External Risk Intelligence

SAP S/4HANA (SAP Enterprise Search for ABAP) could allow an authenticated user to execute database commands, potentially exposing sensitive database information or disrupting service availability. Because this requires existing access, it is primarily a risk regarding malicious insiders or compromised accounts.

NVD published May 12, 2026 (11 hours ago)

The oxyno-zeta/s3-proxy gateway could allow external attackers to read, modify, or delete files, potentially exposing sensitive customer data in protected S3 namespaces. This flaw circumvents security controls, risking the integrity of these critical storage assets.

NVD published May 11, 2026 (18 hours ago)

The FireFighter application could allow external attackers to manipulate system requests to retrieve temporary AWS credentials. This potentially exposes your cloud infrastructure, operational systems, and sensitive data to compromise.

NVD published May 11, 2026 (19 hours ago)

The Download From Files plugin for WordPress could allow external attackers to upload malicious scripts, potentially compromising operational systems, customer data, and service availability. While the vulnerability is not currently being actively exploited, public exploit code exists, increasing the risk of misuse.

NVD published May 10, 2026 (2 days ago)

The WordPress MStore API plugin could allow external attackers to execute remote code on the server, potentially compromising operational systems and sensitive files. While public exploit code exists, there is no evidence of active, widespread exploitation at this time.

NVD published May 10, 2026 (2 days ago)

PHP versions utilizing the SOAP extension could allow external attackers to take full control of the server. This could potentially expose sensitive files and customer data or lead to operational disruption.

NVD published May 10, 2026 (2 days ago)

ArchiveBox could allow external attackers to execute arbitrary commands and take full control of the server, potentially exposing sensitive files, operational systems, and service availability. There is currently no evidence of active exploitation.

NVD published May 9, 2026 (3 days ago)

BerriAI LiteLLM proxy servers could allow external attackers to inject commands into the underlying database, potentially exposing sensitive API credentials and proxy configurations. This vulnerability is actively being exploited, making immediate remediation critical for any internet-facing instances.

NVD published May 8, 2026 (4 days ago) • CISA KEV

Azure AI Foundry M365 agents could allow external attackers to gain administrative access. This could result in a loss of control over your systems, potentially impacting administrative functions and operational security.

NVD published May 7, 2026 (5 days ago)

Ivanti Endpoint Manager Mobile could allow an attacker with stolen administrative credentials to gain full control over the mobile device management infrastructure. This flaw is being actively exploited in the wild, creating a significant risk for organizations with internet-facing management portals.

NVD published May 7, 2026 (5 days ago) • CISA KEV

Palo Alto Networks PAN-OS firewalls with internet-facing User-ID Authentication Portals could allow external attackers to gain full administrative control. This vulnerability is being actively exploited in the wild, posing a severe risk of complete network infrastructure compromise.

NVD published May 6, 2026 (6 days ago) • CISA KEV

cPanel, WHM, and WP2 software could allow external attackers to bypass authentication and gain admin access to control panels. This vulnerability is subject to active, mass exploitation in ransomware campaigns, potentially leading to the compromise of critical operational systems and business services.

NVD published April 29, 2026 (13 days ago) • CISA KEV

Cisco Catalyst SD-WAN Manager could allow external attackers with compromised read-only credentials to gain administrative privileges, potentially granting full control over the SD-WAN infrastructure. This flaw is being actively exploited, posing a critical risk to internet-exposed management consoles.

NVD published February 25, 2026 (3 months ago) • CISA KEV

Dell RecoverPoint for Virtual Machines could allow external attackers to exploit hardcoded credentials and gain full root-level control of the system. This actively exploited vulnerability poses a critical risk to business operations if these management interfaces are reachable via the network.

NVD published February 17, 2026 (3 months ago) • CISA KEV

Joomla! could allow external attackers to extract data from web services, potentially exposing sensitive system configurations or customer information. This vulnerability is confirmed to be under active exploitation.

NVD published February 16, 2023 (3 years ago) • CISA KEV