Skip to main content
ACT NOW CVE-2026-32201 6.5 Improper input validation in Microsoft SharePoint Server enables network-based spoofing attacks without authentication, allowing attackers to forge communications and deceive users. Affects SharePoint Enterprise Server 2016, SharePoint Server 2019, and SharePoint Server Subscription Edition. This vulnerability is confirmed actively exploited (CISA KEV) with publicly available exploit code, making it a critical operational priority despite the moderate CVSS score of 6.5. | ACT NOW CVE-2026-33825 7.8 Privilege escalation in Microsoft Defender Antimalware Platform versions before 4.18.26030.3011 allows authenticated local attackers to gain elevated system privileges through insufficiently granular access controls. CVSS 7.8 (High) reflects local attack vector requiring low privileges. EPSS score of 0.04% (12th percentile) indicates low probability of widespread exploitation. Microsoft has released a patched version (4.18.26030.3011) addressing the access control deficiency. | ACT NOW CVE-2026-32202 4.3 Windows Shell protection mechanism failure (CVE-2026-32202) allows remote attackers to perform spoofing attacks over a network without authentication, requiring only user interaction. This low-severity vulnerability affects multiple Windows versions from Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 through 2025. While not actively exploited in the wild, vendor patches are available across all affected versions, and the low CVSS score (4.3) reflects limited confidentiality impact and no availability impact despite the network-accessible attack vector. | ACT NOW CVE-2026-34621 8.6 Prototype pollution in Adobe Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier enables arbitrary code execution in user context via malicious PDF files. Attack requires user interaction to open a crafted document. CVSS 9.6 (Critical) reflects network-deliverable code execution with scope change, though EPSS 0.24% (46th percentile) suggests moderate real-world exploitation probability. No public exploit identified at time of analysis. | ACT NOW CVE-2026-39987 9.3 Unauthenticated remote code execution in Marimo ≤0.20.4 allows attackers to execute arbitrary system commands via the `/terminal/ws` WebSocket endpoint. The terminal handler skips authentication validation entirely, accepting connections without credential checks and spawning PTY shells directly. Attackers obtain full interactive shell access as root in default Docker deployments through a single WebSocket connection, bypassing Marimo's authentication middleware. No public exploit identified at time of analysis. | ACT NOW CVE-2026-34197 8.8 Remote code execution in Apache ActiveMQ Classic versions before 5.19.5 and 6.0.0-6.2.2 allows authenticated attackers to execute arbitrary code on the broker's JVM via Jolokia MBean operations. Attackers with low-privilege web console access can invoke BrokerService.addNetworkConnector() with a malicious discovery URI containing a VM transport brokerConfig parameter that loads remote Spring XML contexts, triggering bean instantiation and code execution through factory methods like Runtime.exec( | EMERGENCY CVE-2026-35616 9.8 Remote code execution in Fortinet FortiClientEMS versions 7.4.5 through 7.4.6 allows unauthenticated attackers to execute arbitrary code via crafted network requests. The vulnerability stems from improper access control (CWE-284) and requires no user interaction or privileges (CVSS PR:N). With a CVSS score of 9.1 (Critical) and low attack complexity, this represents a severe exposure for organizations using affected FortiClientEMS versions. The CVSS temporal metrics indicate functional exploit code exists (E:F) with an official fix available (RL:O), making this a high-priority patching target despite no confirmed active exploitation (not present in CISA KEV). | ACT NOW CVE-2026-5281 8.8 Remote code execution in Google Chrome prior to version 146.0.7680.178 via a use-after-free vulnerability in the Dawn graphics component allows attackers who have already compromised the renderer process to execute arbitrary code through a crafted HTML page. The vulnerability requires prior renderer compromise but results in full code execution with high severity per Chromium's security classification. | ACT NOW CVE-2026-3502 7.8 Arbitrary code execution in TrueConf Client allows authenticated attackers on adjacent networks to deliver malicious updates due to missing integrity verification. The auto-update mechanism accepts unsigned or unverified payloads, enabling man-in-the-middle attackers with high privileges to substitute trojanized updates that execute with the application's permissions. EPSS data not available; no confirmed active exploitation (not in CISA KEV); publicly available exploit code not identified at time of analysis. CVSS 7.8 reflects the adjacent network attack vector and user interaction requirement, reducing immediate internet-scale risk. | EMERGENCY CVE-2026-33634 9.4 Trivy security scanner v0.69.4 was compromised in a supply chain attack where a threat actor used stolen credentials to publish malicious releases and force-push credential-stealing malware to GitHub Actions repositories. | EMERGENCY CVE-2026-3055 9.3 An insufficient input validation vulnerability exists in Citrix NetScaler ADC and NetScaler Gateway when configured as a SAML Identity Provider, allowing attackers to trigger a memory overread condition. The vulnerability affects both the NetScaler ADC and NetScaler Gateway products across multiple versions, and successful exploitation could lead to information disclosure by reading adjacent memory contents. While no CVSS score or EPSS data is currently published, the CWE-125 classification (Out-of-bounds Read) combined with the SAML IDP configuration context suggests moderate to high real-world risk for organizations relying on these devices for identity management. | EMERGENCY CVE-2026-33017 9.3 Langflow (a visual LLM pipeline builder) contains a critical unauthenticated code execution vulnerability (CVE-2026-33017, CVSS 9.3) in the public flow build API that allows attackers to execute arbitrary Python code by supplying malicious flow data. KEV-listed with public PoC, this vulnerability enables anyone with network access to a Langflow instance to achieve server compromise through the API that builds public flows without authentication. |

Daily vulnerability intelligence for defenders – fresh CVEs with exploitability signals, patch status, and action-oriented priorities from 17 sources.

CVEs published

Get CVEs that hit your stack — not 200/day

Pick your technologies, get a weekly digest by email. Free, no spam.

React Python Postgres +200 more
Trending Now See all
Critical Watch See all
Attack Technique Trend
Prediction based on ZDI Disclosures & CVE data · 30 days
Analytics
Vendor Today – Quick Filter
Techniques
results
Sort:
Base Score
Vector String
Attack Vector (AV)
Attack Complexity (AC)
Privileges Required (PR)
User Interaction (UI)
Scope (S)
Confidentiality (C)
Integrity (I)
Availability (A)
0 | 3.9| 6.9| 8.9| 10
NONE LOW MEDIUM HIGH CRITICAL
CVSS Filter CVEs match

No CVEs match the selected criteria

Loading...
Incoming 20
Pre-NVD – not yet scored
Linux Kernel
Linux Kernel
Browse older vulnerabilities in Archive
Live Feed auto-refresh 60s
Track CVEs for your stack Sign up free →

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy