Critical vulnerabilities, curated daily for security professionals
đ¯ SSCV Profile
See how vulnerabilities affect your specific environment
CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework
Risk scores will be adjusted based on your selected environment
đ
Today's Security Brief
Tuesday's disclosures center on a small batch of high-priority vulnerabilities with no critical-severity CVEs published in the last 24 hours. Critical CVE volume held flat at zero while high-priority disclosures rose 33% to four entries compared to three the prior day. The Known Exploited Vulnerabilities catalog includes ten actively exploited issues spanning Drupal Core (CVE-2026-9082), Trend Micro Apex One (CVE-2026-34926), and Microsoft Defender (CVE-2026-45498, CVE-2026-41091). Several KEV entries reach back to legacy Microsoft Internet Explorer, DirectX, and Adobe Acrobat issues, indicating ongoing opportunistic targeting of unpatched estates. No patches are currently linked in today's dataset, so defenders should rely on vendor advisories for remediation guidance.
Trend Micro Apex One and Microsoft Defender appear in today's actively exploited set, putting endpoint security tooling itself in the threat path
Critical CVEs held steady at 0, unchanged from the prior day
High-priority CVEs increased 33% to 4, up from 3 the prior day
Active exploitation observed against Drupal Core (CVE-2026-9082) and Langflow (CVE-2025-34291), spanning web CMS and AI tooling
Patch availability sits at 0% in today's dataset; remediation requires direct reference to vendor advisories
10 vulnerabilities tracked as actively exploited, flat versus the prior day
Immediate action: Prioritize patching Trend Micro Apex One, Microsoft Defender, Drupal Core, and Langflow deployments given confirmed active exploitation across these products. With no patches surfaced in today's feed, consult each vendor's advisory directly and apply available updates or mitigations before resuming normal change windows.
đĄ Tip: Swipe CVE cards left to â star, right to â remove
Section Navigation
â ī¸
CISA Known Exploited Vulnerabilities
â ī¸ CISA KEVURGENT
CVE-2026-9082
9.5
DrupalCore
â° Federal Deadline:May 26, 2026(1 days remaining)
Drupal Core SQL Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2008-4250
9.5đ Late Disclosure
MicrosoftWindows
â° Federal Deadline:June 2, 2026(8 days remaining)
Microsoft Windows Buffer Overflow Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2009-1537
9.5đ Late Disclosure
MicrosoftDirectX
â° Federal Deadline:June 2, 2026(8 days remaining)
Microsoft DirectX NULL Byte Overwrite Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2009-3459
9.5đ Late Disclosure
AdobeAcrobat and Reader
â° Federal Deadline:June 2, 2026(8 days remaining)
Adobe Acrobat and Reader Heap-Based Buffer Overflow Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2010-0249
9.5đ Late Disclosure
MicrosoftInternet Explorer
â° Federal Deadline:June 2, 2026(8 days remaining)
Microsoft Internet Explorer Use-After-Free Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2010-0806
9.5đ Late Disclosure
MicrosoftInternet Explorer
â° Federal Deadline:June 2, 2026(8 days remaining)
Microsoft Internet Explorer Use-After-Free Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2026-45498
9.5
MicrosoftDefender
â° Federal Deadline:June 2, 2026(8 days remaining)
Microsoft Defender Denial of Service Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-34291
9.5
LangflowLangflow
â° Federal Deadline:June 3, 2026(9 days remaining)
Langflow Origin Validation Error Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2026-34926
9.5
Trend MicroApex One
â° Federal Deadline:June 3, 2026(9 days remaining)
Trend Micro Apex One (On-Premise) Directory Traversal Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2026-41091
7.8
MicrosoftDefender allows
â° Federal Deadline:June 2, 2026(8 days remaining)
Improper link resolution before file access ('link following') in Microsoft Defender allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
â ī¸
High Priority Updates
CVE-2025-15620
8.6đ
HirschmannHiOS Switch Platform
Hirschmann HiOS Switch Platform version 09 contains a high-severity vulnerability that affects the security of the network switching infrastructure.
CVSS Base8.6
â
CRSSelect profile
CVE-2023-53888
8.8đ Late Disclosure
HPcode through
Zomplog 3
CVSS Base8.8
â
CRSSelect profile
CVE-2023-7343
7.8đđ Late Disclosure
HirschmannHiSecOS Web Server
Hirschmann HiSecOS web server version 05 is vulnerable to a high-severity security flaw that could compromise the integrity of the management interface.