CVE-2025-66376 is a cross-site scripting vulnerability in Synacor Zimbra Collaboration Suite's Classic UI that allows unauthenticated attackers to inject JavaScript via CSS @import directives in HTML emails. Successful exploitation enables session hijacking, credential theft, and full mailbox access within the victim's authenticated session. CISA requires federal agencies to apply Synacor's patch by April 1, 2026.

CVE-2026-20963 is a deserialization of untrusted data vulnerability in Microsoft SharePoint that allows unauthenticated remote attackers to execute arbitrary code in the context of the SharePoint service account. Successful exploitation can lead to lateral movement, credential theft, and persistent access across connected Microsoft environments. CISA mandates federal agency patching by March 21, 2026, and all organizations should treat this as a critical priority remediation.

CVE-2025-47813 is an unauthenticated information disclosure vulnerability in Wing FTP Server that triggers verbose error messages containing sensitive data when an oversized UID cookie value is submitted. No authentication is required to exploit the flaw, making it accessible to any attacker with network reach to an affected instance. CISA has added this CVE to its Known Exploited Vulnerabilities catalog, with federal agencies required to patch by March 30, 2026.

CVE-2026-3909 is an out-of-bounds write vulnerability in Google's Skia graphics engine that allows remote code execution via crafted HTML pages. The flaw affects Google Chrome, ChromeOS, Android, Flutter, and any third-party software using Skia. CISA has mandated federal agency patching by 2026-03-27, and organizations should apply available updates immediately and audit all Skia-dependent software.

CVE-2026-3910 is an out-of-bounds memory buffer vulnerability in Google's Chromium V8 JavaScript engine that allows a remote attacker to execute arbitrary code within the V8 sandbox via a crafted HTML page. The flaw affects all Chromium-based browsers including Google Chrome, Microsoft Edge, and Opera. CISA requires federal agencies to patch by March 27, 2026, and all organizations should deploy updates within 24 to 48 hours of vendor release.

Microsoft’s March 2026 Patch Tuesday addresses 77 vulnerabilities including critical privilege escalations in SQL Server and remote code execution flaws in Microsoft Office. Notably, a severe RCE vulnerability discovered by an AI agent was patched without requiring user action. Enterprise administrators should prioritize these updates to mitigate high-risk attack vectors.

CVE-2025-68613 is a remote code execution vulnerability in n8n's workflow expression evaluation engine, caused by improper control of dynamically managed code resources. Attackers with workflow creation access — including unauthenticated users on exposed instances — can execute arbitrary commands with n8n process privileges, potentially compromising credentials and all connected systems. CISA has mandated federal agency remediation by March 25, 2026; all organizations should patch immediately, restrict workflow permissions, and block external access to n8n interfaces.

CVE-2021-22054 is an unauthenticated server-side request forgery vulnerability in Omnissa Workspace ONE UEM that allows network-adjacent attackers to forge requests through the UEM server and access sensitive internal resources without credentials. CISA has added this CVE to its Known Exploited Vulnerabilities catalog with a federal patch deadline of March 23, 2026. Organizations should apply Omnissa patches immediately, restrict network access to UEM management interfaces, and hunt for signs of prior exploitation in UEM and network logs.

CVE-2025-26399 is an unauthenticated remote code execution vulnerability in the AjaxProxy component of SolarWinds Web Help Desk, caused by deserialization of untrusted data without validation. An attacker with network access to the application can execute arbitrary commands on the host server. CISA has added this CVE to the Known Exploited Vulnerabilities catalog, mandating federal agency remediation by March 12, 2026.

CVE-2026-1603 is an authentication bypass vulnerability in Ivanti Endpoint Manager (EPM) that allows remote, unauthenticated attackers to access stored credential data including domain accounts, API keys, and service account passwords. Exploitation enables lateral movement and privilege escalation across all endpoints managed by the affected EPM instance. CISA has mandated federal agency remediation by March 23, 2026, and all organizations running Ivanti EPM should apply patches immediately and rotate affected credentials.

OpenClaw, an autonomous AI assistant, suffers from a critical vulnerability where its web administration interface is often exposed online, allowing attackers to steal credentials and control the system remotely. This flaw enables impersonation, data exfiltration, and supply chain attacks, emphasizing the need for strict access controls and prompt security patching.

CVE-2017-7921 is an improper authentication vulnerability in multiple Hikvision DVRs, NVRs, and IP cameras that allows unauthenticated attackers to escalate privileges and access sensitive data over the network without valid credentials. CISA has mandated federal agency remediation by March 26, 2026, confirming active exploitation in the wild. Organizations should apply Hikvision firmware patches immediately, isolate management interfaces behind VPN, and audit all Hikvision devices for default credentials.