#active-exploitation
13 articles
From April to June 2026, ZCyberNews covered 14 articles on active-exploitation, with critical vulnerabilities dominating the severity mix—eight critical, five high, and one medium. The most severe CVE, CVE-2026-48907, carries a CVSS score of 10, while CVE-2024-57726 (9.9), CVE-2026-22679 (9.8), CVE-2026-41089 (9.8), and CVE-2025-0520 (9.4) were also prominent. Government, technology, enterprise, enterprise software, and managed service providers were the top affected sectors, with global impact spanning the United States, North America, Asia, and China.
CRITICALCISA Adds Joomla JCE Flaw CVE-2026-48907 to KEV Catalog
CISA warns of active exploitation of CVE-2026-48907, a CVSS 10.0 improper access control flaw in Widget Factory Joomla Content Editor (JCE) allowing unauthenticated PHP code...
HIGHCVE-2026-42271: LiteLLM Flaw Exploited in the Wild, CISA Adds to KEV
CISA added CVE-2026-42271 (CVSS 8.7) to its Known Exploited Vulnerabilities catalog after evidence of active exploitation against BerriAI LiteLLM deployments.
CRITICALCVE-2026-41089: Windows Netlogon RCE Exploited in Wild
CVE-2026-41089 is a critical Windows Netlogon RCE now reported as exploited in the wild, with Microsoft CNA scoring it CVSS 9.8.
MEDIUMCVE-2026-9082: Drupal Core SQL Injection Bug Added to CISA KEV
CISA added CVE-2026-9082 (CVSS 6.5) to its Known Exploited Vulnerabilities catalog after evidence of active exploitation against all supported Drupal Core versions.
HIGHCVE-2025-2749: Kentico Xperience Path Traversal Under Active Exploit
CISA adds CVE-2025-2749 to KEV catalog: Kentico Xperience path traversal lets authenticated Staging Sync Server upload arbitrary files. Due date for federal agencies: May 4, 2026.
HIGHMicrosoft Warns of Exchange Zero-Day CVE-2026-42897 Exploited in
CVE-2026-42897 is a high-severity Exchange Server spoofing flaw exploited in the wild, enabling XSS-based code execution via Outlook on the web.
CRITICALPalo Alto PAN-OS CVE-2026-0300 Attacked via Captive Portal
CVE-2026-0300 is a critical PAN-OS buffer overflow in the User-ID Authentication Portal. Fixed builds are upcoming, so disable or restrict the portal immediately.
CRITICALWeaver E-cology Zero-Day CVE-2026-22679 Exploited Since March
CVE-2026-22679 (CVSS 9.8) in Weaver E-cology OA has been exploited in the wild since mid-March 2026. Attackers run discovery commands post-exploit. No patch available.
HIGHCISA Adds Actively Exploited ConnectWise, Windows Flaws to KEV
CISA added CVE-2024-1708 (ConnectWise ScreenConnect path traversal, CVSS 8.4) and an unnamed Windows flaw to its KEV catalog based on confirmed active exploitation.
CRITICALCISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Deadline
CISA added 4 actively exploited vulnerabilities to its KEV catalog — SimpleHelp, Samsung MagicINFO 9, and D-Link DIR-823X — with a May 2026 federal remediation deadline.
HIGHLMDeploy SSRF Flaw CVE-2026-33626 Exploited 13 Hours After Disclosure
CVE-2026-33626 (CVSS 7.5) in LMDeploy, an open-source LLM toolkit, was exploited in the wild within 13 hours of public disclosure, enabling SSRF attacks to access sensitive…
CRITICALCritical Nginx UI Vulnerability Actively Exploited for Remote Server Takeover
Attackers are actively exploiting CVE-2026-33032, a critical flaw in the Nginx UI management tool, to execute arbitrary code and gain full control of affected web servers.
CRITICALShowDoc RCE Vulnerability CVE-2025-0520 Under Active Exploitation
Attackers are actively exploiting CVE-2025-0520, a critical RCE flaw in ShowDoc, to compromise unpatched servers via unrestricted file upload. The vulnerability has a CVSS score of 9.4.
Stay Updated
Get the latest cybersecurity news delivered to your inbox.