| CVE-2026-48558 | Critical | 10.0 | SimpleHelp RMM | Unauthenticated OIDC auth bypass → full technician session, MFA bypass possible; TaskWeaver loader deployed[^2][^35] | ✅ Patched — CISA KEV, deadline July 2 | CISA KEV / Hive Pro |
| CVE-2026-48276 | Critical | 10.0 | Adobe ColdFusion 2025/2023 | Unrestricted file upload → arbitrary code execution, no user interaction[^11][^12] | ✅ Patched — Update 10/21 | Adobe APSB26-68 |
| CVE-2026-48286 | Critical | 10.0 | Adobe Campaign Classic v7.4.3 | Incorrect authorization → arbitrary code execution on on-premise instances[^11][^13] | ✅ Patched — Build 9397 | Adobe Security Bulletin |
| CVE-2026-48282 | Critical | 10.0 | Adobe ColdFusion 2025/2023 | Path traversal → arbitrary code execution; first exploitation attempt logged within hours of patch release[^11] | ✅ Patched — actively monitored | The Hacker News |
| CVE-2026-45659 | High | 8.8 | Microsoft SharePoint Server | Deserialization RCE; authenticated attacker with Site Member permissions can compromise server; CISA KEV confirmed[^38][^39] | ✅ Patched May 2026 — CISA KEV, deadline July 4 | SecurityWeek / CISA |
| CVE-2026-8037 | Critical | 9.6–9.8 | Progress Kemp LoadMaster | Pre-auth OS command injection RCE via API; commands execute as root; public PoC available[^41][^42] | ✅ Patched — GA 7.2.63.2; active exploitation attempts | eSentire / The Hacker News |
| CVE-2026-35616 | Critical | 9.1 | Fortinet FortiClient EMS | Actively exploited to deploy EKZ credential-stealing malware in energy sector; browser credential theft + PowerShell exfil[^1] | ✅ Patched — active exploitation | CyberInfos |
| CVE-2026-33825 (BlueHammer) | High | TBD | Windows Defender | Privilege escalation to SYSTEM in Microsoft’s AV engine; actively used in ransomware intrusion chains; compromises the detection tool itself[^1] | ✅ Patched — active ransomware exploitation | CyberInfos |
| CVE-2025-5777 (Citrix Bleed 2) | Critical | High | Citrix NetScaler ADC/Gateway | Session token hijacking without authentication; primary initial access for Anubis RaaS ransomware deployments[^2][^1] | ✅ Patched — actively exploited by Anubis RaaS | The Hacker News |
| CVE-2026-50548/50549 (DuneSlide) | High | N/A | Cursor AI IDE | Prompt injection via MCP server → sandbox escape → RCE with no user interaction; patched in Cursor 3.0[^44] | ✅ Patched — Cursor 3.0 | About DFIR |