VulnCheck
-
MetInfo CMS flaw under active exploitation after April patch
Threat actors are exploiting a critical MetInfo CMS flaw, CVE-2026-29014, that can enable remote code execution. VulnCheck said activity began on April 25 and intensified on May 1, after MetInfo released patches on April 7.
-
ShowDoc flaw under active exploitation as users urged to update
A critical ShowDoc flaw tracked as CVE-2025-0520 is being actively exploited, with attackers using it to drop web shells on a U.S. honeypot. The bug affects older versions of the software and was fixed in 2020.
-
Critical Sneeit WordPress plugin RCE actively exploited, security firm reports
A critical remote code execution flaw (CVE-2025-6389) in the Sneeit Framework WordPress plugin is being exploited in the wild; Wordfence said attackers have created admin accounts and uploaded web shells. The issue affects versions up to 8.3 and was fixed in 8.4. Separately, VulnCheck observed an ICTBroadcast exploit delivering a DDoS botnet called “frost.”
-
CISA adds OpenPLC ScadaBR XSS flaw to Known Exploited Vulnerabilities list amid active attacks
CISA added CVE-2021-26829, a cross-site scripting flaw in OpenPLC ScadaBR, to its Known Exploited Vulnerabilities catalog after evidence of active exploitation tied to a hacktivist operation; Forescout and VulnCheck reported related intrusions and a sustained OAST-driven exploit campaign.
-
Critical ICTBroadcast flaw (CVE-2025-2611) exploited to deploy reverse shells
A critical input-validation flaw in ICTBroadcast (CVE-2025-2611, CVSS 9.3) allows unauthenticated command injection via a session cookie; researchers including VulnCheck say the bug is being exploited to run reverse shells on exposed servers, and no patch information is currently available.
