CVE-2026-50751CVSS 9.3CISA KEVMail
A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password.
Updated: 2026-06-17
CVE-2026-0300CVSS 9.3CISA KEVFirewall
A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewal...
Updated: 2026-06-17
CVE-2026-10520CVSS 10.0CISA KEVVPN
An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution
Updated: 2026-06-17
CVE-2008-4250CVSS 9.8CISA KEVWindows
The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path can...
Updated: 2026-06-16
CVE-2026-33017CVSS 9.3CISA KEVRuntime
Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the POST /api/v1/build_public_tmp/{flow_id}/flow endpoint allows building public flows without requiring authentication. When the optional data parame...
Updated: 2026-06-17
CVE-2026-41940CVSS 9.3CISA KEVCMS
cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.
Updated: 2026-06-17
CVE-2026-39987CVSS 9.3CISA KEVRuntime
marimo is a reactive Python notebook. Prior to 0.23.0, Marimo has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint /terminal/ws lacks authentication validation, allowing an unauthenticated attacker to obtain a full PTY shell and execute arbitra...
Updated: 2026-06-17
CVE-2026-21643CVSS 9.8CISA KEVFirewall
An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.
Updated: 2026-06-17
CVE-2026-35616CVSS 9.8CISA KEVFirewall
A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests.
Updated: 2026-06-17
CVE-2026-20253CVSS 9.8CISA KEVDatabase
In Splunk Enterprise 10.2 versions below 10.2.4 and 10 versions below 10.0.7, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint. The vulnerability exists because the PostgreSQL sidecar service end...
Updated: 2026-06-19
CVE-2026-20182CVSS 10.0CISA KEVNetwork
May 2026: This security advisory provides the details and fix information for a vulnerability that was discovered and fixed after the was disclosed in February 2026. This new advisory is for a new vulnerability in the control connection handshaking. The s...
Updated: 2026-06-17
CVE-2026-9082CVSS 9.8CISA KEVCMS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Drupal Drupal core allows SQL Injection.
This issue affects Drupal core: from 8.9.0 before 10.4.10, from 10.5.0 before 10.5.10, from 10.6.0 before 10.6.9,...
Updated: 2026-06-17
CVE-2026-1340CVSS 9.8CISA KEVVPN
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.
Updated: 2026-06-17
CVE-2026-48907CVSS 10.0CISA KEVWeb
A vulnerability in the JCE editor extension for Joomla allows the creation of new editor profiles for unauthenticated users, ultimately resulting in PHP code upload and execution.
Updated: 2026-06-17
CVE-2026-33634CVSS 9.4CISA KEVContainers
Trivy is a security scanner. On March 19, 2026, a threat actor used compromised credentials to publish a malicious Trivy v0.69.4 release, force-push 76 of 77 version tags in `aquasecurity/trivy-action` to credential-stealing malware, and replace all 7 tags ...
Updated: 2026-06-17
CVE-2026-45247CVSS 9.3CISA KEVWeb
Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a PHP object injection vulnerability that allows unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in the CacheWarmer cookie....
Updated: 2026-06-17
CVE-2026-31431CVSS 7.8CISA KEVLinux
In the Linux kernel, the following vulnerability has been resolved:
crypto: algif_aead - Revert to operating out-of-place
This mostly reverts commit 72548b093ee3 except for the copying of
the associated data.
There is no benefit in operating in-place in ...
Updated: 2026-07-01
CVE-2026-35273CVSS 9.8CISA KEVKnown Exploited
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Management). Supported versions that are affected are 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with ne...
Updated: 2026-06-17
CVE-2026-0257CVSS 7.8CISA KEVFirewall
Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software allows the attacker to bypass security restrictions and establish an unauthorized VPN connection.
Panorama and Cloud NGFW are not impacted ...
Updated: 2026-06-17
CVE-2026-42208CVSS 9.3CISA KEVKnown Exploited
LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.81.16 to before version 1.83.7, a database query used during proxy API key checks mixed the caller-supplied key value into the query text instead of passing...
Updated: 2026-06-29
CVE-2026-3055CVSS 9.3CISA KEVKnown Exploited
Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP leading to memory overread
Updated: 2026-06-17
CVE-2026-34910CVSS 10.0CISA KEVKnown Exploited
A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection.
Updated: 2026-06-24
CVE-2026-48172CVSS 10.0CISA KEVKnown Exploited
LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possibly to root), as exploited in the wild in May 2026. Detection is best done via a command line of grep -rE "cpanel_jsonapi_func=redisAble" /var/cpanel/logs /usr/local/cpanel/logs...
Updated: 2026-06-17
CVE-2026-45321CVSS 9.6CISA KEVDNS
On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack/* packages were published to the npm registry. The publishes were authenticated via the legitimate GitHub Actions OIDC trusted-publisher binding for TanStack...
Updated: 2026-06-17
CVE-2026-34197CVSS 8.8CISA KEVWeb
Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ.
Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolo...
Updated: 2026-06-30
CVE-2010-0249CVSS 8.8CISA KEVWindows
Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4; Windows XP SP2 and SP3; Windows Server 2003 SP2; Windows Vista Gold, SP1, and SP2; Windows Server 2008 Gold, SP2, and R2; and Windows 7 allows remote attacke...
Updated: 2026-06-16
CVE-2025-34291CVSS 9.4CISA KEVKnown Exploited
Langflow versions up to and including 1.6.9 contain a chained vulnerability that enables account takeover and remote code execution. An overly permissive CORS configuration (allow_origins='*' with allow_credentials=True) combined with a refresh token cookie...
Updated: 2026-06-17
CVE-2023-21529CVSS 8.8CISA KEVWindows
Microsoft Exchange Server Remote Code Execution Vulnerability
Updated: 2026-06-17
CVE-2009-1537CVSS 8.8CISA KEVWindows
Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via a...
Updated: 2026-06-16
CVE-2026-20230CVSS 8.6CISA KEVNetwork
A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct server-side request forgery (SSRF) attacks t...
Updated: 2026-07-01
CVE-2026-6973CVSS 7.2CISA KEVVPN
An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remotely authenticated user with administrative access to achieve remote code execution.
Updated: 2026-06-17
CVE-2026-20245CVSS 7.8CISA KEVNetwork
A vulnerability in the CLI of Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, and Cisco Catalyst SD-WAN Validator, formerly SD-WAN vBond, could allow an authenticated, local attacker to execu...
Updated: 2026-06-17
CVE-2023-36424CVSS 7.8CISA KEVWindows
Windows Common Log File System Driver Elevation of Privilege Vulnerability
Updated: 2026-06-17
CVE-2010-0806CVSS 8.8CISA KEVWindows
Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object,...
Updated: 2026-06-16
CVE-2026-42271CVSS 8.7CISA KEVKnown Exploited
LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.74.2 to before version 1.83.7, two endpoints used to preview an MCP server before saving it — POST /mcp-rest/test/connection and POST /mcp-rest/test/tools/l...
Updated: 2026-06-30
CVE-2026-32202CVSS 4.3CISA KEVWindows
Protection mechanism failure in Windows Shell allows an unauthorized attacker to perform spoofing over a network.
Updated: 2026-06-17
CVE-2009-0238CVSS 8.8CISA KEVWindows
Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1; and Excel in Microsoft Office 2004 and 2008 for Mac allow remote attac...
Updated: 2026-06-16
CVE-2012-1854CVSS 7.8CISA KEVWindows
Untrusted search path vulnerability in VBE6.dll in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Microsoft Visual Basic for Applications (VBA); and Summit Microsoft Visual Basic for Applications SDK allows local users to gain privilege...
Updated: 2026-06-16
CVE-2026-28318CVSS 7.5CISA KEVKnown Exploited
SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service without authentication using Content-Encoding: deflate. Mitigation steps are provided to secure customer environments in the SolarWinds Trust Center if you are...
Updated: 2026-06-17
CVE-2026-42897CVSS 8.1CISA KEVWindows
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
Updated: 2026-06-17
CVE-2026-34908CVSS 10.0CISA KEVKnown Exploited
A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized changes to the system.
Updated: 2026-06-24
CVE-2026-34909CVSS 10.0CISA KEVKnown Exploited
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to access an underlying account.
Updated: 2026-06-24
CVE-2026-48027CVSS 9.3CISA KEVKnown Exploited
Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious version of Nx Console, 18.95.0, was published at 12:30 PM UTC and removed soon after at 12:48 PM UTC, leaving it available for ~18 minutes in Visual Studio Marketplace. For OpenVSX...
Updated: 2026-06-17
CVE-2024-27199CVSS 7.3CISA KEVKnown Exploited
In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible
Updated: 2026-06-17
CVE-2024-7399CVSS 8.8CISA KEVKnown Exploited
Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1050 allows attackers to write arbitrary file as system authority.
Updated: 2026-06-17
CVE-2024-1708CVSS 8.4CISA KEVKnown Exploited
ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traversal vulnerability, which may allow an attacker
the ability to execute remote code or directly impact confidential data or critical systems.
Updated: 2026-06-17
CVE-2025-29635CVSS 7.2CISA KEVKnown Exploited
A command injection vulnerability in D-Link DIR-823X 240126 and 240802 allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /goform/set_prohibiting via the corresponding function, triggering remote comma...
Updated: 2026-06-17
CVE-2009-3459CVSS 8.8CISA KEVKnown Exploited
Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows remote attackers to execute arbitrary code via a crafted PDF file that triggers memory corruption, as exploited in the wild in October 2009....
Updated: 2026-06-16
CVE-2023-27351CVSS 7.5CISA KEVKnown Exploited
This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SecurityRequestFilter class....
Updated: 2026-06-17
CVE-2026-45498CVSS 4.0CISA KEVWindows
Microsoft Defender Denial of Service Vulnerability
Updated: 2026-06-17
CVE-2024-21182CVSS 7.5CISA KEVKnown Exploited
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via...
Updated: 2026-06-17
CVE-2020-9715CVSS 7.8CISA KEVKnown Exploited
Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution .
Updated: 2026-06-17
CVE-2026-32201CVSS 6.5CISA KEVWindows
Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
Updated: 2026-06-17
CVE-2026-20133CVSS 6.5CISA KEVNetwork
A vulnerability in Cisco Catalyst SD-WAN Software could allow an unauthenticated, remote attacker to view sensitive information on an affected system.
This vulnerability is due to insufficient file system restrictions. An authenticated attacker with neta...
Updated: 2026-06-17
CVE-2024-57726CVSS 9.9CISA KEVKnown Exploited
SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians to create API keys with excessive permissions. These API keys can be used to escalate privileges to the server admin role.
Updated: 2026-06-17
CVE-2026-41091CVSS 7.8CISA KEVWindows
Improper link resolution before file access ('link following') in Microsoft Defender allows an authorized attacker to elevate privileges locally.
Updated: 2026-06-17
CVE-2026-33825CVSS 7.8CISA KEVWindows
Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally.
Updated: 2026-06-17
CVE-2022-0492CVSS 7.8CISA KEVLinux
A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namesp...
Updated: 2026-06-17
CVE-2026-20128CVSS 7.5CISA KEVNetwork
A vulnerability in the Data Collection Agent (DCA) feature of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to gain DCA user privileges on an affected system.
This vulnerability is due to the presence of a credential file ...
Updated: 2026-06-17
CVE-2025-60710CVSS 7.8CISA KEVWindows
Improper link resolution before file access ('link following') in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally.
Updated: 2026-06-17