Showing 6 of 347 articles
All CVE Analysis posts (347)
- Microsoft SharePoint CVE-2026-45659 (CVSS 8.8) RCE
- Adobe ColdFusion CVE-2026-48276 (CVSS 10.0) RCE
- CVE-2026-8037 (CVSS 9.6): Kemp LoadMaster RCE
- Kemp LoadMaster CVE-2026-8037 Unauth RCE (CVSS 9.8)
- Djinn Stealer Targets SimpleHelp CVE-2026-48558 Bypass
- libssh2 CVE-2026-55200 (CVSS 9.2) Client-Side RCE
- Oracle PeopleSoft CVE-2026-35273 RCE Actively Exploited
- PeopleSoft CVE-2026-35273 RCE by ShinyHunters (CVSS 9.8)
- Critical Cisco CUCM SSRF CVE-2026-20230 (CVSS 8.6)
- Cisco SD-WAN Manager CVE-2026-20245 Zero-Day Exploited
- Cisco Unified CM CVE-2026-20230 SSRF Root Access (CVSS 8.6)
- DifyTap Vulnerabilities CVE-2026-41948 (CVSS 9.4) Wiretap AI
- CVE-2026-10735 ShapedPlugin WordPress (CVSS 9.8)
- Splunk Enterprise CVE-2026-20253 Actively Exploited
- Cisco Splunk CVE-2026-20253 Critical Exploit
- PeopleSoft CVE-2026-35273 (CVSS 9.8) Actively Exploited
- SimpleHelp CVE-2026-48558 (CVSS 10.0) Bypass
- Oracle PeopleSoft CVE-2026-35273 (CVSS 9.8) ShinyHunters
- Ivanti Sentry CVE-2026-10520 (CVSS 10.0) RCE
- Langflow CVE-2026-5027 (CVSS 8.8) Unauthenticated RCE
- Chrome Zero-Day CVE-2026-11645 Actively Exploited
- Check Point VPN CVE-2026-50751 (CVSS 9.3) Bypass
- Check Point VPN Bypass CVE-2026-50751 (CVSS 9.3)
- CVE-2026-7312 Sitefinity Credential Exposure
- SolarWinds Serv-U CVE-2026-28318 (CVSS 7.5) DoS
- Palo Alto GlobalProtect CVE-2026-0257 (CVSS 7.8) Bypass
- Mirasvit CVE-2026-45247 (CVSS 9.8) RCE Exploit
- Mirasvit Cache Warmer CVE-2026-45247 (CVSS 9.8) RCE
- CVE-2026-49975 HTTP/2 Bomb Critical DoS
- InHand Router Command Injection CVE-2026-38702 (CVSS 9.8)
- CVE-2026-8206 Kirki Privilege Escalation (CVSS 9.8)
- CVE-2026-0257 GlobalProtect Bypass (CVSS 7.8)
- Palo Alto PAN-OS CVE-2026-0257 Bypass (CVSS 7.8)
- Netlogon RCE CVE-2026-41089 (CVSS 9.8) Actively Exploited
- PAN-OS CVE-2026-0257 Auth Bypass Actively Exploited
- MCP Toolbox CVE-2026-9739 (CVSS 9.4) Hijacking Flaw
- Palo Alto GlobalProtect CVE-2026-0257 Actively Exploited
- IBM WebSphere CVE-2026-8633 RCE (CVSS 9.8)
- FortiClient EMS CVE-2026-35616 (CVSS 9.1) Exploited
- DAEMON Tools CVE-2026-8398 Supply Chain (CVSS 9.3)
- IBM ELM Jazz CVE-2026-3660 (CVSS 9.8) Auth Bypass
- SharePoint Server CVE-2026-45659 RCE (CVSS 8.8)
- CVE-2026-26980: Ghost CMS SQL Injection (CVSS 9.4)
- CVE-2026-5426: Zero-Day KnowledgeDeliver RCE (CVSS 7.5)
- Kopia CVE-2026-45695 (CVSS 9.8) Unauthenticated RCE
- Kopia CVE-2026-45695 (CVSS 9.8) Unauthenticated RCE
- ConnectWise Automate CVE-2026-9089 (CVSS 8.8) RCE Risk
- LiteSpeed cPanel CVE-2026-48172 (CVSS 10.0) Root Exploit
- LiteSpeed cPanel Plugin CVE-2026-48172 Root Escalation (CVSS 10.0)
- Drupal CVE-2026-9082 SQL Injection (CVSS 6.5)
- Drupal Core CVE-2026-9082 SQL Injection (CVSS 6.5)
- Exchange CVE-2026-42897 Zero-Day Exploit: Active Attacks
- Microsoft Defender CVE-2026-41091 (CVSS 7.8) Privilege Escalation
- Universal Robots CVE-2026-8153 RCE (CVSS 9.8)
- Universal Robots CVE-2026-8153 RCE (CVSS 9.8)
- CVE-2026-30815 (CVSS 9.1) TP-Link Router Injection Exploit
- CVE-2026-2743 (CVSS 10.0) SEPPMail RCE Vulnerability
- CVE-2026-42897 Exchange Vulnerability - Urgent Mitigation
- CVE-2026-42897 (CVSS 8.1) Exchange Spoofing Active Exploitation
- Claw Chain Vulnerabilities in OpenClaw CVE-2026-44112 (CVSS 9.6)
- CVE-2026-20182 (CVSS 10.0) Critical Cisco SD-WAN Bypass Exploited
- Fragnesia Linux Kernel LPE (CVE-2026-46300, CVSS 7.8) Deep-Dive
- Proactive Breach Detection for Fragnesia Linux Kernel LPE (CVE-2026-46300 (CVSS 7.8))
- May 2026 Patch Tuesday Critical CVE-2026-40361 (8.4) CVE-2026-35421 (7.8)
- Dirty Frag Linux Privilege Escalation CVE-2026-31431 Details
- Dirty Frag Vulnerability Gives Linux Root Access (CVE-2026-43284, CVE-2026-43500)
- cPanel & WHM Vulnerability Fixes: CVE-2026-29202 (CVSS 8.8)
- CVE-2026-29201 cPanel Vulnerability Patch Now (CVSS 4.3)
- CVE-2026-23918 (CVSS 8.8) Apache HTTP/2 DoS-RCE Fix
- CVE-2026-31431 Copy Fail Linux Vulnerability Grants Root
- CVE-2026-22679 Critical Weaver E-cology RCE Exploited
- CVE-2026-41940 cPanel Exploit (CVSS 9.8) - Breach Alert
- CVE-2026-41940 (CVSS 9.8) cPanel & WHM Authentication Bypass
- CVE-2026-31431 (CVSS 7.8) Linux Root Access Actively Exploited
- CVE-2026-31431 Linux Root Exploit in CISA KEV (CVSS 7.8)
- CVE-2026-31431 Linux Privilege Escalation Urgent Fixes
- Critical cPanel Auth Bypass CVE-2026-41940 (CVSS 9.8)
- CVE-2026-31431 Full Root Access Evades Breach Detection
- CVE-2026-3854 (CVSS 8.7) GitHub RCE Threat to Supply Chains
- Hugging Face LeRobot Unauthenticated RCE CVE-2026-25874
- CVE-2026-25874 LeRobot Unauthenticated RCE via Pickle
- CVE-2026-32201 SharePoint Spoofing: Urgent Fixes (CVSS Medium)
- CVE-2026-32201: Critical SharePoint Spoofing Exploit (CVSS Medium)
- CVE-2025-20333 (CVSS 9.9): FIRESTARTER Backdoor Evades Cisco Patches
- FIRESTARTER Backdoor: Mitigate Cisco CVE-2025-20333 (CVSS 9.9)
- CVE-2026-28950 (CVSS N/A): Apple Patches iOS Flaw Exposing Signal
- CVE-2026-40372 ASP.NET Core Flaw Emergency Patch
- CVE-2026-33825 Exploitation Elevates Breach Detection
- CVE-2026-20184 (CVSS 9.8) Cisco Webex Impersonation Exploit
- CVE-2026-25262 (CVSS 0.0): Qualcomm BootROM Vulnerability Impact
- CVE-2025-0520 (CVSS 9.4) ShowDoc Exploits Demand Breach Detection
- CVE-2025-0520 ShowDoc Exploited: Server Takeover (CVSS 9.4)
- CVE-2026-33825 and Windows Zero-Days Actively Exploited
- Nginx UI CVE-2026-33032 (CVSS 9.8) & Windows Zero-Days Exploited
- CVE-2026-33032 Nginx UI Actively Exploited (CVSS 9.8)
- CVE-2026-33032 Nginx Takeover Exploit (CVSS 9.8)
- Critical Apple WebKit CVE-2026-20643: Security Fix Guide
- CVE-2025-26399 (CVSS 9.8) SolarWinds and Ivanti Exploits
- Cyber threat intelligence platform CVE-2026-21385 (CVSS 7.8) Qualcomm 0-Day
- CVE-2026-2796 (CVSS 9.8) Firefox JIT Miscompilation Revealed
- CVE-2026-20079 (CVSS 10.0) and CVE-2026-20131 (CVSS 10.0) Cisco FMC
- CVE-2026-20079 and CVE-2026-20131 in Cisco FMC (CVSS 10.0)
- CVE-2026-20079 (CVSS 10.0) and CVE-2026-20131 (CVSS 10.0) in Cisco Secure FMC
- CVE-2026-20079 (CVSS 10.0) and CVE-2026-20131 (CVSS 10.0) Cisco FMC Root Access
- CVE-2026-22719 VMware Aria Operations Root Access
- CVE-2026-22719 Exploited in VMware Aria Operations
- CVE-2026-21902 Junos Evolved Vulnerability (CVSS 9.8)
- CVE-2026-21902 Junos Evolved RCE (CVSS 9.8)
- CVE-2026-0628 Privilege Escalation in Chrome Gemini AI Panel
- CVE-2026-0628 Chrome Extension Hijack in Gemini Panel
- CVE-2026-0628 Chrome Gemini Panel Privilege Escalation
- CVE-2026-51001 (CVSS 9.8) Remote Code Execution
- CVE-2026-22998 (CVSS 7.8) Windows Kernel Privilege Elevation
- Cisco Catalyst SD-WAN CVE-2026-20127 (CVSS 10.0) Zero-Day
- CVE-2026-20127 Admin Access in Cisco SD-WAN (CVSS 10.0)
- CVE-2026-20127 (CVSS 10.0) Cisco Catalyst SD-WAN Exploitation
- CVE-2026-20127 Cisco Catalyst SD-WAN Exploitation by UAT-8616 (CVSS 9.8)
- CVE-2025-1011 (CVSS 9.8) FortiSIEM Exploit
- CVE-2026-25108 (CVSS 8.7) FileZen Exploitation Confirmed
- Dell RecoverPoint flaw CVE-2026-22769 (CVSS 10.0)
- CVE-2026-22769 Dell RecoverPoint for VMs (CVSS 10.0)
- CVE-2026-22769 Dell RecoverPoint for Virtual Machines (CVSS 10.0) Threat Analysis
- CVE-2026-26019 (CVSS 5.3) LangChain SSRF Vulnerability Exposes Internal Services
- CVE-2026-2441 (CVSS 8.8) Chrome Exploit Under Active Attack
- CVE-2026-2441 (CVSS 8.8) Chrome Zero-Day Exploit Fixed
- CVE-2026-2441 (CVSS 8.8) Chrome Zero-Day Exploit in CSS Engine
- CVE-2026-1731 (CVSS 9.9) Exploited for Network Takeover
- CVE-2026-1731 (CVSS 9.9) Critical BeyondTrust RCE Exploit in the Wild
- CVE-2026-1731 (CVSS 9.9) Used in BeyondTrust RCE Attacks
- CVE-2026-1357 (CVSS 9.8) Hits WordPress Plugin With 900K Installs
- CVE-2026-20700 (CVSS 9.8) Apple Zero-Day Patch Released
- CVE-2026-20700 (CVSS 9.8) Exploited by AI Malware via React2Shell
- CVE-2026-20841 (CVSS 8.8) Windows Notepad RCE via Markdown
- CVE-2026-20841 (CVSS 9.8) Remote Code Execution in Windows
- CVE-2026-1731 (CVSS 9.9) Critical Pre-Auth RCE in BeyondTrust Fixed
- CVE-2026-25520, CVE-2026-25586, CVE-2026-25587, CVE-2026-25641 (CVSS 10.0) SandboxJS Flaws Enable Host Takeover
- CVE-2026-1868 (CVSS 9.9) Critical GitLab AI Gateway RCE Flaw
- CVE-2026-1868 (CVSS 9.9) Exploits GitLab AI Gateway for RCE
- CVE-2026-25053 (CVSS 9.4) and Related Flaws Trigger RCE on n8n
- CVE-2026-25049 (CVSS 9.3) n8n RCE Flaws Expose Automation Risks
- CVE-2026-25049 (CVSS 9.8) Critical n8n RCE via Sandbox Escape
- CVE-2025-8088 (CVSS 7.8) Exploited by Amaranth Dragon
- CVE-2025-11953 (CVSS 9.8) Exploited in React Native Metro Attacks
- CVE-2026-1281 (CVSS 9.8) Ivanti EPMM Zero-Day Fix Released
- CVE-2024-43451 (CVSS 6.5) Used by UAC-0050 in Phishing Attacks
- CVE-2024-21413 (CVSS 9.8) Used in Outlook Exploit Campaign
- CVE-2026-1281 and CVE-2026-1340 (CVSS 9.8) – Critical Ivanti EPMM RCE Risk
- CVE-2026-1281 and CVE-2026-1340 (CVSS 9.8) Exploited in Ivanti EPMM RCE Attack
- CVE-2026-21509 (CVSS 7.8) Microsoft Office Zero-Day Bypass
- CVE-2026-24858 (CVSS 9.4) FortiOS SSO Zero-Day Exploited
- WinRAR CVE-2025-8088 (CVSS 8.8) Active Exploitation Alert
- CVE-2026-21509 (CVSS 9.0) Microsoft Office Zero-Day
- Microsoft Office Zero-Day CVE-2026-21509 (CVSS 7.8) Exploited
- CVE-2026-21509 (CVSS 9.8) Critical NFS RCE Threat Explained
- CVE-2026-21509 (CVSS 9.8) in 26th Jan Threat Report
- CVE-2026-24061 (CVSS 9.8) Enables Root Access via GNU telnetd
- CVE-2026-24061 (CVSS 9.8) Telnetd Bug Enables Remote Root
- CVE-2026-20045 (CVSS 8.2) Cisco Zero-Day Exploited in Wild
- CVE-2025-59718 (CVSS 9.8) Automates FortiGate Firewall Exploits
- CVE-2025-59718 (CVSS 9.8) FortiGate Auth Bypass Exploited
- CVE-2026-1245 (CVSS 6.5) Enables Node.js Code Execution via binary-parser
- CVE-2026-21962 (CVSS 10.0) Critical Oracle Middleware Flaw
- CVE-2026-21962 (CVSS 10.0) Critical Flaw in Oracle Fusion
- CVE-2025-64155 (CVSS 9.8) Enables FortiSIEM RCE via TCP
- CVE-2026-0861 and CVE-2026-0915 Reveal Critical glibc Bugs
- CVE-2025-21301 (CVSS 7.8) Windows Remote Assistance Bypass
- CVE-2026-20824 (CVSS 5.5) Windows MotW Bypass Flaw
- CVE-2025-20393 (CVSS 10.0) Hits Cisco Email Gateways
- CVE-2025-64155 (CVSS 9.4) Critical FortiSIEM Flaw Exposes Command Injection Risk
- CVE-2025-53690 (CVSS 9.8) Used by UAT-8837 to Breach Critical Infrastructure
- CVE-2026-0227 (CVSS 7.7) Hits Palo Alto Firewalls via GlobalProtect DoS
- CVE-2025-64155 (CVSS 9.8) FortiSIEM Root Exploit Disclosed
- CVE-2025-12420 (CVSS 9.3) Exposes Critical ServiceNow AI Impersonation Flaw
- CVE-2025-12420 (CVSS 9.3) Exploits AI in ServiceNow for Impersonation
- CVE-2026-21858 (CVSS 10.0) Exposes AI Workflow Exploits
- CVE-2026-21858 (CVSS 10.0) Exploits n8n Automation Flaw
- CVE-2025-61686 (CVSS 9.1) React Router SSR File Exposure
- CVE-2026-22184 (CVSS 9.3) Critical zlib Flaw Exploited via Buffer Overflow
- CVE-2026-21876 (CVSS 9.3) Bypasses OWASP CRS Charset Validation
- CVE-2025-37164 (CVSS 10.0) in HPE OneView Actively Exploited
- CVE-2026-21858 (CVSS 10.0) Enables Full RCE on n8n
- CVE-2026-21858 (CVSS 10.0) in n8n Allows Full Remote Takeover
- CVE-2025-65606 (CVSS 9.8) Enables Remote TOTOLINK EX200 Takeover
- CVE-2025-65606 Allows Remote Takeover of TOTOLINK EX200
- CVE-2025-65606 and CVE-2026-0625 Expose Firmware Flaws in TOTOLINK and D-Link
- CVE-2025-55182 (CVSS 10.0) and CVE-2025-68668 (CVSS 9.9) Exploited in IoT and Workflow Attacks
- CVE-2025-68668 (CVSS 9.9) Exposes Critical n8n Sandbox Flaw
- CVE-2025-55182 (CVSS 9.8) React2Shell RCE Exploit in Flight Decoder
- CVE-2025-55182 (CVSS 9.4) Exploited in FortiWeb Sliver C2 Attacks
- CVE-2025-55182 (CVSS 9.3) Exploited in FortiWeb Sliver C2 Attacks
- CVE-2026-21440 (CVSS 9.2) AdonisJS RCE via File Overwrite
- Ubisoft Hit by CVE-2025-14847 Attack on Rainbow Six Siege (CVSS 9.8)
- CVE-2025-14847 (CVSS 8.7) Exploit Forces Ubisoft to Halt Rainbow Six Siege
- CVE-2025-14847 (CVSS 8.7) MongoDB Flaw Under Active Exploitation
- CVE-2025-14847 (CVSS 8.7) MongoBleed Flaw Leaks MongoDB Secrets
- CVE-2025-14847 Breach Exploits Rainbow Six Siege
- CVE-2025-68613 (CVSS 9.9) Exploits Expression Injection in n8n
- CVE-2025-68664 (CVSS 9.3) LangChain Serialization Injection Leak
- CVE-2025-68347 (CVSS 9.8) – Critical Microsoft RCE Explained
- CVE-2025-68732 (CVSS 9.8) Critical RCE in Windows Network Service
- CVE-2025-38464 (CVSS 9.8) Critical RCE in Windows Server
- CVE-2025-55182 (CVSS 9.8) React2Shell and AI Scam Surge
- CVE-2025-55182 (CVSS 9.8) React2Shell Exploit and AI Scams
- CVE-2025-68613 (CVSS 10.0) Exposes n8n to Full RCE
- CVE-2025-20393 (CVSS 10) Cisco AsyncOS Zero-Day Exploited
- CVE-2025-20393 (CVSS 10) Cisco RCE Zero-Day Exploited
- CVE-2025-55182 (CVSS 10.0) React2Shell Exploit Hits RSC Services
- CVE-2025-55182 (CVSS 10.0) React2Shell Exploit Hits Critical Systems
- CVE-2025-55182 (CVSS 10.0) React2Shell Threat in RSC Services
- CVE-2025-55182 (CVSS 10.0) Exploitation Triggers Global Attacks
- CVE-2025-55182 (CVSS 10) Fallout from Cloudflare React2Shell Mitigations
- CVE-2025-66476 (CVSS High) Windows Vim Code Execution Exploit
- CVE-2025-55182 (CVSS 10) Critical React RCE Vulnerability
- CVE-2025-9491 Windows LNK Zero-Day Flaw Exploited
- CVE-2025-61882 Oracle Exploit Hits University of Phoenix
- CVE-2025-13486 (CVSS 9.8) Enables RCE on WordPress ACF
- CVE-2025-13486 (CVSS 9.8) Enables RCE in WordPress ACF Plugin
- CVE-2025-12106 (CVSS 9.1) OpenVPN Vulnerability Demands Urgent Patch
- CVE-2025-33187 (CVSS High) Enables RCE on NVIDIA DGX
- CVE-2025-33187 (CVSS High) Impacts NVIDIA DGX Spark Systems
- CVE-2025-13757 (CVSS 9.4) Critical SQL Injection in Devolutions Server
- Oracle Flaw Exploited After Patch CVE-2024-21854 (CVSS 9.1)
- Oracle Flaw CVE Actively Exploited Despite Patch
- CVE-2025-13315 and CVE-2025-13316 (CVSS 9.3) Critical Twonky Server Zero-Day Flaws
- CVE-2025-13315 & CVE-2025-13316 (CVSS 9.3) Expose Twonky Server to Full Takeover
- CVE-2025-64126 CVE-2025-64127 CVE-2025-64128 Zenitel TCIV-3+ Critical Flaws (CVSS 9.8)
- CVE-2025-64126 (CVSS 9.8) Zenitel TCIV-3+ Critical Flaw
- CVE-2025-41115 (CVSS 10.0) Exploits SCIM in Grafana
- CVE-2025-65108 (CVSS 10.0) Enables RCE via Markdown to PDF
- CVE-2025-61757 (CVSS 9.8) Oracle Zero-Day Under Exploit
- CVE-2025-41115 (CVSS 10.0) Grafana SCIM Flaw Enables Escalation
- CVE-2025-41115 (CVSS 10.0) – Grafana SCIM Impersonation Flaw Fixed
- CVE-2025-59287 (CVSS 9.8) Used to Deploy ShadowPad Malware
- CVE-2025-58034 (CVSS 9.8) Fortinet Flaw Triggers CISA Patch Mandate
- CVE-2025-58034 (CVSS 9.8) Exploited in Active Fortinet Attacks
- CVE-2025-58034 (CVSS 6.7) Exploited in FortiWeb Attacks
- CVE-2025-58034 (CVSS 6.7) Exploited in FortiWeb Devices
- CVE-2025-5777 (CVSS 9.8) Exploited in INC Ransom Breach
- CVE-2025-64446 (CVSS 9.1) Fortinet Exploited in Major AI and Phishing Campaigns
- CVE-2025-64446: FortiWeb Path Traversal Actively Exploited
- CVE-2025-36250 (CVSS 10.0) Exposes Critical IBM AIX Flaws
- CVE-2025-24893 (CVSS 9.8) Exploited by RondoDox Botnet
- CVE-2025-24893 (CVSS 9.8) Exploited by RondoDox Botnet
- CVE-2025-20341 (CVSS 8.8) Cisco Catalyst Privilege Escalation
- CVE-2025-59367 (CVSS 9.3) ASUS Router Auth Bypass Risk
- CVE-2025-9242 (CVSS 9.8) Targets WatchGuard Firebox Devices
- CVE-2025-12101 (CVSS 6.1) Citrix NetScaler RXSS Analysis
- CVE-2025-12101 Exposes Citrix NetScaler to XSS and Memory Leak
- CVE-2025-61882 (CVSS 9.1) Used in Oracle EBS Clop Breach
- CVE-2025-12480 (CVSS 9.8) Triofox 0-Day Used For Remote Code Execution
- CVE-2025-21042 (CVSS 9.8) Samsung Zero-Day Demands Urgent Patching
- CVE-2025-37735 (CVSS 7.0) in Elastic Defend Enables Privilege Escalation
- CVE-2025-64439 (CVSS 7.4) RCE in LangGraph Threatens AI Agent Workflows
- CVE-2025-64439 (CVSS 7.4) Remote Code Execution in LangGraph
- CVE-2025-21042 (CVSS 9.8) Exploited by LandFall Spyware via WhatsApp
- CVE-2025-21042 Hits Samsung via Android Spyware LANDFALL
- CVE-2025-12779 (CVSS 8.8) Exposes Auth Tokens in Amazon WorkSpaces for Linux
- CVE-2025-20333 (CVSS 9.9) Cisco ASA and FTD RCE Warning
- CVE-2024-3400 (CVSS 10.0) Critical Palo Alto GlobalProtect Vulnerability
- CVE-2025-11749 (CVSS 9.8) AI Engine Plugin Privilege Escalation Risk
- CVE-2025-11833 (CVSS 9.8) Exploits WordPress Email Logging
- CVE-2025-61882 Exploited by Scattered LAPSUS$ Hunters
- CVE-2025-59287 (CVSS 9.8) Actively Exploited via WSUS Ports
- CVE-2025-59287 (CVSS 9.8) Spurs Surge in WSUS Scanning
- CVE-2025-37736 (CVSS 8.8) Exploits Privilege Escalation in Elastic ECE
- CVE-2024-3094 (CVSS 10.0) Supply Chain Attack Backdoors XZ Utils
- CVE-2025-5397 (CVSS 9.8) Critical WordPress Admin Bypass
- CVE-2025-4786 (CVSS 7.8) Windows Shortcut Exploit Hits EU Diplomats
- CVE-2025-41244 (CVSS 9.1) Exploited in VMware Tools
- CVE-2025-59287 (CVSS 9.8) Critical Microsoft WSUS RCE Exploit
- CVE-2025-59287 (CVSS 9.8) Critical Unauthenticated RCE in WSUS
- CVE-2025-55680 (CVSS 7.8) Elevates Privileges via Windows Cloud Files Driver
- CVE-2025-59287 (CVSS High) Exploited in WSUS RCE Attacks
- CVE-2025-6205 and CVE-2025-6204 Exploited in Dassault DELMIA
- CVE-2025-55315 (CVSS 8.1) Exploits QNAP NetBak ASP.NET Core Flaw
- CVE-2025-55315 (CVSS 9.8) Exploits ASP.NET Core in QNAP
- CVE-2025-59236 (CVSS 8.4) Microsoft Use-After-Free Risk
- CVE-2025-67890 (CVSS 7.8) HashiCorp Vault AWS Auth Bypass and JSON DoS
- CVE-2025-59287 (CVSS 9.8) Exploited in WSUS RCE Attacks
- CVE-2024-3400 (CVSS 10.0) Critical PAN-OS RCE Threat
- CVE-2025-59287 (CVSS 9.8) Critical WSUS Vulnerability
- CVE-2025-12036 (CVSS 8.7) Chrome Zero-Day RCE Threat
- CVE-2025-20725 (CVSS 7.5) Denial-of-Service in Mediatek Baseband
- CVE-2025-61932 (CVSS 9.8) Exploited in Lanscope Attacks
- CVE-2025-62518 (CVSS 9.8) Async-Tar RCE Threat Explained
- CVE-2025-62518 (CVSS 9.8) in Rust Async-Tar Enables RCE
- CVE-2025-62518 (CVSS 8.1) Exposes RCE Risk in Rust Async Tar
- CVE-2025-61932 (CVSS 9.8) Critical Lanscope RCE Exploited
- WatchGuard CVE-2025-9242 (CVSS 9.3) Exposes 75K Devices to RCE
- CVE-2025-54253 (CVSS 10.0) Critical Adobe AEM Flaw Exploited
- CVE-2025-54253 (CVSS 10.0) Critical Adobe AEM Flaw Exploited
- CVE-2024-46760 (CVSS 8.8) Juniper Junos OS RCE Threat
- CVE-2024-3094 (CVSS 10.0) Exposes Critical XZ Utils Backdoor
- CVE-2025-9242 (CVSS 9.3) WatchGuard VPN Remote Code Risk
- CVE-2025-11492 (CVSS 9.6) ConnectWise Update Vulnerability
- CVE-2025-20352 (CVSS 9.1) Cisco SNMP Rootkit Attack Exposed
- CVE-2025-54253 (CVSS 10.0) Critical Adobe AEM RCE Alert
- CVE-2025-54539 (CVSS 9.8) ActiveMQ AMQP Client RCE Flaw
- CVE-2025-58325 (CVSS 7.8) FortiOS CLI Bypass Threat
- CVE-2025-0033 (CVSS 9.8) Exploits AMD SEV-SNP via 8-Byte Write
- CVE-2025-48561 (CVSS 7.9) Pixnapping Heist of 2FA Codes on Android
- CVE-2025-37729 (CVSS 9.1) RCE Flaw in Elastic Cloud
- CVE-2025-61927 (CVSS 9.4) RCE in Happy DOM Puts Millions at Risk
- CVE-2025-61884 (CVSS 9.8) Oracle EBS Bug Enables Unauthenticated Data Access
- CVE-2024-3400 (CVSS 10) Critical PAN-OS Exploit Explained
- CVE-2024-4577 (CVSS 9.8) PHP CGI Remote Code Execution
- CVE-2025-6264 (CVSS 9.8) Velociraptor Abused in Ransomware
- CVE-2025-61882 (CVSS 9.8) Exploited by CL0P in Oracle EBS
- CVE-2025-6264 Used to Deploy Velociraptor in Ransomware
- CVE-2025-5947 (CVSS 9.8) WordPress Auth Bypass Exploited
- CVE-2025-5947 (CVSS 9.8) WordPress Theme Auth Bypass
- CVE-2025-11462 (CVSS 9.3) AWS VPN macOS Root Escalation Flaw
- CVE-2025-11462 (CVSS 9.3) Enables Root Privilege Escalation in AWS VPN for macOS
- CVE-2025-10035 (CVSS 9.8) Medusa Ransomware Exploits GoAnywhere
- CVE-2025-10035 Exploited in GoAnywhere Ransomware Attacks
- CVE-2025-49844 (CVSS 10.0) Allows RCE in Redis Servers
- CVE-2024-3094 (CVSS 10.0) XZ Utils Backdoor Exposed
- CVE-2025-6388 (CVSS 9.8) Enables WordPress Auth Bypass
- CVE-2025-10035 (CVSS 10) Actively Exploited GoAnywhere MFT Flaw
- CVE-2025-10725 (CVSS 9.9) Red Hat OpenShift AI Exploit
- CVE-2025-41244 (CVSS 7.8) VMware Zero-Day Exploited
- CVE-2025-55177 WhatsApp Zero-Click RCE via DNG Exploit
- CVE-2025-56383 (CVSS 6.5) Exploits DLL Hijacking in Notepad++
- CVE-2025-59934 (CVSS 9.4) Critical Formbricks Auth Flaw
- CVE-2025-54831 (CVSS 6.5) Apache Airflow Exposes Passwords
- CVE-2025-20352 (CVSS 7.7) Cisco IOS SNMP Zero-Day Exploited
- CVE-2025-10184 (CVSS 8.6) Exposes SMS Data on OxygenOS
- CVE-2025-10184 (CVSS 9.1) Exposes SMS and MFA on OnePlus Devices
- CVE-2025-59689 Command Injection in Libraesva ESG
- CVE-2025-55241 Enables Entra ID Tenant Hijack
- CVE-2024-4577 (CVSS 9.8) PHP CGI Injection Explained
- CVE-2025-4427 and CVE-2025-4428 Weaponized in Ivanti EPMM Attacks
- CVE-2025-4428 (CVSS 9.8) Ivanti EPMM Exploited by Malware
- CVE-2025-67890 (CVSS 9.3) Critical Chrome Use-After-Free Flaw
- CVE-2025-38501 (CVSS 7.5) Linux KSMBD DoS Vulnerability
- CUPS CVE-2025-58060 and CVE-2025-58364 (CVSS 8.0) Exploits Expose Linux Systems
- CVE-2023-46805 (CVSS 9.1) Critical Ivanti EPMM Flaw Exposes Networks
- Apple Spyware Alerts CVE-2025-TBD Target French Officials
- CVE-2025-59052 (CVSS 7.1) Angular SSR Leak Exposes User Data
- CVE-2024-4823 (CVSS 10.0) Critical GitLab Account Takeover Risk
- CVE-2025-54236 (CVSS 9.8) Exposes Magento Sites via SessionReaper
- CVE-2025-42944 (CVSS 10.0) Among SAP’s Critical Patches
- CVE-2023-51467 (CVSS 9.8) Apache OFBiz RCE Exploited
- CVE-2025-53770 (CVSS 9.8) SharePoint RCE Under Active Attack
- CVE-2025-53770 (CVSS 9.8) On-Prem SharePoint RCE Risk
- CVE-2025-50173 (CVSS 7.8) Triggers Windows Installer UAC Failures
- Windows Update Triggers UAC Issues in App Installs
Explore More
Other Resources
Ransomware Reports
Group tracking, campaigns & victim disclosures.
View articles →Threat Intelligence
Actor profiles & emerging attack techniques.
View articles →Vulnerability Alerts
Disclosures, patch analysis & risk assessments.
View articles →Security Reports
Ransomware tracker & long-form research.
View articles →