CVEs

CVE-2026-35273 — Oracle PeopleSoft Enterprise PeopleTools — Oracle PeopleSoft Enterprise PeopleTools Missing Authentication for Critical Function Vulnerability

CISA KEV•CVE-2026-35273•Oracle PeopleSoft Enterprise PeopleTools• June 12, 2026

Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.

Due: 2026-06-15

Ransomware: Known

Details NVD

CVE-2026-10520 — Ivanti Sentry — Ivanti Sentry OS Command Injection Vulnerability

CISA KEV•CVE-2026-10520•Ivanti Sentry• June 11, 2026

Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.

Due: 2026-06-14

Details NVD

CVE-2026-20245 — Cisco Catalyst SD-WAN Manager — Cisco Catalyst SD-WAN Manager Improper Encoding or Escaping of Output Vulnerability

CISA KEV•CVE-2026-20245•Cisco Catalyst SD-WAN Manager• June 9, 2026

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2026-06-23

Details NVD

CVE-2026-7473 — Arista Extensible Operating System — Arista Extensible Operating System Incomplete Comparison with Missing Factors Vulnerability

CISA KEV•CVE-2026-7473•Arista Extensible Operating System• June 9, 2026

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2026-06-23

Details NVD

CVE-2026-11645 — Google Chromium V8 — Google Chromium V8 Out-of-Bounds Read and Write Vulnerability

CISA KEV•CVE-2026-11645•Google Chromium V8• June 9, 2026

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2026-06-23

Details NVD

CVE-2026-50751 — Check Point Security Gateway — Check Point Security Gateway Improper Authentication Vulnerability

CISA KEV•CVE-2026-50751•Check Point Security Gateway• June 8, 2026

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2026-06-11

Details NVD

CVE-2026-42271 — BerriAI LiteLLM — BerriAI LiteLLM Command Injection Vulnerability

CISA KEV•CVE-2026-42271•BerriAI LiteLLM• June 8, 2026

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2026-06-22

Details NVD

CVE-2026-28318 — SolarWinds Serv-U — SolarWinds Serv-U Uncontrolled Resource Consumption Vulnerability

CISA KEV•CVE-2026-28318•SolarWinds Serv-U• June 5, 2026

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2026-06-19

Details NVD

CVE-2026-45247 — Mirasvit Mirasvit Full Page Cache Warmer — Mirasvit Full Page Cache Warmer Deserialization of Untrusted Data Vulnerability

CISA KEV•CVE-2026-45247•Mirasvit Mirasvit Full Page Cache Warmer• June 3, 2026

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2026-06-06

Details NVD

CVE-2010-0249 — Microsoft Internet Explorer — Microsoft Internet Explorer Use-After-Free Vulnerability

CISA KEV•CVE-2010-0249•Microsoft Internet Explorer• June 3, 2026

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2026-06-03

Details NVD

CVE-2025-48595 — Android Framework — Android Framework Integer Overflow Vulnerability

CISA KEV•CVE-2025-48595•Android Framework• June 2, 2026

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2026-06-05

Details NVD

CVE-2022-0492 — Linux Kernel — Linux Kernel Improper Authentication Vulnerability

CISA KEV•CVE-2022-0492•Linux Kernel• June 2, 2026

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2026-06-05

Details NVD

CVE-2024-21182 — Oracle WebLogic Server — Oracle WebLogic Server Unspecified Vulnerability

CISA KEV•CVE-2024-21182•Oracle WebLogic Server• June 1, 2026

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2026-06-04

Details NVD

CVE-2026-0257 — Palo Alto Networks PAN-OS — Palo Alto Networks PAN-OS Authentication Bypass Vulnerability

CISA KEV•CVE-2026-0257•Palo Alto Networks PAN-OS• May 29, 2026

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2026-06-01

Details NVD

CVE-2026-8398 — Daemon Daemon Tools Lite — Daemon Tools Lite Embedded Malicious Code Vulnerability

CISA KEV•CVE-2026-8398•Daemon Daemon Tools Lite• May 27, 2026

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2026-05-30

Details NVD

CVE-2026-45321 — TanStack TanStack — TanStack Unspecified Vulnerability

CISA KEV•CVE-2026-45321•TanStack TanStack• May 27, 2026

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2026-06-10

Details NVD

CVE-2026-48027 — Nx Nx Console — Nx Console Embedded Malicious Code Vulnerability

CISA KEV•CVE-2026-48027•Nx Nx Console• May 27, 2026

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2026-06-10

Details NVD

CVE-2026-48172 — LiteSpeed cPanel Plugin — LiteSpeed cPanel Plugin Privilege Escalation Vulnerability

CISA KEV•CVE-2026-48172•LiteSpeed cPanel Plugin• May 26, 2026

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2026-05-29

Details NVD

CVE-2026-9082 — Drupal Core — Drupal Core SQL Injection Vulnerability

CISA KEV•CVE-2026-9082•Drupal Core• May 22, 2026

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2026-05-27

Details NVD

CVE-2026-34926 — Trend Micro Apex One — Trend Micro Apex One (On-Premise) Directory Traversal Vulnerability

CISA KEV•CVE-2026-34926•Trend Micro Apex One• May 21, 2026

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2026-06-04

Details NVD

CVE-2025-34291 — Langflow Langflow — Langflow Origin Validation Error Vulnerability

CISA KEV•CVE-2025-34291•Langflow Langflow• May 21, 2026

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2026-06-04

Details NVD

CVE-2026-45498 — Microsoft Defender — Microsoft Defender Denial of Service Vulnerability

CISA KEV•CVE-2026-45498•Microsoft Defender• May 20, 2026

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2026-06-03

Details NVD

CVE-2026-41091 — Microsoft Defender — Microsoft Defender Link Following Vulnerability

CISA KEV•CVE-2026-41091•Microsoft Defender• May 20, 2026

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2026-06-03

Details NVD

CVE-2010-0806 — Microsoft Internet Explorer — Microsoft Internet Explorer Use-After-Free Vulnerability

CISA KEV•CVE-2010-0806•Microsoft Internet Explorer• May 20, 2026

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2026-06-03

Details NVD

1 2 3 … 14 »