Home/Tag/Critical Vulnerability

Critical Vulnerability

15 articles tagged with "Critical Vulnerability"

Vulnerabilities3 min read

Splunk Enterprise Hit With Critical Unauthenticated RCE Flaw

CVE-2026-20253 scores CVSS 9.8 and allows network attackers to execute arbitrary code on Splunk Enterprise servers without authentication. No workaround exists—patching is mandatory.

Vulnerability DeskJun 14, 2026

Vulnerabilities4 min read

Ivanti Sentry CVE-2026-10520: CISA's First 3-Day Patch Mandate

CISA orders federal agencies to patch CVSS 10.0 Ivanti Sentry flaw within 3 days—the first application of BOD 26-04. Exploitation is automated and widespread.

Vulnerability DeskJun 13, 2026

Vulnerabilities3 min read

Oracle ORDS CVE-2026-46840 Scores Perfect 10 — Full Takeover

Oracle REST Data Services vulnerability CVE-2026-46840 earns maximum CVSS 10.0 score. Unauthenticated attackers can achieve complete system compromise via HTTPS.

Vulnerability DeskJun 1, 2026

Vulnerabilities4 min read

Critical Formie Plugin Flaw Lets Attackers Hijack Craft CMS Sites

CVE-2026-45697 (CVSS 9.8) in the Formie Craft CMS plugin allows unauthenticated attackers to execute arbitrary code via Twig template injection in Hidden fields. Patch to 2.2.20 or 3.1.24 immediately.

Vulnerability DeskMay 30, 2026

Vulnerabilities3 min read

Drupal Warns of Highly Critical Flaw — Patches Due Today

Drupal releases patches for a highly critical vulnerability (severity 20/25) affecting all supported versions. Exploits may emerge within hours—administrators should update between 5-9pm UTC today.

Vulnerability DeskMay 20, 2026

Vulnerabilities4 min read

SEPPMail Gateway Flaws Enable Complete Mail System Takeover

Seven vulnerabilities including CVE-2026-2743 (CVSS 10.0) allow unauthenticated attackers to compromise SEPPMail secure email gateways, read all traffic, and establish persistent access. Patch to 15.0.4 immediately.

Vulnerability DeskMay 20, 2026

Vulnerabilities3 min read

MOVEit Automation Auth Bypass Hits CVSS 9.8 — Patch Now

Progress patches CVE-2026-4670, a critical authentication bypass in MOVEit Automation that could give attackers admin control. No workarounds available.

Vulnerability DeskMay 5, 2026

Vulnerabilities5 min read

GeoVision IP Device Utility Leaks Credentials Over Broadcast

CVE-2026-42363 exposes admin credentials in GeoVision GV-IP Device Utility 9.0.5 via UDP broadcast packets. CVSS 9.3 critical flaw lets LAN attackers decrypt device passwords.

Vulnerability DeskApr 27, 2026

Vulnerabilities3 min read

NewSoftOA Command Injection Lets Local Attackers Own Servers

CVE-2026-5965 in NewSoftOA enables unauthenticated OS command injection with CVSS 9.8. Local attackers can execute arbitrary commands and fully compromise systems.

Vulnerability DeskApr 21, 2026

Vulnerabilities3 min read

Juniper PTX Routers Vulnerable to Unauthenticated Root RCE

Critical CVE-2026-21902 in Junos OS Evolved allows remote attackers to gain root access on PTX routers via exposed anomaly detection service. Patch now.

Vulnerability DeskMar 1, 2026

Vulnerabilities4 min read

WeGIA Charity Management Platform Exposes Three Critical Flaws

CVE-2026-28408 and related vulnerabilities allow unauthenticated attackers to bypass security, inject data, and execute code on WeGIA servers. Patch to version 3.6.5 immediately.

Vulnerability DeskFeb 28, 2026

Vulnerabilities4 min read

Centreon Open Tickets Hit by Critical CVSS 9.9 Path Traversal Flaw

CVE-2026-2749 enables unauthenticated attackers to write or delete arbitrary files on Centreon Central Servers. Patches now available for all supported versions.

Vulnerability DeskFeb 28, 2026

Vulnerabilities3 min read

Fortinet Patches Critical SQLi-to-RCE Flaw in FortiClientEMS

CVE-2026-21643 allows unauthenticated attackers to chain SQL injection with command execution in FortiClient EMS. CVSS 9.8 affects version 7.4.4—upgrade to 7.4.5 immediately.

Vulnerability DeskFeb 12, 2026

Vulnerabilities3 min read

FortiSIEM RCE Flaw Lets Attackers Gain Root Without Auth

CVE-2025-64155 in Fortinet's SIEM product enables unauthenticated command injection via phMonitor service. CVSS 9.4, patches now available.

Vulnerability DeskJan 14, 2026

Vulnerabilities4 min read

SmarterMail CVE-2025-52691 Scores Perfect 10.0 CVSS for Unauthenticated RCE

Singapore's CSA warns of a critical SmarterMail vulnerability allowing remote code execution through file upload without authentication. Patch immediately.

Vulnerability DeskDec 31, 2025