This week’s cybersecurity landscape brought 338 new CVE entries, including 11 rated critical and 118 rated high severity. 9 vulnerabilities were added to CISA’s Known Exploited Vulnerabilities catalog, meaning they are actively being used in attacks right now.
This weekly roundup distills the most important vulnerability disclosures, threat intelligence, and security news into a format busy IT teams can scan in five minutes. Bookmark this page — we publish every Monday.
Week at a Glance
| Metric | Count |
|---|---|
| Total new CVEs | 338 |
| Critical severity (CVSS 9.0+) | 11 |
| High severity (CVSS 7.0-8.9) | 118 |
| Actively exploited (CISA KEV) | 9 |
Critical Vulnerabilities
These vulnerabilities scored 9.0 or above on the CVSS scale and deserve immediate attention from any organization running the affected software.
CVE-2026-34865 (CVSS 10.0)
Out-of-bounds write vulnerability in the WEB module.Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.
CVE-2026-31059 (CVSS 9.8)
A remote command execution (RCE) vulnerability in the /goform/formDia component of UTT Aggressive HiPER 520W v3v1.7.7-180627 allows attackers to execute arbitrary commands via a crafted string.
CVE-2026-31151 (CVSS 9.8)
An issue in the login mechanism of Kaleris YMS v7.2.2.1 allows attackers to bypass login verification to access the application ‘s resources.
CVE-2019-25709 (CVSS 9.3)
CF Image Hosting Script 1.6.5 allows unauthenticated attackers to download and decode the application database by accessing the imgdb.db file in the upload/data directory. Attackers can extract delete IDs stored in plaintext from the deserialized database and use them to delete all pictures via the
CVE-2026-4810 (CVSS 9.3)
A Code Injection and Missing Authentication vulnerability in Google Agent Development Kit (ADK) versions 1.7.0 (and 2.0.0a1) through 1.28.1 (and 2.0.0a2) on Python (OSS), Cloud Run, and GKE allows an unauthenticated remote attacker to execute arbitrary code on the server hosting the ADK instance.
T
CVE-2026-23891 (CVSS 9.3)
Decidim is a participatory democracy framework. In versions below 0.30.5 and 0.31.0.rc1 through 0.31.0, a stored code execution vulnerability in the user name field allows a low-privileged attacker to execute arbitrary code in the context of any user who passively visits a comment page, resulting in
CVE-2026-40042 (CVSS 9.3)
Pachno 1.0.6 contains an XML external entity injection vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting unsafe XML parsing in the TextParser helper. Attackers can inject malicious XML entities through wiki table syntax and inline tags in issue descriptions, c
CVE-2026-40044 (CVSS 9.3)
Pachno 1.0.6 contains a deserialization vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting malicious serialized objects into cache files. Attackers can write PHP object payloads to world-writable cache files with predictable names in the cache directory, which
CVE-2026-26026 (CVSS 9.1)
GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, template injection by an administrator lead to RCE. This vulnerability is fixed in 11.0.6.
CVE-2026-5085 (CVSS 9.1)
Solstice::Session versions through 1440 for Perl generates session ids insecurely.
The _generateSessionID method returns an MD5 digest seeded by the epoch time, a random hash reference, a call to the built-in rand() function and the process id.
The same method is used in the _generateID method in
Actively Exploited Vulnerabilities (CISA KEV)
These vulnerabilities have confirmed active exploitation in the wild. If you run the affected products, patch immediately — attackers are already using these.
| CVE | Vendor / Product | Action Due | Ransomware? |
|---|---|---|---|
| CVE-2026-34621 | Adobe Acrobat and Reader | 2026-04-27 | Unknown |
| CVE-2026-21643 | Fortinet FortiClient EMS | 2026-04-16 | Unknown |
| CVE-2020-9715 | Adobe Acrobat | 2026-04-27 | Unknown |
| CVE-2023-36424 | Microsoft Windows | 2026-04-27 | Unknown |
| CVE-2023-21529 | Microsoft Exchange Server | 2026-04-27 | Unknown |
| CVE-2025-60710 | Microsoft Windows | 2026-04-27 | Unknown |
| CVE-2012-1854 | Microsoft Visual Basic for Applications (VBA) | 2026-04-27 | Unknown |
| CVE-2026-1340 | Ivanti Endpoint Manager Mobile (EPMM) | 2026-04-11 | Unknown |
| CVE-2026-35616 | Fortinet FortiClient EMS | 2026-04-09 | Unknown |
Protect Your Network
Patching is the first line of defense, but a layered security approach is essential. Here are tools we recommend for small businesses and home users:
- VPN Protection: Encrypt your traffic and hide your IP from attackers. See our Best VPN for Mac guide or Best VPN for Torrenting comparison.
- Antivirus: Modern endpoint protection catches exploit attempts before they execute. Best Antivirus for Windows 11 →
- Vulnerability Scanning: Find your exposure before attackers do. Best Vulnerability Scanners for Small Business →
This roundup is generated from our automated CyberBrief intelligence pipeline, which monitors NVD, CISA KEV, and vendor advisories daily. Subscribe to our newsletter for daily alerts.
Share this:
Blue Headline Briefing
Enjoyed this? The best stuff lands in your inbox first.
We don’t email on a schedule — we email when something is genuinely worth your time. No filler, no daily blasts, just the sharpest picks from Blue Headline delivered only when they matter.
