Path-traversal vulnerability CVE-2026-5027 in Langflow enables remote code execution and is actively exploited, though a patch has been available since April.
Oracle has patched a critical vulnerability in PeopleSoft Suite (CVE-2026-35273) enabling unauthenticated remote code execution that is already being actively exploited in targeted data theft campaigns by the ShinyHunter group.
Ubiquiti UniFi OS contains multiple critical security vulnerabilities that can lead to unauthenticated code execution, information disclosure, and privilege escalation.
The Sentry vulnerabilities CVE-2026-10523 and CVE-2026-10520 enable unauthenticated attackers to bypass authentication and achieve Remote Code Execution with root privileges, requiring immediate patching to versions 10.5.2, 10.6.2, or 10.7.1.
Of 206 patched vulnerabilities, 39 are classified as critical, including 56 remote code execution and 63 privilege escalation flaws, with three publicly disclosed zero-days.
