PatchNow

RSS Feed - High Risk Alerts Full Analysis History (78 CVEs)

Content last updated: Less than a minute ago
10
Critical Vulnerabilities
0
Days Since Newest Entry

☕ Support This Service

+

These automated vulnerability intelligence briefings are provided free of charge to help security teams stay ahead of critical threats. The service monitors CISA KEV additions, performs AI-powered risk analysis, and generates actionable alerts 24/7.

Monthly Running Costs: ~£14 Claude AI (Risk Analysis): £7 • Kagi Search (Threat Intel): £7
🎁 Buy me a coffee

🧠 Vulnerability Classification Logic

+

🔴 HIGH RISK vulnerabilities are those that meet all of the following criteria:

  • MITRE ATT&CK T1190 Classification: The vulnerability enables "Exploit Public-Facing Application" attacks, meaning it can be directly exploited over the internet without user interaction
  • Network Attack Vector: CVSS analysis confirms the vulnerability has a NETWORK attack vector (not LOCAL, ADJACENT, or PHYSICAL)
  • Internet-Facing Deployment Analysis: Claude AI assesses that the vulnerable software is commonly deployed as an internet-facing service with HIGH or VERY_HIGH likelihood
  • Added to CISA KEV quickly: The CVE was issued less than 30 days prior to it being added to the KEV list. Otherwise you would have already patched it, right?
  • Added to KEV recently: The CVE was added to the KEV list in the last 14 days. Because you've patched it by the time it has been in active exploitation for 30 days, haven't you?

Each vulnerability undergoes deployment pattern analysis where Claude AI evaluates the typical deployment scenarios, and internet-facing likelihood.

CVE-2025-40551 - SolarWinds Web Help Desk 12.8.8 HF1 and below

Internet Exposure Likelihood: HIGH CVSS: 9.8
Critical unauthenticated remote code execution vulnerability in SolarWinds Web Help Desk via untrusted data deserialization. Actively exploited in the wild with no authentication required.
CVE ADDED: 2026-01-28 6 DAYS BETWEEN CVE AND KEV 0 DAYS SINCE KEV
View Details →

CVE-2026-1281 - Ivanti Endpoint Manager Mobile

Internet Exposure Likelihood: HIGH CVSS: 9.8
Critical code injection vulnerability in Ivanti Endpoint Manager Mobile allowing unauthenticated remote code execution. This vulnerability is actively exploited in zero-day attacks and listed on CISA's KEV catalog.
CVE ADDED: 2026-01-29 0 DAY BETWEEN CVE AND KEV 5 DAYS SINCE KEV
View Details →

CVE-2026-24858 - FortiOS, FortiAnalyzer, FortiManager

Internet Exposure Likelihood: HIGH CVSS: 9.4
Authentication bypass vulnerability in Fortinet FortiOS, FortiAnalyzer, and FortiManager allowing attackers with FortiCloud accounts to access other organizations' devices when FortiCloud SSO is enabled. CISA KEV listing indicates active exploitation in the wild.
CVE ADDED: 2026-01-27 0 DAY BETWEEN CVE AND KEV 7 DAYS SINCE KEV
View Details →

CVE-2025-52691 - SmarterMail Build 9406 and earlier

Internet Exposure Likelihood: VERY_HIGH CVSS: 10.0
Critical unauthenticated file upload vulnerability in SmarterMail email servers allowing arbitrary file upload to any server location, leading to remote code execution. Active exploitation is occurring in the wild against internet-facing mail servers.
CVE ADDED: 2025-12-29 28 DAYS BETWEEN CVE AND KEV 8 DAYS SINCE KEV
View Details →

CVE-2026-23760 - SmarterMail

Internet Exposure Likelihood: VERY_HIGH CVSS: 9.3
Critical authentication bypass vulnerability in SmarterMail email server allowing complete administrative takeover via password reset API. Over 6,000 vulnerable instances are internet-facing with active exploitation confirmed by CISA KEV listing.
CVE ADDED: 2026-01-22 4 DAYS BETWEEN CVE AND KEV 8 DAYS SINCE KEV
View Details →

CVE-2026-24061 - GNU InetUtils telnetd

Internet Exposure Likelihood: MEDIUM CVSS: 9.8
Critical authentication bypass vulnerability in GNU InetUtils telnetd allows remote attackers to gain root access without credentials via malformed USER environment variable. Over 800,000 telnet servers are exposed on the internet with active exploitation observed in the wild.
CVE ADDED: 2026-01-21 5 DAYS BETWEEN CVE AND KEV 8 DAYS SINCE KEV
View Details →

CVE-2025-68645 - Zimbra Collaboration

Internet Exposure Likelihood: VERY_HIGH CVSS: 8.8
Local File Inclusion vulnerability in Zimbra Collaboration webmail allows unauthenticated remote attackers to include arbitrary files via crafted requests to /h/rest endpoint. Zimbra is commonly deployed as internet-facing email server infrastructure.
CVE ADDED: 2025-12-22 31 DAYS BETWEEN CVE AND KEV 12 DAYS SINCE KEV
View Details →

CVE-2026-20045 - Cisco Unified Communications Manager, Cisco Unity Connection, Cisco Unified Communications Manager IM and Presence Service

Internet Exposure Likelihood: HIGH CVSS: 8.2
Critical remote code execution vulnerability in Cisco Unified Communications products allowing unauthenticated attackers to execute arbitrary commands via crafted HTTP requests to web management interfaces. Cisco confirms active exploitation attempts in the wild with potential for privilege escalation to root access.
CVE ADDED: 2026-01-21 0 DAY BETWEEN CVE AND KEV 13 DAYS SINCE KEV
View Details →

CVE-2025-8110 - Gogs versions

Internet Exposure Likelihood: HIGH CVSS: 8.7
Critical RCE vulnerability in Gogs Git service allows authenticated users to achieve remote code execution via symbolic link bypass in the PutContents API. Over 700 internet-facing instances have been compromised with active exploitation ongoing.
CVE ADDED: 2025-12-10 33 DAYS BETWEEN CVE AND KEV 22 DAYS SINCE KEV
View Details →

CVE-2025-37164 - HPE OneView

Internet Exposure Likelihood: HIGH CVSS: 10.0
CVE-2025-37164 is a critical unauthenticated remote code execution vulnerability in HPE OneView with a perfect CVSS score of 10.0. CISA has added this to their KEV catalog due to active exploitation in the wild, and a Metasploit module exists for exploitation.
CVE ADDED: 2025-12-16 22 DAYS BETWEEN CVE AND KEV 27 DAYS SINCE KEV
View Details →

Generated by PatchNow Intelligence System | Data Source: CISA KEV + CIRCL.LU + Claude Analysis

📄 Download JSON Data | 📡 RSS Feed