Skip to main content
CVE-2026-15409 CRITICAL POC KEV THREAT NEWS Emergency

A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface. A remote unauthenticated attacker could potentially cause the appliance to make requests to unintended location.

SSRF Sma1000
NVD VulDB
CVSS 3.1
10.0
EPSS
1.4%
Threat
6.1
CVE-2026-15410 HIGH POC KEV THREAT NEWS Act Now

Post-authentication improper control of generation of code ('Code Injection') vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) which in specific conditions could potentially enable a remote authenticated attacker as administrator to execute arbitrary OS commands.

RCE Code Injection Sma1000
NVD VulDB
CVSS 3.1
7.2
EPSS
1.6%
Threat
5.4
CVE-2026-56164 CRITICAL POC KEV PATCH THREAT CISA Exploited Act Now

Privilege elevation in Microsoft SharePoint Server (Enterprise Server 2016, Server 2019, and Subscription Edition) lets an unauthenticated network attacker reach a security-critical function that lacks any authentication check (CWE-306), gaining elevated privileges on the target farm. The flaw is confirmed actively exploited (CISA KEV) with publicly available exploit code, and its CVSS 3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N) reflects fully remote, unauthenticated exploitation with high confidentiality, integrity, and availability impact. Microsoft has released a patch via MSRC.

Authentication Bypass Microsoft Microsoft Sharepoint Enterprise Server 2016 Microsoft Sharepoint Server 2019 Microsoft Sharepoint Server Subscription Edition
NVD VulDB
CVSS 3.1
9.8
EPSS
7.0%
Threat
6.6
CVE-2026-56155 HIGH POC KEV PATCH THREAT Exploited Act Now

Local privilege escalation in Microsoft Active Directory Federation Services (AD FS) lets an already-authenticated low-privileged user on the host gain higher privileges due to insufficient granularity of access control (CWE-1220). Affected deployments span AD FS on Windows Server 2012 through Windows Server 2025, and the flaw carries a CVSS 7.8 with high confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, so this is a patch-priority-driven rather than exploitation-driven risk.

Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows Server 2012 Windows Server 2012 Server Core Installation +9
NVD VulDB
CVSS 3.1
7.8
EPSS
0.4%
Threat
4.6
CVE-2026-58644 CRITICAL POC PATCH CISA NEWS Exploit Likely Act Now

Remote code execution in Microsoft SharePoint (Enterprise Server 2016, Server 2019, and Server Subscription Edition) allows an unauthenticated network attacker to run arbitrary code on the server by submitting maliciously crafted serialized data (CWE-502). The CVSS 3.1 base score is 9.8 with a fully remote, no-interaction, no-privilege vector (AV:N/AC:L/PR:N/UI:N), placing it among the most severe SharePoint flaws. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but insecure-deserialization RCE in SharePoint has historically been a high-value target for rapid weaponization.

Microsoft Deserialization Microsoft Sharepoint Enterprise Server 2016 Microsoft Sharepoint Server 2019 Microsoft Sharepoint Server Subscription Edition
NVD
CVSS 3.1
9.8
EPSS
1.3%
Threat
5.5
CVE-2026-50522 CRITICAL PATCH NEWS Exploit Likely Act Now

Remote code execution in Microsoft SharePoint Server (2016, 2019, and Subscription Edition) lets an unauthenticated attacker run arbitrary code by sending a crafted serialized payload over the network. The flaw is an untrusted-data deserialization (CWE-502) rated CVSS 9.8 with PR:N/UI:N, meaning no credentials or user interaction are required. No public exploit identified at time of analysis, but the pre-auth network vector and SharePoint's long history as an attacker target make this a high-priority patch.

Microsoft Deserialization Microsoft Sharepoint Enterprise Server 2016 Microsoft Sharepoint Server 2019 Microsoft Sharepoint Server Subscription Edition
NVD
CVSS 3.1
9.8
EPSS
19.7%
CVE-2026-49798 CRITICAL POC PATCH Exploit Likely Act Now

Local privilege escalation in the Microsoft Windows Kernel allows an unauthorized attacker to gain elevated (SYSTEM-level) privileges by triggering a use-after-free condition (CWE-416) in kernel memory. The flaw affects a broad range of supported Windows client and server releases, from Windows 10 1607 and Windows Server 2012 through Windows 11 26H1 and Windows Server 2025. Microsoft has released a patch; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1607 +17
NVD
CVSS 3.1
9.3
EPSS
2.2%
CVE-2026-55010 CRITICAL POC PATCH NEWS Exploit Likely Act Now

Remote code execution in Minecraft Bedrock Dedicated Server allows an unauthenticated network attacker to corrupt heap memory and run arbitrary code via a specially crafted packet, per CVSS:3.1/AV:N/AC:L/PR:N/UI:N (9.8 Critical). The flaw (CWE-122 heap-based buffer overflow) was reported by Microsoft, which has released a fix; there is no public exploit identified at time of analysis and no EPSS or CISA KEV data was supplied, so exploitation remains theoretical but the pre-auth, low-complexity profile makes it high-priority to patch.

Heap Overflow Buffer Overflow Minecraft Bedrock Dedicated Server
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2026-11563 CRITICAL POC Act Now

Arbitrary file deletion in the Word Count and Social Shares WordPress plugin (versions through 1.0) lets any authenticated low-privilege user, including a Subscriber, delete any file the web server can reach because the plugin neither validates the supplied file path nor enforces authorization or CSRF protection. Deleting critical files such as wp-config.php can trigger WordPress's setup/installation flow and enable a full site takeover. Publicly available exploit code exists (reported by WPScan); there is no public exploit identified as actively used, and the issue is not on the CISA KEV list.

PHP CSRF WordPress Word Count And Social Shares
NVD WPScan
CVSS 3.1
9.6
EPSS
0.1%
CVE-2026-58479 CRITICAL POC Act Now

Remote command injection in the Sustainable Irrigation Platform (SIP) through version 5.2.16 lets unauthenticated or CSRF-driven attackers store a malicious payload via the optional cli_control plugin's HTTP endpoint and execute arbitrary OS commands on the host when the linked irrigation station is activated. Because the plugin ships with no passphrase protection or the well-known default passphrase 'opendoor', exploitation is trivial on default installs. Publicly available exploit code exists (ZeroScience/VulnCheck), though the flaw is not listed in CISA KEV, and the CVSS 4.0 base score is 9.2 (Critical).

CSRF Command Injection Sip
NVD
CVSS 4.0
9.2
EPSS
5.2%
CVE-2026-15701 HIGH POC This Week

Stack-based buffer overflow in the Totolink NR1800X router (firmware 9.1.0u.6279_B20210910) lets remote attackers corrupt memory by supplying an oversized HTTP Host header to the Form_Logout handler at /formLogout.htm, served by the embedded lighttpd web interface. Because the flaw is reachable over the network without authentication and publicly available exploit code exists, it is a strong candidate for opportunistic exploitation despite not yet appearing in CISA KEV. Successful exploitation can crash the device or, given the CWE-121 stack overwrite, potentially achieve code execution on the router.

Buffer Overflow Stack Overflow Nr1800X
NVD VulDB GitHub
CVSS 4.0
8.9
EPSS
0.8%
CVE-2026-50489 HIGH POC PATCH Exploit Likely This Week

Local privilege escalation in the Windows Win32K kernel subsystem (CWE-122 heap-based buffer overflow) lets an already-authenticated low-privileged attacker corrupt kernel heap memory and gain SYSTEM-level control across a broad range of Windows client and server releases. The flaw carries a CVSS 3.1 base score of 8.8 with a changed scope (S:C), reflecting that a user-mode process can compromise the kernel security boundary. It was reported by Microsoft, a vendor patch is available, and there is no public exploit identified at time of analysis.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2026-49795 HIGH POC PATCH Exploit Likely This Week

Local privilege escalation in the Windows Kernel lets an already-authenticated attacker corrupt kernel memory via a use-after-free (CWE-416) and gain full control of the host. The CVSS 3.1 vector (AV:L/PR:L, scope-changed with C:H/I:H/A:H) reflects a low-privileged local user escalating to SYSTEM-level compromise across a broad range of Windows 10, Windows 11, and Windows Server builds. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but Microsoft has released a patch.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1809 +10
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2026-58477 HIGH POC This Week

Configuration tampering in the Sustainable Irrigation Platform (SIP) through version 5.2.16 lets remote unauthenticated attackers overwrite sensitive settings - including the passphrase and listening port - by injecting arbitrary parameter names into HTTP requests. Because the application binds request parameters directly to internal configuration objects without an allow-list, the same effect can be triggered blindly through cross-site request forgery against an authenticated operator's browser. Publicly available exploit code exists (ZeroScience ZSL-2026-5997), but there is no public exploit identified as being used in active attacks and it is not listed in CISA KEV.

CSRF Sip
NVD
CVSS 4.0
8.8
EPSS
0.4%
CVE-2026-60114 HIGH POC This Week

Arbitrary file write in Sustainable Irrigation Platform (SIP) through 5.2.16 lets remote attackers plant JSON files outside the intended data directory by abusing the JSON backup-restore feature, which builds file paths from attacker-controlled keys without validation. Because the default deployment ships with no required passphrase (or the hardcoded default 'opendoor'), an attacker can reach the restore endpoint without legitimate credentials. Publicly available exploit code exists (VulnCheck / Zero Science advisory), and EPSS/KEV data were not provided, so exploitation appears proof-of-concept rather than confirmed in-the-wild.

Path Traversal Sip
NVD
CVSS 4.0
8.7
EPSS
0.3%
CVE-2026-54128 HIGH POC PATCH NEWS Exploit Likely This Week

Local code execution in the Windows DHCP Client service stems from a use-after-free (CWE-416) memory-corruption flaw affecting a broad range of Windows 10, Windows 11, and Windows Server releases (Server 2012 through Server 2025). Per the CVSS vector an unauthenticated attacker with local access can achieve high-impact code execution with no user interaction. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; Microsoft has released a patch through the MSRC update guide.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1607 +17
NVD
CVSS 3.1
8.4
EPSS
0.3%
CVE-2026-54992 HIGH POC PATCH NEWS Exploit Likely This Week

Local code execution in the Microsoft Message Queuing (MSMQ) Queue Manager affects a broad range of Windows client and server releases from Windows 10 1607 and Windows Server 2012 through Windows 11 26H1 and Windows Server 2025. A heap-based buffer overflow (CWE-122) lets an attacker who can reach the local MSMQ service run arbitrary code with high confidentiality, integrity, and availability impact; the CVSS 3.1 base score is 8.4 with a local attack vector but no privileges or user interaction required. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the vendor (Microsoft) has released a patch.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
8.4
EPSS
0.4%
CVE-2026-50518 CRITICAL PATCH NEWS Exploit Likely Act Now

Remote code execution in the Microsoft Windows DHCP Server role allows an unauthenticated network attacker to run arbitrary code by triggering a heap-based buffer overflow (CWE-122) in the service's packet handling. The flaw carries a critical CVSS 9.8 (AV:N/AC:L/PR:N/UI:N) and affects Windows Server 2012 through 2025 as well as the underlying Windows 10 1607/1809 code base. There is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV, but the unauthenticated network RCE profile makes it a high-priority patch.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +11
NVD
CVSS 3.1
9.8
EPSS
7.4%
CVE-2026-55040 CRITICAL PATCH CISA NEWS Exploit Likely Act Now

Security feature bypass in Microsoft SharePoint (Enterprise Server 2016, Server 2019, and Server Subscription Edition) lets a network-based, unauthenticated attacker defeat a weak-authentication protection mechanism (CWE-1390) to gain high-impact access to confidentiality and integrity. Rated CVSS 9.1 with no attacker privileges or user interaction required, this is a serious pre-authentication issue in a widely deployed collaboration platform. Microsoft has published a fix, and there is no public exploit identified at time of analysis.

Authentication Bypass Microsoft Microsoft Sharepoint Enterprise Server 2016 Microsoft Sharepoint Server 2019 Microsoft Sharepoint Server Subscription Edition
NVD
CVSS 3.1
9.1
EPSS
0.7%
CVE-2026-12583 HIGH POC PATCH This Week

Unauthenticated PHP object injection in the Newsletters WordPress plugin before 4.15 lets remote attackers deserialize attacker-controlled data submitted through a public-facing form, then leverage a property-oriented gadget chain bundled inside the plugin itself to write arbitrary files and achieve remote code execution on the host. Publicly available exploit code exists (published via WPScan), though there is no public exploit identified as being used in active attacks and the flaw is not listed in CISA KEV. The self-contained gadget chain removes the usual dependency on third-party gadgets, making reliable exploitation notably more achievable than typical POI bugs.

PHP WordPress Deserialization Newsletters
NVD WPScan
CVSS 3.1
8.1
EPSS
0.2%
CVE-2026-12511 HIGH POC PATCH This Week

Arbitrary file write in the AI Engine WordPress plugin before 3.5.5 lets authenticated editor-level users abuse an unsanitized, user-supplied filename during a file-download-and-save operation to plant attacker-controlled bytes anywhere the web server user can write via path traversal. Because writing a PHP payload into the webroot typically yields remote code execution, this crosses from a content-management flaw into full site compromise. Publicly available exploit code exists and a vendor patch has shipped, though the issue is not listed in CISA KEV.

Path Traversal WordPress Ai Engine
NVD WPScan
CVSS 3.1
8.1
EPSS
0.2%
CVE-2026-58633 HIGH POC PATCH Exploit Likely This Week

Local privilege escalation in the Desktop Window Manager (DWM) component of Windows 11 version 26H1 allows an authenticated local attacker to elevate to SYSTEM by triggering a use-after-free memory corruption condition. The CVSS 3.1 vector (AV:L/PR:L) confirms an already-authenticated low-privileged user is required, and full compromise of confidentiality, integrity, and availability follows successful exploitation. Microsoft has released a patch; there is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service Windows 11 Version 26H1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-50667 HIGH POC PATCH Exploit Likely This Week

Elevation of privilege in the Windows NTFS file-system driver lets an already-authenticated local user escalate to SYSTEM by winning a race condition (CWE-362) in the way NTFS handles a shared resource without proper synchronization. All currently supported Windows client and server builds are affected, from Windows 10 1607 and Server 2012 through Windows 11 26H1 and Server 2025. There is no public exploit identified at time of analysis, but Microsoft has released a patch and rates the impact as full loss of confidentiality, integrity, and availability once exploited.

Microsoft Race Condition Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
7.8
EPSS
2.2%
CVE-2026-50655 HIGH POC PATCH NEWS Exploit Likely This Week

Local code execution in the Windows Media component of supported Windows 10, Windows 11, and Windows Server (2016 through 2025) releases lets an unauthorized attacker run arbitrary code when a victim opens a maliciously crafted media file. The flaw is a heap-based buffer overflow (CWE-122) reported by Microsoft with a vendor patch available; there is no public exploit identified at time of analysis. CVSS is 7.8 (High), driven by full confidentiality, integrity, and availability impact but gated by local vector and required user interaction.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +12
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2026-50423 HIGH POC PATCH Exploit Likely This Week

Local privilege escalation in the Microsoft Windows Kernel allows an already-authenticated attacker to elevate to SYSTEM-level privileges across a wide range of Windows 10, Windows 11, and Windows Server builds. The flaw stems from improper access control (CWE-284) in kernel-mode code and requires local low-privileged access with no user interaction. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the trivial attack complexity and SYSTEM-level impact make it a standard patch-Tuesday priority.

Authentication Bypass Microsoft Windows 10 Version 21H2 Windows 10 Version 22H2 Windows 11 Version 24H2 +5
NVD
CVSS 3.1
7.8
EPSS
2.5%
CVE-2026-15695 HIGH POC This Week

Stack-based buffer overflow in the Tenda BE12 Pro Wi-Fi router (firmware 16.03.66.23) lets an attacker corrupt the stack by supplying an oversized 'page' argument to the /goform/DhcpListClient web endpoint handled by the fromDhcpListClient function. The flaw is reachable over the network and publicly available exploit code exists (disclosed via VulDB), though it is not listed in CISA KEV and no EPSS score was provided. Per the supplied CVSS 4.0 vector (PR:L) the attack requires low-level authentication to the device, and successful exploitation can crash the router or potentially achieve arbitrary code execution.

Tenda Buffer Overflow Stack Overflow Be12 Pro
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.8%
CVE-2026-15696 HIGH POC This Week

Stack-based buffer overflow in the Tenda BE12 Pro router (firmware 16.03.66.23) allows remote attackers to corrupt memory via the fromVirtualSer handler for the /goform/VirtualSer endpoint by supplying an oversized 'page' argument. The flaw carries CVSS 4.0 7.4 and, per its vector, requires low-level privileges (PR:L); publicly available exploit code exists, though there is no public exploit identified as actively used in the wild (not in CISA KEV). Successful exploitation can crash the device or potentially lead to arbitrary code execution on the embedded MIPS/ARM firmware.

Tenda Buffer Overflow Stack Overflow Be12 Pro
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.8%
CVE-2026-15694 HIGH POC This Week

Stack-based buffer overflow in the Tenda BE12 Pro router (firmware 16.03.66.23) lets attackers corrupt memory by manipulating the 'page' argument passed to the fromSetIpBind function of the /goform/SetIpBind endpoint. The flaw is remotely reachable over the network and, per the CVSS 4.0 vector, requires low-level privileges (PR:L) while yielding high confidentiality, integrity, and availability impact - typically resulting in device crash or arbitrary code execution on the router. Publicly available exploit code exists (E:P), disclosed via VulDB, though it is not listed in CISA KEV.

Tenda Buffer Overflow Stack Overflow Be12 Pro
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.8%
CVE-2026-15693 HIGH POC This Week

Stack-based buffer overflow in the Tenda BE12 Pro Wi-Fi router (firmware 16.03.66.23) lets remote attackers corrupt memory by manipulating the 'page' argument of the fromSafeMacFilter handler at /goform/SafeMacFilter. Publicly available exploit code exists, though there is no public exploit identified as being used in active campaigns and it is not listed in CISA KEV. Successful exploitation can crash the device or potentially achieve code execution on the router's embedded OS. EPSS data was not provided.

Tenda Buffer Overflow Stack Overflow Be12 Pro
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.5%
CVE-2026-15692 HIGH POC This Week

Stack-based buffer overflow in the Tenda BE12 Pro router firmware 16.03.66.23 lets an authenticated remote attacker corrupt memory via the fromSafeUrlFilter handler at /goform/SafeUrlFilter by supplying an oversized 'page' parameter. Publicly available exploit code exists (published via VulDB), though the flaw is not listed in CISA KEV and no active exploitation has been confirmed. The CVSS 4.0 vector (7.4, PR:L) indicates network reachability with low-privilege authentication and high impact to confidentiality, integrity, and availability of the device.

Tenda Buffer Overflow Stack Overflow Be12 Pro
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.8%
CVE-2026-15691 HIGH POC This Week

Stack-based buffer overflow in the Tenda BE12 Pro (firmware 16.03.66.23) web management interface lets an attacker corrupt memory by supplying an oversized 'page' argument to the fromSafeClientFilter handler at /goform/SafeClientFilter, potentially crashing the device or executing arbitrary code with router privileges. Per the CVSS 4.0 vector the flaw is network-reachable but requires low-level privileges (PR:L). Publicly available exploit code exists (disclosed via VulDB), but there is no public exploit identified as being used in active attacks and it is not listed in CISA KEV.

Tenda Buffer Overflow Stack Overflow Be12 Pro
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.8%
CVE-2026-48318 CRITICAL Act Now

Path traversal in Adobe ColdFusion allows an authenticated remote attacker (PR:L) to read arbitrary files outside the intended web/application scope by manipulating pathname input, per Adobe advisory APSB26-82. The flaw carries a critical 9.9 CVSS with a changed scope, meaning a successful read can reach files belonging to other security contexts on the host. No public exploit identified at time of analysis, and it is not listed in CISA KEV; EPSS was not provided.

Path Traversal Coldfusion
NVD VulDB
CVSS 3.1
9.9
EPSS
6.7%
CVE-2026-57092 CRITICAL PATCH NEWS Exploit Unlikely Act Now

Elevation of privilege in the Windows Hyper-V virtual network switch (VMSwitch) lets an authenticated attacker operating from a guest partition corrupt kernel memory via a use-after-free and gain higher privileges, with a scope change (S:C) indicating a guest-to-host escape. Rated CVSS 9.9 and affecting a broad range of Windows client and server releases from Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 through 2025, this issue was reported by Microsoft and has a vendor patch available. No public exploit is identified at time of analysis and it is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1607 +17
NVD
CVSS 3.1
9.9
EPSS
1.0%
CVE-2026-58476 HIGH POC This Week

Cross-site request forgery in the Sustainable Irrigation Platform (SIP) through 5.2.16 lets remote attackers execute state-changing administrative actions when a logged-in administrator is lured to a malicious page, because administrative endpoints accept HTTP GET requests with no CSRF token or origin validation. An attacker can disable the passphrase, reboot the irrigation controller, delete watering programs, or install plugins; in the default configuration these endpoints are exposed to unauthenticated users because no passphrase is required and the default credential is 'opendoor'. Publicly available exploit code exists (ZeroScience ZSL-2026-5995), though there is no public exploit identified as being used in active campaigns.

CSRF Sip
NVD
CVSS 4.0
7.0
EPSS
0.2%
CVE-2026-56188 CRITICAL PATCH NEWS Exploit Likely Act Now

Remote code execution in the Windows Server Network driver stems from a race condition (CWE-362) that lets an unauthorized attacker execute arbitrary code across a wide range of Microsoft Windows client and server builds, from Windows 10 1607 and Server 2012 through Windows 11 26H1 and Server 2025. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N) indicates unauthenticated network exploitation with full confidentiality, integrity, and availability impact, and an 'Authentication Bypass' tag suggests the flaw can also subvert access controls. There is no public exploit identified at time of analysis and no CISA KEV listing, but the network-facing, pre-authentication nature makes it a high-priority patch.

Authentication Bypass Microsoft Race Condition Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2026-56190 CRITICAL PATCH Exploit Unlikely Act Now

Remote code execution in Microsoft Windows Remote Desktop (RDP) allows an unauthorized network attacker to run arbitrary code by triggering the use of an uninitialized resource (CWE-908). All currently supported Windows client and server releases are affected, from Windows 10 1607 and Windows Server 2012 through Windows 11 26H1 and Windows Server 2025. The CVSS 3.1 base score is 9.8 with a network, no-privileges, no-interaction vector; there is no public exploit identified at time of analysis, and it is not listed in CISA KEV.

Authentication Bypass Microsoft Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2026-50447 CRITICAL PATCH Exploit Unlikely Act Now

Remote code execution in Microsoft Windows Message Queuing (MSMQ) allows an unauthenticated attacker to run arbitrary code over the network by corrupting heap memory. The flaw (CWE-122) carries a CVSS 9.8 and affects a broad range of client and server SKUs from Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 through Server 2025. No public exploit is identified at time of analysis, but the network-reachable, no-interaction, no-privilege profile of prior MSMQ bugs (e.g. the 'QueueJumper' class) makes this a top-priority patch. Microsoft has released a fix.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2026-56159 CRITICAL PATCH NEWS Act Now

Remote code execution in the Microsoft Windows DHCP Server role allows an unauthenticated network attacker to run arbitrary code by triggering a heap-based buffer overflow (CWE-122) in the service's packet handling. The flaw carries a CVSS 9.8 with a fully remote, no-interaction, no-privilege vector and affects Windows Server 2012 through 2025 (plus the Windows 10 1607/1809 code base). At time of analysis there is no public exploit identified and the issue is not listed in CISA KEV, but the unauthenticated network-facing nature of the DHCP service makes it a high-priority patch.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +11
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2026-49172 CRITICAL PATCH Exploit Unlikely Act Now

Remote code execution in the Microsoft Windows FTP Service allows an unauthenticated network attacker to run arbitrary code by triggering a heap-based buffer overflow (CWE-122). The flaw affects the FTP service across a broad range of Windows 10, Windows 11, and Windows Server (2019/2022/2025) builds and carries a critical CVSS 9.8 rating with no authentication or user interaction required. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the unauthenticated, network-reachable nature of the bug makes it a high-priority patch target.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +11
NVD VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2026-54990 CRITICAL PATCH Exploit Unlikely Act Now

Remote code execution in the Microsoft Remote Desktop Client (Windows 11 24H2/25H2/26H1 and Windows Server 2025) allows an unauthenticated network attacker to run arbitrary code via a heap-based buffer overflow. Exploitation is client-side: a victim connecting to an attacker-controlled or malicious RDP endpoint can be compromised, with the CVSS 9.8 vector indicating no privileges or user authentication are required. No public exploit has been identified at time of analysis, but a vendor patch is available and the flaw's parameters make it a high-priority fix.

Heap Overflow Buffer Overflow Windows 11 Version 24H2 Windows 11 Version 25H2 Windows 11 Version 26H1 +2
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2026-55008 CRITICAL PATCH NEWS Exploit Likely Act Now

Stored/reflected cross-site scripting in Microsoft Exchange Server (2016 CU23, 2019 CU14/CU15, and Subscription Edition RTM) lets a network-based, unauthenticated attacker inject malicious script that executes in a victim's browser session, enabling spoofing and - per the scope-changed CVSS 9.6 vector - high impact to confidentiality, integrity, and availability of resources beyond the vulnerable component. Exploitation requires the target to view attacker-controlled content (UI:R). Microsoft has released a patch; no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Microsoft XSS Microsoft Exchange Server 2016 Cumulative Update 23 Microsoft Exchange Server 2019 Cumulative Update 14 Microsoft Exchange Server 2019 Cumulative Update 15 +1
NVD
CVSS 3.1
9.6
EPSS
0.7%
CVE-2026-50380 CRITICAL PATCH NEWS Exploit Unlikely Act Now

Remote code execution in Microsoft Windows GDI+ (gdiplus) lets an unauthenticated network attacker run arbitrary code when a victim opens or renders a specially crafted image, via a heap-based buffer overflow (CWE-122). The flaw affects a broad range of supported Windows client and server builds (Windows 10 1607 through Windows 11 26H1, and Windows Server 2012 through 2025). It carries a critical CVSS 9.6 with a scope-changed impact, but requires user interaction and currently has no public exploit identified at time of analysis.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
9.6
EPSS
0.6%
CVE-2026-12988 MEDIUM POC PATCH This Month

Account takeover in the WP 2FA WordPress plugin (all versions before 3.1.1.2) is achievable by any attacker who has obtained a valid user's credentials. The plugin fails to verify that the email address submitted during two-factor authentication enrollment belongs to the authenticated account (CWE-862: Missing Authorization), allowing the attacker to redirect the setup verification code to an attacker-controlled inbox and complete 2FA enrollment on behalf of the victim. A publicly available proof-of-concept exists per WPScan; this vulnerability is not currently listed in the CISA KEV catalog, but the combination of a PoC, medium-prevalence deployment, and account-takeover impact warrants prompt patching.

Authentication Bypass WordPress Wp 2Fa
NVD WPScan
CVSS 3.1
6.4
EPSS
0.2%
CVE-2026-48320 CRITICAL Act Now

Reflected Cross-Site Scripting (CWE-79) in Adobe ColdFusion 2023 (through Update 21) and ColdFusion 2025 (through Update 10) lets an unauthenticated attacker inject script into a rendered page when a victim opens a malicious file, executing in the victim's session with a scope change to the browser context. Adobe (psirt@adobe.com) rates it Critical (CVSS 9.6, S:C, C:H/I:H/A:H), though these impact metrics appear inflated for a reflected XSS. There is no public exploit identified at time of analysis; EPSS is 3.75% (89th percentile), indicating elevated but not high near-term exploitation likelihood, and it is not listed in CISA KEV.

XSS Coldfusion
NVD
CVSS 3.1
9.6
EPSS
3.8%
CVE-2026-48284 CRITICAL Act Now

Arbitrary code execution in Adobe ColdFusion 2023 and 2025 allows an attacker with low privileges to run code in the context of the current user without any user interaction, per Adobe advisory APSB26-82 (CVSS 9.9, scope-changed). The flaw stems from improper input validation (CWE-20) and carries a total technical impact per CISA SSVC. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, though the EPSS score of 2.17% sits in the 80th percentile.

RCE Coldfusion
NVD VulDB
CVSS 3.1
9.9
EPSS
2.2%
CVE-2026-58478 MEDIUM POC This Month

Server-side request forgery in Sustainable Irrigation Platform (SIP) through version 5.2.16 allows unauthenticated network attackers to weaponize the device as an HTTP proxy against internal or external hosts. Exploitation requires the optional Node-RED plugin to be installed and leverages the known default passphrase 'opendoor' to bypass authentication to the plugin interface - dramatically lowering the practical barrier for blind SSRF. A publicly available proof-of-concept exploit exists per ZeroScience advisory ZSL-2026-5998; no CISA KEV listing at time of analysis.

SSRF Sip
NVD
CVSS 4.0
6.3
EPSS
0.3%
CVE-2026-48332 HIGH Act Now

Server-side request forgery in Adobe ColdFusion lets a low-privileged, authenticated attacker coerce the server into issuing crafted outbound requests, bypassing a security control and gaining unauthorized read access to resources the attacker should not reach. The CVSS 3.1 scope-changed vector (S:C, C:H) indicates the impact extends beyond ColdFusion itself to backend or internal systems it can reach. No public exploit identified at time of analysis, and the flaw is not listed in CISA KEV; remediation is available via Adobe security bulletin APSB26-82.

SSRF Coldfusion
NVD
CVSS 3.1
7.7
EPSS
12.0%
CVE-2026-48319 CRITICAL Act Now

Arbitrary code execution in Adobe ColdFusion 2023 (through Update 21) and ColdFusion 2025 (through Update 10) is possible through a path traversal weakness that a low-privileged remote attacker can trigger without user interaction to run code in the context of the current user. The CVSS 9.9 rating reflects a scope change (S:C), meaning impact reaches beyond the vulnerable component. No public exploit is identified at time of analysis, and CISA SSVC currently records exploitation as none, though ColdFusion is a historically heavily targeted product.

Path Traversal RCE Coldfusion
NVD VulDB
CVSS 3.1
9.9
EPSS
0.9%
CVE-2026-54118 HIGH PATCH NEWS Exploit Unlikely This Week

Remote code execution in Microsoft SQL Server (2016 SP3 through 2025) allows an authenticated, low-privileged attacker to run arbitrary code on the database server by sending crafted data that the engine deserializes unsafely (CWE-502). Any account able to submit queries or data over the network to a vulnerable instance can achieve full compromise of confidentiality, integrity, and availability. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the CVSS 8.8 rating and the RCE-with-low-privilege profile make it a high-priority patch.

Deserialization Microsoft Sql Server 2016 Service Pack 3 Gdr Microsoft Sql Server 2016 Service Pack 3 Azure Connect Feature Pack Microsoft Sql Server 2017 Cu 31 Microsoft Sql Server 2017 Gdr +6
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2026-54117 HIGH PATCH NEWS Exploit Unlikely This Week

Remote code execution in Microsoft SQL Server 2025 (CU6 and the x64 GDR branch) lets an authenticated attacker run arbitrary code across the network by supplying maliciously crafted serialized data that the server deserializes without validation (CWE-502). The flaw was reported by Microsoft, carries a CVSS 3.1 base score of 8.8, and a vendor patch is available; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Deserialization Microsoft Sql Server 2025 Cu 6 Microsoft Sql Server 2025 For X64 Based Systems Gdr
NVD
CVSS 3.1
8.8
EPSS
1.3%
Page 1 of 20 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy