Live Latest activity →

Intel·AdvancedHEALTH Ransomware Attack by DragonForce (May 2026)

Top Critical CVEs

The highest severity vulnerabilities ranked by CVSS score. 50 critical advisories tracked, with scores up to 10.

50

Critical CVEs

10

Highest CVSS

50

Perfect 10.0

CVE-2026-20182 May 14, 2026

Catalyst SD-WAN bypass grants admin access (CVE-2026-20182)

CVE-2026-41070 May 8, 2026

openvpn-auth-oauth2 bypasses SSO auth (CVE-2026-41070)

CVE-2026-42298 May 8, 2026

Postiz unauthenticated RCE via PR build (CVE-2026-42298)

CVE-2026-33587 May 7, 2026

Open Notebook RCE via SSTI (CVE-2026-33587)

CVSS 10 Lfnovo Open-Notebook

CVE-2026-42826 May 7, 2026

Azure DevOps leaks credentials (CVE-2026-42826)

CVSS 10 Microsoft Azure Devops

CVE-2026-40281 May 6, 2026

Gotenberg unauth file overwrite (CVE-2026-40281)

CVSS 10 Thecodingmachine Gotenberg

CVE-2026-33453 Apr 27, 2026

Camel CoAP unauthenticated RCE (CVE-2026-33453) [PoC]

CVSS 10 Apache Camel

CVE-2026-33819 Apr 23, 2026

Microsoft Bing unauthenticated RCE (CVE-2026-33819)

CVSS 10 Microsoft Bing

CVE-2026-35431 Apr 23, 2026

Entra ID SSRF allows spoofing (CVE-2026-35431)

CVSS 10 Microsoft Entra Id

CVE-2026-41679 Apr 23, 2026

Paperclip unauthenticated remote code execution (CVE-2026-41679)

CVSS 10 Paperclip Paperclipai, Paperclip Paperclipai\/server

CVE-2026-40911 Apr 21, 2026

AVideo unauthenticated XSS takeover (CVE-2026-40911)

CVSS 10 Wwbn Avideo

CVE-2026-4149 Apr 11, 2026

Sonos Era 300 unauthenticated SMB RCE (CVE-2026-4149)

CVSS 10 Sonos Era 300 Firmware, Sonos Era 300

CVE-2026-40175 Apr 10, 2026

Axios Prototype Pollution leads to RCE (CVE-2026-40175) [PoC]

CVSS 10 Axios Axios

CVE-2026-39337 Apr 7, 2026

ChurchCRM unauthenticated RCE (CVE-2026-39337)

CVSS 10 Churchcrm Churchcrm

CVE-2025-54328 Apr 6, 2026

Samsung Exynos SMS Buffer Overflow (CVE-2025-54328) [PoC]

CVSS 10 Samsung Exynos 980 Firmware, Samsung Exynos 980, Samsung Exynos 990 Firmware, Samsung Exynos 990, Samsung Exynos 850 Firmware, Samsung Exynos 850

CVE-2026-34208 Apr 6, 2026

SandboxJS Sandbox Escape (CVE-2026-34208)

CVSS 10 Nyariv Sandboxjs

CVE-2026-34976 Apr 6, 2026

Dgraph Unauthenticated Database Overwrite (CVE-2026-349

CVSS 10 Dgraph Dgraph

CVE-2026-32213 Apr 3, 2026

Azure AI Foundry Privilege Escalation (CVE-2026-32213)

CVSS 10 Microsoft Azure Ai Foundry

CVE-2026-33105 Apr 3, 2026

Azure Kubernetes Privilege Escalation (CVE-2026-33105)

CVSS 10 Microsoft Azure Kubernetes Service

CVE-2026-33107 Apr 3, 2026

Azure Databricks SSRF (CVE-2026-33107)

CVSS 10 Microsoft Azure Databricks

CVE-2026-34938 Apr 3, 2026

PraisonAI Critical RCE (CVE-2026-34938)

CVSS 10 Praison Praisonaiagents

CVE-2025-15379 Mar 30, 2026

Software Command Injection (CVE-2025-15379) - Patch Now

CVSS 10 Lfprojects Mlflow

CVE-2026-30302 Mar 27, 2026

Software Command Injection (CVE-2026-30302) - Patch Now

CVSS 10 Coderider-kilo Coderider

CVE-2026-4688 Mar 24, 2026

Firefox Use-After-Free (CVE-2026-4688)

CVSS 10 Mozilla Firefox

CVE-2026-4725 Mar 24, 2026

Firefox Use-After-Free (CVE-2026-4725)

CVSS 10 Mozilla Firefox

CVE-2026-33478 Mar 23, 2026

WWBN AVideo RCE (CVE-2026-33478)

CVSS 10 Wwbn Avideo

CVE-2026-3587 Mar 23, 2026

Linux Vulnerability (CVE-2026-3587)

CVE-2026-33054 Mar 20, 2026

Python Path Traversal (CVE-2026-33054)

CVSS 10 Mesop-dev Mesop

CVE-2026-32169 Mar 19, 2026

Software SSRF Flaw (CVE-2026-32169) - Patch Now

CVSS 10 Microsoft Azure Cloud Shell

CVE-2026-26954 Mar 13, 2026

CVE-2026-26954: SandboxJS

CVE-2026-31852 Mar 11, 2026

iOS RCE (CVE-2026-31852)

CVSS 10 iOS, GitHub

CVE-2026-31957 Mar 11, 2026

Microsoft Vulnerability (CVE-2026-31957)

CVSS 10 Microsoft, Azure

CVE-2025-48611 Mar 10, 2026

CVE-2025-48611: In DeviceId

CVE-2026-30966 Mar 10, 2026

Node.js RCE (CVE-2026-30966)

CVSS 10 Node.js

CVE-2026-0848 Mar 5, 2026

CVE-2026-0848: NLTK [PoC]

CVE-2026-20079 Mar 4, 2026

Cisco Vulnerability (CVE-2026-20079) [PoC]

CVE-2026-20131 Mar 4, 2026

Cisco Vulnerability (CVE-2026-20131) [PoC]

CVSS 10 Cisco, Java

CVE-2026-28289 Mar 3, 2026

CVE-2026-28289: Php [PoC]

CVSS 10 PHP, Laravel

CVE-2026-21718 Feb 27, 2026

Software Authentication Bypass (CVE-2026-21718) - Patch Now

CVSS 10 Copeland Xweb 300d Pro Firmware, Copeland Xweb 300d Pro, Copeland Xweb 500d Pro Firmware, Copeland Xweb 500d Pro, Copeland Xweb 500b Pro Firmware, Copeland Xweb 500b Pro

CVE-2026-28409 Feb 27, 2026

CVE-2026-28409: WeGIA RCE — Critical — Patch Now

CVSS 10 Wegia Wegia

CVE-2026-20127 Feb 25, 2026

Cisco Vulnerability (CVE-2026-20127) [PoC]

CVE-2026-27597 Feb 25, 2026

Enclave sandbox escape lets attackers run code

CVE-2026-23693 Feb 23, 2026

Wordpress Vulnerability (CVE-2026-23693)

CVSS 10 WordPress

CVE-2021-35402 Feb 20, 2026

Software Command Injection Flaw (CVE-2021-35402) - Patch Now

CVE-2025-30411 Feb 20, 2026

Linux Vulnerability (CVE-2025-30411)

CVSS 10 Windows, Linux

CVE-2025-30412 Feb 20, 2026

Linux Vulnerability (CVE-2025-30412)

CVSS 10 Windows, Linux

CVE-2025-30416 Feb 20, 2026

Linux Vulnerability (CVE-2025-30416)

CVSS 10 Windows, Linux

CVE-2025-12107 Feb 19, 2026

WSO2 Identity Server: admin RCE (CVE-2025-12107)

CVSS 10 Wso2 Identity Server

CVE-2025-14009 Feb 18, 2026

NLTK Downloader Zip Slip RCE (CVE-2025-14009)

CVSS 10 Nltk Nltk

CVE-2026-22769 Feb 17, 2026

CVE-2026-22769: Dell — Actively Exploited

Browse all advisories