CISA KEV — Last 30 Days · Stack-filtered · Newest first
Catalog total: 1,623
Product cPanel Plugin
Vendor LiteSpeed
Added to KEV 2026-06-15
FCEB Deadline 2026-06-18
LiteSpeed cPanel Plugin UNIX Symbolic Link (Symlink) Following Vulnerability
LiteSpeed cPanel plugin contains a UNIX symbolic link (Symlink) following vulnerability that could allow a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS.
Required Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
Product Chromium V8
Vendor Google
Added to KEV 2026-06-09
FCEB Deadline 2026-06-23
Google Chromium V8 Out-of-Bounds Read and Write Vulnerability
Google Chromium V8 out-of-bounds read and write vulnerability that could allow a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Product Kernel
Vendor Linux
Added to KEV 2026-06-02
FCEB Deadline 2026-06-05
Linux Kernel Improper Authentication Vulnerability
Linux Kernel contains an improper authentication vulnerability which could allow for privilege escalation via the cgroups v1 release_agent feature.
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
NVD HIGH / CRITICAL — Last 14 Days · Stack-filtered · Score descending · Max 20
Published 2026-06-22
IBM Langflow OSS 1.0.0 through 1.9.3 has an vulnerability due to an improper isolation of Python execution combined with an authentication bypass that allows an unauthenticated attacker to execute arb…
Published 2026-06-12
MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, MariaDB…
Published 2026-06-12
A lack of authorization validation in version 0.4.17 or later of the ChromaDB Python project allows any authenticated users to arbitrarily read, write, update, or delete data in any tenant's collectio…
Published 2026-06-12
The SimpleRBACAuthorizationProvider authorization provider in versions 0.5.0 or later of the ChromaDB Python project evaluates whether a user holds a given permission but never checks which tenant, da…
Published 2026-06-12
All V1 collection-level endpoints in ChromaDB's Python project pass None for the tenant and database to the authorization layer, allowing attackers to bypass authorization controls by using the V1 end…
Published 2026-06-12
A code injection vulnerability in version 0.4.17 or later of the ChromaDB Python project allows an authenticated attacker to run arbitrary code on the server by sending a malicious model repository an…
Published 2026-06-09
Improper authentication in Windows Cryptographic Services allows an unauthorized attacker to elevate privileges locally.
Published 2026-06-09
Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.
Published 2026-06-09
Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.
Published 2026-06-11
tmp is a temporary file and directory creator for node.js. Prior to 0.2.6, the tmp npm package contains a path traversal vulnerability that allows escaping the intended temporary directory when untrus…
Published 2026-06-22
IBM Storage Protect Client 8.1.0.0 through 8.2.1.0 and IBM Storage Protect Snapshot For Windows 8.1.0.0 through 8.2.1.0 could allow a remote attacker to bypass authentication due to the use of a hardc…
Published 2026-06-22
Picklescan before 0.0.33 fails to detect the numpy.f2py.crackfortran._eval_length gadget in pickle __reduce__ methods, allowing arbitrary code execution. Attackers can craft malicious pickle files tha…
Published 2026-06-11
Vim is an open source, command line text editor. Prior to version 9.2.0561, the Python omni-completion script in python3complete.vim for Vim with the +python3 interpreter enabled (and the legacy pytho…
Published 2026-06-11
Vim is an open source, command line text editor. Prior to version 9.2.0597, Vim's Python omni-completion executes reconstructed function and class definitions from the current buffer with exec() as pa…
Published 2026-06-11
Idira Endpoint Privilege Manager Linux Agent versions prior to 26.5 allow a local attacker to potentially compromise the agent daemon initialization. CyberArk Security Bulletin: CA26-19
Published 2026-06-16
Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in Microsoft Defender publicly referred to as "RoguePlanet ". We are working to provide a high qual…
Published 2026-06-19
Wondershare PDFelement 5.2.9 contains a privilege escalation vulnerability due to an unquoted service path in the WsAppService Windows service. Local attackers can place a malicious executable in the …
Published 2026-06-09
Improper control of generation of code ('code injection') in Microsoft Exchange Server allows an unauthorized attacker to execute code over a network.
Published 2026-06-11
Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios’s Node.js HTTP adapter may forward a Proxy-Authorization header to a redirected origin during specif…
Published 2026-06-22
WebP Server Go through 0.14.4 contains a path traversal vulnerability on Windows that allows unauthenticated attackers to read files outside the configured IMG_PATH directory by sending requests with …
Monitored Stack
Infrastructure
Proxmox VE (NUC-Lab)NUC-Lab · 192.168.1.100
Debian 12Pi-Primary (.192), Pi-Secondary (.218)
Linux kernel6.1.21-v7+
Windows 11NUC desktop
Network / DNS
AdGuard Homev0.107.77 · current
Tailscale1.98.4 · 1.98.5 pending
WireGuardall nodes
Services
nginxreverse proxy
OpenSSHall nodes
Cloudflare PagesWorkers / ZT
Python 3.xautomation / build
Node.jstooling
Known Pending Patches
Action Required on Return Home
CVE-2026-31431
Kernel LPE — pending on Pi-Primary (.192) and Pi-Secondary (.218) · patch on return home
Tailscale 1.98.5
One patch ahead on both Pis · update on return home
Notable CVEs (Out-of-Stack, Situational Awareness)
Not in stack — tracking for situational awareness.
CISA KEV — FCEB deadline pending. Not in stack but CVSSv3 10.0 warrants awareness.