Over 1,100 New IT Vulnerabilities Disclosed as Critical Flaws Dominate Weekly Report

CyberDefender 8 mins0

In the past week, cybersecurity researchers at Cyble have closely tracked and analyzed the latest wave of IT vulnerabilities affecting software and infrastructure worldwide. Between emerging exploits, widely discussed flaws in open-source projects, and additions to key security catalogs, the landscape continues to evolve rapidly — underscoring the ongoing challenge for defenders working to keep systems secure.

A Steep Rise in Reported Flaws

Over the last seven days Vulnerability Intelligence team flagged 1,147 newly disclosed vulnerabilities, a figure that highlights the enormous volume of risk organizations must manage today. Of these, more than 128 vulnerabilities already have public Proof-of-Concept (PoC) exploits, significantly increasing the possibility of in-the-wild attacks.

Under established scoring systems used by security teams, a substantial portion of these flaws are classified as high risk:

  • 108 vulnerabilities received a critical score under CVSS v3.1, and
  • 54 vulnerabilities were rated critical using the more recent CVSS v4.0 standard.

High CVSS scores typically indicate that a flaw can lead to remote code execution, privilege escalation, authentication bypass, or other serious impacts — meaning defenders must prioritize patching and mitigation accordingly.

Notable Vulnerabilities Identified This Week

Among the many issues observed by researchers, several stand out due to active exploit attempts, discussion on underground forums, or broad impact across widely used software:

1. n8n Remote Code Execution (CVE-2025-68613)

A critical flaw in the popular n8n open-source workflow automation platform has been detected in attack attempts. Poor isolation of user-supplied workflow expressions could allow arbitrary code execution with the privileges of the affected n8n instance. Patches are available in versions 1.120.4, 1.121.1, and 1.122.0.

2. WinRAR Path Traversal (CVE-2025-8088)

A high-severity path traversal vulnerability in WinRAR has been widely discussed in open-source communities. By crafting malicious RAR archives that exploit alternate data streams (ADS), attackers can place malicious payloads in sensitive system locations, potentially achieving code execution or persistence. This issue was previously added to the CISA Known Exploited Vulnerabilities (KEV) catalog.

3. OpenSSL Stack Buffer Overflow (CVE-2025-15467)

A critical bug affecting multiple OpenSSL releases impacts the CMS (Cryptographic Message Syntax) AuthEnvelopedData parsing when using AEAD ciphers like AES-GCM. Attackers can trigger a stack buffer overflow, which may lead to remote code execution under certain conditions. Versions with FIPS modules, and older variants like OpenSSL 1.1.1 and 1.0.2, are not affected.

4. Fortinet Authentication Bypass (CVE-2026-24858)

Added to CISA’s KEV catalog, this authentication bypass in Fortinet products allows remote attackers to circumvent access controls, potentially gaining unauthorized entry without valid credentials.

5. Zimbra Webmail LFI (CVE-2025-68645)

A Local File Inclusion vulnerability in the Zimbra Collaboration Suite’s Webmail Classic UI can be abused to read sensitive files from the server. Such flaws are often used to gather credentials, configuration data, or other low-level information that aids attackers in crafting further attacks.

6. GNU Inetutils Telnetd Auth Bypass (CVE-2026-24061)

This critical flaw affects the GNU Inetutils telnet daemon (telnetd). Improper argument neutralization lets attackers inject a root-level argument into the USER environment variable. A successful exploit results in immediate root access over the network. Dark-web discussions indicate that threat actors are already exploring weaponization.

7. Zabbix Agent Privilege Escalation (CVE-2025-27237)

A high-severity local privilege escalation issue in Zabbix Agent arises from uncontrolled search paths when loading OpenSSL configuration files. By modifying this file with a malicious DLL, attackers can elevate privileges to SYSTEM on Windows hosts.

8. Appsmith Authentication Bypass (CVE-2026-22794)

A critical flaw in Appsmith occurs when the application trusts a user-controlled HTTP “Origin” header during security-sensitive workflows like password resets. Exploiting this allows attackers to obtain authentication tokens and take over accounts — including admin users.

Industrial Control Systems Also Affected

The report also notes vulnerabilities impacting Industrial Control Systems (ICS) — for example, Festo Didactic SE MES PCs shipped with outdated XAMPP stacks containing hundreds of third-party software flaws. CISA advisories recommend replacing XAMPP with updated control panel applications to mitigate these risks.

What This Means for Security Teams

The sheer volume of vulnerabilities reported each week — especially those with publicly available PoCs — shows that risk is expanding faster than ever. Open-source projects, widely deployed enterprise products, and foundational cryptographic libraries are frequent targets, from grassroots exploit development to active discussions on underground forums.

To stay ahead, organizations should focus on:

  • Prioritizing vulnerabilities based on real risk, not just severity scores.
  • Protecting exposed internet-facing assets with layered defenses.
  • Segmenting networks to reduce blast radius if a compromise occurs.
  • Hardening endpoints and infrastructure to make exploitation more difficult.
  • Applying multi-factor authentication and least-privilege access controls.
  • Monitoring threat intelligence streams to catch early indicators of exploitation.

While razor-sharp vigilance and patching discipline won’t eliminate risk entirely, they make it significantly harder for attackers to turn known vulnerabilities into widespread breaches.

CyberDefender