Remediation Guides
Vulnerability remediation prioritised by severity and CVSS score. Focus your team's effort on what matters most — actively exploited CVEs with available patches first.
Remediation Priority Framework
Priority 1
Immediate
CVSS ≥9.0 — Critical severity, unauthenticated exploitation, active ransomware campaigns. Patch or isolate within 24–48 hours.
Priority 2
7 Days
CVSS 7.0–8.9 — High severity, exploitation requires minimal conditions. Part of CISA BOD requirements for federal agencies.
Priority 3
30 Days
CVSS 4.0–6.9 — Medium severity, requires privileges or user interaction. Still in KEV, so exploitation is confirmed.
Priority 4
90 Days
CVSS <4.0 — Low severity but still exploited. Address in next regular patch cycle.
Patches Available
185 CVEs CVE-2026-25089 Critical Patched
CVE-2026-25089: Fortinet FortiSandbox — Unauthenticated OS Command Injection
Fortinet ·FortiSandbox, FortiSandbox Cloud, FortiSandbox PaaS ·CVSS 9.8 ·
Patch within: Immediate
View guide →
CVE-2026-39808 Critical Patched
CVE-2026-39808: Fortinet FortiSandbox — Second Unauthenticated Command Injection
Fortinet ·FortiSandbox ·CVSS 9.8 ·
Patch within: Immediate
View guide →
CVE-2026-58644 Critical Patched
CVE-2026-58644: Microsoft SharePoint — Unauthenticated Deserialization RCE
Microsoft ·Microsoft SharePoint Server ·CVSS 9.8 ·
Patch within: Immediate
View guide →
CVE-2026-46817 Critical Patched
CVE-2026-46817: Oracle E-Business Suite Payments — Unauthenticated Remote Code Execution
Oracle ·E-Business Suite (EBS) 12.2 ·CVSS 9.8 ·
Patch within: Immediate
View guide →
CVE-2026-15409 Critical Patched
CVE-2026-15409: SonicWall SMA1000 WorkPlace — Unauthenticated SSRF (CVSS 10.0)
SonicWall ·SMA1000 Appliance ·CVSS 10 ·
Patch within: Immediate
View guide →
CVE-2026-56164 Critical Patched
CVE-2026-56164: Microsoft SharePoint Server — Missing Authentication Privilege Escalation
Microsoft ·SharePoint Server ·CVSS 9.8 ·
Patch within: Immediate
View guide →
CVE-2026-48939 Critical Patched
CVE-2026-48939: iCagenda -- Dual-Path File Upload RCE and Access Control Bypass
iCagenda ·iCagenda (Joomla component) ·CVSS 9.8 ·
Patch within: Immediate
View guide →
CVE-2026-56291 Critical Patched
CVE-2026-56291: Balbooa Forms -- Unauthenticated File Upload RCE in Joomla
Balbooa ·Balbooa Forms (Joomla extension) ·CVSS 9.8 ·
Patch within: Immediate
View guide →
CVE-2026-48282 Critical Patched
CVE-2026-48282: Adobe ColdFusion RDS FILEIO Path Traversal to Unauthenticated RCE
Adobe ·ColdFusion ·CVSS 10 ·
Patch within: Immediate
View guide →
CVE-2026-48908 Critical Patched
CVE-2026-48908: JoomShaper SP Page Builder Unauthenticated File Upload to RCE
JoomShaper ·SP Page Builder ·CVSS 10 ·
Patch within: Immediate
View guide →
CVE-2026-55255 Critical Patched
CVE-2026-55255: Langflow IDOR in /api/v1/responses Allows Authenticated Attackers to Execute Arbitrary User Flows
DataStax / Langflow ·Langflow ·CVSS 9.9 ·
Patch within: Immediate
View guide →
CVE-2026-56290 Critical Patched
CVE-2026-56290: Joomlack Page Builder CK Unauthenticated File Upload to RCE
Joomlack ·Page Builder CK ·CVSS 9.8 ·
Patch within: Immediate
View guide →
CVE-2026-48558 Critical Patched
CVE-2026-48558: SimpleHelp — OIDC Authentication Bypass via Unsigned Token Acceptance
SimpleHelp ·SimpleHelp ·CVSS 10 ·
Patch within: Immediate
View guide →
CVE-2026-12569 Critical Patched
CVE-2026-12569: PTC Windchill — Unauthenticated Deserialization RCE
PTC ·Windchill PDMLink / FlexPLM ·CVSS 9.3 ·
Patch within: Immediate
View guide →
CVE-2026-34909 Critical Patched
CVE-2026-34909: Ubiquiti UniFi OS — Path Traversal
Ubiquiti ·UniFi OS Server ·CVSS 10 ·
Patch within: Immediate
View guide →
CVE-2026-34910 Critical Patched
CVE-2026-34910: Ubiquiti UniFi OS — Command Injection
Ubiquiti ·UniFi OS Server ·CVSS 10 ·
Patch within: Immediate
View guide →
CVE-2025-67038 Critical Patched
CVE-2025-67038: Lantronix EDS5000 -- OS Command Injection (Root)
Lantronix ·EDS5000 ·CVSS 9.8 ·
Patch within: Immediate
View guide →
CVE-2026-34910 Critical Patched
CVE-2026-34908/34909/34910: Ubiquiti UniFi OS — Unauthenticated Root RCE Chain
Ubiquiti ·UniFi OS ·CVSS 10 ·
Patch within: Immediate
View guide →
CVE-2026-20253 Critical Patched
CVE-2026-20253: Splunk Enterprise — Unauthenticated PostgreSQL Sidecar RCE
Splunk ·Splunk Enterprise ·CVSS 9.8 ·
Patch within: Immediate
View guide →
CVE-2026-48907 Critical Patched
CVE-2026-48907: Joomla Content Editor — Unauthenticated RCE via File Upload
Widget Factory ·Joomla Content Editor (JCE) ·CVSS 10 ·
Patch within: Immediate
View guide →
CVE-2026-10520 Critical Patched
CVE-2026-10520: Ivanti Sentry — Pre-Authentication OS Command Injection (CVSS 10.0)
Ivanti ·Sentry (formerly MobileIron Sentry) ·CVSS 10 ·
Patch within: Immediate
View guide →
CVE-2026-35273 Critical Patched
CVE-2026-35273: Oracle PeopleSoft PeopleTools — Missing Authentication Enabling Unauthenticated Takeover
Oracle ·PeopleSoft Enterprise PeopleTools ·CVSS 9.8 ·
Patch within: Immediate
View guide →
CVE-2026-50751 Critical Patched
CVE-2026-50751: Check Point Security Gateway IKEv1 Authentication Bypass — Qilin Ransomware Exploiting in the Wild
Check Point ·Security Gateway ·CVSS 9.3 ·
Patch within: Immediate
View guide →
CVE-2026-41089 Critical Patched
CVE-2026-41089: Windows Netlogon Pre-Authentication RCE — Unauthenticated Domain Controller Takeover
Microsoft ·Windows Netlogon (Windows Server) ·CVSS 9.8 ·
Patch within: Immediate
View guide →
CVE-2026-45247 Critical Patched
CVE-2026-45247: Mirasvit Full Page Cache Warmer — Unauthenticated PHP Object Injection RCE
Mirasvit ·Full Page Cache Warmer for Magento 2 ·CVSS 9.8 ·
Patch within: Immediate
View guide →
CVE-2026-45321 Critical Patched
CVE-2026-45321: TanStack npm Supply Chain Compromise -- Credential-Stealing Malware in 42 Packages
TanStack ·TanStack ·CVSS 9.6 ·
Patch within: Immediate
View guide →
CVE-2026-48027 Critical Patched
CVE-2026-48027: Nx Console VS Code Extension -- Supply Chain Compromise and Credential Theft
Nx ·Nx Console ·CVSS 9.8 ·
Patch within: Immediate
View guide →
CVE-2026-8398 Critical Patched
CVE-2026-8398: DAEMON Tools Lite -- Official Installer Backdoored with Signed Malware
Daemon ·Daemon Tools Lite ·CVSS 9.8 ·
Patch within: Immediate
View guide →
CVE-2026-48172 Critical Patched
CVE-2026-48172: LiteSpeed cPanel Plugin -- Root Privilege Escalation via redisAble API
LiteSpeed Technologies ·LiteSpeed cPanel Plugin ·CVSS 10 ·
Patch within: Immediate
View guide →
CVE-2026-21643 Critical Patched
CVE-2026-21643: Fortinet FortiClient EMS Unauthenticated SQL Injection
Fortinet ·FortiClient EMS ·CVSS 9.8 ·
Patch within: Immediate
View guide →
CVE-2025-34291 Critical Patched
CVE-2025-34291: Langflow -- Origin Validation Error Enabling Unauthenticated RCE
Langflow (DataStax) ·Langflow ·CVSS 9.8 ·
Patch within: Immediate
View guide →
CVE-2009-3459 Critical Patched
CVE-2009-3459: Adobe Acrobat and Reader -- Heap-Based Buffer Overflow via Malicious PDF
Adobe Systems ·Adobe Acrobat and Reader ·CVSS 9.3 ·
Patch within: Immediate
View guide →
CVE-2009-1537 Critical Patched
CVE-2009-1537: Microsoft DirectX -- MPEG2 Null Byte Overwrite via quartz.dll
Microsoft ·Microsoft DirectX (quartz.dll) ·CVSS 9.3 ·
Patch within: Immediate
View guide →
CVE-2008-4250 Critical Patched
CVE-2008-4250: MS08-067 -- Windows Server Service RPC Buffer Overflow (Conficker)
Microsoft ·Microsoft Windows (Server Service) ·CVSS 10 ·
Patch within: Immediate
View guide →
CVE-2010-0249 Critical Patched
CVE-2010-0249: Internet Explorer -- Operation Aurora Use-After-Free (IE6/IE7 RCE)
Microsoft ·Microsoft Internet Explorer ·CVSS 9.3 ·
Patch within: Immediate
View guide →
CVE-2010-0806 Critical Patched
CVE-2010-0806: Internet Explorer -- DHTML Peering Use-After-Free (Drive-By RCE)
Microsoft ·Microsoft Internet Explorer ·CVSS 9.3 ·
Patch within: Immediate
View guide →
CVE-2026-20182 Critical Patched
CVE-2026-20182: Cisco Catalyst SD-WAN Authentication Bypass -- Unauthenticated Admin Access
Cisco ·Catalyst SD-WAN Controller & Manager ·CVSS 9.8 ·
Patch within: Immediate
View guide →
CVE-2026-0300 Critical Patched
CVE-2026-0300: Palo Alto PAN-OS Out-of-Bounds Write Leads to Root RCE on Firewalls
Palo Alto Networks ·PAN-OS ·CVSS 9.8 ·
Patch within: Immediate
View guide →
CVE-2026-41940 Critical Patched
CVE-2026-41940: cPanel & WHM Authentication Bypass -- Unauthenticated Control Panel Access
WebPros ·cPanel & WHM ·CVSS 9.8 ·
Patch within: Immediate
View guide →
CVE-2024-1708 Critical Patched
CVE-2024-1708: ConnectWise ScreenConnect Path Traversal -- RMM Tools as Attack Vectors
ConnectWise ·ScreenConnect ·CVSS 9.8 ·
Patch within: Immediate
View guide →
CVE-2024-57728 Critical Patched
CVE-2024-57728: SimpleHelp Path Traversal (Zip Slip) -- Arbitrary File Write via Admin Upload
SimpleHelp ·SimpleHelp Remote Support ·CVSS 9.1 ·
Patch within: Immediate
View guide →
CVE-2024-7399 Critical Patched
CVE-2024-7399: Samsung MagicINFO 9 Server Unauthenticated File Write Leading to RCE
Samsung ·MagicINFO 9 Server ·CVSS 9.8 ·
Patch within: Immediate
View guide →
CVE-2026-39987 Critical Patched
CVE-2026-39987: Marimo Unauthenticated WebSocket PTY Shell Exposes Full RCE
Marimo / CoreWeave ·Marimo ·CVSS 9.8 ·
Patch within: Immediate
View guide →
CVE-2023-27351 Critical Patched
CVE-2023-27351: PaperCut NG/MF Improper Authentication -- SecurityRequestFilter Bypass
PaperCut ·PaperCut NG / MF ·CVSS 9.8 ·
Patch within: Immediate
View guide →
CVE-2025-32975 Critical Patched
CVE-2025-32975: Quest KACE Systems Management Appliance Improper Authentication
Quest ·KACE Systems Management Appliance (SMA) ·CVSS 9.8 ·
Patch within: Immediate
View guide →
CVE-2026-1340 Critical Patched
CVE-2026-1340: Ivanti EPMM Unauthenticated Code Injection Enables Full RCE
Ivanti ·Endpoint Manager Mobile (EPMM) ·CVSS 9.8 ·
Patch within: Immediate
View guide →
CVE-2026-35616 Critical Patched
CVE-2026-35616: Fortinet FortiClient EMS Improper Access Control -- Unauthenticated RCE
Fortinet ·FortiClient EMS ·CVSS 9.8 ·
Patch within: Immediate
View guide →
CVE-2026-33634 Critical Patched
CVE-2026-33634: Aqua Security Trivy Supply Chain Attack -- Embedded Malicious Code
Aqua Security ·Trivy ·CVSS 9.5 ·
Patch within: Immediate
View guide →
CVE-2026-33017 Critical Patched
CVE-2026-33017: Langflow Code Injection -- Unauthenticated RCE via Public Flows
Langflow ·Langflow ·CVSS 9.8 ·
Patch within: Immediate
View guide →
CVE-2025-32432 Critical Patched
CVE-2025-32432: Craft CMS Code Injection -- Remote Code Execution
Craft CMS ·Craft CMS ·CVSS 9.8 ·
Patch within: Immediate
View guide →
CVE-2026-20131 Critical Patched
CVE-2026-20131: Cisco FMC Deserialization -- Unauthenticated RCE as Root
Cisco ·Secure Firewall Management Center (FMC) / Security Cloud Control ·CVSS 9.8 ·
Patch within: Immediate
View guide →
CVE-2026-20963 Critical Patched
CVE-2026-20963: Microsoft SharePoint Deserialization -- Unauthenticated Network RCE
Microsoft ·SharePoint Server ·CVSS 9.8 ·
Patch within: Immediate
View guide →
CVE-2025-68613 Critical Patched
CVE-2025-68613: n8n Workflow Automation RCE -- Expression Evaluation Code Injection
n8n ·n8n Workflow Automation ·CVSS 9.8 ·
Patch within: Immediate
View guide →
CVE-2025-26399 Critical Patched
CVE-2025-26399: SolarWinds Web Help Desk Deserialization -- RCE via AjaxProxy
SolarWinds ·Web Help Desk ·CVSS 9.8 ·
Patch within: Immediate
View guide →
CVE-2026-1603 Critical Patched
CVE-2026-1603: Ivanti EPM Auth Bypass -- Unauthenticated Credential Data Leak
Ivanti ·Endpoint Manager (EPM) ·CVSS 9.8 ·
Patch within: Immediate
View guide →
CVE-2026-22719 Critical Patched
CVE-2026-22719: VMware Aria Operations Command Injection -- Unauthenticated RCE via Migration
Broadcom ·VMware Aria Operations (vRealize Operations) ·CVSS 9.8 ·
Patch within: Immediate
View guide →
CVE-2026-20127 Critical Patched
CVE-2026-20127: Cisco Catalyst SD-WAN Auth Bypass -- Unauthenticated Admin Access
Cisco ·Catalyst SD-WAN Controller and Manager ·CVSS 9.8 ·
Patch within: Immediate
View guide →
CVE-2026-22769 Critical Patched
CVE-2026-22769: Dell RecoverPoint for VMs -- Hard-Coded Credentials
Dell ·RecoverPoint for Virtual Machines (RP4VMs) ·CVSS 9.8 ·
Patch within: Immediate
View guide →
CVE-2020-7796 Critical Patched
CVE-2020-7796: Synacor Zimbra Collaboration Suite -- SSRF via WebEx Zimlet
Synacor ·Zimbra Collaboration Suite (ZCS) ·CVSS 9.8 ·
Patch within: Immediate
View guide →
CVE-2008-0015 Critical Patched
CVE-2008-0015: Microsoft Windows Video ActiveX Control -- Remote Code Execution
Microsoft ·Windows Video ActiveX Control ·CVSS 9.3 ·
Patch within: Immediate
View guide →
CVE-2026-1731 Critical Patched
CVE-2026-1731: BeyondTrust Remote Support OS Command Injection -- Unauthenticated RCE
BeyondTrust ·Remote Support / Privileged Remote Access ·CVSS 9.8 ·
Patch within: Immediate
View guide →
CVE-2024-43468 Critical Patched
CVE-2024-43468: Microsoft Configuration Manager -- Unauthenticated SQL Injection RCE
Microsoft ·Microsoft Configuration Manager (SCCM/MEM) ·CVSS 9.8 ·
Patch within: Immediate
View guide →
CVE-2025-40536 Critical Patched
CVE-2025-40536: SolarWinds Web Help Desk -- Security Control Bypass
SolarWinds ·Web Help Desk ·CVSS 9.1 ·
Patch within: Immediate
View guide →
CVE-2025-11953 Critical Patched
CVE-2025-11953: React Native Community CLI -- Metro Dev Server OS Command Injection
React Native Community ·React Native CLI / Metro Development Server ·CVSS 9.8 ·
Patch within: Immediate
View guide →
CVE-2026-24423 Critical Patched
CVE-2026-24423: SmarterTools SmarterMail -- Missing Authentication RCE via ConnectToHub
SmarterTools ·SmarterMail ·CVSS 9.8 ·
Patch within: Immediate
View guide →
CVE-2019-19006 Critical Patched
CVE-2019-19006: Sangoma FreePBX -- Improper Authentication Bypass
Sangoma ·FreePBX ·CVSS 9.8 ·
Patch within: Immediate
View guide →
CVE-2025-40551 Critical Patched
CVE-2025-40551: SolarWinds Web Help Desk -- Deserialization RCE
SolarWinds ·Web Help Desk ·CVSS 9.8 ·
Patch within: Immediate
View guide →
CVE-2025-14733 Critical Patched
CVE-2025-14733: WatchGuard Firebox -- Out-of-Bounds Write RCE via IKEv2
WatchGuard ·Firebox / Fireware OS ·CVSS 9.8 ·
Patch within: Immediate
View guide →
CVE-2025-59718 Critical Patched
CVE-2025-59718: Fortinet FortiOS/FortiProxy/FortiWeb -- SAML Authentication Bypass
Fortinet ·FortiOS / FortiProxy / FortiSwitchMaster / FortiWeb ·CVSS 9.8 ·
Patch within: Immediate
View guide →
CVE-2025-14611 Critical Patched
CVE-2025-14611: Gladinet CentreStack/Triofox -- Hardcoded Cryptographic Keys
Gladinet ·CentreStack / Triofox ·CVSS 9.1 ·
Patch within: Immediate
View guide →
CVE-2025-66644 Critical Patched
CVE-2025-66644: Array Networks ArrayOS AG -- OS Command Injection
Array Networks ·ArrayOS AG ·CVSS 9.8 ·
Patch within: Immediate
View guide →
CVE-2025-55182 Critical Patched
CVE-2025-55182: Meta React Server Components -- Unauthenticated RCE
Meta React Server Components ·React Server Components ·CVSS 9.8 ·
Patch within: Immediate
View guide →
CVE-2025-30065 Critical Patched
CVE-2025-30065: Apache Parquet -- Remote Code Execution
Apache Software Foundation ·Apache Parquet ·CVSS 10 ·
Patch within: Immediate
View guide →
CVE-2025-23006 Critical Patched
CVE-2025-23006: SonicWall SMA 1000 -- Pre-Auth Deserialization RCE
SonicWall ·SonicWall SMA 1000 ·CVSS 9.8 ·
Patch within: Immediate
View guide →
CVE-2025-0282 Critical Patched
CVE-2025-0282: Ivanti Connect Secure -- Stack Overflow Zero-Day RCE
Ivanti ·Connect Secure / Policy Secure / Neurons for ZTA ·CVSS 9 ·
Patch within: Immediate
View guide →
CVE-2024-55956 Critical Patched
CVE-2024-55956: Cleo MFT -- Unrestricted File Upload to RCE
Cleo ·Harmony / VLTrader / LexiCom ·CVSS 9.8 ·
Patch within: Immediate
View guide →
CVE-2024-23113 Critical Patched
CVE-2024-23113: Fortinet FortiOS -- Format String RCE
Fortinet ·FortiOS / FortiProxy / FortiPAM / FortiWeb ·CVSS 9.8 ·
Patch within: Immediate
View guide →
CVE-2024-29824 Critical Patched
CVE-2024-29824: Ivanti EPM -- SQL Injection to RCE
Ivanti ·Endpoint Manager (EPM) ·CVSS 9.6 ·
Patch within: Immediate
View guide →
CVE-2024-4577 Critical Patched
CVE-2024-4577: PHP CGI -- Argument Injection RCE on Windows
PHP Group ·PHP (CGI mode on Windows) ·CVSS 9.8 ·
Patch within: Immediate
View guide →
CVE-2024-30080 Critical Patched
CVE-2024-30080: Microsoft MSMQ -- Remote Code Execution
Microsoft ·Microsoft Message Queuing ·CVSS 9.8 ·
Patch within: Immediate
View guide →
CVE-2023-7028 Critical Patched
CVE-2023-7028: GitLab -- Account Takeover via Email Reset
GitLab ·GitLab CE/EE ·CVSS 10 ·
Patch within: Immediate
View guide →
CVE-2024-3400 Critical Patched
CVE-2024-3400: Palo Alto PAN-OS GlobalProtect -- Zero-Day Command Injection
Palo Alto Networks ·PAN-OS ·CVSS 10 ·
Patch within: Immediate
View guide →
CVE-2023-48788 Critical Patched
CVE-2023-48788: Fortinet FortiClientEMS -- SQL Injection to RCE
Fortinet ·FortiClientEMS ·CVSS 9.8 ·
Patch within: Immediate
View guide →
CVE-2024-27198 Critical Patched
CVE-2024-27198: JetBrains TeamCity -- Authentication Bypass to RCE
JetBrains ·TeamCity ·CVSS 9.8 ·
Patch within: Immediate
View guide →
CVE-2024-1709 Critical Patched
CVE-2024-1709: ConnectWise ScreenConnect -- Authentication Bypass (CVSS 10.0)
ConnectWise ·ScreenConnect ·CVSS 10 ·
Patch within: Immediate
View guide →
CVE-2024-21762 Critical Patched
CVE-2024-21762: Fortinet FortiOS SSL VPN -- Out-of-Bounds Write RCE
Fortinet ·FortiOS ·CVSS 9.6 ·
Patch within: Immediate
View guide →
CVE-2024-21887 Critical Patched
CVE-2024-21887: Ivanti Connect Secure -- Authenticated Command Injection
Ivanti ·Connect Secure / Policy Secure ·CVSS 9.1 ·
Patch within: Immediate
View guide →
CVE-2023-49103 Critical Patched
CVE-2023-49103: ownCloud graphapi -- Sensitive Information Disclosure (CVSS 10.0)
ownCloud ·ownCloud (graphapi app) ·CVSS 10 ·
Patch within: Immediate
View guide →
CVE-2023-1671 Critical Patched
CVE-2023-1671: Sophos Web Appliance -- Pre-Auth Command Injection
Sophos ·Sophos Web Appliance ·CVSS 9.8 ·
Patch within: Immediate
View guide →
CVE-2023-36844 Critical Patched
CVE-2023-36844: Juniper SRX/EX -- PHP Environment Variable Injection
Juniper ·Juniper SRX / EX Series ·CVSS 9.8 ·
Patch within: Immediate
View guide →
CVE-2023-4966 Critical Patched
CVE-2023-4966: Citrix NetScaler Bleed -- Session Token Leak
Citrix ·NetScaler ADC / NetScaler Gateway ·CVSS 9.4 ·
Patch within: Immediate
View guide →
CVE-2023-20198 Critical Patched
CVE-2023-20198: Cisco IOS XE Web UI -- Zero-Day Privilege Escalation (CVSS 10.0)
Cisco ·IOS XE ·CVSS 10 ·
Patch within: Immediate
View guide →
CVE-2023-22515 Critical Patched
CVE-2023-22515: Atlassian Confluence -- Privilege Escalation to Admin
Atlassian ·Confluence Data Center and Server ·CVSS 10 ·
Patch within: Immediate
View guide →
CVE-2023-40044 Critical Patched
CVE-2023-40044: Progress WS_FTP Server -- Deserialization RCE
Progress Software ·WS_FTP Server ·CVSS 10 ·
Patch within: Immediate
View guide →
CVE-2023-42793 Critical Patched
CVE-2023-42793: JetBrains TeamCity -- Pre-Auth Authentication Bypass
JetBrains ·TeamCity ·CVSS 9.8 ·
Patch within: Immediate
View guide →
CVE-2023-35078 Critical Patched
CVE-2023-35078: Ivanti EPMM -- Unauthenticated API Access
Ivanti ·Endpoint Manager Mobile (EPMM) ·CVSS 10 ·
Patch within: Immediate
View guide →
CVE-2023-27997 Critical Patched
CVE-2023-27997: Fortinet FortiGate SSL-VPN -- Pre-Auth Heap Overflow RCE
Fortinet ·FortiOS / FortiProxy ·CVSS 9.8 ·
Patch within: Immediate
View guide →
CVE-2023-34362 Critical Patched
CVE-2023-34362: MOVEit Transfer -- SQL Injection to RCE
Progress Software ·MOVEit Transfer ·CVSS 9.8 ·
Patch within: Immediate
View guide →
CVE-2023-28771 Critical Patched
CVE-2023-28771: Zyxel Firewall -- Pre-Auth OS Command Injection
Zyxel ·Zyxel Firewall ·CVSS 9.8 ·
Patch within: Immediate
View guide →
CVE-2023-27350 Critical Patched
CVE-2023-27350: PaperCut MF/NG -- Authentication Bypass RCE
PaperCut ·PaperCut MF/NG ·CVSS 9.8 ·
Patch within: Immediate
View guide →
CVE-2022-47986 Critical Patched
CVE-2022-47986: IBM Aspera Faspex -- YAML Deserialization RCE
IBM ·Aspera Faspex ·CVSS 9.8 ·
Patch within: Immediate
View guide →
CVE-2022-42475 Critical Patched
CVE-2022-42475: Fortinet FortiOS -- Heap Overflow RCE
Fortinet ·FortiOS ·CVSS 9.3 ·
Patch within: Immediate
View guide →
CVE-2022-27510 Critical Patched
CVE-2022-27510: Citrix ADC/Gateway -- Authentication Bypass
Citrix ·Citrix ADC / Citrix Gateway ·CVSS 9.8 ·
Patch within: Immediate
View guide →
CVE-2022-3236 Critical Patched
CVE-2022-3236: Sophos Firewall -- User Portal and Webadmin Code Injection
Sophos ·Sophos Firewall ·CVSS 9.8 ·
Patch within: Immediate
View guide →
CVE-2022-26134 Critical Patched
CVE-2022-26134: Atlassian Confluence -- OGNL Injection RCE
Atlassian ·Confluence Server / Data Center ·CVSS 9.8 ·
Patch within: Immediate
View guide →
CVE-2022-30525 Critical Patched
CVE-2022-30525: Zyxel Firewall -- OS Command Injection
Zyxel ·Zyxel Firewall ·CVSS 9.8 ·
Patch within: Immediate
View guide →
CVE-2022-1388 Critical Patched
CVE-2022-1388: F5 BIG-IP iControl REST -- Authentication Bypass to RCE
F5 ·BIG-IP ·CVSS 9.8 ·
Patch within: Immediate
View guide →
CVE-2021-44228 Critical Patched
CVE-2021-44228: Log4Shell -- Apache Log4j Remote Code Execution
Apache Software Foundation ·Log4j 2 ·CVSS 10 ·
Patch within: Immediate
View guide →
CVE-2021-26855 Critical Patched
CVE-2021-26855: Microsoft Exchange -- ProxyLogon SSRF
Microsoft ·Exchange Server ·CVSS 9.8 ·
Patch within: Immediate
View guide →
CVE-2021-34473 Critical Patched
CVE-2021-34473: Microsoft Exchange -- ProxyShell RCE
Microsoft ·Exchange Server ·CVSS 9.8 ·
Patch within: Immediate
View guide →
CVE-2021-40539 Critical Patched
CVE-2021-40539: Zoho ManageEngine ADSelfService Plus -- Unauthenticated RCE
Zoho ·ManageEngine ADSelfService Plus ·CVSS 9.8 ·
Patch within: Immediate
View guide →
CVE-2026-15410 High Patched
CVE-2026-15410: SonicWall SMA1000 AMC — Code Injection Remote Code Execution
SonicWall ·SMA1000 Appliance ·CVSS 7.2 ·
Patch within: 7 Days
View guide →
CVE-2026-56155 High Patched
CVE-2026-56155: Microsoft Active Directory Federation Services — Local Privilege Escalation
Microsoft ·Active Directory Federation Services ·CVSS 7.8 ·
Patch within: 7 Days
View guide →
CVE-2026-45659 High Patched
CVE-2026-45659: Microsoft SharePoint Server -- Deserialization RCE
Microsoft ·SharePoint Server ·CVSS 8.8 ·
Patch within: 7 Days
View guide →
CVE-2026-20230 High Patched
CVE-2026-20230: Cisco Unified CM — SSRF to Root via Webshell
Cisco ·Unified Communications Manager ·CVSS 8.6 ·
Patch within: 7 Days
View guide →
CVE-2026-54420 High Patched
CVE-2026-54420: LiteSpeed cPanel Plugin — UNIX Symlink Following Allows Container Escape on Shared Hosting
LiteSpeed Technologies ·LiteSpeed cPanel Plugin ·CVSS 8.5 ·
Patch within: 7 Days
View guide →
CVE-2026-11645 High Patched
CVE-2026-11645: Google Chromium V8 Out-of-Bounds Read/Write — Actively Exploited Browser RCE
Google ·Chromium V8 ·CVSS 8.8 ·
Patch within: 7 Days
View guide →
CVE-2026-42271 High Patched
CVE-2026-42271: LiteLLM Command Injection in MCP Endpoints Gives Any User Shell Access
BerriAI ·LiteLLM ·CVSS 8.8 ·
Patch within: 7 Days
View guide →
CVE-2026-28318 High Patched
CVE-2026-28318: SolarWinds Serv-U Unauthenticated DoS via Deflate Header
SolarWinds ·Serv-U ·CVSS 7.5 ·
Patch within: 7 Days
View guide →
CVE-2022-0492 High Patched
CVE-2022-0492: Linux Kernel cgroups v1 — Container Escape and Privilege Escalation
Linux ·Kernel ·CVSS 7.8 ·
Patch within: 7 Days
View guide →
CVE-2025-48595 High Patched
CVE-2025-48595: Android Framework — Integer Overflow Enabling Local Privilege Escalation
Android ·Framework ·CVSS 8.4 ·
Patch within: 7 Days
View guide →
CVE-2024-21182 High Patched
CVE-2024-21182: Oracle WebLogic Server -- Unauthenticated Information Disclosure via T3/IIOP
Oracle ·WebLogic Server ·CVSS 7.5 ·
Patch within: 7 Days
View guide →
CVE-2026-0257 High Patched
CVE-2026-0257: Palo Alto Networks PAN-OS GlobalProtect Authentication Bypass via Cookie Forgery
Palo Alto Networks ·PAN-OS ·CVSS 7.8 ·
Patch within: 7 Days
View guide →
CVE-2026-20122 High Patched
CVE-2026-20122/20128/20133: Cisco Catalyst SD-WAN Manager Exploitation Chain
Cisco ·Catalyst SD-WAN Manager ·CVSS 7.5 ·
Patch within: 7 Days
View guide →
CVE-2026-9082 High Patched
CVE-2026-9082: Drupal Core SQL Injection via PostgreSQL Database Abstraction API
Drupal Association ·Drupal Core ·CVSS 8.1 ·
Patch within: 7 Days
View guide →
CVE-2026-34926 High Patched
CVE-2026-34926: Trend Micro Apex One -- Directory Traversal Enabling Arbitrary File Read/Write
Trend Micro ·Apex One (On-Premise) ·CVSS 7.5 ·
Patch within: 7 Days
View guide →
CVE-2026-41091 High Patched
CVE-2026-41091: Microsoft Defender Symlink Following -- Low-Privilege to SYSTEM via Malware Protection Engine
Microsoft ·Defender (Microsoft Malware Protection Engine) ·CVSS 7.8 ·
Patch within: 7 Days
View guide →
CVE-2026-45498 High Patched
CVE-2026-45498: Microsoft Defender -- Denial of Service via Malformed Input
Microsoft ·Microsoft Defender Antivirus ·CVSS 7 ·
Patch within: 7 Days
View guide →
CVE-2026-42897 High Patched
CVE-2026-42897: Microsoft Exchange Server XSS in Outlook Web Access
Microsoft ·Exchange Server ·CVSS 8 ·
Patch within: 7 Days
View guide →
CVE-2026-42208 High Patched
CVE-2026-42208: SQL Injection in BerriAI LiteLLM Exposes AI Proxy Credentials
BerriAI ·LiteLLM ·CVSS 8.1 ·
Patch within: 7 Days
View guide →
CVE-2026-6973 High Patched
CVE-2026-6973: Ivanti EPMM Improper Input Validation Enables Authenticated RCE
Ivanti ·Endpoint Manager Mobile (EPMM) ·CVSS 7.2 ·
Patch within: 7 Days
View guide →
CVE-2026-31431 High Patched
CVE-2026-31431: Linux Kernel Privilege Escalation via Incorrect Resource Transfer
Linux ·Linux Kernel ·CVSS 7.8 ·
Patch within: 7 Days
View guide →
CVE-2024-57726 High Patched
CVE-2024-57726: SimpleHelp Missing Authorization -- Privilege Escalation via API Keys
SimpleHelp ·SimpleHelp Remote Support ·CVSS 7.8 ·
Patch within: 7 Days
View guide →
CVE-2026-33825 High Patched
CVE-2026-33825: Microsoft Defender Insufficient Access Control -- Local Privilege Escalation
Microsoft ·Defender ·CVSS 7.8 ·
Patch within: 7 Days
View guide →
CVE-2024-27199 High Patched
CVE-2024-27199: JetBrains TeamCity Unauthenticated Path Traversal Enables Admin Actions
JetBrains ·TeamCity ·CVSS 7.3 ·
Patch within: 7 Days
View guide →
CVE-2025-2749 High Patched
CVE-2025-2749: Kentico Xperience Path Traversal -- Authenticated Staging Sync File Write
Kentico ·Kentico Xperience ·CVSS 7.5 ·
Patch within: 7 Days
View guide →
CVE-2026-34197 High Patched
CVE-2026-34197: Apache ActiveMQ RCE via Jolokia JMX-HTTP Bridge
Apache ·ActiveMQ ·CVSS 8.8 ·
Patch within: 7 Days
View guide →
CVE-2023-21529 High Patched
CVE-2023-21529: Microsoft Exchange Server Deserialization -- Authenticated RCE
Microsoft ·Exchange Server ·CVSS 8.8 ·
Patch within: 7 Days
View guide →
CVE-2026-3055 High Patched
CVE-2026-3055: Citrix NetScaler Out-of-Bounds Read -- SAML IDP Memory Disclosure
Citrix ·NetScaler ADC / Gateway ·CVSS 8.8 ·
Patch within: 7 Days
View guide →
CVE-2025-53521 High Patched
CVE-2025-53521: F5 BIG-IP APM Stack-Based Buffer Overflow -- RCE
F5 ·BIG-IP APM ·CVSS 8.8 ·
Patch within: 7 Days
View guide →
CVE-2026-3910 High Patched
CVE-2026-3910: Google Chromium V8 Memory Buffer -- Sandbox RCE via Crafted HTML
Google ·Chromium / Chrome ·CVSS 8.8 ·
Patch within: 7 Days
View guide →
CVE-2022-20775 High Patched
CVE-2022-20775: Cisco SD-WAN CLI -- Path Traversal Privilege Escalation
Cisco ·Cisco SD-WAN ·CVSS 7.8 ·
Patch within: 7 Days
View guide →
CVE-2026-25108 High Patched
CVE-2026-25108: Soliton FileZen -- OS Command Injection via HTTP Request
Soliton Systems K.K. ·FileZen ·CVSS 8.8 ·
Patch within: 7 Days
View guide →
CVE-2025-49113 High Patched
CVE-2025-49113: Roundcube Webmail Deserialization -- Authenticated RCE via upload.php
Roundcube ·Roundcube Webmail ·CVSS 8.8 ·
Patch within: 7 Days
View guide →
CVE-2024-7694 High Patched
CVE-2024-7694: TeamT5 ThreatSonar Anti-Ransomware -- Unrestricted File Upload RCE
TeamT5 ·ThreatSonar Anti-Ransomware ·CVSS 7.2 ·
Patch within: 7 Days
View guide →
CVE-2026-2441 High Patched
CVE-2026-2441: Google Chromium CSS -- Use-After-Free Heap Corruption
Google ·Chromium / Chrome / Edge / Opera ·CVSS 8.8 ·
Patch within: 7 Days
View guide →
CVE-2025-15556 High Patched
CVE-2025-15556: Notepad++ WinGUp Updater -- Download Without Integrity Check
Notepad++ ·Notepad++ (WinGUp updater) ·CVSS 7.5 ·
Patch within: 7 Days
View guide →
CVE-2026-20700 High Patched
CVE-2026-20700: Apple Multiple Products -- Buffer Overflow RCE
Apple ·iOS / macOS / tvOS / watchOS / visionOS ·CVSS 8.8 ·
Patch within: 7 Days
View guide →
CVE-2026-21510 High Patched
CVE-2026-21510: Microsoft Windows Shell -- Protection Mechanism Failure
Microsoft ·Windows Shell ·CVSS 8.1 ·
Patch within: 7 Days
View guide →
CVE-2026-21513 High Patched
CVE-2026-21513: Microsoft Windows MSHTML -- Protection Mechanism Failure
Microsoft ·Windows MSHTML ·CVSS 8.1 ·
Patch within: 7 Days
View guide →
CVE-2026-21514 High Patched
CVE-2026-21514: Microsoft Office Word -- Reliance on Untrusted Inputs Privilege Escalation
Microsoft ·Microsoft Office Word ·CVSS 7.8 ·
Patch within: 7 Days
View guide →
CVE-2026-21519 High Patched
CVE-2026-21519: Microsoft Desktop Window Manager -- Type Confusion Privilege Escalation
Microsoft ·Windows Desktop Window Manager (DWM) ·CVSS 7.8 ·
Patch within: 7 Days
View guide →
CVE-2026-21533 High Patched
CVE-2026-21533: Microsoft Windows Remote Desktop Services -- Privilege Escalation
Microsoft ·Windows Remote Desktop Services ·CVSS 7.8 ·
Patch within: 7 Days
View guide →
CVE-2025-64328 High Patched
CVE-2025-64328: Sangoma FreePBX Endpoint Manager -- Post-Auth OS Command Injection
Sangoma ·FreePBX Endpoint Manager ·CVSS 8.8 ·
Patch within: 7 Days
View guide →
CVE-2025-14847 High Patched
CVE-2025-14847: MongoDB Server -- Zlib Compressed Protocol Heap Memory Disclosure
MongoDB ·MongoDB Server ·CVSS 7.5 ·
Patch within: 7 Days
View guide →
CVE-2025-20393 High Patched
CVE-2025-20393: Cisco Secure Email -- OS Command Injection with Root Privileges
Cisco ·Secure Email Gateway / AsyncOS / Web Manager ·CVSS 8.8 ·
Patch within: 7 Days
View guide →
CVE-2025-40602 High Patched
CVE-2025-40602: SonicWall SMA1000 -- Missing Authorization Privilege Escalation
SonicWall ·SMA1000 Appliance ·CVSS 8.8 ·
Patch within: 7 Days
View guide →
CVE-2025-43529 High Patched
CVE-2025-43529: Apple Multiple Products WebKit -- Use-After-Free Memory Corruption
Apple ·iOS/iPadOS/macOS/Safari ·CVSS 8.8 ·
Patch within: 7 Days
View guide →
CVE-2025-14174 High Patched
CVE-2025-14174: Google Chromium ANGLE -- Out-of-Bounds Memory Access
Google ·Chromium / Chrome / Edge / Opera ·CVSS 8.8 ·
Patch within: 7 Days
View guide →
CVE-2025-58360 High Patched
CVE-2025-58360: OSGeo GeoServer -- XXE via WMS GetMap Endpoint
OSGeo ·GeoServer ·CVSS 7.5 ·
Patch within: 7 Days
View guide →
CVE-2025-6218 High Patched
CVE-2025-6218: RARLAB WinRAR -- Path Traversal Code Execution
RARLAB ·WinRAR ·CVSS 7.8 ·
Patch within: 7 Days
View guide →
CVE-2025-62221 High Patched
CVE-2025-62221: Microsoft Windows Cloud Files Mini Filter Driver -- Use-After-Free Privilege Escalation
Microsoft ·Windows Cloud Files Mini Filter Driver ·CVSS 7.8 ·
Patch within: 7 Days
View guide →
CVE-2021-26828 High Patched
CVE-2021-26828: OpenPLC ScadaBR -- Unrestricted File Upload RCE
OpenPLC ScadaBR ·ScadaBR ·CVSS 8.8 ·
Patch within: 7 Days
View guide →
CVE-2025-48572 High Patched
CVE-2025-48572: Android Framework -- Privilege Escalation Vulnerability
Android Framework ·Android Framework ·CVSS 7.8 ·
Patch within: 7 Days
View guide →
CVE-2025-29824 High Patched
CVE-2025-29824: Windows CLFS -- Zero-Day Privilege Escalation
Microsoft ·Windows (CLFS Driver) ·CVSS 7.8 ·
Patch within: 7 Days
View guide →
CVE-2025-26633 High Patched
CVE-2025-26633: Microsoft MMC -- Zero-Day Security Feature Bypass
Microsoft ·Microsoft Management Console ·CVSS 7 ·
Patch within: 7 Days
View guide →
CVE-2025-21418 High Patched
CVE-2025-21418: Windows AFD Driver -- Privilege Escalation
Microsoft ·Windows AFD Driver ·CVSS 7.8 ·
Patch within: 7 Days
View guide →
CVE-2024-50623 High Patched
CVE-2024-50623: Cleo Harmony/VLTrader -- Unrestricted File Upload and Download RCE
Cleo ·Harmony / VLTrader / LexiCom ·CVSS 8.8 ·
Patch within: 7 Days
View guide →
CVE-2024-43451 High Patched
CVE-2024-43451: Windows -- NTLM Hash Disclosure Spoofing
Microsoft ·Windows ·CVSS 7.5 ·
Patch within: 7 Days
View guide →
CVE-2024-49039 High Patched
CVE-2024-49039: Windows Task Scheduler -- Privilege Escalation
Microsoft ·Windows Task Scheduler ·CVSS 8.8 ·
Patch within: 7 Days
View guide →
CVE-2024-38094 High Patched
CVE-2024-38094: Microsoft SharePoint Server -- Remote Code Execution
Microsoft ·SharePoint Server ·CVSS 7.2 ·
Patch within: 7 Days
View guide →
CVE-2024-38193 High Patched
CVE-2024-38193: Windows AFD Driver -- Privilege Escalation
Microsoft ·Windows AFD Driver ·CVSS 7.8 ·
Patch within: 7 Days
View guide →
CVE-2024-38112 High Patched
CVE-2024-38112: Windows MSHTML -- Platform Spoofing
Microsoft ·Windows MSHTML Platform ·CVSS 7.5 ·
Patch within: 7 Days
View guide →
CVE-2024-6387 High Patched
CVE-2024-6387: OpenSSH regreSSHion -- Unauthenticated RCE in sshd
OpenSSH ·OpenSSH (sshd) ·CVSS 8.1 ·
Patch within: 7 Days
View guide →
CVE-2024-26169 High Patched
CVE-2024-26169: Windows Error Reporting -- Privilege Escalation
Microsoft ·Windows Error Reporting Service ·CVSS 7.8 ·
Patch within: 7 Days
View guide →
CVE-2024-30051 High Patched
CVE-2024-30051: Windows DWM Core Library -- Privilege Escalation
Microsoft ·Windows Desktop Window Manager ·CVSS 7.8 ·
Patch within: 7 Days
View guide →
CVE-2024-20353 High Patched
CVE-2024-20353: Cisco ASA/FTD -- ArcaneDoor DoS and Memory Leak
Cisco ·Cisco ASA / Firepower Threat Defense ·CVSS 8.6 ·
Patch within: 7 Days
View guide →
CVE-2024-21338 High Patched
CVE-2024-21338: Windows Kernel -- Privilege Escalation
Microsoft ·Windows Kernel ·CVSS 7.8 ·
Patch within: 7 Days
View guide →
CVE-2024-21893 High Patched
CVE-2024-21893: Ivanti Connect Secure -- SSRF to Authentication Bypass
Ivanti ·Connect Secure / Policy Secure ·CVSS 8.2 ·
Patch within: 7 Days
View guide →
CVE-2023-46805 High Patched
CVE-2023-46805: Ivanti Connect Secure -- Authentication Bypass via Path Traversal
Ivanti ·Connect Secure / Policy Secure ·CVSS 8.2 ·
Patch within: 7 Days
View guide →
CVE-2023-36025 High Patched
CVE-2023-36025: Windows SmartScreen -- Security Feature Bypass
Microsoft ·Windows SmartScreen ·CVSS 8.8 ·
Patch within: 7 Days
View guide →
CVE-2023-20273 High Patched
CVE-2023-20273: Cisco IOS XE Web UI -- Command Injection
Cisco ·Cisco IOS XE ·CVSS 7.2 ·
Patch within: 7 Days
View guide →
CVE-2023-26360 High Patched
CVE-2023-26360: Adobe ColdFusion -- Deserialization RCE
Adobe ·ColdFusion ·CVSS 8.6 ·
Patch within: 7 Days
View guide →
CVE-2023-0669 High Patched
CVE-2023-0669: GoAnywhere MFT -- Pre-Auth Remote Code Execution
Fortra (formerly HelpSystems) ·GoAnywhere MFT ·CVSS 7.2 ·
Patch within: 7 Days
View guide →
CVE-2022-41040 High Patched
CVE-2022-41040: Microsoft Exchange -- ProxyNotShell SSRF
Microsoft ·Exchange Server ·CVSS 8.8 ·
Patch within: 7 Days
View guide →
No patched CVEs match your search.
No Patch Available
7 CVEs No official patch available. These CVEs are actively exploited in the wild but do not yet have vendor-issued fixes. Apply interim mitigations documented in each analysis, and monitor vendor advisories closely. Network isolation and enhanced monitoring are the primary defences.
CVE-2023-4346 High No Patch
CVE-2023-4346: KNX Protocol — BCU Key Lockout Enables Permanent Building Automation Denial of Service
KNX Association ·KNX Protocol ·CVSS 7.5 ·
Mitigate Now View mitigations →
CVE-2026-20245 High No Patch
CVE-2026-20245: Cisco Catalyst SD-WAN Manager CLI Command Injection — Unpatched Root Privilege Escalation
Cisco ·Catalyst SD-WAN Manager ·CVSS 7.8 ·
Mitigate Now View mitigations →
CVE-2025-29635 High No Patch
CVE-2025-29635: D-Link DIR-823X Command Injection -- End-of-Life Device with No Fix
D-Link ·DIR-823X ·CVSS 7.2 ·
Mitigate Now View mitigations →
CVE-2023-52163 Critical No Patch
CVE-2023-52163: Digiever DS-2105 Pro -- Missing Authorization / Command Injection
Digiever ·DS-2105 Pro NVR ·CVSS 9.8 ·
Mitigate Now View mitigations →
CVE-2025-59374 High No Patch
CVE-2025-59374: ASUS Live Update -- Embedded Malicious Code (Supply Chain)
ASUS ·ASUS Live Update ·CVSS 7.5 ·
Mitigate Now View mitigations →
CVE-2018-4063 High No Patch
CVE-2018-4063: Sierra Wireless AirLink ALEOS -- Unrestricted File Upload RCE
Sierra Wireless ·AirLink ALEOS ·CVSS 8.8 ·
Mitigate Now View mitigations →
CVE-2022-37055 Critical No Patch
CVE-2022-37055: D-Link Routers -- Buffer Overflow RCE
D-Link ·D-Link Routers ·CVSS 9.8 ·
Mitigate Now View mitigations →