#active-exploitation
11 articles
From mid-April to early June 2026, ZCyberNews tracked 12 articles under active-exploitation, covering seven critical and four high-severity vulnerabilities. The most prominent CVEs included CVE-2024-57726 (CVSS 9.9), CVE-2026-22679 (CVSS 9.8), CVE-2026-41089 (CVSS 9.8), CVE-2025-0520 (CVSS 9.4), and CVE-2026-0300 (CVSS 9.3). Affected sectors spanned government, enterprise, technology, managed service providers, and critical infrastructure globally, with particular focus on North America, the United States, Asia, and China.
CRITICALCVE-2026-41089: Windows Netlogon RCE Exploited in Wild
CVE-2026-41089 is a critical Windows Netlogon RCE now reported as exploited in the wild, with Microsoft CNA scoring it CVSS 9.8.
MEDIUMCVE-2026-9082: Drupal Core SQL Injection Bug Added to CISA KEV
CISA added CVE-2026-9082 (CVSS 6.5) to its Known Exploited Vulnerabilities catalog after evidence of active exploitation against all supported Drupal Core versions.
HIGHCVE-2025-2749: Kentico Xperience Path Traversal Under Active Exploit
CISA adds CVE-2025-2749 to KEV catalog: Kentico Xperience path traversal lets authenticated Staging Sync Server upload arbitrary files. Due date for federal agencies: May 4, 2026.
HIGHMicrosoft Warns of Exchange Zero-Day CVE-2026-42897 Exploited in
CVE-2026-42897 is a high-severity Exchange Server spoofing flaw exploited in the wild, enabling XSS-based code execution via Outlook on the web.
CRITICALPalo Alto PAN-OS CVE-2026-0300 Attacked via Captive Portal
CVE-2026-0300 is a critical PAN-OS buffer overflow in the User-ID Authentication Portal. Fixed builds are upcoming, so disable or restrict the portal immediately.
CRITICALWeaver E-cology Zero-Day CVE-2026-22679 Exploited Since March
CVE-2026-22679 (CVSS 9.8) in Weaver E-cology OA has been exploited in the wild since mid-March 2026. Attackers run discovery commands post-exploit. No patch available.
HIGHCISA Adds Actively Exploited ConnectWise, Windows Flaws to KEV
CISA added CVE-2024-1708 (ConnectWise ScreenConnect path traversal, CVSS 8.4) and an unnamed Windows flaw to its KEV catalog based on confirmed active exploitation.
CRITICALCISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Deadline
CISA added 4 actively exploited vulnerabilities to its KEV catalog — SimpleHelp, Samsung MagicINFO 9, and D-Link DIR-823X — with a May 2026 federal remediation deadline.
HIGHLMDeploy SSRF Flaw CVE-2026-33626 Exploited 13 Hours After Disclosure
CVE-2026-33626 (CVSS 7.5) in LMDeploy, an open-source LLM toolkit, was exploited in the wild within 13 hours of public disclosure, enabling SSRF attacks to access sensitive…
CRITICALCritical Nginx UI Vulnerability Actively Exploited for Remote Server Takeover
Attackers are actively exploiting CVE-2026-33032, a critical flaw in the Nginx UI management tool, to execute arbitrary code and gain full control of affected web servers.
CRITICALShowDoc RCE Vulnerability CVE-2025-0520 Under Active Exploitation
Attackers are actively exploiting CVE-2025-0520, a critical RCE flaw in ShowDoc, to compromise unpatched servers via unrestricted file upload. The vulnerability has a CVSS score of 9.4.
Stay Updated
Get the latest cybersecurity news delivered to your inbox.