Security Vulnerabilities - Known exploited
CVE-2026-21510
Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.
Known exploited
CVSS Score
8.8
EPSS Score
0.035
Published
2026-02-10
CVE-2026-21513
Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network.
Known exploited
CVSS Score
8.8
EPSS Score
0.28
Published
2026-02-10
CVE-2026-21514
Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized attacker to bypass a security feature locally.
Known exploited
CVSS Score
7.8
EPSS Score
0.042
Published
2026-02-10
CVE-2026-1603
An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthenticated attacker to leak specific stored credential data.
Known exploited
CVSS Score
8.6
EPSS Score
0.548
Published
2026-02-10
CVE-2026-1731
BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user.
Known exploited
CVSS Score
9.9
EPSS Score
0.796
Published
2026-02-06
CVE-2026-21643
An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.
Known exploited
CVSS Score
9.8
EPSS Score
0.137
Published
2026-02-06
CVE-2025-15556
Notepad++ versions prior to 8.8.9, when using the WinGUp updater, contain an update integrity verification vulnerability where downloaded update metadata and installers are not cryptographically verified. An attacker able to intercept or redirect update traffic can cause the updater to download and execute an attacker-controlled installer, resulting in arbitrary code execution with the privileges of the user.
Known exploited
CVSS Score
7.7
EPSS Score
0.061
Published
2026-02-03
CVE-2026-1281
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.
Known exploited
CVSS Score
9.8
EPSS Score
0.718
Published
2026-01-29
CVE-2026-1340
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.
Known exploited
CVSS Score
9.8
EPSS Score
0.678
Published
2026-01-29
CVE-2025-40551
SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication.
Known exploited
CVSS Score
9.8
EPSS Score
0.899
Published
2026-01-28