{"page":2,"per_page":25,"total_vulns":1623,"total_pages":65,"vulnerabilities":[{"_id":"69f4fa89958466de80fe0597","cveID":"CVE-2026-31431","dateAdded":"2026-05-01","dueDate":"2026-05-15","notes":"https://lore.kernel.org/linux-cve-announce/2026042214-CVE-2026-31431-3d65@gregkh/; https://xint.io/blog/copy-fail-linux-distributions#the-fix-6 ; https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/about/ ; https://nvd.nist.gov/vuln/detail/CVE-2026-31431","product":"Kernel","requiredAction":"\"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","shortDescription":"Linux Kernel contains an incorrect resource transfer between spheres vulnerability that could allow for privilege escalation.","vendorProject":"Linux","vulnerabilityName":"Linux Kernel Incorrect Resource Transfer Between Spheres Vulnerability","nvdData":[{"attackVector":"LOCAL","attackComplexity":"LOW","baseSeverity":"HIGH","exploitabilityScore":1.8,"baseScore":7.8,"nvdReferences":[{"url":"https://git.kernel.org/stable/c/19d43105a97be0810edbda875f2cd03f30dc130c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3115af9644c342b356f3f07a4dd1c8905cd9a6fc","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/893d22e0135fa394db81df88697fba6032747667","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8b88d99341f139e23bdeb1027a2a3ae10d341d82","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/961cfa271a918ad4ae452420e7c303149002875b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ce42ee423e58dffa5ec03524054c9d8bfd4f6237","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/fafe0fa2995a0f7073c1c358d7d3145bcc9aedd8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"http://www.openwall.com/lists/oss-security/2026/04/29/23","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Patch"]},{"url":"http://www.openwall.com/lists/oss-security/2026/04/29/25","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch"]},{"url":"http://www.openwall.com/lists/oss-security/2026/04/29/26","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Patch"]},{"url":"http://www.openwall.com/lists/oss-security/2026/04/30/10","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch"]},{"url":"http://www.openwall.com/lists/oss-security/2026/04/30/11","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch"]},{"url":"http://www.openwall.com/lists/oss-security/2026/04/30/12","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch"]},{"url":"http://www.openwall.com/lists/oss-security/2026/04/30/14","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch"]},{"url":"http://www.openwall.com/lists/oss-security/2026/04/30/15","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch"]},{"url":"http://www.openwall.com/lists/oss-security/2026/04/30/16","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch"]},{"url":"http://www.openwall.com/lists/oss-security/2026/04/30/17","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2026/04/30/18","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2026/04/30/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2026/04/30/20","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2026/04/30/5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Patch"]},{"url":"http://www.openwall.com/lists/oss-security/2026/04/30/6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2026/05/01/10","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.openwall.com/lists/oss-security/2026/05/01/12","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.openwall.com/lists/oss-security/2026/05/01/15","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.openwall.com/lists/oss-security/2026/05/01/16","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.openwall.com/lists/oss-security/2026/05/01/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2026/05/01/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"https://copy.fail","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"]},{"url":"https://websec.net/blog/cve-2026-31431-linux-algifaead-page-cache-write-to-root-69f38a4ccddd2db1f520f170","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://access.redhat.com/security/cve/cve-2026-31431#cve-details-mitigation","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"},{"url":"https://github.com/theori-io/copy-fail-CVE-2026-31431","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit"]},{"url":"https://lore.kernel.org/linux-cve-announce/2026042214-CVE-2026-31431-3d65@gregkh/","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-31431","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"},{"url":"https://xint.io/blog/copy-fail-linux-distributions#the-fix-6","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}],"vulnStatus":"Modified"}],"githubPocs":["https://github.com/Lyutoon/CopyFail-Experiment","https://github.com/1amBa7Man/Linux-copy-fail-CVE-2026-31431","https://github.com/mrunalp/block-copyfail","https://github.com/bootsareme/copyfail-deconstructed","https://github.com/ExploitEoom/CVE-2026-31431","https://github.com/mlazzarotto/copy-fail-CVE-2026-31431-mitigation-ansible-playbook","https://github.com/sebinxavi/cve-checker-2026","https://github.com/povzayd/CVE-2026-31431","https://github.com/SpenserCai/copy_fail","https://github.com/Danford2017/Copy-Fail---CVE-2026-31431","https://github.com/rvizx/CVE-2026-31431","https://github.com/sbeteta42/CVE-2026-31431_je_sappelle_RoOt","https://github.com/beatbeast007/Linux-CopyFail-C-Version-CVE-2026-31431","https://github.com/atgreen/block-copyfail","https://github.com/kvakirsanov/CVE-2026-31431-live-process-code-injection","https://github.com/toxy4ny/copy-fail-exploit-on-c-redteam","https://github.com/AliHzSec/CVE-2026-31431","https://github.com/MarioHY/cve_2026_31431_audit","https://github.com/abhishekhargan/CVE-2026-31431","https://github.com/Fulucky0-yuri/CVE-2026-31431-PocC","https://github.com/Koke-Seas/CVE-2026-31431-CopyFail","https://github.com/ErdemOzgen/copy-fail-cve-2026-31431","https://github.com/OmerAti/almalinux-fix-cve-2026-31431","https://github.com/mahradbt/copyfail-mitigation","https://github.com/HulnotHutu/CVE-2026-31431","https://github.com/cyber-joker/copy-fail-python","https://github.com/deckhouse/d8-copy-fail-mitigation","https://github.com/jodonnel/copyfail-briefing","https://github.com/ashok523/cve-2026-31431","https://github.com/aestechno/cve-2026-31431-ansible","https://github.com/johanburati/CVE-2026-31431","https://github.com/professional-slacker/alg_check","https://github.com/3jee/copy-fail-go","https://github.com/boliu83/cve-2026-31431-algif-aead-remediator","https://github.com/bryanvine/copy-fail-fix","https://github.com/karollooool/Porting-CVE-2026-31431-Copy-Fail-to-a-Constrained-Java-Runner","https://github.com/sngrotesque/CVE-2026-31431","https://github.com/wvverez/CVE-2026-31431-Copy-Fail","https://github.com/poyea/CVE-2026-31431.c","https://github.com/offsecguy/CVE-2026-31431","https://github.com/meowteusz/copyfailautopatch","https://github.com/maniakh/CVE-2026-31431---Copy-Fail-PoC","https://github.com/mym0us3r/COPY-FAIL-Detection-with-Wazuh-4.14.4","https://github.com/liamromanis101/CVE-2026-31431-Copy-Fail---Vulnerability-Detection-Script","https://github.com/DENNISDGR/CVE-2026-31431-poc","https://github.com/Juguitos/copy-fail","https://github.com/mishl-dev/CVE_2026_31431","https://github.com/devstuff/harden-docker-seccomp","https://github.com/selectel/mks-copy-fail-mitigation","https://github.com/Dabbleam/CVE-2026-31431-mitigation","https://github.com/Koke-Seas/CVE-2026-31431-CopyFail","https://github.com/Koke-Seas/COPY-FAIL-CVE","https://github.com/websecnl/CVE-2026-31431","https://github.com/ShorterKing/Copyfail-rust","https://github.com/weirdindiankid/copy-fail","https://github.com/abdullaabdullazade/CVE-2026-31431","https://github.com/SeanRickerd/cve-2026-31431","https://github.com/mhdgning131/CopyFail-Patcher","https://github.com/w3llr00t3d/CVE-2026-31431-PoC","https://github.com/galoryber/CVE-2026-31431-cleaned","https://github.com/cozystack/copy-fail-blocker","https://github.com/scriptzteam/Paranoid-Copy-Fail-CVE-2026-31431","https://github.com/SunL0w/PATCH-CVE-2026-31431-Ubuntu_Debian","https://github.com/rfxn/copyfail","https://github.com/sammwyy/copyfail-rs","https://github.com/grishinpv/CVE-2026-31431-old-python","https://github.com/yxdm02/CVE-2026-31431","https://github.com/diemoeve/copyfail-rs","https://github.com/cs8425/copy-fail-go","https://github.com/wgnet/wg.copyfail.patch","https://github.com/wesmar/CVE-2026-31431","https://github.com/rshosting/CVE-2026-31431-patch","https://github.com/XsanFlip/CVE-2026-31431-Patch","https://github.com/JuanBindez/CVE-2026-31431","https://github.com/eximiait/CVE-2026-31431","https://github.com/Boos4721/copyfail-rs","https://github.com/attaattaatta/CVE-2026-31431","https://github.com/mfloresdacunha/CVE-2026-31431","https://github.com/yandex-cloud-examples/yc-mk8s-copy-fail-mitigation","https://github.com/Webhosting4U/Copy-Fail_Detect_and_mitigate_CVE-2026-31431","https://github.com/TikoTikTok/copy-fail-cve-2026-31431","https://github.com/slauger/CVE-2026-31431","https://github.com/rio128128/copy-fail-CVE-2026-31431","https://github.com/amdisrar/cve-2026-31431-mitigation","https://github.com/H1d3r/copy-fail_LPE_Interactive","https://github.com/0xBlackash/CVE-2026-31431","https://github.com/professional-slacker/alg_check","https://github.com/jiangban046-spec/CVE-2026-31431-exploit_py2_py3","https://github.com/adampielak/CVE-2026-31431_SCA_WAZUH","https://github.com/Phalanx-CCS/Copy-Fail","https://github.com/lonelyor/CVE-2026-31431-exp","https://github.com/jbiniek/copy.fail-mitigation-MLM","https://github.com/kadir/copy-fail-CVE-2026-31431-IOC","https://github.com/dixyes/fuck_cve_2026_31431","https://github.com/Linux-zs/cve-2026-31431-mitigation","https://github.com/eleveni386/CVE-2026-31431-Golang","https://github.com/nisec-eric/cve-2026-31431","https://github.com/mrowkoob/copy-fail-mitigate-no-reboot","https://github.com/freelabz/CVE-2026-31431","https://github.com/Aurillium/RootRemover","https://github.com/Silent4Labs/check-copyfail-cve-2026-31431","https://github.com/Silent4Labs/check-copyfail-cve-2026-31431","https://github.com/KhaosFarbauti/CVE-2026-31431","https://github.com/jshDevs/CVE_kernellinux_jsh","https://github.com/AdityaBhatt3010/CVE-2026-31431","https://github.com/alvaroguzmancode/CVE-2026-31431-mitigacion","https://github.com/net0bsd/Mitigaciones","https://github.com/xeloxa/copyfail-exploit","https://github.com/vasyapokemon/cve-2026-31431","https://github.com/ShahaB108/CVE-2026-31431_Kernel_Checker","https://github.com/Qengineering/RK35xx-CopyFail-Hotfix","https://github.com/g1nt0n1x/copy-fail-CVE-2026-31431-shell","https://github.com/ochebotar/copy-fail-CVE-2026-31431-detection-probe","https://github.com/samanzamani/copy-fail-checker","https://github.com/chavezvic/CopyFail-Penguin","https://github.com/kvendler/BigFix-CopyFail-AlmaLinux-Content","https://github.com/MetaspIoit/CVE-2026-31431","https://github.com/xn0kkx/CVE-2026-31431_CopyFail_LinuxKernel_LPE","https://github.com/codesource/copyfail-check","https://github.com/jdarkcaos-kai/cve-2026-31431-medium-unpriv-t","https://github.com/juliosuas/copyfail-guard","https://github.com/mCub3/CVE-2026-31431","https://github.com/ChernStepanov/CopyFail-for-dummies","https://github.com/jamal-soc21/Weekly-Breach-Investigation--006","https://github.com/ncmprbll/copy-fail-rs","https://github.com/sibersan/cve-2026-31431-checker","https://github.com/nrnw/CVE-2026-31431-Linux-Kernel-Copy-Fail-Detector","https://github.com/vyahello/CVE-2026-31431","https://github.com/ForensicFoundry/cve-2026-31431-check","https://github.com/YuCc777/Copy-Fail-CVE-2026-31431-Linux-exp-tools-C-EXP","https://github.com/aexdyhaxor/CVE-2026-31431-copy-fail","https://github.com/pyroceper/copy-fail-CVE-2026-31431","https://github.com/jbnetwork-git/copy-fail-check","https://github.com/pedromizz/copy-fail","https://github.com/AvPrince26/copy-fail-CVE-2026-31431-Python-Golfing","https://github.com/rippsec/cve-2026-31431","https://github.com/CybroZeus/Copy-Fail-Exploit-CVE-2026-31431","https://github.com/rivaldofwijaya/copy-success","https://github.com/ctzisme/copyfail-guard","https://github.com/Gr-1m/CVE-2026-31431","https://github.com/joltcan/ansible-role-cve-2026-31431","https://github.com/Huchangzhi/autorootlinux","https://github.com/cxwx/cpp-CVE-2026-31431","https://github.com/M4xSec/CVE-2026-31431-RCE-Exploit","https://github.com/suominen/CVE-2026-31431","https://github.com/mahdi13830510/CVE-2026-31431-mitigation-suite","https://github.com/Trex1e/copyfail-CVE-2026-31431","https://github.com/EynaExp/Copy-Fail-CVE-2026-31431-modernized","https://github.com/2H-K/copyfailRecurrence","https://github.com/krish-foren6/CVE-2026-31431-Report-Copy-fail-Vulnerability-","https://github.com/MartinPham/copy-fail-CVE-2026-31431-php","https://github.com/xd20111/CVE-2026-31431","https://github.com/malwarekid/CVE-2026-31431","https://github.com/haydenjames/CVE-2026-31431-check","https://github.com/0xac1dc0de/CVE-2026-31431","https://github.com/qi4L/CVE-2026-31431-Container-Escape","https://github.com/ROSNLR5/modrosnlr5","https://github.com/kdjnb/fix_CVE-2026-31431","https://github.com/Emmmmllll/copy-fail-zig","https://github.com/monobrau/copyfailscan","https://github.com/glask1d/CVE-2026-31431-PoC","https://github.com/RoflSecurity/copy_fail","https://github.com/parmstro/cfDr","https://github.com/Smarttfoxx/copyfail","https://github.com/ledlight33/copyfail-dfir","https://github.com/vorkampfer/copy_fail_mitigation","https://github.com/krisiasty/vcheck","https://github.com/hori0729/CVE-2026-31431-Verificador-Exploit","https://github.com/ROSNLR5/MitigationToolkit-ROSN-LR5-Full","https://github.com/KaraZajac/DIRTYFAIL","https://github.com/infiniroot/ansible-mitigate-copyfail-dirtyfrag","https://github.com/0xlane/pagecache-guard","https://github.com/p401a-ops/Copy-Fail","https://github.com/OpenPixelSystems/c-copy-fail","https://github.com/guiimoraes/copyfail2-py","https://github.com/tang-yikai/copy-fail-mitigation-with-bpftrace","https://github.com/pvpaulo01/cve-2026-31431","https://github.com/kw-soft/copyfail","https://github.com/Vatson112/deny-af-alg-bpf","https://github.com/361way/CVE-2026-31431","https://github.com/cx330zer0/CVE-2026-31431-Copy-Fail-add-arm64","https://github.com/Mr-bv/Copy-fail-CVE-2026-31431-Exploit-in-C","https://github.com/gagaltotal/cve-2026-31431-copy-fail","https://github.com/ikow/CVE-2026-31431-live-code-corruption","https://github.com/pedro-lucas-melo/Estudo-de-Caso-CVE-2026-31431-CopyFail","https://github.com/StarxSky/CVE-2026-31431","https://github.com/hans362/CVE-2026-31431-Copy-Fail-Container-Escape","https://github.com/philfry/cve-2026-31431-ftrace","https://github.com/grabesec/XCP_ng_CVE-2026-31431_tester","https://github.com/iblamenear/CVE-2026-31431-Copy-Fail---Advanced-LPE-Proof-of-Concept---C-Rewrite","https://github.com/Dullpurple-sloop726/CVE-2026-31431-Linux-Copy-Fail","https://github.com/0xN7y/CVE-2026-31431","https://github.com/tangjie1/CVE-2026-31431-Check","https://github.com/luoqianlin/copyfail-c","https://github.com/voxcia-io/copy-fail","https://github.com/reubensammut/CVE-2026-31431-Copy-Fail","https://github.com/OneDemobird/copy-fail-CVE-2026-31431-pythonlower3.10","https://github.com/sgkdev/page_inject","https://github.com/darioomatos/cve-2026-31431-copyfail","https://github.com/RazvanDuda/GhostShell","https://github.com/mrmtwoj/ubuntu-cve-2026-31431-mitigation","https://github.com/devtint/CVE-2026-31431","https://github.com/ozergoker/CVE-2026-31431-copy-fail","https://github.com/Detect-DefenseLab/CVE-2026-31431-detection-defense","https://github.com/itsystem/afalg-check","https://github.com/Rat5ak/CVE-2026-31431-CopyFail-static-ELF--POC","https://github.com/Industri4l-H3ll-Xpl0it3rs/CVE-2026-31431-Copy-Fail","https://github.com/MrMixies/Copy-Fail---CVE-2026-31431","https://github.com/sudoytang/copyfail-arm64","https://github.com/deadRabbit92/mitigate-copy-fail.yml","https://github.com/Liverwortenuresis371/copyfail-rs","https://github.com/DroPZsec/SplicePrivillegeEscalationFIX","https://github.com/paulorlima9/copyfail-fix","https://github.com/studiogangster/CVE-2026-31431","https://github.com/gbonacini/CVE-2026-31431","https://github.com/polyakovavv/copyfail","https://github.com/dgrobinson0/CopyFile_CVE-2026-31431","https://github.com/mauricioportela/CVE-2026-31431-Analysis","https://github.com/Lutfifakee-Project/CVE-2026-31431","https://github.com/Karim33z/CVE-2026-31431","https://github.com/vorkampfer/copyfail2_electric_boogaloo_fix","https://github.com/cleozi/Copy_Grail","https://github.com/adityasingh108/CVE-2026-31431-Metasploit-exploit","https://github.com/zKaaanon/ProyectoFinalSO","https://github.com/whosfault/cve-2026-31431","https://github.com/dotPY-hax/CopyFail","https://github.com/Sebastian294/cve-2026-31431","https://github.com/SilverRuler/copy-fail-CVE-2026-31431","https://github.com/Koshmare-Blossom/Copyfail-sh","https://github.com/sgkdev/ptrace_may_dream","https://github.com/GubiczaP/cve-2026-31431-checker","https://github.com/Yakovyakov/cve-2026-31431-mitigation","https://github.com/royayub/CVE-2026-31431","https://github.com/4xura/CVE-2026-31431-CopyFail","https://github.com/Pithase/asm-copyfail","https://github.com/kuniyal08/Copy-Fail-CVE-2026-31431-Lab","https://github.com/u1tr0nex/CVE-2026-31431-CopyFail-Lab","https://github.com/Iamliuxiaozhen/copy_fail","https://github.com/ridhinva/copyfail-checker","https://github.com/wh1sky02/copy-fail-python","https://github.com/waltrone1/copyfail-safe-check","https://github.com/waltrone1/waltrone1-copyfail-safe-check","https://github.com/4n4s4zi/copyfail-alpine","https://github.com/JimmyPughtron/CVE-2026-31431-Copy-Fail---Minified-LPE-PoC","https://github.com/songzzzz/CVE-2026-31431","https://github.com/zs1n/copy-fail-CVE-2026-31431","https://github.com/1neptune/CopyFail"],"openThreatData":[{"adversaries":["CL-STA-1132"],"malwareFamiles":["Phantompulse","Amos","Macsync","Shub stealer","Reversesocks5","Earthworm"],"affectedIndustries":["Technology","Government","Retail","Defense","Construction","Transportation","Healthcare","Hospitality","Media","Telecommunications","Finance","Energy","Education","Manufacturing","Aerospace"],"communityAdversaries":["PhantomRaven","Trigona, PowerCod RAT, APT34, PhantomRaven, Hacked sites deliver infostealer, CloudZ RAT","RemotePE, ClayRat, Nimbus Manticore, SonicWall SSL VPN exploitation, ModeloRAT","CL-STA-1132","JDownloader, DarkCloud, Chaos Ransomware, APT29, Shadow-Earth-053"],"communityMalwareFamilies":["Phantompulse","Amos","Macsync","Shub stealer","Reversesocks5","Earthworm"],"communityAffectedIndustries":["Technology","Government","Retail","Defense","Construction","Financial","Transportation","Healthcare","Cryptocurrency","Media","Telecommunications","Hospitality","Finance","Energy","Education","Manufacturing","Aerospace"]}],"knownRansomwareCampaignUse":"Unknown"},{"_id":"69f38cea3e8a8ac1f3db203b","cveID":"CVE-2026-41940","dateAdded":"2026-04-30","dueDate":"2026-05-03","notes":"https://support.cpanel.net/hc/en-us/articles/40073787579671-cPanel-WHM-Security-Update-04-28-2026 ; https://docs.cpanel.net/release-notes/release-notes/ ; https://docs.wpsquared.com/changelogs/versions/changelog/#13617 ; https://nvd.nist.gov/vuln/detail/CVE-2026-41940\"","product":"cPanel & WHM and WP2 (WordPress Squared)","requiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","shortDescription":"WebPros cPanel & WHM (WebHost Manager) and WP2 (WordPress Squared) contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.","vendorProject":"WebPros","vulnerabilityName":"WebPros cPanel & WHM and WP2 (WordPress Squared) Missing Authentication for Critical Function Vulnerability","nvdData":[{"attackVector":"NETWORK","attackComplexity":"LOW","baseSeverity":"CRITICAL","exploitabilityScore":3.9,"baseScore":9.8,"nvdReferences":[{"url":"https://docs.cpanel.net/release-notes/release-notes","source":"disclosure@vulncheck.com","tags":["Release Notes"]},{"url":"https://docs.wpsquared.com/changelogs/versions/changelog/#13617","source":"disclosure@vulncheck.com","tags":["Release Notes"]},{"url":"https://support.cpanel.net/hc/en-us/articles/40073787579671-cPanel-WHM-Security-Update-04-28-2026","source":"disclosure@vulncheck.com","tags":["Vendor Advisory"]},{"url":"https://www.namecheap.com/status-updates/ongoing-critical-security-vulnerability-in-cpanel-april-28-2026","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]},{"url":"https://www.vulncheck.com/advisories/cpanel-and-whm-authentication-bypass-via-login-flow","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]},{"url":"https://github.com/watchtowrlabs/watchTowr-vs-cPanel-WHM-AuthBypass-to-RCE.py","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-41940","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"]}],"vulnStatus":"Analyzed"}],"githubPocs":["https://github.com/ilmndwntr/CVE-2026-41940-MASS-EXPLOIT","https://github.com/realawaisakbar/CVE-2026-41940-Exploit-PoC","https://github.com/assetnote/cpanel2shell-scanner","https://github.com/Wesuiliye/CVE-2026-41940","https://github.com/Kagantua/cPanelWHM-AuthBypass","https://github.com/yaunsky/cPanelWHM-AuthBypass","https://github.com/debugactiveprocess/cPanel-WHM-AuthBypass-Session-Checker","https://github.com/Sachinart/CVE-2026-41940-cpanel-0day","https://github.com/nickpaulsec/2026-41940-poc","https://github.com/sercanokur/CVE-2026-41940-cPanel-WHM-Verification-Tool","https://github.com/habibkaratas/sorry-ransomware-analysis","https://github.com/cy3erm/CVE-2026-41940-POC","https://github.com/Underh0st/CPanel-Audit-Remediation-Tool","https://github.com/MrOplus/CVE-2026-41940","https://github.com/Ishanoshada/CVE-2026-41940-Exploit-PoC","https://github.com/ThatNotEasy/CVE-2026-41940","https://github.com/3tternp/CVE-2026-41940---cPanel-WHM-check","https://github.com/dennisec/CVE-2026-41940","https://github.com/MrAriaNet/cPanel-Fix","https://github.com/AmirrezaMarzban/portscan-CVE-2026-41940","https://github.com/vineet7800/cpanel-malware-cleaner-cve-2026","https://github.com/0xF55/cve-2026-41940-exploit","https://github.com/0xBlackash/CVE-2026-41940","https://github.com/Jenderal92/CVE-2026-41940","https://github.com/0dev1337/cpanelscanner","https://github.com/Christian93111/CVE-2026-41940","https://github.com/ynsmroztas/cPanelSniper","https://github.com/NULL200OK/cve-2026-41940-tool","https://github.com/Lutfifakee-Project/CVE-2026-41940","https://github.com/unteikyou/CVE-2026-41940-AuthBypass-Detector","https://github.com/mahfuzreham/cpanel-cve-2026-41940","https://github.com/merdw/cPanel-CVE-2026-41940-Scanner","https://github.com/senyx122/CVE-2026-41940","https://github.com/AndreiG6/cpanel-cve-2026-41940-ioc","https://github.com/rfxn/cpanel-sessionscribe","https://github.com/thekawix/CVE-2026-41940","https://github.com/murrez/CVE-2026-41940","https://github.com/Defacto-ridgepole254/CVE-2026-41940-Exploit-PoC","https://github.com/OhmGun/whmxploit---CVE-2026-41940","https://github.com/bughunt4me/cpanelCVE","https://github.com/bughunt4me/cpanelCVE","https://github.com/Richflexpix/cpanel-pwn","https://github.com/Unfold-Security/CVE-2026-41940-Detection","https://github.com/itsismarcos/CVE-2026-41940","https://github.com/iSee857/cPanel-WHM-CVE-2026-41940-AuthBypass","https://github.com/anach-ai/CVE-2026-41940","https://github.com/ngksiva/cpanel-forensics","https://github.com/44pie/cpsniper","https://github.com/SreejaPuthan/cpanel-control-plane-exposure-check","https://github.com/acuciureanu/cpanel2shell-honeypot","https://github.com/devtint/CVE-2026-41940","https://github.com/tc4dy/CVE-2026-41940-POC-Exploit","https://github.com/sardine-web/Automated-scanner-CVE-2026-41940","https://github.com/xxconi/CVE-2026-41940","https://github.com/willygailo/CVE-2026-41940-Linux","https://github.com/zwanski2019/cPanelSniper"],"openThreatData":[{"adversaries":["Mr_Rot13"],"malwareFamiles":["Filemanager","Cpanel-python"],"affectedIndustries":["Government","Defense"],"communityAdversaries":["The Sorry ransomware group","Seedworm, Amadey Botnet, Sorry, Leveraging Rclone, Campaign Abuses Google Tag Manager","Mr_Rot13","Trigona, PowerCod RAT, APT34, PhantomRaven, Hacked sites deliver infostealer, CloudZ RAT","Threat","@GRAMMERSoft","JDownloader, DarkCloud, Chaos Ransomware, APT29, Shadow-Earth-053"],"communityMalwareFamilies":["Filemanager","Cpanel-python","Sorry","Hulud"],"communityAffectedIndustries":["Telecommunications","Government","Defense"]}],"knownRansomwareCampaignUse":"Unknown"},{"_id":"69f0f7f9e6834804394afb5f","cveID":"CVE-2026-32202","dateAdded":"2026-04-28","dueDate":"2026-05-12","notes":"https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-32202 ; https://nvd.nist.gov/vuln/detail/CVE-2026-32202","product":"Windows","requiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","shortDescription":"Microsoft Windows Shell contains a protection mechanism failure vulnerability that allows an unauthorized attacker to perform spoofing over a network.","vendorProject":"Microsoft","vulnerabilityName":"Microsoft Windows Protection Mechanism Failure Vulnerability","nvdData":[{"attackVector":"NETWORK","attackComplexity":"LOW","baseSeverity":"MEDIUM","exploitabilityScore":2.8,"baseScore":4.3,"nvdReferences":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32202","source":"secure@microsoft.com","tags":["Vendor Advisory"]}],"vulnStatus":"Analyzed"}],"githubPocs":["https://github.com/virus-or-not/CVE-2026-32202"],"openThreatData":[{"adversaries":[],"malwareFamiles":[],"affectedIndustries":[],"communityAdversaries":["Threat","Trigona, SHub Stealer v2.0, Malicious Compiled HTML Help File, Vidar"],"communityMalwareFamilies":["Pcap","Beaconloader","Generic.933739","Avoslocker","Threat analysis","Ryuk","Elf","Frp","Shadowpad","Credomap","Primary threat","Bazarloader","Hades","Shadow chaser","Fancybear","Ransomhub","Grimplant","Darkside","Threat","Win32.agent","Nbtscan","Graphsteel","Raspberry robin","Doorme","Socgholish netsupport","Gold blackburn","Win api","Socgholish","Gootloader","Netsupport","Conti","Trickbot","Cobalt strike","Microbackdoor","Kronos","Matanbuchus","Plugx","Beacon","Stellarparticle","Win32.bitcoinminer","Handleref","Apt29","Bumblebee","Cozybear","Cyclops"],"communityAffectedIndustries":["Industrial","Telecommunications","Financial","Political","Energy","Diplomatic","Technology","Transport","Aviation","Aerospace","Legal","Logistics","Banking","Pharmaceutical","Transportation","Government","Defense","Military","Academics","Media","Gas","Manufacturing","Foreign affairs"]}],"knownRansomwareCampaignUse":"Unknown"},{"_id":"69f0f7f9e6834804394afb5e","cveID":"CVE-2024-1708","dateAdded":"2026-04-28","dueDate":"2026-05-12","notes":"https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8 ; https://nvd.nist.gov/vuln/detail/CVE-2024-1708","product":"ScreenConnect","requiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","shortDescription":"ConnectWise ScreenConnect contains a path traversal vulnerability which could allow an attacker to execute remote code or directly impact confidential data and critical systems.","vendorProject":"ConnectWise","vulnerabilityName":"ConnectWise ScreenConnect Path Traversal Vulnerability","nvdData":[{"attackVector":"NETWORK","attackComplexity":"LOW","baseSeverity":"HIGH","exploitabilityScore":1.7,"baseScore":8.4,"nvdReferences":[{"url":"https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8","source":"9119a7d8-5eab-497f-8521-727c672e3725","tags":["Vendor Advisory"]},{"url":"https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass","source":"9119a7d8-5eab-497f-8521-727c672e3725","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-1708","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"},{"url":"https://www.microsoft.com/en-us/security/blog/2026/04/06/storm-1175-focuses-gaze-on-vulnerable-web-facing-assets-in-high-tempo-medusa-ransomware-operations/","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}],"vulnStatus":"Modified"}],"githubPocs":[],"openThreatData":[{"adversaries":["Repellent Scorpius","Storm-1175","EvilConwi"],"malwareFamiles":["Evilconwi","Cicada3301","Medusa"],"affectedIndustries":[],"communityAdversaries":["Repellent Scorpius","ShadowSyndicate","EvilConwi"],"communityMalwareFamilies":["Cicada3301","Scorpius","Evilconwi","Cobalt strike","Blackcat"],"communityAffectedIndustries":["Entertaiment","Technology","Government","Finance","Military","Telecommunications","Logistic","Healthcare","Petroleum"]}],"knownRansomwareCampaignUse":"Unknown"},{"_id":"69ebb1f9367ca22cdae7a031","cveID":"CVE-2024-57726","dateAdded":"2026-04-24","dueDate":"2026-05-08","notes":"https://simple-help.com/kb---security-vulnerabilities-01-2025#security-vulnerabilities-in-simplehelp-5-5-7-and-earlier ; https://nvd.nist.gov/vuln/detail/CVE-2024-57726","product":"SimpleHelp","requiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","shortDescription":"SimpleHelp contains a missing authorization vulnerability that could allow low-privileged technicians to create API keys with excessive permissions. These API keys can be used to escalate privileges to the server admin role.","vendorProject":"SimpleHelp ","vulnerabilityName":"SimpleHelp Missing Authorization Vulnerability","nvdData":[{"attackVector":"NETWORK","attackComplexity":"LOW","baseSeverity":"CRITICAL","exploitabilityScore":3.1,"baseScore":9.9,"nvdReferences":[{"url":"https://simple-help.com/kb---security-vulnerabilities-01-2025#security-vulnerabilities-in-simplehelp-5-5-7-and-earlier","source":"cve@mitre.org","tags":["Release Notes"]},{"url":"https://www.horizon3.ai/attack-research/disclosures/critical-vulnerabilities-in-simplehelp-remote-support-software/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-57726","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"]},{"url":"https://www.microsoft.com/en-us/security/blog/2026/04/06/storm-1175-focuses-gaze-on-vulnerable-web-facing-assets-in-high-tempo-medusa-ransomware-operations/","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Technical Description"]},{"url":"https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-dragonforce","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Third Party Advisory"]}],"vulnStatus":"Analyzed"}],"githubPocs":[],"openThreatData":[{"adversaries":["Storm-1175"],"malwareFamiles":["Medusa"],"affectedIndustries":[],"communityAdversaries":["They"],"communityMalwareFamilies":["Dragonforce"],"communityAffectedIndustries":[]}],"knownRansomwareCampaignUse":"Unknown"},{"_id":"69ebb1f9367ca22cdae7a030","cveID":"CVE-2024-57728","dateAdded":"2026-04-24","dueDate":"2026-05-08","notes":"https://simple-help.com/kb---security-vulnerabilities-01-2025#security-vulnerabilities-in-simplehelp-5-5-7-and-earlier ; https://nvd.nist.gov/vuln/detail/CVE-2024-57728","product":"SimpleHelp","requiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","shortDescription":"SimpleHelp contains a path traversal vulnerability that allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e. zip slip). This can be exploited to execute arbitrary code on the host in the context of the SimpleHelp server user.","vendorProject":"SimpleHelp ","vulnerabilityName":"SimpleHelp Path Traversal Vulnerability","nvdData":[{"attackVector":"NETWORK","attackComplexity":"LOW","baseSeverity":"HIGH","exploitabilityScore":1.2,"baseScore":7.2,"nvdReferences":[{"url":"https://simple-help.com/kb---security-vulnerabilities-01-2025#security-vulnerabilities-in-simplehelp-5-5-7-and-earlier","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"https://www.horizon3.ai/attack-research/disclosures/critical-vulnerabilities-in-simplehelp-remote-support-software/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-57728","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"]},{"url":"https://www.microsoft.com/en-us/security/blog/2026/04/06/storm-1175-focuses-gaze-on-vulnerable-web-facing-assets-in-high-tempo-medusa-ransomware-operations/","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Technical Description"]},{"url":"https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-dragonforce","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Third Party Advisory"]}],"vulnStatus":"Analyzed"}],"githubPocs":[],"openThreatData":[{"adversaries":["Storm-1175"],"malwareFamiles":["Medusa"],"affectedIndustries":[],"communityAdversaries":["They"],"communityMalwareFamilies":["Dragonforce"],"communityAffectedIndustries":[]}],"knownRansomwareCampaignUse":"Unknown"},{"_id":"69ebb1f9367ca22cdae7a02f","cveID":"CVE-2024-7399","dateAdded":"2026-04-24","dueDate":"2026-05-08","notes":"https://security.samsungtv.com/securityUpdates ; https://nvd.nist.gov/vuln/detail/CVE-2024-7399","product":"MagicINFO 9 Server","requiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","shortDescription":"Samsung MagicINFO 9 Server contains a path traversal vulnerability that could allow an attacker to write arbitrary files as system authority.","vendorProject":"Samsung","vulnerabilityName":"Samsung MagicINFO 9 Server Path Traversal Vulnerability","nvdData":[{"attackVector":"NETWORK","attackComplexity":"LOW","baseSeverity":"HIGH","exploitabilityScore":2.8,"baseScore":8.8,"nvdReferences":[{"url":"https://security.samsungtv.com/securityUpdates","source":"PSIRT@samsung.com","tags":["Vendor Advisory"]},{"url":"https://arcticwolf.com/resources/blog-uk/arctic-wolf-observes-exploitation-of-path-traversal-vulnerability-in-samsung-magicinfo-9-server-cve-2024-7399/","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Third Party Advisory"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-7399","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"]}],"vulnStatus":"Analyzed"}],"githubPocs":[],"openThreatData":[{"adversaries":[],"malwareFamiles":[],"affectedIndustries":[],"communityAdversaries":[],"communityMalwareFamilies":[],"communityAffectedIndustries":[]}],"knownRansomwareCampaignUse":"Unknown"},{"_id":"69ebb1f9367ca22cdae7a02e","cveID":"CVE-2025-29635","dateAdded":"2026-04-24","dueDate":"2026-05-08","notes":"https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10469 ; https://nvd.nist.gov/vuln/detail/CVE-2025-29635","product":"DIR-823X","requiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","shortDescription":"D-Link DIR-823X contains a command injection vulnerability that allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /goform/set_prohibiting via the corresponding function. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.","vendorProject":"D-Link","vulnerabilityName":"D-Link DIR-823X Command Injection Vulnerability","nvdData":[{"attackVector":"NETWORK","attackComplexity":"LOW","baseSeverity":"HIGH","exploitabilityScore":1.2,"baseScore":7.2,"nvdReferences":[{"url":"https://github.com/mono7s/Dir-823x/blob/main/set_prohibiting/set_prohibiting.md","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","Broken Link"]},{"url":"https://www.akamai.com/blog/security-research/2026/apr/cve-2025-29635-mirai-campaign-targets-d-link-devices","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-29635","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"]}],"vulnStatus":"Analyzed"}],"githubPocs":[],"openThreatData":[{"adversaries":[],"malwareFamiles":[],"affectedIndustries":[],"communityAdversaries":[],"communityMalwareFamilies":[],"communityAffectedIndustries":[]}],"knownRansomwareCampaignUse":"Unknown"},{"_id":"69ea60795510f528b2c61e76","cveID":"CVE-2026-39987","dateAdded":"2026-04-23","dueDate":"2026-05-07","notes":"https://github.com/marimo-team/marimo/security/advisories/GHSA-2679-6mx9-h9xc ; https://nvd.nist.gov/vuln/detail/CVE-2026-39987","product":"Marimo","requiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","shortDescription":"Marimo contains an pre-authorization remote code execution vulnerability, allowing an unauthenticated attacked to shell access and execute arbitrary system commands.","vendorProject":"Marimo","vulnerabilityName":"Marimo Remote Code Execution Vulnerability","nvdData":[{"attackVector":"NETWORK","attackComplexity":"LOW","baseSeverity":"CRITICAL","exploitabilityScore":3.9,"baseScore":9.8,"nvdReferences":[{"url":"https://github.com/marimo-team/marimo/commit/c24d4806398f30be6b12acd6c60d1d7c68cfd12a","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/marimo-team/marimo/pull/9098","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/marimo-team/marimo/security/advisories/GHSA-2679-6mx9-h9xc","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Vendor Advisory"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-39987","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"]},{"url":"https://www.sysdig.com/blog/marimo-oss-python-notebook-rce-from-disclosure-to-exploitation-in-under-10-hours","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Third Party Advisory"]}],"vulnStatus":"Analyzed"}],"githubPocs":["https://github.com/Nxploited/CVE-2026-39987","https://github.com/keraattin/CVE-2026-39987","https://github.com/fevar54/marimo_CVE-2026-39987_RCE_PoC","https://github.com/0xBlackash/CVE-2026-39987","https://github.com/h3raklez/CVE-2026-39987","https://github.com/0xdeadroot/CVE-2026-39987-marimo-rce","https://github.com/M3PH1569/CVE-2026-39987-POC","https://github.com/HORKimhab/CVE-2026-39987"],"openThreatData":[{"adversaries":[],"malwareFamiles":["Nkabuse","Kagent"],"affectedIndustries":["Technology"],"communityAdversaries":["Mirax RAT, Marimo Exploitation, DesckVB RAT, Payouts King"],"communityMalwareFamilies":["Nkabuse","Kagent"],"communityAffectedIndustries":["Technology"]}],"knownRansomwareCampaignUse":"Unknown"},{"_id":"69e92b19f36ed5298bf72d6e","cveID":"CVE-2026-33825","dateAdded":"2026-04-22","dueDate":"2026-05-06","notes":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33825 ; https://nvd.nist.gov/vuln/detail/CVE-2026-33825","product":"Defender","requiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","shortDescription":"Microsoft Defender contains an insufficient granularity of access control vulnerability that could allow an authorized attacker to escalate privileges locally.","vendorProject":"Microsoft","vulnerabilityName":"Microsoft Defender Insufficient Granularity of Access Control Vulnerability","nvdData":[{"attackVector":"LOCAL","attackComplexity":"LOW","baseSeverity":"HIGH","exploitabilityScore":1.8,"baseScore":7.8,"nvdReferences":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33825","source":"secure@microsoft.com","tags":["Vendor Advisory"]},{"url":"https://www.huntress.com/blog/nightmare-eclipse-intrusion","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}],"vulnStatus":"Modified"}],"githubPocs":["https://github.com/Bilal3755/Detecting_blue_hammer_vuln","https://github.com/Letlaka/redsun-bluehammer-undefend-detection-pack","https://github.com/Joe1sn/CVE-2026-33825","https://github.com/0xBlackash/CVE-2026-33825"],"openThreatData":[{"adversaries":[],"malwareFamiles":["Undefend","Bluehammer","Redsun","Beigeburrow"],"affectedIndustries":[],"communityAdversaries":["STX RAT, Deploying NetSupport RAT via Compromised Websites, AngrySpark, Abusing n8n platform","GopherWhisper, Seedworm (MuddyWater), Adware Bundles Delivering RAT, Donot"],"communityMalwareFamilies":["Bluehammer","Huntress","Undefend","Beigeburrow","Redsun"],"communityAffectedIndustries":[]}],"knownRansomwareCampaignUse":"Unknown"},{"_id":"69e687215a9d39622b659e22","cveID":"CVE-2024-27199","dateAdded":"2026-04-20","dueDate":"2026-05-04","notes":"https://www.jetbrains.com/privacy-security/issues-fixed/ ; https://nvd.nist.gov/vuln/detail/CVE-2024-27199","product":"TeamCity","requiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","shortDescription":"JetBrains TeamCity contains a relative path traversal vulnerability that could allow limited admin actions to be performed.","vendorProject":"JetBrains","vulnerabilityName":"JetBrains TeamCity Relative Path Traversal Vulnerability","nvdData":[{"attackVector":"NETWORK","attackComplexity":"LOW","baseSeverity":"HIGH","exploitabilityScore":3.9,"baseScore":7.3,"nvdReferences":[{"url":"https://www.darkreading.com/cyberattacks-data-breaches/jetbrains-teamcity-mass-exploitation-underway-rogue-accounts-thrive","source":"cve@jetbrains.com","tags":["Press/Media Coverage"]},{"url":"https://www.jetbrains.com/privacy-security/issues-fixed/","source":"cve@jetbrains.com","tags":["Vendor Advisory"]},{"url":"https://www.darkreading.com/cyberattacks-data-breaches/jetbrains-teamcity-mass-exploitation-underway-rogue-accounts-thrive","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Press/Media Coverage"]},{"url":"https://www.jetbrains.com/privacy-security/issues-fixed/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://github.com/Stuub/RCity-CVE-2024-27198/blob/main/RCity.py","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-27199","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}],"vulnStatus":"Modified"}],"githubPocs":["https://github.com/Stuub/RCity-CVE-2024-27199"],"openThreatData":[{"adversaries":["Storm-1175","Earth Lamia"],"malwareFamiles":["Cobalt strike - s0154","Medusa","Pulsepack","Xworm","Blankgrabber","Vshell","Brute ratel","Bypassboss"],"affectedIndustries":["Retail","Finance","Government","Education","Technology","Transportation"],"communityAdversaries":["Silver Fox, Powercat, BRUSHWORM and BRUSHLOGGER, Blank Grabber, Infiniti Stealer","Earth Lamia"],"communityMalwareFamilies":["Cobalt strike - s0154","Jasmin","Trend pattern","Sparkrat","Pulsepack","Xworm","Blankgrabber","Cobalt strike","Vshell","Brute ratel","Bypassboss"],"communityAffectedIndustries":["Retail","Finance","Government","Education","Technology","Transportation"]}],"knownRansomwareCampaignUse":"Unknown"},{"_id":"69e687215a9d39622b659e21","cveID":"CVE-2025-32975","dateAdded":"2026-04-20","dueDate":"2026-05-04","notes":"https://support.quest.com/kb/4379499/quest-response-to-kace-sma-vulnerabilities-cve-2025-32975-cve-2025-32976-cve-2025-32977-cve-2025-32978 ; https://nvd.nist.gov/vuln/detail/CVE-2025-32975","product":"KACE Systems Management Appliance (SMA)","requiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","shortDescription":"Quest KACE Systems Management Appliance (SMA) contains an improper authentication vulnerability that could allow attackers to impersonate legitimate users without valid credentials.","vendorProject":"Quest","vulnerabilityName":"Quest KACE Systems Management Appliance (SMA) Improper Authentication Vulnerability","nvdData":[{"attackVector":"NETWORK","attackComplexity":"LOW","baseSeverity":"CRITICAL","exploitabilityScore":3.9,"baseScore":10.0,"nvdReferences":[{"url":"https://seclists.org/fulldisclosure/2025/Jun/22","source":"cve@mitre.org"},{"url":"https://seralys.com/research/CVE-2025-32975.txt","source":"cve@mitre.org"},{"url":"https://support.quest.com/kb/4379499/quest-response-to-kace-sma-vulnerabilities-cve-2025-32975-cve-2025-32976-cve-2025-32977-cve-2025-32978","source":"cve@mitre.org"},{"url":"http://seclists.org/fulldisclosure/2025/Jun/25","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-32975","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}],"vulnStatus":"Deferred"}],"githubPocs":[],"openThreatData":[{"adversaries":[],"malwareFamiles":["Bot_x64","Win_sys.exe"],"affectedIndustries":["Technology"],"communityAdversaries":[],"communityMalwareFamilies":["Bot_x64","Win_sys.exe"],"communityAffectedIndustries":["Technology"]}],"knownRansomwareCampaignUse":"Unknown"},{"_id":"69e687215a9d39622b659e20","cveID":"CVE-2026-20128","dateAdded":"2026-04-20","dueDate":"2026-04-23","notes":"CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v ; https://nvd.nist.gov/vuln/detail/CVE-2026-20128","product":"Catalyst SD-WAN Manager","requiredAction":"Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.","shortDescription":"Cisco Catalyst SD-WAN Manager contains a storing passwords in a recoverable format vulnerability that allows an authenticated, local attacker to gain DCA user privileges by accessing a credential file for the DCA user on the filesystem as a low-privileged user.","vendorProject":"Cisco","vulnerabilityName":"Cisco Catalyst SD-WAN Manager Storing Passwords in a Recoverable Format Vulnerability","nvdData":[{"attackVector":"LOCAL","attackComplexity":"HIGH","baseSeverity":"HIGH","exploitabilityScore":0.8,"baseScore":7.5,"nvdReferences":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v","source":"psirt@cisco.com","tags":["Vendor Advisory"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20128","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}],"vulnStatus":"Modified"}],"githubPocs":[],"openThreatData":[{"adversaries":["UAT-8616"],"malwareFamiles":["Sliver","Godzilla","Xmrig","Gsocket","Nimplant","Kscan","Xenshell","Behinder","Adaptixc2"],"affectedIndustries":[],"communityAdversaries":["UAT-8616","Seedworm, Amadey Botnet, Sorry, Leveraging Rclone, Campaign Abuses Google Tag Manager"],"communityMalwareFamilies":["Sliver","Godzilla","Xmrig","Gsocket","Nimplant","Kscan","Xenshell","Behinder","Adaptixc2"],"communityAffectedIndustries":[]}],"knownRansomwareCampaignUse":"Unknown"},{"_id":"69e687215a9d39622b659e1f","cveID":"CVE-2025-48700","dateAdded":"2026-04-20","dueDate":"2026-04-23","notes":"https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories ; https://nvd.nist.gov/vuln/detail/CVE-2025-48700","product":"Zimbra Collaboration Suite (ZCS)","requiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","shortDescription":"Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability that could allow attackers to execute arbitrary JavaScript within the user's session, potentially leading to unauthorized access to sensitive information.","vendorProject":"Synacor","vulnerabilityName":"Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability","nvdData":[{"attackVector":"NETWORK","attackComplexity":"LOW","baseSeverity":"MEDIUM","exploitabilityScore":2.8,"baseScore":6.1,"nvdReferences":[{"url":"https://wiki.zimbra.com/wiki/Security_Center","source":"cve@mitre.org","tags":["Release Notes"]},{"url":"https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy","source":"cve@mitre.org","tags":["Product"]},{"url":"https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-48700","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}],"vulnStatus":"Modified"}],"githubPocs":[],"openThreatData":[{"adversaries":[],"malwareFamiles":[],"affectedIndustries":[],"communityAdversaries":[],"communityMalwareFamilies":[],"communityAffectedIndustries":[]}],"knownRansomwareCampaignUse":"Unknown"},{"_id":"69e687215a9d39622b659e1e","cveID":"CVE-2023-27351","dateAdded":"2026-04-20","dueDate":"2026-05-04","notes":"https://www.papercut.com/kb/Main/PO-1216-and-PO-1219 ; https://nvd.nist.gov/vuln/detail/CVE-2023-27351","product":"NG/MF","requiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","shortDescription":"PaperCut NG/MF contains an improper authentication vulnerability that could allow remote attackers to bypass authentication on affected installations via the SecurityRequestFilter class.","vendorProject":"PaperCut","vulnerabilityName":"PaperCut NG/MF Improper Authentication Vulnerability","nvdData":[{"attackVector":"NETWORK","attackComplexity":"LOW","baseSeverity":"HIGH","exploitabilityScore":3.9,"baseScore":7.5,"nvdReferences":[{"url":"https://www.papercut.com/kb/Main/PO-1216-and-PO-1219","source":"zdi-disclosures@trendmicro.com","tags":["Vendor Advisory"]},{"url":"https://www.zerodayinitiative.com/advisories/ZDI-23-232/","source":"zdi-disclosures@trendmicro.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.papercut.com/kb/Main/PO-1216-and-PO-1219","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.zerodayinitiative.com/advisories/ZDI-23-232/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-27351","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}],"vulnStatus":"Modified"}],"githubPocs":[],"openThreatData":[{"adversaries":["Storm-1175"],"malwareFamiles":["Medusa"],"affectedIndustries":[],"communityAdversaries":["Test Adversary2","APT35, Charming Kitten, Mint Sandstorm, Cobalt Mirage"],"communityMalwareFamilies":["#aggr:autoit/banload","\"prepending (enc) ransomware\" (not an official name)","Immortal stealer"],"communityAffectedIndustries":["Healthcare","Finance","Construction","Government","Defense","Legal, financial, healthcare, government, municipal, real-estate, enterprise-technology, critical-in","Transportation","Chemical","Education","Technology","Energy","Aerospace"]}],"knownRansomwareCampaignUse":"Unknown"},{"_id":"69e687215a9d39622b659e1d","cveID":"CVE-2025-2749","dateAdded":"2026-04-20","dueDate":"2026-05-04","notes":"https://devnet.kentico.com/download/hotfixes ; https://nvd.nist.gov/vuln/detail/CVE-2025-2749","product":"Kentico Xperience","requiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","shortDescription":"Kentico Xperience contains a path traversal vulnerability that could allow an authenticated user's Staging Sync Server to upload arbitrary data to path relative locations.","vendorProject":"Kentico","vulnerabilityName":"Kentico Xperience Path Traversal Vulnerability","nvdData":[{"attackVector":"NETWORK","attackComplexity":"LOW","baseSeverity":"HIGH","exploitabilityScore":1.2,"baseScore":7.2,"nvdReferences":[{"url":"https://devnet.kentico.com/download/hotfixes","source":"disclosure@vulncheck.com","tags":["Patch"]},{"url":"https://labs.watchtowr.com/bypassing-authentication-like-its-the-90s-pre-auth-rce-chain-s-in-kentico-xperience-cms/","source":"disclosure@vulncheck.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.vulncheck.com/advisories/kentico-xperience-staging-media-file-upload-authenticated-rce","source":"disclosure@vulncheck.com"},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-2749","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}],"vulnStatus":"Modified"}],"githubPocs":[],"openThreatData":[{"adversaries":[],"malwareFamiles":[],"affectedIndustries":[],"communityAdversaries":[],"communityMalwareFamilies":[],"communityAffectedIndustries":[]}],"knownRansomwareCampaignUse":"Unknown"},{"_id":"69e687215a9d39622b659e1c","cveID":"CVE-2026-20133","dateAdded":"2026-04-20","dueDate":"2026-04-23","notes":"CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v ; https://nvd.nist.gov/vuln/detail/CVE-2026-20133","product":"Catalyst SD-WAN Manager","requiredAction":"Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.","shortDescription":"Cisco Catalyst SD-WAN Manager contains an exposure of sensitive information to an unauthorized actor vulnerability that could allow remote attackers to view sensitive information on affected systems.","vendorProject":"Cisco","vulnerabilityName":"Cisco Catalyst SD-WAN Manager Exposure of Sensitive Information to an Unauthorized Actor Vulnerability","nvdData":[{"attackVector":"NETWORK","attackComplexity":"LOW","baseSeverity":"MEDIUM","exploitabilityScore":2.8,"baseScore":6.5,"nvdReferences":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v","source":"psirt@cisco.com","tags":["Vendor Advisory"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20133","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}],"vulnStatus":"Modified"}],"githubPocs":[],"openThreatData":[{"adversaries":["UAT-8616"],"malwareFamiles":["Sliver","Adaptixc2","Behinder","Nimplant","Kscan","Xenshell","Xmrig","Gsocket","Godzilla"],"affectedIndustries":[],"communityAdversaries":["UAT-8616","Seedworm, Amadey Botnet, Sorry, Leveraging Rclone, Campaign Abuses Google Tag Manager"],"communityMalwareFamilies":["Sliver","Adaptixc2","Behinder","Nimplant","Kscan","Xenshell","Xmrig","Gsocket","Godzilla"],"communityAffectedIndustries":[]}],"knownRansomwareCampaignUse":"Unknown"},{"_id":"69e687215a9d39622b659e1b","cveID":"CVE-2026-20122","dateAdded":"2026-04-20","dueDate":"2026-04-23","notes":"CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v ; https://nvd.nist.gov/vuln/detail/ CVE-2026-20122","product":"Catalyst SD-WAN Manger","requiredAction":"Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.","shortDescription":"Cisco Catalyst SD-WAN Manager contains an incorrect use of privileged APIs vulnerability due to improper file handling on the API interface of an affected system. An attacker could exploit this vulnerability by uploading a malicious file on the local file system. A successful exploit could allow the attacker to overwrite arbitrary files on the affected system and gain vmanage user privileges.","vendorProject":"Cisco","vulnerabilityName":"Cisco Catalyst SD-WAN Manager Incorrect Use of Privileged APIs Vulnerability","nvdData":[{"attackVector":"NETWORK","attackComplexity":"LOW","baseSeverity":"MEDIUM","exploitabilityScore":2.8,"baseScore":5.4,"nvdReferences":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v","source":"psirt@cisco.com","tags":["Vendor Advisory"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20122","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}],"vulnStatus":"Modified"}],"githubPocs":[],"openThreatData":[{"adversaries":["UAT-8616"],"malwareFamiles":["Adaptixc2","Nimplant","Sliver","Godzilla","Gsocket","Behinder","Kscan","Xmrig","Xenshell"],"affectedIndustries":[],"communityAdversaries":["Seedworm, Amadey Botnet, Sorry, Leveraging Rclone, Campaign Abuses Google Tag Manager","UAT-8616"],"communityMalwareFamilies":["Adaptixc2","Nimplant","Sliver","Godzilla","Gsocket","Behinder","Kscan","Xmrig","Xenshell"],"communityAffectedIndustries":[]}],"knownRansomwareCampaignUse":"Unknown"},{"_id":"69e125f9bf2904da36e09391","cveID":"CVE-2026-34197","dateAdded":"2026-04-16","dueDate":"2026-04-30","notes":"https://activemq.apache.org/security-advisories.data/CVE-2026-34197-announcement.txt ; https://nvd.nist.gov/vuln/detail/CVE-2026-34197","product":"ActiveMQ","requiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","shortDescription":"Apache ActiveMQ contains an improper input validation vulnerability that allows for code injection.","vendorProject":"Apache","vulnerabilityName":"Apache ActiveMQ Improper Input Validation Vulnerability","nvdData":[{"attackVector":"NETWORK","attackComplexity":"LOW","baseSeverity":"HIGH","exploitabilityScore":2.8,"baseScore":8.8,"nvdReferences":[{"url":"https://activemq.apache.org/security-advisories.data/CVE-2026-34197-announcement.txt","source":"security@apache.org","tags":["Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/04/06/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-34197","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"]}],"vulnStatus":"Analyzed"}],"githubPocs":["https://github.com/keraattin/CVE-2026-34197","https://github.com/hg0434hongzh0/CVE-2026-34197","https://github.com/KONDORDEVSECURITYCORP/CVE-2026-34197","https://github.com/AtoposX-J/CVE-2026-34197-Apache-ActiveMQ-RCE","https://github.com/DEVSECURITYSPRO/CVE-2026-34197","https://github.com/dinosn/CVE-2026-34197","https://github.com/0xBlackash/CVE-2026-34197"],"openThreatData":[{"adversaries":[],"malwareFamiles":[],"affectedIndustries":[],"communityAdversaries":[],"communityMalwareFamilies":["Huntress","Bluehammer"],"communityAffectedIndustries":[]}],"knownRansomwareCampaignUse":"Unknown"},{"_id":"69de82f92c5c1df9d4b24d23","cveID":"CVE-2026-32201","dateAdded":"2026-04-14","dueDate":"2026-04-28","notes":"https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-32201 ; https://nvd.nist.gov/vuln/detail/CVE-2026-32201","product":"SharePoint Server","requiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","shortDescription":"Microsoft SharePoint Server contains an improper input validation vulnerability that allows an unauthorized attacker to perform spoofing over a network.","vendorProject":"Microsoft","vulnerabilityName":"Microsoft SharePoint Server Improper Input Validation Vulnerability","nvdData":[{"attackVector":"NETWORK","attackComplexity":"LOW","baseSeverity":"MEDIUM","exploitabilityScore":3.9,"baseScore":6.5,"nvdReferences":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32201","source":"secure@microsoft.com","tags":["Vendor Advisory"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-32201","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource","Third Party Advisory"]}],"vulnStatus":"Analyzed"}],"githubPocs":["https://github.com/B1tBit/CVE-2026-32201-exploit"],"openThreatData":[{"adversaries":[],"malwareFamiles":[],"affectedIndustries":[],"communityAdversaries":[],"communityMalwareFamilies":[],"communityAffectedIndustries":[]}],"knownRansomwareCampaignUse":"Unknown"},{"_id":"69de82f92c5c1df9d4b24d22","cveID":"CVE-2009-0238","dateAdded":"2026-04-14","dueDate":"2026-04-28","notes":"https://learn.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-009 ; https://nvd.nist.gov/vuln/detail/CVE-2009-0238","product":"Office","requiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","shortDescription":"Microsoft Office Excel contains a remote code execution vulnerability that could allow an attacker to take complete control of an affected system if a user opens a specially crafted Excel file that includes a malformed object.","vendorProject":"Microsoft","vulnerabilityName":"Microsoft Office Remote Code Execution","nvdData":[{"attackVector":"NETWORK","attackComplexity":"LOW","baseSeverity":"HIGH","exploitabilityScore":2.8,"baseScore":8.8,"nvdReferences":[{"url":"http://blogs.zdnet.com/security/?p=2658","source":"secure@microsoft.com"},{"url":"http://isc.sans.org/diary.html?storyid=5923","source":"secure@microsoft.com"},{"url":"http://securitytracker.com/id?1021744","source":"secure@microsoft.com"},{"url":"http://www.microsoft.com/technet/security/advisory/968272.mspx","source":"secure@microsoft.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/33870","source":"secure@microsoft.com"},{"url":"http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-022310-4202-99","source":"secure@microsoft.com"},{"url":"http://www.us-cert.gov/cas/techalerts/TA09-104A.html","source":"secure@microsoft.com","tags":["US Government Resource"]},{"url":"http://www.vupen.com/english/advisories/2009/1023","source":"secure@microsoft.com"},{"url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-009","source":"secure@microsoft.com"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/48875","source":"secure@microsoft.com"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5968","source":"secure@microsoft.com"},{"url":"http://blogs.zdnet.com/security/?p=2658","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://isc.sans.org/diary.html?storyid=5923","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://securitytracker.com/id?1021744","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.microsoft.com/technet/security/advisory/968272.mspx","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/33870","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-022310-4202-99","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.us-cert.gov/cas/techalerts/TA09-104A.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["US Government Resource"]},{"url":"http://www.vupen.com/english/advisories/2009/1023","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-009","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/48875","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5968","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2009-0238","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}],"vulnStatus":"Deferred"}],"githubPocs":[],"openThreatData":[{"adversaries":[],"malwareFamiles":[],"affectedIndustries":[],"communityAdversaries":[],"communityMalwareFamilies":[],"communityAffectedIndustries":[]}],"knownRansomwareCampaignUse":"Unknown"},{"_id":"69dd3179a77fe194a6a23e1f","cveID":"CVE-2026-34621","dateAdded":"2026-04-13","dueDate":"2026-04-27","notes":"https://helpx.adobe.com/security/products/acrobat/apsb26-43.html ; https://nvd.nist.gov/vuln/detail/CVE-2026-34621","product":"Acrobat and Reader","requiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","shortDescription":"Adobe Acrobat and Reader contain a prototype pollution vulnerability that allows for arbitrary code execution.","vendorProject":"Adobe","vulnerabilityName":"Adobe Acrobat and Reader Prototype Pollution Vulnerability","nvdData":[{"attackVector":"LOCAL","attackComplexity":"LOW","baseSeverity":"HIGH","exploitabilityScore":1.8,"baseScore":8.6,"nvdReferences":[{"url":"https://helpx.adobe.com/security/products/acrobat/apsb26-43.html","source":"psirt@adobe.com","tags":["Vendor Advisory"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-34621","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"]}],"vulnStatus":"Analyzed"}],"githubPocs":["https://github.com/eduardorossi84/CVE-2026-34621-POC","https://github.com/NULL200OK/cve_2026_34621_advanced"],"openThreatData":[{"adversaries":[],"malwareFamiles":[],"affectedIndustries":[],"communityAdversaries":["Threat"],"communityMalwareFamilies":["Ransomhub","Handleref","Bazarloader","Shadow chaser","Win api","Socgholish netsupport","Conti","Nbtscan","Ryuk","Socgholish","Kronos","Credomap","Apt29","Gold blackburn","Threat analysis","Matanbuchus","Beaconloader","Win32.agent","Plugx","Fancybear","Grimplant","Trickbot","Darkside","Primary threat","Avoslocker","Doorme","Bumblebee","Pcap","Graphsteel","Generic.933739","Gootloader","Frp","Win32.bitcoinminer","Stellarparticle","Shadowpad","Microbackdoor","Elf","Cobalt strike","Raspberry robin","Hades","Threat","Cyclops","Netsupport","Beacon","Cozybear"],"communityAffectedIndustries":["Government","Academics","Military","Technology","Aerospace","Industrial","Telecommunications","Transportation","Financial","Diplomatic","Transport","Aviation","Gas","Political","Energy","Manufacturing","Logistics","Defense","Legal","Pharmaceutical","Media","Banking","Foreign affairs"]}],"knownRansomwareCampaignUse":"Unknown"},{"_id":"69dd3179a77fe194a6a23e1e","cveID":"CVE-2026-21643","dateAdded":"2026-04-13","dueDate":"2026-04-16","notes":"https://fortiguard.fortinet.com/psirt/FG-IR-25-1142 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21643","product":"FortiClient EMS","requiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","shortDescription":"Fortinet FortiClient EMS contains a SQL injection vulnerability that may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.","vendorProject":"Fortinet","vulnerabilityName":"Fortinet SQL Injection Vulnerability","nvdData":[{"attackVector":"NETWORK","attackComplexity":"LOW","baseSeverity":"CRITICAL","exploitabilityScore":3.9,"baseScore":9.8,"nvdReferences":[{"url":"https://fortiguard.fortinet.com/psirt/FG-IR-25-1142","source":"psirt@fortinet.com","tags":["Vendor Advisory"]},{"url":"https://github.com/0xBlackash/CVE-2026-21643/blob/main/cve-2026-21643.py","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21643","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}],"vulnStatus":"Modified"}],"githubPocs":["https://github.com/0xBlackash/CVE-2026-21643","https://github.com/alirezac0/CVE-2026-21643","https://github.com/DarkSploits/CVE-2026-21643-Exploit"],"openThreatData":[{"adversaries":[],"malwareFamiles":[],"affectedIndustries":[],"communityAdversaries":["APT41, Floki, Cifrat, LucidRook, Lumma Stealer, Winnti ELF Backdoor, Delphi, Infiniti Stealer","Threat"],"communityMalwareFamilies":["Elf","Primary threat","Apt29","Grimplant","Ryuk","Shadow chaser","Ransomhub","Kronos","Beaconloader","Fancybear","Socgholish","Conti","Hades","Nbtscan","Pcap","Cobalt strike","Beacon","Bumblebee","Cyclops","Gold blackburn","Raspberry robin","Threat","Socgholish netsupport","Plugx","Avoslocker","Darkside","Doorme","Handleref","Cozybear","Gootloader","Trickbot","Stellarparticle","Win32.agent","Matanbuchus","Shadowpad","Frp","Microbackdoor","Netsupport","Win api","Credomap","Win32.bitcoinminer","Generic.933739","Bazarloader","Threat analysis","Graphsteel"],"communityAffectedIndustries":["Technology","Transport","Foreign affairs","Gas","Aerospace","Transportation","Financial","Logistics","Defense","Political","Pharmaceutical","Telecommunications","Industrial","Energy","Aviation","Manufacturing","Media","Academics","Banking","Legal","Military","Diplomatic","Government"]}],"knownRansomwareCampaignUse":"Unknown"},{"_id":"69dd3179a77fe194a6a23e1d","cveID":"CVE-2020-9715","dateAdded":"2026-04-13","dueDate":"2026-04-27","notes":"https://helpx.adobe.com/security/products/acrobat/apsb20-48.html ; https://nvd.nist.gov/vuln/detail/CVE-2020-9715","product":"Acrobat","requiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","shortDescription":"Adobe Acrobat contains a use-after-free vulnerability that allows for code execution","vendorProject":"Adobe","vulnerabilityName":"Adobe Acrobat Use-After-Free Vulnerability","nvdData":[{"attackVector":"LOCAL","attackComplexity":"LOW","baseSeverity":"HIGH","exploitabilityScore":1.8,"baseScore":7.8,"nvdReferences":[{"url":"https://blog.exodusintel.com/2021/04/20/analysis-of-a-use-after-free-vulnerability-in-adobe-acrobat-reader-dc/","source":"psirt@adobe.com","tags":["Exploit","Patch","Third Party Advisory"]},{"url":"https://helpx.adobe.com/security/products/acrobat/apsb20-48.html","source":"psirt@adobe.com","tags":["Vendor Advisory"]},{"url":"https://www.zerodayinitiative.com/advisories/ZDI-20-991/","source":"psirt@adobe.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blog.exodusintel.com/2021/04/20/analysis-of-a-use-after-free-vulnerability-in-adobe-acrobat-reader-dc/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Third Party Advisory"]},{"url":"https://helpx.adobe.com/security/products/acrobat/apsb20-48.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.zerodayinitiative.com/advisories/ZDI-20-991/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-9715","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}],"vulnStatus":"Modified"}],"githubPocs":["https://github.com/WonjunChun/CVE-2020-9715"],"openThreatData":[{"adversaries":["Kimsuky"],"malwareFamiles":[],"affectedIndustries":[],"communityAdversaries":[],"communityMalwareFamilies":[],"communityAffectedIndustries":[]}],"knownRansomwareCampaignUse":"Unknown"},{"_id":"69dd3179a77fe194a6a23e1c","cveID":"CVE-2023-36424","dateAdded":"2026-04-13","dueDate":"2026-04-27","notes":"https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2023-36424 ; https://nvd.nist.gov/vuln/detail/CVE-2023-36424","product":"Windows","requiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","shortDescription":"Microsoft Windows Common Log File System Driver contains an out-of-bounds read vulnerability that could allow a threat actor for privileges escalation","vendorProject":"Microsoft","vulnerabilityName":"Microsoft Windows Out-of-Bounds Read Vulnerability","nvdData":[{"attackVector":"LOCAL","attackComplexity":"LOW","baseSeverity":"HIGH","exploitabilityScore":1.8,"baseScore":7.8,"nvdReferences":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36424","source":"secure@microsoft.com","tags":["Patch","Vendor Advisory"]},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36424","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-36424","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}],"vulnStatus":"Modified"}],"githubPocs":["https://github.com/Nassim-Asrir/CVE-2023-36424"],"openThreatData":[{"adversaries":[],"malwareFamiles":[],"affectedIndustries":[],"communityAdversaries":[],"communityMalwareFamilies":[],"communityAffectedIndustries":[]}],"knownRansomwareCampaignUse":"Unknown"}]}