Active-Threat Report 2026 June 22

CVE-2026-20253

CVE: Splunk Enterprise Missing Authentication for Critical Function Vulnerability: Splunk Enterprise contains a missing authentication for critical function vulnerability which could allow an unauthenticated user to create or truncate arbitrary files through a PostgreSQL sidecar service endpoint.
CWE: CWE-306
Related CWE: Related CWE: CWE-306
Published: Splunk | Enterprise
Link: https://www.cve.org/CVERecord?id=CVE-2026-20253

CVE-2026-48907

CVE: Widget Factory Joomla Content Editor Improper Access Control Vulnerability: Widget Factory Joomla Content Editor contains an improper access control vulnerability which could allow for upload and execution of PHP code via the creation of new editor profiles for unauthenticated users.
CWE: CWE-284
Related CWE: Related CWE: CWE-284
Published: Widget Factory | Joomla Content Editor
Link: https://www.cve.org/CVERecord?id=CVE-2026-48907

CVE-2026-20262

CVE: Cisco Catalyst SD-WAN Manager Directory or Path Traversal Vulnerability: Cisco Catalyst SD-WAN Manager contains a directory or path traversal vulnerability that could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem of an affected system.
CWE: CWE-22
Related CWE: Related CWE: CWE-22
Published: Cisco | Catalyst SD-WAN Manager
Link: https://www.cve.org/CVERecord?id=CVE-2026-20262

CVE-2026-54420

CVE: LiteSpeed cPanel Plugin UNIX Symbolic Link (Symlink) Following Vulnerability: LiteSpeed cPanel plugin contains a UNIX symbolic link (Symlink) following vulnerability that could allow a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS.
CWE: CWE-61
Related CWE: Related CWE: CWE-61
Published: LiteSpeed | cPanel Plugin
Link: https://www.cve.org/CVERecord?id=CVE-2026-54420

CVE-2026-35273

CVE: Oracle PeopleSoft Enterprise PeopleTools Missing Authentication for Critical Function Vulnerability: Oracle PeopleSoft Enterprise PeopleTools contains a missing authentication for critical function vulnerability which could allow an unauthenticated attacker to obtain takeover of PeopleSoft Enterprise PeopleTools.
CWE: CWE-306
Related CWE: Related CWE: CWE-306
Published: Oracle | PeopleSoft Enterprise PeopleTools
Link: https://www.cve.org/CVERecord?id=CVE-2026-35273

CVE-2026-10520

CVE: Ivanti Sentry OS Command Injection Vulnerability: Ivanti Sentry (formerly known as MobileIron Sentry) contains an OS command injection vulnerability which could allow a remote unauthenticated user to achieve root-level remote code execution. This vulnerability can be successfully exploited in cases where the Sentry appliance is in an unmanaged state with its endpoints externally reachable. The use of mTLS with EPMM or restricted HTTPS access through Neurons for MDM makes interfaces inaccessible to external actors.
CWE: CWE-78
Related CWE: Related CWE: CWE-78
Published: Ivanti | Sentry
Link: https://www.cve.org/CVERecord?id=CVE-2026-10520

CVE-2026-20245

CVE: Cisco Catalyst SD-WAN Manager Improper Encoding or Escaping of Output Vulnerability: Cisco Catalyst SD-WAN Manager formerly SD-WAN vManage contains an improper encoding or escaping of output vulnerability. This vulnerability could allow an authenticated, local attacker to execute arbitrary commands as root by supplying a crafted file to the affected system.
CWE: CWE-116
Related CWE: Related CWE: CWE-116
Published: Cisco | Catalyst SD-WAN Manager
Link: https://www.cve.org/CVERecord?id=CVE-2026-20245

CVE-2026-7473

CVE: Arista Extensible Operating System Incomplete Comparison with Missing Factors Vulnerability: Arista Extensible Operating System (EOS) contains an incomplete comparison with missing factors vulnerability when the switch incorrectly decapsulate and forwards other unexpected tunneled packet with a destination IP matching its configured decapsulation IP.
CWE: CWE-1023
Related CWE: Related CWE: CWE-1023
Published: Arista | Extensible Operating System
Link: https://www.cve.org/CVERecord?id=CVE-2026-7473

CVE-2026-11645

CVE: Google Chromium V8 Out-of-Bounds Read and Write Vulnerability: Google Chromium V8 out-of-bounds read and write vulnerability that could allow a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
CWE: CWE-787|
Published: Google | Chromium V8
Link: https://www.cve.org/CVERecord?id=CVE-2026-11645

CVE-2026-50751

CVE: Check Point Security Gateway Improper Authentication Vulnerability: Check Point Security Gateway contains an improper authentication vulnerability in IKEv1 key exchange that could allow an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password.
CWE: CWE-287
Related CWE: Related CWE: CWE-287
Published: Check Point | Security Gateway
Link: https://www.cve.org/CVERecord?id=CVE-2026-50751

CVE-2026-42271

CVE: BerriAI LiteLLM Command Injection Vulnerability: BerriAI LiteLLM contains a command injection vulnerability that could allow any authenticated user, including holders of low-privilege internal-user keys, to run arbitrary commands on the host.
CWE: CWE-78|
Published: BerriAI | LiteLLM
Link: https://www.cve.org/CVERecord?id=CVE-2026-42271

CVE-2026-28318

CVE: SolarWinds Serv-U Uncontrolled Resource Consumption Vulnerability: SolarWinds Serv-U contains an uncontrolled resource consumption vulnerability that allows specially crafted POST requests using the Content-Encoding: deflate header to crash the Serv-U service without authentication.
CWE: CWE-400
Related CWE: Related CWE: CWE-400
Published: SolarWinds | Serv-U
Link: https://www.cve.org/CVERecord?id=CVE-2026-28318

CVE-2026-45247

CVE: Mirasvit Full Page Cache Warmer Deserialization of Untrusted Data Vulnerability: Mirasvit Full Page Cache Warmer contains a deserialization of untrusted data vulnerability that could allow unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in the CacheWarmer cookie.
CWE: CWE-502
Related CWE: Related CWE: CWE-502
Published: Mirasvit | Mirasvit Full Page Cache Warmer
Link: https://www.cve.org/CVERecord?id=CVE-2026-45247

CVE-2025-48595

CVE: Android Framework Integer Overflow Vulnerability: Android Framework contains an integer overflow vulnerability that allows for code execution that could allow for local privilege escalation.
CWE: CWE-190
Related CWE: Related CWE: CWE-190
Published: Android | Framework
Link: https://www.cve.org/CVERecord?id=CVE-2025-48595

CVE-2022-0492

CVE: Linux Kernel Improper Authentication Vulnerability: Linux Kernel contains an improper authentication vulnerability which could allow for privilege escalation via the cgroups v1 release_agent feature.
CWE: CWE-287|
Published: Linux | Kernel
Link: https://www.cve.org/CVERecord?id=CVE-2022-0492

CVE-2024-21182

CVE: Oracle WebLogic Server Unspecified Vulnerability: Oracle WebLogic contains an unspecified vulnerability that could allow an unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data.
Published: Oracle | WebLogic Server
Link: https://www.cve.org/CVERecord?id=CVE-2024-21182

CVE-2026-0257

CVE: Palo Alto Networks PAN-OS Authentication Bypass Vulnerability: Palo Alto Networks PAN-OS contains an authentication bypass vulnerability that allows attackers to bypass security restrictions and establish an unauthorized VPN connection.
CWE: CWE-565
Related CWE: Related CWE: CWE-565
Published: Palo Alto Networks | PAN-OS
Link: https://www.cve.org/CVERecord?id=CVE-2026-0257

CVE-2026-8398

CVE: Daemon Tools Lite Embedded Malicious Code Vulnerability: Daemon Tools contains an unspecified vulnerability that has a high impact on confidentiality, integrity, and availability.
CWE: CWE-506
Related CWE: Related CWE: CWE-506
Published: Daemon | Daemon Tools Lite
Link: https://www.cve.org/CVERecord?id=CVE-2026-8398

CVE-2026-45321

CVE: TanStack Unspecified Vulnerability: TanStack contains an unspecified vulnerability that allowed malicious versions of the product to be published to the npm registry to publish credential-stealing malware under a trusted identity.
Published: TanStack | TanStack
Link: https://www.cve.org/CVERecord?id=CVE-2026-45321

CVE-2026-48027

CVE: Nx Console Embedded Malicious Code Vulnerability: Nx Console contains an embedded malicious code vulnerability that allowed a malicious version of Nx Console to be published. The compromised extension fetched an obfuscated payload that could harvested credentials from multiple sources on disk and in memory.
CWE: CWE-506
Related CWE: Related CWE: CWE-506
Published: Nx | Nx Console
Link: https://www.cve.org/CVERecord?id=CVE-2026-48027