the watchlist

CVETypeSeverityStatusDo thisStory
CVE-2026-8037Progress Kemp LoadMaster Command injection → RCE CVSS 9.6 exploited Patch now; take management interfaces off the internet
CVE-2026-45659Microsoft SharePoint Server (on-prem) Unsafe deserialization → RCE CVSS 8.8 exploited · KEV Apply the May 2026 patch — every unpatched on-prem server is a target
CVE-2026-35273Oracle PeopleSoft Unauthenticated SSRF → RCE CVSS 9.8 was exploited · KEV Apply Oracle's June 10 emergency patch; assume compromise if exposed pre-patch
CVE-2026-33825Microsoft Defender (BlueHammer) Race condition → SYSTEM privilege escalation CVSS 7.8 was exploited · KEV Apply the April 14 Patch Tuesday fix; audit for rollback-engine abuse
CVE-2026-6682…6688 (7)FatFs filesystem library (IoT firmware) Memory corruption → code execution via rigged USB/SD CVSS 7.6 disclosed Audit your vendored FatFs copy + wrapper code — affects cameras, drones, ICS, hardware wallets
CVE-2026-46242Linux kernel (epoll) Local privilege escalation → root CVSS 7.8 disclosed Patch — affects desktops, servers and Android; patching is the only real mitigation
CVE-2026-43503Linux kernel (DirtyClone) Local privilege escalation → root CVSS 8.8 disclosed Update to a kernel with the full DirtyFrag patch chain (v7.1-rc5+) — partial patching leaves you exposed

how to read this

exploited means confirmed in-the-wild attacks are happening now — patch out of cycle, today. was exploited means attacks happened before a patch shipped; if you were exposed unpatched, assume compromise and investigate, don't just update. disclosed means details are public but no confirmed exploitation yet — attackers read the same write-ups, so patch on an accelerated cadence.

Curated from our coverage, not an exhaustive CVE database — for completeness use CISA KEV alongside this list. Raw data: JSON · CSV.