ACT NOW CVE-2026-2441 8.8 Google Chrome's CSS engine contains a use-after-free vulnerability (CVE-2026-2441, CVSS 8.8) that allows remote attackers to execute arbitrary code within the browser sandbox through crafted HTML pages. KEV-listed with public PoC, this vulnerability enables drive-by exploitation when users visit malicious or compromised websites. | ACT NOW CVE-2026-25108 8.8 FileZen contains an OS command injection vulnerability (CVE-2026-25108, CVSS 8.8) that allows authenticated users to execute arbitrary commands when the Antivirus Check Option is enabled. KEV-listed with EPSS 18.6%, this vulnerability in the Japanese file-sharing appliance has been actively exploited in campaigns targeting organizations in Japan and Asia-Pacific. | ACT NOW CVE-2026-20700 7.8 Apple's kernel across all platforms (iOS, macOS, watchOS, visionOS, tvOS) contains a memory corruption vulnerability (CVE-2026-20700, CVSS 7.8) that allows attackers with memory write capability to execute arbitrary code at the kernel level. KEV-listed with Apple confirming reports of sophisticated in-the-wild exploitation, this represents an active zero-day targeting the Apple ecosystem at its most fundamental security boundary. | ACT NOW CVE-2026-21533 7.8 Windows Remote Desktop contains an improper privilege management vulnerability (CVE-2026-21533, CVSS 7.8) enabling authorized local attackers to escalate to SYSTEM. KEV-listed, this vulnerability in the RDP subsystem is particularly concerning in environments where Remote Desktop is widely used, as it can be chained with RDP session access for complete system compromise. | ACT NOW CVE-2026-21519 7.8 Desktop Window Manager (DWM) in Windows contains a type confusion vulnerability (CVE-2026-21519, CVSS 7.8) that enables authorized local attackers to escalate privileges. KEV-listed, this kernel-level vulnerability in the Windows compositor allows any authenticated user to achieve SYSTEM-level access through exploitation of an incompatible type access in DWM's resource handling. | ACT NOW CVE-2026-21514 7.8 Microsoft Office Word contains a security decision bypass (CVE-2026-21514, CVSS 7.8) through reliance on untrusted inputs, allowing local attackers to bypass protections when opening malicious documents. KEV-listed, this vulnerability enables document-based attacks that circumvent Word's security features designed to protect users from malicious content. | ACT NOW CVE-2026-21513 8.8 MSHTML Framework contains a protection mechanism failure (CVE-2026-21513, CVSS 8.8) allowing remote attackers to bypass security features over a network. KEV-listed, this vulnerability in the legacy HTML rendering engine (still used by many Windows applications and email clients) enables execution of malicious content by circumventing the browser's security sandbox and content restrictions. | ACT NOW CVE-2026-21510 8.8 Windows Shell contains a protection mechanism failure (CVE-2026-21510, CVSS 8.8) that allows unauthenticated remote attackers to bypass security features over a network. KEV-listed, this vulnerability in the core Windows Shell component enables remote code execution by circumventing security boundaries designed to prevent execution of untrusted content received from the network. | ACT NOW CVE-2026-1603 8.6 Ivanti Endpoint Manager before 2024 SU5 contains an authentication bypass (CVE-2026-1603, CVSS 8.6) that allows unauthenticated remote attackers to leak stored credential data. KEV-listed with EPSS 43.9%, this vulnerability exposes credentials stored in the endpoint management platform — potentially including service accounts, deployment credentials, and other secrets used to manage the entire endpoint fleet. | EMERGENCY CVE-2026-1731 9.8 BeyondTrust Remote Support (RS) and older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability (CVE-2026-1731) that allows unauthenticated attackers to execute OS commands through specially crafted requests. With EPSS 66% and KEV listing with public PoC, this vulnerability is devastating because these products are specifically designed for privileged remote access — compromising them grants attackers access to the most sensitive systems in an organization. | EMERGENCY CVE-2020-37123 9.8 Remote code execution via OS command injection in Pinger 1.0 allows attackers to inject shell commands through the ping target parameter. EPSS 12.2% indicates significant exploitation likelihood. PoC available. | ACT NOW CVE-2026-25512 8.8 Authenticated attackers can execute arbitrary commands on Group-Office servers through unsanitized user input in the email attachment endpoint, where shell metacharacters are directly passed to system execution functions. The vulnerability affects Group-Office versions prior to 6.8.150, 25.0.82, and 26.0.5, and public exploit code exists. Organizations should apply available patches immediately as this is actively exploitable by authenticated users. | ACT NOW CVE-2025-15556 7.5 Notepad++ versions prior to 8.8.9 contain an update integrity verification vulnerability (CVE-2025-15556) when using the WinGUp updater. The update mechanism fails to cryptographically verify downloaded metadata and installers, allowing man-in-the-middle attackers to serve malicious executables during the update process. KEV-listed, this supply chain risk affects one of the most widely used text editors on Windows. | EMERGENCY CVE-2026-1340 9.8 Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that allows unauthenticated attackers to achieve remote code execution on the mobile device management server. Compromising the MDM server provides access to all managed mobile device configurations, policies, and potentially the ability to push malicious profiles to enrolled devices. | ACT NOW CVE-2026-1281 9.8 Ivanti Endpoint Manager Mobile (EPMM) contains a critical code injection vulnerability (CVE-2026-1281, CVSS 9.8) that allows unauthenticated remote attackers to execute arbitrary code. With EPSS 64.8% and KEV listing, this vulnerability in the mobile device management platform threatens the security of every managed mobile device in the organization, as EPMM has the ability to push configurations, certificates, and apps to enrolled devices. | EMERGENCY CVE-2025-40551 9.8 SolarWinds Web Help Desk contains an unauthenticated Java deserialization vulnerability (CVE-2025-40551, CVSS 9.8) that enables remote code execution. With EPSS 80.6% and KEV listing, this is the more severe of two concurrent WHD vulnerabilities, allowing attackers to execute arbitrary commands on the host server without any credentials. | ACT NOW CVE-2025-40536 8.1 SolarWinds Web Help Desk contains a security control bypass vulnerability (CVE-2025-40536) that allows unauthenticated attackers to access restricted functionality. With EPSS 69% and KEV listing, this CVSS 8.1 vulnerability is particularly concerning given SolarWinds' history of being targeted in supply chain attacks and the sensitive IT service data typically stored in help desk systems. | EMERGENCY CVE-2026-24858 9.8 Fortinet FortiAnalyzer and FortiManager contain a critical authentication bypass vulnerability (CVE-2026-24858, CVSS 9.8) that allows unauthenticated remote attackers to gain administrative access through an alternate authentication path. With EPSS 2.8% but KEV listing confirming active exploitation, this vulnerability threatens the security management infrastructure that organizations rely on to protect their networks. | ACT NOW CVE-2026-21509 7.8 Microsoft Office contains a security feature bypass (CVE-2026-21509, CVSS 7.8) where reliance on untrusted inputs in security decisions allows local attackers to bypass protections designed to prevent execution of malicious content. KEV-listed with EPSS 9.3%, this vulnerability enables attackers to circumvent Office security features like Protected View or macro restrictions through crafted documents. | EMERGENCY CVE-2026-24423 9.8 SmarterTools SmarterMail prior to build 9511 contains a second critical vulnerability (CVE-2026-24423) — an unauthenticated remote code execution flaw in the ConnectToHub API method. An attacker can redirect the SmarterMail server to connect to a malicious HTTP endpoint that serves OS commands for execution. KEV-listed with EPSS 29%, this is chainable with CVE-2026-23760 for complete server compromise. | EMERGENCY CVE-2026-23760 9.8 SmarterTools SmarterMail prior to build 9511 contains a critical authentication bypass in the password reset API (CVE-2026-23760) that allows unauthenticated attackers to reset system administrator passwords without verification. With EPSS 65% and KEV listing, this trivially exploitable vulnerability enables complete email server takeover, compromising all hosted mailboxes and organizational communications. | ACT NOW CVE-2026-20045 8.2 Cisco Unified Communications Manager and related products contain a code injection vulnerability (CVE-2026-20045) that allows unauthenticated remote attackers to execute arbitrary code. This KEV-listed vulnerability affects the core enterprise voice/video infrastructure including Unified CM, IM&P, Unity Connection, and Webex Calling Dedicated Instance, making it a high-priority threat for organizations dependent on Cisco collaboration tools. | ACT NOW CVE-2026-24061 9.8 GNU Inetutils telnetd through version 2.7 contains a critical authentication bypass that allows remote attackers to gain root access by setting the USER environment variable to '-f root' during TELNET negotiation. With EPSS 75% and KEV listing, this trivially exploitable vulnerability (CVE-2026-24061) has been widely weaponized. Public PoC is available and patches exist. |

ACT NOW CVE-2026-2441 8.8 Google Chrome's CSS engine contains a use-after-free vulnerability (CVE-2026-2441, CVSS 8.8) that allows remote attackers to execute arbitrary code within the browser sandbox through crafted HTML pages. KEV-listed with public PoC, this vulnerability enables drive-by exploitation when users visit malicious or compromised websites. | ACT NOW CVE-2026-25108 8.8 FileZen contains an OS command injection vulnerability (CVE-2026-25108, CVSS 8.8) that allows authenticated users to execute arbitrary commands when the Antivirus Check Option is enabled. KEV-listed with EPSS 18.6%, this vulnerability in the Japanese file-sharing appliance has been actively exploited in campaigns targeting organizations in Japan and Asia-Pacific. | ACT NOW CVE-2026-20700 7.8 Apple's kernel across all platforms (iOS, macOS, watchOS, visionOS, tvOS) contains a memory corruption vulnerability (CVE-2026-20700, CVSS 7.8) that allows attackers with memory write capability to execute arbitrary code at the kernel level. KEV-listed with Apple confirming reports of sophisticated in-the-wild exploitation, this represents an active zero-day targeting the Apple ecosystem at its most fundamental security boundary. | ACT NOW CVE-2026-21533 7.8 Windows Remote Desktop contains an improper privilege management vulnerability (CVE-2026-21533, CVSS 7.8) enabling authorized local attackers to escalate to SYSTEM. KEV-listed, this vulnerability in the RDP subsystem is particularly concerning in environments where Remote Desktop is widely used, as it can be chained with RDP session access for complete system compromise. | ACT NOW CVE-2026-21519 7.8 Desktop Window Manager (DWM) in Windows contains a type confusion vulnerability (CVE-2026-21519, CVSS 7.8) that enables authorized local attackers to escalate privileges. KEV-listed, this kernel-level vulnerability in the Windows compositor allows any authenticated user to achieve SYSTEM-level access through exploitation of an incompatible type access in DWM's resource handling. | ACT NOW CVE-2026-21514 7.8 Microsoft Office Word contains a security decision bypass (CVE-2026-21514, CVSS 7.8) through reliance on untrusted inputs, allowing local attackers to bypass protections when opening malicious documents. KEV-listed, this vulnerability enables document-based attacks that circumvent Word's security features designed to protect users from malicious content. | ACT NOW CVE-2026-21513 8.8 MSHTML Framework contains a protection mechanism failure (CVE-2026-21513, CVSS 8.8) allowing remote attackers to bypass security features over a network. KEV-listed, this vulnerability in the legacy HTML rendering engine (still used by many Windows applications and email clients) enables execution of malicious content by circumventing the browser's security sandbox and content restrictions. | ACT NOW CVE-2026-21510 8.8 Windows Shell contains a protection mechanism failure (CVE-2026-21510, CVSS 8.8) that allows unauthenticated remote attackers to bypass security features over a network. KEV-listed, this vulnerability in the core Windows Shell component enables remote code execution by circumventing security boundaries designed to prevent execution of untrusted content received from the network. | ACT NOW CVE-2026-1603 8.6 Ivanti Endpoint Manager before 2024 SU5 contains an authentication bypass (CVE-2026-1603, CVSS 8.6) that allows unauthenticated remote attackers to leak stored credential data. KEV-listed with EPSS 43.9%, this vulnerability exposes credentials stored in the endpoint management platform — potentially including service accounts, deployment credentials, and other secrets used to manage the entire endpoint fleet. | EMERGENCY CVE-2026-1731 9.8 BeyondTrust Remote Support (RS) and older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability (CVE-2026-1731) that allows unauthenticated attackers to execute OS commands through specially crafted requests. With EPSS 66% and KEV listing with public PoC, this vulnerability is devastating because these products are specifically designed for privileged remote access — compromising them grants attackers access to the most sensitive systems in an organization. | EMERGENCY CVE-2020-37123 9.8 Remote code execution via OS command injection in Pinger 1.0 allows attackers to inject shell commands through the ping target parameter. EPSS 12.2% indicates significant exploitation likelihood. PoC available. | ACT NOW CVE-2026-25512 8.8 Authenticated attackers can execute arbitrary commands on Group-Office servers through unsanitized user input in the email attachment endpoint, where shell metacharacters are directly passed to system execution functions. The vulnerability affects Group-Office versions prior to 6.8.150, 25.0.82, and 26.0.5, and public exploit code exists. Organizations should apply available patches immediately as this is actively exploitable by authenticated users. | ACT NOW CVE-2025-15556 7.5 Notepad++ versions prior to 8.8.9 contain an update integrity verification vulnerability (CVE-2025-15556) when using the WinGUp updater. The update mechanism fails to cryptographically verify downloaded metadata and installers, allowing man-in-the-middle attackers to serve malicious executables during the update process. KEV-listed, this supply chain risk affects one of the most widely used text editors on Windows. | EMERGENCY CVE-2026-1340 9.8 Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that allows unauthenticated attackers to achieve remote code execution on the mobile device management server. Compromising the MDM server provides access to all managed mobile device configurations, policies, and potentially the ability to push malicious profiles to enrolled devices. | ACT NOW CVE-2026-1281 9.8 Ivanti Endpoint Manager Mobile (EPMM) contains a critical code injection vulnerability (CVE-2026-1281, CVSS 9.8) that allows unauthenticated remote attackers to execute arbitrary code. With EPSS 64.8% and KEV listing, this vulnerability in the mobile device management platform threatens the security of every managed mobile device in the organization, as EPMM has the ability to push configurations, certificates, and apps to enrolled devices. | EMERGENCY CVE-2025-40551 9.8 SolarWinds Web Help Desk contains an unauthenticated Java deserialization vulnerability (CVE-2025-40551, CVSS 9.8) that enables remote code execution. With EPSS 80.6% and KEV listing, this is the more severe of two concurrent WHD vulnerabilities, allowing attackers to execute arbitrary commands on the host server without any credentials. | ACT NOW CVE-2025-40536 8.1 SolarWinds Web Help Desk contains a security control bypass vulnerability (CVE-2025-40536) that allows unauthenticated attackers to access restricted functionality. With EPSS 69% and KEV listing, this CVSS 8.1 vulnerability is particularly concerning given SolarWinds' history of being targeted in supply chain attacks and the sensitive IT service data typically stored in help desk systems. | EMERGENCY CVE-2026-24858 9.8 Fortinet FortiAnalyzer and FortiManager contain a critical authentication bypass vulnerability (CVE-2026-24858, CVSS 9.8) that allows unauthenticated remote attackers to gain administrative access through an alternate authentication path. With EPSS 2.8% but KEV listing confirming active exploitation, this vulnerability threatens the security management infrastructure that organizations rely on to protect their networks. | ACT NOW CVE-2026-21509 7.8 Microsoft Office contains a security feature bypass (CVE-2026-21509, CVSS 7.8) where reliance on untrusted inputs in security decisions allows local attackers to bypass protections designed to prevent execution of malicious content. KEV-listed with EPSS 9.3%, this vulnerability enables attackers to circumvent Office security features like Protected View or macro restrictions through crafted documents. | EMERGENCY CVE-2026-24423 9.8 SmarterTools SmarterMail prior to build 9511 contains a second critical vulnerability (CVE-2026-24423) — an unauthenticated remote code execution flaw in the ConnectToHub API method. An attacker can redirect the SmarterMail server to connect to a malicious HTTP endpoint that serves OS commands for execution. KEV-listed with EPSS 29%, this is chainable with CVE-2026-23760 for complete server compromise. | EMERGENCY CVE-2026-23760 9.8 SmarterTools SmarterMail prior to build 9511 contains a critical authentication bypass in the password reset API (CVE-2026-23760) that allows unauthenticated attackers to reset system administrator passwords without verification. With EPSS 65% and KEV listing, this trivially exploitable vulnerability enables complete email server takeover, compromising all hosted mailboxes and organizational communications. | ACT NOW CVE-2026-20045 8.2 Cisco Unified Communications Manager and related products contain a code injection vulnerability (CVE-2026-20045) that allows unauthenticated remote attackers to execute arbitrary code. This KEV-listed vulnerability affects the core enterprise voice/video infrastructure including Unified CM, IM&P, Unity Connection, and Webex Calling Dedicated Instance, making it a high-priority threat for organizations dependent on Cisco collaboration tools. | ACT NOW CVE-2026-24061 9.8 GNU Inetutils telnetd through version 2.7 contains a critical authentication bypass that allows remote attackers to gain root access by setting the USER environment variable to '-f root' during TELNET negotiation. With EPSS 75% and KEV listing, this trivially exploitable vulnerability (CVE-2026-24061) has been widely weaponized. Public PoC is available and patches exist. |