What's happening in cyber, in plain English
We pull from NCSC, CISA, Have I Been Pwned and the NVD every six hours, then summarise each item into what it is, who it affects, and what you can do about it.
- CriticalCVECISA — Known Exploited Vulnerabilities· 24 Apr 2026· summary pending
CVE-2024-7399 — Samsung MagicINFO 9 Server Path Traversal Vulnerability
Samsung MagicINFO 9 Server. Samsung MagicINFO 9 Server contains a path traversal vulnerability that could allow an attacker to write arbitrary files as system authority. Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 gu
- CriticalCVECISA — Known Exploited Vulnerabilities· 24 Apr 2026· summary pending
CVE-2025-29635 — D-Link DIR-823X Command Injection Vulnerability
D-Link DIR-823X. D-Link DIR-823X contains a command injection vulnerability that allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /goform/set_prohibiting via the corresponding function. The impacted pro
- CriticalCVECISA — Known Exploited Vulnerabilities· 24 Apr 2026· summary pending
CVE-2024-57728 — SimpleHelp Path Traversal Vulnerability
SimpleHelp SimpleHelp. SimpleHelp contains a path traversal vulnerability that allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e. zip slip). This can be exploited to execute arbitrary code on the host
- CriticalCVECISA — Known Exploited Vulnerabilities· 24 Apr 2026· summary pending
CVE-2024-57726 — SimpleHelp Missing Authorization Vulnerability
SimpleHelp SimpleHelp. SimpleHelp contains a missing authorization vulnerability that could allow low-privileged technicians to create API keys with excessive permissions. These API keys can be used to escalate privileges to the server admin role. Required act
- CriticalCVECISA — Known Exploited Vulnerabilities· 23 Apr 2026· summary pending
CVE-2026-39987 — Marimo Remote Code Execution Vulnerability
Marimo Marimo. Marimo contains an pre-authorization remote code execution vulnerability, allowing an unauthenticated attacked to shell access and execute arbitrary system commands. Required action: Apply mitigations per vendor instructions, follow applicable B
- CriticalAdvisoryCisco PSIRT — security advisories· 22 Apr 2026· summary pending
Cisco Catalyst SD-WAN Vulnerabilities
Multiple vulnerabilities in Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an attacker to access an affected system, elevate privileges to root, gain access to sensitive information, and overwrite arbitrary files. For more information abou
- CriticalCVECISA — Known Exploited Vulnerabilities· 22 Apr 2026· summary pending
CVE-2026-33825 — Microsoft Defender Insufficient Granularity of Access Control Vulnerability
Microsoft Defender. Microsoft Defender contains an insufficient granularity of access control vulnerability that could allow an authorized attacker to escalate privileges locally. Required action: Apply mitigations per vendor instructions, follow applicable BO
- CriticalCVECISA — Known Exploited Vulnerabilities· 20 Apr 2026
CVE-2024-27199 — JetBrains TeamCity Relative Path Traversal Vulnerability
AI offline placeholder summary for: Title: CVE-2024-27199 — JetBrains TeamCity Relative Path Traversal Vulnerability.
- CriticalCVECISA — Known Exploited Vulnerabilities· 20 Apr 2026
CVE-2026-20122 — Cisco Catalyst SD-WAN Manager Incorrect Use of Privileged APIs Vulnerability
AI offline placeholder summary for: Title: CVE-2026-20122 — Cisco Catalyst SD-WAN Manager Incorrect Use of Privilege.
- CriticalCVECISA — Known Exploited Vulnerabilities· 20 Apr 2026
CVE-2025-32975 — Quest KACE Systems Management Appliance (SMA) Improper Authentication Vulnerability
AI offline placeholder summary for: Title: CVE-2025-32975 — Quest KACE Systems Management Appliance (SMA) Improper A.
- CriticalCVECISA — Known Exploited Vulnerabilities· 20 Apr 2026
CVE-2025-48700 — Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability
AI offline placeholder summary for: Title: CVE-2025-48700 — Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scri.
- CriticalCVECISA — Known Exploited Vulnerabilities· 20 Apr 2026
CVE-2026-20133 — Cisco Catalyst SD-WAN Manager Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
AI offline placeholder summary for: Title: CVE-2026-20133 — Cisco Catalyst SD-WAN Manager Exposure of Sensitive Info.
- CriticalCVECISA — Known Exploited Vulnerabilities· 20 Apr 2026
CVE-2026-20128 — Cisco Catalyst SD-WAN Manager Storing Passwords in a Recoverable Format Vulnerability
AI offline placeholder summary for: Title: CVE-2026-20128 — Cisco Catalyst SD-WAN Manager Storing Passwords in a Rec.
- CriticalCVECISA — Known Exploited Vulnerabilities· 20 Apr 2026
CVE-2025-2749 — Kentico Xperience Path Traversal Vulnerability
AI offline placeholder summary for: Title: CVE-2025-2749 — Kentico Xperience Path Traversal Vulnerability Kind: Vuln.
- CriticalCVECISA — Known Exploited Vulnerabilities· 20 Apr 2026
CVE-2023-27351 — PaperCut NG/MF Improper Authentication Vulnerability
AI offline placeholder summary for: Title: CVE-2023-27351 — PaperCut NG/MF Improper Authentication Vulnerability Kin.
- CriticalAdvisoryCisco PSIRT — security advisories· 16 Apr 2026· summary pending
Cisco Webex Services Certificate Validation Vulnerability
A vulnerability in the integration of single sign-on (SSO) with Control Hub in Cisco Webex Services could have allowed an unauthenticated, remote attacker to impersonate any user within the service. This vulnerability existed because of improper certificate va
- CriticalCVECISA — Known Exploited Vulnerabilities· 16 Apr 2026
CVE-2026-34197 — Apache ActiveMQ Improper Input Validation Vulnerability
AI offline placeholder summary for: Title: CVE-2026-34197 — Apache ActiveMQ Improper Input Validation Vulnerability.
- CriticalAdvisoryCisco PSIRT — security advisories· 15 Apr 2026· summary pending
Cisco Identity Services Engine Remote Code Execution and Path Traversal Vulnerabilities
Multiple vulnerabilities in Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker to achieve remote code execution or conduct path traversal attacks on an affected device. To explo
- CriticalAdvisoryCisco PSIRT — security advisories· 15 Apr 2026· summary pending
Cisco Identity Services Engine Remote Code Execution Vulnerabilities
Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit these vulnerabilities, the attacker must have at l
- CriticalCVENVD — high/critical CVEs (rolling 7d)· 14 Apr 2026· summary pending
CVE-2026-35031 — Jellyfin is an open source self hosted media server. Versions prior to 10.11.7…
Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain a vulnerability chain in the subtitle upload endpoint (POST /Videos/{itemId}/Subtitles), where the Format field is not validated, allowing path traversal via the file extens
- CriticalCVECISA — Known Exploited Vulnerabilities· 14 Apr 2026
CVE-2026-32201 — Microsoft SharePoint Server Improper Input Validation Vulnerability
AI offline placeholder summary for: Title: CVE-2026-32201 — Microsoft SharePoint Server Improper Input Validation Vu.
- CriticalCVECISA — Known Exploited Vulnerabilities· 14 Apr 2026
CVE-2009-0238 — Microsoft Office Remote Code Execution
AI offline placeholder summary for: Title: CVE-2009-0238 — Microsoft Office Remote Code Execution Kind: Vulnerabilit.
- CriticalCVECISA — Known Exploited Vulnerabilities· 13 Apr 2026
CVE-2026-21643 — Fortinet FortiClient EMS SQL Injection Vulnerability
AI offline placeholder summary for: Title: CVE-2026-21643 — Fortinet FortiClient EMS SQL Injection Vulnerability Kin.
- CriticalCVECISA — Known Exploited Vulnerabilities· 13 Apr 2026
CVE-2026-34621 — Adobe Acrobat and Reader Prototype Pollution Vulnerability
AI offline placeholder summary for: Title: CVE-2026-34621 — Adobe Acrobat and Reader Prototype Pollution Vulnerabili.
- CriticalCVECISA — Known Exploited Vulnerabilities· 13 Apr 2026
CVE-2023-36424 — Microsoft Windows Out-of-Bounds Read Vulnerability
AI offline placeholder summary for: Title: CVE-2023-36424 — Microsoft Windows Out-of-Bounds Read Vulnerability Kind:.
- CriticalCVECISA — Known Exploited Vulnerabilities· 13 Apr 2026
CVE-2023-21529 — Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability
AI offline placeholder summary for: Title: CVE-2023-21529 — Microsoft Exchange Server Deserialization of Untrusted D.
- CriticalCVECISA — Known Exploited Vulnerabilities· 13 Apr 2026
CVE-2012-1854 — Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability
AI offline placeholder summary for: Title: CVE-2012-1854 — Microsoft Visual Basic for Applications Insecure Library.
- CriticalCVECISA — Known Exploited Vulnerabilities· 13 Apr 2026
CVE-2020-9715 — Adobe Acrobat Use-After-Free Vulnerability
AI offline placeholder summary for: Title: CVE-2020-9715 — Adobe Acrobat Use-After-Free Vulnerability Kind: Vulnerab.
- CriticalCVECISA — Known Exploited Vulnerabilities· 13 Apr 2026
CVE-2025-60710 — Microsoft Windows Link Following Vulnerability
AI offline placeholder summary for: Title: CVE-2025-60710 — Microsoft Windows Link Following Vulnerability Kind: Vul.
- CriticalCVENVD — high/critical CVEs (rolling 7d)· 10 Apr 2026· summary pending
CVE-2026-32892 — Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, C…
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains an OS Command Injection vulnerability in the file move function. The move() function in fileManage.lib.php passes user-controlled path values directly into exec(
Sources are pulled directly from each provider's public feed and never modified. AI summaries are produced for plain-English readability and are clearly labelled — always follow the source link for the authoritative advisory.