PatchNow
Content last updated: Less than a minute ago
7
Critical Vulnerabilities
0
Days Since Newest Entry

☕ Support This Service

+

These automated vulnerability intelligence briefings are provided free of charge to help security teams stay ahead of critical threats. The service monitors CISA KEV additions, performs AI-powered risk analysis, and generates actionable alerts 24/7.

Monthly Running Costs: ~£14 Claude AI (Risk Analysis): £7 • Kagi Search (Threat Intel): £7
🎁 Buy me a coffee

🧠 Vulnerability Classification Logic

+

🔴 HIGH RISK vulnerabilities are those that meet all of the following criteria:

  • MITRE ATT&CK T1190 Classification: The vulnerability enables "Exploit Public-Facing Application" attacks, meaning it can be directly exploited over the internet without user interaction
  • Network Attack Vector: CVSS analysis confirms the vulnerability has a NETWORK attack vector (not LOCAL, ADJACENT, or PHYSICAL)
  • Internet-Facing Deployment Analysis: Claude AI assesses that the vulnerable software is commonly deployed as an internet-facing service with HIGH or VERY_HIGH likelihood
  • Added to CISA KEV quickly: The CVE was issued less than 30 days prior to it being added to the KEV list. Otherwise you would have already patched it, right?
  • Added to KEV recently: The CVE was added to the KEV list in the last 14 days. Because you've patched it by the time it has been in active exploitation for 30 days, haven't you?

Each vulnerability undergoes deployment pattern analysis where Claude AI evaluates the typical deployment scenarios, and internet-facing likelihood.

CVE-2026-1603 - Ivanti Endpoint Manager

Internet Exposure Likelihood: HIGH CVSS: 8.6
CVE-2026-1603 is an authentication bypass vulnerability in Ivanti Endpoint Manager that allows remote unauthenticated attackers to leak stored credential data. This vulnerability is actively exploited according to CISA KEV listing and can be directly exploited against internet-facing EPM instances.
CVE ADDED: 2026-02-10 27 DAYS BETWEEN CVE AND KEV 0 DAYS SINCE KEV
View Details →

CVE-2026-22719 - VMware Aria Operations, VMware Cloud Foundation, VMware Telco Cloud Platform (+1 more)

Internet Exposure Likelihood: HIGH CVSS: 8.1
Command injection vulnerability in VMware Aria Operations allows unauthenticated remote code execution during support-assisted product migration. Affects critical enterprise infrastructure management platforms commonly exposed to internet.
CVE ADDED: 2026-02-25 6 DAYS BETWEEN CVE AND KEV 6 DAYS SINCE KEV
View Details →

CVE-2026-20127 - Cisco Catalyst SD-WAN Manager

Internet Exposure Likelihood: HIGH CVSS: 10.0
Critical authentication bypass vulnerability in Cisco Catalyst SD-WAN Manager allowing unauthenticated remote attackers to gain administrative privileges. CISA has issued Emergency Directive ED 26-03 due to active exploitation in the wild.
CVE ADDED: 2026-02-25 0 DAY BETWEEN CVE AND KEV 12 DAYS SINCE KEV
View Details →

CVE-2026-25108 - FileZen V5.0.0-V5.0.10, FileZen V4.2.1-V4.2.8

Internet Exposure Likelihood: HIGH CVSS: 8.8
FileZen contains an OS command injection vulnerability allowing authenticated users to execute arbitrary OS commands via specially crafted HTTP requests when the Antivirus Check Option is enabled. This is a critical server-side vulnerability in a file sharing platform commonly deployed as internet-facing infrastructure.
CVE ADDED: 2026-02-13 11 DAYS BETWEEN CVE AND KEV 13 DAYS SINCE KEV
View Details →

CVE-2026-22769 - Dell RecoverPoint for Virtual Machines

Internet Exposure Likelihood: MEDIUM CVSS: 10.0
Dell RecoverPoint for VMs contains hardcoded credentials allowing unauthenticated remote attackers to gain root-level access to the underlying OS. This critical vulnerability is under active exploitation in the wild.
CVE ADDED: 2026-02-17 1 DAY BETWEEN CVE AND KEV 19 DAYS SINCE KEV
View Details →

CVE-2026-1731 - BeyondTrust Remote Support, BeyondTrust Privileged Remote Access

Internet Exposure Likelihood: HIGH CVSS: 9.9 RANSOMWARE USE
Critical pre-authentication remote code execution vulnerability in BeyondTrust Remote Support and Privileged Remote Access allowing unauthenticated attackers to execute OS commands via specially crafted requests. Active exploitation confirmed with CISA KEV listing.
CVE ADDED: 2026-02-06 7 DAYS BETWEEN CVE AND KEV 24 DAYS SINCE KEV
View Details →

CVE-2025-40536 - SolarWinds Web Help Desk 12.8.8 HF1 and below

Internet Exposure Likelihood: VERY_HIGH CVSS: 8.1
CVE-2025-40536 is a security control bypass vulnerability in SolarWinds Web Help Desk that allows unauthenticated attackers to gain access to restricted functionality. This vulnerability is being actively exploited in the wild against internet-facing WHD instances for initial access and lateral movement.
CVE ADDED: 2026-01-28 15 DAYS BETWEEN CVE AND KEV 25 DAYS SINCE KEV
View Details →

Generated by PatchNow Intelligence System | Data Source: CISA KEV + CIRCL.LU + Claude Analysis

📄 Download JSON Data | 📡 RSS Feed