Skip to main content
Severity: 192 articles
CVE-2026-48939 Critical Patched

CVE-2026-48939: iCagenda -- Dual-Path File Upload RCE and Access Control Bypass

iCagenda · iCagenda (Joomla component) · CVSS 9.8 ·

iCagenda for Joomla contains two distinct unauthenticated attack paths: a PHP file upload leading to RCE via the event submission form, and an access control bypass in the component's controller layer. Both are exploited by automated tooling. Patch to 4.0.8 or 3.9.15 immediately.

CVE-2026-48908 Critical Patched

CVE-2026-48908: JoomShaper SP Page Builder Unauthenticated File Upload to RCE

JoomShaper · SP Page Builder · CVSS 10 ·

An unauthenticated arbitrary file upload in JoomShaper SP Page Builder for Joomla allows attackers to upload PHP webshells and achieve remote code execution with no credentials required. Over 194,000 exposed instances identified; active exploitation includes rogue admin user creation for persistence.

CVE-2026-55255 Critical Patched

CVE-2026-55255: Langflow IDOR in /api/v1/responses Allows Authenticated Attackers to Execute Arbitrary User Flows

DataStax / Langflow · Langflow · CVSS 9.9 ·

An Insecure Direct Object Reference in Langflow's /api/v1/responses endpoint allows any authenticated user to invoke AI flows belonging to other users by supplying their flow identifier. CVSS 9.9, actively exploited, with cross-tenant data exposure implications for multi-user Langflow deployments.

CVE-2026-56290 Critical Patched

CVE-2026-56290: Joomlack Page Builder CK Unauthenticated File Upload to RCE

Joomlack · Page Builder CK · CVSS 9.8 ·

An unauthenticated arbitrary file upload in Page Builder CK for Joomla allows any visitor to write PHP files to the server and execute arbitrary commands. The only gate is a CSRF token obtainable from the site's own public pages, making exploitation trivially accessible.

CVE-2026-45659 High Patched

CVE-2026-45659: Microsoft SharePoint Server -- Deserialization RCE

Microsoft · SharePoint Server · CVSS 8.8 ·

CVSS 8.8 deserialization vulnerability in SharePoint Server 2016, 2019, and Subscription Edition allows an authenticated attacker with site Contribute access to execute arbitrary code remotely. CISA added it to KEV on July 1, 2026 confirming active exploitation.

CVE-2026-12569 Critical Patched

CVE-2026-12569: PTC Windchill — Unauthenticated Deserialization RCE

PTC · Windchill PDMLink / FlexPLM · CVSS 9.3 ·

Critical deserialization vulnerability (CVSS 9.3) in PTC Windchill PDMLink and FlexPLM enables unauthenticated remote code execution. Actively exploited with JSP webshells observed in the wild. CISA KEV with June 28 federal deadline.

CVE-2026-20230 High Patched

CVE-2026-20230: Cisco Unified CM — SSRF to Root via Webshell

Cisco · Unified Communications Manager · CVSS 8.6 ·

Server-side request forgery in Cisco Unified Communications Manager's WebDialer service allows unauthenticated attackers to write files to the OS and deploy persistent webshells. CVSS 8.6. Public PoC available; actively exploited via automated Tor-routed scans.

CVE-2026-34909 Critical Patched

CVE-2026-34909: Ubiquiti UniFi OS — Path Traversal

Ubiquiti · UniFi OS Server · CVSS 10 ·

Path traversal in Ubiquiti UniFi OS allows an attacker with network access to read and manipulate files on the underlying system, including credentials and configuration. CVSS 10.0. Part of a three-CVE chain enabling unauthenticated root RCE. Patched in UniFi OS Server 5.0.8.

CVE-2026-34910 Critical Patched

CVE-2026-34910: Ubiquiti UniFi OS — Command Injection

Ubiquiti · UniFi OS Server · CVSS 10 ·

Improper input validation in Ubiquiti UniFi OS enables command injection via crafted package names in the update function, allowing arbitrary OS command execution. CVSS 10.0. Part of a three-CVE chain enabling unauthenticated root RCE. Patched in UniFi OS Server 5.0.8.

CVE-2026-20253 Critical Patched

CVE-2026-20253: Splunk Enterprise — Unauthenticated PostgreSQL Sidecar RCE

Splunk · Splunk Enterprise · CVSS 9.8 ·

A missing authentication control in Splunk Enterprise's PostgreSQL sidecar service allows unauthenticated network-adjacent attackers to write arbitrary files and chain to remote code execution. CVSS 9.8. CISA added to KEV on June 18, 2026 with a three-day federal remediation deadline.

CVE-2026-50751 Critical Patched

CVE-2026-50751: Check Point Security Gateway IKEv1 Authentication Bypass — Qilin Ransomware Exploiting in the Wild

Check Point · Security Gateway · CVSS 9.3 ·

A critical authentication bypass in Check Point Security Gateway's IKEv1 VPN implementation allows unauthenticated remote attackers to establish VPN sessions without valid credentials. Qilin ransomware affiliates have been exploiting this since May 2026. CISA remediation deadline: 11 June 2026.

CVE-2026-20122 High Patched

CVE-2026-20122/20128/20133: Cisco Catalyst SD-WAN Manager Exploitation Chain

Cisco · Catalyst SD-WAN Manager · CVSS 7.5 ·

Three vulnerabilities in Cisco Catalyst SD-WAN Manager are being chained by attackers to achieve unauthenticated access, credential theft, and persistent webshell deployment. CISA added all three to the KEV catalogue in April 2026. Ten threat clusters are actively exploiting the chain.

CVE-2026-21643 Critical Patched

CVE-2026-21643: Fortinet FortiClient EMS Unauthenticated SQL Injection

Fortinet · FortiClient EMS · CVSS 9.8 ·

A critical unauthenticated SQL injection in Fortinet FortiClient EMS allows remote attackers to execute arbitrary code on the management server. CISA added it to the KEV catalogue with an April 2026 remediation deadline. Ten distinct threat clusters have been observed exploiting this vulnerability.

CVE-2008-4250 Critical Patched

CVE-2008-4250: MS08-067 -- Windows Server Service RPC Buffer Overflow (Conficker)

Microsoft · Microsoft Windows (Server Service) · CVSS 10 ·

A stack buffer overflow in the Windows Server Service RPC interface allows unauthenticated remote code execution and self-propagating worm spread across networks -- the vulnerability exploited by the Conficker worm and still actively exploited against unpatched legacy systems in 2026.

CVE-2026-42897 High Patched

CVE-2026-42897: Microsoft Exchange Server XSS in Outlook Web Access

Microsoft · Exchange Server · CVSS 8 ·

A reflected cross-site scripting vulnerability in Exchange Server's Outlook Web Access (OWA) enables arbitrary JavaScript execution in victim browsers, facilitating session hijacking and credential theft under specific interaction conditions.

CVE-2026-20700 High Patched

CVE-2026-20700: Apple Multiple Products -- Buffer Overflow RCE

Apple · iOS / macOS / tvOS / watchOS / visionOS · CVSS 8.8 ·

An improper restriction of operations within memory buffer bounds in Apple iOS/macOS/tvOS/watchOS/visionOS allows attackers with memory write capability to execute arbitrary code. CISA KEV-listed February 2026.

CVE-2022-37055 Critical

CVE-2022-37055: D-Link Routers -- Buffer Overflow RCE

D-Link · D-Link Routers · CVSS 9.8 ·

A buffer overflow vulnerability in D-Link routers allows remote attackers to compromise confidentiality, integrity, and availability. Affects likely EoL devices; CISA KEV-listed December 2025.

CVE-2025-55182 Critical Patched

CVE-2025-55182: Meta React Server Components -- Unauthenticated RCE

Meta React Server Components · React Server Components · CVSS 9.8 ·

A critical flaw in React Server Components payload decoding allows unauthenticated remote code execution on any server deploying RSC endpoints. Associated with ransomware campaigns and KEV-listed 2025-12-05.

CVE-2025-29824 High Patched

CVE-2025-29824: Windows CLFS -- Zero-Day Privilege Escalation

Microsoft · Windows (CLFS Driver) · CVSS 7.8 ·

A high-severity use-after-free vulnerability in the Windows Common Log File System (CLFS) driver allows local attackers to escalate privileges to SYSTEM, actively exploited as a zero-day by ransomware operators before Microsoft's April 2025 Patch Tuesday.

CVE-2025-30065 Critical Patched

CVE-2025-30065: Apache Parquet -- Remote Code Execution

Apache Software Foundation · Apache Parquet · CVSS 10 ·

A critical deserialization vulnerability in the Apache Parquet Java library that allows arbitrary code execution when parsing attacker-controlled Parquet files, affecting data engineering and analytics pipelines.

CVE-2025-0282 Critical Patched

CVE-2025-0282: Ivanti Connect Secure -- Stack Overflow Zero-Day RCE

Ivanti · Connect Secure / Policy Secure / Neurons for ZTA · CVSS 9 ·

A critical stack-based buffer overflow in Ivanti Connect Secure allows unauthenticated remote attackers to execute arbitrary code, exploited as a zero-day in targeted campaigns before Ivanti's January 2025 advisory, following the pattern of prior Ivanti VPN zero-day exploitation.

CVE-2024-55956 Critical Patched

CVE-2024-55956: Cleo MFT -- Unrestricted File Upload to RCE

Cleo · Harmony / VLTrader / LexiCom · CVSS 9.8 ·

A critical unrestricted file upload vulnerability in Cleo's managed file transfer products (Harmony, VLTrader, LexiCom) allows unauthenticated attackers to upload and execute arbitrary code, exploited by the Clop ransomware group in a wave of targeted data theft attacks.

CVE-2024-50623 High Patched

CVE-2024-50623: Cleo Harmony/VLTrader -- Unrestricted File Upload and Download RCE

Cleo · Harmony / VLTrader / LexiCom · CVSS 8.8 ·

A high-severity unrestricted file upload and download vulnerability in Cleo's Harmony, VLTrader, and LexiCom MFT products allows remote attackers to execute arbitrary commands, serving as the precursor exploit chain to the more critical CVE-2024-55956 zero-day exploitation campaign.

CVE-2024-43451 High Patched

CVE-2024-43451: Windows -- NTLM Hash Disclosure Spoofing

Microsoft · Windows · CVSS 7.5 ·

A Windows vulnerability that allows attackers to steal NTLM authentication hashes through minimal user interaction with a malicious file, enabling credential relay and pass-the-hash attacks.

CVE-2024-38094 High Patched

CVE-2024-38094: Microsoft SharePoint Server -- Remote Code Execution

Microsoft · SharePoint Server · CVSS 7.2 ·

A high-severity deserialization vulnerability in Microsoft SharePoint Server allows an authenticated attacker with Site Owner permissions to execute arbitrary code on the server, exploited in the wild for persistent access and network reconnaissance in targeted intrusion campaigns.

CVE-2024-23113 Critical Patched

CVE-2024-23113: Fortinet FortiOS -- Format String RCE

Fortinet · FortiOS / FortiProxy / FortiPAM / FortiWeb · CVSS 9.8 ·

A critical format string vulnerability in Fortinet FortiOS, FortiProxy, FortiPAM, and FortiWeb's fgfmd daemon allows unauthenticated remote attackers to execute arbitrary commands via specially crafted requests to the FGFM protocol.

CVE-2024-29824 Critical Patched

CVE-2024-29824: Ivanti EPM -- SQL Injection to RCE

Ivanti · Endpoint Manager (EPM) · CVSS 9.6 ·

A critical SQL injection vulnerability in Ivanti Endpoint Manager's Core server allows unauthenticated attackers on the same network to execute arbitrary code via the DAS component, confirmed as actively exploited by CISA in September 2024.

CVE-2024-38193 High Patched

CVE-2024-38193: Windows AFD Driver -- Privilege Escalation

Microsoft · Windows AFD Driver · CVSS 7.8 ·

A use-after-free vulnerability in the Windows Ancillary Function Driver for WinSock that allows local attackers to escalate privileges to SYSTEM, exploited by Lazarus Group as a zero-day.

CVE-2024-38112 High Patched

CVE-2024-38112: Windows MSHTML -- Platform Spoofing

Microsoft · Windows MSHTML Platform · CVSS 7.5 ·

A Windows MSHTML platform spoofing vulnerability that allows attackers to open Internet Explorer via malicious .url files, bypassing modern browser security controls to execute arbitrary code.

CVE-2024-4577 Critical Patched

CVE-2024-4577: PHP CGI -- Argument Injection RCE on Windows

PHP Group · PHP (CGI mode on Windows) · CVSS 9.8 ·

A critical argument injection vulnerability in PHP-CGI on Windows allows unauthenticated remote attackers to execute arbitrary PHP code by exploiting how PHP handles Unicode character conversion in CGI mode, affecting XAMPP and other common Windows PHP deployments.

CVE-2024-30080 Critical Patched

CVE-2024-30080: Microsoft MSMQ -- Remote Code Execution

Microsoft · Microsoft Message Queuing · CVSS 9.8 ·

A critical use-after-free vulnerability in Microsoft Message Queuing Service that allows unauthenticated remote attackers to execute arbitrary code on Windows systems with MSMQ enabled.

CVE-2024-30051 High Patched

CVE-2024-30051: Windows DWM Core Library -- Privilege Escalation

Microsoft · Windows Desktop Window Manager · CVSS 7.8 ·

A heap buffer overflow in the Windows Desktop Window Manager Core Library that allows local attackers to escalate privileges to SYSTEM, exploited as a zero-day alongside QakBot malware campaigns.

CVE-2023-7028 Critical Patched

CVE-2023-7028: GitLab -- Account Takeover via Email Reset

GitLab · GitLab CE/EE · CVSS 10 ·

A critical account takeover vulnerability in GitLab CE/EE allows unauthenticated attackers to send password reset emails to arbitrary email addresses, enabling complete account hijacking without user interaction, including of administrator accounts.

CVE-2023-48788 Critical Patched

CVE-2023-48788: Fortinet FortiClientEMS -- SQL Injection to RCE

Fortinet · FortiClientEMS · CVSS 9.8 ·

A critical SQL injection vulnerability in Fortinet FortiClientEMS allows unauthenticated remote attackers to execute arbitrary commands via crafted requests to the management server, with active exploitation confirmed by multiple threat intelligence sources.

CVE-2024-27198 Critical Patched

CVE-2024-27198: JetBrains TeamCity -- Authentication Bypass to RCE

JetBrains · TeamCity · CVSS 9.8 ·

A critical authentication bypass in JetBrains TeamCity's web server allows unauthenticated attackers to gain administrative control and achieve remote code execution, leading to widespread supply chain compromise campaigns.

CVE-2024-21338 High Patched

CVE-2024-21338: Windows Kernel -- Privilege Escalation

Microsoft · Windows Kernel · CVSS 7.8 ·

A Windows kernel privilege escalation vulnerability in the AppLocker driver that allows attackers to elevate privileges to SYSTEM, exploited by Lazarus Group to disable security tools via their FudModule rootkit.

CVE-2024-21762 Critical Patched

CVE-2024-21762: Fortinet FortiOS SSL VPN -- Out-of-Bounds Write RCE

Fortinet · FortiOS · CVSS 9.6 ·

A critical out-of-bounds write vulnerability in Fortinet FortiOS SSL VPN allows unauthenticated remote attackers to achieve arbitrary code execution via specially crafted HTTP requests, with active exploitation observed in CISA KEV.

CVE-2024-21893 High Patched

CVE-2024-21893: Ivanti Connect Secure -- SSRF to Authentication Bypass

Ivanti · Connect Secure / Policy Secure · CVSS 8.2 ·

A server-side request forgery vulnerability in Ivanti Connect Secure and Policy Secure's SAML component allows unauthenticated attackers to access restricted resources, exploited as part of a multi-CVE attack chain targeting government and enterprise VPN infrastructure.

CVE-2023-36025 High Patched

CVE-2023-36025: Windows SmartScreen -- Security Feature Bypass

Microsoft · Windows SmartScreen · CVSS 8.8 ·

A Windows SmartScreen security bypass that allows attackers to craft malicious .url shortcut files that execute without triggering SmartScreen warnings, used in phishing and malware delivery campaigns.

CVE-2023-20273 High Patched

CVE-2023-20273: Cisco IOS XE Web UI -- Command Injection

Cisco · Cisco IOS XE · CVSS 7.2 ·

A privilege escalation and command injection vulnerability in Cisco IOS XE's web management interface that forms the second stage of the CVE-2023-20198 exploit chain, enabling root code execution.

CVE-2023-4966 Critical Patched

CVE-2023-4966: Citrix NetScaler Bleed -- Session Token Leak

Citrix · NetScaler ADC / NetScaler Gateway · CVSS 9.4 ·

A critical information disclosure vulnerability in Citrix NetScaler ADC and Gateway allows unauthenticated attackers to retrieve session tokens from device memory, enabling session hijacking without requiring any credentials.

CVE-2023-22515 Critical Patched

CVE-2023-22515: Atlassian Confluence -- Privilege Escalation to Admin

Atlassian · Confluence Data Center and Server · CVSS 10 ·

A critical privilege escalation vulnerability in Atlassian Confluence Data Center and Server allows unauthenticated attackers to create administrator accounts by accessing a restricted endpoint, exploited as a zero-day in targeted attacks.

CVE-2023-40044 Critical Patched

CVE-2023-40044: Progress WS_FTP Server -- Deserialization RCE

Progress Software · WS_FTP Server · CVSS 10 ·

A critical .NET deserialization vulnerability in WS_FTP Server's Ad Hoc Transfer module that allows unauthenticated attackers to execute arbitrary commands on the underlying operating system.

CVE-2023-42793 Critical Patched

CVE-2023-42793: JetBrains TeamCity -- Pre-Auth Authentication Bypass

JetBrains · TeamCity · CVSS 9.8 ·

A critical pre-authentication bypass in JetBrains TeamCity allows unauthenticated attackers to create admin tokens and gain full server control, exploited by APT29 and North Korean actors in supply chain intrusion campaigns targeting software development pipelines.

CVE-2023-35078 Critical Patched

CVE-2023-35078: Ivanti EPMM -- Unauthenticated API Access

Ivanti · Endpoint Manager Mobile (EPMM) · CVSS 10 ·

A critical authentication bypass in Ivanti Endpoint Manager Mobile that allows unauthenticated remote access to the API, exposing user data and enabling device configuration changes.

CVE-2023-27997 Critical Patched

CVE-2023-27997: Fortinet FortiGate SSL-VPN -- Pre-Auth Heap Overflow RCE

Fortinet · FortiOS / FortiProxy · CVSS 9.8 ·

A critical heap-based buffer overflow in Fortinet FortiOS and FortiProxy SSL-VPN allows pre-authentication remote attackers to execute arbitrary code, actively exploited by multiple threat actors including ransomware groups and nation-state APTs.

CVE-2023-34362 Critical Patched

CVE-2023-34362: MOVEit Transfer -- SQL Injection to RCE

Progress Software · MOVEit Transfer · CVSS 9.8 ·

A critical SQL injection vulnerability in Progress Software MOVEit Transfer allows unauthenticated attackers to escalate privileges and achieve remote code execution, exploited at massive scale by the Cl0p ransomware group in a wave of data theft affecting thousands of organisations.

CVE-2022-47986 Critical Patched

CVE-2022-47986: IBM Aspera Faspex -- YAML Deserialization RCE

IBM · Aspera Faspex · CVSS 9.8 ·

A critical YAML deserialization vulnerability in IBM Aspera Faspex's API allows unauthenticated remote attackers to execute arbitrary code, exploited by ransomware groups within days of public disclosure via a pre-authentication attack path.

CVE-2023-0669 High Patched

CVE-2023-0669: GoAnywhere MFT -- Pre-Auth Remote Code Execution

Fortra (formerly HelpSystems) · GoAnywhere MFT · CVSS 7.2 ·

A high-severity pre-authentication remote code execution vulnerability in Fortra's GoAnywhere Managed File Transfer was exploited as a zero-day by the Cl0p ransomware group, compromising over 130 organisations before a patch was available.

CVE-2022-27510 Critical Patched

CVE-2022-27510: Citrix ADC/Gateway -- Authentication Bypass

Citrix · Citrix ADC / Citrix Gateway · CVSS 9.8 ·

An authentication bypass vulnerability in Citrix Application Delivery Controller and Gateway that allows unauthenticated remote attackers to gain unauthorised access to gateway user capabilities.

CVE-2022-41040 High Patched

CVE-2022-41040: Microsoft Exchange -- ProxyNotShell SSRF

Microsoft · Exchange Server · CVSS 8.8 ·

A server-side request forgery vulnerability in Microsoft Exchange that forms the first stage of the ProxyNotShell exploit chain, enabling authenticated attackers to reach internal Exchange backend services.

CVE-2022-26134 Critical Patched

CVE-2022-26134: Atlassian Confluence -- OGNL Injection RCE

Atlassian · Confluence Server / Data Center · CVSS 9.8 ·

A critical OGNL injection vulnerability in Atlassian Confluence Server and Data Center allows unauthenticated attackers to execute arbitrary commands via crafted HTTP requests, exploited as a zero-day in targeted attacks before patch availability.

CVE-2022-30525 Critical Patched

CVE-2022-30525: Zyxel Firewall -- OS Command Injection

Zyxel · Zyxel Firewall · CVSS 9.8 ·

An unauthenticated OS command injection vulnerability in Zyxel firewall devices that allows attackers to execute arbitrary commands as the nobody user via the administrative HTTP interface.

CVE-2022-1388 Critical Patched

CVE-2022-1388: F5 BIG-IP iControl REST -- Authentication Bypass to RCE

F5 · BIG-IP · CVSS 9.8 ·

A critical authentication bypass in F5 BIG-IP's iControl REST API allows unauthenticated remote attackers with network access to the management interface to execute arbitrary system commands as root, massively exploited within days of disclosure.

CVE-2021-44228 Critical Patched

CVE-2021-44228: Log4Shell -- Apache Log4j Remote Code Execution

Apache Software Foundation · Log4j 2 · CVSS 10 ·

A critical JNDI injection vulnerability in Apache Log4j 2 allows unauthenticated remote code execution by logging a specially crafted string, affecting an enormous portion of the Java application ecosystem and triggering one of the most urgent security responses in history.

CVE-2021-26855 Critical Patched

CVE-2021-26855: Microsoft Exchange -- ProxyLogon SSRF

Microsoft · Exchange Server · CVSS 9.8 ·

A server-side request forgery vulnerability in Microsoft Exchange Server that, chained with other bugs, allows unauthenticated attackers to execute arbitrary code and take full control of the server.

CVE-2021-34473 Critical Patched

CVE-2021-34473: Microsoft Exchange -- ProxyShell RCE

Microsoft · Exchange Server · CVSS 9.8 ·

A path confusion vulnerability in Microsoft Exchange's Autodiscover endpoint that allows unauthenticated remote code execution when chained with two other ProxyShell bugs.

No articles match the selected filter.