Critical vulnerabilities, curated daily for security professionals
π― SSCV Profile
See how vulnerabilities affect your specific environment
CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework
Risk scores will be adjusted based on your selected environment
π
Today's Security Brief
Progress Sitefinity led Wednesday's disclosures with two critical vulnerabilities, including CVE-2026-7312 at the maximum CVSS 10 and CVE-2026-7198 at 9.8, placing content-management deployments at the front of remediation queues. The day brought 7 critical CVEs, down 22% from the prior day's 9, and 17 high-priority CVEs, down 63% from 46. Beyond Sitefinity, critical issues affected identity and healthcare systems, including CVE-2026-49448 (9.8) in authentik, CVE-2026-0611 (9.8) in Spacelabs Healthcare Sentinel, and CVE-2026-47117 (9.8) in OpenMed. Remote code execution and authentication bypass dominated the critical set, spanning web platforms, WordPress/LMS plugins, and medical devices. No patches were available at disclosure for the reported critical issues, so teams should prioritize compensating controls and monitor vendor advisories closely; 7 CVEs carry confirmed active exploitation, including Palo Alto Networks PAN-OS and Oracle WebLogic Server.
Progress Sitefinity carried two critical flaws, CVE-2026-7312 (CVSS 10) and CVE-2026-7198 (CVSS 9.8), making it the most exposed platform of the day
Critical CVEs totaled 7, a 22% decrease from the prior day's 9
High-priority CVEs totaled 17, a 63% decrease from the prior day's 46
Remote code execution and authentication bypass were the dominant attack patterns, affecting web CMS, identity (authentik), and LMS/WordPress plugins
Patch availability stood at 0% for the disclosed critical issues, leaving compensating controls and monitoring as the primary near-term defense
7 CVEs have confirmed active exploitation, including Palo Alto Networks PAN-OS (CVE-2026-0257) and Oracle WebLogic Server (CVE-2024-21182)
Immediate action: Prioritize Progress Sitefinity, authentik, and internet-facing healthcare systems (Spacelabs Sentinel, OpenMed) for immediate review, and apply restrictions or isolation where fixes are not yet published. With patch availability at 0% for the disclosed critical issues, track vendor advisories continuously and apply mitigations as soon as they are released; separately, ensure actively exploited products such as Palo Alto Networks PAN-OS and Oracle WebLogic Server are remediated on an accelerated timeline.
π‘ Tip: Swipe CVE cards left to β star, right to β remove
Section Navigation
β οΈ
CISA Known Exploited Vulnerabilities
β οΈ CISA KEVURGENT
CVE-2026-8398
9.5π
AVB Disc SoftDAEMON Tools Lite
β° Federal Deadline:May 29, 2026(-4 days remaining)
A supply chain compromise of DAEMON Tools Lite resulted in the distribution of trojanized binaries signed with a legitimate certificate.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEVURGENT
CVE-2026-0257
9.5π
Palo Alto NetworksPAN-OS
β° Federal Deadline:May 31, 2026(-2 days remaining)
An authentication bypass vulnerability exists in Palo Alto Networks PAN-OS GlobalProtect, allowing unauthenticated attackers to forge authentication cookies and establish unauthorized VPN connections.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEVURGENT
CVE-2024-21182
9.5ππ Late Disclosure
OracleWebLogic Server
β° Federal Deadline:June 3, 2026(1 days remaining)
Oracle WebLogic Server contains an unspecified vulnerability that is currently being exploited in the wild.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEVURGENT
CVE-2022-0492
9.5ππ Late Disclosure
LinuxKernel
β° Federal Deadline:June 4, 2026(2 days remaining)
A privilege escalation vulnerability in the Linux Kernel cgroup_release_agent_write function allows unprivileged users to escape container environments and gain elevated host privileges.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEVURGENT
CVE-2025-48595
9.5π
AndroidFramework
β° Federal Deadline:June 4, 2026(2 days remaining)
An integer overflow vulnerability in the Android Framework allows for potential unauthorized system access and is currently tracked in the CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEVURGENT
CVE-2026-48027
9.5π
NxNx Console
β° Federal Deadline:June 9, 2026(7 days remaining)
A critical supply chain attack involving embedded malicious code in the Nx Console VS Code extension has been identified and is being actively exploited.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEVURGENT
CVE-2026-45321
9.5π
GitHubActions OIDC
β° Federal Deadline:June 9, 2026(7 days remaining)
GitHub Actions OIDC was exploited to publish malicious npm packages by chaining multiple vulnerabilities, including cache poisoning and token extraction.
CVSS Base9.5
β
CRSSelect profile
π¨
Critical Vulnerabilities
CVE-2026-5076
9.8π
ARMemberARMember Premium Plugin
The ARMember Premium plugin for WordPress stores plaintext password reset keys, allowing unauthenticated attackers to reset user passwords and hijack accounts.
CVSS Base9.8
β
CRSSelect profile
CVE-2026-0611
9.8π
Spacelabs HealthcareSentinel
Spacelabs Healthcare Sentinel contains an unauthenticated RCE vulnerability via a deprecated .NET Remoting HTTP channel, allowing attackers to write webshells and execute arbitrary code.
CVSS Base9.8
β
CRSSelect profile
CVE-2026-7312
10π
ProgressSitefinity
Progress Sitefinity web services contain a vulnerability that allows unauthenticated remote attackers to retrieve plain-text credentials for the Sitefinity Insight service.
CVSS Base10
β
CRSSelect profile
CVE-2026-7198
9.8π
ProgressSitefinity
Improper access control in Progress Sitefinity web services allows unauthenticated attackers to access restricted content and fully compromise the installation.
CVSS Base9.8
β
CRSSelect profile
CVE-2026-47117
9.8π
OpenMedMultiple Products
OpenMed contains a remote code execution vulnerability in its PII privacy-filter model loading path, allowing unauthenticated attackers to execute arbitrary code.
CVSS Base9.8
β
CRSSelect profile
CVE-2025-53209
9.8π
ThemeisleMasteriyo LMS PRO
Themeisle Masteriyo LMS PRO contains an incorrect privilege assignment vulnerability, allowing unauthenticated attackers to escalate their privileges to administrator.
CVSS Base9.8
β
CRSSelect profile
CVE-2026-49448
9.8π
authentikauthentik
An authentication bypass vulnerability in the authentik Source stage allows unauthenticated attackers to bypass security checks by sending an empty POST request.
CVSS Base9.8
β
CRSSelect profile
β οΈ
High Priority Updates
CVE-2026-5883
8.8π
GoogleChrome
A use-after-free vulnerability in the Media component of Google Chrome allows remote attackers to execute arbitrary code via a crafted HTML page.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-1829
8.8π
WordPressContent Visibility for Divi Builder
The Content Visibility for Divi Builder plugin for WordPress contains a vulnerability that allows for remote code execution.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-42359
8.8π
ApacheAirflow
A deserialization vulnerability in the Apache Airflow XCom PATCH endpoint allows authenticated users to achieve remote code execution by bypassing key validation.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-49298
8.8π
ApacheAirflow
A bug in Apache Airflow's KubernetesExecutor causes sensitive JWT tokens to be exposed as command-line arguments in pod specifications.
CVSS Base8.8
β
CRSSelect profile
CVE-2025-53345
8.8π
ThimPressThim Core
A missing authorization vulnerability in ThimPress Thim Core allows for arbitrary code execution after installing a malicious plugin.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-42096
8.8π
Sparx SystemsPro Cloud Server
Sparx Pro Cloud Server contains a broken access control vulnerability that allows low-privileged users to execute arbitrary SQL queries.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-7195
8.8π
ProgressSitefinity
Improper input validation in web services within Progress Sitefinity 14 may lead to security vulnerabilities.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-7201
8.8π
ProgressSitefinity
An authorization bypass vulnerability via user-controlled keys in web services affects Progress Sitefinity 15.
CVSS Base8.8
β
CRSSelect profile
CVE-2016-9365
8.8ππ Late Disclosure
MoxaNPort
A stack-based buffer overflow in Moxa NPort 5110 allows remote attackers to execute arbitrary code or cause a denial-of-service.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-23230
8.8π
LinuxKernel
A race condition in the Linux kernel SMB client handling of bitfields in `struct cached_fid` can lead to memory corruption or denial of service due to shared-byte read-modify-write operations.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-1784
8.8π
Red HatOpenShift Container Platform
A vulnerability in the OpenShift Route resource allows low-privileged users to inject malicious HAProxy configurations, potentially leading to cross-tenant traffic hijacking.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-10591
8.8π
AmazonKiro IDE
Amazon Kiro IDE contains an access control flaw in its file write tool that can be exploited by remote attackers to execute arbitrary code.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-49143
8.8π
BrowserStackRunner
BrowserStack Runner contains a remote code execution vulnerability in its HTTP handler that can be exploited by unauthenticated, network-adjacent attackers.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-49443
8.8π
authentikauthentik
A security vulnerability has been identified in authentik, an open-source identity provider, requiring immediate attention from security administrators.
CVSS Base8.8
β
CRSSelect profile
CVE-2021-21974
8.8ππ Late Disclosure
VMwareESXi
A heap-overflow vulnerability in the OpenSLP service of VMware ESXi allows remote code execution for attackers on the same network segment.
CVSS Base8.8
β
CRSSelect profile
CVE-2021-25667
8.8ππ Late Disclosure
SiemensRUGGEDCOM and SCALANCE series
A stack-based buffer overflow in STP BPDU frame handling in Siemens industrial networking devices may allow remote code execution or denial-of-service.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-42097
8.8π
Sparx SystemsPro Cloud Server
An authentication bypass vulnerability in Sparx Pro Cloud Server allows unauthorized access depending on the requested URL.