Skip to content

Latest commit

 

History

History
289 lines (288 loc) · 40.5 KB

TOPRCE.md

File metadata and controls

289 lines (288 loc) · 40.5 KB
Raw

Top RCE reports from HackerOne:

  1. RCE on Steam Client via buffer overflow in Server Info to Valve - 1256 upvotes, $18000
  2. Potential pre-auth RCE on Twitter VPN to Twitter - 1164 upvotes, $20160
  3. RCE via npm misconfig -- installing internal libraries from the public registry to PayPal - 808 upvotes, $30000
  4. H1514 Remote Code Execution on kitcrm using bulk customer update of Priority Products to Shopify - 803 upvotes, $15000
  5. Remote Code Execution on www.semrush.com/my_reports on Logo upload to Semrush - 791 upvotes, $0
  6. Git flag injection - local file overwrite to remote code execution to GitLab - 759 upvotes, $12000
  7. RCE and Complete Server Takeover of http://www.█████.starbucks.com.sg/ to Starbucks - 543 upvotes, $0
  8. Remote Code Execution in Slack desktop apps + bonus to Slack - 481 upvotes, $0
  9. RCE when removing metadata with ExifTool to GitLab - 479 upvotes, $20000
  10. SQL injection on contactws.contact-sys.com in TScenObject action ScenObjects leads to remote code execution to QIWI - 469 upvotes, $0
  11. RCE via unsafe inline Kramdown options when rendering certain Wiki pages to GitLab - 409 upvotes, $20000
  12. Panorama UI XSS leads to Remote Code Execution via Kick/Disconnect Message to Valve - 407 upvotes, $9000
  13. Remote code execution on Basecamp.com to Basecamp - 405 upvotes, $5000
  14. Multiple bugs leads to RCE on TikTok for Android to TikTok - 361 upvotes, $0
  15. RCE on shared.mail.ru due to "widget" plugin to Mail.ru - 359 upvotes, $10000
  16. RCE on build server via misconfigured pip install to Yelp - 347 upvotes, $0
  17. [ RCE ] Through stopping the redirect in /admin/* the attacker able to bypass Authentication And Upload Malicious File to Mail.ru - 340 upvotes, $0
  18. RCE via npm misconfig -- installing internal libraries from the public registry to Uber - 315 upvotes, $9000
  19. RCE on TikTok Ads Portal to TikTok - 302 upvotes, $0
  20. RCE via github import to GitLab - 259 upvotes, $0
  21. RCE via the DecompressedArchiveSizeValidator and Project BulkImports (behind feature flag) to GitLab - 250 upvotes, $33510
  22. Unchecked weapon id in WeaponList message parser on client leads to RCE to Valve - 226 upvotes, $3000
  23. Unrestricted File Upload Leads to RCE on mobile.starbucks.com.sg to Starbucks - 225 upvotes, $0
  24. RCE by command line argument injection to gm convert in /edit/process?a=crop to Imgur - 224 upvotes, $0
  25. Blind SQLi leading to RCE, from Unauthenticated access to a test API Webservice to Starbucks - 218 upvotes, $0
  26. Unauthenticated SSRF in jira.tochka.com leading to RCE in confluence.bank24.int to QIWI - 217 upvotes, $0
  27. RCE using bash command injection on /system/images (toimitilat.lahitapiola.fi) to LocalTapiola - 208 upvotes, $6800
  28. OOB reads in network message handlers leads to RCE to Valve - 205 upvotes, $7500
  29. Debug Mode Leak Critical Information [ AWS Keys , SMTP , Database , Django Secret Key ( RCE ) , Dodoc , Telegram , Twilio .. ] to Mail.ru - 205 upvotes, $0
  30. Test-scripts for postgis in mason-repository using unsafe unzip of content from unclaimed bucket creates potential RCE-issues to Mapbox - 201 upvotes, $12500
  31. RCE on CS:GO client using unsanitized entity ID in EntityMsg message to Valve - 199 upvotes, $9000
  32. Remote Code Execution on contactws.contact-sys.com via SQL injection in TCertObject operation "Delete" to QIWI - 194 upvotes, $0
  33. [Portal 2] Remote Code Execution via voice packets to Valve - 168 upvotes, $5000
  34. Git flag injection leading to file overwrite and potential remote code execution to GitLab - 168 upvotes, $3500
  35. RCE as Admin defeats WordPress hardening and file permissions to WordPress - 158 upvotes, $0
  36. Path traversal, SSTI and RCE on a MailRu acquisition to Mail.ru - 152 upvotes, $2000
  37. Malformed .BSP Access Violation in CS:GO can lead to Remote Code Execution to Valve - 149 upvotes, $12500
  38. MobileIron Unauthenticated RCE on mdm.qiwi.com with WAF bypass to QIWI - 147 upvotes, $0
  39. Path traversal, to RCE to GitLab - 136 upvotes, $12000
  40. Remote Code Execution via Extract App Plugin to Nextcloud - 122 upvotes, $0
  41. SQL injection on contactws.contact-sys.com in TRateObject.AddForOffice in USER_ID parameter leads to remote code execution to QIWI - 118 upvotes, $0
  42. Remote Code Execution on Git.imgur-dev.com to Imgur - 117 upvotes, $0
  43. Urgent: Server side template injection via Smarty template allows for RCE to Unikrn - 117 upvotes, $0
  44. Possible RCE through Windows Custom Protocol on Windows client to Nord Security - 117 upvotes, $0
  45. Apache Flink RCE via GET jar/plan API Endpoint to Aiven Ltd - 116 upvotes, $6000
  46. Read files on application server, leads to RCE to GitLab - 111 upvotes, $0
  47. Remote Code Execution (Reverse Shell) - File Manager to Concrete CMS - 111 upvotes, $0
  48. Specially Crafted Closed Captions File can lead to Remote Code Execution in CS:GO and other Source Games to Valve - 108 upvotes, $7500
  49. SQL Injection + Insecure Deserialization leads to Remote Code Execution on https://krisp.ai to Krisp - 105 upvotes, $0
  50. uber.com may RCE by Flask Jinja2 Template Injection to Uber - 96 upvotes, $10000
  51. [hta3] Remote Code Execution on ████ to U.S. Dept Of Defense - 95 upvotes, $0
  52. User-assisted RCE in Slack for macOS (from official site) due to improper quarantine meta-attribute handling for downloaded files to Slack - 94 upvotes, $750
  53. Tricking the "Create snippet" feature into displaying the wrong filetype can lead to RCE on Slack users to Slack - 93 upvotes, $1500
  54. Remote Code Execution in ██████ to U.S. Dept Of Defense - 93 upvotes, $0
  55. XXE in DoD website that may lead to RCE to U.S. Dept Of Defense - 89 upvotes, $0
  56. Privilege Escalation via REST API to Administrator leads to RCE to WordPress - 86 upvotes, $0
  57. Remote Unrestricted file Creation/Deletion and Possible RCE. to Twitter - 85 upvotes, $0
  58. Vanilla Forums AddonManager getSingleIndex Directory Traversal File Inclusion Remote Code Execution Vulnerability to Vanilla - 84 upvotes, $900
  59. Remote Code Execution on contactws.contact-sys.com via SQL injection in TAktifBankObject.GetOrder in parameter DOC_ID to QIWI - 84 upvotes, $0
  60. Remote Code Execution (RCE) in a DoD website to U.S. Dept Of Defense - 83 upvotes, $0
  61. [app-01.youdrive.club] RCE in CI/CD via dependency confusion to Mail.ru - 82 upvotes, $0
  62. File writing by Directory traversal at actionpack-page_caching and RCE by it to Ruby on Rails - 79 upvotes, $1000
  63. Remote Code Execution on Proxy Service (as root) to ██████ - 79 upvotes, $0
  64. Pre-auth Remote Code Execution on multiple Uber SSL VPN servers to Uber - 73 upvotes, $2000
  65. Nextcloud Desktop Client RCE via malicious URI schemes to Nextcloud - 72 upvotes, $1000
  66. RCE on facebooksearch.algolia.com to Algolia - 72 upvotes, $500
  67. RCE, SQLi, IDOR, Auth Bypass and XSS at [staff.███.edu.eg ] to ██████ - 70 upvotes, $0
  68. Old WebKit HTML agent in Template Preview function has multiple known vulnerabilities leading to RCE to Lob - 68 upvotes, $1500
  69. RCE on █████ via CVE-2017-10271 to U.S. Dept Of Defense - 68 upvotes, $0
  70. GMP Deserialization Type Confusion Vulnerability [MyBB <= 1.8.3 RCE Vulnerability] to Internet Bug Bounty - 68 upvotes, $0
  71. Grafana RCE via SMTP server parameter injection to Aiven Ltd - 67 upvotes, $5000
  72. CS:GO Server -> Client RCE through OOB access in CSVCMsg_SplitScreen + Info leak in HTTP download to Valve - 61 upvotes, $7500
  73. Remote Code Execution at http://tw.corp.ubnt.com to Ubiquiti Inc. - 61 upvotes, $0
  74. Remote Code Execution (upload) to Legal Robot - 60 upvotes, $0
  75. [Source Engine] Material path truncation leads to Remote Code Execution to Valve - 58 upvotes, $2500
  76. CVE-2022-40127: RCE in Apache Airflow <2.4.0 bash example to Internet Bug Bounty - 57 upvotes, $4000
  77. Store Development Resource Center was vulnerable to a Remote Code Execution - Unauthenticated Remote Command Injection (CVE-2019-0604) to Starbucks - 57 upvotes, $0
  78. Ability to access all user authentication tokens, leads to RCE to GitLab - 56 upvotes, $0
  79. Remote Code Execution through DNN Cookie Deserialization to U.S. Dept Of Defense - 56 upvotes, $0
  80. Remote Code Execution on contactws.contact-sys.com via SQL injection in TPrabhuObject.BeginOrder in parameter DOC_ID to QIWI - 52 upvotes, $0
  81. LFI with potential to RCE on ██████ using CVE-2019-3396 to U.S. Dept Of Defense - 51 upvotes, $0
  82. Remote code execution on rubygems.org to RubyGems - 49 upvotes, $1500
  83. WordPress SOME bug in plupload.flash.swf leading to RCE to Automattic - 49 upvotes, $0
  84. RCE in 'Copy as Node Request' BApp via code injection to PortSwigger Web Security - 49 upvotes, $0
  85. Remote Code Execution (RCE) at "juid" parameter in /get_zip.php (printshop.engelvoelkers.com) to Engel & Völkers Technology GmbH - 49 upvotes, $0
  86. Java Deserialization RCE via JBoss on card.starbucks.in to Starbucks - 48 upvotes, $0
  87. Remote Code Execution at https://169.38.86.185/ (edst.ibm.com) to IBM - 48 upvotes, $0
  88. Log4Shell: RCE 0-day exploit on █████████ to U.S. Dept Of Defense - 48 upvotes, $0
  89. [Kafka Connect] [JdbcSinkConnector][HttpSinkConnector] RCE by leveraging file upload via SQLite JDBC driver and SSRF to internal Jolokia to Aiven Ltd - 47 upvotes, $5000
  90. [CS:GO] Unchecked texture file name with TEXTUREFLAGS_DEPTHRENDERTARGET can lead to Remote Code Execution to Valve - 47 upvotes, $2500
  91. RCE via WikiCloth markdown rendering if the rubyluabridge gem is installed to GitLab - 46 upvotes, $3000
  92. SMB SSRF in emblem editor exposes taketwo domain credentials, may lead to RCE to Rockstar Games - 46 upvotes, $1500
  93. Jitsi Desktop Client RCE By Interacting with Malicious URL Schemes on Windows to 8x8 Bounty - 46 upvotes, $777
  94. Remote Code Execution in Basecamp Windows Electron App to Basecamp - 45 upvotes, $1250
  95. RCE via Local File Read -> php unserialization-> XXE -> unpickling to h1-5411-CTF - 43 upvotes, $0
  96. [3DS][SSL][SDK] Unchecked number of audio channels in Mobiclip SDK leads to RCE in eShop movie player to Nintendo - 43 upvotes, $0
  97. F5 BIG-IP TMUI RCE - CVE-2020-5902 (██.packet8.net) to 8x8 - 42 upvotes, $0
  98. RCE due to ImageTragick v2 to pixiv - 41 upvotes, $2000
  99. RCE which may occur due to ActiveSupport::MessageVerifier or ActiveSupport::MessageEncryptor (especially Active storage) to Ruby on Rails - 41 upvotes, $1500
  100. Java Deserialization RCE via JBoss JMXInvokerServlet/EJBInvokerServlet on card.starbucks.in to Starbucks - 41 upvotes, $0
  101. Remote Code Execution via Insecure Deserialization in Telerik UI to U.S. Dept Of Defense - 41 upvotes, $0
  102. Kafka Connect RCE via connector SASL JAAS JndiLoginModule configuration to Aiven Ltd - 40 upvotes, $5000
  103. CVE-2019-11043: a buffer underflow in fpm_main.c can lead to RCE in php-fpm to Internet Bug Bounty - 40 upvotes, $1500
  104. Remote Code Execution (RCE) in a Sony WebSystem to Sony - 40 upvotes, $0
  105. Remote Code Execution in Rocket.Chat-Desktop to Rocket.Chat - 40 upvotes, $0
  106. Vanilla Forums ImportController index file_exists Unserialize Remote Code Execution Vulnerability to Vanilla - 39 upvotes, $600
  107. Log4j RCE on https://judge.me/reviews to Judge.me - 39 upvotes, $50
  108. RCE via ssh:// URIs in multiple VCS to Internet Bug Bounty - 39 upvotes, $0
  109. RCE Possible Via Video Manager Export using @ character in Video Title to Pornhub - 38 upvotes, $500
  110. Remote code execution via path traversal in Zip extraction in the Extract app to Nextcloud - 38 upvotes, $0
  111. [3DS][SSL] Use of uninitialized class member leads to RCE in eShop movie player to Nintendo - 38 upvotes, $0
  112. Arbitrary File Reading leads to RCE in the Pulse Secure SSL VPN on the https://████ to U.S. Dept Of Defense - 36 upvotes, $0
  113. Signedness issue in ClassInfo message handler leads to RCE on CS:GO client to Valve - 34 upvotes, $7500
  114. Remote code execution as root on [REDACTED] to Zendesk - 34 upvotes, $0
  115. Remote code execution by hijacking an unclaimed S3 bucket in Rocket.Chat's installation script. to Rocket.Chat - 34 upvotes, $0
  116. Vanilla Forums domGetImages getimagesize Unserialize Remote Code Execution Vulnerability (critical) to Vanilla - 32 upvotes, $600
  117. XML Parser Bug: XXE over which leads to RCE to drchrono - 32 upvotes, $0
  118. Remote code execution on an Army website to U.S. Dept Of Defense - 31 upvotes, $0
  119. Unauthenticated RCE in Vaultpress to Automattic - 31 upvotes, $0
  120. Pulse Secure File disclosure, clear text and potential RCE to U.S. Dept Of Defense - 31 upvotes, $0
  121. XSS leads to RCE on the RocketChat desktop client. to Rocket.Chat - 31 upvotes, $0
  122. Remote Code Execution on ██.8x8.com via .NET VSTATE Deserialization to 8x8 - 31 upvotes, $0
  123. RCE in profile picture upload to HackerOne - 30 upvotes, $2500
  124. Malformed map detailed texture files in GoldSrc games lead to Remote Code Execution to Valve - 30 upvotes, $350
  125. [3DS][StreetPass] Heap Overflow in Swapnote parser leads to userland StreetPass RCE to Nintendo - 30 upvotes, $0
  126. Use after free vulnerability in mruby Array#to_h causing DOS possible RCE to shopify-scripts - 29 upvotes, $20000
  127. ZeroMQ libzmq remote code execution to Internet Bug Bounty - 29 upvotes, $1000
  128. Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) (CVE-2021-42013) to Internet Bug Bounty - 29 upvotes, $1000
  129. Remote Code Execution (RCE) in a DoD website to U.S. Dept Of Defense - 29 upvotes, $0
  130. Log4j Java RCE in [beta.dev.adobeconnect.com] to Adobe - 28 upvotes, $0
  131. RCE vulnerability in apache-airflow-providers-apache-sqoop 3.1.0 to Internet Bug Bounty - 27 upvotes, $2400
  132. RCE via exposed JMX server on jabber.37signals.com/jabber.basecamp.com to Basecamp - 26 upvotes, $100
  133. RCE via Print function [Simplenote 1.1.3 - Desktop app] to Automattic - 26 upvotes, $0
  134. RCE Apache Struts2 remote command execution (S2-045) on [wifi-partner.mtn.com.gh] to MTN Group - 26 upvotes, $0
  135. [hta3] Remote Code Execution on https://███ via improper access control to SCORM Zip upload/import to U.S. Dept Of Defense - 26 upvotes, $0
  136. GoldSrc: Buffer Overflow in DELTA_ParseDelta function leads to RCE to Valve - 25 upvotes, $3000
  137. [███████] Remote Code Execution at ██████ [CVE-2021-44529] [HtUS] to U.S. Dept Of Defense - 25 upvotes, $1000
  138. Lack of quarantine macOS attribute(com.apple.quarantine) leads multiple issues including RCE to Basecamp - 25 upvotes, $250
  139. Authentication bypass and RCE on the https://████ due to exposed Cisco TelePresence SX80 with default credentials to U.S. Dept Of Defense - 25 upvotes, $0
  140. Vanilla Forums Gdn_Format unserialize() Remote Code Execution Vulnerability to Vanilla - 24 upvotes, $600
  141. [GoldSrc] RCE via malformed BSP file to Valve - 24 upvotes, $450
  142. Vanilla Forums Xenforo password splitHash Unserialize Remote Code Execution Vulnerability to Vanilla - 24 upvotes, $300
  143. RCE on a Department of Defense website to U.S. Dept Of Defense - 24 upvotes, $0
  144. Remote Code Execution via Insecure Deserialization in Telerik UI (CVE-2019-18935) to U.S. Dept Of Defense - 24 upvotes, $0
  145. [GoldSrc] RCE via 'spk' Console Command to Valve - 23 upvotes, $350
  146. Attention! Remote Code Execution at http://wpt.ec2.shopify.com/ to Shopify - 23 upvotes, $0
  147. Stored XSS in any message (leads to priv esc for all users and file leak + rce via electron app) to Rocket.Chat - 23 upvotes, $0
  148. Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.50 to Internet Bug Bounty - 22 upvotes, $1000
  149. Remote Code Execution (RCE) in a Sony Pictures WebSystem to Sony - 22 upvotes, $0
  150. Apache solr RCE via velocity template to U.S. Dept Of Defense - 22 upvotes, $0
  151. RCE By import channel field to ExpressionEngine - 21 upvotes, $0
  152. Several vulnerabilities lead to Remote Code Execution and Arbitraty File Read on multiple servers to 50m-ctf - 21 upvotes, $0
  153. Jenkins Unauthenticated RCE on https://djangoci.com/ to Django - 21 upvotes, $0
  154. CVE-2022-38362: Apache Airflow Docker Provider <3.0 RCE vulnerability in example dag to Internet Bug Bounty - 21 upvotes, $0
  155. LFI on Accounting server and RCE on FliteThermostat admin server to 50m-ctf - 20 upvotes, $0
  156. Arbitrary File Reading leads to RCE in the Pulse Secure SSL VPN on the https://███ to U.S. Dept Of Defense - 20 upvotes, $0
  157. 2 click Remote Code execution in Evernote Android to Evernote - 20 upvotes, $0
  158. Rocket.Chat Server RCE to Rocket.Chat - 20 upvotes, $0
  159. Remote Code Execution on █████████ to U.S. Dept Of Defense - 19 upvotes, $0
  160. [CVE-2018-7600] Remote Code Execution due to outdated Drupal server on www.█████████ to U.S. Dept Of Defense - 19 upvotes, $0
  161. Remote code execution vulnerability on a DoD website to U.S. Dept Of Defense - 17 upvotes, $0
  162. [Simplenote for Windows] Client RCE via External JavaScript Inclusion leveraging Electron to Automattic - 17 upvotes, $0
  163. Remote Code Execution (RCE) in DoD Websites to U.S. Dept Of Defense - 17 upvotes, $0
  164. Default credentials for the temporary POC site alipoc.stg.starbucks.com.cn permitted WAF bypass and RCE to Starbucks - 17 upvotes, $0
  165. bunyan - RCE via insecure command formatting to Node.js third-party modules - 17 upvotes, $0
  166. Pre-Auth Blind NoSQL Injection leading to Remote Code Execution to Rocket.Chat - 17 upvotes, $0
  167. RCE: DnDing shortcut files to chrome://brave allows loading HTML files in Muon's context to Brave Software - 16 upvotes, $300
  168. Arbitrary file deletion in wp-core - guides towards RCE and information disclosure to WordPress - 16 upvotes, $0
  169. Desktop app RCE (#276031 bypass) to Rocket.Chat - 16 upvotes, $0
  170. Authenticated path traversal to RCE to Concrete CMS - 16 upvotes, $0
  171. RCE hazard in reporting (via Chromium) to Elastic - 15 upvotes, $10000
  172. Squid as reverse proxy RCE and data leak to Internet Bug Bounty - 15 upvotes, $6000
  173. Remote Code Execution through Deserialization Attack in OwnBackup app. to ownCloud - 15 upvotes, $0
  174. Several simple remote code execution in pdf-image to Node.js third-party modules - 15 upvotes, $0
  175. [logkitty] RCE via insecure command formatting to Node.js third-party modules - 15 upvotes, $0
  176. Unauth RCE on Jenkins Instance at https://█████████/ to U.S. Dept Of Defense - 15 upvotes, $0
  177. SSRF + RCE через fastCGI в POST /api/nr/video to Mail.ru - 15 upvotes, $0
  178. Buddypress 2.9.1 - Exceeding the maximum upload size - XSS leading to potential RCE. to WordPress - 14 upvotes, $0
  179. RCE Jira(CVE-2019–11581) [my-com.atlassian.net] to Mail.ru - 14 upvotes, $0
  180. [tree-kill] RCE via insecure command concatenation (only Windows) to Node.js third-party modules - 14 upvotes, $0
  181. Remote Code Execution through Extension Bypass on Log Functionality to Concrete CMS - 14 upvotes, $0
  182. Remote Code Execution via CVE-2019-18935 to U.S. Dept Of Defense - 14 upvotes, $0
  183. Remote Code Execution through "Files_antivirus" plugin to ownCloud - 14 upvotes, $0
  184. Drupal 7 pre auth sql injection and remote code execution to Internet Bug Bounty - 13 upvotes, $3000
  185. Exposed, outdated nginx server (v1.4.6) potentially vulnerable to heap-based buffer overflow & RCE to IRCCloud - 13 upvotes, $0
  186. Remote Code Execution (RCE) in a DoD website to U.S. Dept Of Defense - 13 upvotes, $0
  187. [Urgent] Critical Vulnerability [RCE] on ███ vulnerable to Remote Code Execution by exploiting MS15-034, CVE-2015-1635 to U.S. Dept Of Defense - 13 upvotes, $0
  188. chrome://brave can still be navigated to, leading to RCE to Brave Software - 12 upvotes, $300
  189. Triggering RCE using XSS to bypass CSRF in PowerBeam M5 300 to Ubiquiti Inc. - 12 upvotes, $0
  190. RCE on https://█████/ Using CVE-2017-9248 to U.S. Dept Of Defense - 12 upvotes, $0
  191. (Critical) Remote Code Execution Through Old TinyMCE upload bypass to 8x8 - 12 upvotes, $0
  192. Remote Code Execution - Unauthenticated Remote Command Injection (via Microsoft SharePoint CVE-2019-0604) to U.S. Dept Of Defense - 12 upvotes, $0
  193. Remote Code Execution in coming Kibana 7.7.0 to Elastic - 11 upvotes, $5000
  194. Exim off-by-one RCE vulnerability to Internet Bug Bounty - 11 upvotes, $1500
  195. [GoldSrc] Remote Code Execution using malicious WAD list in BSP file to Valve - 11 upvotes, $750
  196. Remote Code Execution in NovaStor NovaBACKUP DataCenter backup software (Hiback) to LocalTapiola - 11 upvotes, $100
  197. REMOTE CODE EXECUTION/LOCAL FILE INCLUSION/XSPA/SSRF, view-source:http://sb*.geo.sp1.yahoo.com/, 4/6/14, #SpringClean to Yahoo! - 11 upvotes, $0
  198. Remote Code Execution in Rocket.Chat Desktop to Rocket.Chat - 11 upvotes, $0
  199. Unrestricted File Upload Leads to XSS & Potential RCE to U.S. Dept Of Defense - 11 upvotes, $0
  200. CSV Injection Via Student Password/Name Leads To Client Side RCE And Reading Client Files to Khan Academy - 11 upvotes, $0
  201. Unauthorized Kubernetes to RCE (root) and found TEAMTNT Crypto Miner on it to IBM - 11 upvotes, $0
  202. Insecure use of shell.openExternal() in Rocket.Chat Desktop App leading to RCE to Rocket.Chat - 11 upvotes, $0
  203. RCE vulnerability in Hyperledger Fabric SDK for Java to Hyperledger - 10 upvotes, $200
  204. RCE due to Web Console IP Whitelist bypass in Rails 4.0 and 4.1 to Ruby on Rails - 10 upvotes, $0
  205. Remote Code Execution (RCE) in a DoD website to U.S. Dept Of Defense - 10 upvotes, $0
  206. Remote Code Execution in Wordpress Desktop to Automattic - 10 upvotes, $0
  207. RCE on 17 different Docker containers on your network to Nextcloud - 10 upvotes, $0
  208. PHP Object injection -> Building Custom Gadget chain -> RCE to ExpressionEngine - 10 upvotes, $0
  209. PHPUnit is included in groupfolders release package potentially causing RCE to Nextcloud - 9 upvotes, $100
  210. RCE (Remote Code Execution) Vulnerability on Ruby to Ruby - 9 upvotes, $0
  211. Unrestricted File Upload Leading to Remote Code Execution to Central Security Project - 9 upvotes, $0
  212. [CVE-2019-11510 ] Path Traversal on ████████ leads to leaked passwords, RCE, etc to U.S. Dept Of Defense - 9 upvotes, $0
  213. redirect_to(["string"]) remote code execution to Ruby on Rails - 9 upvotes, $0
  214. Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464) to U.S. Dept Of Defense - 9 upvotes, $0
  215. Post-Auth Blind NoSQL Injection in the users.list API leads to Remote Code Execution to Rocket.Chat - 9 upvotes, $0
  216. A bypass of adding remote files in concrete5 FIlemanager leads to remote code execution to Concrete CMS - 9 upvotes, $0
  217. Arbitrary file download via "Save .torrent file" option can lead to Client RCE and XSS to Brave Software - 9 upvotes, $0
  218. Explicit, dynamic render path: Dir. Trav + RCE to Ruby on Rails - 8 upvotes, $500
  219. RCE in ci.owncloud.com / ci.owncloud.org to ownCloud - 8 upvotes, $0
  220. Remote code execution (RCE) in multiple DoD websites to U.S. Dept Of Defense - 8 upvotes, $0
  221. Cisco RCE to Informatica - 8 upvotes, $0
  222. Remote Code Execution (RCE) in a DoD website to U.S. Dept Of Defense - 8 upvotes, $0
  223. [jsreport] Remote Code Execution to Node.js third-party modules - 8 upvotes, $0
  224. [CRITICAL] Remote code execution on http://axa.dxi.eu to 8x8 - 8 upvotes, $0
  225. RCE in AirOS 6.2.0 Devices with CSRF bypass to Ubiquiti Inc. - 8 upvotes, $0
  226. RCE (Remote code execution) in one of DoD's websites to U.S. Dept Of Defense - 8 upvotes, $0
  227. RCE in ██████ subdomain via CVE-2017-1000486 to U.S. Dept Of Defense - 8 upvotes, $0
  228. [Git Gud] GitHub.com Svnbridge memcached deserialization vulnerability chain leading to Remote Code Execution to GitHub - 8 upvotes, $0
  229. Remote code execution using render :inline to Ruby on Rails - 7 upvotes, $1500
  230. Remote Code Execution in the Import Channel function to ExpressionEngine - 7 upvotes, $0
  231. Root Remote Code Execution on https://███ to U.S. Dept Of Defense - 7 upvotes, $0
  232. (Authenticated) RCE by bypassing of the .htaccess blacklist to Nextcloud - 7 upvotes, $0
  233. [blamer] RCE via insecure command formatting to Node.js third-party modules - 7 upvotes, $0
  234. [git-promise] RCE via insecure command formatting to Node.js third-party modules - 7 upvotes, $0
  235. Struct type confusion RCE to shopify-scripts - 6 upvotes, $18000
  236. Remote code execution vulnerability on a DoD website to U.S. Dept Of Defense - 6 upvotes, $0
  237. Remote Code Execution (RCE) vulnerability in a DoD website to U.S. Dept Of Defense - 6 upvotes, $0
  238. Authenticated RCE in ToughSwitch to Ubiquiti Inc. - 6 upvotes, $0
  239. accounts.informatica.com - RCE due to exposed Groovy console to Informatica - 6 upvotes, $0
  240. RCE on default Ubuntu Desktop >= 12.10 Quantal to Internet Bug Bounty - 6 upvotes, $0
  241. [notevil] - Sandbox Escape Lead to RCE on Node.js and XSS in the Browser to Node.js third-party modules - 6 upvotes, $0
  242. Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464) to U.S. Dept Of Defense - 6 upvotes, $0
  243. Fetching the update json scheme from concrete5 over HTTP leads to remote code execution to Concrete CMS - 6 upvotes, $0
  244. Canonical Snapcraft vulnerable to remote code execution under certain conditions to Internet Bug Bounty - 5 upvotes, $750
  245. Steam Deck Single Click Root Remote Code Execution to Valve - 5 upvotes, $750
  246. apps.owncloud.com: Malicious file upload leads to remote code execution to ownCloud - 5 upvotes, $0
  247. Possible RCE to Nextcloud - 5 upvotes, $0
  248. Remote Code Execution (RCE) in a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
  249. [node-df] RCE via insecure command concatenation to Node.js third-party modules - 5 upvotes, $0
  250. Email address is not validated, No Rate Limit and RCE On Forgot Password Page Of affiliates.nordvpn.com to Nord Security - 5 upvotes, $0
  251. [arpping] Remote Code Execution to Node.js third-party modules - 5 upvotes, $0
  252. RCE в .api/nr/report/{id}/download to Mail.ru - 5 upvotes, $0
  253. Remote code execution due to unvalidated file upload to MTN Group - 5 upvotes, $0
  254. Remote Code Execution on ownCloud instances with ImageMagick installed to ownCloud - 5 upvotes, $0
  255. 'Limited' RCE in certain places where Liquid is accepted to Shopify - 4 upvotes, $1500
  256. Review remote code execution in SwiftMailer to Nextcloud - 4 upvotes, $0
  257. Remote Code Execution (RCE) in a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  258. Remote Code Execution (RCE) vulnerability in multiple DoD websites to U.S. Dept Of Defense - 4 upvotes, $0
  259. Wordpress 4.8.1 - Rogue editor leads to RCE. And the risks of same origin frame scripting in general to WordPress - 4 upvotes, $0
  260. Remote Code Execution (RCE) in a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  261. potential RCE and XSS via file upload requiring user account and default settings to Nextcloud - 4 upvotes, $0
  262. Post-Auth Stored XSS with User Interaction leads to Remote Code Execution to Rocket.Chat - 4 upvotes, $0
  263. Custom crafted message object in Meteor.Call allows remote code execution and impersonation to Rocket.Chat - 4 upvotes, $0
  264. Deserialization of potentially malicious data to RCE to Django - 4 upvotes, $0
  265. Insecure use of shell.openExternal() leads to RCE in Rocket.Chat-Desktop to Rocket.Chat - 4 upvotes, $0
  266. Remote Code Execution (RCE) in a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
  267. Remote code execution vulnerability on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
  268. [treekill] RCE via insecure command concatenation (only Windows) to Node.js third-party modules - 3 upvotes, $0
  269. [meta-git] RCE via insecure command formatting to Node.js third-party modules - 3 upvotes, $0
  270. [npm-git-publish] RCE via insecure command formatting to Node.js third-party modules - 3 upvotes, $0
  271. [windows-edge] RCE via insecure command formatting to Node.js third-party modules - 3 upvotes, $0
  272. RCE через JDWP to Mail.ru - 2 upvotes, $300
  273. Java RMI (Remote Code Execution) to New Relic - 2 upvotes, $0
  274. WordPress Plugin Insert or Embed Articulate Content into WordPress Remote Code Execution (UNAUTHORIZED) to Nextcloud - 2 upvotes, $0
  275. The “Malstaller” Attack, global hijacking of any installation process to achieve RCE with elevated privileges, Windows OS (vendor agnostic) to Internet Bug Bounty - 2 upvotes, $0
  276. [git-lib] RCE via insecure command formatting to Node.js third-party modules - 2 upvotes, $0
  277. [gity] RCE via insecure command formatting to Node.js third-party modules - 2 upvotes, $0
  278. [create-git] RCE via insecure command formatting to Node.js third-party modules - 2 upvotes, $0
  279. Adobe Flash Player Regular Expression UAF Remote Code Execution Vulnerability to Internet Bug Bounty - 1 upvotes, $5000
  280. potential remote code execution with phar archive to Internet Bug Bounty - 1 upvotes, $500
  281. Sendmail Remote Code Execution Vulnerability in Concrete5 version 5.7.3.1 to Concrete CMS - 1 upvotes, $0
  282. [curling] Remote Code Execution to Node.js third-party modules - 1 upvotes, $0
  283. SOAP serialize_function_call() type confusion / RCE to Internet Bug Bounty - 0 upvotes, $1500
  284. Possible xWork classLoader RCE: shared.mail.ru to Mail.ru - 0 upvotes, $200
  285. Missing/Breach of Internal Security Boundary - Access to Job Queue Results in Remote Code Execution to GitLab - 0 upvotes, $0
  286. [commit-msg] RCE via insecure command formatting to Node.js third-party modules - 0 upvotes, $0
  287. [imagickal] Remote Code Execution to Node.js third-party modules - 0 upvotes, $0