The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count.

For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. Follow links with caution.

CVE-2026-20805 NEW

• Severity: 5.5 MEDIUM
• Impacted Products: Microsoft Windows Desktop Window Manager
• Description: Microsoft Windows Desktop Window Manager (DWM) is affected by an information disclosure vulnerability that allows for the exposure of sensitive system data. This flaw enables a local attacker to gain unauthorized access to memory addresses associated with system processes.
• Remediation:
  • Desktop Window Manager Information Disclosure Vulnerability
  • Microsoft KB 5073450
  • Microsoft KB 5073455
• More Info: NVD - CVE-2026-20805
• PoC:
  • https://github.com/Uzair-Baig0900/CVE-2026-20805-PoC

CVE-2026-23744 NEW

• Severity: 9.8 CRITICAL
• Impacted Products: MCPJam inspector 1.4.2 and earlier
• Description: MCPJam inspector is the local-first development platform for MCP servers. Versions 1.4.2 and earlier are vulnerable to remote code execution (RCE) vulnerability, which allows an attacker to send a crafted HTTP request that triggers the installation of an MCP server, leading to RCE. Since MCPJam inspector by default listens on 0.0.0.0 instead of 127.0.0.1, an attacker can trigger the RCE remotely via a simple HTTP request. Version 1.4.3 contains a patch.
• Remediation: Follow vendor security advisories and apply the latest patches. Review affected systems and prioritize patching based on exploitability and business impact.
• More Info: NVD - CVE-2026-23744
• PoC:
  • https://github.com/boroeurnprach/CVE-2026-23744-PoC/blob/main/exploit.py

CVE-2026-23550 NEW

• Severity: 10.0 CRITICAL
• Impacted Products: Modular DS, versions up to and including 2.5.1
• Description: Modular DS, a WordPress plugin, is affected by an incorrect privilege assignment vulnerability in versions up to and including 2.5.1. This flaw allows an unauthenticated attacker to bypass authentication mechanisms and escalate privileges to an administrative level.
• Remediation:
  • Modular DS Security Release: Modular Connector 2.5.2 | Modular Academy
• More Info: NVD - CVE-2026-23550
• PoC:
  • https://github.com/TheTorjanCaptain/CVE-2026-23550-PoC
  • https://github.com/cyberdudebivash/CYBERDUDEBIVASH-Modular-DS-CVE-2026-23550-Detector

CVE-2026-22844 NEW

• Severity: 9.9 CRITICAL
• Impacted Products: Zoom Node Multimedia Routers (MMRs) before version 5.2.1716.0
• Description: A Command Injection vulnerability in Zoom Node Multimedia Routers (MMRs) before version 5.2.1716.0 may allow a meeting participant to conduct remote code execution of the MMR via network access.
• Remediation:
  • ZSB-26001 | Zoom
• More Info: NVD - CVE-2026-22844
• PoC:
  • https://github.com/Ashwesker/Ashwesker-CVE-2026-22844

CVE-2026-22686

• Severity: 10.0 CRITICAL
• Impacted Products: enclave-vm
• Description: The enclave-vm library is affected by a sandbox escape vulnerability that allows untrusted JavaScript code to execute arbitrary commands within the host Node.js runtime. This flaw stems from the improper exposure of host-realm Error objects to the sandboxed environment during failed tool invocations.
• Remediation:
  • Sandbox Escape via Host Error Prototype Chain in enclave-vm
  • Sandbox Escape via Host Error Prototype Chain in enclave-vm · Advisory · agentfront/enclave · GitHub
• More Info: NVD - CVE-2026-22686
• PoC:
  • https://github.com/amusedx/CVE-2026-22686

CVE-2025-64155

• Severity: 10.0 CRITICAL
• Impacted Products: Fortinet FortiSIEM
• Description: Fortinet FortiSIEM is affected by an OS command injection vulnerability in the phMonitor service that allows for unauthenticated remote code execution. This flaw enables an attacker to execute arbitrary commands or write files to the system via crafted TCP requests.
• Remediation:
  • Cybersecurity and Infrastructure Security Agency (CISA)
  • PSIRT | FortiGuard Labs
• More Info: NVD - CVE-2025-64155
• PoC:
  • https://github.com/cyberdudebivash/CYBERDUDEBIVASH-FortiSIEM-CVE-2025-64155-Scanner
  • https://github.com/purehate/CVE-2025-64155-hunter
  • https://github.com/horizon3ai/CVE-2025-64155

CVE-2025-60021 NEW

• Severity: 9.8 CRITICAL
• Impacted Products: Apache bRPC < 1.15.0
• Description: Apache bRPC is affected by a remote command injection vulnerability in its built-in heap profiler service. An attacker can exploit this flaw to execute arbitrary operating system commands by supplying malicious input to the extra_options parameter.
• Remediation:
  • oss-security - CVE-2025-60021: Apache bRPC: Remote command injection vulnerability in heap builtin service
  • oss-sec: CVE-2025-60021: Apache bRPC: Remote command injection vulnerability in heap builtin service
  • CVE-2025-60021: Apache bRPC: Remote command injection vulnerability in heap builtin service-Apache Mail Archives
• More Info: NVD - CVE-2025-60021
• PoC:
  • https://github.com/Ashwesker/Ashwesker-CVE-2025-60021

CVE-2025-12420 NEW

• Severity: 9.3 CRITICAL
• Impacted Products: ServiceNow AI Platform, Now Assist AI Agents, Virtual Agent API
• Description: ServiceNow AI Platform is affected by an improper authentication vulnerability that allows an unauthenticated remote attacker to impersonate other users. This flaw enables the attacker to perform actions with the permissions of the impersonated account.
• Remediation:
  • Unauthenticated Privilege Escalation in ServiceNow AI Platform
  • Unauthenticated Privilege Escalation in ServiceNow AI Platform
  • [Security Advisory] CVE-2025-12420 - Privilege Escalation in ServiceNow AI Platform - Security - Now Support Portal
• More Info: NVD - CVE-2025-12420
• PoC:
  • https://appomni.com/ao-labs/bodysnatcher-agentic-ai-security-vulnerability-in-servicenow

CVE-2023-54335

• Severity: 9.8 CRITICAL
• Impacted Products: eXtplorer 2.1.14
• Description: eXtplorer 2.1.14 contains an authentication bypass vulnerability that allows attackers to login without a password by manipulating the login request. Attackers can exploit this flaw to upload malicious PHP files and execute remote commands on the vulnerable file management system.
• Remediation: Follow vendor security advisories and apply the latest patches. Review affected systems and prioritize patching based on exploitability and business impact.
• More Info: NVD - CVE-2023-54335
• PoC:
  • https://www.exploit-db.com/exploits/51067

CVE-2022-50919

• Severity: 9.8 CRITICAL
• Impacted Products: Tdarr 2.00.15
• Description: Tdarr 2.00.15 contains an unauthenticated remote code execution vulnerability in its Help terminal that allows attackers to inject and chain arbitrary commands. Attackers can exploit the lack of input filtering by chaining commands like --help; curl .py | python to execute remote code without authentication.
• Remediation: Follow vendor security advisories and apply the latest patches. Review affected systems and prioritize patching based on exploitability and business impact.
• More Info: NVD - CVE-2022-50919
• PoC:
  • https://www.exploit-db.com/exploits/50822

CVE-2021-47796 NEW

• Severity: 9.8 CRITICAL
• Impacted Products: Denver SHC-150 Smart Wifi Camera
• Description: Denver SHC-150 Smart Wifi Camera contains a hardcoded telnet credential vulnerability that allows unauthenticated attackers to access a Linux shell. Attackers can connect to port 23 using the default credential to execute arbitrary commands on the camera’s operating system.
• Remediation: Follow vendor security advisories and apply the latest patches. Review affected systems and prioritize patching based on exploitability and business impact.
• More Info: NVD - CVE-2021-47796
• PoC:
  • https://www.exploit-db.com/exploits/50160

CVE-2020-36911

• Severity: 9.8 CRITICAL
• Impacted Products: Covenant 0.1.3 - 0.5
• Description: Covenant 0.1.3 - 0.5 contains a remote code execution vulnerability that allows attackers to craft malicious JWT tokens with administrative privileges. Attackers can generate forged tokens with admin roles and upload custom DLL payloads to execute arbitrary commands on the target system.
• Remediation: Follow vendor security advisories and apply the latest patches. Review affected systems and prioritize patching based on exploitability and business impact.
• More Info: NVD - CVE-2020-36911
• PoC:
  • https://www.exploit-db.com/exploits/51141

CVE-2026-24061 NEW

• Severity: 9.8 CRITICAL
• Impacted Products: GNU Inetutils 1.9.3 through 2.7
• Description: GNU Inetutils telnetd is affected by an argument injection vulnerability that allows remote, unauthenticated attackers to bypass authentication and gain root access. This flaw occurs because the daemon fails to sanitize the USER environment variable before passing it to the system’s login utility.
• Remediation:
  • oss-sec: GNU InetUtils Security Advisory: remote authentication by-pass in telnetd
  • oss-security - GNU InetUtils Security Advisory: remote authentication by-pass in telnetd
  • oss-security - GNU InetUtils Security Advisory: remote authentication by-pass in telnetd
• More Info: NVD - CVE-2026-24061
• PoC:
  • https://github.com/duy-31/CVE-2026-24061---telnetd
  • https://github.com/Mr-Zapi/CVE-2026-24061
  • https://github.com/z3n70/CVE-2026-24061

CVE-2026-23760 NEW

• Severity: 9.3 CRITICAL
• Impacted Products: SmarterTools SmarterMail versions prior to build 9511
• Description: SmarterTools SmarterMail is affected by an authentication bypass vulnerability in its password reset API that allows unauthenticated attackers to take over system administrator accounts. This compromise can be further leveraged to achieve remote code execution with SYSTEM-level privileges on the underlying host.
• Remediation: Follow vendor security advisories and apply the latest patches. Review affected systems and prioritize patching based on exploitability and business impact.
• More Info: NVD - CVE-2026-23760
• PoC:
  • https://github.com/MaxMnMl/smartermail-CVE-2026-23760-poc

CVE-2026-20045 NEW

• Severity: 9.8 CRITICAL
• Impacted Products: Unified Communications Manager, Unified CM Session Management Edition, Unified CM IM & Presence Service, Cisco Unity Connection, Cisco Webex Calling Dedicated Instance
• Description: Cisco Unified Communications products are affected by a code injection vulnerability in their web-based management interface that allows for remote command execution. This issue stems from improper validation of user-supplied input within HTTP requests.
• Remediation:
  • Cisco Unified Communications Products Remote Code Execution Vulnerability
  • Cisco Unified Communications Products Remote Code Execution Vulnerability
• More Info: NVD - CVE-2026-20045
• PoC:
  • https://github.com/Ashwesker/Ashwesker-CVE-2026-20045

CVE-2025-61922 NEW

• Severity: 9.1 CRITICAL
• Impacted Products: PrestaShop Checkout 1.3.0, PrestaShop Checkout 4.4.1, PrestaShop Checkout 5.0.5
• Description: PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. Starting in version 1.3.0 and prior to versions 4.4.1 and 5.0.5, missing validation on the Express Checkout feature allows silent login, enabling account takeover via email. The vulnerability is fixed in versions 4.4.1 and 5.0.5. No known workarounds exist.
• Remediation:
  • Customer account takeover via email · Advisory · PrestaShopCorp/ps_checkout · GitHub
• More Info: NVD - CVE-2025-61922
• PoC:
  • https://github.com/g0vguy/CVE-2025-61922-PoC

CVE-2025-59718

• Severity: 9.8 CRITICAL
• Impacted Products: Fortinet FortiOS, Fortinet FortiProxy, Fortinet FortiSwitchManager
• Description: Fortinet FortiOS, FortiProxy, and FortiSwitchManager contain an improper verification of cryptographic signature vulnerability that allows an unauthenticated attacker to bypass FortiCloud SSO login authentication. This flaw can be exploited by sending a specially crafted SAML response message.
• Remediation: Follow vendor security advisories and apply the latest patches. Review affected systems and prioritize patching based on exploitability and business impact.
• More Info: NVD - CVE-2025-59718
• PoC:
  • https://github.com/Ashwesker/Blackash-CVE-2025-59718
  • https://github.com/exfil0/CVE-2025-59718-PoC

CVE-2025-14502 NEW

• Severity: 9.8 CRITICAL
• Impacted Products: News and Blog Designer Bundle plugin for WordPress, 1.1
• Description: The News and Blog Designer Bundle plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1 via the template parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where .php file types can be uploaded and included.
• Remediation: Follow vendor security advisories and apply the latest patches. Review affected systems and prioritize patching based on exploitability and business impact.
• More Info: NVD - CVE-2025-14502
• PoC:
  • https://github.com/Kai-One001/WordPress-News-and-Blog-Designer-Bundle-CVE-2025-14502

References

This list was scraped from the quite amazing and highly recommended newsletters below:

• ~this week in security~
• Unsupervised Learning
• @RISK
• Hive Five
• Vulnerable U
• tl;dr sec

Thanks for reading! For corrections, omissions (e.g. newsletter recs) feel free to get in touch.