Recent
WinBoat: Drive by Client RCE + Sandbox excape.
A remote webpage can abuse an unauthenticated guest HTTP API to compromise the Windows guest container, then feed a malicious app entry leading to Linux host code execution on click.
RCE in buf CLI (from http://buf.build)
A malicious protobuf registry can return a file:// verification URL during device auth; the buf CLI opens it via the OS default handler (e.g. macOS open), enabling client-side code execution during login.
CVE-2025-48938 - GitHub CLI RCE
Remote Code Execution in Github “GH” CLI via custom GitHub Enterprise Server
CVE-2021-30618 - Chrome Headless Remote Debugging RCE via XSS
Abusing XSS and CSRF for Remote Code Execution in Google Chrome
Thinking Outside the Sandbox: Decoding and Defeating Node.js Permissions
A tour of Node.js’s experimental permission controls (module policy + process permissions), plus practical bypasses and the fixes that closed them.
Burp Suite RCE via Chrome Remote Debugging
Burp Suite remote code execution by leveraging the Chrome remote debugging interface when crawling or scaning.
CVE-2023-30587 - Node.js Permission Bypass via Inspector Module
Process-based permissions can be bypassed with the “inspector” module in Node.js
jsonwebtoken: String Payload Parsing Inconsistency Leads to Auth Bypass
A string-vs-object handling mismatch can create surprising type confusion: apps that mutate assumed-object payloads before signing may be bypassed if untrusted input is a string that later verifies as an object.
Node.js Permission Bypass via WASI Module
Restrictions made with the –experimental-permission flag can be bypassed with the built-in wasi module
CVE-2020-17091 - Microsoft Teams Desktop RCE via Missing Context Isolation
Remote Code Execution in Microsoft Teams Desktop Application due to missing contextIsolation flag in authentication windows
Docker Desktop (formaly Kitematic) Container Escape and RCE via “Web Preview”
A malicious Docker image can escape its container and execute code on the host by abusing Kitematic’s Electron Web Preview webview without contextIsolation.
Ghost CMS: Privilege Escalation via Post Preview
An underprivileged Ghost user can create a post with javascript, that when previewed by and admin will execute and elevate privileges.
CVE-2018-15685 - Electron WebPreferences Remote Code Execution
Remote Code Execution vulnerability in Electron affecting apps with the ability to open nested child windows due to WebPreferences not being inherited properly
XSS in Outlook Adaptive Cards via Action.OpenUrl
Adaptive cards in Outlook (and other products) do not properly validate the “Action.OpenUrl” leading to XSS
Unsafe Code Execution in static-eval
Two issues in the static-eval node module that can lead to remote code execution.
Visual Studio Code 1.9.1: Arbitrary Code Execution via Markdown Preview
Previewing a malicious Markdown file in VS Code 1.9.1 can lead to arbitrary code execution.