Exploit Public-Facing App

CVE-2026-20131 is a critical remote code execution vulnerability in Cisco Secure Firewall Management Center (FMC) Software, classified as insecure deserializati…

CVE-2026-20182 is a critical authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller and Manager, allowing unauthenticated remote attackers to o…

CVE-2026-20127 is a critical authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller and Manager that allows unauthenticated remote attackers to…

CVE-2026-10520 is a critical OS Command Injection vulnerability (CWE-78) in Ivanti Sentry versions prior to R10.5.2, R10.6.2, and R10.7.1. It allows a remote un…

CVE-2026-21643 is a critical SQL injection vulnerability (CWE-89) in Fortinet FortiClientEMS 7.4.4, allowing unauthenticated attackers to execute unauthorized c…

CVE-2026-1281 is a critical code injection vulnerability in Ivanti Endpoint Manager Mobile that allows unauthenticated remote code execution. The vulnerability …

CVE-2026-24858 is a critical authentication bypass vulnerability affecting multiple versions of Fortinet FortiAnalyzer, FortiManager, FortiOS, FortiProxy, and F…

CVE-2026-41940 is a critical authentication bypass vulnerability (CWE-306) affecting cPanel and WHM versions after 11.40, allowing unauthenticated remote attack…

CVE-2026-0300 is a critical buffer overflow vulnerability (CWE-787) in the User-ID Authentication Portal of Palo Alto Networks PAN-OS, allowing unauthenticated …

CVE-2026-42208 is a critical SQL injection vulnerability (CWE-89) in LiteLLM versions 1.81.16 through 1.83.6, where unauthenticated attackers can inject malicio…

CVE-2026-8398 is a critical supply chain vulnerability (CWE-506) affecting DAEMON Tools Lite versions 12.5.0.2421 through 12.5.0.2434, where attackers trojanize…

CVE-2026-45247 is a critical remote code execution vulnerability in Mirasvit Full Page Cache Warmer for Magento 2 versions prior to 1.11.12. The flaw stems from…

CVE-2026-1340 is a critical code injection vulnerability (CWE-94) in Ivanti Endpoint Manager Mobile that allows unauthenticated remote code execution. The vulne…

CVE-2026-35616 is a critical improper access control vulnerability (CWE-284) in Fortinet FortiClientEMS versions 7.4.5 through 7.4.6, allowing unauthenticated a…

CVE-2026-45321 is a critical supply-chain vulnerability affecting 42 TanStack packages, including TanStack/router, where 84 malicious versions were published to…

CVE-2026-50751 is a critical authentication bypass vulnerability in Check Point Security Gateway affecting the deprecated IKEv1 key exchange. It allows unauthen…

CVE-2026-5281 is a high-severity memory corruption vulnerability (CWE-416) in Google's Dawn component, affecting versions prior to 146.0.7680.178. It involves a…

CVE-2026-25108 is a command injection vulnerability in Soliton Systems K.K.'s FileZen product, specifically affecting the Antivirus Check Option when enabled. I…

CVE-2026-2441 is a high-severity memory corruption vulnerability (CWE-416) in Google Chrome prior to version 145.0.7632.75, specifically involving a use-after-f…

CVE-2026-34197 is a high-severity code injection vulnerability in Apache ActiveMQ (versions before 5.19.4 and 6.0.0-6.2.3) caused by improper input validation i…

CVE-2026-42271 is a command injection vulnerability in LiteLLM versions 1.74.2 through 1.83.6 affecting the MCP server preview endpoints. The flaw allows any au…

CVE-2026-11645 is a high-severity memory corruption vulnerability (CWE-125, CWE-787) in Google Chrome prior to version 149.0.7827.103, affecting the V8 engine. …

Adobe Acrobat Reader versions 24.001.30356, 26.001.21367, and earlier are affected by a Prototype Pollution vulnerability (CWE-1321) that allows for arbitrary c…

CVE-2026-1603 is a high-severity authentication bypass vulnerability in Ivanti Endpoint Manager versions prior to 2024 SU5, allowing remote unauthenticated atta…

CVE-2026-22719 is a high-severity command injection vulnerability (CWE-77) in VMware Aria Operations that allows unauthenticated remote code execution during su…

CVE-2026-3502 is a supply-chain vulnerability in TrueConf Client where the application downloads and applies updates without verification, allowing an attacker …

CVE-2026-20245 is a command injection vulnerability in the CLI of Cisco Catalyst SD-WAN Manager (formerly SD-WAN vManage) caused by insufficient validation of u…

CVE-2026-20128 is a high-severity vulnerability in Cisco Catalyst SD-WAN Manager affecting versions prior to 20.18, allowing unauthenticated remote attackers to…

CVE-2026-6973 is a high-severity (CVSS 7.2) remote code execution vulnerability in Ivanti EPMM versions prior to 12.6.1.1, 12.7.0.1, and 12.8.0.1, caused by imp…

CVE-2026-20122 is a medium severity vulnerability (CVSS 5.4) in Cisco Catalyst SD-WAN Manager affecting the API interface. It allows authenticated remote attack…

CVE-2026-32202 is a vulnerability in Microsoft Windows that is currently listed on CISA's Known Exploited Vulnerabilities catalog as actively exploited in the w…

CVE-2025-29635 is a command injection vulnerability (CWE-77) affecting D-Link DIR-823X firmware versions 240126 and 240802, allowing authorized attackers to exe…

CVE-2025-32975 is a critical authentication bypass vulnerability (CVSS 10.0) in Quest KACE Systems Management Appliance versions 13.0.x through 14.1.x, allowing…

CVE-2024-27199 is a path traversal vulnerability in JetBrains TeamCity versions prior to 2023.11.4 that allows attackers to perform limited administrative actio…

CVE-2009-0238 is a remote code execution vulnerability affecting Microsoft Office Excel versions 2000 through 2007 and Excel Viewer, caused by an invalid object…

CVE-2012-1854 is an untrusted search path vulnerability affecting Microsoft Office 2003 SP3, 2007 SP2/SP3, 2010 Gold/SP1, and the Summit Microsoft Visual Basic …

CVE-2020-9715 is a use-after-free vulnerability (CWE-416) affecting Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171…

CVE-2026-33634 involves a supply chain attack against Aquasecurity's Trivy ecosystem, where compromised credentials were used to publish malicious versions of t…

Langflow versions prior to 1.9.0 contain a critical remote code execution vulnerability in the POST /api/v1/build_public_tmp/{flow_id}/flow endpoint. The flaw a…

Craft CMS versions 3.0.0-RC1 through 3.9.14, 4.0.0-RC1 through 4.14.14, and 5.0.0-RC1 through 5.6.16 are vulnerable to remote code execution due to improper con…

CVE-2025-31277 is a memory corruption vulnerability affecting Apple products including Safari 18.6, iOS 18.6, iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, vision…

CVE-2025-47813 is a medium severity vulnerability (CVSS 4.3) in Wing FTP Server versions prior to 7.4.4 that allows an attacker to disclose the full local insta…

CVE-2026-3910 is a high-severity vulnerability in Google Chrome prior to version 146.0.7680.75, specifically affecting the V8 engine. It allows a remote attacke…

CVE-2026-3909 is a high-severity memory corruption vulnerability (CWE-787) in Skia, the graphics engine used by Google Chrome prior to version 146.0.7680.75. It…

CVE-2025-68613 is a critical Remote Code Execution vulnerability in n8n versions 0.211.0 through 1.120.3, 1.121.0, and 1.121.9, caused by insufficient isolation…

SolarWinds Web Help Desk contains a critical unauthenticated AjaxProxy deserialization vulnerability (CVE-2025-26399) that allows remote code execution on the h…

CVE-2017-7921 is a critical improper authentication vulnerability (CWE-287) affecting multiple Hikvision DS-2CD and DS-2DF series devices running firmware versi…

CVE-2021-22681 is a critical authentication bypass vulnerability in Rockwell Automation Studio 5000 Logix Designer (v21+) and RSLogix 5000 (v16-20) affecting va…

CVE-2023-43000 is a memory corruption vulnerability (use-after-free) affecting Apple products including macOS Ventura 13.5, iOS 16.6, iPadOS 16.6, Safari 16.6, …

CVE-2021-30952 is an integer overflow vulnerability (CWE-190) affecting Apple products including tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2, iPadOS 1…