Critical vulnerabilities, curated daily for security professionals
đ¯ SSCV Profile
See how vulnerabilities affect your specific environment
CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework
Risk scores will be adjusted based on your selected environment
đ
Today's Security Brief
Monday's vulnerability landscape centers on Digiwin EasyFlow .NET and industrial control systems, with two CVSS 9.8 flaws in Digiwin products and a critical issue affecting SD-330AC and AMC Manager devices. The brief includes 3 critical vulnerabilities (down 57% from 7) and 22 high-priority CVEs (down 52% from 46), reflecting a quieter disclosure cycle. Key critical entries include CVE-2026-5963 and CVE-2026-5964 affecting Digiwin EasyFlow .NET, alongside CVE-2026-32956 impacting SD-330AC and AMC Manager processing. Business application platforms and industrial control systems dominate today's attack surface, with 9 CVEs showing confirmed active exploitation across Microsoft, Adobe, and Apache products. No patches are currently available for the disclosed critical vulnerabilities, warranting defensive monitoring and compensating controls until fixes are released.
Digiwin EasyFlow .NET affected by two CVSS 9.8 vulnerabilities requiring immediate attention from enterprise users
Critical CVEs down 57% from prior day (3 vs 7), signaling reduced but still significant disclosure volume
High-priority CVEs down 52% from prior day (22 vs 46) across enterprise and industrial products
Industrial control systems impacted via CVE-2026-32956 affecting SD-330AC and AMC Manager processing
Patch availability at 0% for today's critical disclosures, requiring compensating controls and monitoring
9 CVEs under active exploitation spanning Microsoft Exchange, SharePoint, Windows, Adobe Acrobat, and Apache ActiveMQ
Immediate action: Prioritize asset inventory and network isolation for Digiwin EasyFlow .NET deployments and SD-330AC/AMC Manager industrial devices pending vendor patches. Organizations running Microsoft Exchange, SharePoint, Windows, Adobe Acrobat, or Apache ActiveMQ should verify current patch levels given confirmed exploitation of the 9 KEV entries. No patches are available for today's critical CVEs, so apply network segmentation and enhanced monitoring until fixes are published.
đĄ Tip: Swipe CVE cards left to â star, right to â remove
Section Navigation
â ī¸
CISA Known Exploited Vulnerabilities
â ī¸ CISA KEVURGENT
CVE-2012-1854
9.5đ Late Disclosure
MicrosoftVisual Basic for Applications (VBA)
â° Federal Deadline:April 26, 2026(7 days remaining)
Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2025-60710
9.5
MicrosoftWindows
â° Federal Deadline:April 26, 2026(7 days remaining)
Microsoft Windows Link Following Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2023-21529
9.5đ Late Disclosure
MicrosoftExchange Server
â° Federal Deadline:April 26, 2026(7 days remaining)
Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2023-36424
9.5đ Late Disclosure
MicrosoftWindows
â° Federal Deadline:April 26, 2026(7 days remaining)
Microsoft Windows Out-of-Bounds Read Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2020-9715
9.5đ Late Disclosure
AdobeAcrobat
â° Federal Deadline:April 26, 2026(7 days remaining)
Adobe Acrobat Use-After-Free Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2026-34621
9.5đ
AdobeAcrobat and Reader
â° Federal Deadline:April 26, 2026(7 days remaining)
Adobe Acrobat Reader is vulnerable to prototype pollution, which can result in arbitrary code execution when a victim opens a malicious file.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2009-0238
9.5đ Late Disclosure
MicrosoftOffice
â° Federal Deadline:April 27, 2026(8 days remaining)
Microsoft Office Remote Code Execution - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2026-32201
9.5
MicrosoftSharePoint Server
â° Federal Deadline:April 27, 2026(8 days remaining)
Microsoft SharePoint Server Improper Input Validation Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2026-34197
9.5
ApacheActiveMQ
â° Federal Deadline:April 29, 2026(10 days remaining)
Apache ActiveMQ Improper Input Validation Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
đ¨
Critical Vulnerabilities
CVE-2026-5963
9.8đ
DigiwinEasyFlow .NET
Digiwin EasyFlow .NET contains a SQL injection vulnerability allowing unauthenticated remote attackers to manipulate database contents.
CVSS Base9.8
â
CRSSelect profile
CVE-2026-5964
9.8đ
DigiwinEasyFlow .NET
Digiwin EasyFlow .NET contains a SQL injection vulnerability allowing unauthenticated remote attackers to manipulate database contents.
CVSS Base9.8
â
CRSSelect profile
CVE-2026-32956
9.8đ
processing theSD-330AC and AMC Manager
silex technology SD-330AC and AMC Manager contain a heap-based buffer overflow vulnerability, potentially allowing arbitrary code execution.
CVSS Base9.8
â
CRSSelect profile
â ī¸
High Priority Updates
CVE-2026-6568
7.3
HPof the
A vulnerability was determined in kodcloud KodExplorer up to 4
CVSS Base7.3
â
CRSSelect profile
CVE-2026-6569
7.3
HPof the
A vulnerability was identified in kodcloud KodExplorer up to 4
CVSS Base7.3
â
CRSSelect profile
CVE-2026-6595
7.3
HPof the
A vulnerability was identified in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59
CVSS Base7.3
â
CRSSelect profile
CVE-2026-6602
7.3
HPMultiple Products
A vulnerability was found in rickxy Hospital Management System up to 88a4290d957dc5bdde8a56e5ad451ad14f7f90f4
CVSS Base7.3
â
CRSSelect profile
CVE-2026-6560
8.8đ
H3CMagic B0
A security vulnerability exists in H3C Magic B0 routers up to version 100R002.
CVSS Base8.8
â
CRSSelect profile
CVE-2026-6563
8.8đ
H3CMagic B1
A security vulnerability exists in H3C Magic B1 routers up to version 100R004.
CVSS Base8.8
â
CRSSelect profile
CVE-2026-6581
8.8đ
H3CMagic B1
A security vulnerability exists in H3C Magic B1 routers up to version 100R004.
CVSS Base8.8
â
CRSSelect profile
CVE-2026-32955
8.8
AMCMultiple Products
SD-330AC and AMC Manager provided by silex technology, Inc
CVSS Base8.8
â
CRSSelect profile
CVE-2026-5966
8.1đ
TeamT5ThreatSonar Anti-Ransomware
TeamT5 ThreatSonar Anti-Ransomware contains an arbitrary file deletion vulnerability.
CVSS Base8.1
â
CRSSelect profile
CVE-2026-32965
7.5
AMCMultiple Products
Initialization of a resource with an insecure default vulnerability exists in SD-330AC and AMC Manager provided by silex technology, Inc
CVSS Base7.5
â
CRSSelect profile
CVE-2026-6562
7.3
ArchMultiple Products
A flaw has been found in dameng100 muucmf 1
CVSS Base7.3
â
CRSSelect profile
CVE-2026-6574
7.3đ
osuuuLightPicture
A vulnerability exists in osuuu LightPicture up to version 1.
CVSS Base7.3
â
CRSSelect profile
CVE-2026-6577
7.3đ
liangliangyyDjangoBlog
A vulnerability exists in liangliangyy DjangoBlog up to version 2.
CVSS Base7.3
â
CRSSelect profile
CVE-2026-6580
7.3đ
liangliangyyDjangoBlog
A security vulnerability exists in liangliangyy DjangoBlog up to version 2.
CVSS Base7.3
â
CRSSelect profile
CVE-2026-6582
7.3đ
TransformerOptimusSuperAGI
A security flaw has been identified in TransformerOptimus SuperAGI that may impact system integrity.
CVSS Base7.3
â
CRSSelect profile
CVE-2026-6594
7.3đ
brikcssmerge
A vulnerability has been identified in the brikcss merge utility that could potentially lead to security regressions.
CVSS Base7.3
â
CRSSelect profile
CVE-2026-6596
7.3đ
langflow-ailangflow
A security flaw has been discovered in langflow-ai langflow that may expose the system to unauthorized operations.
CVSS Base7.3
â
CRSSelect profile
CVE-2026-6603
7.3đ
modelscopeagentscope
A vulnerability has been determined in modelscope agentscope that could potentially impact system security.
CVSS Base7.3
â
CRSSelect profile
CVE-2026-6604
7.3đ
modelscopeagentscope
A vulnerability has been identified in modelscope agentscope that could lead to potential security compromises.
CVSS Base7.3
â
CRSSelect profile
CVE-2026-6605
7.3
UnknownMultiple Products
A security flaw has been discovered in modelscope agentscope up to 1
CVSS Base7.3
â
CRSSelect profile
CVE-2026-6606
7.3
UnknownMultiple Products
A weakness has been identified in modelscope agentscope up to 1
CVSS Base7.3
â
CRSSelect profile
CVE-2026-6615
7.3
UnknownMultiple Products
A weakness has been identified in TransformerOptimus SuperAGI up to 0