Critical vulnerabilities, curated daily for security professionals
đ¯ SSCV Profile
See how vulnerabilities affect your specific environment
CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework
Risk scores will be adjusted based on your selected environment
đĄ Tip: Swipe CVE cards left to â star, right to â remove
Section Navigation
â ī¸
CISA Known Exploited Vulnerabilities
â ī¸ CISA KEVURGENT
CVE-2026-9082
9.5
DrupalCore
â° Federal Deadline:May 26, 2026(2 days remaining)
Drupal Core SQL Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2008-4250
9.5đ Late Disclosure
MicrosoftWindows
â° Federal Deadline:June 2, 2026(9 days remaining)
Microsoft Windows Buffer Overflow Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2009-1537
9.5đ Late Disclosure
MicrosoftDirectX
â° Federal Deadline:June 2, 2026(9 days remaining)
Microsoft DirectX NULL Byte Overwrite Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2009-3459
9.5đ Late Disclosure
AdobeAcrobat and Reader
â° Federal Deadline:June 2, 2026(9 days remaining)
Adobe Acrobat and Reader Heap-Based Buffer Overflow Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2010-0249
9.5đ Late Disclosure
MicrosoftInternet Explorer
â° Federal Deadline:June 2, 2026(9 days remaining)
Microsoft Internet Explorer Use-After-Free Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2010-0806
9.5đ Late Disclosure
MicrosoftInternet Explorer
â° Federal Deadline:June 2, 2026(9 days remaining)
Microsoft Internet Explorer Use-After-Free Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2026-45498
9.5
MicrosoftDefender
â° Federal Deadline:June 2, 2026(9 days remaining)
Microsoft Defender Denial of Service Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-34291
9.5
LangflowLangflow
â° Federal Deadline:June 3, 2026(10 days remaining)
Langflow Origin Validation Error Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2026-34926
9.5
Trend MicroApex One
â° Federal Deadline:June 3, 2026(10 days remaining)
Trend Micro Apex One (On-Premise) Directory Traversal Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2026-41091
7.8
MicrosoftDefender allows
â° Federal Deadline:June 2, 2026(9 days remaining)
Improper link resolution before file access ('link following') in Microsoft Defender allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
â ī¸
High Priority Updates
CVE-2026-43490
8.8đ
LinuxKernel (ksmbd)
A buffer access vulnerability in the Linux kernel ksmbd module allows out-of-bounds operations due to improper validation of inherited ACE SID lengths during DACL processing.
CVSS Base8.8
â
CRSSelect profile
CVE-2026-31613
8.1đ
LinuxKernel (SMB Client)
The Linux kernel SMB client implementation contains an out-of-bounds read vulnerability when parsing symlink error responses due to insufficient length validation.
CVSS Base8.1
â
CRSSelect profile
CVE-2026-8604
8.8đ
ScadaBRScadaBR
ScadaBR version 1.2.0 is vulnerable to a Cross-Site Request Forgery (CSRF) attack, which allows unauthorized actors to execute actions on behalf of an authenticated user.