Security Vulnerabilities - Known exploited
CVE-2026-20700
A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An attacker with memory write capability may be able to execute arbitrary code. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 and CVE-2025-43529 were also issued in response to this report.
Known exploited
CVSS Score
7.8
EPSS Score
0.0
Published
2026-02-11
CVE-2026-21533
Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.
Known exploited
CVSS Score
7.8
EPSS Score
0.024
Published
2026-02-10
CVE-2026-21519
Access of resource using incompatible type ('type confusion') in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
Known exploited
CVSS Score
7.8
EPSS Score
0.041
Published
2026-02-10
CVE-2026-21525
Null pointer dereference in Windows Remote Access Connection Manager allows an unauthorized attacker to deny service locally.
Known exploited
CVSS Score
6.2
EPSS Score
0.03
Published
2026-02-10
CVE-2026-21510
Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.
Known exploited
CVSS Score
8.8
EPSS Score
0.058
Published
2026-02-10
CVE-2026-21513
Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network.
Known exploited
CVSS Score
8.8
EPSS Score
0.048
Published
2026-02-10
CVE-2026-21514
Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized attacker to bypass a security feature locally.
Known exploited
CVSS Score
7.8
EPSS Score
0.037
Published
2026-02-10
CVE-2026-1281
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.
Known exploited
CVSS Score
9.8
EPSS Score
0.164
Published
2026-01-29
CVE-2025-40551
SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication.
Known exploited
CVSS Score
9.8
EPSS Score
0.55
Published
2026-01-28
CVE-2025-40536
SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that if exploited, could allow an unauthenticated attacker to gain access to certain restricted functionality.
Known exploited
CVSS Score
8.1
EPSS Score
0.278
Published
2026-01-28
Page 1