CISA KEV — Last 30 Days  ·  Stack-filtered  ·  Newest first Catalog total: 1,638
CVE-2026-45659 KNOWN EXPLOITED
Product SharePoint Server Vendor Microsoft Added to KEV 2026-07-01 FCEB Deadline 2026-07-04
Microsoft SharePoint Server Deserialization of Untrusted Data Vulnerability
Microsoft SharePoint Server contains a deserialization of untrusted data vulnerability which allows an authorized attacker to execute code over a network.
Required Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
CVE-2026-54420 KNOWN EXPLOITED
Product cPanel Plugin Vendor LiteSpeed Added to KEV 2026-06-15 FCEB Deadline 2026-06-18
LiteSpeed cPanel Plugin UNIX Symbolic Link (Symlink) Following Vulnerability
LiteSpeed cPanel plugin contains a UNIX symbolic link (Symlink) following vulnerability that could allow a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS.
Required Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
NVD HIGH / CRITICAL — Last 14 Days  ·  Stack-filtered  ·  Score descending  ·  Max 20
CVE-2026-57100 9.9 CRITICAL
Published 2026-07-02
Server-side request forgery (ssrf) in Microsoft Entra Provisioning Service (SyncFabric) allows an authorized attacker to elevate privileges over a network.
CVE-2026-58116 9.8 CRITICAL
Published 2026-06-30
LLaMA-Factory through 0.9.5 contains a remote code execution vulnerability that allows attackers with WebUI access to execute arbitrary Python code by supplying a malicious model path in the Chat or T…
CVE-2026-9181 9.8 CRITICAL
Published 2026-07-06
Esri ArcGIS Server contains a directory traversal vulnerability. ArcGIS Enterprise on Kubernetes is not impacted. An unauthenticated attacker could exploit this issue by sending crafted path parameter…
References: psirt@esri.com
CVE-2026-58289 9.0 CRITICAL
Published 2026-07-03
Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
CVE-2026-49972 8.8 HIGH
Published 2026-07-13
Laravel-Mediable before 7.0.0 contains a file upload vulnerability that allows unauthenticated attackers to achieve remote code execution by uploading a file with an embedded PHP extension disguised w…
CVE-2026-57983 8.7 HIGH
Published 2026-07-03
Improper authorization in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-0487 8.4 HIGH
Published 2026-07-14
SAProuter on Microsoft Windows allows an unauthenticated attacker to load library (DLL) files from an untrusted location, allowing them to execute malicious code on the system. This could enable the a…
References: cna@sap.com · cna@sap.com
CVE-2026-13020 8.1 HIGH
Published 2026-07-07
A Weak Password Recovery Mechanism for Forgotten Password exists in Esri Portal for ArcGIS versions 12.1 and earlier on Windows, Linux and Kubernetes. A remote, unauthorized attacker may assume owners…
References: psirt@esri.com
CVE-2026-58293 8.1 HIGH
Published 2026-07-03
External control of file name or path in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
CVE-2026-58065 8.1 HIGH
Published 2026-07-13
The Apache Airflow Git provider runs its git-over-SSH operations with `StrictHostKeyChecking=no` by default, disabling SSH host-key verification. An attacker who can intercept the network path between…
CVE-2026-13079 7.8 HIGH
Published 2026-07-03
A local privilege escalation vulnerability in the WatchGuard Mobile VPN with SSL client for Windows allows a local attacker to escalate their privileges to NT AUTHORITY\SYSTEM on the machine where the…
CVE-2026-47829 7.8 HIGH
Published 2026-07-09
Argument Injection in bosh-cli allows a compromised BOSH Director to inject arbitrary OpenSSH options into the locally-spawned ssh process when an operator runs bosh ssh -c, bosh logs -f, or other non…
CVE-2026-60002 7.7 HIGH
Published 2026-07-08
ssh in OpenSSH before 10.4 can have a use-after-free when a server changes its host key during a key re-exchange. (This outcome occurs only on the client side.)
CVE-2026-59216 7.7 HIGH
Published 2026-07-09
Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, get_event_call delivered execute:python and execute:tool Socket.IO events to a client-supplied se…
CVE-2026-57985 7.6 HIGH
Published 2026-07-03
Improper input validation in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
CVE-2026-57984 7.5 HIGH
Published 2026-07-03
Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
CVE-2026-59873 7.5 HIGH
Published 2026-07-08
node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.19, node-tar does not enforce hard upper bounds on total decompressed data, entry counts, or decompression ratio in extraction …
CVE-2026-59874 7.5 HIGH
Published 2026-07-08
node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.18, tar.replace accepts a checksum-valid tar header with a negative base-256 encoded entry size, causing the archive scanner to…
CVE-2026-59937 7.5 HIGH
Published 2026-07-08
pypdf is a free and open-source pure-python PDF library. Prior to 6.14.0, an attacker can craft a PDF with repeated malformed cross-reference streams that cause pypdf to spend long runtimes recovering…
CVE-2026-55404 7.5 HIGH
Published 2026-07-08
yt-dlp and youtube-dl are command-line audio/video downloaders. Prior to 2026.7.4, the --write-link, --write-url-link, and --write-desktop-link options can write .url or .desktop shortcut files using …
Monitored Stack

Infrastructure

Proxmox VE (NUC-Lab)NUC-Lab · 192.168.1.100
Debian 12Pi-Primary (.192), Pi-Secondary (.218)
Linux kernel6.1.21-v7+
Windows 11NUC desktop

Network / DNS

AdGuard Homev0.107.77 · current
Tailscale1.98.4 · 1.98.5 pending
WireGuardall nodes

Services

nginxreverse proxy
OpenSSHall nodes
Cloudflare PagesWorkers / ZT
Python 3.xautomation / build
Node.jstooling
Known Pending Patches

Action Required on Return Home

CVE-2026-31431 Kernel LPE — pending on Pi-Primary (.192) and Pi-Secondary (.218) · patch on return home
Tailscale 1.98.5 One patch ahead on both Pis · update on return home
Notable CVEs (Out-of-Stack, Situational Awareness)
Splunk CVE-2026-20253 9.8 CRITICAL NOT IN STACK
Not in stack — tracking for situational awareness.
Joomla CVE-2026-48907 10.0 CRITICAL CISA KEV NOT IN STACK
CISA KEV — FCEB deadline pending. Not in stack but CVSSv3 10.0 warrants awareness.