Critical vulnerabilities, curated daily for security professionals
π― SSCV Profile
See how vulnerabilities affect your specific environment
CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework
Risk scores will be adjusted based on your selected environment
π
Today's Security Brief
Adobe Campaign Classic and Microsoft Windows dominate Wednesday's disclosures, with two maximum-severity Adobe Campaign Classic flaws (CVSS 10) and a cluster of CVSS 9.8 Windows kernel, DHCP client, and HTTP.sys issues. The brief covers 18 critical vulnerabilities, up 50% from the prior day's 12, alongside 27 high-priority CVEs, down 56% from 62. Named critical entries include CVE-2026-47938 and CVE-2026-48303 in Adobe Campaign Classic, CVE-2026-44815 in the Windows DHCP Client, and CVE-2026-45447 affecting OpenSSL PKCS#7/S/MIME processing. Remote code execution and authentication bypass patterns predominate, spanning enterprise security appliances from Fortinet, Cisco, Check Point, and Arista. No fixes are currently published for the disclosed set, so affected organizations should prioritize compensating controls and monitor vendor advisories; nine CVEs across Fortinet, SolarWinds, and Cisco platforms show confirmed active exploitation.
Adobe Campaign Classic carries two maximum-severity flaws (CVE-2026-47938, CVE-2026-48303, both CVSS 10) enabling remote compromise
Critical CVEs rose 50% to 18, led by Microsoft Windows kernel, DHCP client, HTTP.sys, and Azure Stack Edge issues at CVSS 9.8
High-priority CVEs fell 56% to 27 from the prior day's 62
Remote code execution and authentication bypass dominate, affecting Fortinet FortiSandbox, OpenSSL, and Microsoft Windows components
Patch availability stands at 0% across the disclosed set, requiring interim mitigations and advisory monitoring
Nine vulnerabilities show active exploitation, including Fortinet FortiOS and FortiAnalyzer, SolarWinds Serv-U, and Cisco Catalyst SD-WAN Manager
Immediate action: Prioritize Adobe Campaign Classic and Microsoft Windows systems, along with internet-facing Fortinet, Cisco, Check Point, SolarWinds, and Arista appliances showing active exploitation. With no patches yet published for the disclosed CVEs, apply vendor-recommended compensating controls, restrict exposed management interfaces, and watch advisories for fix availability.
π‘ Tip: Swipe CVE cards left to β star, right to β remove
Section Navigation
β οΈ
CISA Known Exploited Vulnerabilities
β οΈ CISA KEVURGENT
CVE-2025-59718
9.8π
FortinetFortiOS
β° Federal Deadline:December 22, 2025(-169 days remaining)
A improper verification of cryptographic signature vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.10, FortiProxy 7.2.0 through 7.2.14, FortiProxy 7.0.0 through 7.0.21, FortiSwitchManager 7.2.0 through 7.2.6, FortiSwitchManager 7.0.0 through 7.0.5 allows an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML response message.
CVSS Base9.8
β
CRSSelect profile
β οΈ CISA KEVURGENT
CVE-2026-24858
9.8π
FortinetFortiAnalyzer
β° Federal Deadline:January 29, 2026(-131 days remaining)
An authentication bypass vulnerability in various Fortinet products allows attackers to log into devices registered to other accounts if FortiCloud SSO is enabled.
CVSS Base9.8
β
CRSSelect profile
β οΈ CISA KEVURGENT
CVE-2026-45247
9.5π
MirasvitFull Page Cache Warmer for Magento 2
β° Federal Deadline:June 5, 2026(-4 days remaining)
Mirasvit Full Page Cache Warmer for Magento 2 contains a PHP object injection vulnerability allowing unauthenticated RCE via the CacheWarmer cookie.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEVURGENT
CVE-2026-50751
9.5π
Check PointSecurity Gateway
β° Federal Deadline:June 10, 2026(1 days remaining)
Check Point Security Gateway is affected by an improper authentication vulnerability that is currently being exploited in the wild.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2026-28318
9.5π
SolarWindsServ-U
β° Federal Deadline:June 18, 2026(9 days remaining)
SolarWinds Serv-U is vulnerable to an uncontrolled resource consumption flaw allowing unauthenticated attackers to crash the service via specially crafted POST requests.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2026-7473
9.5π
AristaExtensible Operating System
β° Federal Deadline:June 22, 2026(13 days remaining)
Arista Extensible Operating System is affected by an incomplete comparison vulnerability, currently tracked in the CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2026-20245
9.5π
CiscoCatalyst SD-WAN Manager
β° Federal Deadline:June 22, 2026(13 days remaining)
A command injection and privilege escalation vulnerability exists in the CLI of Cisco Catalyst SD-WAN Manager due to insufficient input validation.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2026-11645
8.8π
GoogleChrome
β° Federal Deadline:June 22, 2026(13 days remaining)
An out-of-bounds read and write vulnerability in the V8 JavaScript engine allows remote attackers to execute arbitrary code via a crafted HTML page.
CVSS Base8.8
β
CRSSelect profile
β οΈ CISA KEV
CVE-2026-42271
8.8π
LiteLLMLiteLLM
β° Federal Deadline:June 21, 2026(12 days remaining)
LiteLLM contains a command injection vulnerability in its MCP server test endpoints that, when chained with a host header bypass, enables unauthenticated remote code execution.
CVSS Base8.8
β
CRSSelect profile
π¨
Critical Vulnerabilities
CVE-2017-20251
9.8ππ Late Disclosure
WordPressInsert PHP
The WordPress Insert PHP plugin contains a PHP code injection vulnerability allowing unauthenticated remote code execution via the REST API.
CVSS Base9.8
β
CRSSelect profile
CVE-2026-47938
10π
AdobeCampaign Classic
Adobe Campaign Classic is affected by a Server-Side Request Forgery (SSRF) vulnerability that allows for unauthenticated privilege escalation.
CVSS Base10
β
CRSSelect profile
CVE-2026-48303
10π
AdobeCampaign Classic
Adobe Campaign Classic is vulnerable to an incorrect authorization flaw that allows unauthenticated attackers to achieve arbitrary code execution via crafted HTTP/2 requests.
CVSS Base10
β
CRSSelect profile
CVE-2026-47643
9.8π
MicrosoftAzure Stack Edge
Azure Stack Edge contains a path traversal vulnerability that allows unauthenticated remote attackers to execute arbitrary code over the network.
The Shenzhen Kangda Xin DR300 router contains hardcoded credentials and has Telnet enabled by default, allowing for full device compromise.
CVSS Base9.8
β
CRSSelect profile
CVE-2026-44815
9.8π
MicrosoftWindows DHCP Client
A stack-based buffer overflow in the Windows DHCP Client allows unauthenticated remote attackers to execute code via crafted network packets.
CVSS Base9.8
β
CRSSelect profile
CVE-2026-45657
9.8π
MicrosoftWindows Kernel
A use-after-free vulnerability in the Windows Kernel allows unauthenticated attackers to execute arbitrary code over the network.
CVSS Base9.8
β
CRSSelect profile
CVE-2026-47291
9.8π
MicrosoftWindows HTTP.sys
An integer overflow or wraparound vulnerability in the Windows HTTP.sys driver allows unauthorized attackers to execute arbitrary code over a network.
CVSS Base9.8
β
CRSSelect profile
CVE-2026-25089
9.8π
FortinetFortiSandbox
An OS command injection vulnerability in FortiSandbox allows unauthenticated attackers to execute unauthorized commands via specifically crafted HTTP requests.
CVSS Base9.8
β
CRSSelect profile
CVE-2026-45447
9.8π
OpenSSLOpenSSL (via PKCS#7/S/MIME processing)
A use-after-free vulnerability during PKCS#7 signature verification in OpenSSL can lead to heap corruption or potential remote code execution.
CVSS Base9.8
β
CRSSelect profile
CVE-2026-10520
10π
IvantiSentry
A critical OS command injection vulnerability in Ivanti Sentry allows remote unauthenticated users to achieve root-level remote code execution.
CVSS Base10
β
CRSSelect profile
CVE-2026-10523
9.9π
IvantiSentry
An authentication bypass vulnerability in Ivanti Sentry allows unauthenticated attackers to create arbitrary administrative accounts and gain full access.
CVSS Base9.9
β
CRSSelect profile
CVE-2026-30141
9.8π
bitbank2AnimatedGIF
The bitbank2 AnimatedGIF library contains a buffer overflow in the DecodeLZW function that can lead to remote code execution or denial of service via a crafted GIF file.
CVSS Base9.8
β
CRSSelect profile
CVE-2026-9698
9.8π
DBI (Perl)DBI
A buffer overflow vulnerability in the Perl DBI module occurs when error messages are written to a fixed-size 200-byte buffer without length validation.
CVSS Base9.8
β
CRSSelect profile
CVE-2026-7486
9.8π
Netcad SoftwareE-Δ°mar
An SQL injection vulnerability in Netcad Software E-Δ°mar allows unauthorized attackers to manipulate database queries and potentially access sensitive data.
CVSS Base9.8
β
CRSSelect profile
CVE-2026-8025
9.8π
MOSK Information Technologies Ltd.CBS Platform
The MOSK Information Technologies Ltd. CBS Platform contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary database commands.
CVSS Base9.8
β
CRSSelect profile
CVE-2026-26142
9.8π
NuancePowerScribe
An insecure deserialization vulnerability in Nuance PowerScribe allows an unauthenticated attacker to execute arbitrary code over a network.
CVSS Base9.8
β
CRSSelect profile
CVE-2026-49841
9.8π
FreeSWITCHFreeSWITCH
A heap overflow vulnerability in the FreeSWITCH mod_verto module allows unauthenticated attackers to trigger memory corruption via crafted HTTP requests.
CVSS Base9.8
β
CRSSelect profile
β οΈ
High Priority Updates
CVE-2026-8365
8.8π
BlocksyBlocksy Theme for WordPress
The Blocksy theme for WordPress is vulnerable to PHP Object Injection, enabling Remote Code Execution via the 'blocksy_meta' REST API field.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-32193
8.8π
MicrosoftAzure Kubernetes Service
A path traversal vulnerability in Microsoft Azure Kubernetes Service allows an authenticated attacker to execute arbitrary code locally.
CVSS Base8.8
β
CRSSelect profile
CVE-2025-53844
8.8π
FortinetFortiOS
An out-of-bounds write vulnerability in Fortinet FortiOS 7 could allow for memory corruption and potential code execution.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-11629
8.8π
GoogleChrome
A use-after-free vulnerability in the Google Chrome Ozone implementation allows an attacker to potentially execute arbitrary code.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-11630
8.8π
GoogleChrome
A use-after-free vulnerability in Google Chrome's File Input component allows an attacker to potentially execute arbitrary code.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-11648
8.8π
GoogleChrome
A use-after-free vulnerability exists in the FullScreen component of Google Chrome on Windows, potentially allowing memory corruption or arbitrary code execution.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-11664
8.8π
GoogleChrome
A use-after-free vulnerability exists within the Payments component of Google Chrome, which could be leveraged to cause memory corruption or arbitrary code execution.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-11681
8.8π
GoogleChrome
A use-after-free vulnerability exists in the Ozone platform abstraction layer of Google Chrome on Linux, potentially allowing for memory corruption or code execution.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-45484
8.8π
MicrosoftOffice SharePoint
A deserialization vulnerability in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-40371
8.8π
MicrosoftDynamics 365
A privilege escalation vulnerability in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to elevate their permissions over a network.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-45504
8.8π
MicrosoftExchange Server
A Server-Side Request Forgery (SSRF) vulnerability in Microsoft Exchange Server allows an authenticated attacker to elevate privileges over the network.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-50636
8.8π
OracleMultiple Products
A SQL injection vulnerability in the Oracle RemoteControl API allows an authenticated attacker to inject malicious queries via the invite_participants and remind_participants methods.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-11616
8.8π
GeoDirectoryEvents Calendar for GeoDirectory Plugin
The Events Calendar for GeoDirectory plugin for WordPress is vulnerable to unauthorized privilege escalation.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-42985
8.8π
MicrosoftRemote Desktop Client
A heap-based buffer overflow in the Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-47289
8.8π
MicrosoftRemote Desktop Client
A heap-based buffer overflow in the Remote Desktop Client allows an unauthorized attacker to execute arbitrary code over a network via a malicious server.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-47653
8.8π
MicrosoftRemote Desktop Client
A heap-based buffer overflow in the Remote Desktop Client allows an unauthorized attacker to execute code over a network by enticing a user to connect to a malicious server.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-31709
8.8π
LinuxKernel
A flaw in the Linux kernel SMB client allows for improper validation of DACL pointers, potentially leading to security descriptor corruption.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-46152
8.8π
LinuxKernel
A race condition in the Linux kernel's mac80211 fast-RX handling can lead to packet processing errors.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-45648
8.8π
MicrosoftActive Directory Domain Services
A stack-based buffer overflow in Active Directory Domain Services allows an authenticated attacker to execute arbitrary code over a network.
CVSS Base8.8
β
CRSSelect profile
CVE-2025-15467
8.8π
OpenSSLOpenSSL
A stack buffer overflow in OpenSSL occurs when parsing CMS AuthEnvelopedData or EnvelopedData messages with maliciously crafted AEAD parameters.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-46480
8.8π
FlowiseAIFlowise
A vulnerability exists in the Flowise drag-and-drop user interface used for building Large Language Model (LLM) flows.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-46490
8.8π
SamlifySamlify
A high-severity vulnerability has been identified in the Samlify Node.js library, which is commonly used for SAML authentication.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-46746
8.8π
SiemensSINEC INS
A vulnerability has been identified in Siemens SINEC INS, affecting all versions prior to V1.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-46748
8.8π
SiemensSINEC INS
A vulnerability in Siemens SINEC INS allows for potential security compromise in versions prior to V1.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-49959
8.8π
HermesWebUI
Hermes WebUI contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands via malicious Git configuration files.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-50635
8.8π
LimeSurveyLimeSurvey
LimeSurvey fails to validate the HTTP Host header when constructing password-reset links, allowing for Host header injection and account takeover.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-47932
8.8π
AdobeColdFusion
Adobe ColdFusion contains an unspecified vulnerability that may pose a significant security risk to affected installations.