CVEs

Clear

CVE-2026-45659 — Microsoft SharePoint Server — Microsoft SharePoint Server Deserialization of Untrusted Data Vulnerability

CISA KEVCVE-2026-45659Microsoft SharePoint Server
Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
Due: 2026-07-04

CVE-2026-48558 — SimpleHelp SimpleHelp — SimpleHelp Authentication Bypass Vulnerability

CISA KEVCVE-2026-48558SimpleHelp SimpleHelp
Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
Due: 2026-07-02

CVE-2026-20230 — Cisco Unified Communications Manager — Cisco Unified Communications Manager Server-Side Request Forgery (SSRF) Vulnerability

CISA KEVCVE-2026-20230Cisco Unified Communications Manager
Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
Due: 2026-06-28

CVE-2026-12569 — PTC Windchill and FlexPLM — PTC Windchill and FlexPLM Improper Input Validation Vulnerability

CISA KEVCVE-2026-12569PTC Windchill and FlexPLM
Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
Due: 2026-06-28

CVE-2026-34908 — Ubiquiti UniFi OS — Ubiquiti UniFi OS Improper Access Control Vulnerability

CISA KEVCVE-2026-34908Ubiquiti UniFi OS
Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
Due: 2026-06-26

CVE-2026-34909 — Ubiquiti UniFi OS — Ubiquiti UniFi OS Path Traversal Vulnerability

CISA KEVCVE-2026-34909Ubiquiti UniFi OS
Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
Due: 2026-06-26

CVE-2026-34910 — Ubiquiti UniFi OS — Ubiquiti UniFi OS Improper Input Validation Vulnerability

CISA KEVCVE-2026-34910Ubiquiti UniFi OS
Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
Due: 2026-06-26

CVE-2025-67038 — Lantronix EDS5000 — Lantronix EDS5000 Code Injection Vulnerability

CISA KEVCVE-2025-67038Lantronix EDS5000
Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
Due: 2026-06-26

CVE-2026-20253 — Splunk Enterprise — Splunk Enterprise Missing Authentication for Critical Function Vulnerability

CISA KEVCVE-2026-20253Splunk Enterprise
Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
Due: 2026-06-21

CVE-2026-48907 — Widget Factory Joomla Content Editor — Widget Factory Joomla Content Editor Improper Access Control Vulnerability

CISA KEVCVE-2026-48907Widget Factory Joomla Content Editor
Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
Due: 2026-06-19

CVE-2026-20262 — Cisco Catalyst SD-WAN Manager — Cisco Catalyst SD-WAN Manager Directory or Path Traversal Vulnerability

CISA KEVCVE-2026-20262Cisco Catalyst SD-WAN Manager
Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
Due: 2026-06-29

CVE-2026-54420 — LiteSpeed cPanel Plugin — LiteSpeed cPanel Plugin UNIX Symbolic Link (Symlink) Following Vulnerability

CISA KEVCVE-2026-54420LiteSpeed cPanel Plugin
Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
Due: 2026-06-18

CVE-2026-35273 — Oracle PeopleSoft Enterprise PeopleTools — Oracle PeopleSoft Enterprise PeopleTools Missing Authentication for Critical Function Vulnerability

CISA KEVCVE-2026-35273Oracle PeopleSoft Enterprise PeopleTools
Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
Due: 2026-06-15
Ransomware: Known

CVE-2026-10520 — Ivanti Sentry — Ivanti Sentry OS Command Injection Vulnerability

CISA KEVCVE-2026-10520Ivanti Sentry
Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
Due: 2026-06-14
1 2 3 14