Skip to content
Auto-CTI
Archive view — this data may be outdated.

CTI status

Joel Traber AG

As of:

Last pipeline run:

Status High

All threats

Sorted by KEV · Risk · EPSS
KEV NEW Microsoft, Adobe
100

CISA Adds Seven Known Exploited Vulnerabilities to Catalog

CISA's catalog indicates these vulnerabilities are actively exploited in the wild, elevating them from theoretical to immediate threats requiring prioritized remediation.

Critical CVSS 7.8 EPSS 50%
NEW Ubiquiti
100

CVE-2026-22563

Vulnerability specifically enables command injection on UniFi Play audio hardware, expanding the attack surface beyond core networking gear.

Medium CVSS 9.8 EPSS 0%
NEW Ubiquiti
100

CVE-2026-22564

The vulnerability allows an attacker on the UniFi Play network to enable SSH for persistent unauthorized access and system changes.

Medium CVSS 9.8 EPSS 0%
NEW Ubiquiti
100

CVE-2026-22566

This vulnerability specifically allows attackers with network access to obtain WiFi credentials from UniFi Play devices, potentially compromising wireless network security.

Medium CVSS 7.5 EPSS 0%
NEW SAP
100

CVE-2026-27677

The vulnerability allows unauthorized updates and deletions of child entities via OData services, posing a direct integrity risk to business data.

High CVSS 6.5 EPSS 0%
NEW SAP
100

CVE-2026-27678

The vulnerability specifically allows unauthorized updates and deletions of child entities via the Manage Reference Structures OData service, highlighting a critical authorization flaw in a common business function.

High CVSS 6.5 EPSS 0%
NEW SAP
100

CVE-2026-27679

Attackers can manipulate critical reference structures in SAP S/4HANA without authorization, potentially disrupting manufacturing data integrity.

High CVSS 6.5 EPSS 0%
NEW SAP
100

CVE-2026-34261

The alert details a specific authorization flaw in SAP's analytics and content modules that could lead to unauthorized data access.

Medium CVSS 6.5 EPSS 0%
NEW SAP
100

CVE-2026-34264

Describes a specific low-privilege attack vector for information disclosure in a critical ERP module.

High CVSS 6.5 EPSS 0%
NEW Siemens
100

CVE-2026-24032

The vulnerability allows unauthenticated remote attackers to bypass authentication in a critical network management system for industrial environments.

High CVSS 7.3 EPSS 0%
NEW Siemens
100

CVE-2026-25654

The vulnerability enables an authenticated attacker to reset any user's password, posing a significant internal threat to network management systems.

High CVSS 8.8 EPSS 0%
NEW SAP
95

CVE-2026-27674

Describes an unauthenticated code injection vulnerability in SAP NetWeaver Web Dynpro Java that could allow attackers to execute arbitrary code.

Critical CVSS 6.1 EPSS 0%
NEW Ivanti
84

CVE-2026-4914

The vulnerability allows authenticated attackers to obtain limited information from other user sessions via stored XSS.

Medium CVSS 5.4 EPSS 0%
NEW SAP
67

CVE-2026-27672

The vulnerability specifically bypasses authorization checks in a core SAP business application, exposing sensitive material master data.

Low CVSS 4.3 EPSS 0%
NEW SAP
67

CVE-2026-27676

The vulnerability specifically allows unauthorized updates and deletions of child entities via OData services, highlighting a targeted weakness in the Manage Technical Object Structures service.

Medium CVSS 4.3 EPSS 0%
NEW SAP
66

CVE-2026-24318

The vulnerability allows unauthenticated attackers to hijack sessions by reusing tokens, posing a direct risk to business intelligence data.

High CVSS 4.2 EPSS 0%
NEW SAP
64

CVE-2026-27683

This highlights a specific, authenticated attack vector for data exfiltration within a critical enterprise application.

Medium CVSS 4.1 EPSS 0%
NEW Siemens
58

CVE-2025-40745

Vulnerability affects multiple Siemens engineering and simulation software products widely used in manufacturing design and automation workflows.

High CVSS 3.7 EPSS 0%
NEW SAP
31

CVE-2026-27675

The advisory details a specific attack vector via an RFC-exposed function module enabling ABAP and OS command injection for high-privileged users.

Medium CVSS 2.0 EPSS 0%
What has changed since yesterday? →
ESC