The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count.

For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. I don’t vouch for any links in this list: follow them with caution.

CVE-2026-3584 NEW

• Severity: 9.8 CRITICAL
• Impacted Products: Kali Forms plugin for WordPress, 2.4.9
• Description: The Kali Forms plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.4.9 via the ‘form_process’ function. This is due to the ‘prepare_post_data’ function mapping user-supplied keys directly into internal placeholder storage, combined with the use of ‘call_user_func’ on these placeholder values. This makes it possible for unauthenticated attackers to execute code on the server.
• Remediation: Follow vendor security advisories and apply the latest patches. Review affected systems and prioritize patching based on exploitability and business impact.
• More Info: NVD - CVE-2026-3584
• PoC:
  • https://github.com/Yucaerin/CVE-2026-3584

CVE-2026-33017 NEW

• Severity: 9.8 CRITICAL
• Impacted Products: Langflow versions prior to 1.9.0
• Description: Langflow is affected by an unauthenticated remote code execution vulnerability in its public flow build endpoint. An attacker can exploit this by submitting a crafted HTTP POST request containing malicious Python code within node definitions.
• Remediation:
  • https://github.com/langflow-ai/langflow/commit/73b6612e3ef25fdae0a752d75b0fabd47328d4f0
• More Info: NVD - CVE-2026-33017
• PoC:
  • https://github.com/rootdirective-sec/CVE-2026-33017-Lab
  • https://github.com/z4yd3/PoC-CVE-2026-33017
  • https://github.com/advisories/GHSA-vwmf-pq79-vjvx

CVE-2026-2991 NEW

• Severity: 9.8 CRITICAL
• Impacted Products: KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress, 4.1.2
• Description: The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 4.1.2. This is due to the patientSocialLogin() function not verifying the social provider access token before authenticating a user. This makes it possible for unauthenticated attackers to log in as any patient registered on the system by providing only their email address and an arbitrary value for the access token, bypassing all cred…
• Remediation: Follow vendor security advisories and apply the latest patches. Review affected systems and prioritize patching based on exploitability and business impact.
• More Info: NVD - CVE-2026-2991
• PoC:
  • https://github.com/joshuavanderpoll/CVE-2026-2991

CVE-2026-25769 NEW

• Severity: 9.1 CRITICAL
• Impacted Products: Wazuh 4.0.0 through 4.14.2
• Description: Wazuh is a free and open source platform used for threat prevention, detection, and response. Versions 4.0.0 through 4.14.2 have a Remote Code Execution (RCE) vulnerability due to Deserialization of Untrusted Data). All Wazuh deployments using cluster mode (master/worker architecture) and any organization with a compromised worker node (e.g., through initial access, insider threat, or supply chain attack) are impacted. An attacker who gains access to a worker node (through any means) can achi…
• Remediation:
  • Remote Code Execution via Insecure Deserialization in Wazuh Cluster · Advisory · wazuh/wazuh · GitHub
• More Info: NVD - CVE-2026-25769
• PoC:
  • https://github.com/Samres27/CVE-2026-25769---CVE-2026-25770

CVE-2026-22557 NEW

• Severity: 10.0 CRITICAL
• Impacted Products: Ubiquiti UniFi Network Application
• Description: Ubiquiti UniFi Network Application is affected by a path traversal vulnerability that allows an attacker with network access to reach sensitive files on the underlying system. This flaw can be exploited to manipulate system files, potentially leading to the compromise of underlying accounts.
• Remediation:
  • Security Advisory Bulletin 062 | Ubiquiti Community
• More Info: NVD - CVE-2026-22557
• PoC:
  • https://github.com/GarethMSheldon/cve-2026-22557-unifi-detection

CVE-2026-21994

• Severity: 9.8 CRITICAL
• Impacted Products: Oracle Edge Cloud Infrastructure Designer and Visualisation Toolkit 0.3.0
• Description: Vulnerability in the Oracle Edge Cloud Infrastructure Designer and Visualisation Toolkit product of Oracle Open Source Projects (component: Desktop). The supported version that is affected is 0.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Edge Cloud Infrastructure Designer and Visualisation Toolkit. Successful attacks of this vulnerability can result in takeover of Oracle Edge Cloud Infrastructure Designer and Visualis…
• Remediation: Follow vendor security advisories and apply the latest patches. Review affected systems and prioritize patching based on exploitability and business impact.
• More Info: NVD - CVE-2026-21994
• PoC:
  • https://github.com/g0w6y/CVE-2026-21994
  • https://github.com/TEXploited/CVE-2026-21994

References

This list was scraped from the quite amazing and highly recommended newsletters below:

• ~this week in security~
• Unsupervised Learning
• @RISK
• Hive Five
• Vulnerable U
• tl;dr sec

Thanks for reading! For corrections, omissions (e.g. newsletter recs) feel free to get in touch.