Top Critical CVEs

The highest severity vulnerabilities ranked by CVSS score. 50 critical advisories tracked, with scores up to 10.

50
Critical CVEs
10
Highest CVSS
43
Perfect 10.0
CVE-2026-4149 Apr 11, 2026

Sonos Era 300 unauthenticated SMB RCE (CVE-2026-4149)

CVSS 10
CVE-2026-40175 Apr 10, 2026

Axios Prototype Pollution leads to RCE (CVE-2026-40175)

CVSS 10
CVE-2026-39337 Apr 7, 2026

ChurchCRM unauthenticated RCE (CVE-2026-39337)

CVSS 10
CVE-2025-54328 Apr 6, 2026

Samsung Exynos SMS Buffer Overflow (CVE-2025-54328)

CVSS 10
CVE-2026-34208 Apr 6, 2026

SandboxJS Sandbox Escape (CVE-2026-34208)

CVSS 10
CVE-2026-34976 Apr 6, 2026

Dgraph Unauthenticated Database Overwrite (CVE-2026-349

CVSS 10
CVE-2026-32213 Apr 3, 2026

Azure AI Foundry Privilege Escalation (CVE-2026-32213)

CVSS 10
CVE-2026-33105 Apr 3, 2026

Azure Kubernetes Privilege Escalation (CVE-2026-33105)

CVSS 10
CVE-2026-33107 Apr 3, 2026

Azure Databricks SSRF (CVE-2026-33107)

CVSS 10
CVE-2026-34938 Apr 3, 2026

PraisonAI Critical RCE (CVE-2026-34938)

CVSS 10
CVE-2025-15379 Mar 30, 2026

Software Command Injection (CVE-2025-15379) - Patch Now

CVSS 10
CVE-2026-30302 Mar 27, 2026

Software Command Injection (CVE-2026-30302) - Patch Now

CVSS 10
CVE-2026-4688 Mar 24, 2026

Firefox Use-After-Free (CVE-2026-4688)

CVSS 10 Mozilla Firefox, Mozilla Firefox
CVE-2026-4725 Mar 24, 2026

Firefox Use-After-Free (CVE-2026-4725)

CVSS 10 Mozilla Firefox
CVE-2026-33478 Mar 23, 2026

WWBN AVideo RCE (CVE-2026-33478)

CVSS 10
CVE-2026-3587 Mar 23, 2026

Linux Vulnerability (CVE-2026-3587)

CVSS 10
CVE-2026-33054 Mar 20, 2026

Python Path Traversal (CVE-2026-33054)

CVSS 10
CVE-2026-32169 Mar 19, 2026

Software SSRF Flaw (CVE-2026-32169) - Patch Now

CVSS 10
CVE-2026-26954 Mar 13, 2026

CVE-2026-26954: SandboxJS

CVSS 10 Java
CVE-2026-31852 Mar 11, 2026

iOS RCE (CVE-2026-31852)

CVSS 10 iOS, GitHub
CVE-2026-31957 Mar 11, 2026

Microsoft Vulnerability (CVE-2026-31957)

CVSS 10 Microsoft, Azure
CVE-2025-48611 Mar 10, 2026

CVE-2025-48611: In DeviceId

CVSS 10 Java
CVE-2026-30966 Mar 10, 2026

Node.js RCE (CVE-2026-30966)

CVSS 10 Node.js
CVE-2026-0848 Mar 5, 2026

CVE-2026-0848: NLTK [PoC]

CVSS 10 Java
CVE-2026-20079 Mar 4, 2026

Cisco Vulnerability (CVE-2026-20079) [PoC]

CVSS 10 Cisco
CVE-2026-20131 Mar 4, 2026

Cisco Vulnerability (CVE-2026-20131) [PoC]

CVSS 10 Cisco, Java
CVE-2026-28289 Mar 3, 2026

CVE-2026-28289: Php [PoC]

CVSS 10 PHP, Laravel
CVE-2026-21718 Feb 27, 2026

Software Authentication Bypass (CVE-2026-21718) - Patch Now

CVSS 10
CVE-2026-28409 Feb 27, 2026

CVE-2026-28409: WeGIA RCE — Critical — Patch Now

CVSS 10
CVE-2026-20127 Feb 25, 2026

Cisco Vulnerability (CVE-2026-20127) [PoC]

CVSS 10 Cisco
CVE-2026-27597 Feb 25, 2026

CVE-2026-27597: Enclave

CVSS 10 Java
CVE-2026-23693 Feb 23, 2026

Wordpress Vulnerability (CVE-2026-23693)

CVSS 10 WordPress
CVE-2021-35402 Feb 20, 2026

Software Command Injection Flaw (CVE-2021-35402) - Patch Now

CVSS 10
CVE-2025-30411 Feb 20, 2026

Linux Vulnerability (CVE-2025-30411)

CVSS 10 Windows, Linux
CVE-2025-30412 Feb 20, 2026

Linux Vulnerability (CVE-2025-30412)

CVSS 10 Windows, Linux
CVE-2025-30416 Feb 20, 2026

Linux Vulnerability (CVE-2025-30416)

CVSS 10 Windows, Linux
CVE-2025-12107 Feb 19, 2026

CVE-2025-12107: Due

CVSS 10 Wso2 Identity Server
CVE-2025-14009 Feb 18, 2026

CVE-2025-14009:

CVSS 10
CVE-2026-22769 Feb 17, 2026

CVE-2026-22769: Dell — Actively Exploited

CVSS 10 Dell
CVE-2026-2577 Feb 16, 2026

Sap Vulnerability (CVE-2026-2577)

CVSS 10
CVE-2025-69770 Feb 13, 2026

CVE-2025-69770:

CVSS 10
CVE-2026-26216 Feb 12, 2026

Docker RCE Vulnerability (CVE-2026-26216)

CVSS 10 Docker, Python
CVE-2025-64075 Feb 11, 2026

Software Path Traversal Flaw (CVE-2025-64075) - Patch Now

CVSS 10
CVE-2026-20147 Apr 15, 2026

Cisco ISE authenticated command execution (CVE-2026-20147)

CVSS 9.9
CVE-2026-20180 Apr 15, 2026

Cisco ISE authenticated command injection to root (CVE-2026-20180)

CVSS 9.9
CVE-2026-20186 Apr 15, 2026

Cisco ISE authenticated command injection (CVE-2026-20186)

CVSS 9.9
CVE-2026-27681 Apr 14, 2026

SAP BPC/BW SQL injection, unauth data access (CVE-2026-27681)

CVSS 9.9
CVE-2026-40089 Apr 9, 2026

CVE-2026-40089: Sonicverse SSRF

CVSS 9.9
CVE-2026-39888 Apr 8, 2026

PraisonAI RCE (CVE-2026-39888)

CVSS 9.9
CVE-2026-39355 Apr 7, 2026

Genealogy App Privilege Escalation (CVE-2026-39355)

CVSS 9.9
Browse all advisories

Never Miss a Critical Alert

CVE advisories, breach reports, and threat intel — delivered daily to your inbox.