DMZ//THREAT INTEL
FEED ACTIVELAST SYNC: 06:03:37ZSOURCES: 14CRITICAL: 15
⚠ ACTIVE ALERTS
SYLVANITE CRITICAL — SYLVANITE is a newly named Dragos-tracked threat group identified as a dedicated… /// @MsftSecIntel CRITICAL — We are tracking TeamPCP (UNC6780) activity following the GitHub internal repository… /// @GossiTheDog CRITICAL — The GitHub / TeamPCP breach is now being monetized on BreachForums. Listing is up — $95k… /// @struppigel CRITICAL — SUPPLY CHAIN ALERT: Laravel-Lang PHP packages backdoored May 22-23 via hijacked GitHub… /// @MalwareHunterTeam CRITICAL — Seeing fresh DebugElevator stealer log batches already appearing for sale on Exploit.in —…
15Critical Threats
8Active CVEs
0IOCs Tracked
0New Advisories
// CVE Tracker
SHOWING 23 OF 23
17CRITICAL
6HIGH
0MEDIUM
0LOW
11KEV LISTED
1NO PATCH
CVE IDVULNERABILITYVENDORCVSSSEVERITYPATCHEXPLOITPUBLISHED
CVE-2026-48172LiteSpeed cPanel Plugin Root Privilege EscalationLiteSpeed Technologies10CRITICALAVAILABLELIMITED2026-05-21
CVE-2026-20182KEVCisco Catalyst SD-WAN Controller Authentication Bypass (Zero-Day)Cisco10CRITICALAVAILABLELIMITED2026-05-14
CVE-2026-42826Azure DevOps Unauthenticated Information DisclosureMicrosoft10CRITICALAVAILABLENONE2026-05-07
CVE-2026-42898Microsoft Dynamics 365 On-Premises Authenticated Code Injection RCE (Scope Change)Microsoft9.9CRITICALAVAILABLENONE2026-05-12
CVE-2026-9082KEVDrupal Core PostgreSQL Unauthenticated SQL InjectionDrupal9.8CRITICALAVAILABLEPUBLIC2026-05-20
CVE-2026-41089Windows Netlogon Stack-Based Buffer Overflow Unauthenticated RCE (Domain Controller)Microsoft9.8CRITICALAVAILABLENONE2026-05-12
CVE-2026-41096Windows DNS Client Heap Buffer Overflow Unauthenticated RCEMicrosoft9.8CRITICALAVAILABLENONE2026-05-12
CVE-2026-42208KEVBerriAI LiteLLM Pre-Auth SQL Injection (AI Gateway Credential Theft)BerriAI9.8CRITICALAVAILABLEPUBLIC2026-05-08
CVE-2026-41940KEVcPanel & WHM Pre-Auth CRLF Injection Authentication Bypass (Zero-Day, Ransomware)WebPros9.8CRITICALAVAILABLEPUBLIC2026-04-28
CVE-2026-44112OpenClaw AI Agent TOCTOU Sandbox Write Escape ('Claw Chain')OpenClaw (BerriAI / OpenClaw Project)9.6CRITICALAVAILABLEPOC2026-05-15
CVE-2025-34291KEVLangflow AI Workflow Platform CORS/CSRF Token-Hijack RCE (KEV Added May 21)Langflow (DataStax)9.4CRITICALAVAILABLELIMITED2025-12-05
CVE-2026-40402Windows Hyper-V Guest-to-Host Use-After-Free Privilege EscalationMicrosoft9.3CRITICALAVAILABLENONE2026-05-12
CVE-2026-0300KEVPalo Alto PAN-OS Unauthenticated Root RCE via Captive Portal Buffer OverflowPalo Alto Networks9.3CRITICALPARTIALPUBLIC2026-05-05
CVE-2026-42945KEVNGINX Rift — ngx_http_rewrite_module Heap Buffer Overflow (RCE)F5 / NGINX9.2CRITICALAVAILABLEPUBLIC2026-05-13
CVE-2026-8992Ivanti Secure Access Client Improper Certificate Validation RCEIvanti9.1CRITICALAVAILABLENONE2026-05-22
CVE-2026-45158OPNsense DHCP Hostname Command Injection RCE as RootOPNsense9.1CRITICALAVAILABLEPOC2026-05-13
CVE-2026-41103Microsoft SSO Plugin for Jira & Confluence Privilege Escalation / Identity ForgeryMicrosoft9.1CRITICALAVAILABLENONE2026-05-12
CVE-2026-45584Microsoft Defender Malware Protection Engine Heap Buffer Overflow RCEMicrosoft8.1HIGHAVAILABLENONE2026-05-20
CVE-2026-42897Microsoft Exchange Server OWA XSS Spoofing Zero-Day (Unpatched)Microsoft8.1HIGHNO PATCHLIMITED2026-05-14
CVE-2026-41091KEVMicrosoft Defender Malware Protection Engine Link-Following LPE (RedSun)Microsoft7.8HIGHAVAILABLEPUBLIC2026-05-20
CVE-2026-31431KEVLinux Kernel 'Copy Fail' Local Privilege Escalation to Root (Cross-Distro, KEV)Linux7.8HIGHAVAILABLEPUBLIC2026-04-29
CVE-2026-34926KEVTrend Micro Apex One On-Premise Directory Traversal (KEV Added May 21)Trend Micro7.2HIGHAVAILABLELIMITED2026-05-21
CVE-2026-6973KEVIvanti EPMM Authenticated Admin RCE Exploited as Zero-Day (CISA KEV)Ivanti7.2HIGHAVAILABLELIMITED2026-05-07