the watchlist
| CVE | Type | Severity | Status | Do this | Story |
|---|---|---|---|---|---|
| CVE-2026-8037Progress Kemp LoadMaster | Command injection → RCE | CVSS 9.6 | exploited | Patch now; take management interfaces off the internet | ↗ |
| CVE-2026-45659Microsoft SharePoint Server (on-prem) | Unsafe deserialization → RCE | CVSS 8.8 | exploited · KEV | Apply the May 2026 patch — every unpatched on-prem server is a target | ↗ |
| CVE-2026-35273Oracle PeopleSoft | Unauthenticated SSRF → RCE | CVSS 9.8 | was exploited · KEV | Apply Oracle's June 10 emergency patch; assume compromise if exposed pre-patch | ↗ |
| CVE-2026-33825Microsoft Defender (BlueHammer) | Race condition → SYSTEM privilege escalation | CVSS 7.8 | was exploited · KEV | Apply the April 14 Patch Tuesday fix; audit for rollback-engine abuse | ↗ |
| CVE-2026-6682…6688 (7)FatFs filesystem library (IoT firmware) | Memory corruption → code execution via rigged USB/SD | CVSS 7.6 | disclosed | Audit your vendored FatFs copy + wrapper code — affects cameras, drones, ICS, hardware wallets | ↗ |
| CVE-2026-46242Linux kernel (epoll) | Local privilege escalation → root | CVSS 7.8 | disclosed | Patch — affects desktops, servers and Android; patching is the only real mitigation | ↗ |
| CVE-2026-43503Linux kernel (DirtyClone) | Local privilege escalation → root | CVSS 8.8 | disclosed | Update to a kernel with the full DirtyFrag patch chain (v7.1-rc5+) — partial patching leaves you exposed | ↗ |
how to read this
exploited means confirmed in-the-wild attacks are happening now — patch out of cycle, today. was exploited means attacks happened before a patch shipped; if you were exposed unpatched, assume compromise and investigate, don't just update. disclosed means details are public but no confirmed exploitation yet — attackers read the same write-ups, so patch on an accelerated cadence.
Curated from our coverage, not an exhaustive CVE database — for completeness use CISA KEV alongside this list. Raw data: JSON · CSV.