最新预警列表

MEDIUM CISA KEV 2026-07-01

CVE-2026-45659:Microsoft Microsoft SharePoint Server Deserialization of Untrusted Data Vulnerability

Microsoft SharePoint Server contains a deserialization of untrusted data vulnerability which allows an authorized attacker to execute code over a network.

HIGH CISA KEV 2026-06-29

CVE-2026-48558:SimpleHelp SimpleHelp Authentication Bypass Vulnerability

SimpleHelp contains an authentication bypass vulnerability in the OIDC authentication flow. When OIDC authentication is configured, identity tokens submitted during login are accepted without verifying their cryptographic signature. In a vulnerable config

HIGH CISA KEV 2026-06-25

CVE-2026-20230:Cisco Cisco Unified Communications Manager Server-Side Request Forgery (SSRF) Vulnerability

Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) contain a server-side request forgery (SSRF) Vulnerability that could allow an unauthenticated, remote attacker to write

HIGH CISA KEV 2026-06-25

CVE-2026-12569:PTC PTC Windchill and FlexPLM Improper Input Validation Vulnerability

PTC Windchill and FlexPLM contains an improper input validation vulnerability allowing an unauthenticated, remote attacker to execute arbitrary code by sending a malicious request to the network.

MEDIUM CISA KEV 2026-06-23

CVE-2026-34908:Ubiquiti Ubiquiti UniFi OS Improper Access Control Vulnerability

Ubiquiti UniFi OS contains an improper access control vulnerability which could allow a malicious actor with access to the network to make unauthorized changes to the system.

MEDIUM CISA KEV 2026-06-23

CVE-2026-34909:Ubiquiti Ubiquiti UniFi OS Path Traversal Vulnerability

Ubiquiti UniFi OS contains a path traversal vulnerability which could allow a malicious actor with access to the network to access files on the underlying system that could be manipulated to access an underlying account.

MEDIUM CISA KEV 2026-06-23

CVE-2026-34910:Ubiquiti Ubiquiti UniFi OS Improper Input Validation Vulnerability

Ubiquiti UniFi OS contains an improper input validation vulnerability which could allow a malicious actor with access to the network to conduct command injection.

MEDIUM CISA KEV 2026-06-23

CVE-2025-67038:Lantronix Lantronix EDS5000 Code Injection Vulnerability

Lantronix EDS5000 contains a code injection vulnerability that could allow attackers to inject arbitrary OS commands into the username parameter. Injected commands are executed with root privileges.

MEDIUM CISA KEV 2026-06-18

CVE-2026-20253:Splunk Splunk Enterprise Missing Authentication for Critical Function Vulnerability

Splunk Enterprise contains a missing authentication for critical function vulnerability which could allow an unauthenticated user to create or truncate arbitrary files through a PostgreSQL sidecar service endpoint.

MEDIUM CISA KEV 2026-06-16

CVE-2026-48907:Widget Factory Widget Factory Joomla Content Editor Improper Access Control Vulnerability

Widget Factory Joomla Content Editor contains an improper access control vulnerability which could allow for upload and execution of PHP code via the creation of new editor profiles for unauthenticated users.

HIGH CISA KEV 2026-06-15

CVE-2026-20262:Cisco Cisco Catalyst SD-WAN Manager Directory or Path Traversal Vulnerability

Cisco Catalyst SD-WAN Manager contains a directory or path traversal vulnerability that could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem of an affected system.

MEDIUM CISA KEV 2026-06-15

CVE-2026-54420:LiteSpeed LiteSpeed cPanel Plugin UNIX Symbolic Link (Symlink) Following Vulnerability

LiteSpeed cPanel plugin contains a UNIX symbolic link (Symlink) following vulnerability that could allow a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS.

MEDIUM CISA KEV 2026-06-12

CVE-2026-35273:Oracle Oracle PeopleSoft Enterprise PeopleTools Missing Authentication for Critical Function Vulnerability

Oracle PeopleSoft Enterprise PeopleTools contains a missing authentication for critical function vulnerability which could allow an unauthenticated attacker to obtain takeover of PeopleSoft Enterprise PeopleTools.

HIGH CISA KEV 2026-06-11

CVE-2026-10520:Ivanti Ivanti Sentry OS Command Injection Vulnerability

Ivanti Sentry (formerly known as MobileIron Sentry) contains an OS command injection vulnerability which could allow a remote unauthenticated user to achieve root-level remote code execution. This vulnerability can be successfully exploited in cases where

MEDIUM CISA KEV 2026-06-09

CVE-2026-20245:Cisco Cisco Catalyst SD-WAN Manager Improper Encoding or Escaping of Output Vulnerability

Cisco Catalyst SD-WAN Manager formerly SD-WAN vManage contains an improper encoding or escaping of output vulnerability. This vulnerability could allow an authenticated, local attacker to execute arbitrary commands as root by supplying a crafted file to t

站内所有资源、漏洞预警、工具与专题内容仅面向企业授权自测、合规研究与安全运维使用。本站不提供可直接用于非法攻击的程序、载荷或黑产平台入口。