Browse CVEs
Search by CVE id or keyword and see what the field reported.
4 results for “RCE”
- CVE-2020-5902CVSS 9.8KEVEPSS 100%
In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages.
- CVE-2022-22965KEVEPSS 100%
Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding.
- CVE-2026-39987CVSS 9.8KEVEPSS 96%
marimo is a reactive Python notebook. Prior to 0.23.0, Marimo has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint /terminal/ws lacks authentication validation, allowing an unauthenticated attacker to obtain a full PTY shell and execute arbitrary system commands. Unlike other WebSocket endpoints (e.g., /ws) that correctly call validate_auth() for authentication, the /terminal/ws endpoint only checks the running mode and platform support before accepting connections, completely skipping authentication verification. This vulnerability is fixed in 0.23.0.
- CVE-2024-40711CVSS 9.8KEVEPSS 88%
A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE).