CVE-2026-46817 in Oracle E-Business Suite is already being exploited by attackers and enables complete takeover of affected systems by bypassing authentication and privilege control mechanisms.
Path-traversal vulnerability CVE-2026-5027 in Langflow enables remote code execution and is actively exploited, though a patch has been available since April.
CVE-2026-20245 in Cisco SD-WAN Manager is actively being exploited and requires local authentication and netadmin privileges, but can be chained with exploits of older authentication bypass vulnerabilities.
A stack-based buffer vulnerability in Windows Netlogon is being actively exploited in the wild to compromise domain controllers – patches from May 12, 2026 are required.
A two-year-old WebLogic vulnerability is listed on CISA’s catalog of actively exploited vulnerabilities, signaling attackers to target long-unpatched systems.