Skip to content
Auto-CTI

What has changed?

Comparing 20 May 2026 with the previous day 19 May 2026.

Newly added

12
NEW
92

CVE-2026-45585

Public release of a proof-of-concept for a Windows security feature bypass (YellowKey) prior to patch availability significantly elevates attack risk and requires immediate mitigation measures across all Windows servers.

Critical CVSS 6.8 EPSS 0%
NEW
90

CVE-2026-45584

An RCE vulnerability in Microsoft Defender threatens the integrity of the company's endpoint protection infrastructure and could allow attackers to bypass defensive mechanisms.

Critical CVSS 8.1 EPSS 0%
NEW
86

CVE-2026-41091

The vulnerability enables local privilege escalation through improper symlink resolution in Microsoft Defender, requiring an already-authorized attacker on the system.

Critical CVSS 7.8 EPSS 0%
NEW
40

CVE-2026-45498

A DoS vulnerability in Microsoft Defender is primarily an availability issue for endpoint protection infrastructure requiring prompt patching, but lacks active campaign activity or geopolitical implications for the DACH region.

Medium CVSS 4.0 EPSS 0%
NEW
20

[UPDATE] Oracle MySQL: Mehrere Schwachstellen

BSI advisory on multiple MySQL vulnerabilities without specific CVE details; if MySQL is used as a database backend for SAP Business One or Abacus ERP, patches should be prioritized.

Low
NEW
12

Windows Zero-Day Barrage Continues After Patch Tuesday

GreenPlasma and Nightmare Eclipse are actively exploitable Windows privilege escalation vulnerabilities with publicly available PoC exploits that work on fully patched systems and enable lateral movement and credential harvesting.

Low

Newly KEV-listed

0

No changes in this category.

Score moved

0

No changes in this category.

No longer in report

7
KEV NEW Microsoft
100

Microsoft Exchange Zero-Day Under Attack, No Patch Available

Active exploitation of an unpatched Microsoft Exchange zero-day without available patch indicates coordinated nation-state or APT campaign and requires immediate mitigation measures for affected production environments.

Critical CVSS 8.1 EPSS 12%
NEW Storm-2949
20

How Storm-2949 turned a compromised identity into a cloud-wide breach

Storm-2949 demonstrates how attackers leverage compromised identities for lateral movement across cloud-wide systems,a critical risk for organizations dependent on Microsoft 365 and Entra ID, especially in the DACH region facing elevated APT pressure.

High
NEW
20

The New Phishing Click: How OAuth Consent Bypasses MFA

The attack bypasses MFA not through technical vulnerabilities, but via social engineering of fake device-login prompts that trick users into OAuth consent, exfiltrating tokens , a paradigm shift from technical to social attack patterns.

High
ESC