Skip to content
Auto-CTI

What has changed?

Comparing 29 May 2026 with the previous day 22 May 2026.

Newly added

83
KEV NEW
75

CVE-2026-0265: Authentication Bypass in Palo Alto Networks PAN-OS

CVE-2026-0265 enables authentication bypass in Palo Alto Networks firewalls with Cloud Authentication Service enabled; no public exploits available yet but practical exploitability confirmed with technical details pending disclosure.

Critical CVSS 9.8 EPSS 5%
Kimsuky
80

Kimsuky targets organizations with PebbleDash-based tools

Kimsuky has developed two variants of the httpMalice backdoor: an HTTP/HTTPS variant (v1.9) with Windows service persistence and an older Dropbox-API-based variant (v1.8), which could target European and DACH organizations.

Critical
NEW
47

[UPDATE] OpenSSL: Multiple Vulnerabilities

BSI warning regarding multiple OpenSSL vulnerabilities with potential code execution and denial-of-service; update information without specific CVE details in this summary.

Critical
NEW
20

CVE-2026-9933

This is a pure patch notification with no evidence of active exploitation or coordinated attacks; the vulnerability requires targeted user interaction.

High EPSS 0%
NEW
20

7-Zip: Multiple Vulnerabilities

BSI warns of multiple unspecified vulnerabilities in 7-Zip triggered by user interaction with manipulated files,advisory lacks CVE numbers or PoC details.

High

Newly KEV-listed

0

No changes in this category.

Score moved

0

No changes in this category.

No longer in report

47
NEW
92

CVE-2026-33000

A privilege-escalation vulnerability in UniFi OS enables remote command execution for attackers with network access, directly compromising the central network-management infrastructure.

Critical CVSS 9.1 EPSS 0%
NEW
92

CVE-2026-34908

An access control vulnerability in UniFi OS allows network-adjacent attackers to make unauthorized system changes without requiring authentication.

Critical CVSS 10.0 EPSS 0%
NEW
92

CVE-2026-34909

Network access alone is sufficient to exploit a path-traversal vulnerability in UniFi devices for file manipulation and account compromise, without requiring authentication.

Critical CVSS 10.0 EPSS 0%
NEW
92

CVE-2026-34910

The vulnerability enables direct command execution on UniFi devices through network access by exploiting improper input validation, requiring immediate patch prioritization in Joel Traber AG's infrastructure.

Critical CVSS 10.0 EPSS 0%
NEW
51

Ubiquiti UniFi OS Server: Multiple Vulnerabilities

BSI warns of multiple production-in-use vulnerabilities in UniFi OS Server with direct RCE potential; absence of CVE numbers suggests possible zero-days or coordinated disclosure.

Critical
NEW
20

[UPDATE] Linux Kernel: Multiple Vulnerabilities

The advisory lacks specificity regarding affected kernel versions and CVE identifiers; further details are required to assess exploitation status and patching priority for Ubuntu 24.04 LTS.

High
20

[UPDATE] Linux Kernel: Multiple Vulnerabilities

BSI advisory on multiple Linux kernel vulnerabilities without specific CVE disclosure or PoC status; concrete patch status and affected versions must be obtained from the full BSI report.

High
20

Adobe Acrobat DC: Multiple Vulnerabilities

The BSI alert on multiple RCE and privilege escalation vulnerabilities in Adobe Acrobat DC/Reader DC requires immediate patching action for all affected systems in the company.

High
NEW
12

CVE-2026-39832

OpenSSH-based remote access scenarios at Joel Traber AG may be affected by a vulnerability that bypasses key access restrictions and permits unrestricted use of forwarded keys on remote hosts.

High EPSS 0%
0

Microsoft Edge: Multiple Vulnerabilities

The BSI warns of multiple unspecified vulnerabilities in Microsoft Edge enabling information disclosure and manipulation; user interaction is required for exploitation.

Medium
ESC