CVE-2026-48907 in Joomla JCE enables unauthenticated code execution with CVSS 10.0 and is being actively exploited, while large-scale WordPress attack campaigns run parallel through manipulated plugins.
Cisco ISE contains multiple vulnerabilities that compromise critical system functions (code execution, privilege escalation, data access) and pose a high risk to network authentication.
Attackers could pre-register cloud storage buckets based on predictable naming schemes derived from project ID and region to replace uploaded models with malware before Vertex AI loaded them.
Path-traversal vulnerability CVE-2026-5027 in Langflow enables remote code execution and is actively exploited, though a patch has been available since April.