#high
39 articles
CVE-2026-34197: Apache ActiveMQ Improper Input Validation Vulnerability
Apache ActiveMQ contains an improper input validation vulnerability that allows for code injection....
CVE-2026-34256: Missing Authorization Check in SAP ERP and SAP S/4HANA
Missing Authorization Check vulnerability in SAP ERP and SAP S/4HANA (Private Cloud and On-Premise) allows data manipulation and service disruption. Affects SAP_FIN 618-730, EA-FIN 617-700, S4CORE 102-109.
CVE-2012-1854: 2012 Vulnerability Now Actively Exploited (Microsoft)
Microsoft Visual Basic for Applications (VBA) contains an insecure library loading vulnerability that could allow for remote code execution....
CVE-2020-9715: 2020 Vulnerability Now Actively Exploited (Adobe)
Adobe Acrobat contains a use-after-free vulnerability that allows for code execution...
CVE-2023-21529: 2023 Vulnerability Now Actively Exploited (Microsoft)
Microsoft Exchange Server contains a deserialization of untrusted data that allows an authenticated attacker to achieve remote code execution....
CVE-2023-36424: 2023 Vulnerability Now Actively Exploited (Microsoft)
Microsoft Windows Common Log File System Driver contains an out-of-bounds read vulnerability that could allow a threat actor for privileges escalation...
CVE-2025-60710: Microsoft Windows Link Following Vulnerability
Microsoft Windows contains a link following vulnerability that allows for privilege escalation...
CVE-2026-0233 and CVE-2026-0234: Critical Vulnerabilities in Palo Alto Networks Cortex XSOAR, XSIAM and ADEM - Immediate Update Required
Two high severity vulnerabilities have been identified in Palo Alto Networks Cortex XSOAR, Cortex XSIAM, and ADEM. CVE-2026-0233 and CVE-2026-0234 could allow an unauthenticated attacker to bypass security mechanisms and execute arbitrary code on affected systems.
CVE-2026-4112: Critical Privilege Escalation Vulnerability in SonicWall SMA 1000 - Immediate Update Required
A privilege escalation vulnerability has been identified in SonicWall Secure Mobile Access (SMA) 1000 series devices. CVE-2026-4112 could allow a remote attacker to gain elevated privileges, potentially leading to system compromise and unauthorized access to network resources.
CVE-2026-3502: TrueConf Client Download of Code Without Integrity Check Vulnerability
TrueConf Client contains a download of code without integrity check vulnerability. An attacker who is able to influence the update delivery path can substitute a tampered update payload. If the payloa...
CVE-2026-5281: Google Dawn Use-After-Free Vulnerability
Google Dawn contains an use-after-free vulnerability that could allow a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. This vulnerability c...
CVE-2026-22558: Ubiquiti UniFi Network NoSQL Injection Vulnerability (CVSS 7.7)
NoSQL Injection vulnerability in Ubiquiti UniFi Network Application (CVSS 7.7) enables authenticated attackers to escalate privileges. When chained with CVE-2026-22557 (CVSS 10.0), it creates an attack chain leading to full system compromise.
CVE-2026-23554: Critical Citrix XenServer Vulnerability - Host Memory Leak from Guest VM
CVE-2026-23554 in Citrix XenServer 8.4 and earlier allows a privileged user within a guest VM to access portions of host memory, potentially leading to privilege escalation, information disclosure, or system availability compromise.
CVE-2026-20963: Microsoft SharePoint Deserialization of Untrusted Data Vulnerability
Microsoft SharePoint contains a deserialization of untrusted data vulnerability that allows an unauthorized attacker to execute code over a network....
CVE-2026-1603: Ivanti Endpoint Manager (EPM) Authentication Bypass Vulnerability
Ivanti Endpoint Manager (EPM) contains an authentication bypass using an alternate path or channel vulnerability that could allow a remote unauthenticated attacker to leak specific stored credential d...
CVE-2026-21385: Qualcomm Multiple Chipsets Memory Corruption Vulnerability
Multiple Qualcomm chipsets contain a memory corruption vulnerability while using alignments for memory allocation. ...
CVE-2026-25108: Soliton Systems K.K FileZen OS Command Injection Vulnerability
Soliton Systems K.K FileZen contains an OS command injection vulnerability when an user logs-in to the affected product and sends a specially crafted HTTP request....
CVE-2026-2441: Google Chromium CSS Use-After-Free Vulnerability
Google Chromium CSS contains a use-after-free vulnerability that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple ...
CVE-2026-20700: Apple Multiple Buffer Overflow Vulnerability
Apple iOS, macOS, tvOS, watchOS, and visionOS contain an improper restriction of operations within the bounds of a memory buffer vulnerability that could allow an attacker with memory write the capabi...
CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability
Microsoft Windows Shell contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network. ...
CVE-2026-21513: Microsoft Internet Explorer Protection Mechanism Failure Vulnerability
Microsoft Internet Explorer contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network....
CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability
Microsoft Office Word contains a reliance on untrusted inputs in a security decision vulnerability that could allow an authorized attacker to elevate privileges locally....
CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability
Microsoft Desktop Windows Manager contains a type confusion vulnerability that could allow an authorized attacker to elevate privileges locally....
CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability
Microsoft Windows Remote Desktop Services contains an improper privilege management vulnerability that could allow an authorized attacker to elevate privileges locally....
CVE-2026-21509: Microsoft Office Security Feature Bypass Vulnerability
Microsoft Office contains a security feature bypass vulnerability in which reliance on untrusted inputs in a security decision in Microsoft Office could allow an unauthorized attacker to bypass a secu...
CVE-2025-31277: Apple Multiple Products Buffer Overflow Vulnerability
Apple Safari, iOS, watchOS, visionOS, iPadOS, macOS, and tvOS contain a buffer overflow vulnerability that could allow the processing of maliciously crafted web content which may lead to memory corrup...
CVE-2025-43510: Apple Multiple Products Improper Locking Vulnerability
Apple watchOS, iOS, iPadOS, macOS, visionOS, and tvOS contain an improper locking vulnerability that could allow a malicious application to cause unexpected changes in memory shared between processes....
CVE-2025-43520: Apple Multiple Products Classic Buffer Overflow Vulnerability
Apple watchOS, iOS, iPadOS, macOS, visionOS, tvOS, and iPadOS contain a classic buffer overflow vulnerability which could allow a malicious application to cause unexpected system termination or write ...
CVE-2025-66376: Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting Vulnerability
Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability in the Classic UI where attackers could abuse Cascading Style Sheets (CSS) @import directives in email HTML....
CVE-2025-68461: RoundCube Webmail Cross-site Scripting Vulnerability
RoundCube Webmail contains a cross-site scripting vulnerability via the animate tag in an SVG document....
CVE-2025-40536: SolarWinds Web Help Desk Security Control Bypass Vulnerability
SolarWinds Web Help Desk contains a security control bypass vulnerability that could allow an unauthenticated attacker to gain access to certain restricted functionality....
CVE-2025-64328: Sangoma FreePBX OS Command Injection Vulnerability
Sangoma FreePBX Endpoint Manager contains an OS command injection vulnerability that could allow for a post-authentication command injection by an authenticated known user via the testconnection -> ch...
CVE-2021-22054: 2021 Vulnerability Now Actively Exploited (Omnissa)
Omnissa Workspace One UEM contains a server-side request forgery (SSRF) vulnerability that could allow a malicious actor with network access to UEM to send t...
CVE-2021-30952: 2021 Vulnerability Now Actively Exploited (Apple)
Apple tvOS, macOS, Safari, iPadOS and watchOS contain an integer overflow or wraparound vulnerability due to the processing of maliciously crafted web content that may lead to arbitrary code execution...
CVE-2023-41974: 2023 Vulnerability Now Actively Exploited (Apple)
Apple iOS and iPadOS contain a use-after-free vulnerability. An app may be able to execute arbitrary code with kernel privileges....
CVE-2023-43000: 2023 Vulnerability Now Actively Exploited (Apple)
Apple macOS, iOS, iPadOS, and Safari 16.6 contain a use-after-free vulnerability due to the processing of maliciously crafted web content that may lead to memory corruption....
CVE-2022-20775: 2022 Vulnerability Now Actively Exploited (Cisco)
Cisco SD-WAN CLI contains a path traversal vulnerability that could allow an authenticated local attacker to gain elevated privileges via improper access controls on commands within the application CL...
CVE-2024-7694: 2024 Vulnerability Now Actively Exploited (TeamT5)
TeamT5 ThreatSonar Anti-Ransomware contains an unrestricted upload of file with dangerous type vulnerability. ThreatSonar Anti-Ransomware does not properly validate the content of uploaded files. Remo...
CVE-2018-14634: 2018 Vulnerability Now Actively Exploited (Linux)
Linux Kernel contains an integer overflow vulnerability in the create_elf_tables() function which could allow an unprivileged local user with access to SUID (or otherwise privileged) binary to escalat...