The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count.

For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. I don’t vouch for any links in this list: follow them with caution.

CVE-2026-11645

• Severity: 9.6 CRITICAL
• Impacted Products: Google Chrome 149.0.7827.103
• Description: Google Chrome versions prior to 149.0.7827.103 are affected by an out-of-bounds read and write vulnerability in the V8 JavaScript engine. This flaw allows a remote attacker to execute arbitrary code within the browser’s sandbox via a crafted HTML page.
• Remediation:
  • Chromium: CVE-2026-11645 Out of bounds memory access in V8
  • [SECURITY] [DSA 6337-1] chromium security update
  • Chrome Releases: Stable Channel Update for Desktop
• More Info: NVD - CVE-2026-11645
• PoC:
  • https://github.com/0xBlackash/CVE-2026-11645
  • https://github.com/adamshaikhma/CVE-2026-11645

CVE-2026-10520 NEW

• Severity: 10.0 CRITICAL
• Impacted Products: Ivanti Sentry R10.5.2, R10.6.2, R10.7.1
• Description: Ivanti Sentry, formerly known as MobileIron Sentry, is affected by an OS command injection vulnerability that allows a remote, unauthenticated attacker to execute arbitrary commands with root-level privileges. This flaw exists in versions prior to R10.5.2, R10.6.2, and R10.7.1.
• Remediation:
  • Security Advisory Ivanti Sentry (CVE-2026-10520, CVE-2026-10523)
  • Security Advisory Ivanti Sentry (CVE-2026-10520, CVE-2026-10523)
• More Info: NVD - CVE-2026-10520
• PoC:
  • https://github.com/Layer-6/CVE-2026-5027-Langflow
  • https://github.com/HORKimhab/CVE-2026-10520-10523
  • https://github.com/error-inside/CVE-2026-10520

CVE-2026-10523 NEW

• Severity: 9.9 CRITICAL
• Impacted Products: Ivanti Sentry R10.5.2, R10.6.2, R10.7.1
• Description: Ivanti Sentry is affected by an authentication bypass vulnerability that allows a remote, unauthenticated attacker to create arbitrary administrative accounts. This flaw enables an attacker to obtain full administrative access to the system.
• Remediation:
  • Security Advisory Ivanti Sentry (CVE-2026-10520, CVE-2026-10523)
  • Security Advisory Ivanti Sentry (CVE-2026-10520, CVE-2026-10523)
• More Info: NVD - CVE-2026-10523
• PoC:
  • https://github.com/gagaltotal/CVE-2026-10523-Ivanti-sentry

CVE-2026-54420 NEW

• Severity: 8.5 HIGH
• Impacted Products: LiteSpeed cPanel plugin versions prior to 2.4.8
• Description: The LiteSpeed cPanel plugin is affected by a symbolic link (symlink) following vulnerability that allows authenticated users to escape isolated sandbox environments. This flaw occurs when the plugin mishandles user-provided paths on shared hosting servers running CloudLinux/CageFS.
• Remediation:
  • Security Update for LiteSpeed cPanel Plugin ⋆ LiteSpeed Blog
• More Info: NVD - CVE-2026-54420
• PoC:
  • https://github.com/HORKimhab/CVE-2026-54420
  • https://github.com/fevar54/CVE-2026-54420-LiteSpeed-Symlink-Exploit
  • https://github.com/mahfuzreham/litespeed-cpanel-cve-2026-54420-fix

CVE-2026-47291

• Severity: 9.8 CRITICAL
• Impacted Products: Microsoft Windows Server 2025, version 10.0.26100.32995
• Description: Microsoft Windows Server 2025 is affected by an integer overflow vulnerability in the Windows HTTP Protocol Stack (http.sys) that allows for remote code execution. An unauthenticated attacker can exploit this flaw by sending a specially crafted packet to a targeted server that utilizes the affected protocol stack.
• Remediation:
  • HTTP.sys Remote Code Execution Vulnerability
  • Microsoft KB 5093998
  • Microsoft KB 5094041
• More Info: NVD - CVE-2026-47291
• PoC:
  • https://github.com/ManagerEmpty/CVE-2026-47291-httpsys

CVE-2026-35273

• Severity: 9.8 CRITICAL
• Impacted Products: Oracle PeopleSoft Enterprise PeopleTools 8.61, Oracle PeopleSoft Enterprise PeopleTools 8.62
• Description: Oracle PeopleSoft Enterprise PeopleTools is affected by a missing authentication vulnerability in the Updates Environment Management component that allows for remote code execution. This flaw enables an unauthenticated attacker to gain full control over the PeopleSoft environment via network access over HTTP.
• Remediation:
  • Oracle Security Alert Advisory - CVE-2026-35273
  • Oracle Security Alert Advisory - CVE-2026-35273
• More Info: NVD - CVE-2026-35273
• PoC:
  • https://github.com/0xBlackash/CVE-2026-35273
  • https://github.com/ekomsSavior/POC_cve_2026_35273
  • https://github.com/HORKimhab/CVE-2026-35273

CVE-2026-30120 NEW

• Severity: 9.8 CRITICAL
• Impacted Products: remotion-dev remotion v4.0.409
• Description: remotion-dev remotion v4.0.409 was discovered to contain a remote code execution (RCE) vulnerability.
• Remediation:
  • CVE-2026-30120: Remote Code Execution in Remotion
• More Info: NVD - CVE-2026-30120
• PoC:
  • https://github.com/EaEa0001/security-advisories/blob/main/CVE-2026-30120.md

CVE-2026-20262 NEW

• Severity: 8.8 HIGH
• Impacted Products: Cisco Catalyst SD-WAN Manager
• Description: Cisco Catalyst SD-WAN Manager (formerly SD-WAN vManage) is affected by an arbitrary file write vulnerability in its web UI that allows authenticated attackers to create or overwrite files on the underlying operating system. This flaw can be leveraged to achieve remote command execution and full system compromise.
• Remediation:
  • Cisco Catalyst SD-WAN Manager Arbitrary File Write Vulnerability
• More Info: NVD - CVE-2026-20262
• PoC:
  • https://github.com/HORKimhab/CVE-2026-20262

CVE-2026-53787 NEW

• Severity: 9.8 CRITICAL
• Impacted Products: Amasty Order Attributes for Magento 2 before version 4.0.0
• Description: Amasty Order Attributes for Magento 2 before version 4.0.0 contains an unauthenticated arbitrary file upload vulnerability that allows unauthenticated attackers to write arbitrary files to the store’s media directory by submitting files of any type or name to the upload endpoint without authentication, session validation, or cart context. Attackers can upload PHP files to achieve remote code execution on servers where the media directory permits PHP execution, or alternatively enable malware …
• Remediation: Follow vendor security advisories and apply the latest patches. Review affected systems and prioritize patching based on exploitability and business impact.
• More Info: NVD - CVE-2026-53787
• PoC:
  • https://github.com/webshellseo8/CVE-2026-53787-POC-

CVE-2026-53519 NEW

• Severity: 9.1 CRITICAL
• Impacted Products: Nezha Monitoring, prior to version 2.0.13
• Description: Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. Prior to version 2.0.13, fallbackToFrontend in the dashboard’s NoRoute handler treats any URL whose raw string starts with /dashboard as an admin-frontend asset request. The check uses strings.HasPrefix, not a path-segment match, so the input /dashboard../data/config.yaml is accepted; strings.TrimPrefix leaves ../data/config.yaml; and path.Join(“admin-dist”, “../data/config.yaml”) normalizes to…
• Remediation:
  • Pre-auth path traversal via /dashboard.. prefix confusion leaks jwt_secret_key · Advisory · nezhahq/nezha · GitHub
• More Info: NVD - CVE-2026-53519
• PoC:
  • https://github.com/tar-xz/CVE-2026-53519-PoC

CVE-2026-46716 NEW

• Severity: 9.9 CRITICAL
• Impacted Products: Nezha Monitoring 1.4.0 to before 2.0.8
• Description: Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, a RoleMember user can create a scheduled cron task with Cover=CronCoverAll, Servers=[] and an arbitrary Command. At every tick of the scheduler, the dashboard pushes that command to every server in the global ServerShared map — including servers that belong to other tenants (admin’s servers, other members' servers). Each agent runs the command and ret…
• Remediation:
  • RoleMember can run shell on every server (cross-tenant RCE) via POST /api/v1/cron · Advisory · nezhahq/nezha · GitHub
• More Info: NVD - CVE-2026-46716
• PoC:
  • https://github.com/HAERIN-L/POC_CVE-2026-46716

CVE-2026-25089 NEW

• Severity: 9.8 CRITICAL
• Impacted Products: Fortinet FortiSandbox, Fortinet FortiSandbox Cloud, Fortinet FortiSandbox PaaS
• Description: Fortinet FortiSandbox, including Cloud and PaaS versions, is affected by an OS command injection vulnerability in its Web UI that allows an unauthenticated remote attacker to execute arbitrary commands. This flaw exists due to the improper neutralization of special elements within crafted HTTP requests targeting management endpoints.
• Remediation:
  • PSIRT | FortiGuard Labs
• More Info: NVD - CVE-2026-25089
• PoC:
  • https://github.com/Layer-6/CVE-2026-5027-Langflow
  • https://github.com/HORKimhab/CVE-2026-25089
  • https://github.com/0xBlackash/CVE-2026-25089

CVE-2026-20253 NEW

• Severity: 9.8 CRITICAL
• Impacted Products: Splunk Enterprise, Splunk Cloud Platform
• Description: Splunk Enterprise and Splunk Cloud Platform are affected by a missing authentication vulnerability in the PostgreSQL sidecar service endpoint. This flaw allows an unauthenticated remote attacker to perform arbitrary file operations, such as creating or truncating files on the host system.
• Remediation:
  • SVD-2026-0603 | Splunk Vulnerability Disclosure
• More Info: NVD - CVE-2026-20253
• PoC:
  • https://github.com/watchtowrlabs/watchTowr-vs-Splunk-CVE-2026-20253
  • https://github.com/0xBlackash/CVE-2026-20253
  • https://github.com/HORKimhab/CVE-2026-20253

CVE-2020-1938

• Severity: 9.8 CRITICAL
• Impacted Products: Apache Tomcat
• Description: A vulnerability exists within the AJP Connector in Tomcat because the default configuration allows AJP connections to have higher trust and it is also enabled to listen on all configured IP addresses. Apache wrote that the risks were previously documented and they recommended steps to disable the Connector if it wasn’t required.
• Remediation:
  • 6153231
  • 6202740
  • 6208608
• More Info: NVD - CVE-2020-1938
• PoC:
  • https://github.com/duckpigdog/Tomcat-AJP-CVE-2020-1938
  • https://www.exploit-db.com/exploits/48143
  • https://www.exploit-db.com/exploits/49039

CVE-2026-48907 NEW

• Severity: 10.0 CRITICAL
• Impacted Products: Joomla Content Editor (JCE) 1.0.0 through 2.9.99.4
• Description: The Joomla Content Editor (JCE) extension for Joomla is affected by an improper access control vulnerability that allows unauthenticated remote attackers to achieve arbitrary code execution. This flaw enables the unauthorized creation of editor profiles, which can then be used to upload and execute malicious PHP files.
• Remediation:
  • JCE security update, and a free patch for older sites
• More Info: NVD - CVE-2026-48907
• PoC:
  • https://github.com/wearehackers160/CVE-2026-48907
  • https://github.com/webshellseo8/CVE-2026-48907-Unauthenticated-RCE-in-JCE
  • https://github.com/87achrafg-stack/CVE-2026-48907

CVE-2026-47210 NEW

• Severity: 9.9 CRITICAL
• Impacted Products: vm2 < 3.11.4
• Description: vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, a sandbox escape vulnerability in vm2 allows arbitrary code execution in the host process when untrusted code is executed with async support on runtimes exposing WebAssembly JSPI (WebAssembly.promising / WebAssembly.Suspending). In the tested configuration, a JSPI-backed Promise can reach Promise.prototype.finally() in a way that bypasses the expected Promise-species hardening and exposes a host-originated rejection object…
• Remediation:
  • vm2 sandbox escape via JSPI-backed Promise .finally() species bypass · Advisory · patriksimek/vm2 · GitHub
• More Info: NVD - CVE-2026-47210
• PoC:
  • https://github.com/patriksimek/vm2/security/advisories/GHSA-6j2x-vhqr-qr7q

References

This list was scraped from the quite amazing and highly recommended newsletters below:

• ~this week in security~
• Unsupervised Learning
• @RISK
• Hive Five
• Vulnerable U
• tl;dr sec

Thanks for reading! For corrections, omissions (e.g. newsletter recs) feel free to get in touch.