cve 59

• FortiClient EMS Auth Bypass CVE-2026-35616 Actively Exploited to Deploy EKZ Credential Stealer May 28, 2026
• Gitea CVE-2026-27771: Unauthenticated Attackers Can Pull Private Container Images May 27, 2026
• KnowledgeDeliver LMS Zero-Day Exploited to Deploy Godzilla Web Shell and Cobalt Strike May 25, 2026
• LiteSpeed cPanel Plugin CVE-2026-48172 Actively Exploited for Root Privilege Escalation May 23, 2026
• Langflow CVE-2025-34291 (CVSS 9.4) Added to CISA KEV Under Active Exploitation May 21, 2026
• Cisco Patches CVSS 10.0 Flaw in Secure Workload REST API May 21, 2026
• CISA Adds 7 Known Exploited Vulnerabilities Including Active Microsoft Defender Flaws May 20, 2026
• ExifTool CVE-2026-3102: Malicious Image File Triggers macOS Compromise May 20, 2026
• Windows Zero-Day Barrage: YellowKey, GreenPlasma, and MiniPlasma Disclosed Post-Patch Tuesday May 19, 2026
• DirtyDecrypt PoC Published for Patched Linux Kernel LPE CVE-2026-31635 May 19, 2026
• ScadaBR 1.2.0 Hit by Four CVEs Including Unauthenticated RCE (CVSS 9.1) May 19, 2026
• Drupal Warns of Critical Core Patch on May 20 — Exploits Expected Within Hours May 19, 2026
• DirtyDecrypt: Public PoC Released for Linux Kernel Root Escalation Flaw May 18, 2026
• Microsoft Exchange CVE-2026-42897 Zero-Day Exploited via Crafted Email May 14, 2026
• Cisco SD-WAN CVE-2026-20182 Added to CISA KEV; Sixth Exploited SD-WAN Zero-Day in 2026 May 14, 2026
• Fragnesia Linux Kernel LPE (CVE-2026-46300) Grants Root via Page Cache Corruption May 14, 2026
• 18-Year-Old NGINX Rewrite Module Bug Enables Unauthenticated RCE May 13, 2026
• Critical Exim Mail Server Flaw Allows Unauthenticated Remote Code Execution May 13, 2026
• May 2026 Patch Tuesday: 138 CVEs Including Critical Zero-Click Outlook Flaw CVE-2026-40361 May 13, 2026
• Fortinet Patches Critical RCE Flaws in FortiSandbox and FortiAuthenticator May 12, 2026
• Ollama "Bleeding Llama" CVE-2026-7482: Unauthenticated Remote Memory Leak May 10, 2026
• cPanel and WHM Patch Three Vulnerabilities Including RCE and Privilege Escalation May 9, 2026
• CISA Adds BerriAI LiteLLM SQL Injection to Known Exploited Vulnerabilities May 8, 2026
• Dirty Frag Linux Zero-Day Gives Root on All Major Distributions May 8, 2026
• PAN-OS Zero-Day CVE-2026-0300 Enables Unauthenticated RCE via Captive Portal May 6, 2026
• Palo Alto PAN-OS RCE Zero-Day CVE-2026-0300 Actively Exploited May 5, 2026
• MetInfo CMS CVE-2026-29014 Under Active Exploitation — Unauthenticated RCE (CVSS 9.8) May 5, 2026
• Weaver E-cology CVE-2026-22679 Actively Exploited — CVSS 9.8 Unauthenticated RCE via Debug API May 5, 2026
• 'Copy Fail' Linux Flaw Hits CISA KEV as Active Exploitation Begins May 4, 2026
• Critical cPanel Flaw CVE-2026-41940 Mass-Exploited in "Sorry" Ransomware Attacks May 2, 2026
• Critical cPanel and WHM Auth Bypass CVE-2026-41940 Exploited as Zero-Day Since February Apr 30, 2026
• Linux 'Copy Fail' CVE-2026-31431 Enables Root on All Major Distros Since 2017 Apr 30, 2026
• Google Patches CVSS 10 Gemini CLI RCE Enabling Supply-Chain Code Execution Apr 30, 2026
• GitHub RCE Flaw CVE-2026-3854 Exposed Millions of Private Repositories Apr 29, 2026
• 38 Vulnerabilities in OpenEMR Allow Access to and Modification of Patient Data Apr 29, 2026
• CISA Adds Actively Exploited ConnectWise ScreenConnect and Windows Flaws to KEV Apr 29, 2026
• Critical GitHub RCE CVE-2026-3854 Exposed Millions of Repositories Apr 28, 2026
• LiteLLM CVE-2026-42208 SQL Injection Exploited Within 36 Hours of Disclosure Apr 28, 2026
• LiteLLM CVE-2026-42208 SQL Injection Under Active Exploit Within 36 Hours Apr 28, 2026
• 15-Year-Old OpenSSH Flaw Allowed Full Root Shell Access via Certificate Principal Parsing Bug Apr 27, 2026
• CVE-2026-6770: Firefox Flaw Enables Fingerprinting and Deanonymization of Tor Browser Users Apr 27, 2026
• Hackers Actively Exploiting Unauthenticated File Upload Bug in Breeze Cache WordPress Plugin Apr 24, 2026
• LMDeploy CVE-2026-33626 SSRF Exploited in the Wild Within 13 Hours of Disclosure Apr 24, 2026
• Checkmarx Supply Chain Attack Compromises Bitwarden CLI and KICS Analysis Tool Apr 23, 2026
• Microsoft Defender Zero-Day Exploited to Dump NTLM Hashes and Gain SYSTEM Privileges Apr 23, 2026
• Microsoft Issues Emergency Out-of-Band Patches for Critical ASP.NET Core Privilege Escalation Apr 22, 2026
• Over 1,300 SharePoint Servers Still Exposed to Actively Exploited Spoofing Zero-Day Apr 21, 2026
• CVE-2026-1731: Critical Bomgar RMM RCE Actively Exploited to Spread Ransomware Apr 21, 2026
• Splunk Enterprise Patches RCE Flaw Exploitable by Low-Privileged Users via File Upload Apr 16, 2026
• CVE-2026-33032 (MCPwn): Critical Nginx UI Authentication Bypass Actively Exploited Apr 15, 2026
• Fortinet Patches Critical FortiSandbox Vulnerabilities Enabling Auth Bypass and RCE Apr 15, 2026
• April 2026 Patch Tuesday: SharePoint Zero-Day Among 167 CVEs Fixed Apr 14, 2026
• ShowDoc RCE Flaw CVE-2025-0520 Actively Exploited on Unpatched Servers Apr 13, 2026
• Critical wolfSSL Vulnerability Allows ECDSA Signature Forgery and Certificate Bypass Apr 13, 2026
• Adobe Patches Actively Exploited Acrobat Reader RCE — CVE-2026-34621 Apr 11, 2026
• Palo Alto Networks and SonicWall Patch High-Severity Privilege Escalation Bugs Apr 9, 2026
• Adobe Reader Zero-Day Exploited via Malicious PDFs Since December 2025 Apr 9, 2026
• Apache ActiveMQ Classic Carries 13-Year-Old RCE Risk via Unauthenticated Jolokia API Apr 8, 2026
• CVE-2026-1337 — RCE in Widely-Used Python ORM Apr 7, 2026