Threat Alerts

Real-time critical CVE alerts, security advisories, and vulnerability intelligence — curated by the Vulnios Threat Intelligence team.

38 Critical

12 High

50 Total Alerts

Follow on Telegram

Filter:

50 alerts

highCVE Alert

CVE-2012-1854

High Vulnerability: CVE-2012-1854 — microsoft — office, visual_basic_for_applications

Untrusted search path vulnerability in VBE6.dll in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Microsoft Visual Basic for Applications (VBA); and Summit Microsoft Visual Basic

microsoft· office, visual_basic_for_applications

actively_exploitedhigh

High Vulnerability: CVE-2020-9715 — adobe, apple — acrobat_dc, acrobat_reader_dc

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an use-after-free vulnerability. Successful exploitation c

adobe, apple· acrobat_dc, acrobat_reader_dc

actively_exploitedhigh

High Vulnerability: CVE-2023-21529 — microsoft — exchange_server

Microsoft Exchange Server Remote Code Execution Vulnerability

microsoft· exchange_server

actively_exploitedhighrce

High Vulnerability: CVE-2023-36424 — microsoft — windows_10_1507, windows_10_1607

Windows Common Log File System Driver Elevation of Privilege Vulnerability

microsoft· windows_10_1507, windows_10_1607

actively_exploitedhigh

High Vulnerability: CVE-2025-60710 — microsoft — windows_11_25h2

Improper link resolution before file access ('link following') in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally.

microsoft· windows_11_25h2

actively_exploitedhigh

High Vulnerability: CVE-2026-34621 — adobe, apple — acrobat_dc, acrobat_reader_dc

Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could res

adobe, apple· acrobat_dc, acrobat_reader_dc

actively_exploitedhigh

Critical Vulnerability: CVE-2026-40044

Pachno 1.0.6 contains a deserialization vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting malicious serialized objects into cache files. Attackers can write PH

Critical Vulnerability: CVE-2026-35022

Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in authentication helper execution where helper configuration values are executed using shell=true without

Critical Vulnerability: CVE-2026-39958

oma is a package manager for AOSC OS. Prior to 1.25.2, oma-topics is responsible for fetching metadata for testing repositories (topics) named "Topic Manifests" ({mirror}/debs/manifest/topics.json) fr

Critical Vulnerability: CVE-2026-5902 — google, apple — chrome, macos

Race in Media in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to corrupt media stream metadata via a crafted HTML page. (Chromium

google, apple· chrome, macos

Critical Vulnerability: CVE-2026-22562

A malicious actor with access to the UniFi Play network could exploit a Path Traversal vulnerability found in the device firmware to write files on the system that could be used for a remote code exec

Critical Vulnerability: CVE-2026-22563

A series of Improper Input Validation vulnerabilities could allow a Command Injection by a malicious actor with access to the UniFi Play network. Affected Products: UniFi Play PowerAmp (Version 1.0.

critical

Apr 14

Read analysis

Protect Your Organization

Monitor CVEs, scan for vulnerabilities, and get real-time threat alerts — all in one platform.

Get Started Free Free Security Scan OSINT Dashboard