The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count.

For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. I don’t vouch for any links in this list: follow them with caution.

CVE-2026-21533

• Severity: 7.8 HIGH
• Impacted Products: Microsoft Windows Remote Desktop Services
• Description: Microsoft Windows Remote Desktop Services is affected by an improper privilege management vulnerability that allows for local privilege escalation. This flaw enables an authenticated user to gain higher-level permissions than intended on the host system.
• Remediation:
  • Windows Remote Desktop Services Elevation of Privilege Vulnerability
  • Microsoft KB 5075897
  • Microsoft KB 5075899
• More Info: NVD - CVE-2026-21533
• PoC:
  • https://github.com/elvin31thai/CVE-2026-21533
  • https://github.com/jenniferreire26/CVE-2026-21533

CVE-2026-21510

• Severity: 8.8 HIGH
• Impacted Products: Windows Shell
• Description: Windows Shell is affected by a protection mechanism failure that allows a remote attacker to bypass security features. This vulnerability occurs when a user is induced to open a malicious link or shortcut file.
• Remediation:
  • Windows Shell Security Feature Bypass Vulnerability
  • Microsoft KB 5075897
  • Microsoft KB 5075899
• More Info: NVD - CVE-2026-21510
• PoC:
  • https://github.com/andreassudo/CVE-2026-21510-CVSS-8.8-Important-Windows-Shell-security-feature-bypass

CVE-2017-11882

• Severity: 7.8 HIGH
• Impacted Products: Microsoft Office
• Description: Microsoft Office is a suite of productivity tools, applications and services. A vulnerability exists within the Microsoft Equation Editor when parsing certain files in Office where the software does not properly handle objects in memory, leading to memory corruption.
• Remediation:
  • CVE-2017-11882 | Microsoft Office Memory Corruption Vulnerability
  • https://0patch.blogspot.com/2017/11/official-patch-for-cve-2017-11882-meets.html
• More Info: NVD - CVE-2017-11882
• PoC:
  • https://github.com/Sunqiz/CVE-2017-11882-reproduction
  • https://github.com/lisinan988/CVE-2017-11882-exp
  • https://github.com/kautilyagupt/CVE-2024-26169-Detail-1

CVE-2026-2441 NEW

• Severity: 8.8 HIGH
• Impacted Products: Google Chrome
• Description: Google Chrome is affected by a use-after-free vulnerability in its CSS component. A remote attacker can exploit this flaw by convincing a user to visit a specially crafted HTML page, potentially leading to arbitrary code execution.
• Remediation:
  • VuXML: chromium – security fix
  • Chrome Releases: Extended Stable Updates for Desktop
  • Chrome Releases: Stable Channel Update for Desktop
• More Info: NVD - CVE-2026-2441
• PoC:
  • https://github.com/huseyinstif/CVE-2026-2441-PoC
  • https://github.com/washingtonmaister/CVE-2026-2441
  • https://github.com/b1gchoi/CVE-2026-2441_POC

CVE-2026-21531

• Severity: 9.8 CRITICAL
• Impacted Products: Azure SDK for Python, Azure AI Language Conversations Authoring SDK
• Description: The Azure SDK for Python, specifically the Azure AI Language Conversations Authoring SDK, is affected by a remote code execution vulnerability due to the unsafe deserialization of untrusted data. An unauthenticated attacker can exploit this flaw by providing a maliciously crafted continuation token to the SDK.
• Remediation:
  • Azure SDK for Python Remote Code Execution Vulnerability
• More Info: NVD - CVE-2026-21531
• PoC:
  • https://github.com/NetVanguard-cmd/CVE-2026-21531

CVE-2026-26190 NEW

• Severity: 9.8 CRITICAL
• Impacted Products: Milvus
• Description: Milvus exposes TCP port 9091 by default with two critical authentication bypass vulnerabilities: 1. The /expr debug endpoint uses a weak, predictable default authentication token derived from etcd.rootPath (default: by-dev), enabling arbitrary expression evaluation. 2. The full REST API (/api/v1/*) is registered on the metrics/management port without any authentication, allowing unauthenticated access to all business operations including data manipulation and credential management.
• Remediation:
  • Unauthenticated Access to Restful API on Metrics Port (9091) Leads to Critical System Compromise
  • Milvus Allows Unauthenticated Access to Restful API on Metrics Port (9091) Leads to Critical System Compromise
  • https://github.com/milvus-io/milvus/commit/92b74dd2e286006a83b4a5f07951027b32e718a9
• More Info: NVD - CVE-2026-26190
• PoC:
  • https://github.com/advisories/GHSA-7ppg-37fh-vcr6

CVE-2026-26021 NEW

• Severity: 9.8 CRITICAL
• Impacted Products: set-in >=2.0.1, < 2.0.5
• Description: set-in provides the set value of nested associative structure given array of keys. A prototype pollution vulnerability exists in the the npm package set-in (>=2.0.1, < 2.0.5). Despite a previous fix that attempted to mitigate prototype pollution by checking whether user input contained a forbidden key, it is still possible to pollute Object.prototype via a crafted input using Array.prototype. This has been fixed in version 2.0.5.
• Remediation:
  • Prototype pollution in set-in
  • https://github.com/ahdinosaur/set-in/commit/b8e1dabfdbd35c8d604b6324e01d03f280256c3d
  • Prototype pollution in set-in (>=2.0.1) · Advisory · ahdinosaur/set-in · GitHub
• More Info: NVD - CVE-2026-26021
• PoC:
  • https://github.com/ahdinosaur/set-in/security/advisories/GHSA-2c4m-g7rx-63q7

CVE-2026-24061

• Severity: 9.8 CRITICAL
• Impacted Products: GNU Inetutils 1.9.3 through 2.7
• Description: GNU Inetutils telnetd is affected by an argument injection vulnerability that allows remote, unauthenticated attackers to bypass authentication and gain root access. This flaw occurs because the daemon fails to sanitize the USER environment variable before passing it to the system’s login utility.
• Remediation:
  • oss-sec: GNU InetUtils Security Advisory: remote authentication by-pass in telnetd
  • oss-security - GNU InetUtils Security Advisory: remote authentication by-pass in telnetd
  • oss-security - GNU InetUtils Security Advisory: remote authentication by-pass in telnetd
• More Info: NVD - CVE-2026-24061
• PoC:
  • https://github.com/duy-31/CVE-2026-24061---telnetd
  • https://github.com/Mr-Zapi/CVE-2026-24061
  • https://github.com/z3n70/CVE-2026-24061

CVE-2026-2249 NEW

• Severity: 9.8 CRITICAL
• Impacted Products: METIS DFS devices (versions <= oscore 2.1.234-r18)
• Description: METIS DFS devices (versions <= oscore 2.1.234-r18) expose a web-based shell at the /console endpoint that does not require authentication. Accessing this endpoint allows a remote attacker to execute arbitrary operating system commands with ‘daemon’ privileges. This results in the compromise of the software, granting unauthorized access to modify configuration, read and alter sensitive data, or disrupt services.
• Remediation:
  • Unauthenticated Remote Command Execution via Web Console in METIS DFS
• More Info: NVD - CVE-2026-2249
• PoC:
  • https://github.com/taylorwerno/CVE-2026-2249

CVE-2026-1729 NEW

• Severity: 9.8 CRITICAL
• Impacted Products: AdForest theme for WordPress, 6.0.12
• Description: The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 6.0.12. This is due to the plugin not properly verifying a user’s identity prior to authenticating them through the ‘sb_login_user_with_otp_fun’ function. This makes it possible for unauthenticated attackers to log in as arbitrary users, including administrators.
• Remediation: Follow vendor security advisories and apply the latest patches. Review affected systems and prioritize patching based on exploitability and business impact.
• More Info: NVD - CVE-2026-1729
• PoC:
  • https://github.com/ninjazan420/CVE-2026-1729-PoC-AdForest-WordPress-Authentication-Bypass

CVE-2026-1490 NEW

• Severity: 9.8 CRITICAL
• Impacted Products: The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress, all versions up to, and including
• Description: The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an authorization bypass via reverse DNS (PTR record) spoofing on the ‘checkWithoutToken’ function in all versions up to, and including, 6.71. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated. Note:…
• Remediation: Follow vendor security advisories and apply the latest patches. Review affected systems and prioritize patching based on exploitability and business impact.
• More Info: NVD - CVE-2026-1490
• PoC:
  • https://github.com/comthompson30/CVE-2026-1490

CVE-2026-1357 NEW

• Severity: 9.8 CRITICAL
• Impacted Products: WPvivid Backup & Migration plugin for WordPress
• Description: The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is affected by an unauthenticated arbitrary file upload vulnerability that allows for remote code execution. This flaw is caused by a cryptographic implementation error and a lack of input sanitization in the file upload process.
• Remediation: Follow vendor security advisories and apply the latest patches. Review affected systems and prioritize patching based on exploitability and business impact.
• More Info: NVD - CVE-2026-1357
• PoC:
  • https://github.com/LucasM0ntes/POC-CVE-2026-1357
  • https://github.com/microcyberr/CVE-2026-1357
  • https://github.com/cybertechajju/CVE-2026-1357-POC

CVE-2026-1306 NEW

• Severity: 9.8 CRITICAL
• Impacted Products: midi-Synth plugin for WordPress, 1.1.0
• Description: The midi-Synth plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type and file extension validation in the ‘export’ AJAX action in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site’s server which may make remote code execution possible granted the attacker can obtain a valid nonce. The nonce is exposed in frontend JavaScript making it trivially accessible to unauthenticat…
• Remediation: Follow vendor security advisories and apply the latest patches. Review affected systems and prioritize patching based on exploitability and business impact.
• More Info: NVD - CVE-2026-1306
• PoC:
  • https://github.com/richardpaimu34/CVE-2026-1306

CVE-2025-8572 NEW

• Severity: 9.8 CRITICAL
• Impacted Products: Truelysell Core plugin for WordPress, 1.8.7
• Description: The Truelysell Core plugin for WordPress is vulnerable to privilege escalation in versions less than, or equal to, 1.8.7. This is due to insufficient validation of the user_role parameter during user registration. This makes it possible for unauthenticated attackers to create accounts with elevated privileges, including administrator access.
• Remediation: Follow vendor security advisories and apply the latest patches. Review affected systems and prioritize patching based on exploitability and business impact.
• More Info: NVD - CVE-2025-8572
• PoC:
  • https://github.com/richardpaimu34/CVE-2025-8572

CVE-2025-70830 NEW

• Severity: 9.9 CRITICAL
• Impacted Products: Datart v1.0.0-rc.3
• Description: A Server-Side Template Injection (SSTI) vulnerability in the Freemarker template engine of Datart v1.0.0-rc.3 allows authenticated attackers to execute arbitrary code via injecting crafted Freemarker template syntax into the SQL script field.
• Remediation: Follow vendor security advisories and apply the latest patches. Review affected systems and prioritize patching based on exploitability and business impact.
• More Info: NVD - CVE-2025-70830
• PoC:
  • https://github.com/xiaoxiaoranxxx/CVE-2025-70830

CVE-2025-70314 NEW

• Severity: 9.8 CRITICAL
• Impacted Products: webfsd 1.21
• Description: webfsd 1.21 is vulnerable to a Buffer Overflow via a crafted request. This is due to the filename variable
• Remediation: Follow vendor security advisories and apply the latest patches. Review affected systems and prioritize patching based on exploitability and business impact.
• More Info: NVD - CVE-2025-70314
• PoC:
  • https://gist.github.com/Err0rzz/3afe49f54e1121b8a08a69801b61cfcc

CVE-2025-69872 NEW

• Severity: 8.4 HIGH
• Impacted Products: DiskCache (python-diskcache) 5.6.3
• Description: DiskCache (python-diskcache) through 5.6.3 uses Python pickle for serialization by default. An attacker with write access to the cache directory can achieve arbitrary code execution when a victim application reads from the cache.
• Remediation: Follow vendor security advisories and apply the latest patches. Review affected systems and prioritize patching based on exploitability and business impact.
• More Info: NVD - CVE-2025-69872
• PoC:
  • https://github.com/EthanKim88/ethan-cve-disclosures/blob/main/CVE-2025-69872-DiskCache-Pickle-Deserialization.md

CVE-2025-69633 NEW

• Severity: 9.8 CRITICAL
• Impacted Products: Advanced Popup Creator (advancedpopupcreator) module for PrestaShop 1.1.26 through 1.2.6
• Description: A SQL Injection vulnerability in the Advanced Popup Creator (advancedpopupcreator) module for PrestaShop 1.1.26 through 1.2.6 (Fixed in version 1.2.7) allows remote unauthenticated attackers to execute arbitrary SQL queries via the fromController parameter in the popup controller. The parameter is passed unsanitized to SQL queries in classes/AdvancedPopup.php (getPopups() and updateVisits() functions).
• Remediation: Follow vendor security advisories and apply the latest patches. Review affected systems and prioritize patching based on exploitability and business impact.
• More Info: NVD - CVE-2025-69633
• PoC:
  • https://labs.esokia.com/cve/cve-2025-69633

CVE-2025-43529 NEW

• Severity: 9.6 CRITICAL
• Impacted Products: Apple iOS prior to 26, iPadOS prior to 26, macOS prior to 26, tvOS prior to 26, watchOS prior to 26
• Description: Apple iOS prior to version 26 is affected by a use-after-free vulnerability that allows for arbitrary code execution through maliciously crafted web content. This flaw was addressed with improved memory management.
• Remediation:
  • Important: webkit2gtk3 security update
  • Important: webkit2gtk3 security update
  • Important: webkit2gtk3 security update
• More Info: NVD - CVE-2025-43529
• PoC:
  • https://github.com/SimoesCTT/Convergent-Time-Theory-Enhanced-iOS-Safari-RCE-CVE-2025-43529-
  • https://github.com/bjrjk/CVE-2025-43529
  • https://github.com/zeroxjf/CVE-2025-43529-analysis

CVE-2025-14174 NEW

• Severity: 9.6 CRITICAL
• Impacted Products: LibANGLE
• Description: Google’s open-source LibANGLE library is affected by a buffer overflow vulnerability in its Metal renderer due to an incorrect calculation of buffer size. This flaw can lead to memory corruption, information leaks, arbitrary code execution, and sandbox escape. ### Impact Successful exploitation of this vulnerability can lead to memory corruption, application crashes, and the disclosure of sensitive information. Furthermore, it can enable arbitrary code execution within the context of the appl…
• Remediation:
  • PAN-SA-2026-0001 Chromium: Monthly Vulnerability Update (January 2026)
  • Chromium: CVE-2025-14174 Out of bounds memory access in ANGLE
  • SUSE-SU-2025:4528-1: important: Security update for webkit2gtk3
• More Info: NVD - CVE-2025-14174
• PoC:
  • https://github.com/zeroxjf/CVE-2025-14174-analysis
  • https://github.com/George0Papasotiriou/CVE-2025-14174-Chrome-Zero-Day

CVE-2019-25319 NEW

• Severity: 9.8 CRITICAL
• Impacted Products: Domain Quester Pro 6.02
• Description: Domain Quester Pro 6.02 contains a stack overflow vulnerability that allows remote attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) registers. Attackers can craft a malicious payload targeting the ‘Domain Name Keywords’ input field to trigger an access violation and execute a bind shell on port 9999.
• Remediation: Follow vendor security advisories and apply the latest patches. Review affected systems and prioritize patching based on exploitability and business impact.
• More Info: NVD - CVE-2019-25319
• PoC:
  • https://www.exploit-db.com/exploits/47825

References

This list was scraped from the quite amazing and highly recommended newsletters below:

• ~this week in security~
• Unsupervised Learning
• @RISK
• Hive Five
• Vulnerable U
• tl;dr sec

Thanks for reading! For corrections, omissions (e.g. newsletter recs) feel free to get in touch.