https://appsec.fyi/rce.html Curated RCE resources from appsec.fyi en-us Sun, 12 Apr 2026 04:12:19 +0000 carl@chs.us (Carl Sampson) https://www.thehackerwire.com/u-office-force-critical-rce-via-insecure-deserialization-cve-2026-3422/ https://www.thehackerwire.com/u-office-force-critical-rce-via-insecure-deserialization-cve-2026-3422/ U-Office Force Critical RCE via Insecure Deserialization (CVE-2026-3422) RCE Fri, 10 Apr 2026 01:38:30 +0000 https://www.thehackerwire.com/ibm-langflow-desktop-rce-via-insecure-deserialization/ https://www.thehackerwire.com/ibm-langflow-desktop-rce-via-insecure-deserialization/ IBM Langflow Desktop RCE via Insecure Deserialization RCE Fri, 10 Apr 2026 01:38:29 +0000 https://www.upwind.io/feed/cve-2026-21858-n8n-unauthenticated-rce https://www.upwind.io/feed/cve-2026-21858-n8n-unauthenticated-rce CVE-2026-21858: Ni8mare Enables Unauthenticated RCE in n8n Webhooks RCE Fri, 10 Apr 2026 01:38:29 +0000 https://research.jfrog.com/post/potential-rce-vulnerabilityin-openssl-cve-2025-15467/ https://research.jfrog.com/post/potential-rce-vulnerabilityin-openssl-cve-2025-15467/ Potentially Critical RCE in OpenSSL (CVE-2025-15467) RCE Fri, 10 Apr 2026 01:38:28 +0000 https://www.thehackerwire.com/wazuh-rce-via-deserialization-of-untrusted-data-cve-2026-25769/ https://www.thehackerwire.com/wazuh-rce-via-deserialization-of-untrusted-data-cve-2026-25769/ Wazuh RCE via Deserialization of Untrusted Data (CVE-2026-25769) RCE Fri, 10 Apr 2026 01:38:27 +0000 https://www.akamai.com/blog/security-research/cve-2025-55182-react-nextjs-server-functions-deserialization-rce https://www.akamai.com/blog/security-research/cve-2025-55182-react-nextjs-server-functions-deserialization-rce CVE-2025-55182: React and Next.js Deserialization RCE Deep Dive RCE Fri, 10 Apr 2026 01:38:27 +0000 https://blog.qualys.com/product-tech/2025/12/04/active-exploitation-of-7-zip-rce-vulnerability-shows-why-manual-patching-is-no-longer-an-option https://blog.qualys.com/product-tech/2025/12/04/active-exploitation-of-7-zip-rce-vulnerability-shows-why-manual-patching-is-no-longer-an-option Active Exploitation of 7-Zip RCE Vulnerability RCE Fri, 10 Apr 2026 01:38:26 +0000 https://securityboulevard.com/2025/12/update-on-react-server-components-rce-vulnerability-cve-2025-55182-cve-2025-66478/ https://securityboulevard.com/2025/12/update-on-react-server-components-rce-vulnerability-cve-2025-55182-cve-2025-66478/ Update on React Server Components RCE (CVE-2025-55182 / CVE-2025-66478) RCE Fri, 10 Apr 2026 01:38:25 +0000 https://www.crowdsec.net/vulntracking-report/cve-2025-34291 https://www.crowdsec.net/vulntracking-report/cve-2025-34291 CVE-2025-34291 Exploited in the Wild: LangFlow AI Under Fire RCE Fri, 10 Apr 2026 01:38:24 +0000 https://orca.security/resources/blog/new-runc-vulnerabilities-allow-container-escape/ https://orca.security/resources/blog/new-runc-vulnerabilities-allow-container-escape/ New runC Vulnerabilities Expose Docker and Kubernetes to Container Escape RCE Fri, 10 Apr 2026 01:38:24 +0000 https://www.oligo.security/blog/safe-by-default-or-vulnerable-by-design-golang-server-side-template-injection https://www.oligo.security/blog/safe-by-default-or-vulnerable-by-design-golang-server-side-template-injection What Is SSTI in Golang? Server-Side Template Injection Security RCE Fri, 10 Apr 2026 01:38:23 +0000 https://github.com/Nxploited/CVE-2025-39601 https://github.com/Nxploited/CVE-2025-39601 CVE-2025-39601: WordPress Custom CSS, JS and PHP Plugin CSRF to RCE RCE Fri, 10 Apr 2026 01:38:22 +0000 https://hadrian.io/blog/cve-2025-7384-critical-wordpress-plugin-unauthenticated-rce https://hadrian.io/blog/cve-2025-7384-critical-wordpress-plugin-unauthenticated-rce CVE-2025-7384: Critical WordPress Plugin Unauthenticated RCE RCE Fri, 10 Apr 2026 01:38:21 +0000 https://thehackernews.com/2025/12/sneeit-wordpress-rce-exploited-in-wild.html https://thehackernews.com/2025/12/sneeit-wordpress-rce-exploited-in-wild.html Sneeit WordPress RCE Exploited in the Wild RCE Fri, 10 Apr 2026 01:38:21 +0000 https://www.thehackerwire.com/critical-pre-auth-rce-in-churchcrm-setup-wizard/ https://www.thehackerwire.com/critical-pre-auth-rce-in-churchcrm-setup-wizard/ Critical Pre-Auth RCE in ChurchCRM Setup Wizard RCE Fri, 10 Apr 2026 01:38:20 +0000 https://orca.security/resources/blog/cve-2026-21858-n8n-rce-vulnerability/ https://orca.security/resources/blog/cve-2026-21858-n8n-rce-vulnerability/ Critical Unauthenticated RCE in n8n (CVE-2026-21858, CVSS 10.0) RCE Fri, 10 Apr 2026 01:38:19 +0000 https://medium.com/h7w/tryhackme-spring-ai-cve-2026-22738-writeup-354db657d620 https://medium.com/h7w/tryhackme-spring-ai-cve-2026-22738-writeup-354db657d620 TryHackMe Spring AI: CVE-2026-22738 RCE Writeup RCE Fri, 10 Apr 2026 01:38:18 +0000 https://www.bleepingcomputer.com/news/security/dangerous-runc-flaws-could-allow-hackers-to-escape-docker-containers/ https://www.bleepingcomputer.com/news/security/dangerous-runc-flaws-could-allow-hackers-to-escape-docker-containers/ Dangerous runC Flaws Allow Hackers to Escape Docker Containers RCE Fri, 10 Apr 2026 01:38:18 +0000 https://www.cncf.io/blog/2025/11/28/runc-container-breakout-vulnerabilities-a-technical-overview/ https://www.cncf.io/blog/2025/11/28/runc-container-breakout-vulnerabilities-a-technical-overview/ runC Container Escape Vulnerabilities: A Technical Overview RCE Fri, 10 Apr 2026 01:38:17 +0000 https://www.sysdig.com/blog/runc-container-escape-vulnerabilities https://www.sysdig.com/blog/runc-container-escape-vulnerabilities New runC Vulnerabilities Allow Container Escape in Docker and Kubernetes RCE Fri, 10 Apr 2026 01:38:16 +0000 https://www.csoonline.com/article/4151203/attackers-exploit-critical-langflow-rce-within-hours-as-cisa-sounds-alarm.html https://www.csoonline.com/article/4151203/attackers-exploit-critical-langflow-rce-within-hours-as-cisa-sounds-alarm.html Attackers Exploit Critical Langflow RCE as CISA Sounds Alarm RCE Fri, 10 Apr 2026 01:38:16 +0000 https://www.sysdig.com/blog/cve-2026-33017-how-attackers-compromised-langflow-ai-pipelines-in-20-hours https://www.sysdig.com/blog/cve-2026-33017-how-attackers-compromised-langflow-ai-pipelines-in-20-hours CVE-2026-33017: How Attackers Compromised Langflow AI Pipelines in 20 Hours RCE Fri, 10 Apr 2026 01:38:15 +0000 https://www.zscaler.com/blogs/security-research/cve-2025-3248-rce-vulnerability-langflow https://www.zscaler.com/blogs/security-research/cve-2025-3248-rce-vulnerability-langflow CVE-2025-3248: RCE Vulnerability in Langflow RCE Fri, 10 Apr 2026 01:38:14 +0000 https://www.resecurity.com/blog/article/react2shell-explained-cve-2025-55182-from-vulnerability-discovery-to-exploitation https://www.resecurity.com/blog/article/react2shell-explained-cve-2025-55182-from-vulnerability-discovery-to-exploitation React2Shell Explained: From Vulnerability Discovery to Exploitation RCE Fri, 10 Apr 2026 01:38:13 +0000 https://www.sentinelone.com/blog/protecting-against-critical-react2shell-rce-exposure/ https://www.sentinelone.com/blog/protecting-against-critical-react2shell-rce-exposure/ Protecting Against the Critical React2Shell RCE Exposure RCE Fri, 10 Apr 2026 01:38:12 +0000 https://hunt.io/blog/react2shell-cve-2025-55182-nextjs-nodejs-rce https://hunt.io/blog/react2shell-cve-2025-55182-nextjs-nodejs-rce React2Shell: Node.js RCE Against a Production Next.js App RCE Fri, 10 Apr 2026 01:38:12 +0000 https://www.resecurity.com/blog/article/cve-2025-68613-remote-code-execution-via-expression-injection-in-n8n-2 https://www.resecurity.com/blog/article/cve-2025-68613-remote-code-execution-via-expression-injection-in-n8n-2 CVE-2025-68613: RCE via Expression Injection in n8n RCE Fri, 10 Apr 2026 01:38:11 +0000 https://thehackernews.com/2026/04/adobe-reader-zero-day-exploited-via.html https://thehackernews.com/2026/04/adobe-reader-zero-day-exploited-via.html Adobe Reader Zero-Day Exploited via Malicious PDFs Since December 2025 RCE Fri, 10 Apr 2026 01:38:10 +0000 https://www.thehackerwire.com/wwbn-avideo-rce-via-persistent-php-file-upload-cve-2026-33717/ https://www.thehackerwire.com/wwbn-avideo-rce-via-persistent-php-file-upload-cve-2026-33717/ WWBN AVideo RCE via Persistent PHP File Upload (CVE-2026-33717) RCE Fri, 10 Apr 2026 01:38:09 +0000 https://www.thehackerwire.com/explorance-blue-rce-via-unrestricted-file-upload/ https://www.thehackerwire.com/explorance-blue-rce-via-unrestricted-file-upload/ Explorance Blue RCE via Unrestricted File Upload RCE Fri, 10 Apr 2026 01:38:09 +0000 https://www.rcesecurity.com/2026/02/when-audits-fail-from-pre-auth-ssrf-to-rce-in-trufusion-enterprise/ https://www.rcesecurity.com/2026/02/when-audits-fail-from-pre-auth-ssrf-to-rce-in-trufusion-enterprise/ From Pre-Auth SSRF to RCE in TruFusion Enterprise RCE Fri, 10 Apr 2026 01:38:08 +0000 https://blog.qualys.com/product-tech/2026/01/15/serverless-security-risks-identity-ssrf-rce https://blog.qualys.com/product-tech/2026/01/15/serverless-security-risks-identity-ssrf-rce Serverless Security Risks 2026: Mitigating SSRF and RCE Threats RCE Fri, 10 Apr 2026 01:38:07 +0000 https://sanderwind.medium.com/intigriti-1025-challenge-ssrf-to-rce-via-file-upload-bypass-8aaa0164ee55 https://sanderwind.medium.com/intigriti-1025-challenge-ssrf-to-rce-via-file-upload-bypass-8aaa0164ee55 Intigriti Challenge: SSRF to RCE via File Upload Bypass RCE Fri, 10 Apr 2026 01:38:07 +0000 https://www.thehackerwire.com/precurio-intranet-portal-4-4-csrf-to-rce-via-file-upload/ https://www.thehackerwire.com/precurio-intranet-portal-4-4-csrf-to-rce-via-file-upload/ Precurio Intranet Portal: CSRF to RCE via File Upload RCE Fri, 10 Apr 2026 01:38:06 +0000 https://www.thehackerwire.com/tiandy-easy7-rce-via-os-command-injection-cve-2026-4585/ https://www.thehackerwire.com/tiandy-easy7-rce-via-os-command-injection-cve-2026-4585/ Tiandy Easy7 RCE via OS Command Injection (CVE-2026-4585) RCE Fri, 10 Apr 2026 01:38:05 +0000 https://github.com/open-metadata/OpenMetadata/security/advisories/GHSA-5f29-2333-h9c7 https://github.com/open-metadata/OpenMetadata/security/advisories/GHSA-5f29-2333-h9c7 OpenMetadata RCE via SSTI in FreeMarker Email Templates RCE Fri, 10 Apr 2026 01:38:04 +0000 https://github.com/airbytehq/airbyte/security/advisories/GHSA-4j3c-fgvx-xgqq https://github.com/airbytehq/airbyte/security/advisories/GHSA-4j3c-fgvx-xgqq RCE in Airbyte via Server-Side Template Injection (SSTI) RCE Fri, 10 Apr 2026 01:38:04 +0000 https://payloadplayground.com/blog/file-upload-vulnerability-testing-bypass-rce https://payloadplayground.com/blog/file-upload-vulnerability-testing-bypass-rce File Upload Vulnerability Testing: Bypassing Filters and Getting RCE RCE Fri, 10 Apr 2026 01:36:55 +0000 https://patchstack.com/articles/critical-lfi-to-rce-vulnerability-in-wp-ghost-plugin-affecting-200k-sites/ https://patchstack.com/articles/critical-lfi-to-rce-vulnerability-in-wp-ghost-plugin-affecting-200k-sites/ Critical LFI to RCE in WP Ghost Plugin Affecting 200k+ Sites RCE Fri, 10 Apr 2026 01:36:54 +0000 https://securityonline.info/critical-langflow-vulnerabilities-rce-file-write-cve-2026-33017/ https://securityonline.info/critical-langflow-vulnerabilities-rce-file-write-cve-2026-33017/ AI Workflows Under Fire: Critical RCE Flaws in Langflow RCE Fri, 10 Apr 2026 01:36:54 +0000 https://medium.com/@dhxrxx/cve-2026-22812-how-i-got-rce-on-a-71k-star-ai-coding-tool-with-zero-authentication-7524fbc3317f https://medium.com/@dhxrxx/cve-2026-22812-how-i-got-rce-on-a-71k-star-ai-coding-tool-with-zero-authentication-7524fbc3317f CVE-2026-22812: RCE on a 71k-Star AI Coding Tool With Zero Auth RCE Fri, 10 Apr 2026 01:36:53 +0000 https://www.endorlabs.com/learn/root-in-one-request-marimos-critical-pre-auth-rce-cve-2026-39987 https://www.endorlabs.com/learn/root-in-one-request-marimos-critical-pre-auth-rce-cve-2026-39987 Root in One Request: Marimo's Critical Pre-Auth RCE (CVE-2026-39987) RCE Fri, 10 Apr 2026 01:36:52 +0000 https://outpost24.com/blog/top-zero-day-exploits-2025/ https://outpost24.com/blog/top-zero-day-exploits-2025/ Lessons From 2025: Zero-Day Exploitation Shaping 2026 RCE Fri, 10 Apr 2026 01:36:51 +0000 https://gbhackers.com/critical-zero-day-rce-flaw-in-networking-devices/ https://gbhackers.com/critical-zero-day-rce-flaw-in-networking-devices/ Critical Zero-Day RCE in Networking Devices Exposes 70,000+ Hosts RCE Fri, 10 Apr 2026 01:36:51 +0000 https://thehackernews.com/2026/01/cisco-patches-zero-day-rce-exploited-by.html https://thehackernews.com/2026/01/cisco-patches-zero-day-rce-exploited-by.html Cisco Patches Zero-Day RCE Exploited by China-Linked APT RCE Fri, 10 Apr 2026 01:36:50 +0000 https://www.wiz.io/blog/wiz-research-redis-rce-cve-2025-49844 https://www.wiz.io/blog/wiz-research-redis-rce-cve-2025-49844 Critical Redis RCE Vulnerability: CVE-2025-49844 RCE Fri, 10 Apr 2026 01:36:49 +0000 https://www.picussecurity.com/resource/blog/cve-2025-59287-explained-wsus-unauthenticated-rce-vulnerability https://www.picussecurity.com/resource/blog/cve-2025-59287-explained-wsus-unauthenticated-rce-vulnerability CVE-2025-59287: WSUS Unauthenticated RCE Vulnerability RCE Fri, 10 Apr 2026 01:36:48 +0000 https://www.wiz.io/blog/ivanti-epmm-rce-vulnerability-chain-cve-2025-4427-cve-2025-4428 https://www.wiz.io/blog/ivanti-epmm-rce-vulnerability-chain-cve-2025-4427-cve-2025-4428 Ivanti EPMM RCE Vulnerability Chain Exploited in the Wild RCE Fri, 10 Apr 2026 01:36:48 +0000 https://www.obsidiansecurity.com/blog/cve-2025-34291-critical-account-takeover-and-rce-vulnerability-in-the-langflow-ai-agent-workflow-platform https://www.obsidiansecurity.com/blog/cve-2025-34291-critical-account-takeover-and-rce-vulnerability-in-the-langflow-ai-agent-workflow-platform CVE-2025-34291: Critical Account Takeover and RCE in Langflow RCE Fri, 10 Apr 2026 01:36:47 +0000 https://cyberpress.org/ninja-forms-rce-flaw/ https://cyberpress.org/ninja-forms-rce-flaw/ 50,000+ WordPress Sites at Risk from Critical Ninja Forms RCE RCE Fri, 10 Apr 2026 01:36:46 +0000