#RCE
21 stories taggedRCE · page 2 of 2.

Microsoft's October Dump: 206 CVEs, Three Already Public
A record Patch Tuesday hauls in 39 Critical bugs and a trio of zero-days that were knocking around before the fix shipped.

protobuf.js Ships Six Bugs That Turn Schemas Into RCE Triggers
A single malicious descriptor is enough. Node.js services parsing untrusted Protobuf are the obvious blast radius.

Everest Forms Pro RCE Under Active Exploitation on WordPress Sites
CVE-2026-3300 carries a 9.8 CVSS. Attackers are using it to take over sites running unpatched versions of the premium form-builder plugin.

One Click, Full Shell: Flowise MCP Flaw Scores 9.9 CVSS
A sandboxing failure in Flowise's MCP stdio implementation lets an attacker execute arbitrary OS commands with process-level privileges — and the patches so far don't close the hole.

Authenticated RCE in Gogs Hits CVSS 9.4 — and There's No CVE Yet
A critical flaw in the self-hosted Git service lets any logged-in account execute arbitrary code on the server. The auth bar is low. The blast radius isn't.

SharePoint's latest RCE bug hands attackers the keys with no extra paperwork
CVE-2026-45659 is a deserialization flaw that doesn't ask for much — and that's exactly why Microsoft is shipping fixes across every supported SharePoint Server build.