Vulnerabilities4 min read
WordPress Plugin Flaw Gives Attackers Admin Access Without Login
CVE-2026-23550 in Modular DS plugin scores CVSS 10.0. Active exploitation began January 13, with 40,000+ sites at risk.
Marcus ChenJan 28, 2026
Cvss 10
4 articles tagged with "Cvss 10"
Vulnerabilities4 min read
n8n 'Ni8mare' Flaw Allows Unauthenticated Server Takeover
CVE-2026-21858 scores CVSS 10.0 and requires no credentials to exploit. Attackers can read files, forge admin sessions, and execute commands.
Marcus ChenJan 8, 2026
Vulnerabilities4 min read
CVSS 10.0 Zero-Day Hits 70,000 XSpeeder Devices
CVE-2025-54322 enables unauthenticated root RCE on SD-WAN appliances and edge routers. Vendor has ignored seven months of disclosure attempts. No patch available.
Marcus ChenJan 1, 2026
Vulnerabilities4 min read
SmarterMail CVE-2025-52691 Scores Perfect 10.0 CVSS for Unauthenticated RCE
Singapore's CSA warns of a critical SmarterMail vulnerability allowing remote code execution through file upload without authentication. Patch immediately.
Marcus ChenDec 31, 2025