Skip to content

Latest commit

 

History

History
303 lines (302 loc) · 42.4 KB

TOPRCE.md

File metadata and controls

303 lines (302 loc) · 42.4 KB
Raw

Top RCE reports from HackerOne:

  1. RCE on Steam Client via buffer overflow in Server Info to Valve - 1271 upvotes, $0
  2. Potential pre-auth RCE on Twitter VPN to X (Formerly Twitter) - 1190 upvotes, $20160
  3. RCE via npm misconfig -- installing internal libraries from the public registry to PayPal - 849 upvotes, $30000
  4. H1514 Remote Code Execution on kitcrm using bulk customer update of Priority Products to Shopify - 817 upvotes, $0
  5. Remote Code Execution on www.semrush.com/my_reports on Logo upload to Semrush - 800 upvotes, $0
  6. Git flag injection - local file overwrite to remote code execution to GitLab - 762 upvotes, $12000
  7. RCE and Complete Server Takeover of http://www.█████.starbucks.com.sg/ to Starbucks - 551 upvotes, $0
  8. Remote Code Execution in Slack desktop apps + bonus to Slack - 486 upvotes, $0
  9. RCE when removing metadata with ExifTool to GitLab - 485 upvotes, $20000
  10. SQL injection on contactws.contact-sys.com in TScenObject action ScenObjects leads to remote code execution to QIWI - 473 upvotes, $0
  11. RCE via unsafe inline Kramdown options when rendering certain Wiki pages to GitLab - 414 upvotes, $20000
  12. Remote code execution on Basecamp.com to Basecamp - 409 upvotes, $5000
  13. Panorama UI XSS leads to Remote Code Execution via Kick/Disconnect Message to Valve - 408 upvotes, $0
  14. Multiple bugs leads to RCE on TikTok for Android to TikTok - 362 upvotes, $0
  15. RCE on shared.mail.ru due to "widget" plugin to Mail.ru - 359 upvotes, $10000
  16. RCE on build server via misconfigured pip install to Yelp - 352 upvotes, $0
  17. [ RCE ] Through stopping the redirect in /admin/* the attacker able to bypass Authentication And Upload Malicious File to Mail.ru - 340 upvotes, $0
  18. RCE via npm misconfig -- installing internal libraries from the public registry to Uber - 318 upvotes, $9000
  19. RCE on TikTok Ads Portal to TikTok - 304 upvotes, $0
  20. RCE via the DecompressedArchiveSizeValidator and Project BulkImports (behind feature flag) to GitLab - 283 upvotes, $33510
  21. RCE via github import to GitLab - 262 upvotes, $0
  22. RCE by command line argument injection to gm convert in /edit/process?a=crop to Imgur - 228 upvotes, $0
  23. Unrestricted File Upload Leads to RCE on mobile.starbucks.com.sg to Starbucks - 227 upvotes, $0
  24. Unchecked weapon id in WeaponList message parser on client leads to RCE to Valve - 226 upvotes, $3000
  25. Unauthenticated SSRF in jira.tochka.com leading to RCE in confluence.bank24.int to QIWI - 221 upvotes, $0
  26. Blind SQLi leading to RCE, from Unauthenticated access to a test API Webservice to Starbucks - 219 upvotes, $0
  27. RCE using bash command injection on /system/images (toimitilat.lahitapiola.fi) to LocalTapiola - 209 upvotes, $0
  28. OOB reads in network message handlers leads to RCE to Valve - 207 upvotes, $7500
  29. RCE on CS:GO client using unsanitized entity ID in EntityMsg message to Valve - 205 upvotes, $9000
  30. Debug Mode Leak Critical Information [ AWS Keys , SMTP , Database , Django Secret Key ( RCE ) , Dodoc , Telegram , Twilio .. ] to Mail.ru - 205 upvotes, $0
  31. Test-scripts for postgis in mason-repository using unsafe unzip of content from unclaimed bucket creates potential RCE-issues to Mapbox - 204 upvotes, $0
  32. Remote Code Execution on contactws.contact-sys.com via SQL injection in TCertObject operation "Delete" to QIWI - 194 upvotes, $0
  33. [Portal 2] Remote Code Execution via voice packets to Valve - 169 upvotes, $5000
  34. Git flag injection leading to file overwrite and potential remote code execution to GitLab - 169 upvotes, $3500
  35. RCE as Admin defeats WordPress hardening and file permissions to WordPress - 161 upvotes, $0
  36. RCE of Burp Scanner / Crawler via Clickjacking to PortSwigger Web Security - 160 upvotes, $3000
  37. Path traversal, SSTI and RCE on a MailRu acquisition to Mail.ru - 152 upvotes, $2000
  38. Malformed .BSP Access Violation in CS:GO can lead to Remote Code Execution to Valve - 149 upvotes, $0
  39. MobileIron Unauthenticated RCE on mdm.qiwi.com with WAF bypass to QIWI - 148 upvotes, $0
  40. Path traversal, to RCE to GitLab - 136 upvotes, $12000
  41. Remote Code Execution via Extract App Plugin to Nextcloud - 122 upvotes, $0
  42. Remote Code Execution on Git.imgur-dev.com to Imgur - 119 upvotes, $0
  43. Apache Flink RCE via GET jar/plan API Endpoint to Aiven Ltd - 118 upvotes, $6000
  44. SQL injection on contactws.contact-sys.com in TRateObject.AddForOffice in USER_ID parameter leads to remote code execution to QIWI - 118 upvotes, $0
  45. Possible RCE through Windows Custom Protocol on Windows client to Nord Security - 118 upvotes, $0
  46. Urgent: Server side template injection via Smarty template allows for RCE to Unikrn - 117 upvotes, $0
  47. SQL Injection + Insecure Deserialization leads to Remote Code Execution on https://krisp.ai to Krisp - 112 upvotes, $0
  48. Read files on application server, leads to RCE to GitLab - 111 upvotes, $0
  49. Remote Code Execution (Reverse Shell) - File Manager to Concrete CMS - 111 upvotes, $0
  50. Specially Crafted Closed Captions File can lead to Remote Code Execution in CS:GO and other Source Games to Valve - 109 upvotes, $7500
  51. uber.com may RCE by Flask Jinja2 Template Injection to Uber - 108 upvotes, $10000
  52. [hta3] Remote Code Execution on ████ to U.S. Dept Of Defense - 99 upvotes, $0
  53. User-assisted RCE in Slack for macOS (from official site) due to improper quarantine meta-attribute handling for downloaded files to Slack - 95 upvotes, $750
  54. Tricking the "Create snippet" feature into displaying the wrong filetype can lead to RCE on Slack users to Slack - 94 upvotes, $1500
  55. Remote Code Execution in ██████ to U.S. Dept Of Defense - 93 upvotes, $0
  56. XXE in DoD website that may lead to RCE to U.S. Dept Of Defense - 91 upvotes, $0
  57. Remote Unrestricted file Creation/Deletion and Possible RCE. to X (Formerly Twitter) - 89 upvotes, $0
  58. Privilege Escalation via REST API to Administrator leads to RCE to WordPress - 88 upvotes, $0
  59. CVE-2024-27281: RCE vulnerability with .rdoc_options in RDoc to Internet Bug Bounty - 85 upvotes, $4860
  60. Vanilla Forums AddonManager getSingleIndex Directory Traversal File Inclusion Remote Code Execution Vulnerability to Vanilla - 84 upvotes, $900
  61. Remote Code Execution on contactws.contact-sys.com via SQL injection in TAktifBankObject.GetOrder in parameter DOC_ID to QIWI - 84 upvotes, $0
  62. Remote Code Execution (RCE) in a DoD website to U.S. Dept Of Defense - 83 upvotes, $0
  63. [app-01.youdrive.club] RCE in CI/CD via dependency confusion to Mail.ru - 83 upvotes, $0
  64. Remote Code Execution on Proxy Service (as root) to ██████ - 80 upvotes, $0
  65. File writing by Directory traversal at actionpack-page_caching and RCE by it to Ruby on Rails - 79 upvotes, $1000
  66. Pre-auth Remote Code Execution on multiple Uber SSL VPN servers to Uber - 77 upvotes, $2000
  67. RCE on Wordpress website to Nextcloud - 75 upvotes, $0
  68. Nextcloud Desktop Client RCE via malicious URI schemes to Nextcloud - 72 upvotes, $1000
  69. RCE on facebooksearch.algolia.com to Algolia - 72 upvotes, $500
  70. RCE, SQLi, IDOR, Auth Bypass and XSS at [staff.███.edu.eg ] to ██████ - 71 upvotes, $0
  71. Grafana RCE via SMTP server parameter injection to Aiven Ltd - 69 upvotes, $5000
  72. Old WebKit HTML agent in Template Preview function has multiple known vulnerabilities leading to RCE to Lob - 68 upvotes, $1500
  73. RCE on █████ via CVE-2017-10271 to U.S. Dept Of Defense - 68 upvotes, $0
  74. GMP Deserialization Type Confusion Vulnerability [MyBB <= 1.8.3 RCE Vulnerability] to Internet Bug Bounty - 68 upvotes, $0
  75. CS:GO Server -> Client RCE through OOB access in CSVCMsg_SplitScreen + Info leak in HTTP download to Valve - 63 upvotes, $7500
  76. Remote Code Execution at http://tw.corp.ubnt.com to Ubiquiti Inc. - 61 upvotes, $0
  77. Remote Code Execution (upload) to Legal Robot - 60 upvotes, $0
  78. CVE-2022-40127: RCE in Apache Airflow <2.4.0 bash example to Internet Bug Bounty - 59 upvotes, $4000
  79. [Source Engine] Material path truncation leads to Remote Code Execution to Valve - 59 upvotes, $2500
  80. Ability to access all user authentication tokens, leads to RCE to GitLab - 57 upvotes, $0
  81. Store Development Resource Center was vulnerable to a Remote Code Execution - Unauthenticated Remote Command Injection (CVE-2019-0604) to Starbucks - 57 upvotes, $0
  82. Remote Code Execution through DNN Cookie Deserialization to U.S. Dept Of Defense - 56 upvotes, $0
  83. LFI with potential to RCE on ██████ using CVE-2019-3396 to U.S. Dept Of Defense - 53 upvotes, $0
  84. Remote code execution and exfiltration of secret tokens by poisoning the mozilla/fxa CI build cache to Mozilla - 53 upvotes, $0
  85. Unsafe yaml load can lead to remote code execution to Liberapay - 53 upvotes, $0
  86. Remote Code Execution on contactws.contact-sys.com via SQL injection in TPrabhuObject.BeginOrder in parameter DOC_ID to QIWI - 52 upvotes, $0
  87. Remote code execution via crafted pentaho report uploaded using default credentials for pentaho business server to MTN Group - 52 upvotes, $0
  88. Jitsi Desktop Client RCE By Interacting with Malicious URL Schemes on Windows to 8x8 Bounty - 51 upvotes, $777
  89. [Kafka Connect] [JdbcSinkConnector][HttpSinkConnector] RCE by leveraging file upload via SQLite JDBC driver and SSRF to internal Jolokia to Aiven Ltd - 50 upvotes, $5000
  90. Remote code execution on rubygems.org to RubyGems - 50 upvotes, $1500
  91. WordPress SOME bug in plupload.flash.swf leading to RCE to Automattic - 49 upvotes, $0
  92. RCE in 'Copy as Node Request' BApp via code injection to PortSwigger Web Security - 49 upvotes, $0
  93. Remote Code Execution (RCE) at "juid" parameter in /get_zip.php (printshop.engelvoelkers.com) to Engel & Völkers Technology GmbH - 49 upvotes, $0
  94. RCE via WikiCloth markdown rendering if the rubyluabridge gem is installed to GitLab - 48 upvotes, $3000
  95. Java Deserialization RCE via JBoss on card.starbucks.in to Starbucks - 48 upvotes, $0
  96. Remote Code Execution at https://169.38.86.185/ (edst.ibm.com) to IBM - 48 upvotes, $0
  97. Log4Shell: RCE 0-day exploit on █████████ to U.S. Dept Of Defense - 48 upvotes, $0
  98. [CS:GO] Unchecked texture file name with TEXTUREFLAGS_DEPTHRENDERTARGET can lead to Remote Code Execution to Valve - 47 upvotes, $2500
  99. SMB SSRF in emblem editor exposes taketwo domain credentials, may lead to RCE to Rockstar Games - 46 upvotes, $1500
  100. RCE on ingress-nginx-controller via Ingress spec.rules.http.paths.path field to Kubernetes - 45 upvotes, $2500
  101. Remote Code Execution in Basecamp Windows Electron App to Basecamp - 45 upvotes, $0
  102. RCE via Local File Read -> php unserialization-> XXE -> unpickling to h1-5411-CTF - 44 upvotes, $0
  103. [3DS][SSL][SDK] Unchecked number of audio channels in Mobiclip SDK leads to RCE in eShop movie player to Nintendo - 43 upvotes, $0
  104. F5 BIG-IP TMUI RCE - CVE-2020-5902 (██.packet8.net) to 8x8 - 43 upvotes, $0
  105. CVE-2019-11043: a buffer underflow in fpm_main.c can lead to RCE in php-fpm to Internet Bug Bounty - 42 upvotes, $1500
  106. Remote Code Execution via Insecure Deserialization in Telerik UI to U.S. Dept Of Defense - 42 upvotes, $0
  107. Kafka Connect RCE via connector SASL JAAS JndiLoginModule configuration to Aiven Ltd - 41 upvotes, $5000
  108. RCE due to ImageTragick v2 to pixiv - 41 upvotes, $2000
  109. RCE which may occur due to ActiveSupport::MessageVerifier or ActiveSupport::MessageEncryptor (especially Active storage) to Ruby on Rails - 41 upvotes, $1500
  110. Java Deserialization RCE via JBoss JMXInvokerServlet/EJBInvokerServlet on card.starbucks.in to Starbucks - 41 upvotes, $0
  111. Remote Code Execution (RCE) in a Sony WebSystem to Sony - 40 upvotes, $0
  112. Remote Code Execution in Rocket.Chat-Desktop to Rocket.Chat - 40 upvotes, $0
  113. Vanilla Forums ImportController index file_exists Unserialize Remote Code Execution Vulnerability to Vanilla - 39 upvotes, $600
  114. Log4j RCE on https://judge.me/reviews to Judge.me - 39 upvotes, $50
  115. RCE via ssh:// URIs in multiple VCS to Internet Bug Bounty - 39 upvotes, $0
  116. RCE Possible Via Video Manager Export using @ character in Video Title to Pornhub - 38 upvotes, $500
  117. Remote code execution via path traversal in Zip extraction in the Extract app to Nextcloud - 38 upvotes, $0
  118. [3DS][SSL] Use of uninitialized class member leads to RCE in eShop movie player to Nintendo - 38 upvotes, $0
  119. Arbitrary File Reading leads to RCE in the Pulse Secure SSL VPN on the https://████ to U.S. Dept Of Defense - 36 upvotes, $5000
  120. Signedness issue in ClassInfo message handler leads to RCE on CS:GO client to Valve - 35 upvotes, $7500
  121. Remote code execution as root on [REDACTED] to Zendesk - 35 upvotes, $0
  122. XML Parser Bug: XXE over which leads to RCE to drchrono - 34 upvotes, $0
  123. Remote code execution by hijacking an unclaimed S3 bucket in Rocket.Chat's installation script. to Rocket.Chat - 34 upvotes, $0
  124. RCE in ███ [CVE-2021-26084] to U.S. Dept Of Defense - 33 upvotes, $0
  125. Vanilla Forums domGetImages getimagesize Unserialize Remote Code Execution Vulnerability (critical) to Vanilla - 32 upvotes, $600
  126. Remote Code Execution on ██.8x8.com via .NET VSTATE Deserialization to 8x8 - 32 upvotes, $0
  127. Remote code execution on an Army website to U.S. Dept Of Defense - 31 upvotes, $0
  128. Unauthenticated RCE in Vaultpress to Automattic - 31 upvotes, $0
  129. Pulse Secure File disclosure, clear text and potential RCE to U.S. Dept Of Defense - 31 upvotes, $0
  130. XSS leads to RCE on the RocketChat desktop client. to Rocket.Chat - 31 upvotes, $0
  131. Log4j Java RCE in [beta.dev.adobeconnect.com] to Adobe - 31 upvotes, $0
  132. Malformed map detailed texture files in GoldSrc games lead to Remote Code Execution to Valve - 30 upvotes, $350
  133. RCE in profile picture upload to HackerOne - 30 upvotes, $0
  134. [3DS][StreetPass] Heap Overflow in Swapnote parser leads to userland StreetPass RCE to Nintendo - 30 upvotes, $0
  135. Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) (CVE-2021-42013) to Internet Bug Bounty - 29 upvotes, $1000
  136. Use after free vulnerability in mruby Array#to_h causing DOS possible RCE to shopify-scripts - 29 upvotes, $0
  137. Remote Code Execution (RCE) in a DoD website to U.S. Dept Of Defense - 29 upvotes, $0
  138. ZeroMQ libzmq remote code execution to Internet Bug Bounty - 29 upvotes, $0
  139. RCE vulnerability in apache-airflow-providers-apache-sqoop 3.1.0 to Internet Bug Bounty - 28 upvotes, $2400
  140. [███████] Remote Code Execution at ██████ [CVE-2021-44529] [HtUS] to U.S. Dept Of Defense - 27 upvotes, $1000
  141. RCE via exposed JMX server on jabber.37signals.com/jabber.basecamp.com to Basecamp - 27 upvotes, $100
  142. [hta3] Remote Code Execution on https://███ via improper access control to SCORM Zip upload/import to U.S. Dept Of Defense - 27 upvotes, $0
  143. Bundler's RCE with response using Marshal to RubyGems - 27 upvotes, $0
  144. Lack of quarantine macOS attribute(com.apple.quarantine) leads multiple issues including RCE to Basecamp - 26 upvotes, $250
  145. RCE via Print function [Simplenote 1.1.3 - Desktop app] to Automattic - 26 upvotes, $0
  146. RCE Apache Struts2 remote command execution (S2-045) on [wifi-partner.mtn.com.gh] to MTN Group - 26 upvotes, $0
  147. Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464) to U.S. Dept Of Defense - 26 upvotes, $0
  148. GoldSrc: Buffer Overflow in DELTA_ParseDelta function leads to RCE to Valve - 25 upvotes, $3000
  149. Vanilla Forums Gdn_Format unserialize() Remote Code Execution Vulnerability to Vanilla - 25 upvotes, $600
  150. Authentication bypass and RCE on the https://████ due to exposed Cisco TelePresence SX80 with default credentials to U.S. Dept Of Defense - 25 upvotes, $0
  151. Remote Code Execution via Insecure Deserialization in Telerik UI (CVE-2019-18935) to U.S. Dept Of Defense - 25 upvotes, $0
  152. [GoldSrc] RCE via malformed BSP file to Valve - 24 upvotes, $450
  153. Vanilla Forums Xenforo password splitHash Unserialize Remote Code Execution Vulnerability to Vanilla - 24 upvotes, $300
  154. Attention! Remote Code Execution at http://wpt.ec2.shopify.com/ to Shopify - 24 upvotes, $0
  155. RCE on a Department of Defense website to U.S. Dept Of Defense - 24 upvotes, $0
  156. RCE via File Upload with a Null Byte Truncated File Extension at https://██████/ to U.S. Dept Of Defense - 24 upvotes, $0
  157. Git Reference Ambiguity in GitHub - Commit Smuggling, Account Takeover, and Remote Code Execution to GitHub - 23 upvotes, $4000
  158. [GoldSrc] RCE via 'spk' Console Command to Valve - 23 upvotes, $350
  159. Apache solr RCE via velocity template to U.S. Dept Of Defense - 23 upvotes, $0
  160. Stored XSS in any message (leads to priv esc for all users and file leak + rce via electron app) to Rocket.Chat - 23 upvotes, $0
  161. 2 click Remote Code execution in Evernote Android to Evernote - 23 upvotes, $0
  162. Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.50 to Internet Bug Bounty - 22 upvotes, $1000
  163. Remote Code Execution (RCE) in a Sony Pictures WebSystem to Sony - 22 upvotes, $0
  164. RCE By import channel field to ExpressionEngine - 21 upvotes, $0
  165. Several vulnerabilities lead to Remote Code Execution and Arbitraty File Read on multiple servers to 50m-ctf - 21 upvotes, $0
  166. Jenkins Unauthenticated RCE on https://djangoci.com/ to Django - 21 upvotes, $0
  167. CVE-2022-38362: Apache Airflow Docker Provider <3.0 RCE vulnerability in example dag to Internet Bug Bounty - 21 upvotes, $0
  168. Rocket.Chat Server RCE to Rocket.Chat - 21 upvotes, $0
  169. RCE hazard in reporting (via Chromium) to Elastic - 20 upvotes, $10000
  170. LFI on Accounting server and RCE on FliteThermostat admin server to 50m-ctf - 20 upvotes, $0
  171. Arbitrary File Reading leads to RCE in the Pulse Secure SSL VPN on the https://███ to U.S. Dept Of Defense - 20 upvotes, $0
  172. Remote Code Execution on █████████ to U.S. Dept Of Defense - 19 upvotes, $0
  173. [CVE-2018-7600] Remote Code Execution due to outdated Drupal server on www.█████████ to U.S. Dept Of Defense - 19 upvotes, $0
  174. Remote code execution vulnerability on a DoD website to U.S. Dept Of Defense - 17 upvotes, $0
  175. [Simplenote for Windows] Client RCE via External JavaScript Inclusion leveraging Electron to Automattic - 17 upvotes, $0
  176. Remote Code Execution (RCE) in DoD Websites to U.S. Dept Of Defense - 17 upvotes, $0
  177. Default credentials for the temporary POC site alipoc.stg.starbucks.com.cn permitted WAF bypass and RCE to Starbucks - 17 upvotes, $0
  178. bunyan - RCE via insecure command formatting to Node.js third-party modules - 17 upvotes, $0
  179. Pre-Auth Blind NoSQL Injection leading to Remote Code Execution to Rocket.Chat - 17 upvotes, $0
  180. Steam Deck Single Click Root Remote Code Execution to Valve - 16 upvotes, $750
  181. RCE: DnDing shortcut files to chrome://brave allows loading HTML files in Muon's context to Brave Software - 16 upvotes, $300
  182. Arbitrary file deletion in wp-core - guides towards RCE and information disclosure to WordPress - 16 upvotes, $0
  183. Desktop app RCE (#276031 bypass) to Rocket.Chat - 16 upvotes, $0
  184. Squid as reverse proxy RCE and data leak to Internet Bug Bounty - 16 upvotes, $0
  185. Authenticated path traversal to RCE to Concrete CMS - 16 upvotes, $0
  186. SSRF + RCE через fastCGI в POST /api/nr/video to Mail.ru - 16 upvotes, $0
  187. RCE on ███████ [CVE-2021-26084] to U.S. Dept Of Defense - 16 upvotes, $0
  188. Drupal 7 pre auth sql injection and remote code execution to Internet Bug Bounty - 15 upvotes, $0
  189. Remote Code Execution through Deserialization Attack in OwnBackup app. to ownCloud - 15 upvotes, $0
  190. Several simple remote code execution in pdf-image to Node.js third-party modules - 15 upvotes, $0
  191. [logkitty] RCE via insecure command formatting to Node.js third-party modules - 15 upvotes, $0
  192. Remote Code Execution through Extension Bypass on Log Functionality to Concrete CMS - 15 upvotes, $0
  193. Unauth RCE on Jenkins Instance at https://█████████/ to U.S. Dept Of Defense - 15 upvotes, $0
  194. Buddypress 2.9.1 - Exceeding the maximum upload size - XSS leading to potential RCE. to WordPress - 14 upvotes, $0
  195. [tree-kill] RCE via insecure command concatenation (only Windows) to Node.js third-party modules - 14 upvotes, $0
  196. Remote Code Execution via CVE-2019-18935 to U.S. Dept Of Defense - 14 upvotes, $0
  197. Remote Code Execution through "Files_antivirus" plugin to ownCloud - 14 upvotes, $0
  198. [Urgent] Critical Vulnerability [RCE] on ███ vulnerable to Remote Code Execution by exploiting MS15-034, CVE-2015-1635 to U.S. Dept Of Defense - 14 upvotes, $0
  199. Exposed, outdated nginx server (v1.4.6) potentially vulnerable to heap-based buffer overflow & RCE to IRCCloud - 13 upvotes, $0
  200. Remote Code Execution (RCE) in a DoD website to U.S. Dept Of Defense - 13 upvotes, $0
  201. RCE Jira(CVE-2019–11581) [my-com.atlassian.net] to Mail.ru - 13 upvotes, $0
  202. Remote Code Execution - Unauthenticated Remote Command Injection (via Microsoft SharePoint CVE-2019-0604) to U.S. Dept Of Defense - 13 upvotes, $0
  203. chrome://brave can still be navigated to, leading to RCE to Brave Software - 12 upvotes, $300
  204. REMOTE CODE EXECUTION/LOCAL FILE INCLUSION/XSPA/SSRF, view-source:http://sb*.geo.sp1.yahoo.com/, 4/6/14, #SpringClean to Yahoo! - 12 upvotes, $0
  205. Triggering RCE using XSS to bypass CSRF in PowerBeam M5 300 to Ubiquiti Inc. - 12 upvotes, $0
  206. RCE on https://█████/ Using CVE-2017-9248 to U.S. Dept Of Defense - 12 upvotes, $0
  207. (Critical) Remote Code Execution Through Old TinyMCE upload bypass to 8x8 - 12 upvotes, $0
  208. Unrestricted File Upload Leads to XSS & Potential RCE to U.S. Dept Of Defense - 12 upvotes, $0
  209. Remote Code Execution in coming Kibana 7.7.0 to Elastic - 11 upvotes, $5000
  210. [GoldSrc] Remote Code Execution using malicious WAD list in BSP file to Valve - 11 upvotes, $750
  211. RCE vulnerability in Hyperledger Fabric SDK for Java to Hyperledger - 11 upvotes, $200
  212. Remote Code Execution in NovaStor NovaBACKUP DataCenter backup software (Hiback) to LocalTapiola - 11 upvotes, $100
  213. RCE due to Web Console IP Whitelist bypass in Rails 4.0 and 4.1 to Ruby on Rails - 11 upvotes, $0
  214. Remote Code Execution in Rocket.Chat Desktop to Rocket.Chat - 11 upvotes, $0
  215. Exim off-by-one RCE vulnerability to Internet Bug Bounty - 11 upvotes, $0
  216. CSV Injection Via Student Password/Name Leads To Client Side RCE And Reading Client Files to Khan Academy - 11 upvotes, $0
  217. Unauthorized Kubernetes to RCE (root) and found TEAMTNT Crypto Miner on it to IBM - 11 upvotes, $0
  218. Insecure use of shell.openExternal() in Rocket.Chat Desktop App leading to RCE to Rocket.Chat - 11 upvotes, $0
  219. PHP Object injection -> Building Custom Gadget chain -> RCE to ExpressionEngine - 11 upvotes, $0
  220. Remote Code Execution (RCE) in a DoD website to U.S. Dept Of Defense - 10 upvotes, $0
  221. Remote Code Execution in Wordpress Desktop to Automattic - 10 upvotes, $0
  222. RCE in AirOS 6.2.0 Devices with CSRF bypass to Ubiquiti Inc. - 10 upvotes, $0
  223. Post-Auth Blind NoSQL Injection in the users.list API leads to Remote Code Execution to Rocket.Chat - 10 upvotes, $0
  224. RCE on 17 different Docker containers on your network to Nextcloud - 10 upvotes, $0
  225. A bypass of adding remote files in concrete5 FIlemanager leads to remote code execution to Concrete CMS - 10 upvotes, $0
  226. Arbitrary file download via "Save .torrent file" option can lead to Client RCE and XSS to Brave Software - 10 upvotes, $0
  227. [Git Gud] GitHub.com Svnbridge memcached deserialization vulnerability chain leading to Remote Code Execution to GitHub - 10 upvotes, $0
  228. Explicit, dynamic render path: Dir. Trav + RCE to Ruby on Rails - 9 upvotes, $500
  229. RCE in ci.owncloud.com / ci.owncloud.org to ownCloud - 9 upvotes, $0
  230. RCE (Remote Code Execution) Vulnerability on Ruby to Ruby - 9 upvotes, $0
  231. Remote Code Execution (RCE) in a DoD website to U.S. Dept Of Defense - 9 upvotes, $0
  232. Unrestricted File Upload Leading to Remote Code Execution to Central Security Project - 9 upvotes, $0
  233. [CVE-2019-11510 ] Path Traversal on ████████ leads to leaked passwords, RCE, etc to U.S. Dept Of Defense - 9 upvotes, $0
  234. PHPUnit is included in groupfolders release package potentially causing RCE to Nextcloud - 9 upvotes, $0
  235. redirect_to(["string"]) remote code execution to Ruby on Rails - 9 upvotes, $0
  236. Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464) to U.S. Dept Of Defense - 9 upvotes, $0
  237. Struct type confusion RCE to shopify-scripts - 8 upvotes, $18000
  238. Remote code execution (RCE) in multiple DoD websites to U.S. Dept Of Defense - 8 upvotes, $0
  239. Cisco RCE to Informatica - 8 upvotes, $0
  240. [jsreport] Remote Code Execution to Node.js third-party modules - 8 upvotes, $0
  241. [CRITICAL] Remote code execution on http://axa.dxi.eu to 8x8 - 8 upvotes, $0
  242. RCE (Remote code execution) in one of DoD's websites to U.S. Dept Of Defense - 8 upvotes, $0
  243. RCE in ██████ subdomain via CVE-2017-1000486 to U.S. Dept Of Defense - 8 upvotes, $0
  244. Remote code execution using render :inline to Ruby on Rails - 7 upvotes, $1500
  245. Remote Code Execution in the Import Channel function to ExpressionEngine - 7 upvotes, $0
  246. Root Remote Code Execution on https://███ to U.S. Dept Of Defense - 7 upvotes, $0
  247. (Authenticated) RCE by bypassing of the .htaccess blacklist to Nextcloud - 7 upvotes, $0
  248. [blamer] RCE via insecure command formatting to Node.js third-party modules - 7 upvotes, $0
  249. [git-promise] RCE via insecure command formatting to Node.js third-party modules - 7 upvotes, $0
  250. apps.owncloud.com: Malicious file upload leads to remote code execution to ownCloud - 6 upvotes, $0
  251. Remote code execution vulnerability on a DoD website to U.S. Dept Of Defense - 6 upvotes, $0
  252. Remote Code Execution (RCE) vulnerability in a DoD website to U.S. Dept Of Defense - 6 upvotes, $0
  253. Authenticated RCE in ToughSwitch to Ubiquiti Inc. - 6 upvotes, $0
  254. accounts.informatica.com - RCE due to exposed Groovy console to Informatica - 6 upvotes, $0
  255. RCE on default Ubuntu Desktop >= 12.10 Quantal to Internet Bug Bounty - 6 upvotes, $0
  256. [notevil] - Sandbox Escape Lead to RCE on Node.js and XSS in the Browser to Node.js third-party modules - 6 upvotes, $0
  257. Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464) to U.S. Dept Of Defense - 6 upvotes, $0
  258. Fetching the update json scheme from concrete5 over HTTP leads to remote code execution to Concrete CMS - 6 upvotes, $0
  259. RCE в .api/nr/report/{id}/download to Mail.ru - 6 upvotes, $0
  260. Remote code execution due to unvalidated file upload to MTN Group - 6 upvotes, $0
  261. Remote Code Execution on ownCloud instances with ImageMagick installed to ownCloud - 6 upvotes, $0
  262. 'Limited' RCE in certain places where Liquid is accepted to Shopify - 5 upvotes, $1500
  263. Possible RCE to Nextcloud - 5 upvotes, $0
  264. Remote Code Execution (RCE) in a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
  265. [node-df] RCE via insecure command concatenation to Node.js third-party modules - 5 upvotes, $0
  266. Email address is not validated, No Rate Limit and RCE On Forgot Password Page Of affiliates.nordvpn.com to Nord Security - 5 upvotes, $0
  267. [arpping] Remote Code Execution to Node.js third-party modules - 5 upvotes, $0
  268. Post-Auth Stored XSS with User Interaction leads to Remote Code Execution to Rocket.Chat - 5 upvotes, $0
  269. Canonical Snapcraft vulnerable to remote code execution under certain conditions to Internet Bug Bounty - 5 upvotes, $0
  270. Review remote code execution in SwiftMailer to Nextcloud - 4 upvotes, $0
  271. Remote Code Execution (RCE) in a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  272. Remote Code Execution (RCE) vulnerability in multiple DoD websites to U.S. Dept Of Defense - 4 upvotes, $0
  273. Wordpress 4.8.1 - Rogue editor leads to RCE. And the risks of same origin frame scripting in general to WordPress - 4 upvotes, $0
  274. Remote Code Execution (RCE) in a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
  275. potential RCE and XSS via file upload requiring user account and default settings to Nextcloud - 4 upvotes, $0
  276. Custom crafted message object in Meteor.Call allows remote code execution and impersonation to Rocket.Chat - 4 upvotes, $0
  277. Deserialization of potentially malicious data to RCE to Django - 4 upvotes, $0
  278. Insecure use of shell.openExternal() leads to RCE in Rocket.Chat-Desktop to Rocket.Chat - 4 upvotes, $0
  279. RCE через JDWP to Mail.ru - 3 upvotes, $300
  280. Remote Code Execution (RCE) in a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
  281. Remote code execution vulnerability on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
  282. [treekill] RCE via insecure command concatenation (only Windows) to Node.js third-party modules - 3 upvotes, $0
  283. [meta-git] RCE via insecure command formatting to Node.js third-party modules - 3 upvotes, $0
  284. [npm-git-publish] RCE via insecure command formatting to Node.js third-party modules - 3 upvotes, $0
  285. [windows-edge] RCE via insecure command formatting to Node.js third-party modules - 3 upvotes, $0
  286. Authenticated RCE via page title to ExpressionEngine - 3 upvotes, $0
  287. Sendmail Remote Code Execution Vulnerability in Concrete5 version 5.7.3.1 to Concrete CMS - 2 upvotes, $0
  288. Java RMI (Remote Code Execution) to New Relic - 2 upvotes, $0
  289. WordPress Plugin Insert or Embed Articulate Content into WordPress Remote Code Execution (UNAUTHORIZED) to Nextcloud - 2 upvotes, $0
  290. The “Malstaller” Attack, global hijacking of any installation process to achieve RCE with elevated privileges, Windows OS (vendor agnostic) to Internet Bug Bounty - 2 upvotes, $0
  291. [git-lib] RCE via insecure command formatting to Node.js third-party modules - 2 upvotes, $0
  292. [gity] RCE via insecure command formatting to Node.js third-party modules - 2 upvotes, $0
  293. [create-git] RCE via insecure command formatting to Node.js third-party modules - 2 upvotes, $0
  294. potential remote code execution with phar archive to Internet Bug Bounty - 1 upvotes, $500
  295. Possible xWork classLoader RCE: shared.mail.ru to Mail.ru - 1 upvotes, $200
  296. Adobe Flash Player Regular Expression UAF Remote Code Execution Vulnerability to Internet Bug Bounty - 1 upvotes, $0
  297. [curling] Remote Code Execution to Node.js third-party modules - 1 upvotes, $0
  298. SOAP serialize_function_call() type confusion / RCE to Internet Bug Bounty - 0 upvotes, $0
  299. Missing/Breach of Internal Security Boundary - Access to Job Queue Results in Remote Code Execution to GitLab - 0 upvotes, $0
  300. [commit-msg] RCE via insecure command formatting to Node.js third-party modules - 0 upvotes, $0
  301. [imagickal] Remote Code Execution to Node.js third-party modules - 0 upvotes, $0