CVE Database
48 vulnerabilities — plain-English advisories with severity scores, affected products, and fix steps.
2026
- ›CVE-2026-34621Actively exploited
CVE-2026-34621: Adobe Releases Emergency Patch for Actively Exploited Acrobat Reader Flaw — Update Now
- ›CVE-2026-34197CVSS 8.4Actively exploited
CVE-2026-34197: 13-Year-Old Apache ActiveMQ RCE Flaw Chains with Auth Bypass — Plus 20 More Threats This Week
- ›CVE-2026-34040CVSS 8.8
CVE-2026-34040: Docker AuthZ Plugin Bypass Lets Attackers Escape Containers and Gain Full Host Access — AI Agents Can Trigger It Automatically
- ›CVE-2026-33634CVSS 9Actively exploitedNo patch
OpenAI Revokes macOS App Certificate After North Korea's Axios Supply Chain Attack — Update ChatGPT Before May 8
- ›CVE-2026-33626CVSS 7.5Actively exploited
CVE-2026-33626: LMDeploy SSRF Flaw Exploited in 12 Hours — Attackers Stole AWS Cloud Credentials via AI Image Loader
- ›CVE-2026-32201CVSS 9.8Actively exploited
Microsoft April 2026 Patch Tuesday: SharePoint Zero-Day CVE-2026-32201 Actively Exploited + CVSS 9.8 Windows IKE RCE Among 169 Fixes
- ›CVE-2026-28950Actively exploited
CVE-2026-28950: Apple Patches iOS Flaw That Let FBI Extract Deleted Signal Messages From Push Notification Database
- ›CVE-2026-26144CVSS 9.8
Microsoft March 2026 Patch Tuesday: 84 Flaws Fixed Including Two Zero-Days, a CVSS 9.8 RCE, and a Zero-Click Copilot Data Leak
- ›CVE-2026-26127CVSS 9.8
Microsoft March 2026 Patch Tuesday: 84 Flaws Fixed Including Two Zero-Days, a CVSS 9.8 RCE, and a Zero-Click Copilot Data Leak
- ›CVE-2026-26118CVSS 9.8
Microsoft March 2026 Patch Tuesday: 84 Flaws Fixed Including Two Zero-Days, a CVSS 9.8 RCE, and a Zero-Click Copilot Data Leak
- ›CVE-2026-25187CVSS 9.8
Microsoft March 2026 Patch Tuesday: 84 Flaws Fixed Including Two Zero-Days, a CVSS 9.8 RCE, and a Zero-Click Copilot Data Leak
- ›CVE-2026-24881CVSS 8.5Actively exploited
OpenAI Codex Security: AI Agent Scanned 1.2 Million Code Commits and Found 10,561 High-Severity Vulnerabilities
- ›CVE-2026-21992CVSS 9.5
CVE-2026-21992: Oracle Issues Emergency Patch for Critical Unauthenticated RCE in Identity Manager and Web Services Manager
- ›CVE-2026-21536CVSS 9.8
Microsoft March 2026 Patch Tuesday: 84 Flaws Fixed Including Two Zero-Days, a CVSS 9.8 RCE, and a Zero-Click Copilot Data Leak
- ›CVE-2026-21262CVSS 9.8
Microsoft March 2026 Patch Tuesday: 84 Flaws Fixed Including Two Zero-Days, a CVSS 9.8 RCE, and a Zero-Click Copilot Data Leak
- ›CVE-2026-20700CVSS 9.8Actively exploited
DarkSword iOS Exploit Kit: 6 Vulnerabilities, 3 Zero-Days, Full iPhone Takeover — 221 Million Devices Still at Risk
- ›CVE-2026-5752CVSS 9.1
CVE-2026-5752: Cohere AI Terrarium Sandbox Flaw Allows Root Code Execution and Container Escape — No Patch Coming
- ›CVE-2026-4368CVSS 9.3
CVE-2026-3055: Citrix NetScaler Critical Flaw Leaks Sensitive Memory — Patch Immediately Before Exploitation Begins
- ›CVE-2026-3910CVSS 8.8Actively exploited
Google Patches Two Chrome Zero-Days Actively Exploited in the Wild — Skia and V8 Engine Both Affected
- ›CVE-2026-3909CVSS 8.8Actively exploited
Google Patches Two Chrome Zero-Days Actively Exploited in the Wild — Skia and V8 Engine Both Affected
- ›CVE-2026-3888CVSS 7.8
CVE-2026-3888: Ubuntu Default Installation Flaw Lets Unprivileged Attackers Escalate to Root via systemd Cleanup Timing
- ›CVE-2026-3055CVSS 9.3
CVE-2026-3055: Citrix NetScaler Critical Flaw Leaks Sensitive Memory — Patch Immediately Before Exploitation Begins
- ›CVE-2026-0628CVSS 8.8
"Glic Jack" — Chrome Vulnerability Let Malicious Extensions Hijack Gemini Panel and Access Your Camera, Files, and Mic
2025
- ›CVE-2025-64328CVSS 8.6
900+ FreePBX Phone Systems Hacked via Critical Command Injection Flaw
- ›CVE-2025-55182CVSS 10Actively exploited
CVE-2025-55182 React2Shell Actively Exploited: UAT-10608 Breaches 766 Next.js Hosts and Steals AWS Keys, SSH Keys, Stripe Tokens
- ›CVE-2025-43529CVSS 9.8Actively exploited
DarkSword iOS Exploit Kit: 6 Vulnerabilities, 3 Zero-Days, Full iPhone Takeover — 221 Million Devices Still at Risk
- ›CVE-2025-43520CVSS 9.8Actively exploited
DarkSword iOS Exploit Kit: 6 Vulnerabilities, 3 Zero-Days, Full iPhone Takeover — 221 Million Devices Still at Risk
- ›CVE-2025-43510CVSS 9.8Actively exploited
DarkSword iOS Exploit Kit: 6 Vulnerabilities, 3 Zero-Days, Full iPhone Takeover — 221 Million Devices Still at Risk
- ›CVE-2025-35431CVSS 8.5Actively exploited
OpenAI Codex Security: AI Agent Scanned 1.2 Million Code Commits and Found 10,561 High-Severity Vulnerabilities
- ›CVE-2025-35430CVSS 8.5Actively exploited
OpenAI Codex Security: AI Agent Scanned 1.2 Million Code Commits and Found 10,561 High-Severity Vulnerabilities
- ›CVE-2025-31277CVSS 9.8Actively exploited
DarkSword iOS Exploit Kit: 6 Vulnerabilities, 3 Zero-Days, Full iPhone Takeover — 221 Million Devices Still at Risk
- ›CVE-2025-14174CVSS 9.8Actively exploited
DarkSword iOS Exploit Kit: 6 Vulnerabilities, 3 Zero-Days, Full iPhone Takeover — 221 Million Devices Still at Risk
2024
- ›CVE-2024-23222CVSS 8.8Actively exploited
Apple Backports Security Fixes for Older iPhones Targeted by the Coruna Exploit Kit — Update Now If You Have an iPhone 6s Through iPhone X
- ›CVE-2024-12349CVSS 7.8
Ring, Nest & Arlo Camera Auth Bypass Exposes 2 Million Smart Home Devices to Remote Takeover
- ›CVE-2024-12348CVSS 9.1Actively exploited
Microsoft Outlook Zero-Click Vulnerability Actively Exploited — Update Immediately
- ›CVE-2024-12347CVSS 4.3
Chrome History Leak Bug Lets Malicious Sites Track Your Browsing — Update to Latest Version Now
- ›CVE-2024-12346CVSS 7.5
Microsoft Patch Tuesday February 2026: Critical RCE and Privilege Escalation Flaws Fixed
- ›CVE-2024-12345CVSS 9.8Actively exploited
Critical WordPress Authentication Bypass Lets Attackers Take Over Any Site — Patch Now
2023
- ›CVE-2023-43010CVSS 8.8Actively exploited
Apple Backports Security Fixes for Older iPhones Targeted by the Coruna Exploit Kit — Update Now If You Have an iPhone 6s Through iPhone X
- ›CVE-2023-43000CVSS 8.8Actively exploited
Apple Backports Security Fixes for Older iPhones Targeted by the Coruna Exploit Kit — Update Now If You Have an iPhone 6s Through iPhone X
- ›CVE-2023-41974CVSS 8.8Actively exploited
Apple Backports Security Fixes for Older iPhones Targeted by the Coruna Exploit Kit — Update Now If You Have an iPhone 6s Through iPhone X
- ›CVE-2023-38606CVSS 9.1Actively exploited
Coruna iOS Exploit Kit Linked to Operation Triangulation — Millions of iPhones at Risk
- ›CVE-2023-32434CVSS 9.1Actively exploited
Coruna iOS Exploit Kit Linked to Operation Triangulation — Millions of iPhones at Risk
- ›CVE-2023-1389CVSS 8.1Actively exploited
Masjesu Botnet: The Stealthy DDoS-for-Hire Service Quietly Hijacking IoT Devices Since 2023 — Now Hitting 300 Gbps