CISA KEV — Last 30 Days · Stack-filtered · Newest first
Catalog total: 1,637
Product SharePoint Server
Vendor Microsoft
Added to KEV 2026-07-01
FCEB Deadline 2026-07-04
Microsoft SharePoint Server Deserialization of Untrusted Data Vulnerability
Microsoft SharePoint Server contains a deserialization of untrusted data vulnerability which allows an authorized attacker to execute code over a network.
Required Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
Product cPanel Plugin
Vendor LiteSpeed
Added to KEV 2026-06-15
FCEB Deadline 2026-06-18
LiteSpeed cPanel Plugin UNIX Symbolic Link (Symlink) Following Vulnerability
LiteSpeed cPanel plugin contains a UNIX symbolic link (Symlink) following vulnerability that could allow a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS.
Required Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
NVD HIGH / CRITICAL — Last 14 Days · Stack-filtered · Score descending · Max 20
Published 2026-07-11
PraisonAI before 1.6.78 contains a remote code execution vulnerability in CodeAgent._execute_python() that executes LLM-generated Python code without AST validation, import restrictions, or sandbox en…
Published 2026-07-02
Server-side request forgery (ssrf) in Microsoft Entra Provisioning Service (SyncFabric) allows an authorized attacker to elevate privileges over a network.
Published 2026-06-30
LLaMA-Factory through 0.9.5 contains a remote code execution vulnerability that allows attackers with WebUI access to execute arbitrary Python code by supplying a malicious model path in the Chat or T…
Published 2026-07-06
Esri ArcGIS Server contains a directory traversal vulnerability. ArcGIS Enterprise on Kubernetes is not impacted. An unauthenticated attacker could exploit this issue by sending crafted path parameter…
Published 2026-07-03
Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
Published 2026-07-03
Improper authorization in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.
Published 2026-07-07
A Weak Password Recovery Mechanism for Forgotten Password exists in Esri Portal for ArcGIS versions 12.1 and earlier on Windows, Linux and Kubernetes. A remote, unauthorized attacker may assume owners…
Published 2026-07-03
External control of file name or path in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
Published 2026-07-03
A local privilege escalation vulnerability in the WatchGuard Mobile VPN with SSL client for Windows allows a local attacker to escalate their privileges to NT AUTHORITY\SYSTEM on the machine where the…
Published 2026-07-10
PraisonAI (pip package praisonaiagents) before 1.6.78 contains an unsafe dynamic module loading vulnerability in AgentFlow._resolve_pydantic_class (src/praisonai-agents/praisonaiagents/workflows/workf…
Published 2026-07-08
ssh in OpenSSH before 10.4 can have a use-after-free when a server changes its host key during a key re-exchange. (This outcome occurs only on the client side.)
Published 2026-07-03
Improper input validation in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
Published 2026-07-03
Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
Published 2026-07-08
node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.19, node-tar does not enforce hard upper bounds on total decompressed data, entry counts, or decompression ratio in extraction …
Published 2026-07-08
node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.18, tar.replace accepts a checksum-valid tar header with a negative base-256 encoded entry size, causing the archive scanner to…
Published 2026-07-08
pypdf is a free and open-source pure-python PDF library. Prior to 6.14.0, an attacker can craft a PDF with repeated malformed cross-reference streams that cause pypdf to spend long runtimes recovering…
Published 2026-07-08
pypdf is a free and open-source pure-python PDF library. Prior to 6.14.2, an attacker can craft a PDF with a page content stream containing a not terminated inline image that uses the ASCII85 or ASCII…
Published 2026-07-08
pypdf is a free and open-source pure-python PDF library. Prior to 6.14.1, an attacker can craft a PDF with a page content stream containing a not terminated inline image, causing an infinite loop duri…
Published 2026-07-03
Server-side request forgery (ssrf) in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
Published 2026-07-09
Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, Open WebUI runs client-side Python with Pyodide in a same-origin web worker, allowing stored chat…
Monitored Stack
Infrastructure
Proxmox VE (NUC-Lab)NUC-Lab · 192.168.1.100
Debian 12Pi-Primary (.192), Pi-Secondary (.218)
Linux kernel6.1.21-v7+
Windows 11NUC desktop
Network / DNS
AdGuard Homev0.107.77 · current
Tailscale1.98.4 · 1.98.5 pending
WireGuardall nodes
Services
nginxreverse proxy
OpenSSHall nodes
Cloudflare PagesWorkers / ZT
Python 3.xautomation / build
Node.jstooling
Known Pending Patches
Action Required on Return Home
CVE-2026-31431
Kernel LPE — pending on Pi-Primary (.192) and Pi-Secondary (.218) · patch on return home
Tailscale 1.98.5
One patch ahead on both Pis · update on return home
Notable CVEs (Out-of-Stack, Situational Awareness)
Not in stack — tracking for situational awareness.
CISA KEV — FCEB deadline pending. Not in stack but CVSSv3 10.0 warrants awareness.