CISA KEV — Last 30 Days  ·  Stack-filtered  ·  Newest first Catalog total: 1,647
CVE-2026-58644 KNOWN EXPLOITED
Product SharePoint Vendor Microsoft Added to KEV 2026-07-16 FCEB Deadline 2026-07-19
Microsoft SharePoint Deserialization of Untrusted Data Vulnerability
Microsoft SharePoint contains a deserialization of untrusted data vulnerability that allows an unauthorized attacker to execute code over a network.
Required Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
CVE-2026-56155 KNOWN EXPLOITED
Product Active Directory Federation Services Vendor Microsoft Added to KEV 2026-07-14 FCEB Deadline 2026-07-28
Microsoft Active Directory Federation Services Insufficient Granularity of Access Control Vulnerability
Microsoft Active Directory Federation Services contains an insufficient granularity of access control vulnerability that allows an authorized attacker to elevate privileges locally.
Required Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
CVE-2026-56164 KNOWN EXPLOITED
Product SharePoint Server Vendor Microsoft Added to KEV 2026-07-14 FCEB Deadline 2026-07-17
Microsoft SharePoint Server Missing Authentication for Critical Function Vulnerability
Microsoft SharePoint contains a missing authentication for critical function vulnerability that allows an unauthorized attacker to elevate privileges over a network.
Required Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
CVE-2026-45659 KNOWN EXPLOITED
Product SharePoint Server Vendor Microsoft Added to KEV 2026-07-01 FCEB Deadline 2026-07-04
Microsoft SharePoint Server Deserialization of Untrusted Data Vulnerability
Microsoft SharePoint Server contains a deserialization of untrusted data vulnerability which allows an authorized attacker to execute code over a network.
Required Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
NVD HIGH / CRITICAL — Last 14 Days  ·  Stack-filtered  ·  Score descending  ·  Max 20
CVE-2026-9181 9.8 CRITICAL
Published 2026-07-06
Esri ArcGIS Server contains a directory traversal vulnerability. ArcGIS Enterprise on Kubernetes is not impacted. An unauthenticated attacker could exploit this issue by sending crafted path parameter…
References: psirt@esri.com
CVE-2026-63089 9.3 CRITICAL
Published 2026-07-16
WireGuard Easy through 15.3.0, fixed in commit 66b292b, contains a cryptographically weak one-time link token generation vulnerability that allows unauthenticated network attackers to recover WireGuar…
CVE-2026-58289 9.0 CRITICAL
Published 2026-07-03
Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
CVE-2026-58594 8.8 HIGH
Published 2026-07-14
Integer overflow or wraparound in Windows RDP allows an unauthorized attacker to execute code over a network.
CVE-2026-54107 8.8 HIGH
Published 2026-07-14
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K allows an authorized attacker to elevate privileges locally.
CVE-2026-50670 8.8 HIGH
Published 2026-07-14
Out-of-bounds read in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-57983 8.7 HIGH
Published 2026-07-03
Improper authorization in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-52747 8.6 HIGH
Published 2026-07-10
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Prior to 3.0.16, the multipart/form-data request body parser in libmodsecurity silently r…
CVE-2026-56181 8.3 HIGH
Published 2026-07-14
Origin validation error in Windows Network Address Translation (NAT) allows an unauthorized attacker to perform spoofing over an adjacent network.
CVE-2026-60005 8.2 HIGH
Published 2026-07-15
NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_slice_module module. When the slice directive and unnamed regex captures are configured or when a background cache update happens,…
References: f5sirt@f5.com
CVE-2026-13020 8.1 HIGH
Published 2026-07-07
A Weak Password Recovery Mechanism for Forgotten Password exists in Esri Portal for ArcGIS versions 12.1 and earlier on Windows, Linux and Kubernetes. A remote, unauthorized attacker may assume owners…
References: psirt@esri.com
CVE-2026-50694 8.1 HIGH
Published 2026-07-14
Use after free in Windows Secure Socket Tunneling Protocol (SSTP) allows an unauthorized attacker to execute code over a network.
CVE-2026-58617 8.1 HIGH
Published 2026-07-14
Improper access control in Microsoft 365 Copilot for iOS allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-58293 8.1 HIGH
Published 2026-07-03
External control of file name or path in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
CVE-2026-58065 8.1 HIGH
Published 2026-07-13
The Apache Airflow Git provider runs its git-over-SSH operations with `StrictHostKeyChecking=no` by default, disabling SSH host-key verification. An attacker who can intercept the network path between…
CVE-2026-42975 8.0 HIGH
Published 2026-07-14
Heap-based buffer overflow in Windows Bluetooth Port Driver allows an unauthorized attacker to execute code over an adjacent network.
CVE-2026-47829 7.8 HIGH
Published 2026-07-09
Argument Injection in bosh-cli allows a compromised BOSH Director to inject arbitrary OpenSSH options into the locally-spawned ssh process when an operator runs bosh ssh -c, bosh logs -f, or other non…
CVE-2026-0278 7.8 HIGH
Published 2026-07-09
Multiple protection mechanism failures in the Prisma Access Agent Data Loss Prevention (DLP) component for Windows allow a local user to bypass DLP policy enforcement controls. The Prisma Access Ag…
CVE-2026-54112 7.8 HIGH
Published 2026-07-14
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K allows an authorized attacker to elevate privileges locally.
CVE-2026-50317 7.8 HIGH
Published 2026-07-14
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Operating Systems allows an authorized attacker to elevate privileges locally.
Monitored Stack

Infrastructure

Proxmox VE (NUC-Lab)NUC-Lab · 192.168.1.100
Debian 12Pi-Primary (.192), Pi-Secondary (.218)
Linux kernel6.1.21-v7+
Windows 11NUC desktop

Network / DNS

AdGuard Homev0.107.77 · current
Tailscale1.98.4 · 1.98.5 pending
WireGuardall nodes

Services

nginxreverse proxy
OpenSSHall nodes
Cloudflare PagesWorkers / ZT
Python 3.xautomation / build
Node.jstooling
Known Pending Patches

Action Required on Return Home

CVE-2026-31431 Kernel LPE — pending on Pi-Primary (.192) and Pi-Secondary (.218) · patch on return home
Tailscale 1.98.5 One patch ahead on both Pis · update on return home
Notable CVEs (Out-of-Stack, Situational Awareness)
Splunk CVE-2026-20253 9.8 CRITICAL NOT IN STACK
Not in stack — tracking for situational awareness.
Joomla CVE-2026-48907 10.0 CRITICAL CISA KEV NOT IN STACK
CISA KEV — FCEB deadline pending. Not in stack but CVSSv3 10.0 warrants awareness.