The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count.

For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. I don’t vouch for any links in this list: follow them with caution.

CVE-2026-5281

• Severity: 8.8 HIGH
• Impacted Products: Google Chrome
• Description: Google Chrome is affected by a use-after-free vulnerability in Dawn, the underlying WebGPU implementation, which could allow for arbitrary code execution. The flaw is triggered when the application attempts to access memory that has already been deallocated.
• Remediation:
  • Chromium: CVE-2026-5281 Use after free in Dawn
  • Chrome Releases: Stable Channel Update for Desktop
• More Info: NVD - CVE-2026-5281
• PoC:
  • https://github.com/umair-aziz025/CVE-2026-5281-Research-Toolkit

CVE-2026-33825 NEW

• Severity: 7.8 HIGH
• Impacted Products: Microsoft Defender Antimalware Platform
• Description: Microsoft Defender is affected by an elevation of privilege vulnerability due to insufficient granularity of access control. A local, authenticated attacker can exploit this flaw to gain elevated system-level privileges on the affected device.
• Remediation:
  • Microsoft Defender Elevation of Privilege Vulnerability
• More Info: NVD - CVE-2026-33825
• PoC:
  • https://github.com/Nightmare-Eclipse/RedSun
  • https://github.com/Nightmare-Eclipse/BlueHammer

CVE-2026-33824 NEW

• Severity: 9.8 CRITICAL
• Impacted Products: Microsoft Windows, IKE version 2 (IKEv2)
• Description: Microsoft Windows is affected by a double free vulnerability in the Internet Key Exchange (IKE) Service Extensions that allows for remote code execution. An unauthenticated attacker can trigger this flaw by sending specially crafted packets to a target system where IKE version 2 (IKEv2) is enabled.
• Remediation:
  • Windows Internet Key Exchange (IKE) Service Extensions Remote Code Execution Vulnerability
  • Microsoft KB 5082052
  • Microsoft KB 5082060
• More Info: NVD - CVE-2026-33824
• PoC:
  • https://github.com/z3r0h3ro/CVE-2026-33824

CVE-2026-34621 NEW

• Severity: 6.3 MEDIUM
• Impacted Products: Adobe Reader
• Description: Adobe Reader is affected by an information disclosure vulnerability that allows for the execution of privileged JavaScript APIs via crafted PDF documents. This flaw enables attackers to exfiltrate sensitive local data and perform system fingerprinting to facilitate further compromise.
• Remediation:
  • Adobe Security Bulletin
• More Info: NVD - CVE-2026-34621
• PoC:
  • https://github.com/ercihan/CVE-2026-34621
  • https://github.com/eduardorossi84/CVE-2026-34621-POC
  • https://github.com/ercihan/CVE-2026-34621_PDF_SAMPLE

CVE-2025-6965 NEW

• Severity: 7.7 HIGH
• Impacted Products: SQLite versions prior to 3.50.2
• Description: SQLite versions prior to 3.50.2 are affected by an integer truncation vulnerability that can lead to memory corruption. This flaw can be triggered when processing specific aggregate queries.
• Remediation:
  • Security Bulletin: Multiple Vulnerabilities for EDB Cloudpack for Data CP4D 5.3.1
  • Security Bulletin: EDB PGAI Hybrid Management with IBM is affected by Multiple Vulnerabilities.
  • Important: nodejs:22 security update
• More Info: NVD - CVE-2025-6965
• PoC:
  • https://www.exploit-db.com/exploits/52499

CVE-2026-4631 NEW

• Severity: 9.8 CRITICAL
• Impacted Products: Red Hat Cockpit
• Description: Red Hat Cockpit is affected by an unauthenticated remote code execution vulnerability within its remote login feature. This flaw allows an attacker to execute arbitrary commands by injecting malicious SSH options or shell commands through the web interface.
• Remediation:
  • Critical: cockpit: Unauthenticated remote code execution due to SSH command-line argument injection
  • Critical: cockpit: Unauthenticated remote code execution due to SSH command-line argument injection
  • Critical: cockpit: Unauthenticated remote code execution due to SSH command-line argument injection
• More Info: NVD - CVE-2026-4631
• PoC:
  • http://www.openwall.com/lists/oss-security/2026/04/10/5
  • https://github.com/cyberheartmi9/CVE-2026-4631-cockpit-RCE

CVE-2026-40175 NEW

• Severity: 10.0 CRITICAL
• Impacted Products: Axios < 1.15.0
• Description: Axios is affected by a prototype pollution gadget vulnerability in versions prior to 1.15.0 that allows for remote code execution or full cloud environment compromise. This flaw enables attackers to escalate prototype pollution vulnerabilities found in other third-party dependencies by leveraging Axios as an exploitation gadget.
• Remediation:
  • Security Bulletin: IBM App Connect Enterprise is vulnerable to a specific “Gadget” attack chain and proxy bypass and SSRF vulnerabilities due to Node js module axios (CVE-2025-62718 & CVE-2026-40175)
  • RHSA-2026:8483 - Security Advisory - Red Hat Customer Portal
  • RHSA-2026:8484 - Security Advisory - Red Hat Customer Portal
• More Info: NVD - CVE-2026-40175
• PoC:
  • https://github.com/pjt3591oo/CVE-2026-40175-poc
  • https://github.com/kengzzzz/CVE-2026-40175
  • https://github.com/0xBlackash/CVE-2026-40175

CVE-2026-39912 NEW

• Severity: 9.1 CRITICAL
• Impacted Products: V2Board (versions 1.6.1 through 1.7.4), Xboard (up to version 0.1.9)
• Description: V2Board and Xboard are affected by an authentication bypass vulnerability where sensitive magic login links are exposed in HTTP response bodies. This allows unauthenticated attackers to gain full access to any account, including administrative accounts, by providing a known email address.
• Remediation:
  • Fix: CVE-2026-39912 - Magic link token leak in loginWithMailLink by Chocapikk · Pull Request #873 · cedar2025/Xboard · GitHub
• More Info: NVD - CVE-2026-39912
• PoC:
  • https://github.com/Chocapikk/CVE-2026-39912
  • https://chocapikk.com/posts/2026/xboard-v2board-account-takeover

CVE-2026-39808 NEW

• Severity: 9.8 CRITICAL
• Impacted Products: Fortinet FortiSandbox 4.4.0 through 4.4.8
• Description: Fortinet FortiSandbox is affected by an OS command injection vulnerability in its web management interface that allows for arbitrary command execution. This flaw exists in versions 4.4.0 through 4.4.8 and can be triggered via specially crafted HTTP requests.
• Remediation:
  • PSIRT | FortiGuard Labs
• More Info: NVD - CVE-2026-39808
• PoC:
  • https://github.com/samu-delucas/CVE-2026-39808
  • https://github.com/Lechansky/CVE-2026-39808
  • https://github.com/0xBlackash/CVE-2026-39808

CVE-2026-35031 NEW

• Severity: 9.9 CRITICAL
• Impacted Products: Jellyfin < 10.11.7
• Description: Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain a vulnerability chain in the subtitle upload endpoint (POST /Videos/{itemId}/Subtitles), where the Format field is not validated, allowing path traversal via the file extension and enabling arbitrary file write. This arbitrary file write can be chained into arbitrary file read via .strm files, database extraction, admin privilege escalation, and ultimately remote code execution as root via ld.so.preload. Ex…
• Remediation:
  • Potential RCE via subtitle upload path traversal + .strm chain · Advisory · jellyfin/jellyfin · GitHub
• More Info: NVD - CVE-2026-35031
• PoC:
  • https://github.com/keraattin/CVE-2026-35031

CVE-2026-34197 NEW

• Severity: 8.8 HIGH
• Impacted Products: Apache ActiveMQ Classic
• Description: Apache ActiveMQ is affected by a code injection vulnerability in its Jolokia JMX-HTTP bridge that allows for remote code execution. An authenticated attacker can exploit this flaw by providing a crafted discovery URI to trigger the loading of a malicious remote configuration file.
• Remediation:
  • The Apache Software Foundation
• More Info: NVD - CVE-2026-34197
• PoC:
  • https://github.com/keraattin/CVE-2026-34197
  • https://github.com/KONDORDEVSECURITYCORP/CVE-2026-34197
  • https://github.com/0xBlackash/CVE-2026-34197

CVE-2026-33229 NEW

• Severity: 9.8 CRITICAL
• Impacted Products: XWiki Platform 17.4.8, XWiki Platform 17.10.1
• Description: XWiki Platform is affected by a remote code execution vulnerability in versions prior to 17.4.8 and 17.10.1 due to an improperly protected scripting API. This flaw allows an authenticated user with script rights to bypass the Velocity scripting sandbox and execute arbitrary code on the server.
• Remediation:
  • [XWIKI-23698] Remote Code Execution via the page title using Velocity - XWiki.org JIRA
  • https://github.com/xwiki/xwiki-platform/commit/9fe84da66184c05953df9466cf3a4acd15a46e63
  • Remote code execution with script right through unprotected Velocity scripting API · Advisory · xwiki/xwiki-platform · GitHub
• More Info: NVD - CVE-2026-33229
• PoC:
  • https://jira.xwiki.org/browse/XWIKI-23698
  • https://jira.xwiki.org/browse/XWIKI-23702

CVE-2026-23696 NEW

• Severity: 9.9 CRITICAL
• Impacted Products: Windmill CE 1.276.0 through 1.603.2, Windmill EE 1.276.0 through 1.603.2
• Description: Windmill CE and EE versions 1.276.0 through 1.603.2 contain an SQL injection vulnerability in the folder ownership management functionality that allows authenticated attackers to inject SQL through the owner parameter. An attacker can use the injection to read sensitive data such as the JWT signing secret and administrative user identifiers, forge an administrative token, and then execute arbitrary code via the workflow execution endpoints.
• Remediation: Follow vendor security advisories and apply the latest patches. Review affected systems and prioritize patching based on exploitability and business impact.
• More Info: NVD - CVE-2026-23696
• PoC:
  • https://github.com/Chocapikk/Windfall
  • https://chocapikk.com/posts/2026/windfall-nextcloud-flow-windmill-rce

CVE-2026-22679 NEW

• Severity: 9.8 CRITICAL
• Impacted Products: Weaver (Fanwei) E-cology 10.0 versions prior to 20260312
• Description: Weaver (Fanwei) E-cology 10.0 versions prior to 20260312 contain an unauthenticated remote code execution vulnerability in the /papi/esearch/data/devops/dubboApi/debug/method endpoint that allows attackers to execute arbitrary commands by invoking exposed debug functionality. Attackers can craft POST requests with attacker-controlled interfaceName and methodName parameters to reach command-execution helpers and achieve arbitrary command execution on the system. Exploitation evidence was first…
• Remediation: Follow vendor security advisories and apply the latest patches. Review affected systems and prioritize patching based on exploitability and business impact.
• More Info: NVD - CVE-2026-22679
• PoC:
  • https://github.com/keraattin/CVE-2026-22679
  • https://h4cker.zip/post/d5d211

CVE-2026-0740

• Severity: 9.8 CRITICAL
• Impacted Products: Ninja Forms - File Uploads plugin for WordPress 3.3.26, Ninja Forms - File Uploads plugin for WordPress 3.3.25, Ninja Forms - File Uploads plugin for WordPress 3.3.27
• Description: The Ninja Forms - File Uploads plugin for WordPress is affected by an arbitrary file upload vulnerability that allows unauthenticated attackers to achieve remote code execution. This issue exists in all versions of the plugin up to and including 3.3.26.
• Remediation: Follow vendor security advisories and apply the latest patches. Review affected systems and prioritize patching based on exploitability and business impact.
• More Info: NVD - CVE-2026-0740
• PoC:
  • https://github.com/xShadow-Here/CVE-2026-0740

CVE-2025-44560 NEW

• Severity: 9.8 CRITICAL
• Impacted Products: owntone-server 2ca10d9
• Description: owntone-server 2ca10d9 is vulnerable to Buffer Overflow due to lack of recursive checking.
• Remediation: Follow vendor security advisories and apply the latest patches. Review affected systems and prioritize patching based on exploitability and business impact.
• More Info: NVD - CVE-2025-44560
• PoC:
  • https://gist.github.com/wenwenyuyu/517851c3fe38c4f97b2d1940597da2d3

CVE-2021-4473 NEW

• Severity: 9.8 CRITICAL
• Impacted Products: Tianxin Internet Behavior Management System, NACFirmware_4.0.0.7_20210716.180815_topsec_0_basic.bin
• Description: Tianxin Internet Behavior Management System contains a command injection vulnerability in the Reporter component endpoint that allows unauthenticated attackers to execute arbitrary commands by supplying a crafted objClass parameter containing shell metacharacters and output redirection. Attackers can exploit this vulnerability to write malicious PHP files into the web root and achieve remote code execution with the privileges of the web server process. This vulnerability has been fixed in ver…
• Remediation: Follow vendor security advisories and apply the latest patches. Review affected systems and prioritize patching based on exploitability and business impact.
• More Info: NVD - CVE-2021-4473
• PoC:
  • https://cn-sec.com/archives/4631959.html

CVE-2019-25709 NEW

• Severity: 9.8 CRITICAL
• Impacted Products: CF Image Hosting Script 1.6.5
• Description: CF Image Hosting Script 1.6.5 allows unauthenticated attackers to download and decode the application database by accessing the imgdb.db file in the upload/data directory. Attackers can extract delete IDs stored in plaintext from the deserialized database and use them to delete all pictures via the d parameter.
• Remediation: Follow vendor security advisories and apply the latest patches. Review affected systems and prioritize patching based on exploitability and business impact.
• More Info: NVD - CVE-2019-25709
• PoC:
  • https://www.exploit-db.com/exploits/46094

CVE-2026-5194 NEW

• Severity: 9.1 CRITICAL
• Impacted Products: wolfSSL prior to version 5.9.1
• Description: wolfSSL is affected by an improper certificate validation vulnerability where missing checks on hash sizes and Object Identifiers (OIDs) allow for the acceptance of weak digests during ECDSA signature verification. This flaw can lead to the acceptance of forged certificates and a bypass of authentication mechanisms.
• Remediation:
  • GitHub - wolfSSL/wolfssl: The wolfSSL library is a small, fast, portable implementation of TLS/SSL for embedded devices to the cloud. wolfSSL supports up to TLS 1.3 and DTLS 1.3!
  • Release wolfSSL Release 5.9.1 (April 8, 2026) · wolfSSL/wolfssl · GitHub
• More Info: NVD - CVE-2026-5194
• PoC:
  • https://github.com/jenniferreire26/CVE-2026-5194

References

This list was scraped from the quite amazing and highly recommended newsletters below:

• ~this week in security~
• Unsupervised Learning
• @RISK
• Hive Five
• Vulnerable U
• tl;dr sec

Thanks for reading! For corrections, omissions (e.g. newsletter recs) feel free to get in touch.