Vulnerabilities (CVE)
Actively exploited or maximum-severity vulnerabilities.
CVE-2026-0300
Palo Alto Networks PAN-OS contains an out-of-bounds write vulnerability in the User-ID Authentication Portal (aka Captive Portal) service that can allow an unauthenticated attacker to execute arbitrary code with root pri…
A critical vulnerability in Palo Alto Networks PAN-OS firewalls allows unauthenticated attackers to execute arbitrary code with root privileges. This issue is confirmed to be actively exploited in the wild. Admins should prioritize patching PA-Series and VM-Series appliances or restricting Authentication Portal access to trusted internal IP addresses immediately.
CVE-2026-31431
Linux Kernel contains an incorrect resource transfer between spheres vulnerability that could allow for privilege escalation.
A privilege escalation vulnerability in the Linux kernel crypto subsystem is being actively exploited in the wild. This affects most major Linux distributions including Ubuntu, RHEL, and Amazon Linux, and requires an immediate kernel update to mitigate risk.
CVE-2026-41940
WebPros cPanel & WHM (WebHost Manager) and WP2 (WordPress Squared) contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control…
A critical authentication bypass vulnerability has been identified in cPanel, WHM, and WP Squared. Unauthenticated remote attackers can gain full access to the control panel. This vulnerability is confirmed to be under active exploitation in the wild and requires immediate patching.
CVE-2026-32202
Microsoft Windows Shell contains a protection mechanism failure vulnerability that allows an unauthorized attacker to perform spoofing over a network.
Microsoft Windows Shell contains a protection mechanism failure being actively exploited in the wild. This vulnerability allows an attacker to perform spoofing over a network, and users should ensure their Windows systems are fully patched to the latest security update.
CVE-2024-1708
ConnectWise ScreenConnect contains a path traversal vulnerability which could allow an attacker to execute remote code or directly impact confidential data and critical systems.
ConnectWise ScreenConnect is vulnerable to a path traversal flaw that can lead to remote code execution. This vulnerability is currently being exploited in the wild, and users are urged to update to version 23.9.8 or later immediately.
CVE-2025-29635
D-Link DIR-823X contains a command injection vulnerability that allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /goform/set_prohibiting via the corresponding fun…
D-Link DIR-823X routers contain a command injection vulnerability in the /goform/set_prohibiting endpoint. This vulnerability is currently being exploited in the wild according to CISA, and users are advised to discontinue use of these potentially end-of-life devices or update immediately.
CVE-2024-57728
SimpleHelp contains a path traversal vulnerability that allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e. zip slip). This can be exploited to execute arbitrary…
SimpleHelp remote support software (v5.5.7 and earlier) is being actively exploited via a Zip Slip vulnerability. Authenticated admin users can upload crafted zip files to achieve remote code execution on the server. CISA has confirmed active exploitation in the wild, making this a priority for any organization self-hosting SimpleHelp for remote support.
CVE-2024-57726
SimpleHelp contains a missing authorization vulnerability that could allow low-privileged technicians to create API keys with excessive permissions. These API keys can be used to escalate privileges to the server admin r…
SimpleHelp remote support software contains a critical vulnerability allowing low-privileged technicians to escalate privileges to server administrator via malicious API key creation. This flaw is currently being exploited in the wild according to CISA, and users should update to a patched version immediately.
CVE-2024-7399
Samsung MagicINFO 9 Server contains a path traversal vulnerability that could allow an attacker to write arbitrary files as system authority.
Samsung MagicINFO 9 Server is being actively exploited in the wild. A path traversal vulnerability allows attackers to write arbitrary files as system authority, which can be used to achieve remote code execution and full system compromise.
CVE-2026-39987
Marimo contains an pre-authorization remote code execution vulnerability, allowing an unauthenticated attacked to shell access and execute arbitrary system commands.
Marimo, a reactive Python notebook, has a critical pre-authentication remote code execution (RCE) vulnerability in its terminal WebSocket endpoint. Attackers can gain full shell access and execute arbitrary system commands without credentials. This vulnerability is being actively exploited in the wild, and users should update to version 0.23.0 immediately.
CVE-2026-40912
Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a high severity authentication bypass vulnerability in Traefik's StripPrefixRegex middleware when used in co…
A high-severity authentication bypass has been found in Traefik's StripPrefixRegex middleware. By crafting specific URL paths using dot-segments, attackers can bypass BasicAuth, DigestAuth, or ForwardAuth protections to reach sensitive backend routes. If you use Traefik as an ingress or reverse proxy to protect private services, upgrade to version 2.11.43, 3.6.14, or 3.7.0-rc.2 immediately.
CVE-2026-39858
Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a high severity authentication bypass vulnerability in Traefik's ForwardAuth and snippet-based authenticatio…
Traefik versions prior to 2.11.43 and 3.6.14 contain a critical authentication bypass in the ForwardAuth middleware. Attackers can bypass authentication on protected routes by using unsanitized headers with underscores (e.g., X_Forwarded_Proto) to spoof trusted identity context to backend services.
CVE-2026-35051
Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is an authentication bypass vulnerability in Traefik's ForwardAuth middleware when trustForwardHeader=false is…
Traefik, a popular reverse proxy and load balancer, contains a critical authentication bypass vulnerability in its ForwardAuth middleware. Impact occurs when Traefik is behind a trusted upstream proxy with specific configurations, potentially allowing unauthorized access to backend services. Users should update to versions 2.11.43, 3.6.14, or 3.7.0-rc.2 immediately.
CVE-2026-30893
Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.4.0 to before version 4.14.4, a path traversal vulnerability in Wazuh's cluster synchronization extraction rout…
Wazuh versions 4.4.0 through 4.14.3 contain a path traversal vulnerability in the cluster synchronization routine. An authenticated cluster peer can write arbitrary files to other nodes, potentially leading to remote code execution and full system compromise by overwriting Python modules. Users should upgrade to 4.14.4 immediately.
CVE-2026-35431
Server-side request forgery (ssrf) in Microsoft Entra ID Entitlement Management allows an unauthorized attacker to perform spoofing over a network.
A critical server-side request forgery (SSRF) vulnerability in Microsoft Entra ID (formerly Azure AD) Entitlement Management allows an unauthorized attacker to perform network-based spoofing. With a CVSS score of 10.0, this represents a major security risk for any environment relying on Entra ID for identity management.
CVE-2026-33819
Deserialization of untrusted data in Microsoft Bing allows an unauthorized attacker to execute code over a network.
A critical deserialization vulnerability (CVSS 10.0) has been identified in Microsoft Bing. This flaw allows an unauthorized attacker to execute arbitrary code over a network without authentication, posing a severe risk to the platform's security.