Skip to main content
Severity: 185 patched CVEs

Remediation Priority Framework

Priority 1

Immediate

CVSS ≥9.0 — Critical severity, unauthenticated exploitation, active ransomware campaigns. Patch or isolate within 24–48 hours.

Priority 2

7 Days

CVSS 7.0–8.9 — High severity, exploitation requires minimal conditions. Part of CISA BOD requirements for federal agencies.

Priority 3

30 Days

CVSS 4.0–6.9 — Medium severity, requires privileges or user interaction. Still in KEV, so exploitation is confirmed.

Priority 4

90 Days

CVSS <4.0 — Low severity but still exploited. Address in next regular patch cycle.

Patches Available

185 CVEs
CVE-2026-25089 Critical Patched

CVE-2026-25089: Fortinet FortiSandbox — Unauthenticated OS Command Injection

Fortinet ·FortiSandbox, FortiSandbox Cloud, FortiSandbox PaaS ·CVSS 9.8 ·
Patch within: Immediate View guide →
CVE-2026-39808 Critical Patched
Patch within: Immediate View guide →
CVE-2026-58644 Critical Patched

CVE-2026-58644: Microsoft SharePoint — Unauthenticated Deserialization RCE

Microsoft ·Microsoft SharePoint Server ·CVSS 9.8 ·
Patch within: Immediate View guide →
CVE-2026-46817 Critical Patched

CVE-2026-46817: Oracle E-Business Suite Payments — Unauthenticated Remote Code Execution

Oracle ·E-Business Suite (EBS) 12.2 ·CVSS 9.8 ·
Patch within: Immediate View guide →
CVE-2026-15409 Critical Patched

CVE-2026-15409: SonicWall SMA1000 WorkPlace — Unauthenticated SSRF (CVSS 10.0)

SonicWall ·SMA1000 Appliance ·CVSS 10 ·
Patch within: Immediate View guide →
CVE-2026-56164 Critical Patched
Patch within: Immediate View guide →
CVE-2026-48939 Critical Patched

CVE-2026-48939: iCagenda -- Dual-Path File Upload RCE and Access Control Bypass

iCagenda ·iCagenda (Joomla component) ·CVSS 9.8 ·
Patch within: Immediate View guide →
CVE-2026-56291 Critical Patched

CVE-2026-56291: Balbooa Forms -- Unauthenticated File Upload RCE in Joomla

Balbooa ·Balbooa Forms (Joomla extension) ·CVSS 9.8 ·
Patch within: Immediate View guide →
CVE-2026-48282 Critical Patched
Patch within: Immediate View guide →
CVE-2026-48908 Critical Patched

CVE-2026-48908: JoomShaper SP Page Builder Unauthenticated File Upload to RCE

JoomShaper ·SP Page Builder ·CVSS 10 ·
Patch within: Immediate View guide →
CVE-2026-55255 Critical Patched
Patch within: Immediate View guide →
CVE-2026-56290 Critical Patched

CVE-2026-56290: Joomlack Page Builder CK Unauthenticated File Upload to RCE

Joomlack ·Page Builder CK ·CVSS 9.8 ·
Patch within: Immediate View guide →
CVE-2026-48558 Critical Patched
Patch within: Immediate View guide →
CVE-2026-12569 Critical Patched

CVE-2026-12569: PTC Windchill — Unauthenticated Deserialization RCE

PTC ·Windchill PDMLink / FlexPLM ·CVSS 9.3 ·
Patch within: Immediate View guide →
CVE-2026-34909 Critical Patched

CVE-2026-34909: Ubiquiti UniFi OS — Path Traversal

Ubiquiti ·UniFi OS Server ·CVSS 10 ·
Patch within: Immediate View guide →
CVE-2026-34910 Critical Patched

CVE-2026-34910: Ubiquiti UniFi OS — Command Injection

Ubiquiti ·UniFi OS Server ·CVSS 10 ·
Patch within: Immediate View guide →
CVE-2025-67038 Critical Patched

CVE-2025-67038: Lantronix EDS5000 -- OS Command Injection (Root)

Lantronix ·EDS5000 ·CVSS 9.8 ·
Patch within: Immediate View guide →
CVE-2026-34910 Critical Patched
Patch within: Immediate View guide →
CVE-2026-20253 Critical Patched

CVE-2026-20253: Splunk Enterprise — Unauthenticated PostgreSQL Sidecar RCE

Splunk ·Splunk Enterprise ·CVSS 9.8 ·
Patch within: Immediate View guide →
CVE-2026-48907 Critical Patched

CVE-2026-48907: Joomla Content Editor — Unauthenticated RCE via File Upload

Widget Factory ·Joomla Content Editor (JCE) ·CVSS 10 ·
Patch within: Immediate View guide →
CVE-2026-10520 Critical Patched

CVE-2026-10520: Ivanti Sentry — Pre-Authentication OS Command Injection (CVSS 10.0)

Ivanti ·Sentry (formerly MobileIron Sentry) ·CVSS 10 ·
Patch within: Immediate View guide →
CVE-2026-35273 Critical Patched

CVE-2026-35273: Oracle PeopleSoft PeopleTools — Missing Authentication Enabling Unauthenticated Takeover

Oracle ·PeopleSoft Enterprise PeopleTools ·CVSS 9.8 ·
Patch within: Immediate View guide →
CVE-2026-50751 Critical Patched
Patch within: Immediate View guide →
CVE-2026-41089 Critical Patched

CVE-2026-41089: Windows Netlogon Pre-Authentication RCE — Unauthenticated Domain Controller Takeover

Microsoft ·Windows Netlogon (Windows Server) ·CVSS 9.8 ·
Patch within: Immediate View guide →
CVE-2026-45247 Critical Patched

CVE-2026-45247: Mirasvit Full Page Cache Warmer — Unauthenticated PHP Object Injection RCE

Mirasvit ·Full Page Cache Warmer for Magento 2 ·CVSS 9.8 ·
Patch within: Immediate View guide →
CVE-2026-45321 Critical Patched
Patch within: Immediate View guide →
CVE-2026-48027 Critical Patched
Patch within: Immediate View guide →
CVE-2026-8398 Critical Patched
Patch within: Immediate View guide →
CVE-2026-48172 Critical Patched

CVE-2026-48172: LiteSpeed cPanel Plugin -- Root Privilege Escalation via redisAble API

LiteSpeed Technologies ·LiteSpeed cPanel Plugin ·CVSS 10 ·
Patch within: Immediate View guide →
CVE-2026-21643 Critical Patched

CVE-2026-21643: Fortinet FortiClient EMS Unauthenticated SQL Injection

Fortinet ·FortiClient EMS ·CVSS 9.8 ·
Patch within: Immediate View guide →
CVE-2025-34291 Critical Patched

CVE-2025-34291: Langflow -- Origin Validation Error Enabling Unauthenticated RCE

Langflow (DataStax) ·Langflow ·CVSS 9.8 ·
Patch within: Immediate View guide →
CVE-2009-3459 Critical Patched

CVE-2009-3459: Adobe Acrobat and Reader -- Heap-Based Buffer Overflow via Malicious PDF

Adobe Systems ·Adobe Acrobat and Reader ·CVSS 9.3 ·
Patch within: Immediate View guide →
CVE-2009-1537 Critical Patched

CVE-2009-1537: Microsoft DirectX -- MPEG2 Null Byte Overwrite via quartz.dll

Microsoft ·Microsoft DirectX (quartz.dll) ·CVSS 9.3 ·
Patch within: Immediate View guide →
CVE-2008-4250 Critical Patched

CVE-2008-4250: MS08-067 -- Windows Server Service RPC Buffer Overflow (Conficker)

Microsoft ·Microsoft Windows (Server Service) ·CVSS 10 ·
Patch within: Immediate View guide →
CVE-2010-0249 Critical Patched

CVE-2010-0249: Internet Explorer -- Operation Aurora Use-After-Free (IE6/IE7 RCE)

Microsoft ·Microsoft Internet Explorer ·CVSS 9.3 ·
Patch within: Immediate View guide →
CVE-2010-0806 Critical Patched

CVE-2010-0806: Internet Explorer -- DHTML Peering Use-After-Free (Drive-By RCE)

Microsoft ·Microsoft Internet Explorer ·CVSS 9.3 ·
Patch within: Immediate View guide →
CVE-2026-20182 Critical Patched

CVE-2026-20182: Cisco Catalyst SD-WAN Authentication Bypass -- Unauthenticated Admin Access

Cisco ·Catalyst SD-WAN Controller & Manager ·CVSS 9.8 ·
Patch within: Immediate View guide →
CVE-2026-0300 Critical Patched

CVE-2026-0300: Palo Alto PAN-OS Out-of-Bounds Write Leads to Root RCE on Firewalls

Palo Alto Networks ·PAN-OS ·CVSS 9.8 ·
Patch within: Immediate View guide →
CVE-2026-41940 Critical Patched
Patch within: Immediate View guide →
CVE-2024-1708 Critical Patched
Patch within: Immediate View guide →
CVE-2024-57728 Critical Patched

CVE-2024-57728: SimpleHelp Path Traversal (Zip Slip) -- Arbitrary File Write via Admin Upload

SimpleHelp ·SimpleHelp Remote Support ·CVSS 9.1 ·
Patch within: Immediate View guide →
CVE-2024-7399 Critical Patched

CVE-2024-7399: Samsung MagicINFO 9 Server Unauthenticated File Write Leading to RCE

Samsung ·MagicINFO 9 Server ·CVSS 9.8 ·
Patch within: Immediate View guide →
CVE-2026-39987 Critical Patched

CVE-2026-39987: Marimo Unauthenticated WebSocket PTY Shell Exposes Full RCE

Marimo / CoreWeave ·Marimo ·CVSS 9.8 ·
Patch within: Immediate View guide →
CVE-2023-27351 Critical Patched
Patch within: Immediate View guide →
CVE-2025-32975 Critical Patched

CVE-2025-32975: Quest KACE Systems Management Appliance Improper Authentication

Quest ·KACE Systems Management Appliance (SMA) ·CVSS 9.8 ·
Patch within: Immediate View guide →
CVE-2026-1340 Critical Patched

CVE-2026-1340: Ivanti EPMM Unauthenticated Code Injection Enables Full RCE

Ivanti ·Endpoint Manager Mobile (EPMM) ·CVSS 9.8 ·
Patch within: Immediate View guide →
CVE-2026-35616 Critical Patched
Patch within: Immediate View guide →
CVE-2026-33634 Critical Patched
Patch within: Immediate View guide →
CVE-2026-33017 Critical Patched
Patch within: Immediate View guide →
CVE-2025-32432 Critical Patched

CVE-2025-32432: Craft CMS Code Injection -- Remote Code Execution

Craft CMS ·Craft CMS ·CVSS 9.8 ·
Patch within: Immediate View guide →
CVE-2026-20131 Critical Patched

CVE-2026-20131: Cisco FMC Deserialization -- Unauthenticated RCE as Root

Cisco ·Secure Firewall Management Center (FMC) / Security Cloud Control ·CVSS 9.8 ·
Patch within: Immediate View guide →
CVE-2026-20963 Critical Patched

CVE-2026-20963: Microsoft SharePoint Deserialization -- Unauthenticated Network RCE

Microsoft ·SharePoint Server ·CVSS 9.8 ·
Patch within: Immediate View guide →
CVE-2025-68613 Critical Patched

CVE-2025-68613: n8n Workflow Automation RCE -- Expression Evaluation Code Injection

n8n ·n8n Workflow Automation ·CVSS 9.8 ·
Patch within: Immediate View guide →
CVE-2025-26399 Critical Patched

CVE-2025-26399: SolarWinds Web Help Desk Deserialization -- RCE via AjaxProxy

SolarWinds ·Web Help Desk ·CVSS 9.8 ·
Patch within: Immediate View guide →
CVE-2026-1603 Critical Patched

CVE-2026-1603: Ivanti EPM Auth Bypass -- Unauthenticated Credential Data Leak

Ivanti ·Endpoint Manager (EPM) ·CVSS 9.8 ·
Patch within: Immediate View guide →
CVE-2026-22719 Critical Patched

CVE-2026-22719: VMware Aria Operations Command Injection -- Unauthenticated RCE via Migration

Broadcom ·VMware Aria Operations (vRealize Operations) ·CVSS 9.8 ·
Patch within: Immediate View guide →
CVE-2026-20127 Critical Patched

CVE-2026-20127: Cisco Catalyst SD-WAN Auth Bypass -- Unauthenticated Admin Access

Cisco ·Catalyst SD-WAN Controller and Manager ·CVSS 9.8 ·
Patch within: Immediate View guide →
CVE-2026-22769 Critical Patched

CVE-2026-22769: Dell RecoverPoint for VMs -- Hard-Coded Credentials

Dell ·RecoverPoint for Virtual Machines (RP4VMs) ·CVSS 9.8 ·
Patch within: Immediate View guide →
CVE-2020-7796 Critical Patched

CVE-2020-7796: Synacor Zimbra Collaboration Suite -- SSRF via WebEx Zimlet

Synacor ·Zimbra Collaboration Suite (ZCS) ·CVSS 9.8 ·
Patch within: Immediate View guide →
CVE-2008-0015 Critical Patched

CVE-2008-0015: Microsoft Windows Video ActiveX Control -- Remote Code Execution

Microsoft ·Windows Video ActiveX Control ·CVSS 9.3 ·
Patch within: Immediate View guide →
CVE-2026-1731 Critical Patched

CVE-2026-1731: BeyondTrust Remote Support OS Command Injection -- Unauthenticated RCE

BeyondTrust ·Remote Support / Privileged Remote Access ·CVSS 9.8 ·
Patch within: Immediate View guide →
CVE-2024-43468 Critical Patched

CVE-2024-43468: Microsoft Configuration Manager -- Unauthenticated SQL Injection RCE

Microsoft ·Microsoft Configuration Manager (SCCM/MEM) ·CVSS 9.8 ·
Patch within: Immediate View guide →
CVE-2025-40536 Critical Patched

CVE-2025-40536: SolarWinds Web Help Desk -- Security Control Bypass

SolarWinds ·Web Help Desk ·CVSS 9.1 ·
Patch within: Immediate View guide →
CVE-2025-11953 Critical Patched

CVE-2025-11953: React Native Community CLI -- Metro Dev Server OS Command Injection

React Native Community ·React Native CLI / Metro Development Server ·CVSS 9.8 ·
Patch within: Immediate View guide →
CVE-2026-24423 Critical Patched
Patch within: Immediate View guide →
CVE-2019-19006 Critical Patched

CVE-2019-19006: Sangoma FreePBX -- Improper Authentication Bypass

Sangoma ·FreePBX ·CVSS 9.8 ·
Patch within: Immediate View guide →
CVE-2025-40551 Critical Patched

CVE-2025-40551: SolarWinds Web Help Desk -- Deserialization RCE

SolarWinds ·Web Help Desk ·CVSS 9.8 ·
Patch within: Immediate View guide →
CVE-2025-14733 Critical Patched

CVE-2025-14733: WatchGuard Firebox -- Out-of-Bounds Write RCE via IKEv2

WatchGuard ·Firebox / Fireware OS ·CVSS 9.8 ·
Patch within: Immediate View guide →
CVE-2025-59718 Critical Patched

CVE-2025-59718: Fortinet FortiOS/FortiProxy/FortiWeb -- SAML Authentication Bypass

Fortinet ·FortiOS / FortiProxy / FortiSwitchMaster / FortiWeb ·CVSS 9.8 ·
Patch within: Immediate View guide →
CVE-2025-14611 Critical Patched

CVE-2025-14611: Gladinet CentreStack/Triofox -- Hardcoded Cryptographic Keys

Gladinet ·CentreStack / Triofox ·CVSS 9.1 ·
Patch within: Immediate View guide →
CVE-2025-66644 Critical Patched

CVE-2025-66644: Array Networks ArrayOS AG -- OS Command Injection

Array Networks ·ArrayOS AG ·CVSS 9.8 ·
Patch within: Immediate View guide →
CVE-2025-55182 Critical Patched

CVE-2025-55182: Meta React Server Components -- Unauthenticated RCE

Meta React Server Components ·React Server Components ·CVSS 9.8 ·
Patch within: Immediate View guide →
CVE-2025-30065 Critical Patched

CVE-2025-30065: Apache Parquet -- Remote Code Execution

Apache Software Foundation ·Apache Parquet ·CVSS 10 ·
Patch within: Immediate View guide →
CVE-2025-23006 Critical Patched

CVE-2025-23006: SonicWall SMA 1000 -- Pre-Auth Deserialization RCE

SonicWall ·SonicWall SMA 1000 ·CVSS 9.8 ·
Patch within: Immediate View guide →
CVE-2025-0282 Critical Patched

CVE-2025-0282: Ivanti Connect Secure -- Stack Overflow Zero-Day RCE

Ivanti ·Connect Secure / Policy Secure / Neurons for ZTA ·CVSS 9 ·
Patch within: Immediate View guide →
CVE-2024-55956 Critical Patched

CVE-2024-55956: Cleo MFT -- Unrestricted File Upload to RCE

Cleo ·Harmony / VLTrader / LexiCom ·CVSS 9.8 ·
Patch within: Immediate View guide →
CVE-2024-23113 Critical Patched

CVE-2024-23113: Fortinet FortiOS -- Format String RCE

Fortinet ·FortiOS / FortiProxy / FortiPAM / FortiWeb ·CVSS 9.8 ·
Patch within: Immediate View guide →
CVE-2024-29824 Critical Patched

CVE-2024-29824: Ivanti EPM -- SQL Injection to RCE

Ivanti ·Endpoint Manager (EPM) ·CVSS 9.6 ·
Patch within: Immediate View guide →
CVE-2024-4577 Critical Patched

CVE-2024-4577: PHP CGI -- Argument Injection RCE on Windows

PHP Group ·PHP (CGI mode on Windows) ·CVSS 9.8 ·
Patch within: Immediate View guide →
CVE-2024-30080 Critical Patched

CVE-2024-30080: Microsoft MSMQ -- Remote Code Execution

Microsoft ·Microsoft Message Queuing ·CVSS 9.8 ·
Patch within: Immediate View guide →
CVE-2023-7028 Critical Patched

CVE-2023-7028: GitLab -- Account Takeover via Email Reset

GitLab ·GitLab CE/EE ·CVSS 10 ·
Patch within: Immediate View guide →
CVE-2024-3400 Critical Patched

CVE-2024-3400: Palo Alto PAN-OS GlobalProtect -- Zero-Day Command Injection

Palo Alto Networks ·PAN-OS ·CVSS 10 ·
Patch within: Immediate View guide →
CVE-2023-48788 Critical Patched

CVE-2023-48788: Fortinet FortiClientEMS -- SQL Injection to RCE

Fortinet ·FortiClientEMS ·CVSS 9.8 ·
Patch within: Immediate View guide →
CVE-2024-27198 Critical Patched

CVE-2024-27198: JetBrains TeamCity -- Authentication Bypass to RCE

JetBrains ·TeamCity ·CVSS 9.8 ·
Patch within: Immediate View guide →
CVE-2024-1709 Critical Patched

CVE-2024-1709: ConnectWise ScreenConnect -- Authentication Bypass (CVSS 10.0)

ConnectWise ·ScreenConnect ·CVSS 10 ·
Patch within: Immediate View guide →
CVE-2024-21762 Critical Patched

CVE-2024-21762: Fortinet FortiOS SSL VPN -- Out-of-Bounds Write RCE

Fortinet ·FortiOS ·CVSS 9.6 ·
Patch within: Immediate View guide →
CVE-2024-21887 Critical Patched

CVE-2024-21887: Ivanti Connect Secure -- Authenticated Command Injection

Ivanti ·Connect Secure / Policy Secure ·CVSS 9.1 ·
Patch within: Immediate View guide →
CVE-2023-49103 Critical Patched

CVE-2023-49103: ownCloud graphapi -- Sensitive Information Disclosure (CVSS 10.0)

ownCloud ·ownCloud (graphapi app) ·CVSS 10 ·
Patch within: Immediate View guide →
CVE-2023-1671 Critical Patched

CVE-2023-1671: Sophos Web Appliance -- Pre-Auth Command Injection

Sophos ·Sophos Web Appliance ·CVSS 9.8 ·
Patch within: Immediate View guide →
CVE-2023-36844 Critical Patched

CVE-2023-36844: Juniper SRX/EX -- PHP Environment Variable Injection

Juniper ·Juniper SRX / EX Series ·CVSS 9.8 ·
Patch within: Immediate View guide →
CVE-2023-4966 Critical Patched

CVE-2023-4966: Citrix NetScaler Bleed -- Session Token Leak

Citrix ·NetScaler ADC / NetScaler Gateway ·CVSS 9.4 ·
Patch within: Immediate View guide →
CVE-2023-20198 Critical Patched
Patch within: Immediate View guide →
CVE-2023-22515 Critical Patched

CVE-2023-22515: Atlassian Confluence -- Privilege Escalation to Admin

Atlassian ·Confluence Data Center and Server ·CVSS 10 ·
Patch within: Immediate View guide →
CVE-2023-40044 Critical Patched

CVE-2023-40044: Progress WS_FTP Server -- Deserialization RCE

Progress Software ·WS_FTP Server ·CVSS 10 ·
Patch within: Immediate View guide →
CVE-2023-42793 Critical Patched

CVE-2023-42793: JetBrains TeamCity -- Pre-Auth Authentication Bypass

JetBrains ·TeamCity ·CVSS 9.8 ·
Patch within: Immediate View guide →
CVE-2023-35078 Critical Patched

CVE-2023-35078: Ivanti EPMM -- Unauthenticated API Access

Ivanti ·Endpoint Manager Mobile (EPMM) ·CVSS 10 ·
Patch within: Immediate View guide →
CVE-2023-27997 Critical Patched

CVE-2023-27997: Fortinet FortiGate SSL-VPN -- Pre-Auth Heap Overflow RCE

Fortinet ·FortiOS / FortiProxy ·CVSS 9.8 ·
Patch within: Immediate View guide →
CVE-2023-34362 Critical Patched

CVE-2023-34362: MOVEit Transfer -- SQL Injection to RCE

Progress Software ·MOVEit Transfer ·CVSS 9.8 ·
Patch within: Immediate View guide →
CVE-2023-28771 Critical Patched

CVE-2023-28771: Zyxel Firewall -- Pre-Auth OS Command Injection

Zyxel ·Zyxel Firewall ·CVSS 9.8 ·
Patch within: Immediate View guide →
CVE-2023-27350 Critical Patched

CVE-2023-27350: PaperCut MF/NG -- Authentication Bypass RCE

PaperCut ·PaperCut MF/NG ·CVSS 9.8 ·
Patch within: Immediate View guide →
CVE-2022-47986 Critical Patched

CVE-2022-47986: IBM Aspera Faspex -- YAML Deserialization RCE

IBM ·Aspera Faspex ·CVSS 9.8 ·
Patch within: Immediate View guide →
CVE-2022-42475 Critical Patched

CVE-2022-42475: Fortinet FortiOS -- Heap Overflow RCE

Fortinet ·FortiOS ·CVSS 9.3 ·
Patch within: Immediate View guide →
CVE-2022-27510 Critical Patched

CVE-2022-27510: Citrix ADC/Gateway -- Authentication Bypass

Citrix ·Citrix ADC / Citrix Gateway ·CVSS 9.8 ·
Patch within: Immediate View guide →
CVE-2022-3236 Critical Patched

CVE-2022-3236: Sophos Firewall -- User Portal and Webadmin Code Injection

Sophos ·Sophos Firewall ·CVSS 9.8 ·
Patch within: Immediate View guide →
CVE-2022-26134 Critical Patched

CVE-2022-26134: Atlassian Confluence -- OGNL Injection RCE

Atlassian ·Confluence Server / Data Center ·CVSS 9.8 ·
Patch within: Immediate View guide →
CVE-2022-30525 Critical Patched

CVE-2022-30525: Zyxel Firewall -- OS Command Injection

Zyxel ·Zyxel Firewall ·CVSS 9.8 ·
Patch within: Immediate View guide →
CVE-2022-1388 Critical Patched
Patch within: Immediate View guide →
CVE-2021-44228 Critical Patched

CVE-2021-44228: Log4Shell -- Apache Log4j Remote Code Execution

Apache Software Foundation ·Log4j 2 ·CVSS 10 ·
Patch within: Immediate View guide →
CVE-2021-26855 Critical Patched

CVE-2021-26855: Microsoft Exchange -- ProxyLogon SSRF

Microsoft ·Exchange Server ·CVSS 9.8 ·
Patch within: Immediate View guide →
CVE-2021-34473 Critical Patched

CVE-2021-34473: Microsoft Exchange -- ProxyShell RCE

Microsoft ·Exchange Server ·CVSS 9.8 ·
Patch within: Immediate View guide →
CVE-2021-40539 Critical Patched

CVE-2021-40539: Zoho ManageEngine ADSelfService Plus -- Unauthenticated RCE

Zoho ·ManageEngine ADSelfService Plus ·CVSS 9.8 ·
Patch within: Immediate View guide →
CVE-2026-15410 High Patched

CVE-2026-15410: SonicWall SMA1000 AMC — Code Injection Remote Code Execution

SonicWall ·SMA1000 Appliance ·CVSS 7.2 ·
Patch within: 7 Days View guide →
CVE-2026-56155 High Patched

CVE-2026-56155: Microsoft Active Directory Federation Services — Local Privilege Escalation

Microsoft ·Active Directory Federation Services ·CVSS 7.8 ·
Patch within: 7 Days View guide →
CVE-2026-45659 High Patched

CVE-2026-45659: Microsoft SharePoint Server -- Deserialization RCE

Microsoft ·SharePoint Server ·CVSS 8.8 ·
Patch within: 7 Days View guide →
CVE-2026-20230 High Patched

CVE-2026-20230: Cisco Unified CM — SSRF to Root via Webshell

Cisco ·Unified Communications Manager ·CVSS 8.6 ·
Patch within: 7 Days View guide →
CVE-2026-54420 High Patched

CVE-2026-54420: LiteSpeed cPanel Plugin — UNIX Symlink Following Allows Container Escape on Shared Hosting

LiteSpeed Technologies ·LiteSpeed cPanel Plugin ·CVSS 8.5 ·
Patch within: 7 Days View guide →
CVE-2026-11645 High Patched
Patch within: 7 Days View guide →
CVE-2026-42271 High Patched
Patch within: 7 Days View guide →
CVE-2026-28318 High Patched

CVE-2026-28318: SolarWinds Serv-U Unauthenticated DoS via Deflate Header

SolarWinds ·Serv-U ·CVSS 7.5 ·
Patch within: 7 Days View guide →
CVE-2022-0492 High Patched
Patch within: 7 Days View guide →
CVE-2025-48595 High Patched
Patch within: 7 Days View guide →
CVE-2024-21182 High Patched
Patch within: 7 Days View guide →
CVE-2026-0257 High Patched
Patch within: 7 Days View guide →
CVE-2026-20122 High Patched

CVE-2026-20122/20128/20133: Cisco Catalyst SD-WAN Manager Exploitation Chain

Cisco ·Catalyst SD-WAN Manager ·CVSS 7.5 ·
Patch within: 7 Days View guide →
CVE-2026-9082 High Patched

CVE-2026-9082: Drupal Core SQL Injection via PostgreSQL Database Abstraction API

Drupal Association ·Drupal Core ·CVSS 8.1 ·
Patch within: 7 Days View guide →
CVE-2026-34926 High Patched

CVE-2026-34926: Trend Micro Apex One -- Directory Traversal Enabling Arbitrary File Read/Write

Trend Micro ·Apex One (On-Premise) ·CVSS 7.5 ·
Patch within: 7 Days View guide →
CVE-2026-41091 High Patched

CVE-2026-41091: Microsoft Defender Symlink Following -- Low-Privilege to SYSTEM via Malware Protection Engine

Microsoft ·Defender (Microsoft Malware Protection Engine) ·CVSS 7.8 ·
Patch within: 7 Days View guide →
CVE-2026-45498 High Patched

CVE-2026-45498: Microsoft Defender -- Denial of Service via Malformed Input

Microsoft ·Microsoft Defender Antivirus ·CVSS 7 ·
Patch within: 7 Days View guide →
CVE-2026-42897 High Patched

CVE-2026-42897: Microsoft Exchange Server XSS in Outlook Web Access

Microsoft ·Exchange Server ·CVSS 8 ·
Patch within: 7 Days View guide →
CVE-2026-42208 High Patched
Patch within: 7 Days View guide →
CVE-2026-6973 High Patched

CVE-2026-6973: Ivanti EPMM Improper Input Validation Enables Authenticated RCE

Ivanti ·Endpoint Manager Mobile (EPMM) ·CVSS 7.2 ·
Patch within: 7 Days View guide →
CVE-2026-31431 High Patched
Patch within: 7 Days View guide →
CVE-2024-57726 High Patched

CVE-2024-57726: SimpleHelp Missing Authorization -- Privilege Escalation via API Keys

SimpleHelp ·SimpleHelp Remote Support ·CVSS 7.8 ·
Patch within: 7 Days View guide →
CVE-2026-33825 High Patched
Patch within: 7 Days View guide →
CVE-2024-27199 High Patched
Patch within: 7 Days View guide →
CVE-2025-2749 High Patched
Patch within: 7 Days View guide →
CVE-2026-34197 High Patched

CVE-2026-34197: Apache ActiveMQ RCE via Jolokia JMX-HTTP Bridge

Apache ·ActiveMQ ·CVSS 8.8 ·
Patch within: 7 Days View guide →
CVE-2023-21529 High Patched

CVE-2023-21529: Microsoft Exchange Server Deserialization -- Authenticated RCE

Microsoft ·Exchange Server ·CVSS 8.8 ·
Patch within: 7 Days View guide →
CVE-2026-3055 High Patched

CVE-2026-3055: Citrix NetScaler Out-of-Bounds Read -- SAML IDP Memory Disclosure

Citrix ·NetScaler ADC / Gateway ·CVSS 8.8 ·
Patch within: 7 Days View guide →
CVE-2025-53521 High Patched

CVE-2025-53521: F5 BIG-IP APM Stack-Based Buffer Overflow -- RCE

F5 ·BIG-IP APM ·CVSS 8.8 ·
Patch within: 7 Days View guide →
CVE-2026-3910 High Patched

CVE-2026-3910: Google Chromium V8 Memory Buffer -- Sandbox RCE via Crafted HTML

Google ·Chromium / Chrome ·CVSS 8.8 ·
Patch within: 7 Days View guide →
CVE-2022-20775 High Patched

CVE-2022-20775: Cisco SD-WAN CLI -- Path Traversal Privilege Escalation

Cisco ·Cisco SD-WAN ·CVSS 7.8 ·
Patch within: 7 Days View guide →
CVE-2026-25108 High Patched

CVE-2026-25108: Soliton FileZen -- OS Command Injection via HTTP Request

Soliton Systems K.K. ·FileZen ·CVSS 8.8 ·
Patch within: 7 Days View guide →
CVE-2025-49113 High Patched

CVE-2025-49113: Roundcube Webmail Deserialization -- Authenticated RCE via upload.php

Roundcube ·Roundcube Webmail ·CVSS 8.8 ·
Patch within: 7 Days View guide →
CVE-2024-7694 High Patched

CVE-2024-7694: TeamT5 ThreatSonar Anti-Ransomware -- Unrestricted File Upload RCE

TeamT5 ·ThreatSonar Anti-Ransomware ·CVSS 7.2 ·
Patch within: 7 Days View guide →
CVE-2026-2441 High Patched

CVE-2026-2441: Google Chromium CSS -- Use-After-Free Heap Corruption

Google ·Chromium / Chrome / Edge / Opera ·CVSS 8.8 ·
Patch within: 7 Days View guide →
CVE-2025-15556 High Patched

CVE-2025-15556: Notepad++ WinGUp Updater -- Download Without Integrity Check

Notepad++ ·Notepad++ (WinGUp updater) ·CVSS 7.5 ·
Patch within: 7 Days View guide →
CVE-2026-20700 High Patched

CVE-2026-20700: Apple Multiple Products -- Buffer Overflow RCE

Apple ·iOS / macOS / tvOS / watchOS / visionOS ·CVSS 8.8 ·
Patch within: 7 Days View guide →
CVE-2026-21510 High Patched

CVE-2026-21510: Microsoft Windows Shell -- Protection Mechanism Failure

Microsoft ·Windows Shell ·CVSS 8.1 ·
Patch within: 7 Days View guide →
CVE-2026-21513 High Patched

CVE-2026-21513: Microsoft Windows MSHTML -- Protection Mechanism Failure

Microsoft ·Windows MSHTML ·CVSS 8.1 ·
Patch within: 7 Days View guide →
CVE-2026-21514 High Patched

CVE-2026-21514: Microsoft Office Word -- Reliance on Untrusted Inputs Privilege Escalation

Microsoft ·Microsoft Office Word ·CVSS 7.8 ·
Patch within: 7 Days View guide →
CVE-2026-21519 High Patched

CVE-2026-21519: Microsoft Desktop Window Manager -- Type Confusion Privilege Escalation

Microsoft ·Windows Desktop Window Manager (DWM) ·CVSS 7.8 ·
Patch within: 7 Days View guide →
CVE-2026-21533 High Patched

CVE-2026-21533: Microsoft Windows Remote Desktop Services -- Privilege Escalation

Microsoft ·Windows Remote Desktop Services ·CVSS 7.8 ·
Patch within: 7 Days View guide →
CVE-2025-64328 High Patched

CVE-2025-64328: Sangoma FreePBX Endpoint Manager -- Post-Auth OS Command Injection

Sangoma ·FreePBX Endpoint Manager ·CVSS 8.8 ·
Patch within: 7 Days View guide →
CVE-2025-14847 High Patched

CVE-2025-14847: MongoDB Server -- Zlib Compressed Protocol Heap Memory Disclosure

MongoDB ·MongoDB Server ·CVSS 7.5 ·
Patch within: 7 Days View guide →
CVE-2025-20393 High Patched

CVE-2025-20393: Cisco Secure Email -- OS Command Injection with Root Privileges

Cisco ·Secure Email Gateway / AsyncOS / Web Manager ·CVSS 8.8 ·
Patch within: 7 Days View guide →
CVE-2025-40602 High Patched

CVE-2025-40602: SonicWall SMA1000 -- Missing Authorization Privilege Escalation

SonicWall ·SMA1000 Appliance ·CVSS 8.8 ·
Patch within: 7 Days View guide →
CVE-2025-43529 High Patched

CVE-2025-43529: Apple Multiple Products WebKit -- Use-After-Free Memory Corruption

Apple ·iOS/iPadOS/macOS/Safari ·CVSS 8.8 ·
Patch within: 7 Days View guide →
CVE-2025-14174 High Patched

CVE-2025-14174: Google Chromium ANGLE -- Out-of-Bounds Memory Access

Google ·Chromium / Chrome / Edge / Opera ·CVSS 8.8 ·
Patch within: 7 Days View guide →
CVE-2025-58360 High Patched

CVE-2025-58360: OSGeo GeoServer -- XXE via WMS GetMap Endpoint

OSGeo ·GeoServer ·CVSS 7.5 ·
Patch within: 7 Days View guide →
CVE-2025-6218 High Patched

CVE-2025-6218: RARLAB WinRAR -- Path Traversal Code Execution

RARLAB ·WinRAR ·CVSS 7.8 ·
Patch within: 7 Days View guide →
CVE-2025-62221 High Patched

CVE-2025-62221: Microsoft Windows Cloud Files Mini Filter Driver -- Use-After-Free Privilege Escalation

Microsoft ·Windows Cloud Files Mini Filter Driver ·CVSS 7.8 ·
Patch within: 7 Days View guide →
CVE-2021-26828 High Patched

CVE-2021-26828: OpenPLC ScadaBR -- Unrestricted File Upload RCE

OpenPLC ScadaBR ·ScadaBR ·CVSS 8.8 ·
Patch within: 7 Days View guide →
CVE-2025-48572 High Patched

CVE-2025-48572: Android Framework -- Privilege Escalation Vulnerability

Android Framework ·Android Framework ·CVSS 7.8 ·
Patch within: 7 Days View guide →
CVE-2025-29824 High Patched

CVE-2025-29824: Windows CLFS -- Zero-Day Privilege Escalation

Microsoft ·Windows (CLFS Driver) ·CVSS 7.8 ·
Patch within: 7 Days View guide →
CVE-2025-26633 High Patched

CVE-2025-26633: Microsoft MMC -- Zero-Day Security Feature Bypass

Microsoft ·Microsoft Management Console ·CVSS 7 ·
Patch within: 7 Days View guide →
CVE-2025-21418 High Patched

CVE-2025-21418: Windows AFD Driver -- Privilege Escalation

Microsoft ·Windows AFD Driver ·CVSS 7.8 ·
Patch within: 7 Days View guide →
CVE-2024-50623 High Patched

CVE-2024-50623: Cleo Harmony/VLTrader -- Unrestricted File Upload and Download RCE

Cleo ·Harmony / VLTrader / LexiCom ·CVSS 8.8 ·
Patch within: 7 Days View guide →
CVE-2024-43451 High Patched

CVE-2024-43451: Windows -- NTLM Hash Disclosure Spoofing

Microsoft ·Windows ·CVSS 7.5 ·
Patch within: 7 Days View guide →
CVE-2024-49039 High Patched

CVE-2024-49039: Windows Task Scheduler -- Privilege Escalation

Microsoft ·Windows Task Scheduler ·CVSS 8.8 ·
Patch within: 7 Days View guide →
CVE-2024-38094 High Patched

CVE-2024-38094: Microsoft SharePoint Server -- Remote Code Execution

Microsoft ·SharePoint Server ·CVSS 7.2 ·
Patch within: 7 Days View guide →
CVE-2024-38193 High Patched

CVE-2024-38193: Windows AFD Driver -- Privilege Escalation

Microsoft ·Windows AFD Driver ·CVSS 7.8 ·
Patch within: 7 Days View guide →
CVE-2024-38112 High Patched

CVE-2024-38112: Windows MSHTML -- Platform Spoofing

Microsoft ·Windows MSHTML Platform ·CVSS 7.5 ·
Patch within: 7 Days View guide →
CVE-2024-6387 High Patched

CVE-2024-6387: OpenSSH regreSSHion -- Unauthenticated RCE in sshd

OpenSSH ·OpenSSH (sshd) ·CVSS 8.1 ·
Patch within: 7 Days View guide →
CVE-2024-26169 High Patched

CVE-2024-26169: Windows Error Reporting -- Privilege Escalation

Microsoft ·Windows Error Reporting Service ·CVSS 7.8 ·
Patch within: 7 Days View guide →
CVE-2024-30051 High Patched

CVE-2024-30051: Windows DWM Core Library -- Privilege Escalation

Microsoft ·Windows Desktop Window Manager ·CVSS 7.8 ·
Patch within: 7 Days View guide →
CVE-2024-20353 High Patched

CVE-2024-20353: Cisco ASA/FTD -- ArcaneDoor DoS and Memory Leak

Cisco ·Cisco ASA / Firepower Threat Defense ·CVSS 8.6 ·
Patch within: 7 Days View guide →
CVE-2024-21338 High Patched

CVE-2024-21338: Windows Kernel -- Privilege Escalation

Microsoft ·Windows Kernel ·CVSS 7.8 ·
Patch within: 7 Days View guide →
CVE-2024-21893 High Patched

CVE-2024-21893: Ivanti Connect Secure -- SSRF to Authentication Bypass

Ivanti ·Connect Secure / Policy Secure ·CVSS 8.2 ·
Patch within: 7 Days View guide →
CVE-2023-46805 High Patched

CVE-2023-46805: Ivanti Connect Secure -- Authentication Bypass via Path Traversal

Ivanti ·Connect Secure / Policy Secure ·CVSS 8.2 ·
Patch within: 7 Days View guide →
CVE-2023-36025 High Patched

CVE-2023-36025: Windows SmartScreen -- Security Feature Bypass

Microsoft ·Windows SmartScreen ·CVSS 8.8 ·
Patch within: 7 Days View guide →
CVE-2023-20273 High Patched

CVE-2023-20273: Cisco IOS XE Web UI -- Command Injection

Cisco ·Cisco IOS XE ·CVSS 7.2 ·
Patch within: 7 Days View guide →
CVE-2023-26360 High Patched

CVE-2023-26360: Adobe ColdFusion -- Deserialization RCE

Adobe ·ColdFusion ·CVSS 8.6 ·
Patch within: 7 Days View guide →
CVE-2023-0669 High Patched

CVE-2023-0669: GoAnywhere MFT -- Pre-Auth Remote Code Execution

Fortra (formerly HelpSystems) ·GoAnywhere MFT ·CVSS 7.2 ·
Patch within: 7 Days View guide →
CVE-2022-41040 High Patched

CVE-2022-41040: Microsoft Exchange -- ProxyNotShell SSRF

Microsoft ·Exchange Server ·CVSS 8.8 ·
Patch within: 7 Days View guide →

No patched CVEs match your search.

No Patch Available

7 CVEs
No official patch available. These CVEs are actively exploited in the wild but do not yet have vendor-issued fixes. Apply interim mitigations documented in each analysis, and monitor vendor advisories closely. Network isolation and enhanced monitoring are the primary defences.
CVE-2023-4346 High No Patch
Mitigate Now View mitigations →
CVE-2026-20245 High No Patch
Mitigate Now View mitigations →
CVE-2025-29635 High No Patch
Mitigate Now View mitigations →
CVE-2023-52163 Critical No Patch

CVE-2023-52163: Digiever DS-2105 Pro -- Missing Authorization / Command Injection

Digiever ·DS-2105 Pro NVR ·CVSS 9.8 ·
Mitigate Now View mitigations →
CVE-2025-59374 High No Patch

CVE-2025-59374: ASUS Live Update -- Embedded Malicious Code (Supply Chain)

ASUS ·ASUS Live Update ·CVSS 7.5 ·
Mitigate Now View mitigations →
CVE-2018-4063 High No Patch

CVE-2018-4063: Sierra Wireless AirLink ALEOS -- Unrestricted File Upload RCE

Sierra Wireless ·AirLink ALEOS ·CVSS 8.8 ·
Mitigate Now View mitigations →
CVE-2022-37055 Critical No Patch

CVE-2022-37055: D-Link Routers -- Buffer Overflow RCE

D-Link ·D-Link Routers ·CVSS 9.8 ·
Mitigate Now View mitigations →