Skip to content
The Nexus
DossierENTITY

CVSS score

Coverage of CVSS score in the Nexus archive.

Earliest in view: Apr 10 · 07:37 UTCMost recent: Jun 17 · 05:50 UTC
Co-mentioned in this coverage
Recent coverage
  • SECURITYJun 17 · 05:50 UTCTHE HACKER NEWS
    CISA Warns of Actively Exploited Joomla JCE Flaw Allowing PHP Code Execution

    CISA added a maximum-severity vulnerability in Joomla JCE to its KEV catalog, citing active exploitation. The flaw, CVE-2026-48907 with a CVSS score of 10.0, involves improper access control allowing arbitrary PHP code execution.

  • SECURITYApr 29 · 05:34 UTCTHE HACKER NEWS
    LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure

    A critical SQL injection vulnerability (CVE-2026-42208) in BerriAI's LiteLLM Python package was exploited in the wild within 36 hours of disclosure. The flaw, with a CVSS score of 9.3, allows attackers to modify underlying data through SQL injection attacks.

  • SECURITYApr 28 · 18:19 UTCTHE HACKER NEWS
    Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push

    Cybersecurity researchers discovered a critical remote code execution (RCE) vulnerability in GitHub.com and GitHub Enterprise Server, tracked as CVE-2026-3854 (CVSS score: 8.7). The flaw allows authenticated users with push access to exploit a command injection vulnerability via a single 'git push' command.

  • SECURITYApr 25 · 05:08 UTCTHE HACKER NEWS
    CISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Federal Deadline

    CISA added four actively exploited vulnerabilities to its KEV catalog, affecting SimpleHelp, Samsung MagicINFO 9 Server, and D-Link DIR-823X routers, with a federal remediation deadline set for May 2026. One vulnerability, CVE-2024-57726, has a critical CVSS score of 9.9 due to a missing authorization flaw.

  • SECURITYApr 22 · 09:29 UTCTHE HACKER NEWS
    Microsoft Patches Critical ASP.NET Core CVE-2026-40372 Privilege Escalation Bug

    Microsoft has released out-of-band updates to fix a critical privilege escalation vulnerability in ASP.NET Core, tracked as CVE-2026-40372 with a CVSS score of 9.1. The flaw, rated Important, was discovered by an anonymous researcher and involves improper verification of cryptographic mechanisms.

  • SECURITYApr 14 · 05:50 UTCTHE HACKER NEWS
    ShowDoc RCE Flaw CVE-2025-0520 Actively Exploited on Unpatched Servers

    A critical unrestricted file upload vulnerability (CVE-2025-0520/CNVD-2020-26585) in ShowDoc, a Chinese document management service, is being actively exploited. The flaw has a CVSS score of 9.4 and stems from improper validation of file uploads.

  • SECURITYApr 10 · 07:37 UTCTHE HACKER NEWS
    Marimo RCE Flaw CVE-2026-39987 Exploited Within 10 Hours of Disclosure

    A critical remote code execution vulnerability (CVE-2026-39987) in Marimo, a Python data science notebook, was exploited within 10 hours of disclosure. The flaw affects all versions up to a specific release and was identified by Sysdig with a CVSS score of 9.3.

CVSS score · Dossier · The Nexus