7 articles tagged with "Cvss 10"
CVE-2026-22557 lets unauthenticated attackers traverse paths and hijack UniFi Network accounts. CVSS 10.0 severity demands immediate patching to 10.1.89.
Attackers exploiting CVE-2025-32975 authentication bypass in Quest KACE to hijack admin accounts and deploy credential harvesters. Patched in May 2025—many remain exposed.
CVE-2026-28289 allows unauthenticated attackers to achieve full server compromise by sending a single crafted email. CVSS 10.0—patch to 1.8.207 now.
CVE-2026-23550 in Modular DS plugin scores CVSS 10.0. Active exploitation began January 13, with 40,000+ sites at risk.
CVE-2026-21858 scores CVSS 10.0 and requires no credentials to exploit. Attackers can read files, forge admin sessions, and execute commands.
CVE-2025-54322 enables unauthenticated root RCE on SD-WAN appliances and edge routers. Vendor has ignored seven months of disclosure attempts. No patch available.
Singapore's CSA warns of a critical SmarterMail vulnerability allowing remote code execution through file upload without authentication. Patch immediately.