[?] Related tags:
Critical stack-based buffer overflow in Windows Netlogon lets unauthenticated attackers run SYSTEM code on any Windows domain controller over the network -- now under active exploitation
A size-mismatch bug in the NGINX rewrite module lets a remote, unauthenticated attacker overflow the heap with a single crafted HTTP request -- reliable worker crashes for everyone, potential RCE where ASLR is off. CVSS 4.0 9.2, public PoC, exploited in the wild since 2026-05-16, ~5.7M exposed servers
A buffer overflow in the PAN-OS User-ID Authentication Portal lets a remote, unauthenticated attacker pop a root shell on PA-Series and VM-Series firewalls -- CVSS 9.3, CISA KEV, actively exploited by a likely state-sponsored cluster (CL-STA-1132)
Critical pre-auth race condition in the Windows TCP/IP stack lets remote attackers run code over IPv6 against any IPsec-enabled host -- wormable, no credentials, no user interaction
Critical pre-auth double free in the Windows IKE Service Extensions (IKEEXT.dll) lets remote attackers reach SYSTEM over UDP/500 and UDP/4500 -- wormable, public PoC already online
Critical vulnerability in OpenClaw AI Agent enables Remote Code Execution with just one click - Authentication token exfiltration through manipulated URLs
Critical zero-day vulnerability in Cisco Unified Communications Manager and Webex actively exploited - Root access via code injection possible
root@sekurity:~# echo "End of results for tag: RCE"
End of results for tag: RCE
root@sekurity:~# _