tag
Unauthenticated
Critical
Langflow Missing-Authentication Remote Code Execution (CVE-2025-3248)
CVE-2025-3248·
Langflow (open-source AI/LLM workflow builder)
patched
High
Citrix NetScaler ADC/Gateway Pre-Auth SAML Memory Overread — "CitrixBleed"-style Leak (CVE-2026-8451)
CVE-2026-8451·
Citrix NetScaler ADC and NetScaler Gateway
unpatched
Critical
Unauthenticated RCE in Mirasvit Full Page Cache Warmer for Magento 2 (CVE-2026-45247)
CVE-2026-45247·
Mirasvit Full Page Cache Warmer extension for Magento 2
unpatched
Critical
Unauthenticated RCE in Joomla Content Editor (JCE) Profile Import (CVE-2026-48907)
CVE-2026-48907·
Joomla Content Editor (JCE) extension by Widget Factory
unpatched
High
PAN-OS GlobalProtect Authentication Bypass via Forged Cookie (CVE-2026-0257)
CVE-2026-0257·
Palo Alto Networks PAN-OS — GlobalProtect portal and gateway (also affects certain Prisma Access deployments)
unpatched
Critical
SP Page Builder (Joomla) Unauthenticated File Upload RCE (CVE-2026-48908)
CVE-2026-48908·
SP Page Builder extension for Joomla (joomshaper.net)
patched
Critical
libssh2 SSH Packet Length OOB Heap Write / Unauthenticated RCE (CVE-2026-55200)
CVE-2026-55200·
libssh2 (SSH client library)
patched
Critical
GNU Inetutils telnetd Unauthenticated Root RCE via NEW-ENVIRON (CVE-2026-24061)
CVE-2026-24061·
GNU Inetutils telnetd
patched
Critical
GeoVision GV-I/O Box 4E DVRSearch Unauthenticated Stack Buffer Overflow RCE (CVE-2026-12485)
CVE-2026-12485·
GeoVision GV-I/O Box 4E (Linux-based smart embedded I/O device)
patched
Critical
Splunk Enterprise Pre-Auth RCE via PostgreSQL Sidecar (CVE-2026-20253)
CVE-2026-20253·
Splunk Enterprise
patched
Critical
Check Point Remote Access VPN IKEv1 Auth Bypass (CVE-2026-50751)
CVE-2026-50751·
Check Point Remote Access VPN / Mobile Access / Spark Firewall
patched
Critical
Netlogon CLDAP Stack Buffer Overflow (CVE-2026-41089)
CVE-2026-41089·
Microsoft Windows Netlogon (Domain Controller CLDAP path)
patched
Critical
Drupal Core PostgreSQL SQL Injection (CVE-2026-9082)
CVE-2026-9082 / SA-CORE-2026-004·
Drupal Core
unpatched
Critical
TossUp — TerraMaster TOS Unauthenticated Redis Root RCE + NFS LPE
N/A (vendor confirmed TOS4 is EOL; no fix planned)·
TerraMaster TOS3_A1.0 4.2.41, Redis 4.0.10
unpatched
High
Chrome WebGPU Use-After-Free (CVE-2026-5281)
CVE-2026-5281·
Google Chrome / Chromium WebGPU (Dawn backend)
unpatched
Critical
ToolShell - SharePoint Unauthenticated RCE Chain
CVE-2025-53770, CVE-2025-53771, CVE-2025-49704, CVE-2025-49706·
Microsoft SharePoint Server
patched
Critical
React2Shell - Next.js RSC Unauthenticated RCE
CVE-2025-55182·
Next.js (App Router with React Server Components), React
patched
Critical
Palo Alto PAN-OS GlobalProtect Unauthenticated RCE (CVE-2024-3400)
CVE-2024-3400·
Palo Alto Networks PAN-OS GlobalProtect gateway
patched
Low
Next.js x-nextjs-data Cache Poisoning (CVE-2026-44572)
CVE-2026-44572·
Next.js Pages Router (redirect handling via middleware or next.config.js)
patched
High
Next.js WebSocket Upgrade SSRF (Self-Hosted) (CVE-2026-44578)
CVE-2026-44578·
Next.js standalone router server (next start)
unpatched
High
Next.js RSC Server-Action DoS via Flight Deserialization (CVE-2026-23870)
CVE-2026-23870·
Next.js App Router (React server-action / RSC reply parser)
unpatched
Medium
Next.js RSC Response Cache Poisoning (CVE-2026-44576)
CVE-2026-44576·
Next.js App Router deployments using React Server Components (RSC) behind shared caches
patched
Low
Next.js RSC Cache-Busting Weak Hash Collision (CVE-2026-44582)
CVE-2026-44582·
Next.js App Router
patched
Medium
Next.js Image Optimization API OOM DoS (Self-Hosted) (CVE-2026-44577)
CVE-2026-44577·
Next.js Image Optimization API (/_next/image) on self-hosted deployments
unpatched
High
Next.js i18n Middleware Bypass (CVE-2026-44573)
CVE-2026-44573·
Next.js Pages Router with i18n configuration
unpatched
High
Next.js Dynamic Route Injection Auth Bypass (CVE-2026-44574)
CVE-2026-44574·
Next.js App Router with dynamic route segments and middleware-based access control
unpatched
Medium
Next.js CSP Nonce Cache-Poisoned XSS (CVE-2026-44581)
CVE-2026-44581·
Next.js App Router applications using CSP nonces
patched
High
Next.js Cache Components Connection Exhaustion DoS (CVE-2026-44579)
CVE-2026-44579·
Next.js applications using Cache Components / Partial Prerendering (PPR)
patched
Medium
Next.js beforeInteractive Script XSS (CVE-2026-44580)
CVE-2026-44580·
Next.js applications using next/script with strategy="beforeInteractive"
patched
High
Next.js App Router Segment-Prefetch Middleware Bypass (CVE-2026-44575)
CVE-2026-44575·
Next.js App Router applications that rely on middleware.ts matchers to protect routes
patched
Critical
Jenkins CLI Arbitrary File Read to RCE (CVE-2024-23897)
CVE-2024-23897·
Jenkins controller (CLI endpoint)
unpatched
Critical
Ivanti Connect Secure Pre-Auth RCE (Stack Overflow)
CVE-2025-0282·
Ivanti Connect Secure, Ivanti Policy Secure, Ivanti ZTA Gateways
unpatched
Critical
IngressNightmare - Kubernetes Ingress-NGINX Unauthenticated RCE
CVE-2025-1974 (primary); also CVE-2025-1097, CVE-2025-1098, CVE-2025-24514·
Kubernetes Ingress-NGINX Controller (ingress-nginx)
unpatched
Critical
Fortinet FortiManager FortiJump Unauthenticated RCE (CVE-2024-47575)
CVE-2024-47575·
Fortinet FortiManager / FortiManager Cloud (fgfmd daemon)
unpatched
Critical
Fortinet FortiCloud SSO Authentication Bypass
CVE-2025-59718, CVE-2025-59719 (Advisory: FG-IR-25-647)·
Fortinet FortiOS, FortiProxy, FortiSwitchManager (FortiCloud SSO feature)
unpatched
Critical
Erlang/OTP SSH Pre-Auth RCE - CVE-2025-32433
CVE-2025-32433·
Erlang/OTP SSH server daemon
patched
Critical
Confluence SSTI RCE - CVE-2023-22527
CVE-2023-22527·
Atlassian Confluence Data Center and Confluence Server
patched
Critical
Apache httpd mod_http2 Double-Free Pre-Auth RCE - CVE-2026-23918
CVE-2026-23918·
Apache HTTP Server (httpd) with mod_http2
patched
Critical
Windows OLE Zero-Click RCE via Outlook RTF (CVE-2025-21298)
CVE-2025-21298·
Microsoft Windows OLE (ole32.dll) as reached by Outlook/Word RTF parsing
patched
Critical
VMware vCenter Server DCE/RPC Heap Overflow RCE (CVE-2024-37079)
CVE-2024-37079·
VMware vCenter Server
patched
Critical
Palo Alto PAN-OS Management Interface Authentication Bypass (CVE-2025-0108)
CVE-2025-0108·
Palo Alto Networks PAN-OS management web interface
patched
High
OpenSSH regreSSHion Signal-Handler Race Unauthenticated RCE (CVE-2024-6387)
CVE-2024-6387·
OpenSSH server daemon (sshd) on glibc-based Linux
patched
Critical
Fortinet FortiOS SSL VPN Unauthenticated RCE (CVE-2024-21762)
CVE-2024-21762·
Fortinet FortiOS SSL VPN (sslvpnd)
patched
Critical
Fortinet FortiOS / FortiProxy Authentication Bypass (CVE-2024-55591)
CVE-2024-55591·
Fortinet FortiOS/FortiProxy management interfaces
unpatched
Critical
cPanel & WHM Authentication Bypass via Session-File CRLF Injection (CVE-2026-41940)
CVE-2026-41940·
cPanel & WHM
patched
Critical
Citrix NetScaler CitrixBleed 2 Session Token Disclosure (CVE-2025-5777)
CVE-2025-5777·
Citrix NetScaler ADC / NetScaler Gateway login interface
patched
High
Chrome CSSFontFeatureValuesMap Use-After-Free (CVE-2026-2441)
CVE-2026-2441·
Google Chrome / Chromium-based browsers (Blink CSS engine)
unpatched
Critical
Next.js Corrupt Middleware Auth Bypass (CVE-2025-29927)
CVE-2025-29927·
Next.js (Vercel)
patched
Critical
LDAP Nightmare — Windows LDAP Client RCE/DoS (CVE-2024-49113)
CVE-2024-49113·
Microsoft Windows LDAP client / Netlogon interaction path
patched
Critical
HTTP Protocol Stack Remote Code Execution Vulnerability (CVE-2021-31166)
CVE-2021-31166·
Microsoft Windows HTTP Protocol Stack (http.sys)
patched
High
BlueDucky — Unauthenticated Peering Leading to Code Execution (CVE-2023-45866)
CVE-2023-45866·
Bluetooth HID host implementations vulnerable to CVE-2023-45866
patched
Critical
NGINX Rift — Heap Buffer Overflow RCE (CVE-2026-42945)
CVE-2026-42945·
NGINX Open Source / NGINX Plus
unpatched
Critical
Dirty Frag: Linux XFRM/RxRPC Page Cache Write Chain LPE
CVE-2026-43500, CVE-2026-43284·
Linux kernel
patched