PatchNow
Content last updated: Less than a minute ago
9
Critical Vulnerabilities
1
Days Since Newest Entry

☕ Support This Service

+

These automated vulnerability intelligence briefings are provided free of charge to help security teams stay ahead of critical threats. The service monitors CISA KEV additions, performs AI-powered risk analysis, and generates actionable alerts 24/7.

Monthly Running Costs: ~£14 Claude AI (Risk Analysis): £7 • Kagi Search (Threat Intel): £7
🎁 Buy me a coffee

🧠 Vulnerability Classification Logic

+

🔴 HIGH RISK vulnerabilities are those that meet all of the following criteria:

  • MITRE ATT&CK T1190 Classification: The vulnerability enables "Exploit Public-Facing Application" attacks, meaning it can be directly exploited over the internet without user interaction
  • Network Attack Vector: CVSS analysis confirms the vulnerability has a NETWORK attack vector (not LOCAL, ADJACENT, or PHYSICAL)
  • Internet-Facing Deployment Analysis: Claude AI assesses that the vulnerable software is commonly deployed as an internet-facing service with HIGH or VERY_HIGH likelihood
  • Added to CISA KEV quickly: The CVE was issued less than 30 days prior to it being added to the KEV list. Otherwise you would have already patched it, right?
  • Added to KEV recently: The CVE was added to the KEV list in the last 14 days. Because you've patched it by the time it has been in active exploitation for 30 days, haven't you?

Each vulnerability undergoes deployment pattern analysis where Claude AI evaluates the typical deployment scenarios, and internet-facing likelihood.

CVE-2026-20127 - Cisco Catalyst SD-WAN Manager

Internet Exposure Likelihood: HIGH CVSS: 10.0
Critical authentication bypass vulnerability in Cisco Catalyst SD-WAN Manager allowing unauthenticated remote attackers to gain administrative privileges. CISA has issued Emergency Directive ED 26-03 due to active exploitation in the wild.
CVE ADDED: 2026-02-25 0 DAY BETWEEN CVE AND KEV 1 DAY SINCE KEV
View Details →

CVE-2026-25108 - FileZen V5.0.0-V5.0.10, FileZen V4.2.1-V4.2.8

Internet Exposure Likelihood: HIGH CVSS: 8.8
FileZen contains an OS command injection vulnerability allowing authenticated users to execute arbitrary OS commands via specially crafted HTTP requests when the Antivirus Check Option is enabled. This is a critical server-side vulnerability in a file sharing platform commonly deployed as internet-facing infrastructure.
CVE ADDED: 2026-02-13 11 DAYS BETWEEN CVE AND KEV 2 DAYS SINCE KEV
View Details →

CVE-2026-22769 - Dell RecoverPoint for Virtual Machines

Internet Exposure Likelihood: MEDIUM CVSS: 10.0
Dell RecoverPoint for VMs contains hardcoded credentials allowing unauthenticated remote attackers to gain root-level access to the underlying OS. This critical vulnerability is under active exploitation in the wild.
CVE ADDED: 2026-02-17 1 DAY BETWEEN CVE AND KEV 8 DAYS SINCE KEV
View Details →

CVE-2026-1731 - BeyondTrust Remote Support, BeyondTrust Privileged Remote Access

Internet Exposure Likelihood: HIGH CVSS: 9.9 RANSOMWARE USE
Critical pre-authentication remote code execution vulnerability in BeyondTrust Remote Support and Privileged Remote Access allowing unauthenticated attackers to execute OS commands via specially crafted requests. Active exploitation confirmed with CISA KEV listing.
CVE ADDED: 2026-02-06 7 DAYS BETWEEN CVE AND KEV 13 DAYS SINCE KEV
View Details →

CVE-2025-40536 - SolarWinds Web Help Desk 12.8.8 HF1 and below

Internet Exposure Likelihood: VERY_HIGH CVSS: 8.1
CVE-2025-40536 is a security control bypass vulnerability in SolarWinds Web Help Desk that allows unauthenticated attackers to gain access to restricted functionality. This vulnerability is being actively exploited in the wild against internet-facing WHD instances for initial access and lateral movement.
CVE ADDED: 2026-01-28 15 DAYS BETWEEN CVE AND KEV 14 DAYS SINCE KEV
View Details →

CVE-2026-24423 - SmarterMail

Internet Exposure Likelihood: VERY_HIGH CVSS: 9.3 RANSOMWARE USE
Critical unauthenticated remote code execution vulnerability in SmarterMail servers through the ConnectToHub API method. Attackers can execute arbitrary OS commands by pointing the server to a malicious HTTP server, with active exploitation confirmed by CISA KEV listing.
CVE ADDED: 2026-01-23 13 DAYS BETWEEN CVE AND KEV 21 DAYS SINCE KEV
View Details →

CVE-2025-40551 - SolarWinds Web Help Desk 12.8.8 HF1 and below

Internet Exposure Likelihood: HIGH CVSS: 9.8
Critical unauthenticated remote code execution vulnerability in SolarWinds Web Help Desk via untrusted data deserialization. Actively exploited in the wild with no authentication required.
CVE ADDED: 2026-01-28 6 DAYS BETWEEN CVE AND KEV 23 DAYS SINCE KEV
View Details →

CVE-2026-1281 - Ivanti Endpoint Manager Mobile

Internet Exposure Likelihood: HIGH CVSS: 9.8
Critical code injection vulnerability in Ivanti Endpoint Manager Mobile allowing unauthenticated remote code execution. This vulnerability is actively exploited in zero-day attacks and listed on CISA's KEV catalog.
CVE ADDED: 2026-01-29 0 DAY BETWEEN CVE AND KEV 28 DAYS SINCE KEV
View Details →

CVE-2026-24858 - FortiOS, FortiAnalyzer, FortiManager

Internet Exposure Likelihood: HIGH CVSS: 9.4
Authentication bypass vulnerability in Fortinet FortiOS, FortiAnalyzer, and FortiManager allowing attackers with FortiCloud accounts to access other organizations' devices when FortiCloud SSO is enabled. CISA KEV listing indicates active exploitation in the wild.
CVE ADDED: 2026-01-27 0 DAY BETWEEN CVE AND KEV 30 DAYS SINCE KEV
View Details →

Generated by PatchNow Intelligence System | Data Source: CISA KEV + CIRCL.LU + Claude Analysis

📄 Download JSON Data | 📡 RSS Feed