SardinhaNews

Threat intelligence · CVEs & notícias · atualizado em 14/07, 23:14

Total de CVEs200.727
Novos (24h)990
Críticos23.063
No CISA KEV1.642
Notícias (24h)243
CVEs na mídia (24h)6

Tendências mensais

Novos CVEs publicados

último: 3.834

quantidade por mês

fev/25mai/25ago/25nov/25fev/26mai/26

Contagem mensal de novos CVEs publicados no NVD (National Vulnerability Database).

CVEs por faixa de EPSS

<1%1–10%10–100%

quantidade por mês, por probabilidade de exploração

fev/25mai/25ago/25nov/25fev/26mai/26

Cada CVE é classificado pela probabilidade de ser explorado nos próximos 30 dias (EPSS/FIRST). Quase todos os novos CVEs ficam abaixo de 1% — o volume crescente de publicações ofusca o risco real, que se concentra na linha vermelha (≥10%).

CVEs por faixa de CVSS

BaixoMédioAltoCrítico

quantidade por mês, por severidade

fev/25mai/25ago/25nov/25fev/26mai/26

Distribuição por severidade CVSS: baixo (<4.0), médio (4.0–6.9), alto (7.0–8.9) e crítico (≥9.0). Severidade mede impacto potencial, não probabilidade de ataque.

Adições ao CISA KEV

último: 12

CVEs adicionados por mês

fev/25mai/25ago/25nov/25fev/26mai/26

CVEs que entraram no catálogo KEV da CISA (agência de cibersegurança dos EUA) — exploração ativa confirmada em ataques reais; órgãos federais americanos são obrigados a corrigi-los em prazo definido.

CVEs em alta (últimos 7 dias)

Ranking por score ponderado dos eventos dos últimos 7 dias: entrada no CISA KEV (+10), salto de EPSS (+8), primeira menção na mídia (+5), novas menções (+3), mudança de CVSS (+2) e CVE novo (+1), com bônus proporcional ao CVSS e ao EPSS atuais do CVE.

CVE-2026-1540924.0

A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface. A remote unauthenticated attacker could potentially cause the appliance to make requests to unintended location.

CríticoKEVnão detectável (Tenable)
novoentrou no KEVcitado1ª menção
CVE-2026-1541022.6

Post-authentication improper control of generation of code ('Code Injection') vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) which in specific conditions could potentially enable a remote authenticated attacker as administrator to execute arbitrary OS commands.

AltoKEVnão detectável (Tenable)
novoentrou no KEVcitado1ª menção
CVE-2022-4068419.9

An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.

CríticoKEVEPSS 99,98%VPR 9.5
1ª menção
CVE-2022-2158719.7

Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Web Applications Desktop Integrator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

CríticoKEVEPSS 98,3%VPR 7.9
1ª menção
CVE-2023-2799718.5

A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below, version 6.0.16 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below, version 1.2 all versions, version 1.1 all versions SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests.

CríticoKEVEPSS 85,7%VPR 9.5
1ª menção
CVE-2026-5616417.9

Missing authentication for critical function in Microsoft Office SharePoint allows an unauthorized attacker to elevate privileges over a network.

CríticoKEVnão detectável (Tenable)
novoentrou no KEVCVSS mudou
CVE-2026-385415.9

An improper neutralization of special elements vulnerability was identified in GitHub Enterprise Server that allowed an attacker with push access to a repository to achieve remote code execution on the instance. During a git push operation, user-supplied push option values were not properly sanitized before being included in internal service headers. Because the internal header format used a delimiter character that could also appear in user input, an attacker could inject additional metadata fields through crafted push option values. This vulnerability was reported via the GitHub Bug Bounty program and has been fixed in GitHub Enterprise Server versions 3.14.25, 3.15.20, 3.16.16, 3.17.13, 3.18.7 and 3.19.4.

AltoEPSS 35,9%VPR 7.9
EPSS subiu
CVE-2026-5615514.9

Insufficient granularity of access control in Active Directory Federation Services (AD FS) allows an authorized attacker to elevate privileges locally.

AltoKEVnão detectável (Tenable)
novoentrou no KEV
CVE-2008-412814.3

Multiple cross-site request forgery (CSRF) vulnerabilities in the HTTP Administration component in Cisco IOS 12.4 on the 871 Integrated Services Router allow remote attackers to execute arbitrary commands via (1) a certain "show privilege" command to the /level/15/exec/- URI, and (2) a certain "alias exec" command to the /level/15/exec/-/configure/http URI. NOTE: some of these details are obtained from third party information.

MédioKEVEPSS 12,0%não detectável (Tenable)
novoentrou no KEV

Zero-days recentes

Dark Reading·há 4hzero-day

Recordes são feitos para serem quebrados: Patch Tuesday aumenta as apostas na triagem

A Microsoft lançou correções para 622 CVEs nesta semana, incluindo três vulnerabilidades de dia zero. Mais de 60 vulnerabilidades são consideradas críticas. O grande volume de patches eleva a complexidade da triagem para as equipes de segurança.

BleepingComputer·há 5hzero-day

SonicWall alerta sobre falhas do SMA1000 exploradas em ataques zero-day; corrija agora

A SonicWall alerta que atores de ameaças estão explorando duas vulnerabilidades no SMA1000, rastreadas como CVE-2026-15409 e CVE-2026-15410, em ataques zero-day. A empresa urge os clientes a instalarem as atualizações de segurança recém-lançadas.

CVE-2026-15409CVE-2026-15410
The Hacker News·há 6hzero-day

Microsoft corrige recorde de 622 falhas, incluindo duas vulnerabilidades de dia zero sob ataque ativo

A Microsoft lançou sua maior atualização de Patch Tuesday até hoje, corrigindo 622 vulnerabilidades, mais que o triplo do recorde anterior de junho. Duas das falhas são de dia zero e já estão sendo exploradas ativamente por atacantes. A Microsoft creditou respondedores de incidentes por ambas as descobertas.

SANS Internet Storm Center·há 7hzero-day

Patch Tuesday da Microsoft Julho de 2026 - O Apocalipse da IA Chegou

A Microsoft lançou sua atualização de julho de 2026, corrigindo impressionantes 622 vulnerabilidades, além de outras 427 no Chromium que afetam o navegador Edge. 62 das falhas são classificadas como críticas. Uma vulnerabilidade foi divulgada antes do patch, e duas já foram exploradas ativamente.

SecurityWeek·há 7hzero-day

Microsoft corrige recorde de 622 vulnerabilidades, incluindo duas zero-days exploradas

A Microsoft lançou atualizações de segurança que corrigem um recorde de 622 vulnerabilidades, incluindo duas falhas zero-day exploradas ativamente no Active Directory e no SharePoint Server. Além disso, um bug no BitLocker foi divulgado publicamente. A empresa recomenda a instalação imediata das correções.

BleepingComputer·há 8hzero-day

Patch Tuesday de julho de 2026 da Microsoft corrige enormes 570 falhas, 3 zero-days

A Microsoft lançou as atualizações de segurança de julho de 2026, corrigindo um recorde de 570 falhas, incluindo duas vulnerabilidades de dia zero exploradas em ataques e uma divulgada publicamente. As correções abrangem diversos produtos, como Windows, Office e Exchange. A empresa recomenda a instalação imediata das atualizações.

Notícias de vulnerabilidade

Ars Technica Security·há 4h

O Secure Boot da Microsoft está quebrado há uma década e ninguém notou até agora

Pesquisadores descobriram que shims antigos e esquecidos, que a Microsoft não conseguiu revogar, permitem contornar o Secure Boot. A vulnerabilidade afeta o mecanismo de inicialização segura da Microsoft e pode ser explorada para executar código não autorizado durante a inicialização. A falha existe há mais de uma década e só foi descoberta recentemente.

Dark Reading·há 4hzero-day

Recordes são feitos para serem quebrados: Patch Tuesday aumenta as apostas na triagem

A Microsoft lançou correções para 622 CVEs nesta semana, incluindo três vulnerabilidades de dia zero. Mais de 60 vulnerabilidades são consideradas críticas. O grande volume de patches eleva a complexidade da triagem para as equipes de segurança.

BleepingComputer·há 5hzero-day

SonicWall alerta sobre falhas do SMA1000 exploradas em ataques zero-day; corrija agora

A SonicWall alerta que atores de ameaças estão explorando duas vulnerabilidades no SMA1000, rastreadas como CVE-2026-15409 e CVE-2026-15410, em ataques zero-day. A empresa urge os clientes a instalarem as atualizações de segurança recém-lançadas.

CVE-2026-15409CVE-2026-15410
The Register Security·há 5h

Patchpocalypse Agora: Microsoft supera recorde do mês passado com 622 CVEs na Patch Tuesday

A Microsoft lançou atualizações de segurança para 622 vulnerabilidades em sua Patch Tuesday de fevereiro, superando o recorde anterior de 206 CVEs do mês passado. Entre as falhas corrigidas, 67 são classificadas como críticas e 8 como de dia zero, sendo que 4 destas já estavam sendo exploradas ativamente. A atualização inclui correções para várias versões do Windows, Office, Exchange e outros produtos.

The Hacker News·há 6hzero-day

Microsoft corrige recorde de 622 falhas, incluindo duas vulnerabilidades de dia zero sob ataque ativo

A Microsoft lançou sua maior atualização de Patch Tuesday até hoje, corrigindo 622 vulnerabilidades, mais que o triplo do recorde anterior de junho. Duas das falhas são de dia zero e já estão sendo exploradas ativamente por atacantes. A Microsoft creditou respondedores de incidentes por ambas as descobertas.

CyberScoop·há 6h

Microsoft divulga 'a mãe de todas' as cargas de vulnerabilidades, triplicando o recorde anterior de junho

A Microsoft alertou clientes e defensores que uma enxurrada de defeitos seria descoberta por IA. A empresa cumpriu com um aumento exponencial impressionante. O número de vulnerabilidades divulgadas em julho triplicou o recorde anterior de junho.

Dark Reading·há 6h

Falhas no Wi-Fi de 6 GHz podem interromper sistemas críticos

Sistemas de Coordenação Automática de Frequência (AFC) confiam por padrão em dados do lado do cliente, o que pode levar a falsificação de localização e outros ataques que interrompem o tráfego. As vulnerabilidades afetam a implementação do Wi-Fi de 6 GHz, permitindo que atacantes manipulem informações de localização para obter acesso não autorizado ou causar interferência. Não há indicação de exploração ativa como zero-day, mas as falhas representam riscos para sistemas críticos que dependem de conectividade Wi-Fi.

Krebs on Security·há 7h

Microsoft corrige recorde de 570 falhas de segurança

A Microsoft lançou atualizações de software para corrigir pelo menos 570 falhas de segurança em seus sistemas operacionais Windows e outros softwares, quase o triplo do número de vulnerabilidades corrigidas no recorde do Patch Tuesday do mês passado. A empresa atribuiu o aumento das correções a descobertas de vulnerabilidades auxiliadas por inteligência artificial.

Em destaque (30 dias)

Fabricantes mais citados

Microsoft
64
Google
22
Anthropic
17
GitHub
12
Apple
10
Fortinet
7

Tipos de ataque

ransomware
38
phishing
37
RCE
35
supply chain
26
malware
15
infostealer
12

Tags

ransomware
38
inteligência artificial
34
segurança
32
IA
30
malware
30
phishing
25

Críticos ativamente explorados (CVSS + KEV)

CVEs com severidade crítica (CVSS ≥ 9.0) que constam no catálogo CISA KEV — ou seja, com exploração ativa confirmada em campo. Ordenados pela modificação mais recente; VPR da Tenable quando disponível. Se está nesta lista, é prioridade máxima de correção.

CVEDescriçãoSeveridadeCVSSEPSSVPRKEV desde
CVE-2025-3248Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code.Crítico9.899,99%9.52025-05-05
CVE-2025-34291Langflow versions up to and including 1.6.9 contain a chained vulnerability that enables account takeover and remote code execution. An overly permissive CORS configuration (allow_origins='*' with allow_credentials=True) combined with a refresh token cookie configured as SameSite=None allows a malicious webpage to perform cross-origin requests that include credentials and successfully call the refresh endpoint. An attacker-controlled origin can therefore obtain fresh access_token / refresh_token pairs for a victim session. Obtained tokens permit access to authenticated endpoints — including built-in code-execution functionality — allowing the attacker to execute arbitrary code and achieve full system compromise.Crítico9.478,9%8.92026-05-21
CVE-2024-11680ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability. Remote, unauthenticated attackers can exploit this flaw by sending crafted HTTP requests to options.php, enabling unauthorized modification of the application's configuration. Successful exploitation allows attackers to create accounts, upload webshells, and embed malicious JavaScript.Crítico9.891,6%7.62024-12-03
CVE-2026-15409A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface. A remote unauthenticated attacker could potentially cause the appliance to make requests to unintended location.Crítico10.0não detectável2026-07-14
CVE-2026-56164Missing authentication for critical function in Microsoft Office SharePoint allows an unauthorized attacker to elevate privileges over a network.Crítico9.8não detectável2026-07-14
CVE-2025-10585Type confusion in V8 in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)Crítico9.85,4%7.92025-09-23
CVE-2024-1212Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution.Crítico9.895,4%7.92024-11-18
CVE-2026-56291The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE.Crítico10.00,8%não detectável2026-07-10
CVE-2026-48939A vulnerability in the iCagenda extension for Joomla allows the upload of arbitrary files in the file attachment feature, ultimately resulting in PHP code upload and execution.Crítico10.01,5%não detectável2026-07-10
CVE-2022-26258D-Link DIR-820L 1.05B03 was discovered to contain remote command execution (RCE) vulnerability via HTTP POST to get set ccp.Crítico9.881,1%4.92022-09-08
CVE-2021-42237Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve remote command execution on the machine. No authentication or special configuration is required to exploit this vulnerability.Crítico9.897,9%7.92022-03-25
CVE-2026-48282ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed.Crítico10.028,6%9.52026-07-07
CVE-2024-55591An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12 allows a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module.Crítico9.898,3%9.52025-01-14
CVE-2026-48908A vulnerability in SP Page Builder for Joomla allows unauthenticated users to upload arbitrary files, ultimately resulting in the upload and execution of PHP code.Crítico10.01,6%9.22026-07-07
CVE-2026-56290The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE.Crítico10.02,9%não detectável2026-07-07
CVE-2025-67038An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell command to write logs when user's authantication fails. The username is directly concatenated with the command without any sanitization. This allow attackers to inject arbitrary OS commands into the username parameter. Injected commands are executed with root privileges.Crítico9.80,9%não detectável2026-06-23
CVE-2026-12569A critical remote code execution (RCE) vulnerability has been reported in PTC Windchill PDMlink and PTC FlexPLM. The vulnerability may be exploited through the deserialization of untrusted data.  * This advisory also applies to all CPS versions * The identified vulnerability also impacts Windchill and FlexPLM releases prior to 11.0 M030Crítico9.31,2%não detectável2026-06-25
CVE-2026-48558SimpleHelp versions 5.5.15 and prior and 6.0 pre-release versions contain an authentication bypass vulnerability in the OIDC authentication flow. When OIDC authentication is configured, identity tokens submitted during login are accepted without verifying their cryptographic signature. In a vulnerable configuration, a remote, unauthenticated attacker can submit a forged token containing arbitrary identity claims to obtain a fully authenticated technician session. In some configurations, this may also allow bypass of multi-factor authentication. No user interaction is required.Crítico9.51,2%não detectável2026-06-29
CVE-2026-42208LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.81.16 to before version 1.83.7, a database query used during proxy API key checks mixed the caller-supplied key value into the query text instead of passing it as a separate parameter. An unauthenticated attacker could send a specially crafted Authorization header to any LLM API route (for example POST /chat/completions) and reach this query through the proxy's error-handling path. An attacker could read data from the proxy's database and may be able to modify it, leading to unauthorised access to the proxy and the credentials it manages. This issue has been patched in version 1.83.7.Crítico9.386,6%8.92026-05-08
CVE-2018-1273Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user (or attacker) can supply specially crafted request parameters against Spring Data REST backed HTTP resources or using Spring Data's projection-based request payload binding hat can lead to a remote code execution attack.Crítico9.895,6%7.92022-03-25
CVE-2026-34908A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized changes to the system.Crítico10.02,5%9.52026-06-23
CVE-2026-34909A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to access an underlying account.Crítico10.02,3%9.52026-06-23
CVE-2026-34910A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection.Crítico10.078,6%9.52026-06-23
CVE-2026-20253In Splunk Enterprise 10.2 versions below 10.2.4 and 10 versions below 10.0.7, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint. The vulnerability exists because the PostgreSQL sidecar service endpoint lacks authentication controls, allowing any network-reachable user to invoke file operations without credentials. Splunk Enterprise versions 9.4 and earlier are not affected. If you cannot immediately upgrade to a fixed version, you can mitigate this vulnerability by disabling the PostgreSQL sidecar service.Crítico9.888,2%9.22026-06-18
CVE-2025-57819FreePBX is an open-source web-based graphical user interface. FreePBX 15, 16, and 17 endpoints are vulnerable due to insufficiently sanitized user-supplied data allowing unauthenticated access to FreePBX Administrator leading to arbitrary database manipulation and remote code execution. This issue has been patched in endpoint versions 15.0.66, 16.0.89, and 17.0.3.Crítico10.093,3%8.92025-08-29
CVE-2019-19006Sangoma FreePBX 115.0.16.26 and below, 14.0.13.11 and below, 13.0.197.13 and below have Incorrect Access Control.Crítico9.836,6%7.92026-02-03
CVE-2026-20127A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, and Cisco Catalyst SD-WAN Validator, formerly SD-WAN vBond, could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system. This vulnerability exists because the peering authentication mechanism in an affected system is not working properly. An attacker could exploit this vulnerability by sending crafted requests to an affected system. A successful exploit could allow the attacker to log in to an affected Cisco Catalyst SD-WAN Controller as an internal, high-privileged, non-root&nbsp;user account. Using this account, the attacker could access NETCONF, which would then allow the attacker to manipulate network configuration for the SD-WAN fabric.&nbsp;Crítico10.057,8%9.62026-02-25
CVE-2026-20182May 2026: This security advisory provides the details and fix information for a vulnerability that was discovered and fixed after the was disclosed in February 2026. This new advisory is for a new vulnerability in the control connection handshaking. The section of this advisory includes Show Control Connections guidance to help with system checks.&nbsp; A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, and Cisco Catalyst SD-WAN Validator, formerly SD-WAN vBond, could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system. This vulnerability exists because the peering authentication mechanism in an affected system is not working properly. An attacker could exploit this vulnerability by sending crafted requests to the affected system. A successful exploit could allow the attacker to log in to an affected Cisco Catalyst SD-WAN Controller as an internal, high-privileged, non-root user account. Using this account, the attacker could access NETCONF, which would then allow the attacker to manipulate network configuration for the SD-WAN fabric.Crítico10.088,5%9.62026-05-14
CVE-2026-48907A vulnerability in the JCE editor extension for Joomla allows the creation of new editor profiles for unauthenticated users, ultimately resulting in PHP code upload and execution.Crítico10.080,4%9.22026-06-16
CVE-2026-9082Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Drupal Drupal core allows SQL Injection. This issue affects Drupal core: from 8.9.0 before 10.4.10, from 10.5.0 before 10.5.10, from 10.6.0 before 10.6.9, from 11.0.0 before 11.1.10, from 11.2.0 before 11.2.12, from 11.3.0 before 11.3.10.Crítico9.884,6%5.12026-05-22
CVE-2026-8398A supply chain attack compromised the official installation packages of DAEMON Tools Lite (Windows versions 12.5.0.2421 through 12.5.0.2434), distributed from the legitimate website daemon-tools.cc between approximately April 8, 2026, and May 5, 2026. Attackers gained unauthorized access to the vendor's (AVB Disc Soft) build or distribution infrastructure and trojanized three binaries: DTHelper.exe, DiscSoftBusServiceLite.exe, and DTShellHlp.exe. These files were digitally signed with the legitimate AVB Disc Soft code-signing certificate, allowing the malicious installers to appear trustworthy and bypass signature-based detection.Crítico9.31,5%7.92026-05-27
CVE-2026-50751A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password.Crítico9.370,1%8.52026-06-08
CVE-2026-48172LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possibly to root), as exploited in the wild in May 2026. Detection is best done via a command line of grep -rE "cpanel_jsonapi_func=redisAble" /var/cpanel/logs /usr/local/cpanel/logs/ 2>/dev/null in Bash. If you get no output, you have not been hit with exploitation of the vulnerability. If there is output, we recommend you examine the IP addresses in the list, determine if they are valid IP addresses, and if not, block them. To determine damage done, examine the system logs for use by the detected IP addresses. The issue is related to mishandling of Redis enable/disable features. The recommended minimum version is 2.4.7.Crítico10.018,9%não detectável2026-05-26
CVE-2026-48027Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious version of Nx Console, 18.95.0, was published at 12:30 PM UTC and removed soon after at 12:48 PM UTC, leaving it available for ~18 minutes in Visual Studio Marketplace. For OpenVSX, the problem was detected later, and the compromised version was available from 12:33 UTC to 13:09 UTC (~36 minutes). Version 18.100.0 of Nx Console is not compromised and users may remediate by upgrading to that version.Crítico9.31,8%9.22026-05-27
CVE-2026-45321On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack/* packages were published to the npm registry. The publishes were authenticated via the legitimate GitHub Actions OIDC trusted-publisher binding for TanStack/router, but the publish workflow itself was not modified. The attacker chained three known vulnerability classes — a pull_request_target "Pwn Request" misconfiguration, GitHub Actions cache poisoning across the fork↔base trust boundary, and runtime memory extraction of the OIDC token from the Actions runner process — to publish credential-stealing malware under a trusted identity. Each affected package received exactly two malicious versions, published a few minutes apart.Crítico9.62,3%9.32026-05-27
CVE-2026-45247Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a PHP object injection vulnerability that allows unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in the CacheWarmer cookie. Attackers can exploit the unrestricted call to PHP's native unserialize() function combined with gadget chains available in Magento and its dependencies to execute arbitrary code on the server.Crítico9.327,5%7.92026-06-03
CVE-2026-41940cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.Crítico9.398,1%9.52026-04-30
CVE-2026-3055Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP leading to memory overreadCrítico9.384,0%9.42026-03-30
CVE-2026-39987marimo is a reactive Python notebook. Prior to 0.23.0, Marimo has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint /terminal/ws lacks authentication validation, allowing an unauthenticated attacker to obtain a full PTY shell and execute arbitrary system commands. Unlike other WebSocket endpoints (e.g., /ws) that correctly call validate_auth() for authentication, the /terminal/ws endpoint only checks the running mode and platform support before accepting connections, completely skipping authentication verification. This vulnerability is fixed in 0.23.0.Crítico9.395,6%9.42026-04-23
CVE-2026-35616A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests.Crítico9.888,5%9.52026-04-06
CVE-2026-35273Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Management). Supported versions that are affected are 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).Crítico9.892,3%9.52026-06-12
CVE-2026-33634Trivy is a security scanner. On March 19, 2026, a threat actor used compromised credentials to publish a malicious Trivy v0.69.4 release, force-push 76 of 77 version tags in `aquasecurity/trivy-action` to credential-stealing malware, and replace all 7 tags in `aquasecurity/setup-trivy` with malicious commits. This incident is a continuation of the supply chain attack that began in late February 2026. Following the initial disclosure on March 1, credential rotation was performed but was not atomic (not all credentials were revoked simultaneously). The attacker could have use a valid token to exfiltrate newly rotated secrets during the rotation window (which lasted a few days). This could have allowed the attacker to retain access and execute the March 19 attack. Affected components include the `aquasecurity/trivy` Go / Container image version 0.69.4, the `aquasecurity/trivy-action` GitHub Action versions 0.0.1 – 0.34.2 (76/77), and the`aquasecurity/setup-trivy` GitHub Action versions 0.2.0 – 0.2.6, prior to the recreation of 0.2.6 with a safe commit. Known safe versions include versions 0.69.2 and 0.69.3 of the Trivy binary, version 0.35.0 of trivy-action, and version 0.2.6 of setup-trivy. Additionally, take other mitigations to ensure the safety of secrets. If there is any possibility that a compromised version ran in one's environment, all secrets accessible to affected pipelines must be treated as exposed and rotated immediately. Check whether one's organization pulled or executed Trivy v0.69.4 from any source. Remove any affected artifacts immediately. Review all workflows using `aquasecurity/trivy-action` or `aquasecurity/setup-trivy`. Those who referenced a version tag rather than a full commit SHA should check workflow run logs from March 19–20, 2026 for signs of compromise. Look for repositories named `tpcp-docs` in one's GitHub organization. The presence of such a repository may indicate that the fallback exfiltration mechanism was triggered and secrets were successfully stolen. Pin GitHub Actions to full, immutable commit SHA hashes, don't use mutable version tags.Crítico9.460,4%9.42026-03-26
CVE-2026-33017Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the POST /api/v1/build_public_tmp/{flow_id}/flow endpoint allows building public flows without requiring authentication. When the optional data parameter is supplied, the endpoint uses attacker-controlled flow data (containing arbitrary Python code in node definitions) instead of the stored flow data from the database. This code is passed to exec() with zero sandboxing, resulting in unauthenticated remote code execution. This is distinct from CVE-2025-3248, which fixed /api/v1/validate/code by adding authentication. The build_public_tmp endpoint is designed to be unauthenticated (for public flows) but incorrectly accepts attacker-supplied flow data containing arbitrary executable code. This issue has been fixed in version 1.9.0.Crítico9.398,2%9.52026-03-25
CVE-2026-24858An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.5, FortiAnalyzer 7.4.0 through 7.4.9, FortiAnalyzer 7.2.0 through 7.2.11, FortiAnalyzer 7.0.0 through 7.0.15, FortiManager 7.6.0 through 7.6.5, FortiManager 7.4.0 through 7.4.9, FortiManager 7.2.0 through 7.2.11, FortiManager 7.0.0 through 7.0.15, FortiNAC-F 7.6.3 through 7.6.5, FortiOS 7.6.0 through 7.6.5, FortiOS 7.4.0 through 7.4.10, FortiOS 7.2.0 through 7.2.12, FortiOS 7.0.0 through 7.0.18, FortiProxy 7.6.0 through 7.6.4, FortiProxy 7.4.0 through 7.4.12, FortiProxy 7.2.0 through 7.2.15, FortiProxy 7.0.0 through 7.0.22, FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11 may allow an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices.Crítico9.885,8%9.52026-01-27
CVE-2026-24423SmarterTools SmarterMail versions prior to build 9511 contain an unauthenticated remote code execution vulnerability in the ConnectToHub API method. The attacker could point the SmarterMail to the malicious HTTP server, which serves the malicious OS command. This command will be executed by the vulnerable application.Crítico9.387,7%9.22026-02-05
CVE-2026-24061telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment variable.Crítico9.898,9%9.42026-01-26
CVE-2026-23760SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability in the password reset API. The force-reset-password endpoint permits anonymous requests and fails to verify the existing password or a reset token when resetting system administrator accounts. An unauthenticated attacker can supply a target administrator username and a new password to reset the account, resulting in full administrative compromise of the SmarterMail instance. NOTE: SmarterMail system administrator privileges grant the ability to execute operating system commands via built-in management functionality, effectively providing administrative (SYSTEM or root) access on the underlying host.Crítico9.396,3%9.42026-01-26
CVE-2026-22769Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credential vulnerability. This is considered critical as an unauthenticated remote attacker with knowledge of the hardcoded credential could potentially exploit this vulnerability leading to unauthorized access to the underlying operating system and root-level persistence. Dell recommends that customers upgrade or apply one of the remediations as soon as possible.Crítico10.013,1%não detectável2026-02-18
CVE-2026-21643An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.Crítico9.894,1%9.52026-04-13
CVE-2026-20963Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code over a network.Crítico9.829,4%8.92026-03-18
CVE-2026-20131A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to execute arbitrary Java code as root&nbsp;on an affected device. This vulnerability is due to insecure deserialization of a user-supplied Java byte stream. An attacker could exploit this vulnerability by sending a crafted serialized Java object to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code on the device and elevate privileges to root. Note: If the FMC management interface does not have public internet access, the attack surface that is associated with this vulnerability is reduced.Crítico10.027,6%9.62026-03-19
CVE-2026-20045A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM &amp; Presence Service (Unified CM IM&amp;P), Cisco Unity Connection, and Cisco Webex Calling Dedicated Instance could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device.&nbsp; This vulnerability is due to improper validation of user-supplied input in HTTP requests. An attacker could exploit this vulnerability by sending a sequence of crafted HTTP requests to the web-based management interface of an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root.&nbsp; Note: Cisco has assigned this security advisory a Security Impact Rating (SIR) of Critical rather than High as the score indicates. The reason is that exploitation of this vulnerability could result in an attacker elevating privileges to root.Crítico9.84,3%9.42026-01-21
CVE-2026-1731BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user.Crítico9.988,1%9.52026-02-13
CVE-2026-1340A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.Crítico9.884,0%9.42026-04-08
CVE-2026-1281A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.Crítico9.881,2%9.42026-01-29
CVE-2026-10520An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code executionCrítico10.099,0%9.52026-06-11
CVE-2026-0300A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets. The risk of this issue is greatly reduced if you secure access to the User-ID™ Authentication Portal per the best practice guidelines https://knowledgebase.paloaltonetworks.com/KCSArticleDetail by restricting access to only trusted internal IP addresses. Prisma Access, Cloud NGFW and Panorama appliances are not impacted by this vulnerability.Crítico9.332,1%9.42026-05-06
CVE-2025-9242An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to execute arbitrary code. This vulnerability affects both the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway peer.This vulnerability affects Fireware OS 11.10.2 up to and including 11.12.4_Update1, 12.0 up to and including 12.11.3 and 2025.1.Crítico9.386,4%7.92025-11-12
CVE-2025-8876Improper Input Validation vulnerability in N-able N-central allows OS Command Injection.This issue affects N-central: before 2025.3.1.Crítico9.43,2%7.92025-08-13
CVE-2025-8875Deserialization of Untrusted Data vulnerability in N-able N-central allows Local Execution of Code.This issue affects N-central: before 2025.3.1.Crítico9.41,6%7.92025-08-13
CVE-2025-7775Memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server (OR) NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type (HTTP, SSL or HTTP_QUIC) bound with IPv6 services or servicegroups bound with IPv6 servers (OR) NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type (HTTP, SSL or HTTP_QUIC) bound with DBS IPv6 services or servicegroups bound with IPv6 DBS servers (OR) CR virtual server with type HDXCrítico9.219,0%9.22025-08-26
CVE-2025-6543Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual serverCrítico9.29,8%9.22025-06-30
CVE-2025-6205A missing authorization vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to gain privileged access to the application.Crítico9.171,1%7.32025-10-28
CVE-2025-66644Array Networks ArrayOS AG before 9.4.5.9 allows command injection, as exploited in the wild in August through December 2025.Crítico9.83,1%não detectável2025-12-08
CVE-2025-64446A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests.Crítico9.889,4%9.42025-11-14
CVE-2025-61932Lanscope Endpoint Manager (On-Premises) (Client program (MR) and Detection agent (DA)) improperly verifies the origin of incoming requests, allowing an attacker to execute arbitrary code by sending specially crafted packets.Crítico9.32,7%7.92025-10-22
CVE-2025-61882Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component: BI Publisher Integration). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Concurrent Processing. Successful attacks of this vulnerability can result in takeover of Oracle Concurrent Processing. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).Crítico9.899,7%9.52025-10-06
CVE-2025-61757Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: REST WebServices). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Identity Manager. Successful attacks of this vulnerability can result in takeover of Identity Manager. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).Crítico9.888,3%8.92025-11-21
CVE-2025-5777Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual serverCrítico9.399,9%7.62025-07-10
CVE-2025-5086A deserialization of untrusted data vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could lead to a remote code execution.Crítico9.089,7%8.02025-09-11
CVE-2025-59718A improper verification of cryptographic signature vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.10, FortiProxy 7.2.0 through 7.2.14, FortiProxy 7.0.0 through 7.0.21, FortiSwitchManager 7.2.0 through 7.2.6, FortiSwitchManager 7.0.0 through 7.0.5 allows an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML response message.Crítico9.866,3%9.52025-12-16
CVE-2025-59374"UNSUPPORTED WHEN ASSIGNED" Certain versions of the ASUS Live Update client were distributed with unauthorized modifications introduced through a supply chain compromise. The modified builds could cause devices meeting specific targeting conditions to perform unintended actions. Only devices that met these conditions and installed the compromised versions were affected. The Live Update client has already reached End-of-Support (EOS) in October 2021, and no currently supported devices or products are affected by this issue.Crítico9.31,1%7.72025-12-17
CVE-2025-59287Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.Crítico9.899,96%9.22025-10-24
CVE-2025-58360GeoServer is an open source server that allows users to share and edit geospatial data. From version 2.26.0 to before 2.26.2 and before 2.25.6, an XML External Entity (XXE) vulnerability was identified. The application accepts XML input through a specific endpoint /geoserver/wms operation GetMap. However, this input is not sufficiently sanitized or restricted, allowing an attacker to define external entities within the XML request. This issue has been patched in GeoServer 2.25.6, GeoServer 2.26.3, and GeoServer 2.27.0.Crítico9.866,8%7.92025-12-11
CVE-2025-55182A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.Crítico10.099,6%9.62025-12-05
CVE-2025-54948A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations.Crítico9.820,8%7.92025-08-18
CVE-2025-54309CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtain admin access via HTTPS, as exploited in the wild in July 2025.Crítico9.892,0%8.92025-07-22
CVE-2025-54253Adobe Experience Manager versions 6.5.23 and earlier are affected by a Misconfiguration vulnerability that could result in arbitrary code execution. An attacker could leverage this vulnerability to bypass security mechanisms and execute code. Exploitation of this issue does not require user interaction and scope is changed.Crítico10.087,5%9.02025-10-15
CVE-2025-54236Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue does not require user interaction.Crítico9.196,7%8.32025-10-24
CVE-2025-54068Livewire is a full-stack framework for Laravel. In Livewire v3 up to and including v3.6.3, a vulnerability allows unauthenticated attackers to achieve remote command execution in specific scenarios. The issue stems from how certain component property updates are hydrated. This vulnerability is unique to Livewire v3 and does not affect prior major versions. Exploitation requires a component to be mounted and configured in a particular way, but does not require authentication or user interaction. This issue has been patched in Livewire v3.6.4. All users are strongly encouraged to upgrade to this version or later as soon as possible. No known workarounds are available.Crítico9.295,4%7.92026-03-20
CVE-2025-53770Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild. Microsoft is preparing and fully testing a comprehensive update to address this vulnerability. In the meantime, please make sure that the mitigation provided in this CVE documentation is in place so that you are protected from exploitation.Crítico9.899,97%9.52025-07-20
CVE-2025-53690Deserialization of Untrusted Data vulnerability in Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Code Injection.This issue affects Experience Manager (XM): through 9.0; Experience Platform (XP): through 9.0.Crítico9.030,8%9.52025-09-04
CVE-2025-53521When a BIG-IP APM access policy is configured on a virtual server, specific malicious traffic can lead to Remote Code Execution (RCE).   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.Crítico9.32,2%9.22026-03-27
CVE-2025-52691Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution.Crítico10.085,5%9.52026-01-26
CVE-2025-4632Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1052 allows attackers to write arbitrary file as system authority.Crítico9.824,0%8.92025-05-22
CVE-2025-48703CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1205 allows unauthenticated remote code execution via shell metacharacters in the t_total parameter in a filemanager changePerm request. A valid non-root username must be known.Crítico9.099,6%8.02025-11-04
CVE-2025-47812In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection of arbitrary Lua code into user session files. This can be used to execute arbitrary system commands with the privileges of the FTP service (root or SYSTEM by default). This is thus a remote code execution vulnerability that guarantees a total server compromise. This is also exploitable via anonymous FTP accounts.Crítico10.095,3%9.32025-07-14
CVE-2025-43300An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.8.5 and iPadOS 15.8.5, iOS 16.7.12 and iPadOS 16.7.12, iOS 18.6.2 and iPadOS 18.6.2, iPadOS 17.7.10, macOS Sequoia 15.6.1, macOS Sonoma 14.7.8, macOS Ventura 13.7.8. Processing a malicious image file may result in memory corruption. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.Crítico10.020,0%9.02025-08-21
CVE-2025-42999SAP NetWeaver Visual Composer Metadata Uploader is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability of the host system.Crítico9.112,5%9.02025-05-15
CVE-2025-42599Active! mail 6 BuildInfo: 6.60.05008561 and earlier contains a stack-based buffer overflow vulnerability. Receiving a specially crafted request created and sent by a remote unauthenticated attacker may lead to arbitrary code execution and/or a denial-of-service (DoS) condition.Crítico9.83,1%7.72025-04-28
CVE-2025-40551SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication.Crítico9.884,1%9.22026-02-03
CVE-2025-40536SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that if exploited, could allow an unauthenticated attacker to gain access to certain restricted functionality.Crítico9.881,6%9.22026-02-12
CVE-2025-37164A remote code execution issue exists in HPE OneView.Crítico9.889,7%8.92026-01-07
CVE-2025-34028The Commvault Command Center Innovation Release allows an unauthenticated actor to upload ZIP files that represent install packages that, when expanded by the target server, are vulnerable to path traversal vulnerability that can result in Remote Code Execution via malicious JSP. This issue affects Command Center Innovation Release: 11.38.0 to 11.38.20. The vulnerability is fixed in 11.38.20 with SP38-CU20-433 and SP38-CU20-436 and also fixed in 11.38.25 with SP38-CU25-434 and SP38-CU25-438.Crítico9.397,3%8.02025-05-02
CVE-2025-34026The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The internal Actuator endpoint can be leveraged for access to heap dumps and trace logs.This issue is known to affect Concerto from 12.1.2 through 12.2.0. Additional versions may be vulnerable.Crítico9.283,5%6.02026-01-22
CVE-2025-32975Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1.x before 14.1.101 (Patch 4) contains an authentication bypass vulnerability that allows attackers to impersonate legitimate users without valid credentials. The vulnerability exists in the SSO authentication handling mechanism and can lead to complete administrative takeover.Crítico10.02,4%9.02026-04-20
CVE-2025-32756A stack-based buffer overflow vulnerability [CWE-121] vulnerability in Fortinet FortiCamera 2.1.0 through 2.1.3, FortiCamera 2.0 all versions, FortiCamera 1.1 all versions, FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.0 through 7.4.4, FortiMail 7.2.0 through 7.2.7, FortiMail 7.0.0 through 7.0.8, FortiNDR 7.6.0, FortiNDR 7.4.0 through 7.4.7, FortiNDR 7.2.0 through 7.2.4, FortiNDR 7.0.0 through 7.0.6, FortiRecorder 7.2.0 through 7.2.3, FortiRecorder 7.0.0 through 7.0.5, FortiRecorder 6.4.0 through 6.4.5, FortiVoice 7.2.0, FortiVoice 7.0.0 through 7.0.6, FortiVoice 6.4.0 through 6.4.10 allows a remote unauthenticated attacker to execute arbitrary code or commands via sending HTTP requests with specially crafted hash cookie.Crítico9.832,0%9.22025-05-14
CVE-2025-32433Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround involves disabling the SSH server or to prevent access via firewall rules.Crítico10.097,9%9.52025-06-09
CVE-2025-32432Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Starting from version 3.0.0-RC1 to before 3.9.15, 4.0.0-RC1 to before 4.14.15, and 5.0.0-RC1 to before 5.6.17, Craft is vulnerable to remote code execution. This is a high-impact, low-complexity attack vector. This issue has been patched in versions 3.9.15, 4.14.15, and 5.6.17, and is an additional fix for CVE-2023-41892.Crítico10.099,8%9.52026-03-20
CVE-2025-31324SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availability of the targeted system.Crítico9.899,4%9.42025-04-29