The Hugging Face RCE vulnerability CVE-2026-4372 silently exposed 2.2 billion Transformers installs to remote code execution for six months by bypassing the trust_remote_code=False safety control through a poisoned AI model config. Patch to version 5.3.0 immediately and audit your ML environments for compromise.

The Redis RCE vulnerability DarkReplica CVE-2026-23631 lets authenticated attackers gain full host control via Lua use-after-free during replication. One of five Redis RCE flaws patched May 5, 2026. Patch to fixed releases and audit for compromise immediately.

The Check Point VPN zero-day CVE-2026-50751 lets unauthenticated attackers bypass authentication entirely via a deprecated IKEv1 logic flaw and has been actively exploited by Qilin ransomware since May 7, 2026. Apply the emergency hotfix, disable IKEv1, and investigate the full one-month exposure window now.

The Veeam Backup RCE vulnerability CVE-2026-44963 gives any authenticated domain user code execution on Backup Servers with a CVSS 9.4 score. Ransomware groups have a documented history of weaponizing Veeam RCE flaws within weeks of disclosure. Patch to version 12.3.2.4854 immediately.

CISA warned that the Google Chromium zero-day CVE-2026-11645 is actively exploited via a V8 out-of-bounds memory flaw triggered by a crafted webpage. The fifth Chrome zero-day of 2026 affects Chrome, Edge, Brave, and all Electron runtimes. Update to Chrome 149.0.7827.102 immediately.

The Oracle PeopleSoft zero day RCE vulnerability CVE 2026 35273 is being actively exploited to compromise enterprise environments, steal sensitive data, and conduct extortion campaigns against organizations worldwide.

The Palo Alto VPN vulnerability CVE-2026-0257 allows unauthenticated attackers to forge authentication override cookies and bypass GlobalProtect completely. Rapid7 confirmed active exploitation from May 17, 2026. CISA listed it in the KEV catalog. Patch all firewalls now.

The PeopleSoft zero-day CVE-2026-35273 let ShinyHunters achieve unauthenticated remote code execution against more than 100 organizations weeks before Oracle's patch existed. Security teams must patch immediately and hunt for signs of prior compromise.

The RoguePlanet exploit abuses a Microsoft Defender race condition to grant SYSTEM level access on fully patched Windows machines, with no official patch currently available. Security teams should deploy compensating controls now while tracking the vendor's response closely.

The Splunk Enterprise vulnerability CVE-2026-20253 lets unauthenticated attackers achieve remote code execution on fully unpatched SIEM deployments and is actively exploited in the wild. Patch to version 10.2.4 or 10.0.7 immediately or take vulnerable instances offline now.

The FortiBleed attack exposed working admin passwords for 86,644 Fortinet FortiGate firewalls across 194 countries. CISA confirms active exploitation. Reset all credentials and enable MFA right now.