Top RCE reports from HackerOne:
- RCE on Steam Client via buffer overflow in Server Info to Valve - 1252 upvotes, $18000
- Potential pre-auth RCE on Twitter VPN to Twitter - 1152 upvotes, $20160
- RCE via npm misconfig -- installing internal libraries from the public registry to PayPal - 785 upvotes, $30000
- Remote Code Execution on www.semrush.com/my_reports on Logo upload to Semrush - 780 upvotes, $10000
- H1514 Remote Code Execution on kitcrm using bulk customer update of Priority Products to Shopify - 777 upvotes, $15000
- Git flag injection - local file overwrite to remote code execution to GitLab - 755 upvotes, $12000
- RCE and Complete Server Takeover of http://www.█████.starbucks.com.sg/ to Starbucks - 534 upvotes, $4000
- Remote Code Execution in Slack desktop apps + bonus to Slack - 480 upvotes, $1750
- RCE when removing metadata with ExifTool to GitLab - 469 upvotes, $20000
- SQL injection on contactws.contact-sys.com in TScenObject action ScenObjects leads to remote code execution to QIWI - 461 upvotes, $5500
- RCE via unsafe inline Kramdown options when rendering certain Wiki pages to GitLab - 406 upvotes, $20000
- Panorama UI XSS leads to Remote Code Execution via Kick/Disconnect Message to Valve - 406 upvotes, $9000
- Remote code execution on Basecamp.com to Basecamp - 399 upvotes, $5000
- RCE on shared.mail.ru due to "widget" plugin to Mail.ru - 359 upvotes, $10000
- Multiple bugs leads to RCE on TikTok for Android to TikTok - 357 upvotes, $11214
- [ RCE ] Through stopping the redirect in /admin/* the attacker able to bypass Authentication And Upload Malicious File to Mail.ru - 340 upvotes, $4000
- RCE on build server via misconfigured pip install to Yelp - 339 upvotes, $15000
- RCE via npm misconfig -- installing internal libraries from the public registry to Uber - 310 upvotes, $9000
- RCE on TikTok Ads Portal to TikTok - 294 upvotes, $12582
- Unrestricted File Upload Leads to RCE on mobile.starbucks.com.sg to Starbucks - 224 upvotes, $5600
- Unchecked weapon id in WeaponList message parser on client leads to RCE to Valve - 224 upvotes, $3000
- RCE by command line argument injection to
gm convert
in/edit/process?a=crop
to Imgur - 223 upvotes, $5000 - Blind SQLi leading to RCE, from Unauthenticated access to a test API Webservice to Starbucks - 216 upvotes, $4000
- Unauthenticated SSRF in jira.tochka.com leading to RCE in confluence.bank24.int to QIWI - 215 upvotes, $1000
- RCE using bash command injection on /system/images (toimitilat.lahitapiola.fi) to LocalTapiola - 206 upvotes, $6800
- OOB reads in network message handlers leads to RCE to Valve - 205 upvotes, $7500
- Debug Mode Leak Critical Information [ AWS Keys , SMTP , Database , Django Secret Key ( RCE ) , Dodoc , Telegram , Twilio .. ] to Mail.ru - 200 upvotes, $7500
- Test-scripts for postgis in mason-repository using unsafe unzip of content from unclaimed bucket creates potential RCE-issues to Mapbox - 197 upvotes, $12500
- RCE on CS:GO client using unsanitized entity ID in EntityMsg message to Valve - 197 upvotes, $9000
- Remote Code Execution on contactws.contact-sys.com via SQL injection in TCertObject operation "Delete" to QIWI - 192 upvotes, $1000
- Git flag injection leading to file overwrite and potential remote code execution to GitLab - 168 upvotes, $3500
- [Portal 2] Remote Code Execution via voice packets to Valve - 165 upvotes, $5000
- RCE as Admin defeats WordPress hardening and file permissions to WordPress - 158 upvotes, $800
- Path traversal, SSTI and RCE on a MailRu acquisition to Mail.ru - 152 upvotes, $2000
- Malformed .BSP Access Violation in CS:GO can lead to Remote Code Execution to Valve - 149 upvotes, $12500
- MobileIron Unauthenticated RCE on mdm.qiwi.com with WAF bypass to QIWI - 146 upvotes, $3500
- Remote Code Execution via Extract App Plugin to Nextcloud - 121 upvotes, $0
- Remote Code Execution on Git.imgur-dev.com to Imgur - 117 upvotes, $2500
- Possible RCE through Windows Custom Protocol on Windows client to Nord Security - 117 upvotes, $500
- Urgent: Server side template injection via Smarty template allows for RCE to Unikrn - 117 upvotes, $400
- SQL injection on contactws.contact-sys.com in TRateObject.AddForOffice in USER_ID parameter leads to remote code execution to QIWI - 115 upvotes, $1000
- Read files on application server, leads to RCE to GitLab - 111 upvotes, $0
- Remote Code Execution (Reverse Shell) - File Manager to Concrete CMS - 111 upvotes, $0
- Specially Crafted Closed Captions File can lead to Remote Code Execution in CS:GO and other Source Games to Valve - 105 upvotes, $7500
- User-assisted RCE in Slack for macOS (from official site) due to improper quarantine meta-attribute handling for downloaded files to Slack - 94 upvotes, $750
- uber.com may RCE by Flask Jinja2 Template Injection to Uber - 93 upvotes, $10000
- Tricking the "Create snippet" feature into displaying the wrong filetype can lead to RCE on Slack users to Slack - 91 upvotes, $1500
- Remote Code Execution in ██████ to U.S. Dept Of Defense - 91 upvotes, $0
- XXE in DoD website that may lead to RCE to U.S. Dept Of Defense - 89 upvotes, $0
- Privilege Escalation via REST API to Administrator leads to RCE to WordPress - 84 upvotes, $1125
- Vanilla Forums AddonManager getSingleIndex Directory Traversal File Inclusion Remote Code Execution Vulnerability to Vanilla - 84 upvotes, $900
- Remote Code Execution on contactws.contact-sys.com via SQL injection in TAktifBankObject.GetOrder in parameter DOC_ID to QIWI - 83 upvotes, $2500
- Remote Unrestricted file Creation/Deletion and Possible RCE. to Twitter - 83 upvotes, $0
- Remote Code Execution (RCE) in a DoD website to U.S. Dept Of Defense - 83 upvotes, $0
- [app-01.youdrive.club] RCE in CI/CD via dependency confusion to Mail.ru - 81 upvotes, $3000
- File writing by Directory traversal at actionpack-page_caching and RCE by it to Ruby on Rails - 79 upvotes, $1000
- Remote Code Execution on Proxy Service (as root) to ██████ - 76 upvotes, $0
- Pre-auth Remote Code Execution on multiple Uber SSL VPN servers to Uber - 72 upvotes, $2000
- Nextcloud Desktop Client RCE via malicious URI schemes to Nextcloud - 71 upvotes, $1000
- RCE on facebooksearch.algolia.com to Algolia - 70 upvotes, $500
- Old WebKit HTML agent in Template Preview function has multiple known vulnerabilities leading to RCE to Lob - 68 upvotes, $1500
- RCE on █████ via CVE-2017-10271 to U.S. Dept Of Defense - 68 upvotes, $0
- RCE, SQLi, IDOR, Auth Bypass and XSS at [staff.███.edu.eg ] to ██████ - 66 upvotes, $0
- GMP Deserialization Type Confusion Vulnerability [MyBB <= 1.8.3 RCE Vulnerability] to Internet Bug Bounty - 64 upvotes, $1500
- Remote Code Execution at http://tw.corp.ubnt.com to Ubiquiti Inc. - 61 upvotes, $5000
- CS:GO Server -> Client RCE through OOB access in CSVCMsg_SplitScreen + Info leak in HTTP download to Valve - 60 upvotes, $7500
- Remote Code Execution (upload) to Legal Robot - 59 upvotes, $120
- Store Development Resource Center was vulnerable to a Remote Code Execution - Unauthenticated Remote Command Injection (CVE-2019-0604) to Starbucks - 56 upvotes, $4000
- [Source Engine] Material path truncation leads to Remote Code Execution to Valve - 56 upvotes, $2500
- Ability to access all user authentication tokens, leads to RCE to GitLab - 56 upvotes, $0
- Remote Code Execution through DNN Cookie Deserialization to U.S. Dept Of Defense - 55 upvotes, $0
- Remote Code Execution on contactws.contact-sys.com via SQL injection in TPrabhuObject.BeginOrder in parameter DOC_ID to QIWI - 51 upvotes, $2500
- WordPress SOME bug in plupload.flash.swf leading to RCE to Automattic - 49 upvotes, $1337
- Remote Code Execution (RCE) at "juid" parameter in /get_zip.php (printshop.engelvoelkers.com) to Engel & Völkers Technology GmbH - 49 upvotes, $0
- Remote code execution on rubygems.org to RubyGems - 48 upvotes, $1500
- RCE in 'Copy as Node Request' BApp via code injection to PortSwigger Web Security - 48 upvotes, $0
- Log4Shell: RCE 0-day exploit on █████████ to U.S. Dept Of Defense - 48 upvotes, $0
- LFI with potential to RCE on ██████ using CVE-2019-3396 to U.S. Dept Of Defense - 47 upvotes, $0
- Remote Code Execution at https://169.38.86.185/ (edst.ibm.com) to IBM - 47 upvotes, $0
- [CS:GO] Unchecked texture file name with TEXTUREFLAGS_DEPTHRENDERTARGET can lead to Remote Code Execution to Valve - 46 upvotes, $2500
- SMB SSRF in emblem editor exposes taketwo domain credentials, may lead to RCE to Rockstar Games - 46 upvotes, $1500
- Java Deserialization RCE via JBoss on card.starbucks.in to Starbucks - 46 upvotes, $0
- Remote Code Execution in Basecamp Windows Electron App to Basecamp - 45 upvotes, $1250
- RCE via WikiCloth markdown rendering if the
rubyluabridge
gem is installed to GitLab - 44 upvotes, $3000 - RCE via Local File Read -> php unserialization-> XXE -> unpickling to h1-5411-CTF - 43 upvotes, $0
- [3DS][SSL][SDK] Unchecked number of audio channels in Mobiclip SDK leads to RCE in eShop movie player to Nintendo - 42 upvotes, $3200
- RCE which may occur due to
ActiveSupport::MessageVerifier
orActiveSupport::MessageEncryptor
(especially Active storage) to Ruby on Rails - 41 upvotes, $1500 - Java Deserialization RCE via JBoss JMXInvokerServlet/EJBInvokerServlet on card.starbucks.in to Starbucks - 41 upvotes, $0
- RCE due to ImageTragick v2 to pixiv - 40 upvotes, $2000
- Log4j RCE on https://judge.me/reviews to Judge.me - 40 upvotes, $50
- Remote Code Execution (RCE) in a Sony WebSystem to Sony - 40 upvotes, $0
- Remote Code Execution via Insecure Deserialization in Telerik UI to U.S. Dept Of Defense - 40 upvotes, $0
- Remote Code Execution in Rocket.Chat-Desktop to Rocket.Chat - 40 upvotes, $0
- RCE via ssh:// URIs in multiple VCS to Internet Bug Bounty - 39 upvotes, $3000
- CVE-2019-11043: a buffer underflow in fpm_main.c can lead to RCE in php-fpm to Internet Bug Bounty - 39 upvotes, $1500
- Vanilla Forums ImportController index file_exists Unserialize Remote Code Execution Vulnerability to Vanilla - 39 upvotes, $600
- [3DS][SSL] Use of uninitialized class member leads to RCE in eShop movie player to Nintendo - 38 upvotes, $3200
- RCE Possible Via Video Manager Export using @ character in Video Title to Pornhub - 38 upvotes, $500
- F5 BIG-IP TMUI RCE - CVE-2020-5902 (██.packet8.net) to 8x8 - 38 upvotes, $0
- Remote code execution via path traversal in Zip extraction in the Extract app to Nextcloud - 37 upvotes, $0
- Arbitrary File Reading leads to RCE in the Pulse Secure SSL VPN on the https://████ to U.S. Dept Of Defense - 36 upvotes, $5000
- Remote code execution as root on [REDACTED] to Zendesk - 34 upvotes, $3000
- Remote code execution by hijacking an unclaimed S3 bucket in Rocket.Chat's installation script. to Rocket.Chat - 34 upvotes, $0
- Signedness issue in ClassInfo message handler leads to RCE on CS:GO client to Valve - 33 upvotes, $7500
- XML Parser Bug: XXE over which leads to RCE to drchrono - 32 upvotes, $700
- Vanilla Forums domGetImages getimagesize Unserialize Remote Code Execution Vulnerability (critical) to Vanilla - 32 upvotes, $600
- Unauthenticated RCE in Vaultpress to Automattic - 31 upvotes, $500
- Remote code execution on an Army website to U.S. Dept Of Defense - 31 upvotes, $0
- Pulse Secure File disclosure, clear text and potential RCE to U.S. Dept Of Defense - 31 upvotes, $0
- XSS leads to RCE on the RocketChat desktop client. to Rocket.Chat - 31 upvotes, $0
- RCE in profile picture upload to HackerOne - 30 upvotes, $2500
- [3DS][StreetPass] Heap Overflow in Swapnote parser leads to userland StreetPass RCE to Nintendo - 30 upvotes, $1682
- Use after free vulnerability in mruby Array#to_h causing DOS possible RCE to shopify-scripts - 29 upvotes, $20000
- ZeroMQ libzmq remote code execution to Internet Bug Bounty - 29 upvotes, $1000
- Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) (CVE-2021-42013) to Internet Bug Bounty - 29 upvotes, $1000
- Remote Code Execution (RCE) in a DoD website to U.S. Dept Of Defense - 29 upvotes, $0
- Malformed map detailed texture files in GoldSrc games lead to Remote Code Execution to Valve - 28 upvotes, $350
- Remote Code Execution on ██.8x8.com via .NET VSTATE Deserialization to 8x8 - 28 upvotes, $0
- RCE via Print function [Simplenote 1.1.3 - Desktop app] to Automattic - 26 upvotes, $250
- RCE via exposed JMX server on jabber.37signals.com/jabber.basecamp.com to Basecamp - 26 upvotes, $100
- GoldSrc: Buffer Overflow in DELTA_ParseDelta function leads to RCE to Valve - 25 upvotes, $3000
- Lack of quarantine macOS attribute(com.apple.quarantine) leads multiple issues including RCE to Basecamp - 25 upvotes, $250
- Authentication bypass and RCE on the https://████ due to exposed Cisco TelePresence SX80 with default credentials to U.S. Dept Of Defense - 25 upvotes, $0
- RCE Apache Struts2 remote command execution (S2-045) on [wifi-partner.mtn.com.gh] to MTN Group - 25 upvotes, $0
- Vanilla Forums Gdn_Format unserialize() Remote Code Execution Vulnerability to Vanilla - 24 upvotes, $600
- [GoldSrc] RCE via malformed BSP file to Valve - 24 upvotes, $450
- Vanilla Forums Xenforo password splitHash Unserialize Remote Code Execution Vulnerability to Vanilla - 24 upvotes, $300
- Attention! Remote Code Execution at http://wpt.ec2.shopify.com/ to Shopify - 23 upvotes, $3000
- [GoldSrc] RCE via 'spk' Console Command to Valve - 23 upvotes, $350
- Stored XSS in any message (leads to priv esc for all users and file leak + rce via electron app) to Rocket.Chat - 23 upvotes, $0
- RCE on a Department of Defense website to U.S. Dept Of Defense - 22 upvotes, $0
- Remote Code Execution via Insecure Deserialization in Telerik UI (CVE-2019-18935) to U.S. Dept Of Defense - 22 upvotes, $0
- Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.50 to Internet Bug Bounty - 21 upvotes, $1000
- Several vulnerabilities lead to Remote Code Execution and Arbitraty File Read on multiple servers to 50m-ctf - 21 upvotes, $0
- Jenkins Unauthenticated RCE on https://djangoci.com/ to Django - 21 upvotes, $0
- Apache solr RCE via velocity template to U.S. Dept Of Defense - 21 upvotes, $0
- Log4j Java RCE in [beta.dev.adobeconnect.com] to Adobe - 21 upvotes, $0
- RCE By import channel field to ExpressionEngine - 20 upvotes, $0
- Remote Code Execution (RCE) in a Sony Pictures WebSystem to Sony - 20 upvotes, $0
- Arbitrary File Reading leads to RCE in the Pulse Secure SSL VPN on the https://███ to U.S. Dept Of Defense - 20 upvotes, $0
- LFI on Accounting server and RCE on FliteThermostat admin server to 50m-ctf - 19 upvotes, $0
- [CVE-2018-7600] Remote Code Execution due to outdated Drupal server on www.█████████ to U.S. Dept Of Defense - 19 upvotes, $0
- Remote Code Execution on █████████ to U.S. Dept Of Defense - 18 upvotes, $0
- 2 click Remote Code execution in Evernote Android to Evernote - 17 upvotes, $750
- [Simplenote for Windows] Client RCE via External JavaScript Inclusion leveraging Electron to Automattic - 17 upvotes, $250
- Remote code execution vulnerability on a DoD website to U.S. Dept Of Defense - 17 upvotes, $0
- Remote Code Execution (RCE) in DoD Websites to U.S. Dept Of Defense - 17 upvotes, $0
- bunyan - RCE via insecure command formatting to Node.js third-party modules - 17 upvotes, $0
- Pre-Auth Blind NoSQL Injection leading to Remote Code Execution to Rocket.Chat - 17 upvotes, $0
- RCE: DnDing shortcut files to chrome://brave allows loading HTML files in Muon's context to Brave Software - 16 upvotes, $300
- Arbitrary file deletion in wp-core - guides towards RCE and information disclosure to WordPress - 16 upvotes, $0
- Default credentials for the temporary POC site alipoc.stg.starbucks.com.cn permitted WAF bypass and RCE to Starbucks - 16 upvotes, $0
- Desktop app RCE (#276031 bypass) to Rocket.Chat - 16 upvotes, $0
- Authenticated path traversal to RCE to Concrete CMS - 16 upvotes, $0
- Squid as reverse proxy RCE and data leak to Internet Bug Bounty - 15 upvotes, $6000
- SSRF + RCE через fastCGI в POST /api/nr/video to Mail.ru - 15 upvotes, $1000
- Remote Code Execution through Deserialization Attack in OwnBackup app. to ownCloud - 15 upvotes, $0
- Several simple remote code execution in pdf-image to Node.js third-party modules - 15 upvotes, $0
- [logkitty] RCE via insecure command formatting to Node.js third-party modules - 15 upvotes, $0
- Unauth RCE on Jenkins Instance at https://█████████/ to U.S. Dept Of Defense - 15 upvotes, $0
- Buddypress 2.9.1 - Exceeding the maximum upload size - XSS leading to potential RCE. to WordPress - 14 upvotes, $275
- [tree-kill] RCE via insecure command concatenation (only Windows) to Node.js third-party modules - 14 upvotes, $0
- Remote Code Execution through Extension Bypass on Log Functionality to Concrete CMS - 14 upvotes, $0
- Remote Code Execution via CVE-2019-18935 to U.S. Dept Of Defense - 14 upvotes, $0
- Remote Code Execution through "Files_antivirus" plugin to ownCloud - 14 upvotes, $0
- RCE hazard in reporting (via Chromium) to Elastic - 13 upvotes, $10000
- Drupal 7 pre auth sql injection and remote code execution to Internet Bug Bounty - 13 upvotes, $3000
- Exposed, outdated nginx server (v1.4.6) potentially vulnerable to heap-based buffer overflow & RCE to IRCCloud - 13 upvotes, $50
- Remote Code Execution (RCE) in a DoD website to U.S. Dept Of Defense - 13 upvotes, $0
- RCE Jira(CVE-2019–11581) [my-com.atlassian.net] to Mail.ru - 13 upvotes, $0
- Triggering RCE using XSS to bypass CSRF in PowerBeam M5 300 to Ubiquiti Inc. - 12 upvotes, $1000
- chrome://brave can still be navigated to, leading to RCE to Brave Software - 12 upvotes, $300
- (Critical) Remote Code Execution Through Old TinyMCE upload bypass to 8x8 - 12 upvotes, $0
- Remote Code Execution - Unauthenticated Remote Command Injection (via Microsoft SharePoint CVE-2019-0604) to U.S. Dept Of Defense - 12 upvotes, $0
- REMOTE CODE EXECUTION/LOCAL FILE INCLUSION/XSPA/SSRF, view-source:http://sb*.geo.sp1.yahoo.com/, 4/6/14, #SpringClean to Yahoo! - 11 upvotes, $3000
- Exim off-by-one RCE vulnerability to Internet Bug Bounty - 11 upvotes, $1500
- [GoldSrc] Remote Code Execution using malicious WAD list in BSP file to Valve - 11 upvotes, $750
- Remote Code Execution in NovaStor NovaBACKUP DataCenter backup software (Hiback) to LocalTapiola - 11 upvotes, $100
- Remote Code Execution in Rocket.Chat Desktop to Rocket.Chat - 11 upvotes, $0
- Unrestricted File Upload Leads to XSS & Potential RCE to U.S. Dept Of Defense - 11 upvotes, $0
- CSV Injection Via Student Password/Name Leads To Client Side RCE And Reading Client Files to Khan Academy - 11 upvotes, $0
- Unauthorized Kubernetes to RCE (root) and found TEAMTNT Crypto Miner on it to IBM - 11 upvotes, $0
- Remote Code Execution in coming Kibana 7.7.0 to Elastic - 10 upvotes, $5000
- RCE due to Web Console IP Whitelist bypass in Rails 4.0 and 4.1 to Ruby on Rails - 10 upvotes, $500
- Remote Code Execution in Wordpress Desktop to Automattic - 10 upvotes, $250
- Remote Code Execution (RCE) in a DoD website to U.S. Dept Of Defense - 10 upvotes, $0
- RCE on https://█████/ Using CVE-2017-9248 to U.S. Dept Of Defense - 10 upvotes, $0
- RCE on 17 different Docker containers on your network to Nextcloud - 10 upvotes, $0
- PHPUnit is included in groupfolders release package potentially causing RCE to Nextcloud - 9 upvotes, $100
- Unrestricted File Upload Leading to Remote Code Execution to Central Security Project - 9 upvotes, $0
- [CVE-2019-11510 ] Path Traversal on ████████ leads to leaked passwords, RCE, etc to U.S. Dept Of Defense - 9 upvotes, $0
- redirect_to(["string"]) remote code execution to Ruby on Rails - 9 upvotes, $0
- Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464) to U.S. Dept Of Defense - 9 upvotes, $0
- Post-Auth Blind NoSQL Injection in the users.list API leads to Remote Code Execution to Rocket.Chat - 9 upvotes, $0
- A bypass of adding remote files in concrete5 FIlemanager leads to remote code execution to Concrete CMS - 9 upvotes, $0
- RCE in AirOS 6.2.0 Devices with CSRF bypass to Ubiquiti Inc. - 8 upvotes, $6839
- Explicit, dynamic render path: Dir. Trav + RCE to Ruby on Rails - 8 upvotes, $500
- RCE in ci.owncloud.com / ci.owncloud.org to ownCloud - 8 upvotes, $0
- RCE (Remote Code Execution) Vulnerability on Ruby to Ruby - 8 upvotes, $0
- Remote code execution (RCE) in multiple DoD websites to U.S. Dept Of Defense - 8 upvotes, $0
- Remote Code Execution (RCE) in a DoD website to U.S. Dept Of Defense - 8 upvotes, $0
- [CRITICAL] Remote code execution on http://axa.dxi.eu to 8x8 - 8 upvotes, $0
- RCE (Remote code execution) in one of DoD's websites to U.S. Dept Of Defense - 8 upvotes, $0
- RCE in ██████ subdomain via CVE-2017-1000486 to U.S. Dept Of Defense - 8 upvotes, $0
- Remote code execution using render :inline to Ruby on Rails - 7 upvotes, $1500
- Remote Code Execution in the Import Channel function to ExpressionEngine - 7 upvotes, $0
- Cisco RCE to Informatica - 7 upvotes, $0
- Root Remote Code Execution on https://███ to U.S. Dept Of Defense - 7 upvotes, $0
- [jsreport] Remote Code Execution to Node.js third-party modules - 7 upvotes, $0
- (Authenticated) RCE by bypassing of the .htaccess blacklist to Nextcloud - 7 upvotes, $0
- [blamer] RCE via insecure command formatting to Node.js third-party modules - 7 upvotes, $0
- [git-promise] RCE via insecure command formatting to Node.js third-party modules - 7 upvotes, $0
- Struct type confusion RCE to shopify-scripts - 6 upvotes, $18000
- Authenticated RCE in ToughSwitch to Ubiquiti Inc. - 6 upvotes, $150
- Remote code execution vulnerability on a DoD website to U.S. Dept Of Defense - 6 upvotes, $0
- Remote Code Execution (RCE) vulnerability in a DoD website to U.S. Dept Of Defense - 6 upvotes, $0
- accounts.informatica.com - RCE due to exposed Groovy console to Informatica - 6 upvotes, $0
- RCE on default Ubuntu Desktop >= 12.10 Quantal to Internet Bug Bounty - 6 upvotes, $0
- [notevil] - Sandbox Escape Lead to RCE on Node.js and XSS in the Browser to Node.js third-party modules - 6 upvotes, $0
- Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464) to U.S. Dept Of Defense - 6 upvotes, $0
- Fetching the update json scheme from concrete5 over HTTP leads to remote code execution to Concrete CMS - 6 upvotes, $0
- RCE в .api/nr/report/{id}/download to Mail.ru - 5 upvotes, $1000
- Canonical Snapcraft vulnerable to remote code execution under certain conditions to Internet Bug Bounty - 5 upvotes, $750
- apps.owncloud.com: Malicious file upload leads to remote code execution to ownCloud - 5 upvotes, $0
- Possible RCE to Nextcloud - 5 upvotes, $0
- Remote Code Execution (RCE) in a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
- [node-df] RCE via insecure command concatenation to Node.js third-party modules - 5 upvotes, $0
- [arpping] Remote Code Execution to Node.js third-party modules - 5 upvotes, $0
- 'Limited' RCE in certain places where Liquid is accepted to Shopify - 4 upvotes, $1500
- Review remote code execution in SwiftMailer to Nextcloud - 4 upvotes, $0
- Remote Code Execution (RCE) in a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
- Remote Code Execution (RCE) vulnerability in multiple DoD websites to U.S. Dept Of Defense - 4 upvotes, $0
- Wordpress 4.8.1 - Rogue editor leads to RCE. And the risks of same origin frame scripting in general to WordPress - 4 upvotes, $0
- Remote Code Execution (RCE) in a DoD website to U.S. Dept Of Defense - 4 upvotes, $0
- Email address is not validated, No Rate Limit and RCE On Forgot Password Page Of affiliates.nordvpn.com to Nord Security - 4 upvotes, $0
- potential RCE and XSS via file upload requiring user account and default settings to Nextcloud - 4 upvotes, $0
- Post-Auth Stored XSS with User Interaction leads to Remote Code Execution to Rocket.Chat - 4 upvotes, $0
- Custom crafted message object in Meteor.Call allows remote code execution and impersonation to Rocket.Chat - 4 upvotes, $0
- Deserialization of potentially malicious data to RCE to Django - 4 upvotes, $0
- Remote Code Execution (RCE) in a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
- Remote code execution vulnerability on a DoD website to U.S. Dept Of Defense - 3 upvotes, $0
- [treekill] RCE via insecure command concatenation (only Windows) to Node.js third-party modules - 3 upvotes, $0
- [npm-git-publish] RCE via insecure command formatting to Node.js third-party modules - 3 upvotes, $0
- [windows-edge] RCE via insecure command formatting to Node.js third-party modules - 3 upvotes, $0
- RCE через JDWP to Mail.ru - 2 upvotes, $300
- Java RMI (Remote Code Execution) to New Relic - 2 upvotes, $0
- WordPress Plugin Insert or Embed Articulate Content into WordPress Remote Code Execution (UNAUTHORIZED) to Nextcloud - 2 upvotes, $0
- The “Malstaller” Attack, global hijacking of any installation process to achieve RCE with elevated privileges, Windows OS (vendor agnostic) to Internet Bug Bounty - 2 upvotes, $0
- [meta-git] RCE via insecure command formatting to Node.js third-party modules - 2 upvotes, $0
- [git-lib] RCE via insecure command formatting to Node.js third-party modules - 2 upvotes, $0
- [gity] RCE via insecure command formatting to Node.js third-party modules - 2 upvotes, $0
- [create-git] RCE via insecure command formatting to Node.js third-party modules - 2 upvotes, $0
- Adobe Flash Player Regular Expression UAF Remote Code Execution Vulnerability to Internet Bug Bounty - 1 upvotes, $5000
- potential remote code execution with phar archive to Internet Bug Bounty - 1 upvotes, $500
- Sendmail Remote Code Execution Vulnerability in Concrete5 version 5.7.3.1 to Concrete CMS - 1 upvotes, $0
- [curling] Remote Code Execution to Node.js third-party modules - 1 upvotes, $0
- SOAP serialize_function_call() type confusion / RCE to Internet Bug Bounty - 0 upvotes, $1500
- Possible xWork classLoader RCE: shared.mail.ru to Mail.ru - 0 upvotes, $200
- Missing/Breach of Internal Security Boundary - Access to Job Queue Results in Remote Code Execution to GitLab - 0 upvotes, $0
- [commit-msg] RCE via insecure command formatting to Node.js third-party modules - 0 upvotes, $0
- [imagickal] Remote Code Execution to Node.js third-party modules - 0 upvotes, $0