CVE-2026-25089 CVE-2026-25089: Fortinet FortiSandbox — Unauthenticated OS Command Injection Fortinet FortiSandbox, FortiSandbox Cloud, FortiSandbox PaaS Critical 9.8 Yes Jul 17, 2026
Read →
CVE-2026-39808 CVE-2026-39808: Fortinet FortiSandbox — Second Unauthenticated Command Injection Fortinet FortiSandbox Critical 9.8 Yes Jul 17, 2026
Read →
CVE-2026-58644 CVE-2026-58644: Microsoft SharePoint — Unauthenticated Deserialization RCE Microsoft Microsoft SharePoint Server Critical 9.8 Yes Jul 17, 2026
Read →
CVE-2023-4346 CVE-2023-4346: KNX Protocol — BCU Key Lockout Enables Permanent Building Automation Denial of Service KNX Association KNX Protocol High 7.5 No Jul 16, 2026
Read →
CVE-2026-46817 CVE-2026-46817: Oracle E-Business Suite Payments — Unauthenticated Remote Code Execution Oracle E-Business Suite (EBS) 12.2 Critical 9.8 Yes Jul 16, 2026
Read →
CVE-2026-15409 CVE-2026-15409: SonicWall SMA1000 WorkPlace — Unauthenticated SSRF (CVSS 10.0) SonicWall SMA1000 Appliance Critical 10 Yes Jul 15, 2026
Read →
CVE-2026-15410 CVE-2026-15410: SonicWall SMA1000 AMC — Code Injection Remote Code Execution SonicWall SMA1000 Appliance High 7.2 Yes Jul 15, 2026
Read →
CVE-2026-56155 CVE-2026-56155: Microsoft Active Directory Federation Services — Local Privilege Escalation Microsoft Active Directory Federation Services High 7.8 Yes Jul 15, 2026
Read →
CVE-2026-56164 CVE-2026-56164: Microsoft SharePoint Server — Missing Authentication Privilege Escalation Microsoft SharePoint Server Critical 9.8 Yes Jul 15, 2026
Read →
CVE-2026-48939 CVE-2026-48939: iCagenda -- Dual-Path File Upload RCE and Access Control Bypass iCagenda iCagenda (Joomla component) Critical 9.8 Yes Jul 10, 2026
Read →
CVE-2026-56291 CVE-2026-56291: Balbooa Forms -- Unauthenticated File Upload RCE in Joomla Balbooa Balbooa Forms (Joomla extension) Critical 9.8 Yes Jul 10, 2026
Read →
CVE-2026-48282 CVE-2026-48282: Adobe ColdFusion RDS FILEIO Path Traversal to Unauthenticated RCE Adobe ColdFusion Critical 10 Yes Jul 8, 2026
Read →
CVE-2026-48908 CVE-2026-48908: JoomShaper SP Page Builder Unauthenticated File Upload to RCE JoomShaper SP Page Builder Critical 10 Yes Jul 8, 2026
Read →
CVE-2026-55255 CVE-2026-55255: Langflow IDOR in /api/v1/responses Allows Authenticated Attackers to Execute Arbitrary User Flows DataStax / Langflow Langflow Critical 9.9 Yes Jul 8, 2026
Read →
CVE-2026-56290 CVE-2026-56290: Joomlack Page Builder CK Unauthenticated File Upload to RCE Joomlack Page Builder CK Critical 9.8 Yes Jul 8, 2026
Read →
CVE-2026-45659 CVE-2026-45659: Microsoft SharePoint Server -- Deserialization RCE Microsoft SharePoint Server High 8.8 Yes Jul 2, 2026
Read →
CVE-2026-48558 CVE-2026-48558: SimpleHelp — OIDC Authentication Bypass via Unsigned Token Acceptance SimpleHelp SimpleHelp Critical 10 Yes Jun 30, 2026
Read →
CVE-2026-12569 CVE-2026-12569: PTC Windchill — Unauthenticated Deserialization RCE PTC Windchill PDMLink / FlexPLM Critical 9.3 Yes Jun 25, 2026
Read →
CVE-2026-20230 CVE-2026-20230: Cisco Unified CM — SSRF to Root via Webshell Cisco Unified Communications Manager High 8.6 Yes Jun 25, 2026
Read →
CVE-2026-34909 CVE-2026-34909: Ubiquiti UniFi OS — Path Traversal Ubiquiti UniFi OS Server Critical 10 Yes Jun 25, 2026
Read →
CVE-2026-34910 CVE-2026-34910: Ubiquiti UniFi OS — Command Injection Ubiquiti UniFi OS Server Critical 10 Yes Jun 25, 2026
Read →
CVE-2025-67038 CVE-2025-67038: Lantronix EDS5000 -- OS Command Injection (Root) Lantronix EDS5000 Critical 9.8 Yes Jun 24, 2026
Read →
CVE-2026-34910 CVE-2026-34908/34909/34910: Ubiquiti UniFi OS — Unauthenticated Root RCE Chain Ubiquiti UniFi OS Critical 10 Yes Jun 24, 2026
Read →
CVE-2026-20253 CVE-2026-20253: Splunk Enterprise — Unauthenticated PostgreSQL Sidecar RCE Splunk Splunk Enterprise Critical 9.8 Yes Jun 19, 2026
Read →
CVE-2026-48907 CVE-2026-48907: Joomla Content Editor — Unauthenticated RCE via File Upload Widget Factory Joomla Content Editor (JCE) Critical 10 Yes Jun 17, 2026
Read →
CVE-2026-54420 CVE-2026-54420: LiteSpeed cPanel Plugin — UNIX Symlink Following Allows Container Escape on Shared Hosting LiteSpeed Technologies LiteSpeed cPanel Plugin High 8.5 Yes Jun 16, 2026
Read →
CVE-2026-10520 CVE-2026-10520: Ivanti Sentry — Pre-Authentication OS Command Injection (CVSS 10.0) Ivanti Sentry (formerly MobileIron Sentry) Critical 10 Yes Jun 12, 2026
Read →
CVE-2026-35273 CVE-2026-35273: Oracle PeopleSoft PeopleTools — Missing Authentication Enabling Unauthenticated Takeover Oracle PeopleSoft Enterprise PeopleTools Critical 9.8 Yes Jun 12, 2026
Read →
CVE-2026-11645 CVE-2026-11645: Google Chromium V8 Out-of-Bounds Read/Write — Actively Exploited Browser RCE Google Chromium V8 High 8.8 Yes Jun 10, 2026
Read →
CVE-2026-20245 CVE-2026-20245: Cisco Catalyst SD-WAN Manager CLI Command Injection — Unpatched Root Privilege Escalation Cisco Catalyst SD-WAN Manager High 7.8 No Jun 10, 2026
Read →
CVE-2026-42271 CVE-2026-42271: LiteLLM Command Injection in MCP Endpoints Gives Any User Shell Access BerriAI LiteLLM High 8.8 Yes Jun 9, 2026
Read →
CVE-2026-50751 CVE-2026-50751: Check Point Security Gateway IKEv1 Authentication Bypass — Qilin Ransomware Exploiting in the Wild Check Point Security Gateway Critical 9.3 Yes Jun 9, 2026
Read →
CVE-2026-28318 CVE-2026-28318: SolarWinds Serv-U Unauthenticated DoS via Deflate Header SolarWinds Serv-U High 7.5 Yes Jun 6, 2026
Read →
CVE-2026-41089 CVE-2026-41089: Windows Netlogon Pre-Authentication RCE — Unauthenticated Domain Controller Takeover Microsoft Windows Netlogon (Windows Server) Critical 9.8 Yes Jun 5, 2026
Read →
CVE-2026-45247 CVE-2026-45247: Mirasvit Full Page Cache Warmer — Unauthenticated PHP Object Injection RCE Mirasvit Full Page Cache Warmer for Magento 2 Critical 9.8 Yes Jun 4, 2026
Read →
CVE-2022-0492 CVE-2022-0492: Linux Kernel cgroups v1 — Container Escape and Privilege Escalation Linux Kernel High 7.8 Yes Jun 3, 2026
Read →
CVE-2025-48595 CVE-2025-48595: Android Framework — Integer Overflow Enabling Local Privilege Escalation Android Framework High 8.4 Yes Jun 3, 2026
Read →
CVE-2024-21182 CVE-2024-21182: Oracle WebLogic Server -- Unauthenticated Information Disclosure via T3/IIOP Oracle WebLogic Server High 7.5 Yes Jun 2, 2026
Read →
CVE-2026-0257 CVE-2026-0257: Palo Alto Networks PAN-OS GlobalProtect Authentication Bypass via Cookie Forgery Palo Alto Networks PAN-OS High 7.8 Yes May 30, 2026
Read →
CVE-2026-45321 CVE-2026-45321: TanStack npm Supply Chain Compromise -- Credential-Stealing Malware in 42 Packages TanStack TanStack Critical 9.6 Yes May 28, 2026
Read →
CVE-2026-48027 CVE-2026-48027: Nx Console VS Code Extension -- Supply Chain Compromise and Credential Theft Nx Nx Console Critical 9.8 Yes May 28, 2026
Read →
CVE-2026-8398 CVE-2026-8398: DAEMON Tools Lite -- Official Installer Backdoored with Signed Malware Daemon Daemon Tools Lite Critical 9.8 Yes May 28, 2026
Read →
CVE-2026-48172 CVE-2026-48172: LiteSpeed cPanel Plugin -- Root Privilege Escalation via redisAble API LiteSpeed Technologies LiteSpeed cPanel Plugin Critical 10 Yes May 27, 2026
Read →
CVE-2026-20122 CVE-2026-20122/20128/20133: Cisco Catalyst SD-WAN Manager Exploitation Chain Cisco Catalyst SD-WAN Manager High 7.5 Yes May 23, 2026
Read →
CVE-2026-21643 CVE-2026-21643: Fortinet FortiClient EMS Unauthenticated SQL Injection Fortinet FortiClient EMS Critical 9.8 Yes May 23, 2026
Read →
CVE-2026-9082 CVE-2026-9082: Drupal Core SQL Injection via PostgreSQL Database Abstraction API Drupal Association Drupal Core High 8.1 Yes May 22, 2026
Read →
CVE-2025-34291 CVE-2025-34291: Langflow -- Origin Validation Error Enabling Unauthenticated RCE Langflow (DataStax) Langflow Critical 9.8 Yes May 21, 2026
Read →
CVE-2026-34926 CVE-2026-34926: Trend Micro Apex One -- Directory Traversal Enabling Arbitrary File Read/Write Trend Micro Apex One (On-Premise) High 7.5 Yes May 21, 2026
Read →
CVE-2009-3459 CVE-2009-3459: Adobe Acrobat and Reader -- Heap-Based Buffer Overflow via Malicious PDF Adobe Systems Adobe Acrobat and Reader Critical 9.3 Yes May 20, 2026
Read →
CVE-2009-1537 CVE-2009-1537: Microsoft DirectX -- MPEG2 Null Byte Overwrite via quartz.dll Microsoft Microsoft DirectX (quartz.dll) Critical 9.3 Yes May 20, 2026
Read →
CVE-2008-4250 CVE-2008-4250: MS08-067 -- Windows Server Service RPC Buffer Overflow (Conficker) Microsoft Microsoft Windows (Server Service) Critical 10 Yes May 20, 2026
Read →
CVE-2010-0249 CVE-2010-0249: Internet Explorer -- Operation Aurora Use-After-Free (IE6/IE7 RCE) Microsoft Microsoft Internet Explorer Critical 9.3 Yes May 20, 2026
Read →
CVE-2010-0806 CVE-2010-0806: Internet Explorer -- DHTML Peering Use-After-Free (Drive-By RCE) Microsoft Microsoft Internet Explorer Critical 9.3 Yes May 20, 2026
Read →
CVE-2026-41091 CVE-2026-41091: Microsoft Defender Symlink Following -- Low-Privilege to SYSTEM via Malware Protection Engine Microsoft Defender (Microsoft Malware Protection Engine) High 7.8 Yes May 20, 2026
Read →
CVE-2026-45498 CVE-2026-45498: Microsoft Defender -- Denial of Service via Malformed Input Microsoft Microsoft Defender Antivirus High 7 Yes May 20, 2026
Read →
CVE-2026-42897 CVE-2026-42897: Microsoft Exchange Server XSS in Outlook Web Access Microsoft Exchange Server High 8 Yes May 15, 2026
Read →
CVE-2026-20182 CVE-2026-20182: Cisco Catalyst SD-WAN Authentication Bypass -- Unauthenticated Admin Access Cisco Catalyst SD-WAN Controller & Manager Critical 9.8 Yes May 14, 2026
Read →
CVE-2026-42208 CVE-2026-42208: SQL Injection in BerriAI LiteLLM Exposes AI Proxy Credentials BerriAI LiteLLM High 8.1 Yes May 8, 2026
Read →
CVE-2026-6973 CVE-2026-6973: Ivanti EPMM Improper Input Validation Enables Authenticated RCE Ivanti Endpoint Manager Mobile (EPMM) High 7.2 Yes May 7, 2026
Read →
CVE-2026-0300 CVE-2026-0300: Palo Alto PAN-OS Out-of-Bounds Write Leads to Root RCE on Firewalls Palo Alto Networks PAN-OS Critical 9.8 Yes May 6, 2026
Read →
CVE-2026-31431 CVE-2026-31431: Linux Kernel Privilege Escalation via Incorrect Resource Transfer Linux Linux Kernel High 7.8 Yes May 1, 2026
Read →
CVE-2026-41940 CVE-2026-41940: cPanel & WHM Authentication Bypass -- Unauthenticated Control Panel Access WebPros cPanel & WHM Critical 9.8 Yes Apr 30, 2026
Read →
CVE-2024-1708 CVE-2024-1708: ConnectWise ScreenConnect Path Traversal -- RMM Tools as Attack Vectors ConnectWise ScreenConnect Critical 9.8 Yes Apr 28, 2026
Read →
CVE-2024-57726 CVE-2024-57726: SimpleHelp Missing Authorization -- Privilege Escalation via API Keys SimpleHelp SimpleHelp Remote Support High 7.8 Yes Apr 24, 2026
Read →
CVE-2024-57728 CVE-2024-57728: SimpleHelp Path Traversal (Zip Slip) -- Arbitrary File Write via Admin Upload SimpleHelp SimpleHelp Remote Support Critical 9.1 Yes Apr 24, 2026
Read →
CVE-2024-7399 CVE-2024-7399: Samsung MagicINFO 9 Server Unauthenticated File Write Leading to RCE Samsung MagicINFO 9 Server Critical 9.8 Yes Apr 24, 2026
Read →
CVE-2025-29635 CVE-2025-29635: D-Link DIR-823X Command Injection -- End-of-Life Device with No Fix D-Link DIR-823X High 7.2 No Apr 24, 2026
Read →
CVE-2026-39987 CVE-2026-39987: Marimo Unauthenticated WebSocket PTY Shell Exposes Full RCE Marimo / CoreWeave Marimo Critical 9.8 Yes Apr 23, 2026
Read →
CVE-2026-33825 CVE-2026-33825: Microsoft Defender Insufficient Access Control -- Local Privilege Escalation Microsoft Defender High 7.8 Yes Apr 22, 2026
Read →
CVE-2023-27351 CVE-2023-27351: PaperCut NG/MF Improper Authentication -- SecurityRequestFilter Bypass PaperCut PaperCut NG / MF Critical 9.8 Yes Apr 20, 2026
Read →
CVE-2024-27199 CVE-2024-27199: JetBrains TeamCity Unauthenticated Path Traversal Enables Admin Actions JetBrains TeamCity High 7.3 Yes Apr 20, 2026
Read →
CVE-2025-2749 CVE-2025-2749: Kentico Xperience Path Traversal -- Authenticated Staging Sync File Write Kentico Kentico Xperience High 7.5 Yes Apr 20, 2026
Read →
CVE-2025-32975 CVE-2025-32975: Quest KACE Systems Management Appliance Improper Authentication Quest KACE Systems Management Appliance (SMA) Critical 9.8 Yes Apr 20, 2026
Read →
CVE-2026-34197 CVE-2026-34197: Apache ActiveMQ RCE via Jolokia JMX-HTTP Bridge Apache ActiveMQ High 8.8 Yes Apr 16, 2026
Read →
CVE-2023-21529 CVE-2023-21529: Microsoft Exchange Server Deserialization -- Authenticated RCE Microsoft Exchange Server High 8.8 Yes Apr 13, 2026
Read →
CVE-2026-1340 CVE-2026-1340: Ivanti EPMM Unauthenticated Code Injection Enables Full RCE Ivanti Endpoint Manager Mobile (EPMM) Critical 9.8 Yes Apr 8, 2026
Read →
CVE-2026-35616 CVE-2026-35616: Fortinet FortiClient EMS Improper Access Control -- Unauthenticated RCE Fortinet FortiClient EMS Critical 9.8 Yes Apr 6, 2026
Read →
CVE-2026-3055 CVE-2026-3055: Citrix NetScaler Out-of-Bounds Read -- SAML IDP Memory Disclosure Citrix NetScaler ADC / Gateway High 8.8 Yes Mar 30, 2026
Read →
CVE-2025-53521 CVE-2025-53521: F5 BIG-IP APM Stack-Based Buffer Overflow -- RCE F5 BIG-IP APM High 8.8 Yes Mar 27, 2026
Read →
CVE-2026-33634 CVE-2026-33634: Aqua Security Trivy Supply Chain Attack -- Embedded Malicious Code Aqua Security Trivy Critical 9.5 Yes Mar 26, 2026
Read →
CVE-2026-33017 CVE-2026-33017: Langflow Code Injection -- Unauthenticated RCE via Public Flows Langflow Langflow Critical 9.8 Yes Mar 25, 2026
Read →
CVE-2025-32432 CVE-2025-32432: Craft CMS Code Injection -- Remote Code Execution Craft CMS Craft CMS Critical 9.8 Yes Mar 20, 2026
Read →
CVE-2026-20131 CVE-2026-20131: Cisco FMC Deserialization -- Unauthenticated RCE as Root Cisco Secure Firewall Management Center (FMC) / Security Cloud Control Critical 9.8 Yes Mar 19, 2026
Read →
CVE-2026-20963 CVE-2026-20963: Microsoft SharePoint Deserialization -- Unauthenticated Network RCE Microsoft SharePoint Server Critical 9.8 Yes Mar 18, 2026
Read →
CVE-2026-3910 CVE-2026-3910: Google Chromium V8 Memory Buffer -- Sandbox RCE via Crafted HTML Google Chromium / Chrome High 8.8 Yes Mar 13, 2026
Read →
CVE-2025-68613 CVE-2025-68613: n8n Workflow Automation RCE -- Expression Evaluation Code Injection n8n n8n Workflow Automation Critical 9.8 Yes Mar 11, 2026
Read →
CVE-2025-26399 CVE-2025-26399: SolarWinds Web Help Desk Deserialization -- RCE via AjaxProxy SolarWinds Web Help Desk Critical 9.8 Yes Mar 9, 2026
Read →
CVE-2026-1603 CVE-2026-1603: Ivanti EPM Auth Bypass -- Unauthenticated Credential Data Leak Ivanti Endpoint Manager (EPM) Critical 9.8 Yes Mar 9, 2026
Read →
CVE-2026-22719 CVE-2026-22719: VMware Aria Operations Command Injection -- Unauthenticated RCE via Migration Broadcom VMware Aria Operations (vRealize Operations) Critical 9.8 Yes Mar 3, 2026
Read →
CVE-2022-20775 CVE-2022-20775: Cisco SD-WAN CLI -- Path Traversal Privilege Escalation Cisco Cisco SD-WAN High 7.8 Yes Feb 25, 2026
Read →
CVE-2026-20127 CVE-2026-20127: Cisco Catalyst SD-WAN Auth Bypass -- Unauthenticated Admin Access Cisco Catalyst SD-WAN Controller and Manager Critical 9.8 Yes Feb 25, 2026
Read →
CVE-2026-25108 CVE-2026-25108: Soliton FileZen -- OS Command Injection via HTTP Request Soliton Systems K.K. FileZen High 8.8 Yes Feb 24, 2026
Read →
CVE-2025-49113 CVE-2025-49113: Roundcube Webmail Deserialization -- Authenticated RCE via upload.php Roundcube Roundcube Webmail High 8.8 Yes Feb 20, 2026
Read →
CVE-2026-22769 CVE-2026-22769: Dell RecoverPoint for VMs -- Hard-Coded Credentials Dell RecoverPoint for Virtual Machines (RP4VMs) Critical 9.8 Yes Feb 18, 2026
Read →
CVE-2020-7796 CVE-2020-7796: Synacor Zimbra Collaboration Suite -- SSRF via WebEx Zimlet Synacor Zimbra Collaboration Suite (ZCS) Critical 9.8 Yes Feb 17, 2026
Read →
CVE-2008-0015 CVE-2008-0015: Microsoft Windows Video ActiveX Control -- Remote Code Execution Microsoft Windows Video ActiveX Control Critical 9.3 Yes Feb 17, 2026
Read →
CVE-2024-7694 CVE-2024-7694: TeamT5 ThreatSonar Anti-Ransomware -- Unrestricted File Upload RCE TeamT5 ThreatSonar Anti-Ransomware High 7.2 Yes Feb 17, 2026
Read →
CVE-2026-2441 CVE-2026-2441: Google Chromium CSS -- Use-After-Free Heap Corruption Google Chromium / Chrome / Edge / Opera High 8.8 Yes Feb 17, 2026
Read →
CVE-2026-1731 CVE-2026-1731: BeyondTrust Remote Support OS Command Injection -- Unauthenticated RCE BeyondTrust Remote Support / Privileged Remote Access Critical 9.8 Yes Feb 13, 2026
Read →
CVE-2024-43468 CVE-2024-43468: Microsoft Configuration Manager -- Unauthenticated SQL Injection RCE Microsoft Microsoft Configuration Manager (SCCM/MEM) Critical 9.8 Yes Feb 12, 2026
Read →
CVE-2025-15556 CVE-2025-15556: Notepad++ WinGUp Updater -- Download Without Integrity Check Notepad++ Notepad++ (WinGUp updater) High 7.5 Yes Feb 12, 2026
Read →
CVE-2025-40536 CVE-2025-40536: SolarWinds Web Help Desk -- Security Control Bypass SolarWinds Web Help Desk Critical 9.1 Yes Feb 12, 2026
Read →
CVE-2026-20700 CVE-2026-20700: Apple Multiple Products -- Buffer Overflow RCE Apple iOS / macOS / tvOS / watchOS / visionOS High 8.8 Yes Feb 12, 2026
Read →
CVE-2026-21510 CVE-2026-21510: Microsoft Windows Shell -- Protection Mechanism Failure Microsoft Windows Shell High 8.1 Yes Feb 10, 2026
Read →
CVE-2026-21513 CVE-2026-21513: Microsoft Windows MSHTML -- Protection Mechanism Failure Microsoft Windows MSHTML High 8.1 Yes Feb 10, 2026
Read →
CVE-2026-21514 CVE-2026-21514: Microsoft Office Word -- Reliance on Untrusted Inputs Privilege Escalation Microsoft Microsoft Office Word High 7.8 Yes Feb 10, 2026
Read →
CVE-2026-21519 CVE-2026-21519: Microsoft Desktop Window Manager -- Type Confusion Privilege Escalation Microsoft Windows Desktop Window Manager (DWM) High 7.8 Yes Feb 10, 2026
Read →
CVE-2026-21533 CVE-2026-21533: Microsoft Windows Remote Desktop Services -- Privilege Escalation Microsoft Windows Remote Desktop Services High 7.8 Yes Feb 10, 2026
Read →
CVE-2025-11953 CVE-2025-11953: React Native Community CLI -- Metro Dev Server OS Command Injection React Native Community React Native CLI / Metro Development Server Critical 9.8 Yes Feb 5, 2026
Read →
CVE-2026-24423 CVE-2026-24423: SmarterTools SmarterMail -- Missing Authentication RCE via ConnectToHub SmarterTools SmarterMail Critical 9.8 Yes Feb 5, 2026
Read →
CVE-2019-19006 CVE-2019-19006: Sangoma FreePBX -- Improper Authentication Bypass Sangoma FreePBX Critical 9.8 Yes Feb 3, 2026
Read →
CVE-2025-40551 CVE-2025-40551: SolarWinds Web Help Desk -- Deserialization RCE SolarWinds Web Help Desk Critical 9.8 Yes Feb 3, 2026
Read →
CVE-2025-64328 CVE-2025-64328: Sangoma FreePBX Endpoint Manager -- Post-Auth OS Command Injection Sangoma FreePBX Endpoint Manager High 8.8 Yes Feb 3, 2026
Read →
CVE-2025-14847 CVE-2025-14847: MongoDB Server -- Zlib Compressed Protocol Heap Memory Disclosure MongoDB MongoDB Server High 7.5 Yes Dec 29, 2025
Read →
CVE-2023-52163 CVE-2023-52163: Digiever DS-2105 Pro -- Missing Authorization / Command Injection Digiever DS-2105 Pro NVR Critical 9.8 No Dec 22, 2025
Read →
CVE-2025-14733 CVE-2025-14733: WatchGuard Firebox -- Out-of-Bounds Write RCE via IKEv2 WatchGuard Firebox / Fireware OS Critical 9.8 Yes Dec 19, 2025
Read →
CVE-2025-20393 CVE-2025-20393: Cisco Secure Email -- OS Command Injection with Root Privileges Cisco Secure Email Gateway / AsyncOS / Web Manager High 8.8 Yes Dec 17, 2025
Read →
CVE-2025-40602 CVE-2025-40602: SonicWall SMA1000 -- Missing Authorization Privilege Escalation SonicWall SMA1000 Appliance High 8.8 Yes Dec 17, 2025
Read →
CVE-2025-59374 CVE-2025-59374: ASUS Live Update -- Embedded Malicious Code (Supply Chain) ASUS ASUS Live Update High 7.5 No Dec 17, 2025
Read →
CVE-2025-59718 CVE-2025-59718: Fortinet FortiOS/FortiProxy/FortiWeb -- SAML Authentication Bypass Fortinet FortiOS / FortiProxy / FortiSwitchMaster / FortiWeb Critical 9.8 Yes Dec 16, 2025
Read →
CVE-2025-14611 CVE-2025-14611: Gladinet CentreStack/Triofox -- Hardcoded Cryptographic Keys Gladinet CentreStack / Triofox Critical 9.1 Yes Dec 15, 2025
Read →
CVE-2025-43529 CVE-2025-43529: Apple Multiple Products WebKit -- Use-After-Free Memory Corruption Apple iOS/iPadOS/macOS/Safari High 8.8 Yes Dec 15, 2025
Read →
CVE-2018-4063 CVE-2018-4063: Sierra Wireless AirLink ALEOS -- Unrestricted File Upload RCE Sierra Wireless AirLink ALEOS High 8.8 No Dec 12, 2025
Read →
CVE-2025-14174 CVE-2025-14174: Google Chromium ANGLE -- Out-of-Bounds Memory Access Google Chromium / Chrome / Edge / Opera High 8.8 Yes Dec 12, 2025
Read →
CVE-2025-58360 CVE-2025-58360: OSGeo GeoServer -- XXE via WMS GetMap Endpoint OSGeo GeoServer High 7.5 Yes Dec 11, 2025
Read →
CVE-2025-6218 CVE-2025-6218: RARLAB WinRAR -- Path Traversal Code Execution RARLAB WinRAR High 7.8 Yes Dec 9, 2025
Read →
CVE-2025-62221 CVE-2025-62221: Microsoft Windows Cloud Files Mini Filter Driver -- Use-After-Free Privilege Escalation Microsoft Windows Cloud Files Mini Filter Driver High 7.8 Yes Dec 9, 2025
Read →
CVE-2022-37055 CVE-2022-37055: D-Link Routers -- Buffer Overflow RCE D-Link D-Link Routers Critical 9.8 No Dec 8, 2025
Read →
CVE-2025-66644 CVE-2025-66644: Array Networks ArrayOS AG -- OS Command Injection Array Networks ArrayOS AG Critical 9.8 Yes Dec 8, 2025
Read →
CVE-2025-55182 CVE-2025-55182: Meta React Server Components -- Unauthenticated RCE Meta React Server Components React Server Components Critical 9.8 Yes Dec 5, 2025
Read →
CVE-2021-26828 CVE-2021-26828: OpenPLC ScadaBR -- Unrestricted File Upload RCE OpenPLC ScadaBR ScadaBR High 8.8 Yes Dec 3, 2025
Read →
CVE-2025-48572 CVE-2025-48572: Android Framework -- Privilege Escalation Vulnerability Android Framework Android Framework High 7.8 Yes Dec 2, 2025
Read →
CVE-2025-29824 CVE-2025-29824: Windows CLFS -- Zero-Day Privilege Escalation Microsoft Windows (CLFS Driver) High 7.8 Yes Apr 8, 2025
Read →
CVE-2025-30065 CVE-2025-30065: Apache Parquet -- Remote Code Execution Apache Software Foundation Apache Parquet Critical 10 Yes Apr 2, 2025
Read →
CVE-2025-26633 CVE-2025-26633: Microsoft MMC -- Zero-Day Security Feature Bypass Microsoft Microsoft Management Console High 7 Yes Mar 11, 2025
Read →
CVE-2025-21418 CVE-2025-21418: Windows AFD Driver -- Privilege Escalation Microsoft Windows AFD Driver High 7.8 Yes Feb 11, 2025
Read →
CVE-2025-23006 CVE-2025-23006: SonicWall SMA 1000 -- Pre-Auth Deserialization RCE SonicWall SonicWall SMA 1000 Critical 9.8 Yes Jan 24, 2025
Read →
CVE-2025-0282 CVE-2025-0282: Ivanti Connect Secure -- Stack Overflow Zero-Day RCE Ivanti Connect Secure / Policy Secure / Neurons for ZTA Critical 9 Yes Jan 8, 2025
Read →
CVE-2024-55956 CVE-2024-55956: Cleo MFT -- Unrestricted File Upload to RCE Cleo Harmony / VLTrader / LexiCom Critical 9.8 Yes Dec 17, 2024
Read →
CVE-2024-50623 CVE-2024-50623: Cleo Harmony/VLTrader -- Unrestricted File Upload and Download RCE Cleo Harmony / VLTrader / LexiCom High 8.8 Yes Dec 13, 2024
Read →
CVE-2024-43451 CVE-2024-43451: Windows -- NTLM Hash Disclosure Spoofing Microsoft Windows High 7.5 Yes Nov 12, 2024
Read →
CVE-2024-49039 CVE-2024-49039: Windows Task Scheduler -- Privilege Escalation Microsoft Windows Task Scheduler High 8.8 Yes Nov 12, 2024
Read →
CVE-2024-38094 CVE-2024-38094: Microsoft SharePoint Server -- Remote Code Execution Microsoft SharePoint Server High 7.2 Yes Oct 22, 2024
Read →
CVE-2024-23113 CVE-2024-23113: Fortinet FortiOS -- Format String RCE Fortinet FortiOS / FortiProxy / FortiPAM / FortiWeb Critical 9.8 Yes Oct 9, 2024
Read →
CVE-2024-29824 CVE-2024-29824: Ivanti EPM -- SQL Injection to RCE Ivanti Endpoint Manager (EPM) Critical 9.6 Yes Oct 2, 2024
Read →
CVE-2024-38193 CVE-2024-38193: Windows AFD Driver -- Privilege Escalation Microsoft Windows AFD Driver High 7.8 Yes Aug 13, 2024
Read →
CVE-2024-38112 CVE-2024-38112: Windows MSHTML -- Platform Spoofing Microsoft Windows MSHTML Platform High 7.5 Yes Jul 9, 2024
Read →
CVE-2024-6387 CVE-2024-6387: OpenSSH regreSSHion -- Unauthenticated RCE in sshd OpenSSH OpenSSH (sshd) High 8.1 Yes Jul 1, 2024
Read →
CVE-2024-26169 CVE-2024-26169: Windows Error Reporting -- Privilege Escalation Microsoft Windows Error Reporting Service High 7.8 Yes Jun 13, 2024
Read →
CVE-2024-4577 CVE-2024-4577: PHP CGI -- Argument Injection RCE on Windows PHP Group PHP (CGI mode on Windows) Critical 9.8 Yes Jun 12, 2024
Read →
CVE-2024-30080 CVE-2024-30080: Microsoft MSMQ -- Remote Code Execution Microsoft Microsoft Message Queuing Critical 9.8 Yes Jun 11, 2024
Read →
CVE-2024-30051 CVE-2024-30051: Windows DWM Core Library -- Privilege Escalation Microsoft Windows Desktop Window Manager High 7.8 Yes May 14, 2024
Read →
CVE-2023-7028 CVE-2023-7028: GitLab -- Account Takeover via Email Reset GitLab GitLab CE/EE Critical 10 Yes May 1, 2024
Read →
CVE-2024-20353 CVE-2024-20353: Cisco ASA/FTD -- ArcaneDoor DoS and Memory Leak Cisco Cisco ASA / Firepower Threat Defense High 8.6 Yes Apr 24, 2024
Read →
CVE-2024-3400 CVE-2024-3400: Palo Alto PAN-OS GlobalProtect -- Zero-Day Command Injection Palo Alto Networks PAN-OS Critical 10 Yes Apr 12, 2024
Read →
CVE-2023-48788 CVE-2023-48788: Fortinet FortiClientEMS -- SQL Injection to RCE Fortinet FortiClientEMS Critical 9.8 Yes Mar 25, 2024
Read →
CVE-2024-27198 CVE-2024-27198: JetBrains TeamCity -- Authentication Bypass to RCE JetBrains TeamCity Critical 9.8 Yes Mar 7, 2024
Read →
CVE-2024-21338 CVE-2024-21338: Windows Kernel -- Privilege Escalation Microsoft Windows Kernel High 7.8 Yes Mar 4, 2024
Read →
CVE-2024-1709 CVE-2024-1709: ConnectWise ScreenConnect -- Authentication Bypass (CVSS 10.0) ConnectWise ScreenConnect Critical 10 Yes Feb 22, 2024
Read →
CVE-2024-21762 CVE-2024-21762: Fortinet FortiOS SSL VPN -- Out-of-Bounds Write RCE Fortinet FortiOS Critical 9.6 Yes Feb 9, 2024
Read →
CVE-2024-21893 CVE-2024-21893: Ivanti Connect Secure -- SSRF to Authentication Bypass Ivanti Connect Secure / Policy Secure High 8.2 Yes Jan 31, 2024
Read →
CVE-2023-46805 CVE-2023-46805: Ivanti Connect Secure -- Authentication Bypass via Path Traversal Ivanti Connect Secure / Policy Secure High 8.2 Yes Jan 10, 2024
Read →
CVE-2024-21887 CVE-2024-21887: Ivanti Connect Secure -- Authenticated Command Injection Ivanti Connect Secure / Policy Secure Critical 9.1 Yes Jan 10, 2024
Read →
CVE-2023-49103 CVE-2023-49103: ownCloud graphapi -- Sensitive Information Disclosure (CVSS 10.0) ownCloud ownCloud (graphapi app) Critical 10 Yes Nov 30, 2023
Read →
CVE-2023-1671 CVE-2023-1671: Sophos Web Appliance -- Pre-Auth Command Injection Sophos Sophos Web Appliance Critical 9.8 Yes Nov 16, 2023
Read →
CVE-2023-36025 CVE-2023-36025: Windows SmartScreen -- Security Feature Bypass Microsoft Windows SmartScreen High 8.8 Yes Nov 14, 2023
Read →
CVE-2023-36844 CVE-2023-36844: Juniper SRX/EX -- PHP Environment Variable Injection Juniper Juniper SRX / EX Series Critical 9.8 Yes Nov 13, 2023
Read →
CVE-2023-20273 CVE-2023-20273: Cisco IOS XE Web UI -- Command Injection Cisco Cisco IOS XE High 7.2 Yes Oct 23, 2023
Read →
CVE-2023-4966 CVE-2023-4966: Citrix NetScaler Bleed -- Session Token Leak Citrix NetScaler ADC / NetScaler Gateway Critical 9.4 Yes Oct 18, 2023
Read →
CVE-2023-20198 CVE-2023-20198: Cisco IOS XE Web UI -- Zero-Day Privilege Escalation (CVSS 10.0) Cisco IOS XE Critical 10 Yes Oct 16, 2023
Read →
CVE-2023-22515 CVE-2023-22515: Atlassian Confluence -- Privilege Escalation to Admin Atlassian Confluence Data Center and Server Critical 10 Yes Oct 5, 2023
Read →
CVE-2023-40044 CVE-2023-40044: Progress WS_FTP Server -- Deserialization RCE Progress Software WS_FTP Server Critical 10 Yes Oct 5, 2023
Read →
CVE-2023-42793 CVE-2023-42793: JetBrains TeamCity -- Pre-Auth Authentication Bypass JetBrains TeamCity Critical 9.8 Yes Oct 4, 2023
Read →
CVE-2023-35078 CVE-2023-35078: Ivanti EPMM -- Unauthenticated API Access Ivanti Endpoint Manager Mobile (EPMM) Critical 10 Yes Jul 25, 2023
Read →
CVE-2023-27997 CVE-2023-27997: Fortinet FortiGate SSL-VPN -- Pre-Auth Heap Overflow RCE Fortinet FortiOS / FortiProxy Critical 9.8 Yes Jun 13, 2023
Read →
CVE-2023-34362 CVE-2023-34362: MOVEit Transfer -- SQL Injection to RCE Progress Software MOVEit Transfer Critical 9.8 Yes Jun 2, 2023
Read →
CVE-2023-28771 CVE-2023-28771: Zyxel Firewall -- Pre-Auth OS Command Injection Zyxel Zyxel Firewall Critical 9.8 Yes May 31, 2023
Read →
CVE-2023-27350 CVE-2023-27350: PaperCut MF/NG -- Authentication Bypass RCE PaperCut PaperCut MF/NG Critical 9.8 Yes Apr 21, 2023
Read →
CVE-2023-26360 CVE-2023-26360: Adobe ColdFusion -- Deserialization RCE Adobe ColdFusion High 8.6 Yes Mar 15, 2023
Read →
CVE-2022-47986 CVE-2022-47986: IBM Aspera Faspex -- YAML Deserialization RCE IBM Aspera Faspex Critical 9.8 Yes Feb 21, 2023
Read →
CVE-2023-0669 CVE-2023-0669: GoAnywhere MFT -- Pre-Auth Remote Code Execution Fortra (formerly HelpSystems) GoAnywhere MFT High 7.2 Yes Feb 10, 2023
Read →
CVE-2022-42475 CVE-2022-42475: Fortinet FortiOS -- Heap Overflow RCE Fortinet FortiOS Critical 9.3 Yes Dec 13, 2022
Read →
CVE-2022-27510 CVE-2022-27510: Citrix ADC/Gateway -- Authentication Bypass Citrix Citrix ADC / Citrix Gateway Critical 9.8 Yes Nov 8, 2022
Read →
CVE-2022-41040 CVE-2022-41040: Microsoft Exchange -- ProxyNotShell SSRF Microsoft Exchange Server High 8.8 Yes Sep 30, 2022
Read →
CVE-2022-3236 CVE-2022-3236: Sophos Firewall -- User Portal and Webadmin Code Injection Sophos Sophos Firewall Critical 9.8 Yes Sep 23, 2022
Read →
CVE-2022-26134 CVE-2022-26134: Atlassian Confluence -- OGNL Injection RCE Atlassian Confluence Server / Data Center Critical 9.8 Yes Jun 2, 2022
Read →
CVE-2022-30525 CVE-2022-30525: Zyxel Firewall -- OS Command Injection Zyxel Zyxel Firewall Critical 9.8 Yes May 16, 2022
Read →
CVE-2022-1388 CVE-2022-1388: F5 BIG-IP iControl REST -- Authentication Bypass to RCE F5 BIG-IP Critical 9.8 Yes May 10, 2022
Read →
CVE-2021-44228 CVE-2021-44228: Log4Shell -- Apache Log4j Remote Code Execution Apache Software Foundation Log4j 2 Critical 10 Yes Dec 10, 2021
Read →
CVE-2021-26855 CVE-2021-26855: Microsoft Exchange -- ProxyLogon SSRF Microsoft Exchange Server Critical 9.8 Yes Nov 3, 2021
Read →
CVE-2021-34473 CVE-2021-34473: Microsoft Exchange -- ProxyShell RCE Microsoft Exchange Server Critical 9.8 Yes Nov 3, 2021
Read →
CVE-2021-40539 CVE-2021-40539: Zoho ManageEngine ADSelfService Plus -- Unauthenticated RCE Zoho ManageEngine ADSelfService Plus Critical 9.8 Yes Nov 3, 2021
Read →