Vulnerabilities
189 articles
9.8
critical
CVE-2026-41089: Windows Netlogon RCE Exploited in Wild
CVE-2026-41089
cve-2026-41089windows-netlogonmicrosoft
6.5
medium
CVE-2026-9082: Drupal Core SQL Injection Bug Added to CISA KEV
CVE-2026-9082
cve-2026-9082drupalsql-injection
10.0
critical
CVE-2026-20223 (CVSS 10): Unauthenticated API Access in Cisco Secure
CVE-2026-20223
cve-2026-20223cisco-secure-workloadapi-vulnerability
9.1
critical
CVE-2026-2586: Authenticated RCE in GlassFish Admin Console
CVE-2026-2586
cve-2026-2586glassfishrce
9.8
critical
CVE-2026-8957: Mozilla Patches Privilege Escalation in Enterprise
CVE-2026-8957
cve-2026-8957mozilla-firefoxprivilege-escalation
9.6
critical
CVE-2026-8959: Firefox Sandbox Escape via Win32 Boundary Flaw
CVE-2026-8959
cve-2026-8959firefoxmozilla
9.8
critical
CVE-2026-4883: Piotnet Forms Plugin RCE via Phar Upload
CVE-2026-4883
wordpresspiotnet-formscve-2026-4883
9.1
critical
CVE-2026-45230: Unauthenticated Path Traversal in DumbAssets Lets
CVE-2026-45230
cve-2026-45230dumbassetspath-traversal
9.8
critical
CVE-2026-7301: SGLang Scheduler RCE via Pickle Deserialization
CVE-2026-7301
cve-2026-7301sglangpickle-deserialization
10.0
critical
CVE-2026-8836: CVSS 10.0 Stack Overflow in lwIP SNMPv3 Parser
CVE-2026-8836
lwipcve-2026-8836snmpv3
6.4
medium
Cookie Law Bar 1.2.1 Stored XSS Enables Cookie Theft
CVE-2021-47957
wordpressstored-xsscve-2021-47957
5.4
medium
CouchCMS 2.2.1 XSS Lets Authenticated Users Inject Arbitrary JS via
CVE-2021-47955
couchcmscross-site-scriptingcve-2021-47955
7.2
high
CVE-2024-57728: SimpleHelp Path Traversal Lets Admins Upload
CVE-2024-57728
cve-2024-57728simplehelppath-traversal
—
high
CVE-2025-2749: Kentico Xperience Path Traversal Under Active Exploit
CVE-2025-2749
cve-2025-2749kentico-xperiencepath-traversal
1.0
low
EMQX QoS 2 Race Condition CVE-2026-8741 Affects Up to 6.2.0
CVE-2026-8741
emqxmqttrace-condition
7.5
high
HACS Path Traversal CVE-2021-47942 Lets Attackers Steal Home
CVE-2021-47942
home-assistanthacspath-traversal
6.5
medium
Open5GS AMF Flaw CVE-2026-8743 Enables Remote Authorization Bypass
CVE-2026-8743
open5gscve-2026-87435g-core
3.0
low
Open5GS NRF DoS CVE-2026-8731 Lets Remote Attackers Crash SBI Client
CVE-2026-8731
open5gscve-2026-8731denial-of-service
—
high
Pixel 10 VPU Driver Bug Lets Userspace Map Kernel Memory
CVE-2025-54957
pixel-10google-project-zerovpu-driver
6.5
medium
PublicCMS Payment Logic Flaw CVE-2026-8738 Allows Unauthorized
CVE-2026-8738
publiccmscve-2026-8738business-logic-flaw
—
high
Avada Builder WordPress Plugin Flaws Expose Site Credentials
CVE-2026-4782
wordpressavada-buildercve-2026-4782
8.8
high
Chrome 148.0.7778.168 Patches Integer Overflows, Sandbox Escape Risk
CVE-2026-8577
google-chromeinteger-overflowsandbox-escape
5.3
medium
Chrome 148.0.7778.168 Patches Two High-Severity OOB Read Flaws
CVE-2026-8543
chromegoogleout-of-bounds-read
3.0
low
Chrome 148 Patches AI Site Isolation Bypass, Android Payment Flaw
CVE-2026-8568
chromegooglesite-isolation
6.5
medium
Chrome 148 Patches ANGLE Data Leak, Google Lens UAF
CVE-2026-8556
chromegoogleangle
—
high
Fleet Patches API Rate-Limiting Bypass via IP Spoofing
CVE-2026-46356
fleetapi-rate-limitingip-spoofing
5.0
medium
libsixel NULL Pointer Dereference CVE-2026-44638 Gets Low CVSS
CVE-2026-44638
libsixelcve-2026-44638null-pointer-dereference
4.7
medium
MCP Registry OIDC Flaw CVE-2026-44428 Lets Attackers Hijack GitHub
CVE-2026-44428
mcp-registrycve-2026-44428oidc
6.5
medium
Medical Management System Flaw Lets Attackers Reset Any Password
CVE-2025-67437
cve-2025-67437medical-management-systeminsecure-permissions
7.7
high
Open WebUI Patches Three Flaws: XSS, SVG Injection, Auth Bypass
CVE-2026-45314
open-webuixssauthentication-bypass
—
high
Silicon Labs SixG301xxx DPA Countermeasure Flaw Weakens Crypto Keys
CVE-2025-14972
silicon-labssixg301xxxdpa
7.5
high
ZITADEL LDAP Filter Injection CVE-2026-44671 Allows Unauthenticated
CVE-2026-44671
zitadelldap-injectioncve-2026-44671
—
high
Aegra IDOR CVE-2026-44504 Exposes Cross-Tenant Data in Shared
CVE-2026-44504
cve-2026-44504aegraidor
8.0
high
aria2c EKU Validation Flaw CVE-2026-8367 Enables TLS Certificate
CVE-2026-8367
aria2ccve-2026-8367tls-certificate-validation
—
critical
Chrome 148 Patches 79 Flaws, 14 Critical Including Heap Overflow
CVE-2026-8509
chromegooglebrowser-security
6.1
medium
fast-xml-builder Flaw CVE-2026-44664 Enables XML Injection via
CVE-2026-44664
fast-xml-buildercve-2026-44664xml-injection
9.8
critical
GitHub Copilot CLI Flaw CVE-2026-45033 Enables RCE via Malicious Repos
CVE-2026-45033
githubcopilot-clicve-2026-45033
8.1
high
Lenovo Personal Cloud Storage Flaw CVE-2026-6282 Enables Lateral File
CVE-2026-6282
lenovocve-2026-6282nas
7.8
high
Libsixel Heap Overflow CVE-2026-44636 Lets Attackers Trigger RCE
CVE-2026-44636
libsixelcve-2026-44636heap-overflow
—
high
Microsoft Warns of Exchange Zero-Day CVE-2026-42897 Exploited in
CVE-2026-42897
microsoft-exchangecve-2026-42897zero-day
8.1
high
Next.js Patches Two Authorization Bypass Flaws in App Router
CVE-2026-44574
next.jsvercelauthorization-bypass
7.5
high
Next.js Patches XSS and DoS Flaws in Cache Components
CVE-2026-44580
next.jsxssdos
8.8
high
OpenImageIO Integer Overflow CVE-2026-43908 Enables OOB Write
CVE-2026-43908
openimageiocve-2026-43908integer-overflow
5.5
medium
OpenImageIO TGA Decoder Flaw CVE-2026-43996 Enables OOB Read
CVE-2026-43996
openimageiocve-2026-43996oob-read
—
high
Palo Alto GlobalProtect Flaws Let Attackers Intercept Encrypted
CVE-2026-0249
palo-alto-networksglobalprotectcve-2026-0249
7.5
high
protobufjs Flaw CVE-2026-45740 Enables DoS via Deeply Nested JSON
CVE-2026-45740
protobufjscve-2026-45740denial-of-service
10.0
critical
Cisco Catalyst SD-WAN Controller Flaw CVE-2026-20182 Scores Perfect
CVE-2026-20182
ciscosd-wanauthentication-bypass
9.2
critical
F5 Patches 51 Flaws: NGINX DoS, BIG-IP RCE Among Critical Fixes
CVE-2026-42945
f5big-ipnginx
—
high
Hackers Exploit PraisonAI Auth Bypass Hours After Disclosure
CVE-2026-44338
praisonaicve-2026-44338authentication-bypass
5.3
medium
Hono Patches CSS Injection and Cache Poisoning Flaws
CVE-2026-44457
honocss-injectioncache-poisoning
—
high
VMware Fusion TOCTOU Flaw CVE-2026-41702 Lets Local Users Escalate to
CVE-2026-41702
vmware-fusioncve-2026-41702privilege-escalation
—
medium
Palo Alto Patches Prisma Access Agent Flaws: Cert Validation, LPE
CVE-2026-0248
palo-alto-networksprisma-access-agentcve-2026-0248
9.6
critical
Adobe Patches 52 Flaws Across 10 Products, Two Critical in Connect
CVE-2026-34659
adobeadobe-connectadobe-commerce
9.8
critical
CosyVoice gRPC Server Insecure Deserialization Flaw CVE-2026-31251
CVE-2026-31251
cosyvoiceinsecure-deserializationcve-2026-31251
7.5
high
CVE-2026-40612: jq Stack Overflow Lets Attackers Crash JSON Processor
CVE-2026-40612
jqcve-2026-40612stack-overflow
—
high
Docling XXE Flaw CVE-2026-31248 Lets Attackers Trigger XML Bomb DoS
CVE-2026-31248
cve-2026-31248doclingxxe
9.8
critical
Exim BDAT Use-After-Free Flaw CVE-2026-45185 Enables Remote Code
CVE-2026-45185
eximmtacve-2026-45185
7.5
high
Meari SDK Flaw CVE-2026-33357 Leaks WAN IP of IoT Cameras
CVE-2026-33357
meariiotcve-2026-33357
8.4
high
Microsoft Patches 137 Flaws, SSO Plugin Bug Rated Critical
CVE-2026-41103
microsoftpatch-tuesdaycve-2026-41103
9.6
critical
SAP Patches Critical S/4HANA, Commerce Flaws with 9.6 CVSS
CVE-2026-34260
saps/4hanasap-commerce
9.8
critical
Unauthenticated SQL Injection in MuuCMF T6 Allows Database Takeover
CVE-2026-36962
muucmfsql-injectioncve-2026-36962
—
critical
Angular Expressions Sandbox Escape CVE-2026-44643 Allows RCE
CVE-2026-44643
angular-expressionssandbox-escaperce
—
critical
Casdoor LFS Flaw CVE-2026-6815 Lets Admins Write Files Anywhere
CVE-2026-6815
casdoorcve-2026-6815path-traversal
—
critical
Corteza SQL Injection Flaw CVE-2026-6093 Lets Attackers Dump Databases
CVE-2026-6093
cortezasql-injectioncve-2026-6093
9.8
critical
Custom css-js-php WordPress Plugin SQLi Leads to RCE (CVE-2026-6433)
CVE-2026-6433
wordpresssql-injectionremote-code-execution
—
high
CVE-2025-61314: Reflected XSS in Mecury Managed Print Services
CVE-2025-61314
cve-2025-61314xssmercury-managed-print-services
—
high
CVE-2025-65417: docuFORM MPS Client Reflected XSS in Login Page
CVE-2025-65417
docuformmanaged-print-service-clientreflected-xss
—
high
CVE-2026-5084: WebDyne Session IDs Generated with Weak MD5/rand()
CVE-2026-5084
cve-2026-5084webdyneperl
9.9
critical
CVE-2026-7813: pgAdmin 4 Server Mode Flaw Lets Users Access Private
CVE-2026-7813
pgadmincve-2026-7813authorization-bypass
5.8
medium
D-Link DNS-320 OS Command Injection Flaw CVE-2026-8273 Lets Remote
CVE-2026-8273
d-linkdns-320cve-2026-8273
9.8
critical
Dell ECS Hard-Coded Credentials Flaw CVE-2026-40636 Hits 9.8 CVSS
CVE-2026-40636
dell-ecsdell-objectscalecve-2026-40636
3.0
low
Devs Palace ERP Online XSS Flaws Allow Remote Script Injection
CVE-2026-8255
devs-palaceerp-onlinexss
—
high
Dirty Frag Linux Flaws Let Unprivileged Users Gain Root, Escape
CVE-2026-43284
linux-kernelcontainer-escapeprivilege-escalation
7.5
high
Docling JATS XML Backend XXE Flaw CVE-2026-31247 Enables DoS
CVE-2026-31247
doclingcve-2026-31247xxe
9.8
critical
GPT-Pilot Command Injection Flaw CVE-2026-31246 Lets Users Execute
CVE-2026-31246
gpt-pilotcve-2026-31246command-injection
4.3
medium
Open5GS SMF DoS Flaws CVE-2026-8251, CVE-2026-8249 Exploited Publicly
CVE-2026-8251
open5gscve-2026-8251cve-2026-8249
6.5
medium
pgAdmin 4 Brute-Force Flaw CVE-2026-7820 Bypasses Account Lockout
CVE-2026-7820
pgadmin-4cve-2026-7820brute-force
8.1
high
pgAdmin 4 File Manager Flaw CVE-2026-7819 Lets Authenticated Users
CVE-2026-7819
pgadmin-4cve-2026-7819path-traversal
4.8
medium
Stored XSS in pgAdmin 4 Lets Attackers Execute JS via Database Object
CVE-2026-7814
pgadminstored-xsscve-2026-7814
5.8
medium
Tenda AC6 Command Injection Flaw CVE-2026-8263 Lets Attackers Execute
CVE-2026-8263
tendaac6command-injection
6.5
medium
Tenda AC6 Router Flaws Enable Remote Command Injection
CVE-2026-8265
tendaac6command-injection
—
high
Wikimedia AbuseFilter Flaw CVE-2026-34086 Lets Editors Bypass
CVE-2026-34086
wikimedia-foundationabusefiltercve-2026-34086
6.3
medium
WSO2 API Manager Flaw CVE-2025-8325 Lets Low-Privilege Users Bypass
CVE-2025-8325
wso2api-manageraccess-control-bypass
5.3
medium
Zephyr TLS 1.3 Socket Flaw Lets Peers Downgrade to TLS 1.2
CVE-2026-1677
zephyrtls-downgradecve-2026-1677
8.8
high
Aero CMS 0.0.1 PHP Code Injection Flaw Lets Authenticated Attackers
CVE-2022-50944
aero-cmsphp-code-injectioncve-2022-50944
6.4
medium
CMDBuild 3.3.2 Stored XSS Flaw Allows Persistent Script Injection
CVE-2021-47925
cmdbuildxsscve-2021-47925
8.8
high
CyberPanel 2.1 Flaw Lets Authenticated Attackers Execute Remote Code
CVE-2021-47949
cyberpanelcve-2021-47949rce
—
high
Emlog CSRF Flaw CVE-2026-42286 Lets Attackers Hijack Admin Actions
CVE-2026-42286
emlogcsrfcve-2026-42286
8.2
high
Opencart TMD Vendor System 3.x SQLi Lets Attackers Dump User
CVE-2021-47928
opencarttmd-vendor-systemsql-injection
6.4
medium
Three WordPress Plugins Carry Stored XSS Flaws (CVE-2021-47926-929)
CVE-2021-47929
wordpressstored-xsscve-2021-47926
6.1
medium
uBidAuction 2.0.1 Reflected XSS Flaw Lets Attackers Inject Scripts
CVE-2022-50966
ubidauctionreflected-xsscve-2022-50966
6.4
medium
WordPress 3dady Stats Plugin Stored XSS Lets Attackers Hijack Sessions
CVE-2022-50945
wordpressstored-xsscve-2022-50945
3.0
low
WordPress Curtain Plugin CSRF Lets Attackers Toggle Maintenance Mode
CVE-2022-50955
wordpresscsrfcurtain
5.4
medium
WordPress GetPaid Plugin HTML Injection Flaw CVE-2021-47948
CVE-2021-47948
wordpressgetpaidhtml-injection
7.8
high
Acer PredatorSense LPE Lets Local Users Gain SYSTEM Privileges
CVE-2026-8069
cve-2026-8069acerpredatorsense
9.6
critical
Argo CD Flaw CVE-2026-42880 Leaks Kubernetes Secrets via Dry-Run
CVE-2026-42880
argo-cdkubernetescve-2026-42880
—
high
Bouncy Castle BC-FJA Flaw CVE-2026-8149 Leaks GCM Keys
CVE-2026-8149
bouncy-castlecve-2026-8149side-channel
—
high
CashDro 3 ATM Panel Weak PINs Enable Brute-Force Access
CVE-2026-8076
cashdroatmbrute-force
5.3
medium
CVE-2023-47268: PrusaSlicer 3MF Files Can Execute Arbitrary Code
CVE-2023-47268
prusaslicercve-2023-472683d-printing
6.3
medium
CVE-2024-30167: Atlona Matrix Switcher Flaw Lets Authenticated Users
CVE-2024-30167
atlonacve-2024-30167command-injection
9.1
critical
CVE-2025-69690: Netgate pfSense CE Module Installer RCE via Backup
CVE-2025-69690
pfsensenetgatecve-2025-69690
9.9
critical
CVE-2025-69691: Netgate pfSense XMLRPC API Allows Admin Code Execution
CVE-2025-69691
pfsensenetgatexmlrpc
8.1
high
DrayTek Vigor 2960 OS Command Injection Flaw Allows Unauthenticated
CVE-2022-50994
draytekvigor-2960os-command-injection
9.1
critical
LibreNMS Pre-24.10.0 RCE via OS Command Injection (CVE-2024-51092)
CVE-2024-51092
librenmscve-2024-51092os-command-injection
7.5
high
MikroTik RouterOS SMB DoS Flaw CVE-2024-27686 Lets Remote Attackers
CVE-2024-27686
mikrotikrouteroscve-2024-27686
8.6
high
PraisonAI Flaw Lets Agents Execute Arbitrary Python Tools
CVE-2026-44339
praisonaicve-2026-44339ai-security
3.0
low
SourceCodester Pharmacy System XSS Flaw CVE-2026-8136 Published
CVE-2026-8136
cve-2026-8136sourcecodesterxss
6.1
medium
Thruk Monitoring XSS Flaw CVE-2022-23961 Lets Attackers Hijack
CVE-2022-23961
thrukcve-2022-23961xss
7.5
high
Yeti JWT Flaw CVE-2024-46508 Lets Attackers Forge Auth Tokens
CVE-2024-46508
cve-2024-46508yetijwt
—
high
CVE-2026-7891: DIVD VerySecureApp Leaks All Records to Anonymous Users
CVE-2026-7891
cve-2026-7891mendixdivd
—
high
GitHub Enterprise Server Flaw Lets Attackers Steal Admin Credentials
CVE-2026-8106
github-enterprise-serverhtml-injectioncredential-theft
—
high
GitHub Enterprise Server SSRF Lets Attackers Reach Internal Services
CVE-2026-8034
github-enterprise-serverssrfcve-2026-8034
—
high
Go ReverseProxy Flaw CVE-2026-39825 Leaks Query Parameters
CVE-2026-39825
goreverseproxycve-2026-39825
6.5
medium
JeecgBoot SQLi Flaw CVE-2026-8114 Exploit Publicly Available
CVE-2026-8114
jeecgbootsql-injectioncve-2026-8114
7.4
high
OpenStack Cyborg API Flaw Lets Low-Privilege Users Reprogram FPGAs
CVE-2026-40213
openstackcyborgcve-2026-40213
4.0
medium
Spring Cloud Config Server Leaks Secrets in Trace Logs
CVE-2026-41004
spring-cloud-configinformation-disclosurecve-2026-41004
—
critical
Chrome 148 Patches 127 Flaws, Three Critical Use-After-Free Bugs
CVE-2026-7896
chromegoogleuse-after-free
—
high
Ivanti EPMM Zero-Day CVE-2026-6973 Exploited in Limited Attacks
CVE-2026-6973
ivantiepmmcve-2026-6973
—
high
Cisco DoS Flaw CVE-2026-20188 Requires Manual Reboot to Recover
CVE-2026-20188
ciscocve-2026-20188denial-of-service
8.8
high
MOVEit Automation CVE-2026-5174 Raises Patch Urgency After Cl0p History
CVE-2026-5174
moveitmoveit-automationprogress-software
9.3
critical
Palo Alto PAN-OS CVE-2026-0300 Attacked via Captive Portal
CVE-2026-0300
palo-alto-networkspan-oscve-2026-0300
8.8
high
Apache Patches Critical HTTP/2 Double-Free Flaw CVE-2026-23918
CVE-2026-23918
apachehttp-servercve-2026-23918
9.3
critical
Critical Ollama Bug CVE-2026-7482 Exposes 300K Deployments
CVE-2026-7482
ollamacve-2026-7482bleeding-llama
9.8
critical
Weaver E-cology Zero-Day CVE-2026-22679 Exploited Since March
CVE-2026-22679
weavere-cologycve-2026-22679
9.8
critical
Flowise RCE Vulnerability CVE-2026-41265 Carries CVSS 9.8
CVE-2026-41265
flowisecve-2026-41265remote-code-execution
7.8
high
Linux 'Copy Fail' LPE CVE-2026-31431 Lets Local Users Gain Root
CVE-2026-31431
cve-2026-31431linuxprivilege-escalation
8.4
high
CISA Adds Actively Exploited ConnectWise, Windows Flaws to KEV
CVE-2024-1708
cisakevconnectwise
9.8
critical
cPanel & WHM Authentication Bypass CVE-2026-41940: CVSS 9.8
CVE-2026-41940
cpanelwhmauthentication-bypass
9.3
critical
CVE-2026-25874: Unpatched RCE Flaw in Hugging Face LeRobot
CVE-2026-25874
hugging-facelerobotcve-2026-25874
8.7
high
GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push
CVE-2026-3854
cve-2026-3854githubremote-code-execution
7.5
high
Oracle VirtualBox Race Condition Lets Attackers Escalate Privileges
CVE-2026-35230
oraclevirtualboxprivilege-escalation
8.1
high
Flowise Auth Bypass CVE-2026-41276 Lets Attackers Reset Passwords
CVE-2026-41276
flowisecve-2026-41276authentication-bypass
7.8
high
Foxit PDF Reader CVE-2026-5943 Use-After-Free RCE Exploited via
CVE-2026-5943
foxitpdf-readercve-2026-5943
3.3
low
Foxit PDF Reader Use-After-Free Leaks Memory via AcroForm Signatures
CVE-2026-5942
foxitpdf-readeruse-after-free
—
high
Google Project Zero Details macOS coreaudiod Exploit Chain
CVE-2024-54529
macoscoreaudiodcve-2024-54529
9.8
critical
LiteLLM CVE-2026-42208 Pre-Auth SQLi Exploited in Attacks
CVE-2026-42208
litellmsql-injectioncve-2026-42208
—
high
Firefox CVE-2026-6770 Patched After Tor User Fingerprinting Risk
CVE-2026-6770
firefoxtorcve-2026-6770
7.8
high
TrueConf Zero-Day CVE-2026-3502 Hit Southeast Asian Govts
CVE-2026-3502
trueconfcve-2026-3502zero-day
9.9
critical
CISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Deadline
CVE-2024-57726
cisakevsimplehelp
7.8
high
Delta ASDA-Soft PAR Buffer Overflow Hits 7.8 CVSS
CVE-2026-5726
delta-electronicsasda-softcve-2026-5726
9.8
critical
FortiGate SSO Bypass CVE-2025-59718 Exploited in Active Attacks
CVE-2025-59718
fortigatecve-2025-59718sso-bypass
9.1
critical
Microsoft Patches Critical ASP.NET Core CVE-2026-40372 Privilege
CVE-2026-40372
microsoftasp.net-corecve-2026-40372
8.8
high
Docker Desktop ECI Flaw CVE-2026-6406 Lets Attackers Escalate
CVE-2026-6406
dockercontainer-securityprivilege-escalation
7.5
high
LMDeploy SSRF Flaw CVE-2026-33626 Exploited 13 Hours After Disclosure
CVE-2026-33626
lmdeploycve-2026-33626ssrf
7.3
high
Siemens SINEC NMS Authentication Bypass CVE-2026-24032 Gets 7.3 CVSS
CVE-2026-24032
siemenssinec-nmsauthentication-bypass
—
high
Apple Patches iOS Flaw That Stored Deleted Signal Notifications
CVE-2026-28950
appleiossignal
9.3
critical
Cohere AI Terrarium Sandbox Flaw Allows Root Code Execution,
CVE-2026-5752
cohereterrariumsandbox-escape
9.8
critical
CrowdStrike LogScale Vulnerability CVE-2026-40050 Lets Attackers Read
CVE-2026-40050
crowdstrikelogscalecve-2026-40050
9.8
critical
Bomgar RMM Exploit Fuels Ransomware and Supply Chain Attacks
CVE-2026-1731
ransomwaresupply-chainvulnerability
—
high
Windows Snipping Tool Vulnerability Leaks NTLM Hashes via Malicious Links
CVE-2026-33829
microsoftwindowscredential-theft
9.8
critical
SGLang Vulnerability CVE-2026-5760 Enables Remote Code Execution via GGUF Files
CVE-2026-5760
ai-securityvulnerabilitymachine-learning
—
critical
Microsoft Office Excel Flaw Exploited in Active Attacks
CVE-2009-0238
microsoftofficecisa-kev
7.8
high
Samsung MagicINFO 9 Server Local Privilege Escalation Vulnerability Patched
CVE-2026-25203
samsungmagicinfoprivilege-escalation
7.5
high
ATEN Unizon RPC Service Vulnerable to Unauthenticated Denial-of-Service
CVE-2026-5057
atenunizondos
7.8
high
Avast Premium Security Driver Vulnerability Enables Local Privilege Escalation
CVE-2026-5424
avastprivilege-escalationdriver
7.8
high
Critical Code Execution Flaw Patched in NI LabVIEW
CVE-2026-32861
industrialrceni
6.5
medium
DriveLock Directory Traversal Vulnerability Exposes Sensitive System Information
CVE-2026-5492
vulnerabilityendpoint-securityinformation-disclosure
8.8
high
DriveLock Privilege Escalation Flaw Allows Attackers to Bypass Security
CVE-2026-5490
endpoint-securityprivilege-escalationsql-injection
7.8
high
GIMP HDR File Parsing Vulnerability Enables Remote Code Execution
CVE-2026-2050
gimpcve-2026-2050rce
7.8
high
GStreamer qtdemux Flaw Enables Remote Code Execution
CVE-2026-5056
gstreamerrcepatch
8.8
high
HP DeskJet 2855e Printer Vulnerable to Remote Code Execution
CVE-2026-4682
iothardwarerce
7.5
high
Linux Kernel ETS Scheduler Race Condition Enables Local Privilege Escalation
CVE-2025-71066
linux-kernelprivilege-escalationrace-condition
7.8
high
Microsoft Patches Windows win32kfull Local Privilege Escalation Vulnerability
CVE-2026-33104
microsoftwindowsprivilege-escalation
7.8
high
Microsoft vcpkg OpenSSL Vulnerability Enables Local Privilege Escalation
CVE-2026-34054
microsoftopensslvcpkg
7.5
high
Microsoft Windows Secure Kernel Double Free Vulnerability Enables Local
CVE-2026-26179
microsoftwindowsprivilege-escalation
7.5
high
Microsoft Windows Snipping Tool Vulnerability Enables Remote Code Execution
CVE-2026-32183
microsoftwindowszero-day
—
critical
PoC Exploit Released for Critical FortiSandbox Command Injection Flaw
CVE-2026-39808
fortinetfortisandboxcommand-injection
8.8
high
QNAP TS-453E QVRPro Exposed Method Enables Remote Code Execution
CVE-2026-22898
qnaprceiot
9.8
critical
Trend Micro Apex One Console Vulnerable to Unauthenticated RCE
CVE-2025-54987
trend-microrcedirectory-traversal
8.8
high
Apache ActiveMQ Vulnerability Exploited, Added to CISA KEV Catalog
CVE-2026-34197
apacheactivemqcisa
9.9
critical
SAP Patches Critical SQL Injection Flaw in Business Planning and Consolidation
CVE-2026-27681
sappatch-tuesdaysql-injection
8.8
high
Critical etcd Authentication Bypass Exposes Kubernetes Cluster Secrets
CVE-2026-33413
etcdkubernetesauthentication-bypass
—
critical
Critical Nginx UI Vulnerability Actively Exploited for Remote Server Takeover
CVE-2026-33032
nginxrceactive-exploitation
—
high
Microsoft Patches Defender Zero-Day Allowing Local Privilege Escalation
CVE-2026-33825
microsoftdefenderzero-day
6.5
medium
Microsoft Confirms Active Exploitation of SharePoint Zero-Day Spoofing Flaw
CVE-2026-32201
microsoftsharepointzero-day
9.1
critical
CISA Flags Six Actively Exploited Flaws in Fortinet, Microsoft, Adobe
CVE-2026-21643
cisakevfortinet
—
high
CISA Warns of Actively Exploited Windows, Adobe Acrobat Vulnerabilities
CVE-2024-21412
cisakevwindows
—
high
Microsoft Patches Exploited SharePoint Zero-Day Among 161 Vulnerabilities
CVE-2025-27088
microsoftpatch-tuesdaysharepoint
—
high
Critical PHP Composer Flaws Allow Remote Command Execution via Perforce Driver
CVE-2026-40176
phpcomposersupply-chain
9.4
critical
ShowDoc RCE Vulnerability CVE-2025-0520 Under Active Exploitation
CVE-2025-0520
showdocrcecve-2025-0520
—
critical
Adobe Patches Acrobat Zero-Day Exploited via Malicious PDFs for Months
CVE-2024-34102
adobezero-daypdf
—
high
CVE-2024-38112: BlueHammer PoC Escalates Windows to SYSTEM
CVE-2024-38112
zero-daywindowsprivilege-escalation
—
critical
Critical Android SDK Flaw Exposed Millions of Crypto Wallet Private Keys
CVE-2023-4863
androidcryptocurrencysdk
—
critical
Critical wolfSSL Flaw Allows Attackers to Forge TLS Certificates
CVE-2022-39173
wolfssltlscryptography
—
critical
Critical WordPress Plugin Flaw Allows Unauthenticated Admin Takeover
CVE-2026-1492
wordpressauthentication-bypasscve-2026-1492
9.3
critical
Critical Marimo RCE Flaw Exploited Within Hours of Disclosure
CVE-2026-39987
rcepythondata-science
—
high
Orthanc DICOM CVE-2023-26012: Pre-Auth RCE on Imaging Servers
CVE-2023-26012
vulnerabilitydicomorthanc
8.6
high
Adobe Patches Critical Acrobat Reader Flaw Under Active Exploitation
CVE-2026-34621
adobeacrobatzero-day
—
critical
Juniper Patches Critical RCE Flaw in Junos OS, Dozens of Other Vulnerabilities
CVE-2024-2973
juniperrcenetwork-security