NVD disclosure day
CVE-2026-40687
Halo Surface Signal: 5 out of 5 — more likely to be public-facing.
Exim mail servers can be crashed or leak sensitive data due to a critical flaw in its authentication driver, impacting internet-facing systems.
CVE-2026-40685
Halo Surface Signal: 5 out of 5 — more likely to be public-facing.
A critical flaw in Exim email servers lets attackers take control by sending a specially crafted email, potentially impacting many systems that handle incoming mail.
CVE-2026-2311
Halo Surface Signal: 2 out of 5 — less likely to be public-facing.
An external attacker could exploit a flaw in the IBM i Web Administration interface to execute unauthorized code with full administrative privileges. This could allow them to take complete control of the server, putting critical business workflows and sensitive data at significant risk.
CVE-2026-3833
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
A GnuTLS flaw lets attackers bypass certificate checks by exploiting name casing differences. This could allow unauthorized access to services and sensitive data by tricking systems into accepting invalid certificates.
CVE-2026-33845
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
A critical flaw in GnuTLS allows remote attackers to steal data or disrupt services by sending malformed network traffic, impacting widely used internet-facing applications.
CVE-2026-36767
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
Shopizer's image upload feature has a critical flaw allowing anyone to write files anywhere on your system, potentially leading to complete takeover. This issue requires immediate attention.
CVE-2026-36760
Halo Surface Signal: 2 out of 5 — less likely to be public-facing.
In JeeSite, an internal attacker with legitimate access can trick the system into saving files to unauthorized locations on the server. This could allow them to overwrite critical system files, potentially leading to a full compromise of the affected server.
CVE-2025-71284
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
Synway SMG Gateway software has a critical flaw allowing unauthenticated attackers to run any command remotely, potentially compromising your network devices.
CVE-2022-50993
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
Weaver E-office has a critical flaw allowing anyone to upload malicious files, potentially taking full control of your systems remotely without needing a password.
CVE-2026-4670
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
MOVEit Automation has a critical flaw allowing anyone to bypass login, potentially exposing sensitive customer data or disrupting operations. This requires immediate attention due to the product's common use for sensitive file transfers.
CVE-2026-42799
Halo Surface Signal: 2 out of 5 — less likely to be public-facing.
A critical flaw in ASR Kestrel firmware allows attackers to overflow buffers and potentially take control of devices remotely without authentication. This is urgent due to its potential for widespread system compromise.
CVE-2026-22070
Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.
An internal attacker with a malicious application on a device can trick ColorOS Assistant into overwriting sensitive configuration files. This enables unauthorized changes to device settings and could grant the attacker complete control over the affected device.