CRITICAL

CVE Exploit Alert: CVE-2026-21643 | CRITICAL | CVSS 9.8 | Fortinet FortiClient EMS

by

🔴 CRITICAL Severity Overview CVSS Base Score: 9.8 Severity: CRITICAL CVSS Version: 3.1 Priority: Critical priority Summary An improper neutralization of special elements used in an sql command (‘sql injection’) vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests. Analyst Takeaway This vulnerability … Read more

CVE Exploit Alert: CVE-2026-1340 | CRITICAL | CVSS 9.8 | Ivanti Endpoint Manager Mobile (EPMM)

by

🔴 CRITICAL Severity Overview CVSS Base Score: 9.8 Severity: CRITICAL CVSS Version: 3.1 Priority: Critical priority Summary A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution. Analyst Takeaway This vulnerability is already in CISA KEV, which means exploitation has been observed in the wild and the issue should … Read more

CVE Exploit Alert: CVE-2026-35616 | CRITICAL | CVSS 9.8 | Fortinet FortiClient EMS

by

🔴 CRITICAL Severity Overview CVSS Base Score: 9.8 Severity: CRITICAL CVSS Version: 3.1 Priority: Critical priority Summary A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests. Analyst Takeaway This vulnerability is already in CISA KEV, which means exploitation has … Read more

CVE Exploit Alert: CVE-2026-3055 | CRITICAL | CVSS 9.3 | Citrix NetScaler

by

🔴 CRITICAL Severity Overview CVSS Base Score: 9.3 Severity: CRITICAL CVSS Version: 4.0 Priority: Critical priority Summary Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP leading to memory overread Analyst Takeaway This vulnerability is already in CISA KEV, which means exploitation has been observed in the wild and the issue should be … Read more

CVE Exploit Alert: CVE-2025-53521 | CRITICAL | CVSS 9.3 | F5 BIG-IP

by

🔴 CRITICAL Severity Overview CVSS Base Score: 9.3 Severity: CRITICAL CVSS Version: 4.0 Priority: Critical priority Summary When a BIG-IP APM access policy is configured on a virtual server, specific malicious traffic can lead to Remote Code Execution (RCE).   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Analyst Takeaway … Read more

CVE Exploit Alert: CVE-2026-33017 | CRITICAL | CVSS 9.3 | Langflow Langflow

by

🔴 CRITICAL Severity Overview CVSS Base Score: 9.3 Severity: CRITICAL CVSS Version: 4.0 Priority: Critical priority Summary Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the POST /api/v1/build_public_tmp/{flow_id}/flow endpoint allows building public flows without requiring authentication. When the optional data parameter is supplied, the endpoint uses … Read more

CVE Exploit Alert: CVE-2026-33634 | CRITICAL | CVSS 9.4 | Aquasecurity Trivy

by

🔴 CRITICAL Severity Overview CVSS Base Score: 9.4 Severity: CRITICAL CVSS Version: 4.0 Priority: Critical priority Summary Trivy is a security scanner. On March 19, 2026, a threat actor used compromised credentials to publish a malicious Trivy v0.69.4 release, force-push 76 of 77 version tags in `aquasecurity/trivy-action` to credential-stealing malware, and replace all 7 tags … Read more