A PHP object injection in Mirasvit Cache Warmer (CVE-2026-45247) enables unauthenticated remote code execution on Magento 2 and Adobe Commerce systems and is already being actively exploited.
LiteLLM contains critical SQL injection and code execution vulnerabilities that allow complete database access and remote code execution as a system service.
A vulnerability in Red Hat Advanced Cluster Management enables authenticated attackers to execute code and carry out DoS attacks on central cluster management infrastructure.
Gogs contains a critical injection vulnerability in the Git rebase mechanism that can be exploited by any registered user without administrative privileges to execute code on the server.
Two Notepad++ vulnerabilities enable code execution through XML manipulation; they were patched in version 8.9.6.1, but attackers must already have access to the user directory.