The Week in Vulnerabilities: 2026 Begins with 100 PoCs and New Exploits
The 12 months could also be a bit of greater than every week previous, however menace actors have already amassed practically 100 Proof of Ideas and newly exploited vulnerabilities.
Cyble Vulnerability Intelligence researchers tracked 678 vulnerabilities in the final week, a decline from the excessive quantity of recent vulnerabilities noticed in the previous few weeks of 2025.
Almost 100 of the disclosed vulnerabilities have already got a publicly accessible Proof-of-Idea (PoC), considerably rising the chance of real-world assaults on these vulnerabilities.
A complete of 42 vulnerabilities had been rated as essential below the CVSS v3.1 scoring system, whereas 15 obtained a essential severity ranking based mostly on the newer CVSS v4.0 scoring system.
Beneath are a number of the extra vital IT and industrial management system (ICS) vulnerabilities highlighted by Cyble in current reviews to purchasers.
The Week’s Prime IT Vulnerabilities
CVE-2025-60534 is a essential authentication bypass vulnerability affecting Blue Entry Cobalt v02.000.195, which may permit an attacker to selectively proxy requests to function performance on the internet utility with out the necessity for authentication, doubtlessly permitting full admin entry to utility and door programs.
CVE-2025-68428 is a essential path traversal and native file inclusion vulnerability within the jsPDF JavaScript library’s Node.js builds. It impacts strategies like loadFile, addImage, html, and addFont, the place unsanitized consumer enter as file paths may allow attackers to learn arbitrary server information and embed their contents into generated PDFs.
CVE-2020-36923 is a medium-severity insecure direct object reference (IDOR) vulnerability in Sony BRAVIA Digital Signage 1.7.8, which may permit attackers to bypass authorization controls and entry hidden system sources like ‘/#/content-creation’ by manipulating client-side entry restrictions.
CISA added its first two vulnerabilities of 2026 to the Recognized Exploited Vulnerabilities (KEV) catalog: A 16-year-old Microsoft PowerPoint flaw and a brand new maximum-severity HPE vulnerability. The company added 245 vulnerabilities to the KEV catalog in 2025.
CVE-2025-37164 is a ten.0-severity Code Injection vulnerability in HPE’s OneView IT infrastructure administration software program as much as model 10.20 that has had a publicly accessible PoC since final month, whereas CVE-2009-0556 is a 9.3-rated Code Injection vulnerability current in Microsoft Workplace PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and PowerPoint in Microsoft Workplace 2004 for Mac that was first recognized to be exploited in April 2009.
Notable vulnerabilities mentioned in open-source communities embody CVE-2025-13915, a essential authentication bypass vulnerability in IBM API Join that might permit distant unauthenticated attackers to avoid authentication controls and acquire unauthorized entry to delicate API administration features. One other was CVE-2025-68668, a 9.9-severity sandbox bypass vulnerability within the n8n workflow automation platform’s Python Code Node that makes use of Pyodide.
One other vulnerability getting consideration is CVE-2025-52691, a maximum-severity unauthenticated arbitrary file add vulnerability in SmarterMail electronic mail servers. The flaw impacts SmarterMail variations earlier than Construct 9413 and will permit distant attackers to add malicious information to any server location with out requiring credentials, which may result in distant code execution (RCE), full server compromise, information theft, or ransomware deployment.
Cyble darkish internet researchers noticed a menace actor (TA) on a cybercrime discussion board promoting a zero-day vulnerability allegedly affecting the newest model of Microsoft Phrase. The TA described the vulnerability as affecting a Dynamic Hyperlink Library (DLL) module that Microsoft Phrase hundreds with out correct verification because of the absence of absolute path validation, allegedly enabling distant code execution and native privilege escalation exploitation. The TA didn’t present technical proof of idea, affected model numbers, or impartial verification; due to this fact, the declare stays unverified.
ICS Vulnerabilities
Three ICS vulnerabilities additionally advantage precedence consideration by safety groups.
CVE-2025-3699 is a Lacking Authentication for Crucial Perform vulnerability affecting a number of variations of Mitsubishi Electrical Air Conditioning Programs. Profitable exploitation of the vulnerability may have far-reaching penalties past easy unauthorized entry. By bypassing authentication, an attacker may acquire full management over the air-con system, enabling them to control environmental circumstances inside industrial services. This might result in tools overheating, disruption of medical environments, or manufacturing downtime. Moreover, entry to delicate info saved inside the system, resembling configuration information, consumer credentials, or operational logs, may present attackers with useful intelligence for additional compromise.
CVE-2025-59287, a vulnerability disclosed by Microsoft within the Home windows Server Replace Providers (WSUS) utility, impacts servers operating Schneider Electrical EcoStruxure Foxboro DCS Advisor. Deserialization of untrusted information in WSUS may permit an unauthorized attacker to execute code over a community.
CVE-2018-4063 is a distant code execution vulnerability within the add.cgi performance of Sierra Wi-fi AirLink ES450 FW 4.9.3 that was added to CISA’s KEV database final month after assaults had been detected on OT community perimeter units.
Conclusion
New vulnerabilities declining nearer to long-term tendencies can be welcome information if it continues, however that also leaves safety groups with a whole bunch of recent vulnerabilities every week to take care of, lots of which have PoCs or lively exploits. In that difficult surroundings, fast, well-targeted actions are wanted to patch essentially the most essential vulnerabilities and efficiently defend IT and demanding infrastructure. A risk-based vulnerability administration program needs to be on the coronary heart of these defensive efforts.
Different cybersecurity finest practices that may assist guard towards a variety of threats embody segmentation of essential property; eradicating or defending web-facing property; Zero-Belief entry rules; ransomware-resistant backups; hardened endpoints, infrastructure, and configurations; community, endpoint, and cloud monitoring; and well-rehearsed incident response plans.
Cyble’s complete assault floor administration options may also help by scanning community and cloud property for exposures and prioritizing fixes, along with monitoring for leaked credentials and different early warning indicators of main cyberattacks.
