ctipilot.ch

CVEs

422 CVEs referenced across all briefs. Click an ID for the full appearance trail.

Total CVEs
422
1 types
Recent (30 d)
262
entities with new coverage in window
Distinct sources
368
hosts cited at least once
Total appearances
686
brief-section attributions
Co-occurrence links
1131
entity ↔ entity in same item

By type

  • cve422 (100%)

Recent coverage

Aggregate mentions per ISO week, last 8 weeks.

By year

  • 20131
  • 20161
  • 20172
  • 20181
  • 20191
  • 20203
  • 20214
  • 20225
  • 20237
  • 202410
  • 202521
  • 2026361
CVETitleFirst seenLast seenAppears in
CVE-2013-3307Linksys/D-Link RTL819X command-injection RCE — initial-access vector for the AryStinger botnet2026-06-222026-06-222026-06-22
CVE-2016-5681D-Link DIR-850L HTTP-service stack buffer overflow RCE — AryStinger botnet access vector2026-06-222026-06-222026-06-22
CVE-2025-11837QNAP Malware Remover code injection (fixed 6.6.8.20251023) — AryStinger NAS access vector2026-06-222026-06-222026-06-22
CVE-2026-20253Splunk Enterprise pre-auth RCE via unauthenticated PostgreSQL sidecar REST API proxied by web tier, CVSS 9.82026-06-142026-06-212026-W252026-06-202026-06-14
CVE-2026-50656RoguePlanet Defender LPE (CVE-2026-50656) — Nightmare/Chaotic Eclipse wave, public PoC, no patch2026-06-192026-06-212026-W252026-06-19
CVE-2026-12569PTC Windchill/FlexPLM CVE-2026-12569 — unauth Java deserialization RCE (CVSS 10.0), actively exploited2026-06-202026-06-212026-W252026-06-20
CVE-2026-4020Gravity SMTP WordPress plugin unauthenticated credential-dump (CVE-2026-4020)2026-06-212026-06-212026-06-21
CVE-2026-35273Oracle PeopleSoft PeopleTools PSEMHUB pre-auth RCE (CVSS 9.8), zero-day exploited by UNC6240/ShinyHunters2026-06-122026-06-212026-W252026-W242026-06-202026-06-182026-06-162026-06-142026-06-132026-06-12
CVE-2023-24932Windows Boot Manager Secure Boot bypass (BlackLotus-class) — possible FishMonger SprySOCKS UEFI component (unconfirmed)2026-06-172026-06-212026-W252026-06-17
CVE-2026-35278Oracle PeopleSoft PeopleTools 8.61/8.62 Performance Monitor — missing-auth RCE (CVSS 9.8)2026-06-182026-06-212026-W252026-06-18
CVE-2026-0646Rockwell 1794-AENTR/AENTRXT FLEX I/O — CIP-handling denial-of-service (CVSS 7.5)2026-06-182026-06-212026-W252026-06-18
CVE-2026-11317Rockwell CompactLogix/ControlLogix 5370/5570 — CIP message major non-recoverable fault DoS (CVSS 7.5)2026-06-182026-06-212026-W252026-06-18
CVE-2025-13036Rockwell FactoryTalk Historian Site Edition — authentication bypass (CVSS 7.7)2026-06-182026-06-212026-W252026-06-18
CVE-2026-42055NGINX — heap overflow in ngx_http_proxy_v2_module/ngx_http_grpc_module (CVSS v4 9.2)2026-06-192026-06-212026-W252026-06-19
CVE-2026-55804Drupal core — deserialization gadget chain (SA-CORE-2026-006)2026-06-192026-06-212026-W252026-06-19
CVE-2026-40624AVer PTC-series conference cameras CVE-2026-40624 — unauth RCE (CVSS 9.8), CISA ICS advisory2026-06-202026-06-202026-06-20
CVE-2026-52806Gogs self-hosted Git server CVE-2026-52806 — argument injection to OS command execution (CVSSv4 9.4), BSI critical batch2026-06-202026-06-202026-06-20
CVE-2026-20181Cisco ISE CVE-2026-20181/20190 — unauth credential read chaining to authenticated root RCE2026-06-192026-06-192026-06-19
CVE-2026-20190Cisco ISE CVE-2026-20190 — unauthenticated read of hashed admin credentials (CVSS 7.5)2026-06-192026-06-192026-06-19
CVE-2026-12046pgAdmin 4 critical CVEs (CVE-2026-12046/12045/12048) patched in v9.162026-06-192026-06-192026-06-19
CVE-2026-42530NGINX HTTP/3 QUIC UAF (CVE-2026-42530) + HTTP/2-proxy heap overflow (CVE-2026-42055)2026-06-192026-06-192026-06-19
CVE-2026-55803Drupal core June 2026 advisories — JSON:API PHP object-injection chain (CVE-2026-55803/55804)2026-06-192026-06-192026-06-19
CVE-2026-12045pgAdmin 4 — AI Assistant read-only-transaction bypass to RCE via COPY TO PROGRAM (CVSS v4 9.4)2026-06-192026-06-192026-06-19
CVE-2026-12048pgAdmin 4 — stored XSS via unsanitised PostgreSQL error/EXPLAIN content (CVSS v4 9.3)2026-06-192026-06-192026-06-19
CVE-2026-55806Drupal core — rebuild.php trusted-host bypass (SA-CORE-2026-007)2026-06-192026-06-192026-06-19
CVE-2026-55807Drupal core — Media module oEmbed SSRF (SA-CORE-2026-008)2026-06-192026-06-192026-06-19
CVE-2026-55808Drupal core — JSON:API/REST image-upload MIME-validation gap (SA-CORE-2026-009)2026-06-192026-06-192026-06-19
CVE-2026-46978Oracle June 2026 CSPU — Solaris RAD CVSS 10.0 (CVE-2026-46978) + PeopleSoft 9.8 (CVE-2026-35278)2026-06-182026-06-182026-06-18
CVE-2026-0647Rockwell FLEX I/O unauth password reset (9.4) + Logix CIP DoS cluster — NCSC-CH flagged2026-06-182026-06-182026-06-18
CVE-2026-0257PAN-OS GlobalProtect pre-auth authentication bypass2026-05-302026-06-172026-06-172026-06-102026-05-30
CVE-2026-50751Check Point IKEv1 VPN authentication bypass (CVE-2026-50751)2026-06-092026-06-172026-W242026-06-172026-06-09
CVE-2026-25089Fortinet FortiSandbox unauthenticated OS command injection2026-06-122026-06-172026-06-172026-06-12
CVE-2026-48907Joomla Content Editor (JCE) CVE-2026-48907 — unauthenticated profile-import PHP RCE, CISA KEV, automated exploitation2026-06-172026-06-172026-06-17
CVE-2026-2473Google Vertex AI SDK 'Pickle in the Middle' (CVE-2026-2473) — predictable staging-bucket cross-tenant pickle RCE; patched2026-06-172026-06-172026-06-17
CVE-2026-39808Fortinet FortiSandbox CVE-2026-39808 — actively exploited (Defused Cyber)2026-06-172026-06-172026-06-17
CVE-2026-39813Fortinet FortiSandbox CVE-2026-39813 — actively exploited (Defused Cyber)2026-06-172026-06-172026-06-17
CVE-2025-55182React/Next.js Server Actions deserialisation ("React2Shell") — weaponised by PCPJack worm2026-05-102026-06-172026-W192026-05-192026-05-10
CVE-2020-25213WP File Manager pre-auth RCE — used as fallback vector in the ErrTraffic ClickFix framework2026-06-172026-06-172026-06-17
CVE-2023-52271Topaz Antifraud wsftprm.sys vulnerable kernel driver — DragonForce BYOVD chain2026-06-172026-06-172026-06-17
CVE-2025-61155Tower of Fantasy GameDriverx64.sys vulnerable kernel driver — DragonForce BYOVD chain2026-06-172026-06-172026-06-17
CVE-2025-1055K7 Security K7RKScan.sys vulnerable kernel driver — DragonForce BYOVD chain2026-06-172026-06-172026-06-17
CVE-2026-20262Cisco Catalyst SD-WAN Manager authenticated arbitrary file write to root RCE (CVE-2026-20262); CISA KEV; deep dive2026-06-162026-06-162026-06-16
CVE-2026-54420LiteSpeed cPanel/WHM plugin symlink-following on shared hosting (CVE-2026-54420); exploited ITW; CISA KEV2026-06-162026-06-162026-06-16
CVE-2026-48611phpBB unauthenticated OAuth auth-bypass to admin (CVE-2026-48611, CVSS 9.8) + CSRF CVE-2026-48612; fixed 3.3.172026-06-162026-06-162026-06-16
CVE-2026-47101LiteLLM AI-gateway three-CVE chain (CVE-2026-47101/-47102/-40217) low-priv to proxy_admin to RCE; all provider keys exposed; fixed v1.83.142026-06-162026-06-162026-06-16
CVE-2026-42824Microsoft 365 Copilot 'SearchLeak' (CVE-2026-42824) one-click email/file/MFA exfil via prompt injection + Bing SSRF CSP bypass; patched2026-06-162026-06-162026-06-16
CVE-2026-48612phpBB OAuth improper state verification + CSRF session hijack; CVSS 8.0; fixed 3.3.172026-06-162026-06-162026-06-16
CVE-2026-47102LiteLLM privilege escalation — self-promote to proxy_admin via /user/update; CVSS 8.8; fixed v1.83.142026-06-162026-06-162026-06-16
CVE-2026-40217LiteLLM Custom Code Guardrails sandbox escape to RCE via exec()/bytecode; CVSS 8.8; fixed v1.83.142026-06-162026-06-162026-06-16
CVE-2026-20251Splunk Secure Gateway jsonpickle deserialization RCE (CVSS 8.8) — assessed, no §2 gate (no ITW, post-auth); NCSC-NL advisory2026-06-162026-06-162026-06-202026-06-16
CVE-2026-47928Adobe ColdFusion unauthenticated no-interaction RCE (CVSS 9.6, APSB26-64; scope change S:C; fixed 2023 Update 20 / 2025 Update 9)2026-06-152026-06-152026-06-15
CVE-2026-47932Adobe ColdFusion path-traversal security-feature bypass (CVSS 8.8, APSB26-64) — co-disclosed; assessed, not promoted2026-06-152026-06-152026-06-15
CVE-2026-34182OpenSSL CMS AuthEnvelopedData integrity bypass (moderate) — assessed, out-of-window, not promoted2026-06-152026-06-152026-06-15
CVE-2026-47124Traefik v3.x security-policy bypass (GHSA-3g6v-2r68-prfc) — assessed, no §2 gate, out-of-window2026-06-152026-06-152026-06-15
CVE-2026-10087GitLab EE Analytics Dashboard stored XSS (CVSS 8.7) — assessed, no §2 gate2026-06-152026-06-152026-06-15
CVE-2026-7250GitLab CE/EE Grape API unauthenticated DoS (CVSS 7.5) — assessed, no §2 gate2026-06-152026-06-152026-06-15
CVE-2026-9204GitLab CE/EE Gitaly repository-import SSRF (CVSS 5.3) — assessed, no §2 gate2026-06-152026-06-152026-06-15
CVE-2026-41089Windows Netlogon stack-buffer overflow — unauthenticated remote RCE on domain controllers (CVSS 9.8, May 2026 Patch Tuesday)2026-05-132026-06-142026-W242026-W232026-06-112026-06-022026-05-13
CVE-2026-10520Ivanti Sentry pre-auth OS command injection to root (CVSS 10.0); watchTowr public PoC; companion CVE-2026-10523 auth bypass2026-06-102026-06-142026-W242026-06-142026-06-10
CVE-2026-49261MariaDB Galera wsrep_notify_cmd shell injection (CVSS 10.0)2026-06-122026-06-142026-W242026-06-12
CVE-2026-10795UpdraftPlus WordPress plugin unauthenticated auth-bypass to RCE (all-zero AES key on failed RSA decrypt), CVSS 8.12026-06-142026-06-142026-06-14
CVE-2020-17103Windows Cloud Filter driver cldflt.sys privilege escalation (MiniPlasma PoC)2026-05-182026-06-142026-W242026-W232026-W222026-W212026-05-302026-05-19
CVE-2025-8088WinRAR path-traversal (referenced as initial-access exploit in Gamaredon GammaPhish/GammaWorm campaign, Sekoia 2026-06-01)2026-06-022026-06-142026-W242026-W232026-06-102026-06-032026-06-02
CVE-2026-10523Ivanti Sentry authentication bypass (CWE-288), companion to CVE-2026-105202026-06-102026-06-142026-W242026-06-132026-06-10
CVE-2026-45586Windows CTFMON elevation of privilege (June 2026 Patch Tuesday); referenced in § 7 GreenPlasma cross-source discrepancy note2026-06-112026-06-142026-W242026-06-112026-06-10
CVE-2026-49201Acer Wave-7 mesh router hardcoded AES key in upload.cgi backup handler — persistent backdoor injection (CVSS 10.0, no patch until ~end-June 2026)2026-06-082026-06-142026-06-08
CVE-2025-67644LangGraph SQLite checkpointer SQL injection in get_state_history() (CVSS 7.3; fixed langgraph-checkpoint-sqlite 3.0.1)2026-06-132026-06-142026-W242026-06-13
CVE-2026-28277LangGraph unsafe msgpack deserialization on checkpoint load, chains with SQLi to RCE (CVSS 6.8; fixed langgraph 1.0.10)2026-06-132026-06-142026-W242026-06-13
CVE-2026-47210vm2 Node.js sandbox escape via WebAssembly JSPI Promise-species bypass, CVSS 9.8 (dropped from brief — out-of-window, no ITW)2026-06-142026-06-142026-06-14
CVE-2026-12183BUK TS-G gas-station automation unauthenticated admin bypass, CVSS 9.8 (dropped from brief — aggregator-only sourcing)2026-06-142026-06-142026-06-14
CVE-2022-38028Windows Print Spooler privilege escalation weaponised by APT28 GooseEgg (cited as historical context in Sekoia APT28 retrospective)2026-06-142026-06-142026-06-14
CVE-2026-48558SimpleHelp RMM unauthenticated OIDC auth bypass (CVSS 9.5)2026-06-132026-06-132026-06-13
CVE-2026-27022LangGraph Redis checkpointer RediSearch query injection (CVSS 6.5; fixed @langchain/langgraph-checkpoint-redis 1.0.1)2026-06-132026-06-132026-06-13
CVE-2026-6552GitLab EE Group SAML identity API improper authorization, Group Owner account takeover (CVSS 8.7; fixed 19.0.2/18.11.5/18.10.8) — did not clear daily section-2 gate2026-06-132026-06-132026-06-152026-06-13
CVE-2026-45447OpenSSL PKCS7_verify heap use-after-free on empty SignedData.digestAlgorithms (High; fixed 4.0.1/3.6.3/3.5.7/3.4.6/3.0.21) — out-of-window drop this run2026-06-132026-06-132026-06-152026-06-13
CVE-2026-45657June 2026 Patch Tuesday criticals (Windows kernel TCP/IP RCE + PowerScribe + Azure Stack Edge + Exchange Online)2026-06-122026-06-122026-06-12
CVE-2026-26142CVE-2026-26142 (June 2026 Patch Tuesday critical)2026-06-122026-06-122026-06-12
CVE-2026-47643CVE-2026-47643 (June 2026 Patch Tuesday critical)2026-06-122026-06-122026-06-12
CVE-2026-48579CVE-2026-48579 (June 2026 Patch Tuesday critical)2026-06-122026-06-122026-06-12
CVE-2026-48163MariaDB Galera wsrep parameter-injection (companion fix to CVE-2026-49261)2026-06-122026-06-122026-06-12
CVE-2026-48165MariaDB Galera wsrep parameter-injection (companion fix to CVE-2026-49261)2026-06-122026-06-122026-06-12
CVE-2026-5027Langflow path-traversal arbitrary file write (POST /api/v2/files), pre-auth via auto-login, exploited ITW2026-06-112026-06-112026-06-11
CVE-2026-50507Windows BitLocker physical-access bypass, publicly disclosed, June 2026 Patch Tuesday2026-06-102026-06-112026-06-112026-06-10
CVE-2026-47291Windows HTTP.sys pre-auth integer-overflow RCE (CVSS 9.8), June 2026 Patch Tuesday headline2026-06-102026-06-102026-06-10
CVE-2026-44748SAP NetWeaver AS ABAP SAML XML Signature Wrapping (CVSS 9.9), SAP June Patch Day2026-06-102026-06-102026-06-10
CVE-2026-47895strongSwan libstrongswan identity-clone double-free, unauth RCE over EAP; fixed 6.0.72026-06-102026-06-102026-06-10
CVE-2026-44963Veeam Backup & Replication 12.x authenticated domain-user deserialization RCE (CVSS 9.4); fixed 12.3.2.48542026-06-102026-06-102026-06-10
CVE-2026-11645Google Chrome V8 OOB read/write, exploited ITW, CISA KEV; fixed 149.0.7827.1032026-06-102026-06-102026-06-10
CVE-2026-7473Arista EOS tunnel-decapsulation logic flaw bypasses VXLAN segmentation; CISA KEV, exploited2026-06-102026-06-102026-06-10
CVE-2026-47344TYPO3 Core June 2026 (SA-2026-006) — XSS bypassing HTML Sanitizer; lead CVE of 13-advisory batch (CVE-2026-11607 et al. across SA-006…019)2026-06-102026-06-102026-06-10
CVE-2026-22732SAP Commerce Cloud / Data Hub missing HTTP security headers via Spring Security (CVSS 9.1)2026-06-102026-06-102026-06-10
CVE-2026-27671SAP NetWeaver/ABAP RFC kernel memory corruption, unauthenticated (CVSS 9.8)2026-06-102026-06-102026-06-10
CVE-2026-40128SAP NetWeaver AS Java Web Container path traversal (CVSS 9.0)2026-06-102026-06-102026-06-10
CVE-2026-44815Windows DHCP Client Service RCE (CVSS 9.8), June 2026 Patch Tuesday2026-06-102026-06-102026-06-10
CVE-2026-47281Visual Studio Code EoP to SYSTEM via malicious .code-workspace (CVSS 9.6)2026-06-102026-06-102026-06-10
CVE-2026-49160Windows HTTP.sys HTTP/2 compression-bomb DoS (IIS analogue of CVE-2026-49975); MaxHeadersCount mitigation2026-06-102026-06-102026-06-10
CVE-2026-42271BerriAI LiteLLM command injection to host RCE (CVE-2026-42271)2026-06-092026-06-092026-06-09
CVE-2026-23111Linux kernel nf_tables UAF local-root + container escape (CVE-2026-23111)2026-06-092026-06-092026-06-09
CVE-2026-33691Progress Kemp LoadMaster WAF bypass — companion to CVE-2026-8037 (June 2026 critical bulletin)2026-06-092026-06-092026-06-09
CVE-2026-50752Check Point IKEv1 site-to-site VPN MitM via certificate validation weakness (CVSS 7.4) — no observed exploitation2026-06-092026-06-092026-06-09
CVE-2026-8037Progress Kemp LoadMaster management API unauthenticated command injection (CVSS 9.3) — BSI WID-SEC-2026-1812; no observed exploitation2026-06-092026-06-092026-06-09
CVE-2026-49975HTTP/2 Bomb single-connection memory-exhaustion DoS2026-06-042026-06-082026-W232026-06-04
CVE-2026-20245Cisco Catalyst SD-WAN Manager command-injection to root (actively exploited, no patch)2026-06-062026-06-082026-W232026-06-06
CVE-2026-10868MISP critical mass-assignment account-takeover (CVSS 9.0)2026-06-062026-06-082026-W232026-06-06
CVE-2026-9704Keycloak token-exchange privilege escalation (silent subject_token removal); Keycloak 26.6.3 16-CVE release2026-06-072026-06-082026-W232026-06-07
CVE-2026-3300Everest Forms Pro (WordPress) unauthenticated eval() RCE — actively exploited at scale2026-06-082026-06-082026-06-08
CVE-2026-49200Acer Wave-7 mesh router zero-days (CVE-2026-49200 cleartext cred log + CVE-2026-49201 hardcoded backup key) — CVSS 10.0, no patch2026-06-082026-06-082026-06-08
CVE-2021-27137DD-WRT UPnP/SSDP parser stack buffer overflow — FortiGuard-attributed propagation vector for C0XMO/Gafgyt botnet; DOES NOT RESOLVE ON NVD/MITRE (flagged 2026-06-08, vendor-attributed/unverified)2026-06-082026-06-082026-06-08
CVE-2026-10881Google Chrome ANGLE graphics engine OOB read/write sandbox escape (CVSS 9.6); Chrome 149 record 429-patch release2026-06-072026-06-072026-06-07
CVE-2026-37977Keycloak CORS ACAO reflected from unverified JWT azp claim on UMA endpoint (fixed 26.6.3)2026-06-072026-06-072026-06-07
CVE-2026-39210FFmpeg parser/demuxer heap or stack overflow (depthfirst AI-agent discovery; PoC public, fixed upstream)2026-06-072026-06-072026-W242026-06-07
CVE-2026-39211FFmpeg parser/demuxer heap or stack overflow (depthfirst AI-agent discovery; PoC public, fixed upstream)2026-06-072026-06-072026-06-07
CVE-2026-39212FFmpeg parser/demuxer heap or stack overflow (depthfirst AI-agent discovery; PoC public, fixed upstream)2026-06-072026-06-072026-06-07
CVE-2026-39213FFmpeg parser/demuxer heap or stack overflow (depthfirst AI-agent discovery; PoC public, fixed upstream)2026-06-072026-06-072026-06-07
CVE-2026-39214FFmpeg parser/demuxer heap or stack overflow (depthfirst AI-agent discovery; PoC public, fixed upstream)2026-06-072026-06-072026-06-07
CVE-2026-39215FFmpeg parser/demuxer heap or stack overflow (depthfirst AI-agent discovery; PoC public, fixed upstream)2026-06-072026-06-072026-06-07
CVE-2026-39216FFmpeg parser/demuxer heap or stack overflow (depthfirst AI-agent discovery; PoC public, fixed upstream)2026-06-072026-06-072026-06-07
CVE-2026-39217FFmpeg parser/demuxer heap or stack overflow (depthfirst AI-agent discovery; PoC public, fixed upstream)2026-06-072026-06-072026-06-07
CVE-2026-39218FFmpeg parser/demuxer heap or stack overflow (depthfirst AI-agent discovery; PoC public, fixed upstream)2026-06-072026-06-072026-06-07
CVE-2026-4874Keycloak SSRF via OIDC token endpoint manipulation (fixed 26.6.3)2026-06-072026-06-072026-W232026-06-07
CVE-2026-8830Keycloak missing server-side WebAuthn credential-registration validation (fixed 26.6.3)2026-06-072026-06-072026-W232026-06-07
CVE-2026-9792Keycloak ROPC grant bypass of client-policy enforcement (fixed 26.6.3)2026-06-072026-06-072026-06-07
CVE-2026-9802Keycloak refresh-token replay window after server restart resets startupTime (fixed 26.6.3)2026-06-072026-06-072026-W232026-06-07
CVE-2026-28318SolarWinds Serv-U unauthenticated DoS (CISA KEV)2026-06-062026-06-062026-06-06
CVE-2026-10854MISP access-control bypass exposing private galaxy metadata to non-admin org users (CVSS 5.3)2026-06-062026-06-062026-06-06
CVE-2026-20127Cisco Catalyst SD-WAN Manager pre-auth RCE (UAT-8616 prior exploitation, Feb 2026)2026-05-152026-06-062026-W232026-06-162026-06-062026-05-15
CVE-2026-34906Simple SA Wirtualna Uczelnia unauthenticated SSTI→RCE (CVE-2026-34906/-34907); EU public-sector education2026-06-052026-06-052026-06-05
CVE-2026-23479Redis use-after-free→GOT-overwrite RCE; public PoC chain, 85% cloud Redis passwordless2026-06-052026-06-052026-06-05
CVE-2026-34907Simple SA Wirtualna Uczelnia reflected XSS (locale parameter)2026-06-052026-06-052026-06-05
CVE-2026-41283OpenStack Mistral policy-enforcement bypass → authenticated arbitrary code execution (OSSA-2026-020; evaluated and dropped — see brief §7)2026-06-052026-06-052026-06-05
CVE-2026-45247Mirasvit Cache Warmer (Magento 2) unauth object-injection RCE — CISA KEV2026-06-042026-06-042026-06-04
CVE-2026-8206Kirki WordPress plugin unauth admin takeover (password-reset hijack)2026-06-042026-06-042026-06-04
CVE-2026-8181Burst Statistics WordPress plugin unauth REST auth-bypass2026-06-042026-06-042026-06-04
CVE-2026-20230Cisco Unified CM unauth SSRF → OS-root file write2026-06-042026-06-042026-06-04
CVE-2026-10611MISP OTP bypass (LDAP mixed-auth + require_otp)2026-06-042026-06-042026-06-04
CVE-2026-33829Windows Snipping Tool ms-screensketch: URI handler NTLM hash leak — patched April 2026; cited as structural predecessor of unpatched search: URI variant2026-06-042026-06-042026-06-04
CVE-2026-41100Microsoft 365 Copilot for Android OAuth-token theft via production debug flag (CVSS 4.4); patched 2026-05-122026-06-042026-06-042026-06-04
CVE-2026-41101Microsoft Word for Android OAuth-token theft via production debug flag (CVSS 7.1); patched 2026-05-122026-06-042026-06-042026-06-04
CVE-2026-41102Microsoft PowerPoint for Android OAuth-token theft via production debug flag (CVSS 7.1); patched 2026-05-122026-06-042026-06-042026-06-04
CVE-2026-42832Microsoft Excel for Android OAuth-token theft via setIsDebugMode(true) debug flag left in production (CVSS 7.7); patched 2026-05-122026-06-042026-06-042026-06-04
CVE-2026-7195Progress Sitefinity CMS web-services improper input validation (CWE-20); BSI WID-SEC-2026-17832026-06-042026-06-042026-06-04
CVE-2026-7198Progress Sitefinity CMS OData improper input validation (CVSS 9.8, CWE-20), affects 15.4.8623-15.4.8629; BSI WID-SEC-2026-17832026-06-042026-06-042026-06-04
CVE-2026-7201Progress Sitefinity CMS ServiceStack web-services credential exposure (CVSS 8.8, CWE-522); BSI WID-SEC-2026-17832026-06-042026-06-042026-06-04
CVE-2026-7312Progress Sitefinity CMS — CWE-522 Insufficiently Protected Credentials (Sitefinity Insight credential disclosure, gated on Insight integration/non-default config); CVSS 10.0 per NVD; BSI WID-SEC-2026-1783; evaluated 2026-06-04, dropped to §7 (no fetchable vendor primary, no ITW)2026-06-042026-06-042026-06-04
CVE-2026-7313Progress Sitefinity CMS legacy-branch flaw (CVSS 8.7), affects v8.0-13.3; BSI WID-SEC-2026-17832026-06-042026-06-042026-06-04
CVE-2026-7325Devolutions Server LDAP coercion exposing PAM credentials (DEVO-2026-0013, CVSS 7.1); evaluated 2026-06-04, dropped to §7 (no ITW, below §2 gate)2026-06-042026-06-042026-06-04
CVE-2026-9047Devolutions Server MFA bypass via improper factor-key state handling (DEVO-2026-0013, CVSS 7.5); evaluated 2026-06-04, dropped to §7 (no ITW, below §2 gate)2026-06-042026-06-042026-06-04
CVE-2024-21182Oracle WebLogic unauth T3/IIOP data access — CISA KEV 2026-06-01 on active exploitation2026-06-032026-06-032026-06-03
CVE-2025-48595Android Framework integer-overflow LPE — actively exploited (limited/targeted), June 2026 bulletin2026-06-032026-06-032026-06-03
CVE-2022-0492Linux cgroup v1 release_agent container escape — re-enters CISA KEV 2026-06-022026-06-032026-06-032026-06-03
CVE-2020-1472ZeroLogon — Netlogon privilege escalation; chained by Cl0p in South Staffordshire Water 2020-2022 intrusion (cited in ICO 2026-05-11 enforcement)2026-05-122026-06-032026-06-032026-05-12
CVE-2026-40402Windows Hyper-V UAF guest-to-host escape (May 2026 Patch Tuesday); evaluated 2026-06-03, not covered (out-of-window)2026-06-032026-06-032026-06-03
CVE-2026-42251KS-SOMED healthcare supply-chain hardcoded FTP creds (CERT-PL)2026-06-022026-06-022026-06-02
CVE-2026-8732WP Maps Pro unauthenticated admin-account creation (actively exploited)2026-06-022026-06-022026-06-02
CVE-2026-8931Disig Web Signer eIDAS qualified-signature client RCE2026-06-022026-06-022026-06-02
CVE-2026-44825Apache Solr hardcoded BasicAuth template credentials (no patch)2026-06-022026-06-022026-06-02
CVE-2026-46243CIFSwitch — Linux kernel CIFS/SMB-client LPE to root via forged cifs.spnego key requests (19-year-old bug; RHEL9/SLES15/Mint/Kali); dropped from 2026-06-02 brief as out-of-window + no Section 2 gate2026-06-022026-06-022026-06-02
CVE-2026-46817Oracle E-Business Suite (Public Sector Financials Intl) — May 2026 CPU, unauth network vector (referenced in §7, dropped: out-of-window/no gate)2026-06-012026-06-012026-06-01
CVE-2026-46818Oracle E-Business Suite — May 2026 CPU critical (referenced in §7, dropped)2026-06-012026-06-01
CVE-2026-46819Oracle E-Business Suite — May 2026 CPU critical (referenced in §7, dropped)2026-06-012026-06-01
CVE-2026-46820Oracle E-Business Suite — May 2026 CPU critical (referenced in §7, dropped)2026-06-012026-06-01
CVE-2026-46821Oracle E-Business Suite — May 2026 CPU critical (referenced in §7, dropped)2026-06-012026-06-01
CVE-2025-62582Delta Electronics DIAView SCADA — unauthenticated remote database access (predecessor to CVE-2026-9642 mitigation bypass)2026-05-272026-05-312026-W222026-05-27
CVE-2026-32996Veeam Agent for Microsoft Windows — local privilege escalation enabling arbitrary command execution / lateral movement (CVSS 7.3)2026-05-292026-05-312026-W222026-05-29
CVE-2026-32997Veeam Software Appliance (Linux) — authenticated Backup Administrator can write arbitrary files (CVSS 8.6)2026-05-292026-05-312026-W222026-05-29
CVE-2026-33384QuickCMS (OpenSolution) session fixation — CERT-PL; dropped (niche, CVSS 4.8)2026-05-312026-05-312026-05-31
CVE-2026-33386QuickCMS (OpenSolution) MITM-XSS via HTTP plugin fetch — CERT-PL; dropped (niche, CVSS 2.3)2026-05-312026-05-312026-05-31
CVE-2026-41052SUSE Rancher — project-owner role can flip namespace PSA labels to privileged, enabling container-to-host escape (CVSS 8.4)2026-05-292026-05-312026-W222026-05-29
CVE-2026-41053SUSE Rancher GitHub App auth — group principals granted for every team in GitHub org to any team-belonging user (CVSS 8.8)2026-05-292026-05-312026-W222026-05-29
CVE-2026-4408Samba SAMR RPC server — unauthenticated shell injection via %u substitution in check password script (CVSS 10.0)2026-05-292026-05-312026-W222026-06-052026-05-29
CVE-2026-4480Samba print-command subsystem — unauthenticated shell injection via %J substitution; raw/classic printing only (CVSS 10.0)2026-05-292026-05-312026-W222026-05-29
CVE-2026-44848Portainer CE — Docker plugin endpoints not registered in proxy authorization handler; non-admin can install/enable plugins → root host execution (CVSS 9.4)2026-05-292026-05-312026-W222026-05-29
CVE-2026-44849Portainer CE Docker Swarm service API — EndpointSecuritySettings restrictions not enforced; non-admin escapes to host via privileged containers (CVSS 9.4)2026-05-292026-05-312026-W222026-05-29
CVE-2026-44939SUSE Rancher cluster-import endpoint — command injection via URL-encoded newline in authImage YAML field; control-plane node RCE (CVSS 9.6)2026-05-292026-05-312026-W222026-05-29
CVE-2026-4776Mautic API contact-filtering SQL injection (post-auth)2026-05-312026-05-312026-W222026-05-31
CVE-2026-4868GitLab CE/EE Duo AI integration — improper user identity resolution allows authenticated user to impersonate another user when triggering Duo AI workflows (CVSS 8.2)2026-05-292026-05-312026-W222026-05-29
CVE-2026-9170IBM HTTP Server / WebSphere Application Server — pre-auth RCE via improper input validation in HTTP request parser (CVSS 9.8); NCSC.ch flagged 2026-05-282026-05-292026-05-312026-W222026-05-29
CVE-2026-9557Mautic Focus component SSRF (post-auth; reaches internal/cloud-metadata)2026-05-312026-05-312026-05-31
CVE-2026-9558Mautic stored XSS (post-auth)2026-05-312026-05-312026-05-31
CVE-2026-9559Mautic stored XSS / JS injection (post-auth)2026-05-312026-05-312026-05-31
CVE-2026-9808Mautic file inclusion / path traversal (post-auth)2026-05-312026-05-312026-05-31
CVE-2026-9809Mautic path traversal / file manipulation (post-auth)2026-05-312026-05-312026-05-31
CVE-2026-9811Mautic JavaScript code injection (post-auth)2026-05-312026-05-312026-05-31
CVE-2026-45585YellowKey BitLocker / WinRE bypass — CVE formally assigned 2026-05-19; MSRC WinRE BootExecute mitigation; no patch2026-05-202026-05-302026-W212026-05-302026-05-20
CVE-2026-48710Starlette/FastAPI BadHost host-header authentication bypass2026-05-302026-05-302026-05-30
CVE-2026-8992Ivanti Secure Access Client local privilege escalation2026-05-302026-05-302026-05-30
CVE-2026-39987Marimo notebook pre-auth RCE (Sysdig LLM-agent intrusion)2026-05-302026-05-302026-05-30
CVE-2026-35616FortiClient EMS CVE-2026-35616 actively exploited to push EKZ Infostealer via fake Fortinet patch2026-05-292026-05-292026-05-29
CVE-2024-39930Gogs prior argument-injection variant (referenced in Rapid7 2026-05-29 disclosure as same-class predecessor)2026-05-292026-05-292026-05-29
CVE-2026-1402GitLab CE/EE — Wiki DoS via insufficient validation of malformed markup (CVSS 6.5)2026-05-292026-05-292026-05-29
CVE-2026-2601GitLab EE — Developer-role users can access deployment data (pipeline environment variables, deployment keys) via missing authorization checks (CVSS 4.3)2026-05-292026-05-292026-05-29
CVE-2026-26194Gogs argument-injection RCE (CVE id claimed by S3 sub-agent — unverified against authoritative NVD entry; Rapid7 publication states no CVE assigned at disclosure; deferred to next-run verification)2026-05-292026-05-292026-05-29
CVE-2026-2710GitLab CE/EE — seventh CVE in 19.0.1 / 18.11.4 / 18.10.7 patch release (defender-relevance not enumerated; left to vendor page)2026-05-292026-05-292026-05-29
CVE-2026-5296GitLab EE — Developer-role users can bypass group-level flow restrictions when foundational flows enabled (CVSS 4.3)2026-05-292026-05-292026-05-29
CVE-2026-6713GitLab CE/EE — unauthenticated enumeration of private project paths via API (CVSS 5.3)2026-05-292026-05-292026-05-29
CVE-2026-8716GitLab CE/EE — Authenticated users can access CI data from unintended reference types via incorrect reference resolution (CVSS 4.3)2026-05-292026-05-292026-05-29
CVE-2026-8834IBM HTTP Server Administration Server — heap-based buffer overflow (CVSS 8.0)2026-05-292026-05-292026-05-29
CVE-2026-8850IBM HTTP Server mod_ibm_upload — DoS via NULL pointer dereference (CVSS 7.5)2026-05-292026-05-292026-05-29
CVE-2026-8854IBM HTTP Server mod_mem_cache — DoS via expired pointer dereference (CVSS 7.5)2026-05-292026-05-292026-05-29
CVE-2026-8855IBM HTTP Server — RCE in TLS mutual-authentication configurations (CVSS 8.1)2026-05-292026-05-292026-05-29
CVE-2026-8856IBM HTTP Server — DoS via uncontrolled resource consumption (CVSS 7.7)2026-05-292026-05-292026-05-29
CVE-2026-42945NGINX Rift — 18-year-old heap buffer overflow in ngx_http_rewrite_module (CVSS 9.2, PoC public)2026-05-152026-05-282026-05-282026-05-182026-05-15
CVE-2026-48842Roundcube Webmail pre-auth SQL injection in virtuser_query plugin (preg_replace backslash escape bypass)2026-05-282026-05-282026-05-28
CVE-2026-48843Roundcube Webmail CSS sanitisation failure via SVG animate attributeName=style — info disclosure / SSRF in HTML email rendering2026-05-282026-05-282026-05-28
CVE-2026-48844Roundcube Webmail code injection via LDAP autovalues option — arbitrary PHP eval2026-05-282026-05-282026-05-28
CVE-2026-48848Roundcube Webmail HTML sanitisation bypass via SVG document permitting CSS injection2026-05-282026-05-282026-05-28
CVE-2026-35087Slican PBX administrative protocol authentication bypass via specific command2026-05-282026-05-282026-05-28
CVE-2026-35089Slican PBX deterministic secure-key generation from publicly-obtainable system properties2026-05-282026-05-282026-05-28
CVE-2026-35090Slican PBX PSTN modem interface hardcoded caller-ID admin auth bypass (temporarily re-enables remote management)2026-05-282026-05-282026-05-28
CVE-2026-48027Nx Console v18.95.0 VS Code extension supply-chain compromise — credential-stealing payload harvested 1Password, Claude Code config, npm, GitHub PAT, AWS creds; published via stolen TanStack-leaked GitHub CLI OAuth token2026-05-282026-05-282026-05-28
CVE-2026-45321TanStack Router npm credential-stealing payload — exfiltrated Nx contributor's GitHub CLI OAuth token (precursor to CVE-2026-48027)2026-05-282026-05-282026-05-28
CVE-2026-8398DAEMON Tools Lite signed-build trojanisation (12.5.0.2421-12.5.0.2434) via Disc Soft Limited build infrastructure compromise — six-week distribution window 2026-04-08 → 2026-05-052026-05-282026-05-282026-05-28
CVE-2026-27771Gitea container registry unauthenticated private-image pull (~30,000+ deployments, 4-year exposure window); Forgejo confirmed affected2026-05-282026-05-282026-05-28
CVE-2026-9256NGINX ngx_http_rewrite_module heap buffer overflow (2nd of two May 2026 disclosures); exploitation attempts per NCSC-NL2026-05-282026-05-282026-05-28
CVE-2026-45659Microsoft SharePoint Server CWE-502 deserialization RCE — Site Member (PR:L) authenticated attacker; CVSS 8.8; NCSC.ch flagged2026-05-282026-05-282026-05-28
CVE-2026-9312GitHub Enterprise Server < 3.22 — unauthenticated SSRF via upload-endpoint path traversal (CVSS 4.0 = 9.2)2026-05-272026-05-272026-05-27
CVE-2026-9642Delta Electronics DIAView SCADA — incomplete fix / mitigation bypass of CVE-2025-62582 unauthenticated remote DB access (CVSS 9.8) [SINGLE-SOURCE]2026-05-272026-05-272026-05-27
CVE-2026-44895yoda-digital mcp-gitlab-server < 0.6.0 — no-auth SSE RPC endpoint bound to 0.0.0.0 with wildcard CORS exposes operator GitLab PAT (CVSS 4.0 = 9.2; GHSA-8jr5-6gvj-rfpf); noted in § 7 (niche package)2026-05-272026-05-272026-05-27
CVE-2026-9058Szafir SDK (KIR) improper cert-verification auth bypass — Polish qualified e-signature SDK2026-05-262026-05-262026-05-26
CVE-2026-5426Digital Knowledge KnowledgeDeliver LMS pre-shared ASP.NET machineKey ViewState deserialization RCE2026-05-262026-05-262026-05-26
CVE-2026-0300Palo Alto PAN-OS Captive Portal — unauthenticated root RCE (CVSS 9.3, ITW, KEV deadline 2026-05-09)2026-05-072026-05-252026-W202026-W192026-05-182026-05-142026-05-132026-05-122026-05-092026-05-082026-05-07
CVE-2026-41091Microsoft Defender Engine link-following EoP — CWE-59; actively exploited; Engine ≤ 1.1.26030.3008 vulnerable2026-05-202026-05-252026-W212026-05-222026-05-20
CVE-2026-34926Trend Micro Apex One On-Premise directory traversal — fleet-wide code injection via management server update mechanism2026-05-222026-05-252026-W212026-05-22
CVE-2025-34291Langflow AI Platform CORS misconfiguration + SameSite=None refresh token cross-origin token theft2026-05-222026-05-252026-W212026-05-22
CVE-2026-20223Cisco Secure Workload CVSS 10.0 zero-auth REST API Site Admin access2026-05-222026-05-252026-W212026-05-22
CVE-2026-48172LiteSpeed User-End cPanel plugin lsws.redisAble privilege escalation to root (CVSS 10.0, actively exploited)2026-05-242026-05-252026-W212026-05-24
CVE-2026-26980Ghost CMS Content API unauthenticated SQLi (CVE-2026-26980) mass-exploited in ClickFix campaign2026-05-252026-05-252026-05-25
CVE-2024-12802SonicWall Gen6 SSL-VPN MFA bypass via UPN vs SAM account-name split; Akira-linked actors exploited Feb-Mar 2026; firmware update insufficient without 6-step LDAP reconfiguration2026-05-212026-05-252026-W212026-05-21
CVE-2024-55591FortiOS / FortiProxy authentication bypass — weaponised by 'The Gentlemen' RaaS initial access2026-05-102026-05-252026-W202026-W192026-05-14
CVE-2025-32433Erlang SSH RCE (Cisco context) — confirmed by Check Point Research as initial-access CVE for The Gentlemen RaaS2026-05-172026-05-252026-W20
CVE-2026-42096Sparx Pro Cloud Server — authenticated SQL injection via database API endpoint; PCS ≤ 6.12026-05-202026-05-252026-W212026-05-20
CVE-2026-42097Sparx Pro Cloud Server — pre-auth bypass via model-parameter omission in POST binary blob → unauthenticated SQL query execution; CVSS4 9.32026-05-202026-05-252026-W212026-05-20
CVE-2026-42098Sparx Enterprise Architect ≤ 17.1 — client-side RBAC bypass via EA client binary patch (CWE-603); CVSS4 8.72026-05-202026-05-252026-W212026-05-20
CVE-2026-42099Sparx Pro Cloud Server WebEA — race condition in /data_api/dl_internal_artifact.php → RCE in web-server context (CWE-362); CVSS4 7.72026-05-202026-05-252026-W212026-05-20
CVE-2026-42100Sparx Pro Cloud Server — malformed SQL crash (DoS); CWE-8352026-05-202026-05-252026-W212026-05-20
CVE-2026-42822Microsoft Azure Local Disconnected Operations (ALDO) — CVSS 10.0 unauthenticated network elevation-of-privilege; MSRC Exploitation More Likely2026-05-212026-05-252026-W212026-05-21
CVE-2026-45498Microsoft Defender Antivirus local DoS — exploited alongside CVE-2026-41091 in combined out-of-band engine update 4.18.26040.72026-05-222026-05-252026-W212026-05-302026-05-22
CVE-2026-45829ChromaDB Python FastAPI server pre-auth RCE via embedding-function model loading before auth check (CVSS 4.0 = 10.0; v1.5.9 unpatched at disclosure)2026-05-212026-05-252026-W212026-05-21
CVE-2026-7507Keycloak OIDC login flow session fixation enabling account takeover (Keycloak 26.6.2; BSI WID-SEC-2026-1612 HIGH)2026-05-212026-05-252026-W212026-05-21
CVE-2026-9082Drupal core highly-critical pre-auth SQL injection in database abstraction API on PostgreSQL backends; CISA KEV-listed 2026-05-22 (SA-CORE-2026-004)2026-05-212026-05-252026-W212026-05-232026-05-21
CVE-2026-42231n8n CVE-2026-42231 et al. — five chained CVSS 9.4 prototype-pollution + injection + Git-SSH RCE chain (CCB Belgium emergency advisory)2026-05-192026-05-242026-W212026-05-19
CVE-2026-45584Microsoft Defender Engine network RCE — heap buffer overflow; CVSS 8.1; same Engine update closes both this and CVE-2026-410912026-05-202026-05-242026-W212026-05-20
CVE-2026-31635DirtyDecrypt — Linux kernel RxGK rxgk_decrypt_skb() page-cache write; affects Fedora / Arch / openSUSE Tumbleweed; PoC released 2026-05-192026-05-202026-05-242026-W212026-05-20
CVE-2026-43997vm2 sandbox escape via BaseHandler.getPrototypeOf — host-object access; CVSS 10.0; patched 3.11.02026-05-202026-05-242026-W212026-05-20
CVE-2026-2743SEPPmail LFT pre-auth path traversal → arbitrary file write as nobody → RCE via syslog.conf overwrite; CVSS 10.0; addressed by v15.0.42026-05-202026-05-242026-W212026-05-20
item:drupal-sa-core-2026-004-cve-2026-9082-sql-injection-postgresDrupal core SA-CORE-2026-004 / CVE-2026-9082 — pre-auth SQL injection on PostgreSQL backends; UPDATE on 2026-05-20 PSA pre-warning2026-05-212026-05-242026-W212026-05-232026-05-21
item:sonicwall-gen6-sslvpn-cve-2024-12802-mfa-bypass-akira-feb-maSonicWall Gen6 SSL-VPN CVE-2024-12802 — Akira-linked actors brute-force MFA via UPN vs SAM account-name split Feb-Mar 2026; firmware update insufficient without 6-step LDAP reconfig; Gen6 EoL 2026-04-162026-05-212026-05-242026-W212026-05-21
item:keycloak-26-6-2-may-2026-16-cves-oidc-session-fix-webauthn-iKeycloak 26.6.2 — 16 CVEs across identity/auth/authz: OIDC session fixation (CVE-2026-7507), WebAuthn execute-actions replay (CVE-2026-37982), introspection audience bypass (CVE-2026-37979), cross-realm IDOR in Authz Services (CVE-2026-4630); BSI WID-SEC-2026-1612 HIGH2026-05-212026-05-242026-W212026-05-21
item:azure-local-disconnected-operations-cve-2026-42822-cvss-10-0Microsoft Azure Local Disconnected Operations (ALDO) CVE-2026-42822 — CVSS 10.0 unauthenticated network EoP; MSRC Exploitation More Likely; only air-gapped Azure Local stacks need action2026-05-212026-05-242026-W212026-05-21
item:chromadb-cve-2026-45829-python-fastapi-pre-auth-rce-hidden-lChromaDB Python FastAPI server CVE-2026-45829 — pre-auth RCE via embedding-function model loading before auth check (CVSS 4.0 = 10.0); v1.5.9 unpatched at disclosure; Hadrian/HiddenLayer PoC public2026-05-212026-05-242026-W212026-05-21
CVE-2026-46333CVE-2026-46333 ssh-keysign-pwn — 9-year ptrace race in Linux kernel __ptrace_may_access() (since v4.10-rc1, Nov 2016); four public Qualys exploits read /etc/shadow, exfiltrate SSH host keys, give root on default major distros2026-05-232026-05-242026-W212026-05-23
CVE-2026-33278NLnet Labs Unbound DNSSEC validator use-after-free (CVSS 9.8, pre-auth potential RCE), fixed 1.25.12026-05-242026-05-242026-W212026-05-24
CVE-2026-42944NLnet Labs Unbound heap overflow via NSID/Cookie/EDNS-Padding options (CVSS 8.6, default-config), fixed 1.25.12026-05-242026-05-242026-W212026-05-24
CVE-2026-3593ISC BIND 9 DoH/HTTP-2 use-after-free (CVSS 7.4), fixed 9.20.232026-05-242026-05-242026-W212026-05-24
CVE-2026-5946ISC BIND 9 non-Internet CLASS DoS crashing named (CVSS 7.5), fixed 9.18.49/9.20.232026-05-242026-05-242026-W212026-05-24
CVE-2025-9086Stormshield SNS remote DoS (CERTFR-2026-AVI-0631); dropped from §2, mentioned in §72026-05-242026-05-242026-05-252026-05-24
CVE-2026-37979Keycloak OIDC token introspection endpoint does not enforce audience restriction; lightweight access tokens leak claims cross-client (Keycloak 26.6.2)2026-05-212026-05-242026-W212026-05-21
CVE-2026-37982Keycloak execute-actions token replay enabling unauthorised WebAuthn / FIDO2 credential enrollment on victim account (Keycloak 26.6.2)2026-05-212026-05-242026-W212026-05-21
CVE-2026-4630Keycloak Authorization Services Protection API cross-realm IDOR allowing realm-A authenticated attacker to access realm-B resources (Keycloak 26.6.2)2026-05-212026-05-242026-W212026-05-21
CVE-2019-13272Linux kernel ptrace credential-window LPE (Jann Horn, 2019) — historical predecessor cited as background in 2026-05-23 CVE-2026-46333 deep dive2026-05-232026-05-232026-05-23
CVE-2021-4034PwnKit — polkit pkexec local root (Qualys, 2022) — historical reference cited in 2026-05-23 CVE-2026-46333 deep dive as functional-equivalent outcome2026-05-232026-05-232026-05-23
CVE-2023-4911Looney Tunables — glibc ld.so local privilege escalation (Qualys, 2023) — historical reference cited in 2026-05-23 CVE-2026-46333 deep dive as disclosure-pattern precedent2026-05-232026-05-232026-05-23
CVE-2026-23652Microsoft Azure CVSS 10.0 cluster — server-side mitigated, no customer action required (MSRC May 2026)2026-05-222026-05-222026-05-22
CVE-2026-40411Microsoft Azure CVSS 10.0 cluster — server-side mitigated, no customer action required (MSRC May 2026)2026-05-222026-05-222026-05-22
CVE-2026-42823Microsoft Azure CVSS 10.0 cluster — server-side mitigated, no customer action required (MSRC May 2026)2026-05-222026-05-222026-05-22
CVE-2026-42901Microsoft Entra ID / Azure CVSS 10.0 cluster — server-side mitigated, no customer action required (MSRC May 2026)2026-05-222026-05-222026-05-22
CVE-2026-47280Microsoft Entra ID / Azure CVSS 10.0 cluster — server-side mitigated, no customer action required (MSRC May 2026)2026-05-222026-05-222026-05-22
CVE-2017-7692SquirrelMail post-auth RCE — used by Webworm against Serbian government targets per ESET 2026-05-20 (initial-access probe after credential theft)2026-05-212026-05-212026-05-21
CVE-2026-37978Keycloak admin evaluate-scopes endpoint cross-role PII leakage bypassing user-view permissions (Keycloak 26.6.2)2026-05-212026-05-212026-05-21
CVE-2026-6856Keycloak WebAuthn packed self-attestation acceptable-AAGUID policy bypass enabling enrolment of hardware tokens outside policy (Keycloak 26.6.2)2026-05-212026-05-212026-05-21
CVE-2026-26956vm2 Node.js sandbox — symbol-to-string coercion TypeError sandbox bypass; patched 3.10.52026-05-202026-05-202026-05-20
CVE-2026-43999vm2 NodeVM allow-list bypass — Module._load() reachable when child_process is explicitly permitted → OS command execution; CVSS 9.92026-05-202026-05-202026-05-20
CVE-2026-44005vm2 prototype pollution via attacker-controlled JS; CVSS 10.0; affects 3.9.6 – 3.10.5; patched 3.11.02026-05-202026-05-202026-05-20
CVE-2026-44006vm2 code injection via BaseHandler.getPrototypeOf; CVSS 10.0; patched 3.11.02026-05-202026-05-202026-05-20
CVE-2026-44008vm2 null-proto exception exploitation; CVSS 9.8; affects ≤ 3.11.1; patched 3.11.22026-05-202026-05-202026-05-20
CVE-2026-44009vm2 neutralizeArraySpeciesBatch() bypass via null-proto exception; CVSS 9.8; affects ≤ 3.11.1; patched 3.11.22026-05-202026-05-202026-05-20
CVE-2026-44128SEPPmail Secure Email Gateway — unauthenticated RCE via exposed GINAv2 test endpoints (CVSS 9.3)2026-05-092026-05-202026-W202026-W192026-05-202026-05-142026-05-122026-05-09
CVE-2026-41702VMware Fusion 25H2 (macOS) — TOCTOU SETUID race condition LPE (CVSS 7.8); dropped from § 2 in 2026-05-19 brief (did not clear inclusion gates)2026-05-192026-05-192026-05-19
CVE-2026-42232n8n HTTP Request Node injection — companion amplifier to CVE-2026-42231 prototype-pollution chain2026-05-192026-05-192026-05-19
CVE-2026-44789n8n XML Node injection — companion amplifier to CVE-2026-42231 prototype-pollution chain2026-05-192026-05-192026-05-19
CVE-2026-44790n8n Git node SSH chain — terminal sink of CVE-2026-42231 prototype-pollution to RCE2026-05-192026-05-192026-05-19
CVE-2026-44791n8n XML Node injection — companion amplifier to CVE-2026-42231 prototype-pollution chain2026-05-192026-05-192026-05-19
CVE-2026-46351BigBlueButton bbb-web < 3.0.21 — insecure sessionToken generation (CWE-330) enables session hijack2026-05-192026-05-192026-06-072026-05-19
CVE-2026-46353BigBlueButton bbb-web < 3.0.21 — presentationUploadExternalUrl API checksum bypass (CWE-284)2026-05-192026-05-192026-06-072026-05-19
CVE-2026-46404BigBlueButton bbb-web < 3.0.23 — SSRF in presentation URL validation (CWE-918)2026-05-192026-05-192026-05-19
CVE-2026-20182Cisco Catalyst SD-WAN Controller/Manager pre-auth authentication bypass (CVSS 10.0, actively exploited)2026-05-152026-05-182026-W202026-05-15
CVE-2026-42897CVE-2026-42897 — Microsoft Exchange Server 2016/2019/SE: OWA stored XSS (CISA KEV 2026-05-15, actively exploited, no permanent patch; EEMS Mitigation M2 / EOMT)2026-05-162026-05-182026-W202026-05-182026-05-172026-05-16
CVE-2023-33241Fireblocks GG18/GG20 Paillier missing-ZK-proof flaw (TSSHOCK class; cited as background-class for THORChain 2026-05-15 GG20 TSS exploit)2026-05-182026-05-182026-05-18
CVE-2025-54518AMD-SB-7052 — Zen 2 µop-cache corruption / SoC isolation LPE (CVSS 7.3 CVSS 4.0)2026-05-162026-05-182026-W202026-05-16
CVE-2026-7182DHTMLX Diagram export module — path traversal (CVSS 4.0 score 9.2)2026-05-172026-05-182026-W202026-05-17
CVE-2026-31431Copy Fail — Linux kernel algif_aead LPE (ITW, KEV deadline 2026-05-15)2026-05-062026-05-172026-W202026-W192026-05-092026-05-072026-05-06
CVE-2026-4670Progress MOVEit Automation — unauthenticated auth bypass (CVSS 9.8)2026-05-062026-05-172026-W202026-W192026-05-06
CVE-2026-6722PHP SOAP extension use-after-free in SOAP_GLOBAL(ref_map) via apache:Map duplicate-key insertion (CVSS 9.5, pre-auth, all 8.x, fixed 2026-05-07)2026-05-112026-05-172026-W202026-05-11
CVE-2026-43284Dirty Frag — Linux kernel xfrm-ESP page-cache write primitive, LPE (ITW confirmed 2026-05-08, PoC public, patches landing)2026-05-092026-05-172026-W202026-05-11
CVE-2026-43500Dirty Frag — Linux kernel RxRPC page-cache write primitive, LPE chain (ITW confirmed 2026-05-08, PoC public, patch pending)2026-05-092026-05-172026-W202026-05-11
CVE-2026-44277Fortinet FortiAuthenticator unauthenticated RCE (CWE-284, CVSS 9.8) — pre-auth, fixed in 6.5.7 / 6.6.9 / 8.0.32026-05-132026-05-172026-W202026-05-13
CVE-2026-26083Fortinet FortiSandbox unauthenticated RCE in Web UI (CWE-862, CVSS 9.1 vendor / 9.8 NVD) — pre-auth, fixed in 4.4.9 / 5.0.2 / Cloud 5.0.62026-05-132026-05-172026-W202026-05-13
CVE-2026-34263SAP Commerce Cloud unauthenticated arbitrary code execution via Spring Security misordering (CVSS 9.6, SAP Note 3733064)2026-05-132026-05-172026-W202026-05-13
CVE-2026-34260SAP S/4HANA Enterprise Search ABAP SQL injection (CVSS 9.6) — SAP_BASIS 751-758/8162026-05-132026-05-172026-W202026-05-13
CVE-2026-46300Fragnesia — Linux kernel xfrm ESP-in-TCP local privilege escalation (PoC public)2026-05-152026-05-172026-W202026-05-15
CVE-2026-44088KIR SzafirHost — JAR zip-polyglot signature-verification bypass enables RCE in Polish qualified e-signature browser helper (CERT-PL coordinated disclosure)2026-05-172026-05-172026-W202026-05-17
CVE-2026-41225F5 BIG-IP / BIG-IQ iControl REST Manager-role authenticated RCE — lead bug of the May 2026 Quarterly Security Notification (43 CVEs)2026-05-172026-05-172026-05-17
CVE-2026-41553DHTMLX PDF Export Module — unauthenticated server-side JavaScript injection RCE (CVSS 4.0 score 10.0); CERT-PL coordinated disclosure with CVE-2026-41552 and CVE-2026-71822026-05-172026-05-172026-05-17
CVE-2023-38831WinRAR file-extension spoofing arbitrary code execution (cited as veteran exploit by Kaspersky Q1 2026 report)2026-05-102026-05-172026-W202026-W19
CVE-2024-42009Roundcube XSS — exploited by FrostyNeighbor / Ghostwriter (UNC1151) for Polish-targeting credential harvesting2026-05-172026-05-172026-W20
CVE-2025-33073RelayKing NTLM relay — post-access primitive used by The Gentlemen RaaS2026-05-172026-05-172026-W20
CVE-2026-20122Cisco Catalyst SD-WAN companion CVE (exploited since March 2026)2026-05-152026-05-172026-W202026-05-15
CVE-2026-20128Cisco Catalyst SD-WAN companion CVE (exploited since March 2026)2026-05-152026-05-172026-W202026-05-15
CVE-2026-20133Cisco Catalyst SD-WAN companion CVE (exploited since March 2026)2026-05-152026-05-172026-W202026-05-15
CVE-2026-34176F5 BIG-IP privilege escalation via misconfigured permissions (May 2026 Quarterly, CVSS 8.7)2026-05-172026-05-172026-05-17
CVE-2026-40061F5 BIG-IP privilege escalation via misconfigured permissions (May 2026 Quarterly, CVSS 8.7)2026-05-172026-05-172026-05-17
CVE-2026-40631F5 BIG-IP privilege escalation via misconfigured permissions (May 2026 Quarterly, CVSS 8.7)2026-05-172026-05-172026-05-17
CVE-2026-40698F5 BIG-IP SSH password exposure in iControl REST audit logs (May 2026 Quarterly, CVSS 8.7)2026-05-172026-05-172026-05-17
CVE-2026-41552DHTMLX PDF Export Module — path traversal via src attribute (CVSS 4.0 score 9.2)2026-05-172026-05-172026-W202026-05-17
CVE-2026-41953F5 BIG-IP iControl REST command injection (May 2026 Quarterly, CVSS 8.7)2026-05-172026-05-172026-05-17
CVE-2026-42406F5 BIG-IP iControl REST command injection (May 2026 Quarterly, CVSS 8.7)2026-05-172026-05-172026-05-17
CVE-2026-42924F5 BIG-IP iControl REST command injection (May 2026 Quarterly, CVSS 8.7)2026-05-172026-05-172026-05-17
CVE-2026-42930F5 BIG-IP iControl REST command injection (May 2026 Quarterly, CVSS 8.7)2026-05-172026-05-172026-05-17
CVE-2026-44113OpenClaw / Clawdbot — TOCTOU read escape / file disclosure (CVSS 7.7, Claw Chain)2026-05-162026-05-172026-W202026-05-16
CVE-2026-44115OpenClaw / Clawdbot — command-parser allowlist bypass (CVSS 8.8, Claw Chain)2026-05-162026-05-172026-W202026-05-16
CVE-2026-44118OpenClaw / Clawdbot — MCP loopback senderIsOwner privilege escalation (CVSS 7.8, Claw Chain)2026-05-162026-05-172026-W202026-05-16
CVE-2026-6073GitLab CE/EE — stored XSS in analytics dashboards (CVSS 8.7); cited as dropped from § 22026-05-172026-05-172026-05-17
CVE-2026-7261PHP SOAP companion to CVE-2026-6722; patched 2026-05-082026-05-112026-05-172026-W202026-05-11
CVE-2026-7262PHP SOAP companion to CVE-2026-6722; patched 2026-05-082026-05-112026-05-172026-W202026-05-11
CVE-2026-7377GitLab CE/EE — stored XSS in container registry virtual registry upstreams (CVSS 8.7); cited as dropped from § 22026-05-172026-05-172026-05-17
CVE-2026-7481GitLab CE/EE — stored XSS in Jira integration (CVSS 8.7); cited as dropped from § 22026-05-172026-05-172026-05-17
CVE-2026-44112OpenClaw Claw Chain — CVE-2026-44112 sandbox TOCTOU write escape (CVSS 9.6) + 44113/44115/44118 chain2026-05-162026-05-162026-05-16
CVE-2021-26855Microsoft Exchange Server SSRF (ProxyLogon) — cited in 2026-05-16 § 5 deep dive Background as precedent for on-prem Exchange exploitation pattern2026-05-162026-05-162026-05-16
CVE-2021-34473Microsoft Exchange Server pre-auth RCE (ProxyShell) — cited in 2026-05-16 § 5 deep dive Background2026-05-162026-05-162026-05-16
CVE-2023-42793JetBrains TeamCity authentication bypass — cited in 2026-05-16 § 3 SentinelOne CI/CD subversion case study2026-05-162026-05-162026-05-16
CVE-2026-45793PHP Composer GitHub Actions token disclosure in error messages (supply chain risk)2026-05-152026-05-152026-05-15
CVE-2026-45691Nextcloud Server/Enterprise: 2FA bypass via WebDAV session token reuse2026-05-152026-05-152026-05-15
CVE-2022-20775Cisco SD-WAN local privilege escalation (UAT-8616 version-downgrade re-exploitation technique)2026-05-152026-05-152026-05-15
CVE-2026-33825BlueHammer — Windows zero-day by Nightmare Eclipse (confirmed ITW by Huntress, April 2026)2026-05-152026-05-152026-05-302026-05-15
CVE-2026-45690Nextcloud Server SQL injection in column-type parameter (Moderate)2026-05-152026-05-152026-05-15
CVE-2026-8511Google Chrome CVE (mentioned in recency-dropped items, 2026-05-12)2026-05-152026-05-152026-05-15
CVE-2026-8580Google Chrome CVE (mentioned in recency-dropped items, 2026-05-12)2026-05-152026-05-152026-05-15
CVE-2026-8043Ivanti Xtraction external file control (CWE-73, CVSS 9.6) — May 2026 Ivanti multi-product advisory; auth required2026-05-142026-05-142026-05-14
CVE-2022-41040Microsoft Exchange Server SSRF (ProxyNotShell) — cited as initial-access vector in 2026-05-14 FamousSparrow deep dive; chained with CVE-2022-410822026-05-142026-05-142026-05-14
CVE-2022-41082Microsoft Exchange Server PowerShell remoting deserialization RCE (ProxyNotShell) — cited as initial-access vector in 2026-05-14 FamousSparrow deep dive; chained with CVE-2022-410402026-05-142026-05-142026-05-14
CVE-2026-23819HPE ArubaOS AOS-10 stored XSS in web management interface (CVSS 8.8) — referenced in 2026-05-14 § 7 drop note (gate not cleared)2026-05-142026-05-142026-05-14
CVE-2026-44211Cline kanban npm package cross-origin WebSocket hijack (CVSS 9.6) — referenced in 2026-05-14 § 7 drop note (out-of-window)2026-05-142026-05-142026-05-14
CVE-2026-45185Exim Dead.Letter — BDAT/CHUNKING UAF on GnuTLS builds, pre-auth RCE (CVSS 9.8, ENISA critical); fixed in Exim 4.99.32026-05-132026-05-132026-05-13
CVE-2026-41096Windows DNS Client heap-buffer overflow — RCE via malicious DNS response (CVSS 9.8)2026-05-132026-05-132026-05-13
CVE-2026-41103Microsoft SSO Plugin for Jira/Confluence — Entra ID credential forgery (CVSS 9.1, Exploitation More Likely)2026-05-132026-05-132026-05-13
CVE-2026-42898Microsoft Dynamics 365 On-Premises — authenticated code injection with scope change (CVSS 9.9)2026-05-132026-05-132026-05-13
CVE-2026-34259SAP Forecasting & Replenishment — authenticated OS-command injection (CVSS 8.2, SAP May 2026 patch day)2026-05-132026-05-132026-05-13
CVE-2026-40361Microsoft Word Preview Pane RCE (CVSS 8.4, More Likely exploitation, May 2026 Patch Tuesday)2026-05-132026-05-132026-05-13
CVE-2026-40364Microsoft Word Preview Pane RCE (CVSS 8.4, More Likely exploitation, May 2026 Patch Tuesday)2026-05-132026-05-132026-05-13
CVE-2026-40366Microsoft Word Preview Pane RCE (CVSS 8.4, May 2026 Patch Tuesday)2026-05-132026-05-132026-05-13
CVE-2026-40367Microsoft Word Preview Pane RCE (CVSS 8.4, May 2026 Patch Tuesday)2026-05-132026-05-132026-05-13
CVE-2026-40478Earlier Thymeleaf CVE referenced in § 7 disambiguating the dropped Thymeleaf item; CSO Online article 2026-04-17 covered this CVE rather than CVE-2026-419012026-05-132026-05-132026-05-13
CVE-2026-41901Thymeleaf SSTI sandbox bypass — referenced in § 7 explaining out-of-window drop (GHSA published 2026-04-29)2026-05-132026-05-132026-05-13
CVE-2026-33634Checkmarx Jenkins AST plugin backdoor — TeamPCP/UNC6780 supply-chain compromise (CVSS 9.4, ITW, SANDCLOCK stealer)2026-05-122026-05-122026-05-12
CVE-2024-1708ConnectWise ScreenConnect path traversal — chained with CVE-2024-1709 by Kimsuky/Storm-1175; KEV deadline 2026-05-12 (out-of-window per § 7 of 2026-05-12 brief)2026-05-122026-05-122026-05-122026-05-11
CVE-2024-1709ConnectWise ScreenConnect authentication bypass (CVSS 10.0) — chained with CVE-2024-1708; cited as 2026-05-12 drop2026-05-122026-05-122026-05-12
CVE-2026-0073Android adbd wireless ADB authentication bypass (CVSS 8.8, adjacent-network, public PoC 2026-05-11) — § 2 gate not cleared2026-05-122026-05-122026-05-12
CVE-2025-69691Netgate pfSense CE 2.8.0 — XMLRPC pfsense.exec_php executes arbitrary PHP as root with Basic Auth (CVSS 9.9, no-patch posture)2026-05-112026-05-112026-05-11
CVE-2025-69690Netgate pfSense CE 2.7.2 — unsafe deserialization in backup/restore yields authenticated root RCE (CVSS 8.8, no-patch posture)2026-05-112026-05-112026-05-11
CVE-2026-41940cPanel/WHM authentication bypass — mass exploitation ongoing (KEV deadline 2026-05-21)2026-05-062026-05-102026-W192026-05-06
CVE-2026-5174Progress MOVEit Automation — authenticated privilege escalation (CVSS 8.8)2026-05-062026-05-102026-W192026-05-06
CVE-2026-23918Apache HTTP Server 2.4.66 — HTTP/2 double-free RCE (CVSS 8.8)2026-05-062026-05-102026-W192026-05-06
CVE-2026-32305Traefik proxy — mTLS bypass via fragmented TLS ClientHello2026-05-062026-05-102026-W192026-05-06
CVE-2026-28780Apache HTTP Server 2.4.x — mod_proxy_ajp heap buffer overflow (RCE via AJP backend)2026-05-072026-05-102026-W192026-05-07
CVE-2024-57726SimpleHelp RMM — missing authorisation privilege escalation (CVSS 9.9, ITW DragonForce/Medusa, KEV deadline 2026-05-08)2026-05-072026-05-102026-W192026-05-07
CVE-2024-57728SimpleHelp RMM — path traversal / zip-slip code execution (CVSS 7.2, ITW, KEV deadline 2026-05-08)2026-05-072026-05-102026-W192026-05-07
CVE-2024-7399Samsung MagicINFO 9 Server — unauthenticated path traversal / file write (CVSS 9.8, Mirai, KEV deadline 2026-05-08)2026-05-072026-05-102026-W192026-05-07
CVE-2026-6023Progress Telerik UI for ASP.NET AJAX — RadFilter deserialization RCE (CVSS 9.8)2026-05-072026-05-102026-W192026-05-07
CVE-2026-6022Progress Telerik UI for ASP.NET AJAX — RadAsyncUpload resource exhaustion DoS (CVSS 7.5)2026-05-072026-05-102026-W192026-05-07
CVE-2026-23926Zabbix monitoring platform — XSS / data confidentiality flaw (CERT-FR)2026-05-072026-05-102026-W192026-05-07
CVE-2026-23927Zabbix monitoring platform — XSS / data confidentiality flaw (CERT-FR)2026-05-072026-05-102026-W192026-05-07
CVE-2026-23928Zabbix monitoring platform — XSS / data confidentiality flaw (CERT-FR)2026-05-072026-05-102026-W192026-05-07
CVE-2026-5787Ivanti EPMM on-prem — pre-auth certificate impersonation (CVSS 9.1, ITW, KEV chain with CVE-2026-6973)2026-05-082026-05-102026-W192026-05-092026-05-08
CVE-2026-6973Ivanti EPMM on-prem — admin API improper input validation → RCE (CVSS 7.2, ITW, KEV deadline 2026-05-10)2026-05-082026-05-102026-W192026-05-092026-05-08
CVE-2026-32202Windows Shell protection mechanism failure — NTLM coercion / spoofing (CVSS 4.3, APT28 ITW, KEV deadline 2026-05-12)2026-05-082026-05-102026-W192026-05-08
CVE-2026-32312GLPI < 10.0.25 / 11.0.7 — SSRF (CERTFR-2026-AVI-0551)2026-05-082026-05-102026-W192026-05-08
CVE-2026-40108GLPI < 10.0.25 / 11.0.7 — data integrity compromise (CERTFR-2026-AVI-0551)2026-05-082026-05-102026-W192026-05-08
CVE-2026-42317GLPI < 10.0.25 / 11.0.7 — stored/reflected XSS (CERTFR-2026-AVI-0551)2026-05-082026-05-102026-W192026-05-08
CVE-2026-42318GLPI < 10.0.25 / 11.0.7 — XSS (CERTFR-2026-AVI-0551)2026-05-082026-05-102026-W192026-05-08
CVE-2026-42320GLPI < 10.0.25 / 11.0.7 — XSS (CERTFR-2026-AVI-0551)2026-05-082026-05-102026-W192026-05-08
CVE-2026-42321GLPI < 10.0.25 / 11.0.7 — XSS (CERTFR-2026-AVI-0551)2026-05-082026-05-102026-W192026-05-08
CVE-2026-5385GLPI < 10.0.25 / 11.0.7 — security policy bypass / auth bypass (CERTFR-2026-AVI-0551)2026-05-082026-05-102026-W192026-05-08
CVE-2026-26030Microsoft Semantic Kernel Python SDK — prompt-injection-to-RCE via InMemoryVectorStore filter (CVSS 9.9)2026-05-102026-05-102026-W192026-05-10
CVE-2026-25592Microsoft Semantic Kernel .NET SDK — unintended [KernelFunction] on SessionsPythonPlugin Download/UploadFileAsync → sandbox escape (CVSS 9.9)2026-05-102026-05-102026-W192026-05-10
CVE-2017-11882Microsoft Office Equation Editor RCE (cited as veteran exploit by Kaspersky Q1 2026 exploit report)2026-05-102026-05-102026-W19
CVE-2018-0802Microsoft Office Equation Editor RCE (cited as largest-share detected exploit by Kaspersky Q1 2026 report)2026-05-102026-05-102026-W19
CVE-2023-35078Ivanti EPMM pre-auth API access (2023, exploited by APT29; cited as historical precedent in 2026-05-08 deep dive)2026-05-082026-05-102026-05-08
CVE-2025-0283Ivanti EPMM critical (January 2025, state-actor exploitation; cited as historical precedent in 2026-05-08 deep dive)2026-05-082026-05-102026-05-08
CVE-2025-29927Next.js middleware authorisation bypass via crafted header — weaponised by PCPJack worm2026-05-102026-05-102026-W192026-05-192026-05-10
CVE-2025-48703CentOS Web Panel FileManager shell injection — weaponised by PCPJack worm2026-05-102026-05-102026-W192026-05-192026-05-10
CVE-2025-68670xrdp pre-authentication stack buffer overflow → RCE2026-05-092026-05-102026-W192026-05-09
CVE-2025-9501W3 Total Cache PHP injection via mfunc comment processor — weaponised by PCPJack worm2026-05-102026-05-102026-W192026-05-192026-05-10
CVE-2026-1281Ivanti EPMM January 2026 critical — historical precedent cited in 2026-05-09 Ivanti UPDATE2026-05-092026-05-102026-W192026-05-102026-05-09
CVE-2026-1340Ivanti EPMM January 2026 critical companion — historical precedent cited in 2026-05-09 Ivanti UPDATE2026-05-092026-05-102026-W192026-05-102026-05-09
CVE-2026-1357WPVivid Backup unauthenticated file upload — weaponised by PCPJack worm2026-05-102026-05-102026-W192026-05-192026-05-10
CVE-2026-20034Cisco Unity Connection authenticated RCE in management API (CVSS 8.8, NATO NCSC discovery; logged § 7 — dropped from § 2, gate not cleared)2026-05-102026-05-102026-W192026-05-10
CVE-2026-20035Cisco Unity Connection unauthenticated SSRF in default-enabled Web Inbox (CVSS 7.2; logged § 7 — dropped from § 2, gate not cleared)2026-05-102026-05-102026-W192026-05-10
CVE-2026-21510Windows Shell LNK exploit predecessor — APT28 weaponised against Ukraine and EU; February 2026 patch left CVE-2026-32202 residual2026-05-102026-05-102026-W19
CVE-2026-29201cPanel/WHM CVE cluster — dropped from § 3 (embargoed, gate not cleared)2026-05-092026-05-102026-W192026-05-102026-05-09
CVE-2026-29202cPanel/WHM CVE cluster — dropped from § 3 (embargoed, gate not cleared)2026-05-092026-05-102026-W192026-05-102026-05-09
CVE-2026-29203cPanel/WHM unsafe symlink handling — chmod abuse on arbitrary files (CVSS 8.8, second emergency TSR)2026-05-092026-05-102026-W192026-05-102026-05-09
CVE-2026-40981Spring Cloud Config Server Google Secrets Manager backend flaw (HIGH)2026-05-092026-05-102026-W192026-05-09
CVE-2026-40982Spring Cloud Config Server pre-auth directory traversal (CVSS 9.8)2026-05-092026-05-102026-W192026-05-09
CVE-2026-41002Spring Cloud Config Server companion CVE (HIGH)2026-05-092026-05-102026-W192026-05-09
CVE-2026-41004Spring Cloud Config Server companion CVE (MEDIUM)2026-05-092026-05-102026-W192026-05-09
CVE-2026-42208LiteLLM Proxy pre-auth SQL injection — all upstream LLM API keys at risk (CVSS 9.3, KEV deadline 2026-05-11)2026-05-092026-05-102026-W192026-05-102026-05-09
CVE-2026-44125SEPPmail GINAv2 — missing authentication in admin REST API (CVSS 9.3)2026-05-092026-05-102026-W192026-05-182026-05-09
CVE-2026-44126SEPPmail GINAv2 — insecure deserialisation via session cookie → RCE (CVSS 9.2)2026-05-092026-05-102026-W192026-05-09
CVE-2026-44127SEPPmail appliance management — LFI and arbitrary file deletion (CVSS 8.8)2026-05-092026-05-102026-W192026-05-09
CVE-2026-44129SEPPmail GINAv2 — server-side template injection via Freemarker (CVSS 8.3)2026-05-092026-05-102026-W192026-05-09
CVE-2026-7864SEPPmail appliance management — information disclosure (CVSS 6.9)2026-05-092026-05-102026-W192026-05-09
CVE-2026-25077Apache CloudStack post-auth authentication token flaw — dropped from § 3 (gate not cleared)2026-05-092026-05-092026-05-112026-05-09
CVE-2026-5786Ivanti EPMM authenticated → administrative-access via improper access control (CVSS 8.8, May 2026 chain)2026-05-082026-05-082026-05-08
CVE-2026-5788Ivanti EPMM unauthenticated arbitrary method invocation (CVSS 7.0, May 2026 chain)2026-05-082026-05-082026-05-08
CVE-2026-7821Ivanti EPMM unauthenticated device-registration enabling sensitive data access (May 2026 chain)2026-05-082026-05-082026-05-08
CVE-2026-21509Microsoft Office Protected View bypass — security feature bypass (CVSS 7.8, KEV deadline 2026-02-16 already passed; deferred from §4)2026-05-082026-05-082026-05-08
CVE-2026-21513Microsoft Office Protected View chain CVE (deferred from §4; see CVE-2026-21509 series)2026-05-082026-05-082026-05-08
CVE-2026-21514Microsoft Office Protected View chain CVE (deferred from §4; see CVE-2026-21509 series)2026-05-082026-05-082026-05-08
CVE-2026-33725Metabase Enterprise — serialization import RCE (CVSS 7.2, public PoC)2026-05-072026-05-072026-05-07
CVE-2026-291682026-05-062026-05-072026-05-072026-05-06
CVE-2026-291692026-05-062026-05-072026-05-072026-05-06
CVE-2026-240722026-05-062026-05-062026-05-06