tag
Pre-Auth
Critical
Splunk Enterprise Pre-Auth RCE via PostgreSQL Sidecar (CVE-2026-20253)
CVE-2026-20253·
Splunk Enterprise
patched
Critical
Ivanti Sentry Pre-Auth RCE + Auth Bypass (CVE-2026-10520 / CVE-2026-10523)
CVE-2026-10520, CVE-2026-10523·
Ivanti Sentry (formerly MobileIron Sentry)
patched
High
Next.js RSC Server-Action DoS via Flight Deserialization (CVE-2026-23870)
CVE-2026-23870·
Next.js App Router (React server-action / RSC reply parser)
unpatched
Critical
Ivanti Connect Secure Pre-Auth RCE (Stack Overflow)
CVE-2025-0282·
Ivanti Connect Secure, Ivanti Policy Secure, Ivanti ZTA Gateways
unpatched
Critical
Erlang/OTP SSH Pre-Auth RCE - CVE-2025-32433
CVE-2025-32433·
Erlang/OTP SSH server daemon
patched
Critical
Apache httpd mod_http2 Double-Free Pre-Auth RCE - CVE-2026-23918
CVE-2026-23918·
Apache HTTP Server (httpd) with mod_http2
patched