CVEs with confirmed in-the-wild exploitation, drawn from the CISA Known Exploited Vulnerabilities (KEV) catalog and the ENISA EU Vulnerability Database (EUVD) exploited flag, most recent first. Subscribe via the Atom feed.
Recently flagged as exploited
CVE-2026-56290 — CVSS 9.8 (critical): The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and…
CVE-2026-55255 — CVSS 8.4 (high): Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.1, an Insecure Direct Object Reference (IDOR)…
CVE-2026-48908 — CVSS 9.8 (critical): A vulnerability in SP Page Builder for Joomla allows unauthenticated users to upload arbitrary files, ultimately resulting in the upload…
CVE-2026-48282 — CVSS 10.0 (critical): ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path…
CVE-2026-45659 — CVSS 8.8 (high): Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-48558 — CVSS 10.0 (critical): SimpleHelp versions 5.5.15 and prior and 6.0 pre-release versions contain an authentication bypass vulnerability in the OIDC authentication…
CVE-2026-20230 — CVSS 8.6 (high): A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition…
CVE-2026-12569 — CVSS 9.8 (critical): A critical remote code execution (RCE) vulnerability has been reported in PTC Windchill PDMlink and PTC FlexPLM. The vulnerability may be…
CVE-2026-34910 — CVSS 10.0 (critical): A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute…
CVE-2026-34909 — CVSS 10.0 (critical): A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the…
CVE-2026-34908 — CVSS 10.0 (critical): A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make…
CVE-2025-67038 — CVSS 9.8 (critical): An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell command to write logs when user's…
CVE-2026-20253 — CVSS 9.8 (critical): In Splunk Enterprise 10.2 versions below 10.2.4 and 10 versions below 10.0.7, an unauthenticated user could create or truncate arbitrary…
CVE-2026-48907 — CVSS 9.8 (critical): A vulnerability in the JCE editor extension for Joomla allows the creation of new editor profiles for unauthenticated users, ultimately…
CVE-2026-54420 — CVSS 8.5 (high): LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provided by a user with…
CVE-2026-20262 — CVSS 6.5 (medium): A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker to…
CVE-2026-35273 — CVSS 9.8 (critical): Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Management). Supported…
CVE-2026-10520 — CVSS 10.0 (critical): An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated…
CVE-2026-7473 — CVSS 5.8 (medium): On affected platforms running Arista EOS where a tunnel decapsulation configuration—such as VXLAN (Virtual Extensible LAN), decap-groups…
CVE-2026-20245 — CVSS 7.8 (high): A vulnerability in the CLI of Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, Cisco Catalyst SD-WAN Manager, formerly SD-WAN…
CVE-2026-11645 — CVSS 8.8 (high): Out of bounds read and write in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a…
CVE-2026-50751 — CVSS 9.3 (critical): A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated…
CVE-2026-42271 — CVSS 8.8 (high): LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.74.2 to before version 1.83.7, two…
CVE-2026-28318 — CVSS 7.5 (high): SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service without authentication using…
CVE-2026-45247 — CVSS 9.8 (critical): Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a PHP object injection vulnerability that allows…
CVE-2025-48595 — CVSS 8.4 (high): In multiple locations, there is a possible way to achieve code execution due to an integer overflow. This could lead to local escalation of…
CVE-2022-0492 — CVSS 7.8 (high): A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under…
CVE-2024-21182 — CVSS 7.5 (high): Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are…
CVE-2026-0257 — CVSS 9.1 (critical): Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software allows the attacker…
CVE-2026-8398 — CVSS 9.8 (critical): A supply chain attack compromised the official installation packages of DAEMON Tools Lite (Windows versions 12.5.0.2421 through…
CVE-2026-48027 — CVSS 9.8 (critical): Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious version of Nx Console, 18.95.0, was published at 12:30 PM UTC…
CVE-2026-45321 — CVSS 9.6 (critical): On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack/* packages were published to the npm…
CVE-2026-48172 — CVSS 9.8 (critical): LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possibly to root), as exploited in the wild in May 2026…
CVE-2026-9082 — CVSS 9.8 (critical): Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Drupal Drupal core allows SQL…
CVE-2026-34926 — CVSS 6.7 (medium): A directory traversal vulnerability in the Apex One (on-premise) server could allow a pre-authenticated local attacker to modify a key…
CVE-2025-34291 — CVSS 8.8 (high): Langflow versions up to and including 1.6.9 contain a chained vulnerability that enables account takeover and remote code execution. An…
CVE-2026-41091 — CVSS 7.8 (high): Improper link resolution before file access ('link following') in Microsoft Defender allows an authorized attacker to elevate privileges…
CVE-2010-0806 — CVSS 8.8 (high): Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote…
CVE-2010-0249 — CVSS 8.8 (high): Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4; Windows XP SP2 and SP3; Windows Server…
CVE-2009-3459 — CVSS 8.8 (high): Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows remote attackers to…
CVE-2009-1537 — CVSS 8.8 (high): Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows…
CVE-2008-4250 — CVSS 9.8 (critical): The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta…
CVE-2026-42897 — CVSS 8.1 (high): Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized…
CVE-2026-20182 — CVSS 10.0 (critical): May 2026: This security advisory provides the details and fix information for a vulnerability that was discovered and fixed after the was…
CVE-2026-42208 — CVSS 9.8 (critical): LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.81.16 to before version 1.83.7, a…
CVE-2026-6973 — CVSS 7.2 (high): An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remotely authenticated user with…
CVE-2026-0300 — CVSS 9.8 (critical): A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software…
CVE-2026-31431 — CVSS 7.8 (high): In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly…
CVE-2026-41940 — CVSS 9.8 (critical): cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote…