CVSS score
Coverage of CVSS score in the Nexus archive.
- CISA Warns of Actively Exploited Joomla JCE Flaw Allowing PHP Code Execution
CISA added a maximum-severity vulnerability in Joomla JCE to its KEV catalog, citing active exploitation. The flaw, CVE-2026-48907 with a CVSS score of 10.0, involves improper access control allowing arbitrary PHP code execution.
- LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure
A critical SQL injection vulnerability (CVE-2026-42208) in BerriAI's LiteLLM Python package was exploited in the wild within 36 hours of disclosure. The flaw, with a CVSS score of 9.3, allows attackers to modify underlying data through SQL injection attacks.
- Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push
Cybersecurity researchers discovered a critical remote code execution (RCE) vulnerability in GitHub.com and GitHub Enterprise Server, tracked as CVE-2026-3854 (CVSS score: 8.7). The flaw allows authenticated users with push access to exploit a command injection vulnerability via a single 'git push' command.
- CISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Federal Deadline
CISA added four actively exploited vulnerabilities to its KEV catalog, affecting SimpleHelp, Samsung MagicINFO 9 Server, and D-Link DIR-823X routers, with a federal remediation deadline set for May 2026. One vulnerability, CVE-2024-57726, has a critical CVSS score of 9.9 due to a missing authorization flaw.
- Microsoft Patches Critical ASP.NET Core CVE-2026-40372 Privilege Escalation Bug
Microsoft has released out-of-band updates to fix a critical privilege escalation vulnerability in ASP.NET Core, tracked as CVE-2026-40372 with a CVSS score of 9.1. The flaw, rated Important, was discovered by an anonymous researcher and involves improper verification of cryptographic mechanisms.
- ShowDoc RCE Flaw CVE-2025-0520 Actively Exploited on Unpatched Servers
A critical unrestricted file upload vulnerability (CVE-2025-0520/CNVD-2020-26585) in ShowDoc, a Chinese document management service, is being actively exploited. The flaw has a CVSS score of 9.4 and stems from improper validation of file uploads.
- Marimo RCE Flaw CVE-2026-39987 Exploited Within 10 Hours of Disclosure
A critical remote code execution vulnerability (CVE-2026-39987) in Marimo, a Python data science notebook, was exploited within 10 hours of disclosure. The flaw affects all versions up to a specific release and was identified by Sysdig with a CVSS score of 9.3.