Critical vulnerabilities, curated daily for security professionals
π― SSCV Profile
See how vulnerabilities affect your specific environment
CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework
Risk scores will be adjusted based on your selected environment
π
Today's Security Brief
Friday's vulnerability landscape is led by three maximum-severity (CVSS 10) flaws in Ubiquiti UniFi OS and multiple critical WordPress plugin issues affecting widely deployed infrastructure. Critical CVE volume rose 10% to 11, while high-priority disclosures climbed 45% to 64, indicating broader product impact across the disclosure cycle. Notable critical entries include CVE-2026-34908/34909/34910 in Ubiquiti UniFi OS, CVE-2026-48207 in Apache Fory PyFory, and CVE-2026-5433 in Honeywell Control Network. Attack patterns skew toward remote code execution and authentication bypass against network appliances, endpoint security platforms, and content management systems. Patches are not yet broadly published for today's disclosures, so defenders should prioritize compensating controls and monitor vendor advisories closely.
Three CVSS 10 vulnerabilities in Ubiquiti UniFi OS (CVE-2026-34908, 34909, 34910) affecting network infrastructure
Critical CVEs up 10% day-over-day to 11, including WordPress plugin flaws CVE-2026-6960 and CVE-2026-5118 at CVSS 9.8
High-priority disclosures up 45% to 64, reflecting wider product exposure across vendors
Trend Micro Apex One Management Console hit by twin CVSS 9.8 flaws (CVE-2025-71210, CVE-2025-71211) enabling remote compromise
10 actively exploited CVEs tracked, including CVE-2026-42897 in Microsoft and CVE-2026-34926 in Trend Micro Apex One
Immediate action: Prioritize Ubiquiti UniFi OS, Trend Micro Apex One, and WordPress plugin environments for immediate review, as these carry the highest combination of severity and exposure. With 0% patch availability reported for today's disclosures, restrict management interface exposure, apply vendor-provided mitigations, and monitor advisories for forthcoming fixes.
π‘ Tip: Swipe CVE cards left to β star, right to β remove
Section Navigation
β οΈ
CISA Known Exploited Vulnerabilities
β οΈ CISA KEVURGENT
CVE-2026-42897
9.5π
MicrosoftExchange Server
β° Federal Deadline:May 28, 2026(7 days remaining)
A cross-site scripting (XSS) vulnerability in Microsoft Exchange Server allows unauthenticated attackers to perform spoofing over a network.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2008-4250
9.5π Late Disclosure
MicrosoftWindows
β° Federal Deadline:June 2, 2026(12 days remaining)
Microsoft Windows Buffer Overflow Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2009-1537
9.5π Late Disclosure
MicrosoftDirectX
β° Federal Deadline:June 2, 2026(12 days remaining)
Microsoft DirectX NULL Byte Overwrite Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2009-3459
9.5π Late Disclosure
AdobeAcrobat and Reader
β° Federal Deadline:June 2, 2026(12 days remaining)
Adobe Acrobat and Reader Heap-Based Buffer Overflow Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2010-0249
9.5π Late Disclosure
MicrosoftInternet Explorer
β° Federal Deadline:June 2, 2026(12 days remaining)
Microsoft Internet Explorer Use-After-Free Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2010-0806
9.5π Late Disclosure
MicrosoftInternet Explorer
β° Federal Deadline:June 2, 2026(12 days remaining)
Microsoft Internet Explorer Use-After-Free Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2026-45498
9.5
MicrosoftDefender
β° Federal Deadline:June 2, 2026(12 days remaining)
Microsoft Defender Denial of Service Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2025-34291
9.5
LangflowLangflow
β° Federal Deadline:June 3, 2026(13 days remaining)
Langflow Origin Validation Error Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2026-34926
9.5
Trend MicroApex One
β° Federal Deadline:June 3, 2026(13 days remaining)
Trend Micro Apex One (On-Premise) Directory Traversal Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2026-41091
7.8
MicrosoftDefender allows
β° Federal Deadline:June 2, 2026(12 days remaining)
Improper link resolution before file access ('link following') in Microsoft Defender allows an authorized attacker to elevate privileges locally
CVSS Base7.8
β
CRSSelect profile
π¨
Critical Vulnerabilities
CVE-2026-6960
9.8π
BookingPressBookingPress Pro
The BookingPress Pro plugin for WordPress is vulnerable to arbitrary file uploads, potentially allowing unauthenticated remote code execution.
CVSS Base9.8
β
CRSSelect profile
CVE-2026-5118
9.8π
DiviDivi Form Builder
The Divi Form Builder plugin for WordPress is vulnerable to privilege escalation, allowing unauthenticated users to register as administrators.
CVSS Base9.8
β
CRSSelect profile
CVE-2026-48207
9.8π
ApacheFory PyFory
Apache Fory PyFory is vulnerable to deserialization of untrusted data, which can bypass safety policies and lead to remote code execution.
CVSS Base9.8
β
CRSSelect profile
CVE-2026-5433
9.1π
HoneywellControl Network Module
A command injection vulnerability in the Honeywell Control Network Module web interface allows unauthenticated remote code execution via command delimiters.
CVSS Base9.1
β
CRSSelect profile
CVE-2025-71210
9.8π
Trend MicroApex One Management Console
A vulnerability in the Trend Micro Apex One management console allows remote attackers to upload malicious code and execute commands on affected systems.
CVSS Base9.8
β
CRSSelect profile
CVE-2025-71211
9.8π
Trend MicroApex One Management Console
A secondary vulnerability in the Trend Micro Apex One management console allows remote attackers to upload malicious code and execute commands.
CVSS Base9.8
β
CRSSelect profile
CVE-2026-39531
9.3π
WP Directory KitWP Directory Kit
The WP Directory Kit plugin for WordPress is vulnerable to Blind SQL Injection, allowing attackers to extract sensitive database information.
CVSS Base9.3
β
CRSSelect profile
CVE-2026-34908
10π
UbiquitiUniFi OS
An improper access control vulnerability in Ubiquiti UniFi OS devices allows network-adjacent attackers to modify system configurations without authorization.
CVSS Base10
β
CRSSelect profile
CVE-2026-34909
10π
UbiquitiUniFi OS
A path traversal vulnerability in Ubiquiti UniFi OS allows network-adjacent attackers to read sensitive system files and potentially compromise user accounts.
CVSS Base10
β
CRSSelect profile
CVE-2026-34910
10π
UbiquitiUniFi OS
An improper input validation flaw in Ubiquiti UniFi OS enables network-adjacent attackers to execute arbitrary commands on the underlying system.
CVSS Base10
β
CRSSelect profile
CVE-2026-33000
9.1π
UbiquitiUniFi OS
An improper input validation vulnerability in Ubiquiti UniFi OS allows high-privileged, network-adjacent users to execute arbitrary system commands.
CVSS Base9.1
β
CRSSelect profile
β οΈ
High Priority Updates
CVE-2026-9018
8.8
WordPressis vulnerable
The Easy Elements for Elementor β Addons & Website Templates plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1
CVSS Base8.8
β
CRSSelect profile
CVE-2026-9123
7.5π
GoogleChrome
A heap buffer overflow vulnerability exists in the Chromecast component of Google Chrome on Android, Linux, and ChromeOS, potentially allowing for memory corruption.
CVSS Base7.5
β
CRSSelect profile
CVE-2026-48235
8.2π
GoogleLatitude integration (Open ISES)
The Open ISES Tickets integration within Google services contains a vulnerability in versions prior to 3, which may expose sensitive information or permit unauthorized actions.
CVSS Base8.2
β
CRSSelect profile
CVE-2025-71214
7.8
Trend MicroApex One
An origin validation error vulnerability in the Trend Micro Apex One (mac) agent iCore service could allow a local attacker to escalate privileges on affected installations
CVSS Base7.8
β
CRSSelect profile
CVE-2026-9117
7.5π
GoogleChrome
A type confusion vulnerability in the GFX component of Google Chrome on Linux and ChromeOS prior to version 148 may lead to unexpected application behavior.
CVSS Base7.5
β
CRSSelect profile
CVE-2026-39850
7.4
HPapplication framework
Yii 2 is a PHP application framework
CVSS Base7.4
β
CRSSelect profile
CVE-2026-4834
7.5
WordPressis vulnerable
The WP ERP Pro plugin for WordPress is vulnerable to SQL Injection via the 'search_key' parameter in all versions up to, and including, 1
CVSS Base7.5
β
CRSSelect profile
CVE-2026-47102
8.8π
LiteLLMLiteLLM
A vulnerability in LiteLLM prior to version 1 allows for potential unauthorized actions or information disclosure within the platform.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-7613
7.2
WordPressis vulnerable
The Cost of Goods by PixelYourSite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'csvdata[0][cost_of_goods_value]' parameter in versions up to, and including, 1
CVSS Base7.2
β
CRSSelect profile
CVE-2026-8632
7.8
LinuxImaging and
A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software
CVSS Base7.8
β
CRSSelect profile
CVE-2025-32750
7.5
DellPowerFlex Manager
Dell PowerFlex Manager, version(s) <=4
CVSS Base7.5
β
CRSSelect profile
CVE-2026-20239
7.5
versionsEnterprise versions
In Splunk Enterprise versions below 10
CVSS Base7.5
β
CRSSelect profile
CVE-2026-48231
7.1
HPwhere the
Open ISES Tickets before 3
CVSS Base7.1
β
CRSSelect profile
CVE-2026-48232
7.1
HPwhere the
Open ISES Tickets before 3
CVSS Base7.1
β
CRSSelect profile
CVE-2026-48233
7.1
HPwhere the
Open ISES Tickets before 3
CVSS Base7.1
β
CRSSelect profile
CVE-2026-48234
7.1
HPwhere the
Open ISES Tickets before 3
CVSS Base7.1
β
CRSSelect profile
CVE-2026-2740
8.4
versionADSelfService Plus
Zohocorp ManageEngine ADSelfService Plus version before 6525, DataSecurity Plus before 6264 and RecoveryManager Plus before 6313 are vulnerable to Authenticated Remote code execution in the agent machines due to the bug in the 3rd party dependency
CVSS Base8.4
β
CRSSelect profile
CVE-2026-5946
7.5
AWShave been
Multiple flaws have been identified in `named` related to the handling of DNS messages whose CLASS is not Internet (`IN`) β for example, `CHAOS` or `HESIOD`, or DNS messages that specify meta-classes (`ANY` or `NONE`) in the question section
CVSS Base7.5
β
CRSSelect profile
CVE-2026-39047
7.5
EPSONL14150 FL27PB
Buffer Overflow vulnerability in EPSON L14150 FL27PB allows a remote attacker to execute arbitrary code via the RAW Printing Service (JetDirect) on TCP port 9100
CVSS Base7.5
β
CRSSelect profile
CVE-2026-48241
8.1
HPMultiple Products
Open ISES Tickets before 3
CVSS Base8.1
β
CRSSelect profile
CVE-2026-48242
8.1
HPMultiple Products
Open ISES Tickets before 3
CVSS Base8.1
β
CRSSelect profile
CVE-2026-3039
7.5
BINDMultiple Products
BIND servers that are configured to use TKEY-based authentication via GSS-API tokens are vulnerable to excessive memory consumption when receiving and processing maliciously-constructed packets
CVSS Base7.5
β
CRSSelect profile
CVE-2026-9089
8.8
ConnectWiseAutomate
The ConnectWise Automateβ’ Agent does not fully verify the authenticity of components obtained during plugin loading and self-update operations
CVSS Base8.8
β
CRSSelect profile
CVE-2026-3593
7.4
UnknownMultiple Products
A use-after-free vulnerability exists within the DNS-over-HTTPS implementation
CVSS Base7.4
β
CRSSelect profile
CVE-2026-9157
8.4
Gmission Web FaxMultiple Products
Improper input validation, Unrestricted upload of file with dangerous type vulnerability in Gmission Web Fax allows Remote Code Inclusion
CVSS Base8.4
β
CRSSelect profile
CVE-2026-45253
8.4
UnknownMultiple Products
ptrace(PT_SC_REMOTE) failed to properly validate parameters for the syscall(2) and __syscall(2) meta-system calls
CVSS Base8.4
β
CRSSelect profile
CVE-2025-71212
7.8
Trend MicroApex One
A link following vulnerability in the Trend Micro Apex One scan engine could allow a local attacker to escalate privileges on affected installations
CVSS Base7.8
β
CRSSelect profile
CVE-2025-71213
7.8
Trend MicroApex One
An origin validation error vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations
CVSS Base7.8
β
CRSSelect profile
CVE-2025-71216
7.8
Trend MicroApex One
A time-of-check time-of-use vulnerability in the Trend Micro Apex One (mac) agent cache mechanism could allow a local attacker to escalate privileges on affected installations
CVSS Base7.8
β
CRSSelect profile
CVE-2025-71217
7.8
Trend MicroApex One
An origin validation error vulnerability in the Trend Micro Apex One (mac) agent self-protection mechanism could allow a local attacker to escalate privileges on affected installations
CVSS Base7.8
β
CRSSelect profile
CVE-2026-28764
7.8
UnknownMultiple Products
MediaArea MediaInfoLib LXF element parsing heap-based buffer overflow vulnerability
CVSS Base7.8
β
CRSSelect profile
CVE-2026-39461
8.8
UnknownMultiple Products
libcasper(3) communicates with helper processes via UNIX domain sockets, and uses the select(2) system call to wait for data to become available
CVSS Base8.8
β
CRSSelect profile
CVE-2026-47114
8.8
IINAMultiple Products
IINA before 1
CVSS Base8.8
β
CRSSelect profile
CVE-2026-47101
8.8
priorMultiple Products
LiteLLM prior to 1
CVSS Base8.8
β
CRSSelect profile
CVE-2026-44058
7.2
NetatalkMultiple Products
An authentication bypass vulnerability in Netatalk 2
CVSS Base7.2
β
CRSSelect profile
CVE-2026-4858
8
MattermostMultiple Products
Mattermost versions 11
CVSS Base8
β
CRSSelect profile
CVE-2026-45250
7.8
UnknownMultiple Products
The setcred(2) system call is only available to privileged users
CVSS Base7.8
β
CRSSelect profile
CVE-2026-45251
7.8
UnknownMultiple Products
A file descriptor can be closed while a thread is blocked in a poll(2) or select(2) call waiting for that descriptor
CVSS Base7.8
β
CRSSelect profile
CVE-2026-34927
7.8
ApexMultiple Products
An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations
CVSS Base7.8
β
CRSSelect profile
CVE-2026-34928
7.8
ApexMultiple Products
An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations
CVSS Base7.8
β
CRSSelect profile
CVE-2026-34929
7.8
ApexMultiple Products
An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations
CVSS Base7.8
β
CRSSelect profile
CVE-2026-34930
7.8
ApexMultiple Products
An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations
CVSS Base7.8
β
CRSSelect profile
CVE-2026-45206
7.8
ApexMultiple Products
An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations
CVSS Base7.8
β
CRSSelect profile
CVE-2026-45207
7.8
ApexMultiple Products
An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations
CVSS Base7.8
β
CRSSelect profile
CVE-2026-45208
7.8
ApexMultiple Products
A time-of-check time-of-use vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations
CVSS Base7.8
β
CRSSelect profile
CVE-2026-34911
7.7
InforMultiple Products
A malicious actor with access to the network and low privileges could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to obtain sensitive information
CVSS Base7.7
β
CRSSelect profile
CVE-2026-9064
7.5
foundMultiple Products
A flaw was found in 389-ds-base
CVSS Base7.5
β
CRSSelect profile
CVE-2026-5947
7.5
UndefinedMultiple Products
Undefined behavior may result due to a race condition leading to a use-after-free violation
CVSS Base7.5
β
CRSSelect profile
CVE-2026-47373
7.5
versionsMultiple Products
Crypt::SaltedHash versions through 0
CVSS Base7.5
β
CRSSelect profile
CVE-2026-40092
7.5
UnknownMultiple Products
nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation
CVSS Base7.5
β
CRSSelect profile
CVE-2026-44049
7.5
UnknownMultiple Products
An out-of-bounds write due to improper null termination in convert_charset() in Netatalk 2
CVSS Base7.5
β
CRSSelect profile
CVE-2026-44052
7.5
NetatalkMultiple Products
Netatalk 2
CVSS Base7.5
β
CRSSelect profile
CVE-2026-44055
7.5
UnknownMultiple Products
A logic error involving bitwise OR operations in Netatalk 3
CVSS Base7.5
β
CRSSelect profile
CVE-2026-44060
7.5
UnknownMultiple Products
An integer underflow in dsi_writeinit() in Netatalk 1
CVSS Base7.5
β
CRSSelect profile
CVE-2026-44062
7.5
UnknownMultiple Products
A missing output length bounds check in pull_charset_flags() in Netatalk 2
CVSS Base7.5
β
CRSSelect profile
CVE-2026-42001
7.5
InsufficientMultiple Products
Insufficient Validation of Autoprimary SOA Queries
CVSS Base7.5
β
CRSSelect profile
CVE-2026-45255
7.5
WhenMultiple Products
When bsdinstall or bsdconfig are prompted to scan for nearby Wi-Fi networks, they build up a list of network names and use bsddialog(1) to prompt the user to select a network
CVSS Base7.5
β
CRSSelect profile
CVE-2025-13479
7.5
PosCube HardwareMultiple Products
Authorization bypass through User-Controlled key vulnerability in PosCube Hardware Software and Consulting Ltd
CVSS Base7.5
β
CRSSelect profile
CVE-2026-46473
7.5
versionsMultiple Products
Authen::TOTP versions before 0
CVSS Base7.5
β
CRSSelect profile
CVE-2026-44053
7.4
LGMultiple Products
Netatalk 1
CVSS Base7.4
β
CRSSelect profile
CVE-2026-22315
7.2
MeonaMultiple Products
Incorrect Privilege Assignment vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables the exportΒ of user data, including cleartext passwords, via the SQL editor
CVSS Base7.2
β
CRSSelect profile
CVE-2026-44064
7.1
InforMultiple Products
An out-of-bounds read in ASP session ID handling in Netatalk 1
CVSS Base7.1
β
CRSSelect profile
CVE-2026-44066
7.1
InforMultiple Products
Multiple heap out-of-bounds reads in the Spotlight RPC unmarshalling code in Netatalk 3
CVSS Base7.1
β
CRSSelect profile
CVE-2025-13477
7.1
Digital OperationsMultiple Products
Exposure of private personal information to an unauthorized actor, Insufficiently Protected Credentials vulnerability in Digital Operations Services Inc