The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count.

For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. I don’t vouch for any links in this list: follow them with caution.

CVE-2026-0257 NEW

• Severity: 9.1 CRITICAL
• Impacted Products: Palo Alto Networks PAN-OS, Prisma Access
• Description: Palo Alto Networks PAN-OS and Prisma Access are affected by an authentication bypass vulnerability in the GlobalProtect portal and gateway components. This flaw allows a remote, unauthenticated attacker to forge authentication cookies and establish unauthorized VPN connections.
• Remediation:
  • CVE-2026-0257 PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
  • Threat Brief: Active Exploitation of PAN-OS CVE-2026-0257
• More Info: NVD - CVE-2026-0257
• PoC:
  • https://github.com/bolubey/CVE-2026-0257

CVE-2024-21182 NEW

• Severity: 7.5 HIGH
• Impacted Products: Oracle WebLogic Server 12.2.1.4.0, Oracle WebLogic Server 14.1.1.0.0
• Description: Oracle WebLogic Server is affected by an information disclosure vulnerability in its Core component that allows unauthenticated attackers to access sensitive data. This issue affects versions 12.2.1.4.0 and 14.1.1.0.0 when accessed via the T3 or IIOP protocols.
• Remediation:
  • Oracle Critical Patch Update Advisory - July 2024
• More Info: NVD - CVE-2024-21182
• PoC:
  • https://github.com/dinosn/CVE-2024-21182
  • https://github.com/johnniebozura31/CVE-2024-21182
  • https://github.com/k4it0k1d/CVE-2024-21182/blob/main/CVE_2024_21182.java

CVE-2026-45659

• Severity: 8.8 HIGH
• Impacted Products: Microsoft SharePoint Server Subscription Edition
• Description: Microsoft SharePoint is affected by a deserialization of untrusted data vulnerability that allows an authenticated attacker to execute arbitrary code. This flaw impacts multiple versions of the software, including Microsoft SharePoint Server Subscription Edition.
• Remediation:
  • Microsoft SharePoint Remote Code Execution Vulnerability
  • Microsoft KB 5002863
  • Microsoft KB 5002868
• More Info: NVD - CVE-2026-45659
• PoC:
  • https://github.com/mistbarbarianspot/CVE-2026-45659-SharePoint-RCE
  • https://github.com/HORKimhab/CVE-2026-45659

CVE-2026-41089 NEW

• Severity: 9.8 CRITICAL
• Impacted Products: Microsoft Windows Server
• Description: Microsoft Windows Server is affected by a stack-based buffer overflow vulnerability in the Netlogon service that allows for remote code execution. An unauthenticated attacker can trigger this flaw by sending a specially crafted network request to a Windows server configured as a domain controller.
• Remediation:
  • Windows Netlogon Remote Code Execution Vulnerability
  • Microsoft KB 5087423
  • Microsoft KB 5087424
• More Info: NVD - CVE-2026-41089
• PoC:
  • https://github.com/hnytgl/cve-2026-41089-detector
  • https://github.com/sananpa/CVE-2026-41089
  • https://github.com/SightFinchFall/CVE-2026-41089-238

CVE-2025-48595 NEW

• Severity: 8.4 HIGH
• Impacted Products: Google Android Framework
• Description: Google Android Framework is affected by an integer overflow vulnerability in multiple locations that allows for local privilege escalation and arbitrary code execution. The flaw can be exploited by a local attacker without requiring any user interaction or additional execution privileges.
• Remediation:
  • Android Security Bulletin—June 2026
• More Info: NVD - CVE-2025-48595
• PoC:
  • https://github.com/HORKimhab/CVE-2025-48595

CVE-2022-0492

• Severity: 7.8 HIGH
• Impacted Products: Linux Kernel versions from 2.6.24 up to 5.16
• Description: A flaw in Linux kernel’s cgroup_release_agent_write allows privilege escalation and namespace isolation bypass.
• Remediation: Update to a patched Linux Kernel version.
• More Info: NVD - CVE-2022-0492
• PoC: https://github.com/T1erno/CVE-2022-0492-Docker-Breakout-Checker-and-PoC

CVE-2026-46840 NEW

• Severity: 10.0 CRITICAL
• Impacted Products: Oracle REST Data Services 24.2.0-26.1.0
• Description: Vulnerability in Oracle REST Data Services (component: Backend-as-a-Service). Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle REST Data Services. While the vulnerability is in Oracle REST Data Services, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle REST Data Services. CVSS 3….
• Remediation:
  • Oracle Critical Security Patch Update Advisory - May 2026
• More Info: NVD - CVE-2026-46840
• PoC:
  • https://github.com/fangbarristerbar/CVE-2026-46840-ORDS-RCE

CVE-2026-46376 NEW

• Severity: 9.8 CRITICAL
• Impacted Products: FreePBX 15.0.42 to before 16.0.45, FreePBX 17.0.7
• Description: FreePBX is an open source IP PBX. From 15.0.42 to before 16.0.45 and 17.0.7, unauthenticated users may be able to access the User Control Panel (UCP) using hard-coded initial template credentials if these were not immediately changed by the Administrator who enabled UCP. Authenticated access to ACP is required for the initial setup of UCP generic templates, but after that, without further steps by the admin, unauthenticated users may be able to gain access. This vulnerability is fixed in 16.0…
• Remediation:
  • Unauthenticated Use of Hard-Coded Credentials Vulnerability in FreePBX UCP Interface · Advisory · FreePBX/security-reporting · GitHub
• More Info: NVD - CVE-2026-46376
• PoC:
  • https://github.com/portbuster1337/CVE-2026-46376

CVE-2026-45247 NEW

• Severity: 9.8 CRITICAL
• Impacted Products: Mirasvit Full Page Cache Warmer for Magento 2 prior to version 1.11.12
• Description: Mirasvit Full Page Cache Warmer for Magento 2 is affected by a PHP object injection vulnerability that allows unauthenticated attackers to achieve remote code execution. This flaw is triggered by supplying a malicious serialized PHP object within the CacheWarmer cookie.
• Remediation: Follow vendor security advisories and apply the latest patches. Review affected systems and prioritize patching based on exploitability and business impact.
• More Info: NVD - CVE-2026-45247
• PoC:
  • https://github.com/HORKimhab/CVE-2026-45247

CVE-2020-1938 NEW

• Severity: 9.8 CRITICAL
• Impacted Products: Apache Tomcat
• Description: A vulnerability exists within the AJP Connector in Tomcat because the default configuration allows AJP connections to have higher trust and it is also enabled to listen on all configured IP addresses. Apache wrote that the risks were previously documented and they recommended steps to disable the Connector if it wasn’t required.
• Remediation:
  • 6153231
  • 6202740
  • 6208608
• More Info: NVD - CVE-2020-1938
• PoC:
  • https://github.com/duckpigdog/Tomcat-AJP-CVE-2020-1938
  • https://www.exploit-db.com/exploits/48143
  • https://www.exploit-db.com/exploits/49039

CVE-2026-31431

• Severity: 7.8 HIGH
• Impacted Products: All major Linux kernels since 2017
• Description: This local privilege escalation is rated as Important severity. Part of the Linux kernel’s cryptographic interface contains an incorrect in-place operation, where source and destination data mappings differ. This could lead to data integrity issues, including the escalation to root privileges.
• Remediation:
  • crypto: algif_aead - Revert to operating out-of-place
  • oss-security - CVE-2026-31431: CopyFail: linux local privilege scalation
  • oss-security - Re: CVE-2026-31431: CopyFail: linux local privilege scalation
• More Info: NVD - CVE-2026-31431
• PoC:
  • https://github.com/mCub3/CVE-2026-31431
  • https://github.com/Theori-lO/copy-fail-CVE-2026-31431
  • https://github.com/ruattd/cve-2026-31431

References

This list was scraped from the quite amazing and highly recommended newsletters below:

• ~this week in security~
• Unsupervised Learning
• @RISK
• Hive Five
• Vulnerable U
• tl;dr sec

Thanks for reading! For corrections, omissions (e.g. newsletter recs) feel free to get in touch.