CVE Intelligence Archive

Cisco Secure Firewall Management Center — RCE

CVE-2026-20131 (CRITICAL, CVSS 10.0) in Cisco actively exploited (CISA KEV): A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to execute arbitrary Java code as roo...

Laravel Livewire — Unauthenticated Remote Code Execution via Property Hydration

CVE-2025-54068 is a remote code execution vulnerability in Laravel Livewire v3 through version 3.6.3, caused by insecure handling of attacker-controlled data during component property update hydration. An unauthenticated attacker can achieve remote command execution on applications with vulnerable component configurations, requiring no credentials and no user interaction. CISA added this to the KEV catalog on March 20, 2026 following confirmed active exploitation by an Iranian threat actor using a dedicated Nuclei scanning template recovered from a live C2 server.

Craft CMS — Unauthenticated Remote Code Execution via Image Transform Endpoint

CVE-2025-32432 is a CVSS 10.0 unauthenticated remote code execution vulnerability in Craft CMS, affecting all major version lines from 3.x through 5.x. Attackers exploit an insecure PHP object deserialization path in the image transformation endpoint, requiring no credentials and no user interaction. Active exploitation began in February 2025 and CISA added this to the KEV catalog on March 20, 2026 with a federal remediation deadline of April 3.

Google Chrome — Out-of-Bounds Write

CVE-2026-3909 (HIGH, CVSS 8.8) in Google actively exploited (CISA KEV): Out of bounds write in Skia in Google Chrome prior to 146.

Dell Recoverpoint For Virtual Machines — CWE-798

CVE-2026-22769 (CRITICAL, CVSS 10.0) in Dell actively exploited (CISA KEV): Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credential vulnerability allowing unauthenticated remote attackers to gain root-level access to the underlying operating system.