Here are the top critical CVEs as of May 2026:
• CVE-2026-0073 (Google Android Zero-Click Vulnerability): Allows remote code execution on Android devices without user interaction, exploitable on the same local network. Updates have been released.
• CVE-2026-0300 (Palo Alto Networks PAN-OS Buffer Overflow): Enables unauthenticated remote code execution with root privileges on PAN-OS, especially when the User-ID Authentication Portal is exposed. Limited exploitation has been observed.
• CVE-2026-41940 (cPanel & WHM Authentication Bypass): A critical vulnerability leading to authentication bypass and elevated control of cPanel/WHM, actively weaponized against government, military, MSPs, and hosting providers.
I’ve also noted other high-impact and actively exploited CVEs from recent months, including flaws in Cisco Secure Firewall, Langflow, Ubiquiti UniFi, and NetScaler ADC/Gateway. Older vulnerabilities like ZeroLogon and Log4Shell also continue to be exploited due to incomplete remediation.