Active threat advisories and known exploited vulnerabilities.

Critical CVE-2026-41091 Microsoft · Defender Added May 20, 2026

Microsoft Defender Link Following Vulnerability

Microsoft Defender contains a link following vulnerability that allows an authorized attacker to elevate privileges locally.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2026-45498 Microsoft · Defender Added May 20, 2026

Microsoft Defender Denial of Service Vulnerability

Microsoft Defender contains an unspecified vulnerability that allows for denial of service.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2026-42897 Microsoft · Microsoft Added May 15, 2026

Microsoft Exchange Server Cross-Site Scripting Vulnerability

Microsoft Exchange Server contains a cross-site scripting vulnerability during web page generation in Outlook Web Access and when certain interaction conditions are met, arbitrary JavaScript can be executed in the browser context.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2026-20182 Cisco · Catalyst SD-WAN Added May 14, 2026

Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability

Cisco Catalyst SD-WAN Controller & Manager contain an authentication bypass vulnerability that allows an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2026-42208 BerriAI · LiteLLM Added May 8, 2026

BerriAI LiteLLM SQL Injection Vulnerability

BerriAI LiteLLM contains a SQL injection vulnerability that allows an attacker to read data from the proxy's database and potentially modify it, leading to unauthorized access to the proxy and the credentials it manages.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2026-6973 Ivanti · Endpoint Manager Mobile (EPMM) Added May 7, 2026

Ivanti Endpoint Manager Mobile (EPMM) Improper Input Validation Vulnerability

Ivanti Endpoint Manager Mobile (EPMM) contains an improper input validation vulnerability that allows a remotely authenticated user with administrative access to achieve remote code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2026-0300 Palo Alto Networks · PAN-OS Added May 6, 2026

Palo Alto Networks PAN-OS Out-of-bounds Write Vulnerability

Palo Alto Networks PAN-OS contains an out-of-bounds write vulnerability in the User-ID Authentication Portal (aka Captive Portal) service that can allow an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2026-31431 Linux · Kernel Added May 1, 2026

Linux Kernel Incorrect Resource Transfer Between Spheres Vulnerability

Linux Kernel contains an incorrect resource transfer between spheres vulnerability that could allow for privilege escalation.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2026-41940 WebPros · cPanel & WHM and WP2 (WordPress Squared) Added Apr 30, 2026

WebPros cPanel & WHM and WP2 (WordPress Squared) Missing Authentication for Critical Function Vulnerability

WebPros cPanel & WHM (WebHost Manager) and WP2 (WordPress Squared) contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2024-1708 ConnectWise · ScreenConnect Added Apr 28, 2026

ConnectWise ScreenConnect Path Traversal Vulnerability

ConnectWise ScreenConnect contains a path traversal vulnerability which could allow an attacker to execute remote code or directly impact confidential data and critical systems.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2026-32202 Microsoft · Windows Added Apr 28, 2026

Microsoft Windows Protection Mechanism Failure Vulnerability

Microsoft Windows Shell contains a protection mechanism failure vulnerability that allows an unauthorized attacker to perform spoofing over a network.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2025-29635 D-Link · DIR-823X Added Apr 24, 2026

D-Link DIR-823X Command Injection Vulnerability

D-Link DIR-823X contains a command injection vulnerability that allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /goform/set_prohibiting via the corresponding function. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2024-7399 Samsung · MagicINFO 9 Server Added Apr 24, 2026

Samsung MagicINFO 9 Server Path Traversal Vulnerability

Samsung MagicINFO 9 Server contains a path traversal vulnerability that could allow an attacker to write arbitrary files as system authority.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2024-57728 SimpleHelp · SimpleHelp Added Apr 24, 2026

SimpleHelp Path Traversal Vulnerability

SimpleHelp contains a path traversal vulnerability that allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e. zip slip). This can be exploited to execute arbitrary code on the host in the context of the SimpleHelp server user.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2024-57726 SimpleHelp · SimpleHelp Added Apr 24, 2026

SimpleHelp Missing Authorization Vulnerability

SimpleHelp contains a missing authorization vulnerability that could allow low-privileged technicians to create API keys with excessive permissions. These API keys can be used to escalate privileges to the server admin role.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2026-39987 Marimo · Marimo Added Apr 23, 2026

Marimo Remote Code Execution Vulnerability

Marimo contains an pre-authorization remote code execution vulnerability, allowing an unauthenticated attacked to shell access and execute arbitrary system commands.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2026-33825 Microsoft · Defender Added Apr 22, 2026

Microsoft Defender Insufficient Granularity of Access Control Vulnerability

Microsoft Defender contains an insufficient granularity of access control vulnerability that could allow an authorized attacker to escalate privileges locally.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2026-20122 Cisco · Catalyst SD-WAN Manger Added Apr 20, 2026

Cisco Catalyst SD-WAN Manager Incorrect Use of Privileged APIs Vulnerability

Cisco Catalyst SD-WAN Manager contains an incorrect use of privileged APIs vulnerability due to improper file handling on the API interface of an affected system. An attacker could exploit this vulnerability by uploading a malicious file on the local file system. A successful exploit could allow the attacker to overwrite arbitrary files on the affected system and gain vmanage user privileges.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2024-27199 JetBrains · TeamCity Added Apr 20, 2026

JetBrains TeamCity Relative Path Traversal Vulnerability

JetBrains TeamCity contains a relative path traversal vulnerability that could allow limited admin actions to be performed.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2025-32975 Quest · KACE Systems Management Appliance (SMA) Added Apr 20, 2026

Quest KACE Systems Management Appliance (SMA) Improper Authentication Vulnerability

Quest KACE Systems Management Appliance (SMA) contains an improper authentication vulnerability that could allow attackers to impersonate legitimate users without valid credentials.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2026-20128 Cisco · Catalyst SD-WAN Manager Added Apr 20, 2026

Cisco Catalyst SD-WAN Manager Storing Passwords in a Recoverable Format Vulnerability

Cisco Catalyst SD-WAN Manager contains a storing passwords in a recoverable format vulnerability that allows an authenticated, local attacker to gain DCA user privileges by accessing a credential file for the DCA user on the filesystem as a low-privileged user.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2023-27351 PaperCut · NG/MF Added Apr 20, 2026

PaperCut NG/MF Improper Authentication Vulnerability

PaperCut NG/MF contains an improper authentication vulnerability that could allow remote attackers to bypass authentication on affected installations via the SecurityRequestFilter class.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2025-48700 Synacor · Zimbra Collaboration Suite (ZCS) Added Apr 20, 2026

Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability

Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability that could allow attackers to execute arbitrary JavaScript within the user's session, potentially leading to unauthorized access to sensitive information.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2026-20133 Cisco · Catalyst SD-WAN Manager Added Apr 20, 2026

Cisco Catalyst SD-WAN Manager Exposure of Sensitive Information to an Unauthorized Actor Vulnerability

Cisco Catalyst SD-WAN Manager contains an exposure of sensitive information to an unauthorized actor vulnerability that could allow remote attackers to view sensitive information on affected systems.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2025-2749 Kentico · Kentico Xperience Added Apr 20, 2026

Kentico Xperience Path Traversal Vulnerability

Kentico Xperience contains a path traversal vulnerability that could allow an authenticated user's Staging Sync Server to upload arbitrary data to path relative locations.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed