PatchNow
Content last updated: Less than a minute ago
10
Critical Vulnerabilities
0
Days Since Newest Entry

☕ Support This Service

+

These automated vulnerability intelligence briefings are provided free of charge to help security teams stay ahead of critical threats. The service monitors CISA KEV additions, performs AI-powered risk analysis, and generates actionable alerts 24/7.

Monthly Running Costs: ~£14 Claude AI (Risk Analysis): £7 • Kagi Search (Threat Intel): £7
🎁 Buy me a coffee

🧠 Vulnerability Classification Logic

+

🔴 HIGH RISK vulnerabilities are those that meet all of the following criteria:

  • MITRE ATT&CK T1190 Classification: The vulnerability enables "Exploit Public-Facing Application" attacks, meaning it can be directly exploited over the internet without user interaction
  • Network Attack Vector: CVSS analysis confirms the vulnerability has a NETWORK attack vector (not LOCAL, ADJACENT, or PHYSICAL)
  • Internet-Facing Deployment Analysis: Claude AI assesses that the vulnerable software is commonly deployed as an internet-facing service with HIGH or VERY_HIGH likelihood
  • Added to CISA KEV quickly: The CVE was issued less than 30 days prior to it being added to the KEV list. Otherwise you would have already patched it, right?
  • Added to KEV recently: The CVE was added to the KEV list in the last 14 days. Because you've patched it by the time it has been in active exploitation for 30 days, haven't you?

Each vulnerability undergoes deployment pattern analysis where Claude AI evaluates the typical deployment scenarios, and internet-facing likelihood.

CVE-2026-42897 - Exchange Server, Exchange Server Subscription Edition

Internet Exposure Likelihood: VERY_HIGH CVSS: 8.1
CVE-2026-42897 is a cross-site scripting vulnerability in Microsoft Exchange Server that enables spoofing attacks. This vulnerability is actively exploited in the wild and affects widely deployed internet-facing email servers through crafted network requests.
CVE ADDED: 2026-05-14 1 DAY BETWEEN CVE AND KEV 0 DAYS SINCE KEV
View Details →

CVE-2026-20182 - Cisco Catalyst SD-WAN Manager

Internet Exposure Likelihood: HIGH CVSS: 10.0
Critical authentication bypass in Cisco Catalyst SD-WAN Manager allows unauthenticated remote attackers to gain administrative privileges through crafted requests. This vulnerability is actively being exploited in the wild and is listed in CISA's KEV catalog.
CVE ADDED: 2026-05-14 0 DAY BETWEEN CVE AND KEV 1 DAY SINCE KEV
View Details →

CVE-2026-42208 - LiteLLM Proxy Server

Internet Exposure Likelihood: HIGH CVSS: 9.3
Critical SQL injection vulnerability in LiteLLM proxy server allowing unauthenticated attackers to read/modify database contents including API keys and credentials. Actively exploited within 36 hours of disclosure and added to CISA KEV catalog.
CVE ADDED: 2026-05-08 0 DAY BETWEEN CVE AND KEV 7 DAYS SINCE KEV
View Details →

CVE-2026-6973 - Ivanti Endpoint Manager Mobile

Internet Exposure Likelihood: HIGH CVSS: 7.2
CVE-2026-6973 is an OS command injection vulnerability in Ivanti Endpoint Manager Mobile (EPMM) that allows authenticated administrators to achieve remote code execution. EPMM is typically deployed as an internet-facing mobile device management server, making this a direct network exploitation risk.
CVE ADDED: 2026-05-07 0 DAY BETWEEN CVE AND KEV 8 DAYS SINCE KEV
View Details →

CVE-2026-0300 - Palo Alto PAN-OS

Internet Exposure Likelihood: HIGH CVSS: 9.3
Critical unauthenticated buffer overflow vulnerability in Palo Alto PAN-OS User-ID Authentication Portal allowing remote code execution with root privileges. Already under active exploitation in the wild against internet-facing firewalls.
CVE ADDED: 2026-05-06 0 DAY BETWEEN CVE AND KEV 9 DAYS SINCE KEV
View Details →

CVE-2026-41940 - cPanel, WHM, WP Squared

Internet Exposure Likelihood: VERY_HIGH CVSS: 9.8 RANSOMWARE USE
Critical authentication bypass vulnerability in cPanel and WHM control panels allowing unauthenticated remote attackers to gain unauthorized access. These web hosting management platforms are almost universally internet-facing by design and widely exploited in the wild.
CVE ADDED: 2026-04-29 1 DAY BETWEEN CVE AND KEV 15 DAYS SINCE KEV
View Details →

CVE-2026-39987 - Marimo Python Notebook Server

Internet Exposure Likelihood: HIGH CVSS: 9.3
Marimo Python notebook server has a critical pre-authentication RCE vulnerability allowing unauthenticated attackers to execute arbitrary system commands via an unprotected terminal WebSocket endpoint. This vulnerability is actively exploited in the wild and was added to CISA KEV catalog after being exploited within 10 hours of disclosure.
CVE ADDED: 2026-04-09 14 DAYS BETWEEN CVE AND KEV 22 DAYS SINCE KEV
View Details →

CVE-2026-20122 - Cisco Catalyst SD-WAN Manager

Internet Exposure Likelihood: HIGH CVSS: 5.4
CVE-2026-20122 is a critical arbitrary file overwrite vulnerability in Cisco Catalyst SD-WAN Manager's API that allows authenticated attackers to gain elevated privileges. This vulnerability is actively exploited in the wild and listed in CISA's KEV catalog.
CVE ADDED: 2026-02-25 54 DAYS BETWEEN CVE AND KEV 25 DAYS SINCE KEV
View Details →

CVE-2026-20133 - Cisco Catalyst SD-WAN Manager

Internet Exposure Likelihood: HIGH CVSS: 6.5
CVE-2026-20133 is an information disclosure vulnerability in Cisco Catalyst SD-WAN Manager that allows unauthenticated, remote attackers to view sensitive information by accessing the API. SD-WAN Manager is typically deployed as an internet-facing centralized management platform.
CVE ADDED: 2026-02-25 54 DAYS BETWEEN CVE AND KEV 25 DAYS SINCE KEV
View Details →

CVE-2026-34197 - Apache ActiveMQ, Apache ActiveMQ Broker, Apache ActiveMQ All

Internet Exposure Likelihood: HIGH CVSS: 8.8
Critical remote code execution vulnerability in Apache ActiveMQ through the Jolokia JMX-HTTP bridge exposed on web console. Authenticated attackers can exploit crafted discovery URIs to trigger remote Spring XML loading, leading to arbitrary code execution via bean factory methods.
CVE ADDED: 2026-04-07 9 DAYS BETWEEN CVE AND KEV 29 DAYS SINCE KEV
View Details →

Generated by PatchNow Intelligence System | Data Source: CISA KEV + CIRCL.LU + Claude Analysis

📄 Download JSON Data | 📡 RSS Feed