CVE Tracker

CVE ID	Severity	EPSS	Vendor	Description	Date	Status
CVE-2025-60710	High	—	MicrosoftWindows	Microsoft Windows contains a link following vulnerability that allows for privilege escalation	Apr 13, 2026	KEV
CVE-2023-21529	High	—	MicrosoftExchange Server	Microsoft Exchange Server contains a deserialization of untrusted data that allows an authenticated attacker to achieve remote code execution.	Apr 13, 2026	KEV
CVE-2023-36424	High	—	MicrosoftWindows	Microsoft Windows Common Log File System Driver contains an out-of-bounds read vulnerability that could allow a threat actor for privileges escalation	Apr 13, 2026	KEV
CVE-2020-9715	High	—	AdobeAcrobat	Adobe Acrobat contains a use-after-free vulnerability that allows for code execution	Apr 13, 2026	KEV
CVE-2026-34621	High	—	AdobeAcrobat and Reader	Adobe Acrobat and Reader contain a prototype pollution vulnerability that allows for arbitrary code execution.	Apr 13, 2026	KEV
CVE-2026-1340	High	—	IvantiEndpoint Manager Mobile (EPMM)	Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that could allow attackers to achieve unauthenticated remote code execution.	Apr 8, 2026	KEV
CVE-2026-35616	High	—	FortinetFortiClient EMS	Fortinet FortiClient EMS contains an improper access control vulnerability that may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests.	Apr 6, 2026	KEV
CVE-2026-3502	High	—	TrueConfClient	TrueConf Client contains a download of code without integrity check vulnerability. An attacker who is able to influence the update delivery path can substitute a tampered update payload. If the payload is executed or installed by the updater, this may result in arbitrary code execution in the context of the updating process or user.	Apr 2, 2026	KEV
CVE-2026-5281	High	—	GoogleDawn	Google Dawn contains an use-after-free vulnerability that could allow a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. This vulnerability could affect multiple Chromium-based products including, but not limited to, Google Chrome, Microsoft Edge, and Opera.	Apr 1, 2026	KEV
CVE-2026-3587(1)	Info	—	—	Referenced in article: WAGO GmbH & Co. KG Industrial Managed Switches	Mar 28, 2026	—
CVE-2025-70614(1)	Info	—	—	Referenced in article: OpenCode Systems OC Messaging and USSD Gateway	Mar 28, 2026	—
CVE-2026-20114(1)	Info	—	—	Referenced in article: Cisco Patches Multiple Vulnerabilities in IOS Software	Mar 28, 2026	—
CVE-2026-20113(1)	Info	—	—	Referenced in article: Cisco Patches Multiple Vulnerabilities in IOS Software	Mar 28, 2026	—
CVE-2026-20112(1)	Info	—	—	Referenced in article: Cisco Patches Multiple Vulnerabilities in IOS Software	Mar 28, 2026	—
CVE-2026-20110(1)	Info	—	—	Referenced in article: Cisco Patches Multiple Vulnerabilities in IOS Software	Mar 28, 2026	—
CVE-2025-67644(1)	Info	—	—	Referenced in article: LangChain, LangGraph Flaws Expose Files, Secrets, Databases in Widely Used AI Frameworks	Mar 28, 2026	—
CVE-2025-68664(1)	Info	—	—	Referenced in article: LangChain, LangGraph Flaws Expose Files, Secrets, Databases in Widely Used AI Frameworks	Mar 28, 2026	—
CVE-2026-34070(1)	Info	—	—	Referenced in article: LangChain, LangGraph Flaws Expose Files, Secrets, Databases in Widely Used AI Frameworks	Mar 28, 2026	—
CVE-2026-22890(1)	Info	—	—	Referenced in article: EV2GO ev2go.io	Mar 28, 2026	—
CVE-2026-20895(1)	Info	—	—	Referenced in article: EV2GO ev2go.io	Mar 28, 2026	—

CVE-2025-60710KEV

High

Microsoft Windows contains a link following vulnerability that allows for privilege escalation

Microsoft

CVE-2023-21529KEV

High

Microsoft Exchange Server contains a deserialization of untrusted data that allows an authenticated attacker to achieve remote code execution.

Microsoft

CVE-2023-36424KEV

High

Microsoft Windows Common Log File System Driver contains an out-of-bounds read vulnerability that could allow a threat actor for privileges escalation

Microsoft

CVE-2020-9715KEV

High

Adobe Acrobat contains a use-after-free vulnerability that allows for code execution

Adobe

CVE-2026-34621KEV

High

Adobe Acrobat and Reader contain a prototype pollution vulnerability that allows for arbitrary code execution.

Adobe

CVE-2026-1340KEV

High

Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that could allow attackers to achieve unauthenticated remote code execution.

Ivanti

CVE-2026-35616KEV

High

Fortinet FortiClient EMS contains an improper access control vulnerability that may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests.

Fortinet

CVE-2026-3502KEV

High

TrueConf Client contains a download of code without integrity check vulnerability. An attacker who is able to influence the update delivery path can substitute a tampered update payload. If the payload is executed or installed by the updater, this may result in arbitrary code execution in the context of the updating process or user.

TrueConf

CVE-2026-5281KEV

High

Google Dawn contains an use-after-free vulnerability that could allow a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. This vulnerability could affect multiple Chromium-based products including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Google

CVE-2026-3587

Info

Referenced in article: WAGO GmbH & Co. KG Industrial Managed Switches

CVE-2025-70614

Info

Referenced in article: OpenCode Systems OC Messaging and USSD Gateway

CVE-2026-20114

Info

Referenced in article: Cisco Patches Multiple Vulnerabilities in IOS Software

CVE-2026-20113

Info