tag
Active-Exploitation
Critical
Fortinet FortiClient EMS Pre-Auth Bypass — "FortiBleed" (CVE-2026-35616)
CVE-2026-35616·
Fortinet FortiClient Endpoint Management Server (EMS)
unpatched
High
Citrix NetScaler ADC/Gateway Pre-Auth SAML Memory Overread — "CitrixBleed"-style Leak (CVE-2026-8451)
CVE-2026-8451·
Citrix NetScaler ADC and NetScaler Gateway
unpatched
Critical
Unauthenticated RCE in Mirasvit Full Page Cache Warmer for Magento 2 (CVE-2026-45247)
CVE-2026-45247·
Mirasvit Full Page Cache Warmer extension for Magento 2
unpatched
Critical
Unauthenticated RCE in Joomla Content Editor (JCE) Profile Import (CVE-2026-48907)
CVE-2026-48907·
Joomla Content Editor (JCE) extension by Widget Factory
unpatched
High
Google Chromium V8 Out-of-Bounds Read/Write — Crash PoC (CVE-2026-11645)
CVE-2026-11645·
Google Chrome / Chromium — V8 JavaScript and WebAssembly engine
unpatched
Critical
Cisco Unified CM WebDialer SSRF to Arbitrary File Write / RCE (CVE-2026-20230)
CVE-2026-20230·
Cisco Unified Communications Manager (Unified CM) and Unified CM Session Management Edition (SME)
unpatched
Medium
Cisco Catalyst SD-WAN Manager Arbitrary File Write (CVE-2026-20262)
CVE-2026-20262·
Cisco Catalyst SD-WAN Manager (formerly SD-WAN vManage)
unpatched
Critical
GNU Inetutils telnetd Unauthenticated Root RCE via NEW-ENVIRON (CVE-2026-24061)
CVE-2026-24061·
GNU Inetutils telnetd
patched
Critical
Ivanti Connect Secure Pre-Auth RCE (Stack Overflow)
CVE-2025-0282·
Ivanti Connect Secure, Ivanti Policy Secure, Ivanti ZTA Gateways
unpatched
Critical
Fortinet FortiCloud SSO Authentication Bypass
CVE-2025-59718, CVE-2025-59719 (Advisory: FG-IR-25-647)·
Fortinet FortiOS, FortiProxy, FortiSwitchManager (FortiCloud SSO feature)
unpatched