The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count.

For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. Follow links with caution.

CVE-2026-24858

• Severity: 9.8 CRITICAL
• Impacted Products: Fortinet FortiOS, Fortinet FortiManager, Fortinet FortiAnalyzer, Fortinet FortiProxy
• Description: Fortinet FortiOS, FortiManager, FortiAnalyzer, and FortiProxy are affected by an authentication bypass vulnerability in the FortiCloud Single Sign-On (SSO) implementation. This flaw allows an attacker with a valid FortiCloud account to gain unauthorized administrative access to other registered devices.
• Remediation:
  • CVE-2026-24858
  • PSIRT | FortiGuard Labs
• More Info: NVD - CVE-2026-24858
• PoC:
  • https://github.com/b1gchoi/CVE-2026-24858
  • https://github.com/absholi7ly/CVE-2026-24858-FortiCloud-SSO-Authentication-Bypass
  • https://github.com/SimoesCTT/-CTT-NSP-Convergent-Time-Theory---Network-Stack-Projection-CVE-2026-24858-

CVE-2025-40554 NEW

• Severity: 9.8 CRITICAL
• Impacted Products: SolarWinds Web Help Desk, versions prior to 2026.1
• Description: SolarWinds Web Help Desk is affected by an authentication bypass vulnerability in versions prior to 2026.1. This flaw allows a remote, unauthenticated attacker to perform actions or invoke methods that are intended to be restricted to authenticated users.
• Remediation:
  • SolarWinds Web Help Desk Authentication Bypass Vulnerability
  • WHD 2026.1 release notes
  • SolarWinds Trust Center Security Advisories | CVE-2025-40554
• More Info: NVD - CVE-2025-40554
• PoC:
  • https://github.com/Skynoxk/CVE-2025-40554
  • https://github.com/imbas007/auth-bypass-CVE-2025-40554

CVE-2026-25142 NEW

• Severity: 10.0 CRITICAL
• Impacted Products: SandboxJS < 0.8.27
• Description: SandboxJS is a JavaScript sandboxing library. Prior to 0.8.27, SanboxJS does not properly restrict __lookupGetter__ which can be used to obtain prototypes, which can be used for escaping the sandbox / remote code execution. This vulnerability is fixed in 0.8.27.
• Remediation:
  • Prototype Pollution -> Sandbox Escape -> RCE · Advisory · nyariv/SandboxJS · GitHub
• More Info: NVD - CVE-2026-25142
• PoC:
  • https://github.com/advisories/GHSA-9p4w-fq8m-2hp7

CVE-2026-25130 NEW

• Severity: 9.6 CRITICAL
• Impacted Products: Cybersecurity AI (CAI) 0.5.10
• Description: Cybersecurity AI (CAI) is a framework for AI Security. In versions up to and including 0.5.10, the CAI (Cybersecurity AI) framework contains multiple argument injection vulnerabilities in its function tools. User-controlled input is passed directly to shell commands via subprocess.Popen() with shell=True, allowing attackers to execute arbitrary commands on the host system. The find\_file() tool executes without requiring user approval because find is considered a “safe” pre-approved com…
• Remediation: Follow vendor security advisories and apply the latest patches. Review affected systems and prioritize patching based on exploitability and business impact.
• More Info: NVD - CVE-2026-25130
• PoC:
  • https://github.com/mbanyamer/CVE-2026-25130-Cybersecurity-AI-CAI-Framework-0.5.10

CVE-2026-24841

• Severity: 9.9 CRITICAL
• Impacted Products: Dokploy < 0.26.6
• Description: Dokploy is a free, self-hostable Platform as a Service (PaaS). In versions prior to 0.26.6, a critical command injection vulnerability exists in Dokploy’s WebSocket endpoint /docker-container-terminal. The containerId and activeWay parameters are directly interpolated into shell commands without sanitization, allowing authenticated attackers to execute arbitrary commands on the host server. Version 0.26.6 fixes the issue.
• Remediation:
  • Authenticated Remote Code Execution via Command Injection in Docker Container Terminal WebSocket Endpoint · Advisory · Dokploy/dokploy · GitHub
• More Info: NVD - CVE-2026-24841
• PoC:
  • https://github.com/otakuliu/CVE-2026-24841_Range

CVE-2026-1056 NEW

• Severity: 9.8 CRITICAL
• Impacted Products: Snow Monkey Forms plugin for WordPress, 12.0.3
• Description: The Snow Monkey Forms plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the ‘generate_user_dirpath’ function in all versions up to, and including, 12.0.3. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
• Remediation: Follow vendor security advisories and apply the latest patches. Review affected systems and prioritize patching based on exploitability and business impact.
• More Info: NVD - CVE-2026-1056
• PoC:
  • https://github.com/ch4r0nn/CVE-2026-1056-POC

CVE-2025-51958 NEW

• Severity: 9.8 CRITICAL
• Impacted Products: aelsantex runcommand 2014-04-01, DokuWiki
• Description: aelsantex runcommand 2014-04-01, a plugin for DokuWiki, allows unauthenticated attackers to execute arbitrary system commands via lib/plugins/runcommand/postaction.php.
• Remediation: Follow vendor security advisories and apply the latest patches. Review affected systems and prioritize patching based on exploitability and business impact.
• More Info: NVD - CVE-2025-51958
• PoC:
  • https://gist.github.com/NtustLin/f64528002e4f61874045799127dc49a4

CVE-2025-15467 NEW

• Severity: 9.8 CRITICAL
• Impacted Products: OpenSSL
• Description: OpenSSL is affected by a stack-based buffer overflow vulnerability when parsing Cryptographic Message Syntax (CMS) structures, which can lead to a denial of service or arbitrary code execution. This issue occurs when the library processes maliciously crafted messages containing oversized Initialization Vectors (IV) in certain Authenticated Encryption with Associated Data (AEAD) cipher configurations.
• Remediation:
  • Stack buffer overflow in CMS AuthEnvelopedData parsing
  • OpenSSL Security Advisory [27th January 2026]
  • Stack buffer overflow in CMS AuthEnvelopedData parsing
• More Info: NVD - CVE-2025-15467
• PoC:
  • https://github.com/MAXI8594/CVE-2025-15467_Scan
  • https://github.com/mr-r3b00t/CVE-2025-15467
  • https://github.com/amnnrth/openssl-january-2026-cve-scanner

CVE-2025-10878 NEW

• Severity: 10.0 CRITICAL
• Impacted Products: Fikir Odalari AdminPando 1.0.1
• Description: A SQL injection vulnerability exists in the login functionality of Fikir Odalari AdminPando 1.0.1 before 2026-01-26. The username and password parameters are vulnerable to SQL injection, allowing unauthenticated attackers to bypass authentication completely. Successful exploitation grants full administrative access to the application, including the ability to manipulate the public-facing website content (HTML/DOM manipulation).
• Remediation: Follow vendor security advisories and apply the latest patches. Review affected systems and prioritize patching based on exploitability and business impact.
• More Info: NVD - CVE-2025-10878
• PoC:
  • https://github.com/onurcangnc/CVE-2025-10878-AdminPandov1.0.1-SQLi

CVE-2026-21509

• Severity: 7.8 HIGH
• Impacted Products: Microsoft Office, Microsoft 365
• Description: Microsoft Office is affected by a security feature bypass vulnerability due to a reliance on untrusted inputs in a security decision. This flaw allows an attacker to circumvent mitigations designed to protect users from vulnerable COM/OLE controls.
• Remediation:
  • Microsoft Office Security Feature Bypass Vulnerability
  • CVE-2026-21509 - Security Update Guide - Microsoft - Microsoft Office Security Feature Bypass Vulnerability
• More Info: NVD - CVE-2026-21509
• PoC:
  • https://github.com/ksk-itdk/KSK-ITDK-CVE-2026-21509-Mitigation
  • https://github.com/nicole2ilodl/CVE-2026-21509-PoC
  • https://github.com/Ashwesker/Ashwesker-CVE-2026-21509

CVE-2025-8088

• Severity: 8.8 HIGH
• Impacted Products: WinRAR > 7.13
• Description: A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files.
• Remediation: Follow developer advice.
• More Info: NVD - CVE-2025-8088
• PoC: https://github.com/onlytoxi/CVE-2025-8088-Winrar-Tool

CVE-2025-11953

• Severity: 9.8 CRITICAL
• Impacted Products: Metro Development Server
• Description: The Metro Development Server, which is opened by the React Native Community CLI, binds to external interfaces by default. The server exposes an endpoint that is vulnerable to OS command injection. This allows unauthenticated network attackers to send a POST request to the server and run arbitrary executables. On Windows, the attackers can also execute arbitrary shell commands with fully controlled arguments.
• Remediation: Follow vendor security advisories and apply the latest patches. Review affected systems and prioritize patching based on exploitability and business impact.
• More Info: NVD - CVE-2025-11953
• PoC:
  • https://github.com/B1ack4sh/Blackash-CVE-2025-11953/blob/main/README.md
  • https://github.com/SaidBenaissa/cve-2025-11953-vulnerability-demo

References

This list was scraped from the quite amazing and highly recommended newsletters below:

• ~this week in security~
• Unsupervised Learning
• @RISK
• Hive Five
• Vulnerable U
• tl;dr sec

Thanks for reading! For corrections, omissions (e.g. newsletter recs) feel free to get in touch.