The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count.

For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. Follow links with caution.

CVE-2026-21509 NEW

• Severity: 7.8 HIGH
• Impacted Products: Microsoft Office, Microsoft 365
• Description: Microsoft Office is affected by a security feature bypass vulnerability due to a reliance on untrusted inputs in a security decision. This flaw allows an attacker to circumvent mitigations designed to protect users from vulnerable COM/OLE controls.
• Remediation:
  • Microsoft Office Security Feature Bypass Vulnerability
  • CVE-2026-21509 - Security Update Guide - Microsoft - Microsoft Office Security Feature Bypass Vulnerability
• More Info: NVD - CVE-2026-21509
• PoC:
  • https://github.com/ksk-itdk/KSK-ITDK-CVE-2026-21509-Mitigation
  • https://github.com/nicole2ilodl/CVE-2026-21509-PoC
  • https://github.com/Ashwesker/Ashwesker-CVE-2026-21509

CVE-2026-24858 NEW

• Severity: 9.8 CRITICAL
• Impacted Products: Fortinet FortiOS, Fortinet FortiManager, Fortinet FortiAnalyzer, Fortinet FortiProxy
• Description: Fortinet FortiOS, FortiManager, FortiAnalyzer, and FortiProxy are affected by an authentication bypass vulnerability in the FortiCloud Single Sign-On (SSO) implementation. This flaw allows an attacker with a valid FortiCloud account to gain unauthorized administrative access to other registered devices.
• Remediation:
  • CVE-2026-24858
  • PSIRT | FortiGuard Labs
• More Info: NVD - CVE-2026-24858
• PoC:
  • https://github.com/b1gchoi/CVE-2026-24858
  • https://github.com/absholi7ly/CVE-2026-24858-FortiCloud-SSO-Authentication-Bypass
  • https://github.com/SimoesCTT/-CTT-NSP-Convergent-Time-Theory---Network-Stack-Projection-CVE-2026-24858-

CVE-2026-24061

• Severity: 9.8 CRITICAL
• Impacted Products: GNU Inetutils 1.9.3 through 2.7
• Description: GNU Inetutils telnetd is affected by an argument injection vulnerability that allows remote, unauthenticated attackers to bypass authentication and gain root access. This flaw occurs because the daemon fails to sanitize the USER environment variable before passing it to the system’s login utility.
• Remediation:
  • oss-sec: GNU InetUtils Security Advisory: remote authentication by-pass in telnetd
  • oss-security - GNU InetUtils Security Advisory: remote authentication by-pass in telnetd
  • oss-security - GNU InetUtils Security Advisory: remote authentication by-pass in telnetd
• More Info: NVD - CVE-2026-24061
• PoC:
  • https://github.com/duy-31/CVE-2026-24061---telnetd
  • https://github.com/Mr-Zapi/CVE-2026-24061
  • https://github.com/z3n70/CVE-2026-24061

CVE-2026-23760

• Severity: Unknown
• Impacted Products: SmarterTools SmarterMail versions prior to build 9511
• Description: SmarterTools SmarterMail is affected by an authentication bypass vulnerability in its password reset API that allows unauthenticated attackers to take over system administrator accounts. This compromise can be further leveraged to achieve remote code execution with SYSTEM-level privileges on the underlying host.
• Remediation: Follow vendor security advisories and apply the latest patches. Review affected systems and prioritize patching based on exploitability and business impact.
• More Info: NVD - CVE-2026-23760
• PoC:
  • https://github.com/MaxMnMl/smartermail-CVE-2026-23760-poc

CVE-2026-20045

• Severity: 9.8 CRITICAL
• Impacted Products: Unified Communications Manager, Unified CM Session Management Edition, Unified CM IM & Presence Service, Cisco Unity Connection, Cisco Webex Calling Dedicated Instance
• Description: Cisco Unified Communications products are affected by a code injection vulnerability in their web-based management interface that allows for remote command execution. This issue stems from improper validation of user-supplied input within HTTP requests.
• Remediation:
  • Cisco Unified Communications Products Remote Code Execution Vulnerability
  • Cisco Unified Communications Products Remote Code Execution Vulnerability
• More Info: NVD - CVE-2026-20045
• PoC:
  • https://github.com/Ashwesker/Ashwesker-CVE-2026-20045

CVE-2026-24841 NEW

• Severity: 9.9 CRITICAL
• Impacted Products: Dokploy < 0.26.6
• Description: Dokploy is a free, self-hostable Platform as a Service (PaaS). In versions prior to 0.26.6, a critical command injection vulnerability exists in Dokploy’s WebSocket endpoint /docker-container-terminal. The containerId and activeWay parameters are directly interpolated into shell commands without sanitization, allowing authenticated attackers to execute arbitrary commands on the host server. Version 0.26.6 fixes the issue.
• Remediation:
  • Authenticated Remote Code Execution via Command Injection in Docker Container Terminal WebSocket Endpoint · Advisory · Dokploy/dokploy · GitHub
• More Info: NVD - CVE-2026-24841
• PoC:
  • https://github.com/otakuliu/CVE-2026-24841_Range

CVE-2026-22844

• Severity: 9.9 CRITICAL
• Impacted Products: Zoom Node Multimedia Routers (MMRs) before version 5.2.1716.0
• Description: A Command Injection vulnerability in Zoom Node Multimedia Routers (MMRs) before version 5.2.1716.0 may allow a meeting participant to conduct remote code execution of the MMR via network access.
• Remediation:
  • ZSB-26001 | Zoom
• More Info: NVD - CVE-2026-22844
• PoC:
  • https://github.com/Ashwesker/Ashwesker-CVE-2026-22844

CVE-2026-0920 NEW

• Severity: 9.8 CRITICAL
• Impacted Products: LA-Studio Element Kit for Elementor, 1.5.6.3
• Description: The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to unauthorized administrative user creation in versions up to and including 1.5.6.3. Unauthenticated attackers can exploit this flaw to register new accounts with full administrator privileges.
• Remediation: Follow vendor security advisories and apply the latest patches. Review affected systems and prioritize patching based on exploitability and business impact.
• More Info: NVD - CVE-2026-0920
• PoC:
  • https://github.com/O99099O/By-Poloss..-..CVE-2026-0920
  • https://github.com/John-doe-code-a11/CVE-2026-0920
  • https://github.com/Galaxy-sc/CVE-2026-0920-WordPress-LA-Studio-Exploit

CVE-2025-59718

• Severity: 9.8 CRITICAL
• Impacted Products: Fortinet FortiOS, Fortinet FortiProxy, Fortinet FortiSwitchManager
• Description: Fortinet FortiOS, FortiProxy, and FortiSwitchManager contain an improper verification of cryptographic signature vulnerability that allows an unauthenticated attacker to bypass FortiCloud SSO login authentication. This flaw can be exploited by sending a specially crafted SAML response message.
• Remediation: Follow vendor security advisories and apply the latest patches. Review affected systems and prioritize patching based on exploitability and business impact.
• More Info: NVD - CVE-2025-59718
• PoC:
  • https://github.com/Ashwesker/Blackash-CVE-2025-59718
  • https://github.com/exfil0/CVE-2025-59718-PoC

CVE-2025-56005 NEW

• Severity: 9.8 CRITICAL
• Impacted Products: PLY 3.11
• Description: The PLY (Python Lex-Yacc) library is affected by a deserialization vulnerability in the yacc() function that allows for remote code execution. This issue stems from the use of an undocumented parameter that processes untrusted serialized data.
• Remediation: Follow vendor security advisories and apply the latest patches. Review affected systems and prioritize patching based on exploitability and business impact.
• More Info: NVD - CVE-2025-56005
• PoC:
  • https://github.com/bohmiiidd/Undocumument_RCE_PLY-yacc-CVE-2025-56005

CVE-2024-37081 NEW

• Severity: 7.8 HIGH
• Impacted Products: Broadcom VMware vCenter Server
• Description: Broadcom VMware vCenter Server could allow a local authenticated attacker to gain elevated privileges on the system, caused by misconfiguration of sudo. An attacker could exploit this vulnerability to elevate privileges to root on vCenter Server Appliance.
• Remediation:
  • Security Update for Dell PowerFlex Appliance Multiple Third-Party Component Vulnerabilities
  • Security Update for Dell PowerFlex Appliance Multiple Third-Party Component Vulnerabilities
  • Security Update for Dell VxRail 8.0.213 Multiple Third-Party Component Vulnerabilities
• More Info: NVD - CVE-2024-37081
• PoC:
  • https://github.com/CERTologists/Modified-CVE-2024-37081-POC
  • https://github.com/mbadanoiu/CVE-2024-37081
  • https://github.com/Mr-r00t11/CVE-2024-37081/blob/main/poc.py

CVE-2021-47900 NEW

• Severity: 9.8 CRITICAL
• Impacted Products: Gila CMS versions prior to 2.0.0
• Description: Gila CMS versions prior to 2.0.0 contain a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands through manipulated HTTP headers. Attackers can inject PHP code in the User-Agent header with shell_exec() to run system commands by sending crafted requests to the admin endpoint.
• Remediation: Follow vendor security advisories and apply the latest patches. Review affected systems and prioritize patching based on exploitability and business impact.
• More Info: NVD - CVE-2021-47900
• PoC:
  • https://www.exploit-db.com/exploits/49412

CVE-2021-47891 NEW

• Severity: 9.8 CRITICAL
• Impacted Products: Unified Remote 3.9.0.2463
• Description: Unified Remote 3.9.0.2463 contains a remote code execution vulnerability that allows attackers to send crafted network packets to execute arbitrary commands. Attackers can exploit the service by connecting to port 9512 and sending specially crafted packets to open a command prompt and download and execute malicious payloads.
• Remediation: Follow vendor security advisories and apply the latest patches. Review affected systems and prioritize patching based on exploitability and business impact.
• More Info: NVD - CVE-2021-47891
• PoC:
  • https://www.exploit-db.com/exploits/49587

CVE-2021-47748 NEW

• Severity: 9.8 CRITICAL
• Impacted Products: Hasura GraphQL 1.3.3
• Description: Hasura GraphQL 1.3.3 contains a remote code execution vulnerability that allows attackers to execute arbitrary shell commands through SQL query manipulation. Attackers can inject commands into the run_sql endpoint by crafting malicious GraphQL queries that execute system commands through PostgreSQL’s COPY FROM PROGRAM functionality.
• Remediation: Follow vendor security advisories and apply the latest patches. Review affected systems and prioritize patching based on exploitability and business impact.
• More Info: NVD - CVE-2021-47748
• PoC:
  • https://www.exploit-db.com/exploits/49802

CVE-2020-36948 NEW

• Severity: 8.8 HIGH
• Impacted Products: VestaCP 0.9.8-26
• Description: VestaCP 0.9.8-26 contains a session token vulnerability in the LoginAs module that allows remote attackers to manipulate authentication tokens. Attackers can exploit insufficient token validation to access user accounts and perform unauthorized login requests without proper administrative permissions.
• Remediation: Follow vendor security advisories and apply the latest patches. Review affected systems and prioritize patching based on exploitability and business impact.
• More Info: NVD - CVE-2020-36948
• PoC:
  • https://www.exploit-db.com/exploits/49219

CVE-2025-12420

• Severity: Unknown
• Impacted Products: ServiceNow AI Platform, Now Assist AI Agents, Virtual Agent API
• Description: ServiceNow AI Platform is affected by an improper authentication vulnerability that allows an unauthenticated remote attacker to impersonate other users. This flaw enables the attacker to perform actions with the permissions of the impersonated account.
• Remediation:
  • Unauthenticated Privilege Escalation in ServiceNow AI Platform
  • Unauthenticated Privilege Escalation in ServiceNow AI Platform
  • [Security Advisory] CVE-2025-12420 - Privilege Escalation in ServiceNow AI Platform - Security - Now Support Portal
• More Info: NVD - CVE-2025-12420
• PoC:
  • https://appomni.com/ao-labs/bodysnatcher-agentic-ai-security-vulnerability-in-servicenow

References

This list was scraped from the quite amazing and highly recommended newsletters below:

• ~this week in security~
• Unsupervised Learning
• @RISK
• Hive Five
• Vulnerable U
• tl;dr sec

Thanks for reading! For corrections, omissions (e.g. newsletter recs) feel free to get in touch.