Key Findings:
Top Reported Known Exploitable Issues:
CVE-2025-14847 | MongoBleed
Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client. This issue affects all MongoDB Server v7.0 prior to 7.0.28 versions, MongoDB Server v8.0 versions prior to 8.0.17, MongoDB Server v8.2 versions prior to 8.2.3, MongoDB Server v6.0 versions prior to 6.0.27, MongoDB Server v5.0 versions prior to 5.0.32, MongoDB Server v4.4 versions prior to 4.4.30, MongoDB Server v4.2 versions greater than or equal to 4.2.0, MongoDB Server v4.0 versions greater than or equal to 4.0.0, and MongoDB Server v3.6 versions greater than or equal to 3.6.0. Exploit and technical details for CVE-2025-14847 are publicly available.
CVE-2025-46295 | FileMaker Server
Claris has released a security update for FileMaker Server to address a critical severity vulnerability in the Apache Commons Text library used by the software. An attacker could exploit this vulnerability to achieve remote code execution (RCE). CVE-2025-46295 – Improper control of generation of code (‘code injection’) – CVSSv3 score: 9.8
CVE-2026-20805 | Microsoft
Desktop Window Manager Information Disclosure Vulnerability. Exposure of sensitive information to an unauthorized actor in Desktop Windows Manager allows an authorized attacker to disclose information locally. This is included in Patch Tuesday 13/1/26 and has also been added to the CISA KEV.
CVE-2025-69258 | Trend Micro
Trend Micro has released security updates to address multiple security vulnerabilities impacting on-premise versions of Apex Central for Windows, including a critical bug that could result in arbitrary code execution. The vulnerability, tracked as CVE-2025-69258, carries a CVSS score of 9.8 out of a maximum of 10.0. The vulnerability has been described as a case of remote code execution affecting LoadLibraryEX. “A LoadLibraryEX vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to load an attacker-controlled DLL into a key executable, leading to execution of attacker-supplied code under the context of SYSTEM on affected installations,”
CVE-2025-14733 | WatchGuard Firebox
CVE-2025-14733 Under Exploitation WatchGuard has reported that CVE-2025-14733 in the Fireware OS used by Firebox is under exploitation. Successful exploitation can allow a remote unauthenticated attacker to execute arbitrary code on the Firebox appliance.
CVE-2025-20393 | Cisco
Cisco is aware of a cyberattack campaign targeting a limited subset of appliances with certain ports open to the internet that are running Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager. As part of the exploitation campaign, Cisco has identified the deployment of malware including a backdoor used to maintain persistent access to the affected systems. The US Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-20393 to their Known Exploited Vulnerabilities (KEV) Catalog.
CVE-2025-66209 | Coolify
Multiple exploits associated with the open source Coolify platform. CVE-2025-66209 (CVSS score: 10.0) – A command injection vulnerability in the database backup functionality allows any authenticated user with database backup permissions to execute arbitrary commands on the host server, resulting in container escape and full server compromise CVE-2025-66210 (CVSS score: 10.0) – An authenticated command injection vulnerability in the database import functionality allows attackers to execute arbitrary commands on managed servers, leading to full infrastructure compromise CVE-2025-66211 (CVSS score: 10.0) – A command injection vulnerability in the PostgreSQL init script management allows authenticated users with database permissions to execute arbitrary commands as root on the server.
CVE-2026-23550 | WordPress Modular DS
A maximum-severity security flaw in a WordPress plugin called Modular DS has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-23550 (CVSS score: 10.0), has been described as a case of unauthenticated privilege escalation impacting all versions of the plugin prior to and including 2.5.1. It has been patched in version 2.5.2.
CVE-2025-20393| Cisco AsyncOS
The vulnerability, tracked as CVE-2025-20393 (CVSS score: 10.0), is a remote command execution flaw arising as a result of insufficient validation of HTTP requests by the Spam Quarantine feature. Successful exploitation of the defect could permit an attacker to execute arbitrary commands with root privileges on the underlying operating system of an affected appliance. However, for the attack to work, three conditions must be met – The appliance is running a vulnerable release of Cisco AsyncOS Software The appliance is configured with the Spam Quarantine feature The Spam Quarantine feature is exposed to and reachable from the internet
CVE-2009-0556 | PowerPoint
Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an invalid index value that triggers memory corruption, as exploited in the wild in April 2009 by Exploit:Win32/Apptom.gen, aka “Memory Corruption Vulnerability.”
CVE-2025-40602 | SonicWall
SonicWall has released a security advisory to address a vulnerability in SonicWall SMA1000 Appliance Management Console (AMC). CVE-2025-40602 – a ‘local privilege escalation’ vulnerability with a CVSSv3 score of 6.6. When chained together, CVE-2025-40602 and CVE-2025-23006 could lead to unauthenticated remote code execution with root privileges.
CVE-2025-25249 | FortiOS
Fortinet has released security updates to address a high severity vulnerability in FortiOS and FortiSwitch Manager. Successful exploitation by a remote unauthenticated attacker could allow for arbitrary code or command execution. CVE-2025-25249 – Heap-Based Buffer Overflow vulnerability – CVSSv3 score: 7.4 Affected organisations are encouraged to review the Fortinet PSIRT FG-IR-25-084 and apply the relevant updates as soon as possible.
CVE-2026-0227 | Palo Alto
Palo Alto has released a security update to address a high severity vulnerability in GlobalProtect Gateway and Portal in Palo Alto Networks PAN-OS software. Successful exploitation of this vulnerability could allow an unauthenticated attacker to cause a denial-of-service (DoS) condition to the firewall. CVE-2026-0227 – Improper Check for Unusual or Exceptional Conditions vulnerability – CVSSv4 base score: 8.7.
CVE-2025-37164 | HP
A remote code execution issue exists in HPE OneView. This has been added to the CISA KEV list. HPE OneView software that enables attackers to execute arbitrary code remotely. OneView is HPE’s infrastructure management software that helps IT admins streamline operations and automate the management of servers, storage, and networking devices from a centralized interface.
CVE-2025-55752 | Apache Tomcat
CVE-2025-55752 is a vulnerability in Apache Tomcat (a widely used Java servlet container/web-app server). The issue is a relative path traversal vulnerability which arose as a regression from a previous fix. POC Exploit code available
CVE-2025-41244 | Vmware
The vulnerability in question is CVE-2025-41244 (CVSS score: 7.8), which could be exploited by an attacker to attain root level privileges on a susceptible system. “Broadcom VMware Aria Operations and VMware Tools contain a privilege defined with unsafe actions vulnerability,” CISA said in an alert. “A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM.
CVE-2025-20354 | Unified CCX
Cisco has released security updates to address two critical vulnerabilities in Unified Contact Center Express (Unified CCX). CVE-2025-20354 – Unauthenticated Remote Code Execution (RCE) vulnerability – CVSSv3 score: 9.8 CVE-2025-20358 – Authentication Bypass (unauthenticated to administrative privileges) vulnerability – CVSSv3 score: 9.4
CVE-2025-61932 | Lanscope Endpoint Manager
Lanscope Endpoint Manager (On-Premises) (Client program (MR) and Detection agent (DA)) improperly verifies the origin of incoming requests, allowing an attacker to execute arbitrary code by sending specially crafted packets.
CVE-2025-48703 | CWP
CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1205 allows unauthenticated remote code execution via shell metacharacters in the t_total parameter in a filemanager changePerm request. A valid non-root username must be known.
CVE-2025-24893 | xwiki
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any guest can perform arbitrary remote code execution through a request to SolrSearch
CVE-2025-2747 | Kentico
CVE-2025-2747 (CVSS score: 9.8) – An authentication bypass using an alternate path or channel vulnerability in Kentico Xperience CMS that could allow an attacker to control administrative objects by taking advantage of the Staging Sync Server password handling for the server defined None type (Fixed in Kentico in March 2025)
CVE-2025-6204 | DELMIA
An Improper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to execute arbitrary code.
CVE-2025-62215 | Windows Kernel
CVE-2025-62215 (CVSS score: 7.0), a privilege escalation flaw in Windows Kernel. Concurrent execution using shared resource with improper synchronization (‘race condition’) in Windows Kernel allows an authorized attacker to elevate privileges locally, That said, successful exploitation hinges on an attacker who has already gained a foothold on a system to win a race condition. Once this criterion is satisfied, it could permit the attacker to obtain SYSTEM privileges.
CVE-2025-20352 | Cisco SNMP
Details of a new campaign that exploited a recently disclosed security flaw impacting Cisco IOS Software and IOS XE Software to deploy Linux rootkits on older, unprotected systems. The activity, involves the weaponization of CVE-2025-20352 (CVSS score: 7.7), a stack overflow vulnerability in the Simple Network Management Protocol (SNMP) subsystem that could allow an authenticated, remote attacker to execute arbitrary code by sending crafted SNMP packets to a susceptible device. The intrusions have not been attributed to any known threat actor or group.
CVE-2025-54253 | Adobe
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting Adobe Experience Manager to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability in question is CVE-2025-54253 (CVSS score: 10.0), a maximum-severity misconfiguration bug that could result in arbitrary code execution. According to Adobe, the shortcoming impacts Adobe Experience Manager (AEM) Forms on JEE versions 6.5.23.0 and earlier. It was addressed in version 6.5.0-0108 released early August 2025, alongside CVE-2025-54254 (CVSS score: 8.6). The flaw results from the dangerously exposed /adminui/debug servlet, which evaluates user-supplied OGNL expressions as Java code without requiring authentication or input validation,” security company FireCompass noted. “The endpoint’s misuse enables attackers to execute arbitrary system commands with a single crafted HTTP request.”
CVE-2025-62847 | QNAP
Security researchers have demonstrated a proof-of-concept exploit that chains CVE-2025-62847, CVE-2025-62848, and CVE-2025-62849 together to achieve remote code execution and full device takeover of QTS and QuTS hero devices. Network attached storage (NAS) devices and backup solutions are valuable targets for cyber criminals
CVE-2025-20358 | Unified CCX
Cisco has released security updates to address two critical vulnerabilities in Unified Contact Center Express (Unified CCX). CVE-2025-20354 – Unauthenticated Remote Code Execution (RCE) vulnerability – CVSSv3 score: 9.8 CVE-2025-20358 – Authentication Bypass (unauthenticated to administrative privileges) vulnerability – CVSSv3 score: 9.4
CVE-2025-11371 | Gladinet
CVE-2025-55752 | Apache Tomcat
CVE-2025-55752 is a vulnerability in Apache Tomcat (a widely used Java servlet container/web-app server). The issue is a relative path traversal vulnerability which arose as a regression from a previous fix. POC Exploit code available
CVE-2025-41244 | Vmware
The vulnerability in question is CVE-2025-41244 (CVSS score: 7.8), which could be exploited by an attacker to attain root level privileges on a susceptible system. “Broadcom VMware Aria Operations and VMware Tools contain a privilege defined with unsafe actions vulnerability,” CISA said in an alert. “A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM.
CVE-2025-20354 | Unified CCX
Cisco has released security updates to address two critical vulnerabilities in Unified Contact Center Express (Unified CCX). CVE-2025-20354 – Unauthenticated Remote Code Execution (RCE) vulnerability – CVSSv3 score: 9.8 CVE-2025-20358 – Authentication Bypass (unauthenticated to administrative privileges) vulnerability – CVSSv3 score: 9.4
CVE-2025-61932 | Lanscope Endpoint Manager
Lanscope Endpoint Manager (On-Premises) (Client program (MR) and Detection agent (DA)) improperly verifies the origin of incoming requests, allowing an attacker to execute arbitrary code by sending specially crafted packets.
CVE-2025-48703 | CWP
CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1205 allows unauthenticated remote code execution via shell metacharacters in the t_total parameter in a filemanager changePerm request. A valid non-root username must be known.
CVE-2025-24893 | xwiki
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any guest can perform arbitrary remote code execution through a request to SolrSearch
CVE-2025-2747 | Kentico
CVE-2025-2747 (CVSS score: 9.8) – An authentication bypass using an alternate path or channel vulnerability in Kentico Xperience CMS that could allow an attacker to control administrative objects by taking advantage of the Staging Sync Server password handling for the server defined None type (Fixed in Kentico in March 2025)
CVE-2025-6204 | DELMIA
An Improper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to execute arbitrary code.
CVE-2025-62215 | Windows Kernel
CVE-2025-62215 (CVSS score: 7.0), a privilege escalation flaw in Windows Kernel. Concurrent execution using shared resource with improper synchronization (‘race condition’) in Windows Kernel allows an authorized attacker to elevate privileges locally, That said, successful exploitation hinges on an attacker who has already gained a foothold on a system to win a race condition. Once this criterion is satisfied, it could permit the attacker to obtain SYSTEM privileges.
CVE-2025-20352 | Cisco SNMP
Details of a new campaign that exploited a recently disclosed security flaw impacting Cisco IOS Software and IOS XE Software to deploy Linux rootkits on older, unprotected systems. The activity, involves the weaponization of CVE-2025-20352 (CVSS score: 7.7), a stack overflow vulnerability in the Simple Network Management Protocol (SNMP) subsystem that could allow an authenticated, remote attacker to execute arbitrary code by sending crafted SNMP packets to a susceptible device. The intrusions have not been attributed to any known threat actor or group.
CVE-2025-54253 | Adobe
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting Adobe Experience Manager to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability in question is CVE-2025-54253 (CVSS score: 10.0), a maximum-severity misconfiguration bug that could result in arbitrary code execution. According to Adobe, the shortcoming impacts Adobe Experience Manager (AEM) Forms on JEE versions 6.5.23.0 and earlier. It was addressed in version 6.5.0-0108 released early August 2025, alongside CVE-2025-54254 (CVSS score: 8.6). The flaw results from the dangerously exposed /adminui/debug servlet, which evaluates user-supplied OGNL expressions as Java code without requiring authentication or input validation,” security company FireCompass noted. “The endpoint’s misuse enables attackers to execute arbitrary system commands with a single crafted HTTP request.”
CVE-2025-62847 | QNAP
Security researchers have demonstrated a proof-of-concept exploit that chains CVE-2025-62847, CVE-2025-62848, and CVE-2025-62849 together to achieve remote code execution and full device takeover of QTS and QuTS hero devices. Network attached storage (NAS) devices and backup solutions are valuable targets for cyber criminals
CVE-2025-20358 | Unified CCX
Cisco has released security updates to address two critical vulnerabilities in Unified Contact Center Express (Unified CCX). CVE-2025-20354 – Unauthenticated Remote Code Execution (RCE) vulnerability – CVSSv3 score: 9.8 CVE-2025-20358 – Authentication Bypass (unauthenticated to administrative privileges) vulnerability – CVSSv3 score: 9.4
CVE-2025-11371 | Gladinet
CVE-2025-55752 | Apache Tomcat
CVE-2025-55752 is a vulnerability in Apache Tomcat (a widely used Java servlet container/web-app server). The issue is a relative path traversal vulnerability which arose as a regression from a previous fix. POC Exploit code available
CVE-2025-41244 | Vmware
The vulnerability in question is CVE-2025-41244 (CVSS score: 7.8), which could be exploited by an attacker to attain root level privileges on a susceptible system. “Broadcom VMware Aria Operations and VMware Tools contain a privilege defined with unsafe actions vulnerability,” CISA said in an alert. “A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM.
CVE-2025-20354 | Unified CCX
Cisco has released security updates to address two critical vulnerabilities in Unified Contact Center Express (Unified CCX). CVE-2025-20354 – Unauthenticated Remote Code Execution (RCE) vulnerability – CVSSv3 score: 9.8 CVE-2025-20358 – Authentication Bypass (unauthenticated to administrative privileges) vulnerability – CVSSv3 score: 9.4
CVE-2025-61932 | Lanscope Endpoint Manager
Lanscope Endpoint Manager (On-Premises) (Client program (MR) and Detection agent (DA)) improperly verifies the origin of incoming requests, allowing an attacker to execute arbitrary code by sending specially crafted packets.
CVE-2025-48703 | CWP
CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1205 allows unauthenticated remote code execution via shell metacharacters in the t_total parameter in a filemanager changePerm request. A valid non-root username must be known.
CVE-2025-24893 | xwiki
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any guest can perform arbitrary remote code execution through a request to SolrSearch
CVE-2025-2747 | Kentico
CVE-2025-2747 (CVSS score: 9.8) – An authentication bypass using an alternate path or channel vulnerability in Kentico Xperience CMS that could allow an attacker to control administrative objects by taking advantage of the Staging Sync Server password handling for the server defined None type (Fixed in Kentico in March 2025)
CVE-2025-6204 | DELMIA
An Improper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to execute arbitrary code.
CVE-2025-62215 | Windows Kernel
CVE-2025-62215 (CVSS score: 7.0), a privilege escalation flaw in Windows Kernel. Concurrent execution using shared resource with improper synchronization (‘race condition’) in Windows Kernel allows an authorized attacker to elevate privileges locally, That said, successful exploitation hinges on an attacker who has already gained a foothold on a system to win a race condition. Once this criterion is satisfied, it could permit the attacker to obtain SYSTEM privileges.
CVE-2025-20352 | Cisco SNMP
Details of a new campaign that exploited a recently disclosed security flaw impacting Cisco IOS Software and IOS XE Software to deploy Linux rootkits on older, unprotected systems. The activity, involves the weaponization of CVE-2025-20352 (CVSS score: 7.7), a stack overflow vulnerability in the Simple Network Management Protocol (SNMP) subsystem that could allow an authenticated, remote attacker to execute arbitrary code by sending crafted SNMP packets to a susceptible device. The intrusions have not been attributed to any known threat actor or group.
CVE-2025-54253 | Adobe
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting Adobe Experience Manager to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability in question is CVE-2025-54253 (CVSS score: 10.0), a maximum-severity misconfiguration bug that could result in arbitrary code execution. According to Adobe, the shortcoming impacts Adobe Experience Manager (AEM) Forms on JEE versions 6.5.23.0 and earlier. It was addressed in version 6.5.0-0108 released early August 2025, alongside CVE-2025-54254 (CVSS score: 8.6). The flaw results from the dangerously exposed /adminui/debug servlet, which evaluates user-supplied OGNL expressions as Java code without requiring authentication or input validation,” security company FireCompass noted. “The endpoint’s misuse enables attackers to execute arbitrary system commands with a single crafted HTTP request.”
CVE-2025-62847 | QNAP
Security researchers have demonstrated a proof-of-concept exploit that chains CVE-2025-62847, CVE-2025-62848, and CVE-2025-62849 together to achieve remote code execution and full device takeover of QTS and QuTS hero devices. Network attached storage (NAS) devices and backup solutions are valuable targets for cyber criminals
CVE-2025-20358 | Unified CCX
Cisco has released security updates to address two critical vulnerabilities in Unified Contact Center Express (Unified CCX). CVE-2025-20354 – Unauthenticated Remote Code Execution (RCE) vulnerability – CVSSv3 score: 9.8 CVE-2025-20358 – Authentication Bypass (unauthenticated to administrative privileges) vulnerability – CVSSv3 score: 9.4
CVE-2025-11371 | Gladinet
