Critical vulnerabilities, curated daily for security professionals
π― SSCV Profile
See how vulnerabilities affect your specific environment
CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework
Risk scores will be adjusted based on your selected environment
π
Today's Security Brief
Tuesday's brief is led by CVSS 10.0 vulnerabilities in CloudPirates Open Source Helm Charts (CVE-2026-45131, CVE-2026-45132) and Cloud Foundry UAA (CVE-2026-40965), exposing container deployment pipelines and identity services to compromise. Critical CVEs rose sharply to 9 from 2 the prior day (+350%), while high-priority disclosures fell to 46 from 70 (-34%). Additional critical entries include CVE-2026-25879 (CVSS 9.8) in the Langroid framework and CVE-2026-8206 (CVSS 9.8) in the WordPress Kirki plugin, both enabling remote attack paths against widely deployed software. Web application plugins, AI/ML frameworks, and CI/CD identity components dominate the day's disclosures, with remote code execution and authentication weaknesses as the recurring patterns. No patches are currently flagged as available across this set, so affected operators should prioritize compensating controls and monitor vendor advisories; six CVEs are listed in CISA KEV as actively exploited, spanning PAN-OS, Oracle WebLogic, and the LiteSpeed cPanel plugin.
Three CVSS 10.0 flaws affect CloudPirates Open Source Helm Charts (CVE-2026-45131, CVE-2026-45132) and Cloud Foundry UAA (CVE-2026-40965), impacting container deployment and identity infrastructure
Critical CVEs increased to 9 from 2 the prior day (+350%)
High-priority CVEs decreased to 46 from 70 the prior day (-34%)
Remote code execution and authentication bypass dominate, hitting the Langroid framework (CVE-2026-25879), WordPress Kirki plugin (CVE-2026-8206), and Dassault Systèmes Teamwork Cloud (CVE-2026-7858)
Patch availability stands at 0% across the disclosed set, requiring interim mitigations and advisory monitoring
Six CVEs appear in CISA KEV as actively exploited, including Palo Alto Networks PAN-OS (CVE-2026-0257) and Oracle WebLogic Server (CVE-2024-21182)
Immediate action: Prioritize CloudPirates Helm Charts, Cloud Foundry UAA, and the actively exploited PAN-OS, Oracle WebLogic, and LiteSpeed cPanel deployments for immediate review and isolation. With no patches currently available for the critical set, apply vendor-recommended workarounds, restrict network exposure of affected services, and increase monitoring on identity and CI/CD systems until fixes ship.
π‘ Tip: Swipe CVE cards left to β star, right to β remove
Section Navigation
β οΈ
CISA Known Exploited Vulnerabilities
β οΈ CISA KEVURGENT
CVE-2026-48172
9.5π
LiteSpeedcPanel Plugin
β° Federal Deadline:May 28, 2026(-4 days remaining)
The LiteSpeed cPanel Plugin contains an incorrect privilege assignment vulnerability (CWE-266) allowing for unauthorized root-level script execution.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEVURGENT
CVE-2026-8398
9.5π
AVB Disc SoftDAEMON Tools Lite
β° Federal Deadline:May 29, 2026(-3 days remaining)
A supply chain compromise of DAEMON Tools Lite resulted in the distribution of trojanized binaries signed with a legitimate certificate.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEVURGENT
CVE-2026-0257
9.5π
Palo Alto NetworksPAN-OS
β° Federal Deadline:May 31, 2026(EXPIRED)
An authentication bypass vulnerability exists in Palo Alto Networks PAN-OS GlobalProtect, allowing unauthenticated attackers to forge authentication cookies and establish unauthorized VPN connections.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEVURGENT
CVE-2024-21182
9.5ππ Late Disclosure
OracleWebLogic Server
β° Federal Deadline:June 3, 2026(2 days remaining)
Oracle WebLogic Server contains an unspecified vulnerability that is currently being exploited in the wild.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2026-48027
9.5π
NxNx Console
β° Federal Deadline:June 9, 2026(8 days remaining)
A critical supply chain attack involving embedded malicious code in the Nx Console VS Code extension has been identified and is being actively exploited.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2026-45321
9.5π
GitHubActions OIDC
β° Federal Deadline:June 9, 2026(8 days remaining)
GitHub Actions OIDC was exploited to publish malicious npm packages by chaining multiple vulnerabilities, including cache poisoning and token extraction.
CVSS Base9.5
β
CRSSelect profile
π¨
Critical Vulnerabilities
CVE-2026-25879
9.8π
LangroidLangroid Framework
The Langroid framework is vulnerable to remote code execution due to insecure handling of SQL produced by large language models.
CVSS Base9.8
β
CRSSelect profile
CVE-2026-8206
9.8π
WordPressKirki Plugin
The Kirki plugin for WordPress is vulnerable to unauthenticated privilege escalation via an account takeover flaw in the password reset process.
CVSS Base9.8
β
CRSSelect profile
CVE-2026-45131
10π
CloudPiratesOpen Source Helm Charts
A GitHub Actions workflow in CloudPirates Helm Charts executes attacker-controlled code from forks, exposing repository secrets.
CVSS Base10
β
CRSSelect profile
CVE-2026-45132
10π
CloudPiratesOpen Source Helm Charts
A GitHub Actions workflow in CloudPirates Helm Charts exposes Personal Access Tokens and SSH signing keys to untrusted code.
CVSS Base10
β
CRSSelect profile
CVE-2026-7858
9.8π
Dassault Systèmes (No Magic / CATIA)Teamwork Cloud / Magic Collaboration Studio
A deserialization vulnerability in Teamwork Cloud and Magic Collaboration Studio allows unauthenticated remote code execution.
CVSS Base9.8
β
CRSSelect profile
CVE-2018-25427
9.8ππ Late Disclosure
ArmWhois
Arm Whois 3.11 is vulnerable to a stack-based buffer overflow, allowing remote attackers to execute arbitrary code.
CVSS Base9.8
β
CRSSelect profile
CVE-2026-42680
9.8π
Wasiliy StreckerContest Gallery Pro
Contest Gallery Pro for WordPress contains an incorrect privilege assignment vulnerability that allows privilege escalation.
CVSS Base9.8
β
CRSSelect profile
CVE-2026-48879
9.8π
Sergey AIWUAIWU
The AIWU plugin for WordPress is vulnerable to privilege escalation due to incorrect privilege assignment.
CVSS Base9.8
β
CRSSelect profile
CVE-2026-40965
10π
Cloud FoundryUAA (User Account and Authentication)
Cloud Foundry UAA inadvertently exposes private EC keys via the public /token_keys endpoint, threatening JWT integrity.
CVSS Base10
β
CRSSelect profile
β οΈ
High Priority Updates
CVE-2026-35436
8.8π
MicrosoftOffice
A use-after-free vulnerability in Microsoft Office allows authorized local attackers to elevate privileges.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-40365
8.8π
MicrosoftSharePoint Server
A deserialization vulnerability in Microsoft SharePoint Server allows authenticated attackers to execute arbitrary code.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-40420
8.8π
MicrosoftOffice
A use-after-free vulnerability in Microsoft Office allows authorized local attackers to elevate privileges.
CVSS Base8.8
β
CRSSelect profile
CVE-2023-0882
8.8ππ Late Disclosure
Kron TechSingle Connect
An improper input validation and authorization bypass vulnerability in Kron Tech Single Connect allows for privilege abuse.
CVSS Base8.8
β
CRSSelect profile
CVE-2025-63680
8.6π
NeroMultiple Products
Nero BackItUp in the Nero Productline is vulnerable to a path parsing/UI rendering flaw (CWE-22) that, in combination with Windows ShellExecuteW fallback extension resolution, leads to arbitrary code execution when a user clicks a crafted entry
CVSS Base8.6
β
CRSSelect profile
CVE-2026-45505
8.8π
ApacheActiveMQ
A code injection vulnerability in Apache ActiveMQ allows authenticated users to execute management methods with untrusted input via the Jolokia JMX-HTTP interface.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-49157
8.8π
ApacheActiveMQ
Incorrect default permissions in Apache ActiveMQ allow low-privilege web-login accounts to perform sensitive administrative operations via Jolokia.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-24425
8.8π
TwigTwig
A security vulnerability has been identified in the Twig templating engine affecting versions 2 and potentially others.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-44848
8.8π
DockerPortainer Community Edition
A critical flaw in Portainer's RBAC layer allows non-admin users with Docker endpoint access to execute privileged operations directly against the Docker daemon.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-44849
8.8π
DockerPortainer Community Edition / Swarm
A security bypass in Portainer allows non-admin users with access to a Docker Swarm endpoint to create or update services with elevated privileges.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-44239
8.8π
SangomaFreePBX
A security vulnerability exists in FreePBX, an open-source IP PBX platform, regarding file-based operations.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-31409
8.8π
LinuxKernel
A vulnerability in the Linux kernel's ksmbd module causes an improper state change during failed multichannel SMB2_SESSION_SETUP requests.
CVSS Base8.8
β
CRSSelect profile
CVE-2024-40646
8.6ππ Late Disclosure
VertexVertex Management Tool
A security vulnerability exists in the Vertex management tool used for tracking and streaming media.
CVSS Base8.6
β
CRSSelect profile
CVE-2026-9614
8.8π
IvantiNeurons for ITSM
An improper access control vulnerability in Ivanti Neurons for ITSM allows authenticated attackers to escalate privileges to administrative levels.
CVSS Base8.8
β
CRSSelect profile
CVE-2024-13174
8.6ππ Late Disclosure
InforE1 Informatics Web Application
An SQL injection vulnerability in the Infor E1 Informatics web application allows attackers to execute arbitrary SQL commands.
CVSS Base8.6
β
CRSSelect profile
CVE-2026-10270
8.8π
D-LinkDI-7001 MINI
A security vulnerability has been identified in the D-Link DI-7001 MINI router series.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-31588
8.8π
LinuxKernel
A use-after-free vulnerability in the Linux kernel's KVM x86 MMIO emulation subsystem allows local privilege escalation.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-31622
8.8π
LinuxKernel
A heap buffer overflow in the Linux kernel's NFC digital protocol subsystem allows for potential arbitrary code execution.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-31629
8.8π
LinuxKernel
A use-after-free vulnerability in the Linux kernel's NFC LLCP subsystem results from missing return statements after socket state checks.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-31717
8.8π
LinuxKernel
An authentication bypass in the Linux kernel's ksmbd SMB3 server allows attackers to hijack durable file handles.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-43110
8.8π
LinuxKernel (brcmfmac driver)
A buffer overflow vulnerability in the Linux kernel's brcmfmac Wi-Fi driver allows out-of-bounds memory access via malformed IF events from the firmware.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-43112
8.8π
LinuxKernel (CIFS client)
An out-of-bounds read vulnerability in the Linux kernel's CIFS client allows a system crash when processing empty or malformed path strings.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-43113
8.8π
LinuxKernel (wl1251 driver)
A buffer overflow vulnerability in the Linux kernel's wl1251 Wi-Fi driver exists due to missing bounds validation on firmware-supplied packet IDs.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-3294
8.8π
TP-LinkRange Extenders
An authentication logic vulnerability in TP-Link range extenders allows unauthenticated attackers on an adjacent network to reset administrator passwords.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-31611
8.6π
LinuxKernel (ksmbd)
An out-of-bounds read vulnerability in the Linux kernel's ksmbd component allows unauthorized memory access via malicious SID structures.
CVSS Base8.6
β
CRSSelect profile
CVE-2026-44697
8.6π
KleverKlever-Go
A remote, unauthenticated denial-of-service vulnerability in Klever-Go's Batch.Decompress function allows attackers to trigger massive heap allocations using small payloads.
CVSS Base8.6
β
CRSSelect profile
CVE-2026-9330
8.5π
IBMWebSphere Application Server
A deserialization vulnerability in IBM WebSphere Application Server allows remote code execution via crafted HTTP requests.
CVSS Base8.5
β
CRSSelect profile
CVE-2026-25277
8.8π
MemoryStrongbox
A memory corruption vulnerability due to a buffer overflow in the Strongbox application may allow for system instability or arbitrary code execution.
CVSS Base8.8
β
CRSSelect profile
CVE-2023-1462
8.8ππ Late Disclosure
Vadi Corporate Information SystemsDigiKent
An authorization bypass vulnerability in Vadi Corporate Information Systems DigiKent allows attackers to abuse authentication mechanisms.
CVSS Base8.8
β
CRSSelect profile
CVE-2024-12916
8.8ππ Late Disclosure
Agito ComputerLife4All
An SQL injection vulnerability in the Agito Computer Life4All application allows attackers to execute unauthorized database queries.
CVSS Base8.8
β
CRSSelect profile
CVE-2024-12918
8.8ππ Late Disclosure
Agito ComputerHealth4All
An SQL injection vulnerability in Agito Computer's Health4All application allows attackers to inject malicious SQL code into database queries.
Megatek Communication Azora Wireless Network Management contains an SQL injection vulnerability due to improper neutralization of special elements in SQL commands.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-10259
8.8π
H3CMagic B0
A security vulnerability has been detected in the H3C Magic B0 router series.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-43623
8.8π
microtarmicrotar
A stack-based buffer overflow in the microtar library's raw_to_header() function can be triggered by crafted TAR archives containing non-null-terminated name or linkname fields.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-7770
8.8π
IBMi Access Family
A security vulnerability has been identified in the IBM i Access Family suite.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-10292
8.8π
UTTHiPER 1200GW
A vulnerability has been identified in the UTT HiPER 1200GW router that could allow an attacker to compromise the device.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-10293
8.8π
UTTHiPER 1200GW
A vulnerability in the UTT HiPER 1200GW is circulating in security chatter, suspected to be a parser-class TLS flaw affecting the device's communication stack.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-25276
8.8π
MemoryStrongbox
Strongbox contains a memory corruption vulnerability due to a missing bounds check.
CVSS Base8.8
β
CRSSelect profile
CVE-2024-11142
8.8ππ Late Disclosure
Gosoft SoftwareProticaret E-Commerce
A Cross-Site Request Forgery (CSRF) vulnerability in Gosoft Software Proticaret E-Commerce allows attackers to perform unauthorized actions on behalf of authenticated users.
An authenticated command injection vulnerability in the SMB server function of the AVTECH DGM1104 allows remote attackers to execute arbitrary system commands.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-42184
8.8π
TauriTauri Framework
A flaw in Tauri's URL validation incorrectly classifies remote URLs as trusted local origins.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-44238
8.8π
SangomaFreePBX
A high-severity security vulnerability has been identified in the FreePBX open-source IP PBX system.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-9024
8.7π
Dassault SystèmesDELMIA Service Process Engineer
A stored Cross-Site Scripting (XSS) vulnerability in Process Experience Studio within DELMIA Service Process Engineer allows authenticated, low-privilege users to execute arbitrary scripts in other users' sessions.
CVSS Base8.7
β
CRSSelect profile
CVE-2024-12367
8.6ππ Late Disclosure
Vegagrup SoftwareVega Master
A vulnerability in Vegagrup Software Vega Master allows directory indexing, leading to the exposure of sensitive system information to unauthorized users.
CVSS Base8.6
β
CRSSelect profile
CVE-2026-33805
8.6π
Fastify@fastify/reply-from and @fastify/http-proxy
A vulnerability in Fastify proxy plugins allows attackers to strip proxy-added headers by manipulating the Connection header.
CVSS Base8.6
β
CRSSelect profile
CVE-2024-12651
8.5ππ Late Disclosure
PTT Inc.HGS Mobile App
The PTT Inc. HGS Mobile App contains an "Exposed Dangerous Method or Function" vulnerability, allowing attackers to manipulate user-controlled variables.