CVE-2024-12476
CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure, impacts workstation integrity and potential remote code execution on the c…
Medium
CVE-2024-11139
CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could allow local attackers to exploit these issues to potentially execute arbitrary code wh…
High
CVE-2024-13333
The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fma_local_file_system' function in versions 5.2.12 to 5.2.13. This m…
High
CVE-2024-34579
Fuji Electric Alpha5 SMART is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code.
2025-01-16
Medium
CVE-2024-40513
An issue in themesebrand Chatvia v.5.3.2 allows a remote attacker to execute arbitrary code via the User profile Upload image function.
High
CVE-2024-54660
A JNDI injection issue was discovered in Cloudera JDBC Connector for Hive before 2.6.26 and JDBC Connector for Impala before 2.6.35. Attackers can inject malicious parameters into the JDBC URL, trigg…
Medium
CVE-2024-13355
The Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin for WordPress is vulnerable to limited file uploads due to insufficient file type validation in the upload_file() functi…
2025-01-15
High
CVE-2025-22976
SQL Injection vulnerability in dingfanzuCMS v.1.0 allows a local attacker to execute arbitrary code via not filtering the content correctly at the "checkOrder.php" shopId module.
High
CVE-2024-57728
SimpleHelp remote support software v5.5.7 and before allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e. zip slip). This can be exploited to…
Low
CVE-2024-55503
An issue in termius before v.9.9.0 allows a local attacker to execute arbitrary code via a crafted script to the DYLD_INSERT_LIBRARIES component.
Medium
CVE-2024-41454
An arbitrary file upload vulnerability in the UI login page logo upload function of Process Maker pm4core-docker 4.1.21-RC7 allows attackers to execute arbitrary code via uploading a crafted PHP or H…
High
CVE-2024-48123
An issue in the USB Autorun function of HI-SCAN 6040i Hitrax HX-03-19-I allows attackers to execute arbitrary code via uploading a crafted script from a USB device.
High
CVE-2024-40771
The issue was addressed with improved memory handling. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7, t…
High
CVE-2024-27856
The issue was addressed with improved checks. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. Pro…
Medium
CVE-2024-52783
Insecure permissions in the XNetSocketClient component of XINJE XDPPro.exe v3.2.2 to v3.7.17c allows attackers to execute arbitrary code via modification of the configuration file.
Critical
CVE-2025-22968
An issue in D-Link DWR-M972V 1.05SSG allows a remote attacker to execute arbitrary code via SSH using root account without restrictions
High
CVE-2024-47140
A cross-site scripting (xss) vulnerability exists in the add_alert_check page of Observium CE 24.4.13528. A specially crafted HTTP request can lead to a arbitrary javascript code execution. An authen…
High
CVE-2024-45061
A cross-site scripting (xss) vulnerability exists in the weather map editor functionality of Observium CE 24.4.13528. A specially crafted HTTP request can lead to a arbitrary javascript code executio…
Medium
CVE-2025-22394
Dell Display Manager, versions prior to 2.3.2.18, contain a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability. A low privileged attacker with local access could potentially exploit this…
High
CVE-2024-57761
An arbitrary file upload vulnerability in the parserXML() method of JeeWMS before v2025.01.01 allows attackers to execute arbitrary code via uploading a crafted file.
2025-01-14
High
CVE-2024-42911
ECOVACS Robotics Deebot T20 OMNI and T20e OMNI before 1.24.0 was discovered to contain a WiFi Remote Code Execution vulnerability.
Critical
CVE-2024-48760
An issue in GestioIP v3.5.7 allows a remote attacker to execute arbitrary code via the file upload function. The attacker can upload a malicious perlcmd.cgi file that overwrites the original upload.c…
High
CVE-2025-21139
Substance3D - Designer versions 14.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitat…
High
CVE-2025-21138
Substance3D - Designer versions 14.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of…
High
CVE-2025-21137
Substance3D - Designer versions 14.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitat…
High
CVE-2025-21136
Substance3D - Designer versions 14.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of…
High
CVE-2025-21135
Animate versions 24.0.6, 23.0.9 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. E…
High
CVE-2024-55921
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is…
High
CVE-2025-21134
Illustrator on iPad versions 3.0.7 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user…
High
CVE-2025-21133
Illustrator on iPad versions 3.0.7 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user…
High
CVE-2025-21132
Substance3D - Stager versions 3.0.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of…
High
CVE-2025-21131
Substance3D - Stager versions 3.0.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of…
High
CVE-2025-21130
Substance3D - Stager versions 3.0.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of…
High
CVE-2025-21129
Substance3D - Stager versions 3.0.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitati…
High
CVE-2025-21128
Substance3D - Stager versions 3.0.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitat…
High
CVE-2025-21127
Photoshop Desktop versions 25.12, 26.1 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could lead to arbitrary code execution. An attacker could manipulate the sear…
High
CVE-2025-21122
Photoshop Desktop versions 25.12, 26.1 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current…
Critical
CVE-2024-49375
Open source machine learning framework. A vulnerability has been identified in Rasa that enables an attacker who has the ability to load a maliciously crafted model remotely into a Rasa instance to a…
High
CVE-2025-21417
Windows Telephony Service Remote Code Execution Vulnerability
High
CVE-2025-21413
Windows Telephony Service Remote Code Execution Vulnerability
High
CVE-2025-21411
Windows Telephony Service Remote Code Execution Vulnerability
High
CVE-2025-21409
Windows Telephony Service Remote Code Execution Vulnerability
High
CVE-2025-21402
Microsoft Office OneNote Remote Code Execution Vulnerability
High
CVE-2025-21395
Microsoft Access Remote Code Execution Vulnerability
High
CVE-2025-21366
Microsoft Access Remote Code Execution Vulnerability
High
CVE-2025-21365
Microsoft Office Remote Code Execution Vulnerability
High
CVE-2025-21363
Microsoft Word Remote Code Execution Vulnerability
High
CVE-2025-21362
Microsoft Excel Remote Code Execution Vulnerability
High
CVE-2025-21361
Microsoft Outlook Remote Code Execution Vulnerability
Medium
CVE-2025-21357
Microsoft Outlook Remote Code Execution Vulnerability
High
CVE-2025-21356
Microsoft Office Visio Remote Code Execution Vulnerability
High
CVE-2025-21354
Microsoft Excel Remote Code Execution Vulnerability
High
CVE-2025-21348
Microsoft SharePoint Server Remote Code Execution Vulnerability
High
CVE-2025-21345
Microsoft Office Visio Remote Code Execution Vulnerability
High
CVE-2025-21344
Microsoft SharePoint Server Remote Code Execution Vulnerability
High
CVE-2025-21339
Windows Telephony Service Remote Code Execution Vulnerability
High
CVE-2025-21338
GDI+ Remote Code Execution Vulnerability
High
CVE-2025-21326
Internet Explorer Remote Code Execution Vulnerability
High
CVE-2025-21309
Windows Remote Desktop Services Remote Code Execution Vulnerability
Critical
CVE-2025-21307
Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability
High
CVE-2025-21306
Windows Telephony Service Remote Code Execution Vulnerability
High
CVE-2025-21305
Windows Telephony Service Remote Code Execution Vulnerability
High
CVE-2025-21303
Windows Telephony Service Remote Code Execution Vulnerability
High
CVE-2025-21302
Windows Telephony Service Remote Code Execution Vulnerability
Critical
CVE-2025-21298
Windows OLE Remote Code Execution Vulnerability
High
CVE-2025-21297
Windows Remote Desktop Services Remote Code Execution Vulnerability
High
CVE-2025-21296
BranchCache Remote Code Execution Vulnerability
High
CVE-2025-21295
SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability
High
CVE-2025-21294
Microsoft Digest Authentication Remote Code Execution Vulnerability
High
CVE-2025-21291
Windows Direct Show Remote Code Execution Vulnerability
High
CVE-2025-21286
Windows Telephony Service Remote Code Execution Vulnerability
High
CVE-2025-21282
Windows Telephony Service Remote Code Execution Vulnerability
High
CVE-2025-21273
Windows Telephony Service Remote Code Execution Vulnerability
High
CVE-2025-21266
Windows Telephony Service Remote Code Execution Vulnerability
High
CVE-2025-21252
Windows Telephony Service Remote Code Execution Vulnerability
High
CVE-2025-21250
Windows Telephony Service Remote Code Execution Vulnerability
High
CVE-2025-21248
Windows Telephony Service Remote Code Execution Vulnerability
High
CVE-2025-21246
Windows Telephony Service Remote Code Execution Vulnerability
High
CVE-2025-21245
Windows Telephony Service Remote Code Execution Vulnerability
High
CVE-2025-21244
Windows Telephony Service Remote Code Execution Vulnerability
High
CVE-2025-21243
Windows Telephony Service Remote Code Execution Vulnerability
High
CVE-2025-21241
Windows Telephony Service Remote Code Execution Vulnerability
High
CVE-2025-21240
Windows Telephony Service Remote Code Execution Vulnerability
High
CVE-2025-21239
Windows Telephony Service Remote Code Execution Vulnerability
High
CVE-2025-21238
Windows Telephony Service Remote Code Execution Vulnerability
High
CVE-2025-21237
Windows Telephony Service Remote Code Execution Vulnerability
High
CVE-2025-21236
Windows Telephony Service Remote Code Execution Vulnerability
High
CVE-2025-21233
Windows Telephony Service Remote Code Execution Vulnerability
High
CVE-2025-21224
Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability
High
CVE-2025-21223
Windows Telephony Service Remote Code Execution Vulnerability
High
CVE-2025-21187
Microsoft Power Automate Remote Code Execution Vulnerability
High
CVE-2025-21186
Microsoft Access Remote Code Execution Vulnerability
High
CVE-2025-21178
Visual Studio Remote Code Execution Vulnerability
High
CVE-2025-21176
.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
High
CVE-2025-21172
.NET and Visual Studio Remote Code Execution Vulnerability
High
CVE-2025-21171
.NET Remote Code Execution Vulnerability
High
CVE-2024-13172
Improper signature verification in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code ex…
High
CVE-2024-13171
Insufficient filename validation in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code e…
High
CVE-2024-13163
Deserialization of untrusted data in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code…
High
CVE-2024-13162
SQL injection in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote authenticated attacker with admin privileges to achieve remote code…
High
CVE-2024-13158
An unbounded resource search path in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote authenticated attacker with admin privileges to…
High
CVE-2024-53561
A remote code execution (RCE) vulnerability in Arcadyan Meteor 2 CPE FG360 Firmware ETV2.10 allows attackers to execute arbitrary code via a crafted request.
Critical
CVE-2024-39783
Multiple OS command injection vulnerabilities exist in the adm.cgi sch_reboot() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a arbitrary code execu…
Critical
CVE-2024-39782
Multiple OS command injection vulnerabilities exist in the adm.cgi sch_reboot() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a arbitrary code execu…
Critical
CVE-2024-39781
Multiple OS command injection vulnerabilities exist in the adm.cgi sch_reboot() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a arbitrary code execu…
Critical
CVE-2024-39761
Multiple OS command injection vulnerabilities exist in the login.cgi set_sys_init() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code exe…
Critical
CVE-2024-39760
Multiple OS command injection vulnerabilities exist in the login.cgi set_sys_init() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code exe…
Critical
CVE-2024-39759
Multiple OS command injection vulnerabilities exist in the login.cgi set_sys_init() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code exe…
Critical
CVE-2024-39370
An arbitrary code execution vulnerability exists in the adm.cgi set_MeshAp() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution.…
Critical
CVE-2024-39367
An os command injection vulnerability exists in the firewall.cgi iptablesWebsFilterRun() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary cod…
Critical
CVE-2024-39360
An os command injection vulnerability exists in the nas.cgi remove_dir() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An…
Critical
CVE-2024-37186
An os command injection vulnerability exists in the adm.cgi set_ledonoff() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. A…
Critical
CVE-2024-36258
A stack-based buffer overflow vulnerability exists in the touchlist_sync.cgi touchlistsync() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary…