Explore a curated list of the latest CVEs, with a focus on critical and high-severity vulnerabilities. Stay informed about actively exploited threats and get the insights you need to respond quickly and confidently.
| CVE ID | CVSS | Summary | Link |
|---|---|---|---|
| CVE-2026-48172 | 9.8 | From cPanel User to Root: How CVE-2026-48172 Enables Full Server Takeover in LiteSpeed Plugin | View |
| CVE-2026-26980 | 9.4 | CVE-2026-26980 is a critical Ghost CMS SQL injection vulnerability that allows attackers to access sensitive database information without authentication. | View |
| CVE-2026-0257 | 7.8 | Palo Alto PAN-OS GlobalProtect Authentication Bypass: Understanding CVE-2026-0257 | View |
| CVE-2026-48027 | 9.8 | Embedded Malicious Code in Nx Console: A Deep Dive into CVE-2026-48027 | View |
| CVE-2026-39987 | 9.8 | Missing Authentication in Marimo Terminal WebSocket Enables Remote Code Execution: CVE-2026-39987 | View |
| CVE-2026-32201 | 6.5 | Unauthorized Spoofing Attacks in Microsoft SharePoint Server: Understanding CVE-2026-32201 | View |
| CVE-2026-20128 | 7.5 | CVE-2026-20128: Information Disclosure in Cisco SD-WAN Manager DCA Feature Due to Recoverable Password Storage | View |
| CVE-2026-40372 | 9.1 | CVE-2026-40372 is a critical vulnerability in ASP.NET Core that allows remote attackers to elevate privileges due to improper cryptographic signature verification. | View |
| CVE-2026-28950 | 6.2 | CVE-2026-28950 is an information disclosure vulnerability in Apple iOS and iPadOS where deleted notifications may remain stored on the device due to improper data redaction | View |
| CVE-2025-13480 | 6.5 | CVE-2025-13480 allows low-privileged users to access administrator-only resources in Fudo Enterprise through improperly protected API endpoints, exposing sensitive system information. | View |
| CVE-2026-32202 | 4.3 | CVE-2026-32202 is a Windows Shell protection mechanism failure vulnerability that allows attackers to perform spoofing attacks over a network, potentially exposing sensitive information. | View |
| CVE-2026-3854 | 8.8 | A command injection flaw in Enterprise Server allows attackers with repository push access to execute remote code through crafted git push options due to improper input sanitization | View |
| CVE-2026-41940 | 9.8 | CVE-2026-41940 in Focus: cPanel & WHM Session Flaw Leading to Full Server Takeover | View |
| CVE-2026-34621 | 8.6 | CVE-2026-34621 is a high-severity Adobe Acrobat and Reader prototype pollution flaw actively exploited in the wild. Malicious PDFs can trigger code execution on Windows and macOS. It is listed in CISA’s KEV catalog, and Adobe has released security patches. | View |
| CVE-2026-27944 | 9.8 | CVE-2026-27944 is a critical Nginx UI flaw before 2.3.3. An unauthenticated /api/backup endpoint exposes full backups. It also leaks AES keys in the X-Backup-Security header, allowing decryption. This can expose credentials, sessions, SSL keys, and configs, leading to full system compromise. | View |
| CVE-2026-31431 | 7.8 | CVE-2026-31431 (“Copy Fail”) is a Linux kernel AF_ALG privilege escalation flaw allowing local users to gain root by corrupting page cache memory without modifying disk files. It enables container escape and impacts major Linux distributions since 2017, requiring immediate patching. | View |
| CVE-2026-20122 | 5.4 | CVE-2026-20122 is a Cisco SD-WAN Manager API flaw where authenticated read-only users can overwrite system files due to improper file handling. It can lead to vManage privilege escalation and is actively exploited in the wild, listed in CISA’s KEV catalog. | View |
| CVE-2026-29000 | 9.1 | CVE-2026-29000 is a critical pac4j-jwt flaw that lets attackers bypass authentication by forging encrypted JWTs using the server’s public key. It affects versions before 4.5.9, 5.7.9, and 6.3.3 and requires immediate patching. | View |
| CVE-2026-21262 | 8.8 | CVE-2026-21262 is a high-severity SQL Server privilege escalation flaw (CVSS 8.8) caused by improper access control. It allows a low-privileged authenticated user to gain sysadmin access over the network. Exploitation can result in full control of the database, including the ability to read, modify, or delete data. It affects SQL Server 2016-2025 and has been fixed through Microsoft security updates. | View |
| CVE-2026-25172 | 8.0 | CVE-2026-25172 is a high-severity remote code execution vulnerability in Windows Routing and Remote Access Service caused by integer overflow conditions leading to heap memory corruption when processing crafted network traffic. It affects multiple Windows client and server versions with RRAS enabled and is addressed through Microsoft March 2026 security updates, including cumulative patches and hotpatch releases. | View |
| CVE-2026-23813 | 9.8 | CVE-2026-23813 is a critical authentication bypass flaw in HPE Aruba AOS-CX web management interface that allows unauthenticated remote attackers to bypass login and reset administrator passwords. With no required privileges, user interaction, or complexity, it enables full device compromise, network disruption, and unauthorized configuration changes, making immediate patching essential. | View |
| CVE-2026-35022 | 9.8 | CVE-2026-35022 is a critical OS command injection flaw in Anthropic Claude Code CLI and Agent SDK. Unsafe execution of authentication helper configurations allows attackers to run arbitrary commands, leading to credential theft and data exposure, especially in CI/CD and automated environments. | View |
| CVE-2026-35021 | 8.4 | CVE-2026-35021 is a high-severity OS command injection flaw in Anthropic Claude Code CLI and Agent SDK. Malicious file paths with shell metacharacters can execute arbitrary commands due to POSIX behavior, requiring user interaction and impacting versions up to 2.1.91 and 0.1.55. | View |
| CVE-2026-32746 | 9.8 | CVE-2026-32746 is a critical buffer overflow in GNU InetUtils telnetd (≤2.7) caused by missing bounds checks in the LINEMODE SLC handler. Unauthenticated attackers can exploit it over the network to corrupt memory and potentially achieve root-level remote code execution. | View |
| CVE-2026-35020 | 8.6 | CVE-2026-35020 is a high-severity OS command injection in Claude Code CLI and Agent SDK. Unsanitized TERMINAL environment variable input allows arbitrary commands via /bin/sh, risking system compromise, data exposure, and disruption. Patched in Claude Code 2.1.92+ and SDK 0.1.56+. | View |
| CVE-2026-3909 | 8.8 | CVE-2026-3909 is a high-severity Chrome flaw in Skia allowing memory corruption via a crafted webpage. It can cause crashes or code execution. Actively exploited, it affects versions before 146.0.7680.75 and requires immediate patching. | View |
| CVE-2026-22769 | 10.0 | CVE-2026-22769 is a critical Dell RecoverPoint vulnerability with hardcoded Tomcat credentials, enabling unauthenticated remote root access. Actively exploited by UNC6201, it risks full appliance compromise, lateral movement in VMware, persistent access, and requires immediate patching (v6.0.3.1 HF1). | View |
| CVE-2026-20131 | 10.0 | CVE-2026-20131 is a critical Cisco FMC vulnerability allowing unauthenticated attackers to execute Java code as root via insecure deserialization. Actively exploited by Interlock ransomware, it risks full firewall compromise, policy changes, and network disruption, requiring urgent patching and restricted access. | View |
| CVE-2026-2329 | 9.3 | CVE-2026-2329 is a critical stack-based buffer overflow in Grandstream GXP1600 VoIP phones. Unauthenticated attackers can exploit the /cgi-bin/api.values.get API to execute code with root privileges, risking full device compromise, credential theft, call interception, and internal network access. | View |
| CVE-2026-20127 | 10.0 | CVE-2026-20127 is a critical Cisco SD-WAN authentication bypass flaw allowing remote attackers to gain high-privileged access via crafted requests. Exploited in the wild, it enables NETCONF-based configuration changes, risking full control of the SD-WAN control plane and network operations. | View |
| CVE-2026-21902 | 9.3 | CVE-2026-21902 lets unauthenticated attackers gain root access on Juniper PTX routers via the anomaly detection service. Fixed in 25.4R1-S1-EVO and 25.4R2-EVO. | View |
| CVE-2026-1731 | 9.9 | CVE-2026-1731 is a critical flaw in BeyondTrust Remote Support and BeyondTrust Privileged Remote Access that allows attackers to run commands without authentication, risking system compromise. It is actively exploited and requires immediate patching. | View |
| CVE-2026-25593 | 8.4 | CVE-2026-25593 is a high-severity OpenClaw vulnerability enabling unauthenticated local command execution via the Gateway WebSocket API. Unsafe cliPath values in config.apply allowed command injection. Updating to version 2026.1.20 or later fixes the issue. | View |
| CVE-2026-24061 | 9.8 | CVE-2026-24061 is a critical vulnerability in GNU InetUtils telnetd that allows remote attackers to bypass authentication and gain root access due to improper USER variable validation. Affected versions 1.9.3 through 2.7 should be upgraded to 2.7 - 2 or Telnet disabled immediately. | View |
| CVE-2026-21962 | 10.0 | CVE-2026-21962 is a critical flaw in Oracle HTTP Server and WebLogic Proxy that lets unauthenticated attackers access internal resources. Affected versions (12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0) remain at high risk until patched. | View |
| CVE-2026-20700 | 7.8 | CVE-2026-20700 is a zero-day memory flaw in Apple’s Dynamic Link Editor (dyld) that allows attackers to run code with elevated privileges, risking spyware, data theft, or full device takeover. All Apple OS versions before 26.3 are affected. Immediate patching with Apple’s security updates is strongly advised. | View |
| CVE-2026-2441 | 8.8 | CVE-2026-2441 is a high-risk Chrome CSS bug affecting versions before 145.0.7632.75/76. Attackers can run code in the browser sandbox using crafted HTML, risking data theft and credential loss. Update immediately to Chrome 145.0.7632.75 or later to fix the issue. | View |
| CVE-2026-25049 | 9.4 | CVE-2026-25049 lets authenticated n8n users run arbitrary server commands. It risks credentials, files, and workflows. Fixed in 1.123.17 and 2.5.2—update and rotate credentials immediately. | View |
| CVE-2026-21532 | 8.2 | CVE‑2026‑21532 is a high-severity Azure Functions vulnerability that lets attackers remotely access sensitive data without authentication. It mainly affects confidentiality, slightly impacts integrity, and doesn’t affect availability. Reported February 5, 2026, with Microsoft as the CNA. | View |
| CVE-2026-0227 | 6.6 | CVE-2026-0227 is a medium-risk flaw in PAN-OS and Prisma Access with GlobalProtect enabled. It lets a remote attacker disrupt firewall and VPN traffic. Cloud NGFW isn’t affected. Fix by updating to the latest versions and restricting GlobalProtect access. | View |
| CVE‑2026‑21509 | 7.8 | CVE-2026-21509 is a serious Microsoft Office vulnerability that allows attackers to bypass security protections by tricking users into opening malicious documents. It affects multiple Office versions, is actively exploited, and must be patched immediately. | View |
| CVE-2026-24858 | 9.8 | CVE‑2026‑24858 is a critical Fortinet FortiCloud SSO authentication bypass actively exploited in the wild. Due to weak SSO isolation, attackers can gain unauthorized admin access to other customers’ devices, steal configurations, and create persistent accounts. Immediate patching or disabling FortiCloud SSO is essential. | View |
| CVE-2025-68645 | 8.8 | CVE‑2025‑68645 lets attackers access Zimbra Webmail files without authentication. Update to ZCS 10.0.18 or 10.1.13+. | View |
| CVE-2025-59718 | 9.8 | CVE-2025-59718 is a critical Fortinet FortiCloud SSO flaw that lets attackers bypass authentication via crafted SAML messages, gain admin access, create rogue accounts, and steal firewall configs. Active exploitation is ongoing, making immediate patching and temporary SSO disablement essential. | View |
| CVE-2026-23550 | 10.0 | CVE‑2026‑23550 is a critical flaw in the Modular DS WordPress plugin (≤ 2.5.1) that lets unauthenticated attackers gain administrator access through weak routing and auto‑login. Actively exploited, it enables full site takeover and is fixed in versions 2.5.2 and 2.6.0. | View |
| CVE-2025-21333 | 7.8 | CVE-2025-21333 is a high‑severity Windows Hyper‑V vulnerability caused by a heap‑based buffer overflow in the NT Kernel Integration VSP. It allows low‑privileged local attackers to gain SYSTEM access. The issue is actively exploited and was fixed in Microsoft’s January 2025 security updates. | View |
| CVE-2025-52691 | 10.0 | CVE-2025-52691 is a critical SmarterMail vulnerability enabling unauthenticated file upload and remote code execution in builds 9406 and earlier, fixed in Build 9413. | View |
| CVE-2025-27840 | 6.8 | CVE-2025-27840 affects Espressif ESP32 Bluetooth firmware with hidden HCI commands that can modify internal memory. Accessible via standard Bluetooth tools, it requires high privileges and physical access, poses medium risk, and had no official fix at disclosure | View |
| CVE‑2025‑30208 | 5.3 | CVE-2025-30208 is a medium-severity flaw in the Vite development server that allows attackers to bypass file access restrictions using crafted query strings. It enables arbitrary file reads on network-exposed dev servers running vulnerable Vite versions prior to the fixed releases, potentially exposing sensitive local files. | View |
| CVE-2025-37164 | 10 | CVE‑2025‑37164 is a critical HPE OneView flaw enabling unauthenticated remote code execution and full infrastructure control. Actively exploited with public PoC, it affects versions before 11.00 and requires immediate patching or mitigation. | View |
A CVE (Common Vulnerabilities and Exposures) is a unique identifier given to a publicly known cybersecurity flaw. It helps researchers and security teams talk about the same issue using a standard reference.
Vulnerabilities in cybersecurity are weaknesses or flaws in software, hardware, or systems that attackers can exploit to gain unauthorized access, disrupt operations, or steal sensitive information.
Each CVE can be linked to a CVSS (Common Vulnerability Scoring System) score, which rates the severity of the vulnerability (from 0 to 10). This score is usually available in the CVE details and helps assess how dangerous the issue is.
You can find CVEs through official databases like NVD, MITRE, vendor advisories, security blogs, or tools like scanners and vulnerability management platforms.
Fixing a CVE usually involves applying a patch or update released by the software vendor. In some cases, temporary workarounds or configuration changes can reduce the risk until a full fix is available.
A CVE is not calculated; it’s a unique ID assigned to a discovered vulnerability. However, the related CVSS score is calculated based on how easy the vulnerability is to exploit, the potential impact, and whether it needs user interaction.
See Fidelis Security platforms in action. Learn how our fast scalable platforms provide full visibility, deep insights, and rapid response to help security teams worldwide protect, detect, respond, and neutralize against advanced cyber adversaries.
