Critical vulnerabilities, curated daily for security professionals
đ¯ SSCV Profile
See how vulnerabilities affect your specific environment
CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework
Risk scores will be adjusted based on your selected environment
đ
Today's Security Brief
Sunday's disclosures highlight 13 actively exploited vulnerabilities affecting enterprise infrastructure from Ivanti, Broadcom VMware, Qualcomm, and Apple. No new critical-severity CVEs were published, a sharp drop from Saturday's 9, while 40 high-priority vulnerabilities were disclosed, down 60% from the prior day's 100. Notably, CVE-2026-1603 targets Ivanti Endpoint Manager, CVE-2026-22719 affects VMware Aria Operations, and CVE-2026-25108 impacts Soliton FileZen, all carrying CVSS 9.5 scores under active exploitation. Attack patterns include remote code execution and authentication bypass across endpoint management platforms, network appliances, and mobile chipsets. No patches are currently available for Sunday's disclosures, requiring defenders to apply compensating controls and monitor vendor advisories closely.
Ivanti Endpoint Manager (CVE-2026-1603) and VMware Aria Operations (CVE-2026-22719) under active exploitation with CVSS 9.5 scores
Zero critical CVEs disclosed, down from 9 the prior day (-100%)
40 high-priority vulnerabilities published, a 60% decrease from Saturday's 100
RCE and authentication bypass patterns dominate across endpoint management, automation platforms (n8n), and Qualcomm chipsets
0% patch availability across Sunday's disclosures; compensating controls recommended
13 vulnerabilities confirmed actively exploited, including legacy issues in Hikvision and Rockwell products dating to 2017 and 2021
Immediate action: Prioritize reviewing exposure to Ivanti Endpoint Manager, VMware Aria Operations, Soliton FileZen, and Apple products, as all have confirmed active exploitation at CVSS 9.5. With no patches currently available, apply network segmentation, restrict administrative access, and monitor vendor channels for emergency updates.
đĄ Tip: Swipe CVE cards left to â star, right to â remove
Section Navigation
â ī¸
CISA Known Exploited Vulnerabilities
â ī¸ CISA KEVURGENT
CVE-2026-25108
9.5đ
Soliton Systems K.KFileZen
â° Federal Deadline:March 16, 2026(2 days remaining)
FileZen is affected by a high-severity OS command injection vulnerability that allows a threat actor to execute arbitrary commands on the underlying operating system.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2021-22054
9.5đ Late Disclosure
OmnissaWorkspace One UEM
â° Federal Deadline:March 22, 2026(8 days remaining)
Omnissa Workspace ONE Server-Side Request Forgery - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2026-1603
9.5
Ivanti Endpoint Manager (EPM)
â° Federal Deadline:March 22, 2026(8 days remaining)
Ivanti Endpoint Manager (EPM) Authentication Bypass Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2026-22719
9.5đ
BroadcomVMware Aria Operations
â° Federal Deadline:March 23, 2026(9 days remaining)
VMware Aria Operations contains a command injection vulnerability that could allow an attacker to execute arbitrary commands on the affected system.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2026-21385
9.5đ
QualcommMultiple Chipsets
â° Federal Deadline:March 23, 2026(9 days remaining)
A memory corruption vulnerability exists in memory allocation processes when handling specific alignments, potentially leading to arbitrary code execution or system instability.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-68613
9.5đ
n8nn8n
â° Federal Deadline:March 24, 2026(10 days remaining)
n8n Improper Control of Dynamically-Managed Code Resources Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2017-7921
9.5đ Late Disclosure
HikvisionMultiple Products
â° Federal Deadline:March 25, 2026(11 days remaining)
Hikvision Multiple Products Improper Authentication Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2021-22681
9.5đ Late Disclosure
RockwellMultiple Products
â° Federal Deadline:March 25, 2026(11 days remaining)
Rockwell Multiple Products Insufficient Protected Credentials Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2023-43000
9.5đ Late Disclosure
AppleMultiple Products
â° Federal Deadline:March 25, 2026(11 days remaining)
Apple Multiple products Use-After-Free Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2021-30952
9.5đ Late Disclosure
AppleMultiple Products
â° Federal Deadline:March 25, 2026(11 days remaining)
Apple Multiple Products Integer Overflow or Wraparound Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2023-41974
9.5đ Late Disclosure
AppleiOS and iPadOS
â° Federal Deadline:March 25, 2026(11 days remaining)
Apple iOS and iPadOS Use-After-Free Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸
High Priority Updates
â ī¸ CISA KEV
CVE-2026-3909
8.8đ
GoogleChrome prior
â° Federal Deadline:March 26, 2026(12 days remaining)
Google Chrome versions prior to 146 contain an out-of-bounds write vulnerability in the Skia graphics engine, which is currently being exploited in the wild.
CVSS Base8.8
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2026-3910
8.8đ
GoogleChrome prior
â° Federal Deadline:March 26, 2026(12 days remaining)
Google Chrome versions prior to 146 feature an inappropriate implementation in the V8 JavaScript engine that is currently being exploited in the wild to achieve code execution.
CVSS Base8.8
â
CRSSelect profile
CVE-2026-32426
7.5
HPProgram
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themelexus Medilazar Core medilazar-core allows PHP Local File Inclusion
CVSS Base7.5
â
CRSSelect profile
CVE-2026-32400
7.5
HPProgram
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemetechMount Boldman boldman allows PHP Local File Inclusion
CVSS Base7.5
â
CRSSelect profile
CVE-2026-2890
7.5đ
WordPressis vulnerable
The Formidable Forms plugin for WordPress is vulnerable to a payment integrity bypass, allowing for potential financial manipulation in forms.
CVSS Base7.5
â
CRSSelect profile
CVE-2026-32319
7.5đ
EllaElla Core (5G Core)
Ella Core, a 5G core for private networks, contains a security vulnerability that could impact the availability or integrity of private cellular communications.
CVSS Base7.5
â
CRSSelect profile
CVE-2026-3045
7.5đ
WordPressis vulnerable
The Simply Schedule Appointments plugin for WordPress is vulnerable to unauthorized access of sensitive data due to a failure in access control.
CVSS Base7.5
â
CRSSelect profile
CVE-2026-22182
7.5
HPendpoint with
wpDiscuz before 7
CVSS Base7.5
â
CRSSelect profile
CVE-2026-31944
7.6đ
AtlassianLibreChat
LibreChat, an open-source ChatGPT clone, contains a vulnerability that could allow for unauthorized access to application features or user data.
CVSS Base7.6
â
CRSSelect profile
CVE-2025-13777
8.3
ABB AWINAWIN GW100
Authentication bypass by capture-replay vulnerability in ABB AWIN GW100 rev
CVSS Base8.3
â
CRSSelect profile
CVE-2025-71263
7.4
sizeEdition
In UNIX Fourth Research Edition (v4), the su command is vulnerable to a buffer overflow due to the 'password' variable having a fixed size of 100 bytes
CVSS Base7.4
â
CRSSelect profile
CVE-2026-32597
7.5đ
PyJWTPyJWT
PyJWT, a Python implementation of JSON Web Token, contains a vulnerability that could compromise token integrity or verification processes.
CVSS Base7.5
â
CRSSelect profile
CVE-2025-13779
8.3
ABB AWINAWIN GW100
Missing authentication for critical function vulnerability in ABB AWIN GW100 rev
CVSS Base8.3
â
CRSSelect profile
CVE-2026-31917
8.5đ
weDevs WP ERP erpWP ERP (WordPress Plugin)
The weDevs WP ERP plugin for WordPress is vulnerable to SQL Injection, which could allow attackers to extract or modify database information.
CVSS Base8.5
â
CRSSelect profile
CVE-2026-31922
8.5đ
Ays Pro Fox LMSFox LMS (WordPress Plugin)
The Ays Pro Fox LMS plugin for WordPress is vulnerable to Blind SQL Injection, allowing attackers to exfiltrate data from the database through inference.
The Collapsing Categories plugin for WordPress is vulnerable to Blind SQL Injection, which could lead to unauthorized database access and information disclosure.
CVSS Base8.5
â
CRSSelect profile
CVE-2026-32368
8.5đ
delphiknight Geo toGeo to Lat
The Geo to Lat (geo-to-lat) software contains a Blind SQL Injection vulnerability due to improper neutralization of special elements within SQL commands.
CVSS Base8.5
â
CRSSelect profile
CVE-2026-32399
8.5đ
David Lingren MediaMedia Library Assistant
A Blind SQL Injection vulnerability exists in David Lingren Media Library Assistant (media-library-assistant) due to improper neutralization of special elements in SQL commands.
CVSS Base8.5
â
CRSSelect profile
CVE-2026-32422
8.5đ
levelfourdevelopmentWP EasyCart
The levelfourdevelopment WP EasyCart (wp-easycart) software is vulnerable to Blind SQL Injection through improper neutralization of special elements used in SQL commands.
CVSS Base8.5
â
CRSSelect profile
CVE-2026-32433
8.5đ
codepeople CP ContactCP Contact Form with Paypal
The CP Contact Form with Paypal (cp-contact-form-with-paypal) software is susceptible to Blind SQL Injection due to improper neutralization of special elements in SQL commands.
CVSS Base8.5
â
CRSSelect profile
CVE-2026-32459
8.5đ
flycart UpsellWPUpsellWP
The UpsellWP (checkout-upsell-and-order-bumps) software contains a Blind SQL Injection vulnerability caused by improper neutralization of special elements within SQL commands.
CVSS Base8.5
â
CRSSelect profile
CVE-2026-32414
7.2
ILLID Advanced WooMultiple Products
Improper Control of Generation of Code ('Code Injection') vulnerability in ILLID Advanced Woo Labels advanced-woo-labels allows Remote Code Inclusion
CVSS Base7.2
â
CRSSelect profile
CVE-2026-32358
7.6
wpdevelop BookingMultiple Products
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpdevelop Booking Calendar booking allows Blind SQL Injection
CVSS Base7.6
â
CRSSelect profile
CVE-2026-32418
7.6
Jordy Meow MeowMultiple Products
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jordy Meow Meow Gallery meow-gallery allows Blind SQL Injection
CVSS Base7.6
â
CRSSelect profile
CVE-2026-32458
7.6
RealMag777Multiple Products
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 WOLF bulk-editor allows Blind SQL Injection
CVSS Base7.6
â
CRSSelect profile
CVE-2026-25817
8.8
firmwareMultiple Products
HMS Networks Ewon Flexy with firmware before 15
CVSS Base8.8
â
CRSSelect profile
CVE-2026-22193
8.1
wpDiscuzMultiple Products
wpDiscuz before 7
CVSS Base8.1
â
CRSSelect profile
CVE-2026-22202
8.1
wpDiscuzMultiple Products
wpDiscuz before 7
CVSS Base8.1
â
CRSSelect profile
CVE-2026-32302
8.1đ
OpenClawOpenClaw
The OpenClaw personal AI assistant is vulnerable to a security flaw that could allow for unauthorized interactions or data exposure.
CVSS Base8.1
â
CRSSelect profile
CVE-2026-0954
7.8
InforMultiple Products
There is a memory corruption vulnerability due to an out-of-bounds write when loading a corrupted DSB file in Digilent DASYLab
CVSS Base7.8
â
CRSSelect profile
CVE-2026-0955
7.8
InforMultiple Products
There is a memory corruption vulnerability due to an out-of-bounds read when loading a corrupted file in Digilent DASYLab
CVSS Base7.8
â
CRSSelect profile
CVE-2026-0956
7.8
InforMultiple Products
There is a memory corruption vulnerability due to an out-of-bounds read when loading a corrupted file in Digilent DASYLab
CVSS Base7.8
â
CRSSelect profile
CVE-2026-0957
7.8
InforMultiple Products
There is a memory corruption vulnerability due to an out-of-bounds write when loading a corrupted file in Digilent DASYLab
CVSS Base7.8
â
CRSSelect profile
CVE-2026-32308
7.6đ
OneUptimeOneUptime
OneUptime, an observability and monitoring platform, contains a vulnerability that could allow attackers to interfere with service monitoring or access sensitive configuration data.
CVSS Base7.6
â
CRSSelect profile
CVE-2026-25819
7.5
firmwareMultiple Products
HMS Networks Ewon Flexy with firmware before 15
CVSS Base7.5
â
CRSSelect profile
CVE-2026-31882
7.5
workflowMultiple Products
Dagu is a workflow engine with a built-in Web user interface
CVSS Base7.5
â
CRSSelect profile
CVE-2026-31899
7.5đ
CairoSVGCairoSVG
CairoSVG, a Python-based SVG to PDF/PNG converter, is vulnerable to a flaw that may lead to unauthorized file access or resource exhaustion during graphics processing.
CVSS Base7.5
â
CRSSelect profile
CVE-2026-4111
7.5
ArchMultiple Products
A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path
CVSS Base7.5
â
CRSSelect profile
CVE-2026-25076
7.3
versionsMultiple Products
Anchore Enterprise versions before 5
CVSS Base7.3
â
CRSSelect profile
CVE-2026-3873
7.2
AvantraMultiple Products
Use of Hard-coded Credentials vulnerability in Avantra allows Accessing
Functionality Not Properly Constrained by ACLs