Live Latest activity →

Intel·AdvancedHEALTH Ransomware Attack by DragonForce (May 2026)

Recent Critical Vulnerabilities

The latest critical severity CVEs, sorted by publication date. 50 critical vulnerabilities tracked.

50

Critical CVEs

May 14

Latest Published

6

CVSS 10.0

CVE-2026-20182 May 14, 2026

Catalyst SD-WAN bypass grants admin access (CVE-2026-20182)

CVE-2026-42945 May 13, 2026

NGINX Plus heap overflow, unauth (CVE-2026-42945) [PoC]

CVE-2021-47932 May 10, 2026

WordPress TheCartPress creates admin accounts (CVE-2021-47932)

CVE-2021-47933 May 10, 2026

WordPress MStore API unauth RCE (CVE-2021-47933)

CVE-2021-47936 May 10, 2026

OpenCATS unauthenticated RCE (CVE-2021-47936)

CVE-2026-6722 May 10, 2026

PHP SOAP unauthenticated RCE (CVE-2026-6722)

CVE-2026-37431 May 8, 2026

Beauty Parlour SQLi reads database (CVE-2026-37431)

CVE-2026-41070 May 8, 2026

openvpn-auth-oauth2 bypasses SSO auth (CVE-2026-41070)

CVE-2026-41497 May 8, 2026

PraisonAI RCE, no auth needed (CVE-2026-41497)

CVSS 9.8 Praison Praisonai

CVE-2026-41500 May 8, 2026

electerm unauth command injection (CVE-2026-41500)

CVSS 9.8 Electerm Project Electerm

CVE-2026-41501 May 8, 2026

electerm unauthenticated RCE (CVE-2026-41501)

CVSS 9.8 Electerm Project Electerm

CVE-2026-41512 May 8, 2026

ai-scanner RCE via JavaScript injection (CVE-2026-41512)

CVE-2026-41574 May 8, 2026

Nhost account takeover via OAuth (CVE-2026-41574)

CVE-2026-42208 May 8, 2026

LiteLLM SQL injection exploited in wild (CVE-2026-42208) [PoC]

CVSS 9.8 Litellm

CVE-2026-42298 May 8, 2026

Postiz unauthenticated RCE via PR build (CVE-2026-42298)

CVE-2026-42454 May 8, 2026

Termix server RCE via shell injection (CVE-2026-42454)

CVE-2026-44335 May 8, 2026

PraisonAI SSRF via URL bypass (CVE-2026-44335)

CVSS 9.8 Praison Praisonaiagents

CVE-2026-44336 May 8, 2026

PraisonAI path traversal leads to RCE (CVE-2026-44336)

CVSS 9.6 Praison Praisonai

CVE-2026-44497 May 8, 2026

Zcash Zebra consensus split via sig (CVE-2026-44497)

CVSS 9.3 Zfnd Zebra-Script, Zfnd Zebrad

CVE-2026-33109 May 7, 2026

Azure Cassandra RCE, low-privilege (CVE-2026-33109)

CVSS 9.9 Microsoft Azure Managed Instance For Apache Cassandra

CVE-2026-33587 May 7, 2026

Open Notebook RCE via SSTI (CVE-2026-33587)

CVSS 10 Lfnovo Open-Notebook

CVE-2026-33823 May 7, 2026

Microsoft Teams information disclosure (CVE-2026-33823)

CVSS 9.6 Microsoft Teams

CVE-2026-35428 May 7, 2026

Azure Cloud Shell network spoofing (CVE-2026-35428)

CVSS 9.6 Microsoft Azure Cloud Shell

CVE-2026-37709 May 7, 2026

Snipe-IT unauth RCE via file upload (CVE-2026-37709)

CVE-2026-41902 May 7, 2026

FreeScout unauth takeover via expired invites (CVE-2026-41902)

CVE-2026-42826 May 7, 2026

Azure DevOps leaks credentials (CVE-2026-42826)

CVSS 10 Microsoft Azure Devops

CVE-2026-42880 May 7, 2026

Argo CD secret data leak (CVE-2026-42880)

CVE-2026-0300 May 6, 2026

PAN-OS unauth RCE exploited in the wild (CVE-2026-0300) [PoC]

CVSS 9.3 Paloaltonetworks Pan-os, Paloaltonetworks Pa-1410, Paloaltonetworks Pa-1420, Paloaltonetworks Pa-3410, Paloaltonetworks Pa-3420, Paloaltonetworks Pa-3430

CVE-2026-40010 May 6, 2026

Wicket session fixation, no patch yet (CVE-2026-40010)

CVSS 9.1 Apache Wicket

CVE-2026-40281 May 6, 2026

Gotenberg unauth file overwrite (CVE-2026-40281)

CVSS 10 Thecodingmachine Gotenberg

CVE-2026-41930 May 6, 2026

Vvveb hard-coded credentials leak DB (CVE-2026-41930)

CVE-2026-43581 May 6, 2026

OpenClaw exposes CDP relay traffic (CVE-2026-43581)

CVSS 9.6 Openclaw Openclaw

CVE-2026-5081 May 6, 2026

Perl session IDs leak authentication (CVE-2026-5081)

CVE-2026-7908 May 6, 2026

Google Chrome sandbox escape (CVE-2026-7908)

CVSS 9.6 Google Chrome, Apple Macos, Linux Kernel, Microsoft Windows

CVE-2026-24118 May 4, 2026

VM2 sandbox breakout, host RCE (CVE-2026-24118)

CVSS 9.8 Vm2 Project Vm2

CVE-2026-24120 May 4, 2026

vm2 sandbox escape RCE (CVE-2026-24120)

CVSS 9.8 Vm2 Project Vm2

CVE-2026-24781 May 4, 2026

vm2 sandbox escape RCE (CVE-2026-24781)

CVSS 9.8 Vm2 Project Vm2

CVE-2026-26332 May 4, 2026

vm2 sandbox escape RCE (CVE-2026-26332)

CVSS 9.8 Vm2 Project Vm2

CVE-2026-26956 May 4, 2026

vm2 sandbox full RCE escape (CVE-2026-26956)

CVSS 9.8 Vm2 Project Vm2

CVE-2026-42796 May 4, 2026

Arelle unauthenticated RCE (CVE-2026-42796)

CVE-2026-42809 May 4, 2026

Polaris leaks broad cloud credentials (CVE-2026-42809)

CVE-2026-42810 May 4, 2026

Apache Polaris leaks S3 cross-table data (CVE-2026-42810)

CVE-2026-42811 May 4, 2026

Polaris bucket-wide credential leak (CVE-2026-42811)

CVE-2026-42812 May 4, 2026

Apache Polaris writes metadata to attacker-chosen path (CVE-2026-42812)

CVE-2026-42472 May 1, 2026

MixPHP unauth RCE via deserialization (CVE-2026-42472)

CVE-2026-42473 May 1, 2026

MixPHP unauth RCE via deserialization (CVE-2026-42473)

CVE-2026-42483 May 1, 2026

hashcat heap overflow DoS or RCE (CVE-2026-42483)

CVSS 9.8 Hashcat Hashcat

CVE-2026-42778 May 1, 2026

Apache MINA IoBuffer RCE, patch bypass (CVE-2026-42778) [PoC]

CVSS 9.8 Apache Mina

CVE-2026-42779 May 1, 2026

MINA unauthenticated RCE via bad fix (CVE-2026-42779) [PoC]

CVSS 9.8 Apache Mina

CVE-2022-50993 Apr 30, 2026

Fanwei E-office unauth file upload RCE (CVE-2022-50993)

Browse all advisories