{"metadata": {"count": 2521, "page": 1, "per_page": 100}, "data": [{"uuid": "697222f6-a544-4ed0-ba97-40ca6d2895fc", "vulnerability": {"vulnId": "CVE-2026-45659", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "697222f6-a544-4ed0-ba97-40ca6d2895fc"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-07-01T19:00:06+00:00"}, "timestamps": {"asserted_at": "2026-07-01T19:00:06+00:00", "recorded_at": "2026-07-01T20:00:01+00:00", "first_seen_at": "2026-07-01T19:00:06+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft SharePoint Remote Code Execution Vulnerability | Affected: Microsoft / Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2019, Microsoft SharePoint Server Subscription Edition | CVSS: 8.8 (HIGH) | EPSS: 0.02781 | Used in malware: unknown | Not yet in CISA KEV: False"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft SharePoint Remote Code Execution Vulnerability", "vendor": "Microsoft", "product": "Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2019, Microsoft SharePoint Server Subscription Edition", "added_date": "2026-07-01T19:00:06.901Z", "cvss_score": 8.8, "epss_score": 0.02781, "cvss_severity": "HIGH", "epss_percentile": 0.8461, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}], "references": [{"id": "CVE-2026-45659", "url": "https://www.cve.org/CVERecord?id=CVE-2026-45659"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-45659"}]}, {"uuid": "8c6a3467-34fd-4b6e-894e-d38f28eba85a", "vulnerability": {"vulnId": "CVE-2026-8037", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "8c6a3467-34fd-4b6e-894e-d38f28eba85a"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-07-01T14:51:57+00:00"}, "timestamps": {"asserted_at": "2026-07-01T14:51:57+00:00", "recorded_at": "2026-07-01T15:00:02+00:00", "first_seen_at": "2026-07-01T14:51:57+00:00"}, "scope": {"notes": "KEVIntel entry: OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster, ECS Connection Manager, Object Scale Connection Manager & MOVEit WAF | Affected: Progress Software / LoadMaster, ECS Connections Manager, Object Scale Connection Manager, MOVEit WAF | CVSS: 9.6 (CRITICAL) | EPSS: 0.0819 | Used in malware: unknown | Not yet in CISA KEV: True"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster, ECS Connection Manager, Object Scale Connection Manager & MOVEit WAF", "vendor": "Progress Software", "product": "LoadMaster, ECS Connections Manager, Object Scale Connection Manager, MOVEit WAF", "added_date": "2026-07-01T14:51:57.959Z", "cvss_score": 9.6, "epss_score": 0.0819, "cvss_severity": "CRITICAL", "epss_percentile": 0.94176, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}], "references": [{"id": "CVE-2026-8037", "url": "https://www.cve.org/CVERecord?id=CVE-2026-8037"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-8037"}]}, {"uuid": "d56dc37d-6592-441a-961f-e40aee59b7ee", "vulnerability": {"vulnId": "CVE-2026-52813", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "d56dc37d-6592-441a-961f-e40aee59b7ee"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T16:02:32+00:00"}, "timestamps": {"asserted_at": "2026-06-30T16:02:32+00:00", "recorded_at": "2026-06-30T17:00:01+00:00", "first_seen_at": "2026-06-30T16:02:32+00:00"}, "scope": {"notes": "KEVIntel entry: Gogs: Path Traversal in organization name results in RCE through Git hooks | Affected: gogs / gogs | CVSS: 10.0 (CRITICAL) | EPSS: 0.01107 | Used in malware: unknown | Not yet in CISA KEV: True"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Gogs: Path Traversal in organization name results in RCE through Git hooks", "vendor": "gogs", "product": "gogs", "added_date": "2026-06-30T16:02:32.752Z", "cvss_score": 10.0, "epss_score": 0.01107, "cvss_severity": "CRITICAL", "epss_percentile": 0.6173, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}], "references": [{"id": "CVE-2026-52813", "url": "https://www.cve.org/CVERecord?id=CVE-2026-52813"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-52813"}]}, {"uuid": "fa2bfd2f-33ee-42a0-ba8e-46e04c2c7ca6", "vulnerability": {"vulnId": "CVE-2026-46817", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "fa2bfd2f-33ee-42a0-ba8e-46e04c2c7ca6"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-29T15:45:00+00:00"}, "timestamps": {"asserted_at": "2026-06-29T15:45:00+00:00", "recorded_at": "2026-06-29T16:00:01+00:00", "first_seen_at": "2026-06-29T15:45:00+00:00"}, "scope": {"notes": "KEVIntel entry: Vulnerability in the Oracle Payments product of Oracle E-Business Suite (component: File Transmission).  Supported versions that are affected are... | Affected: Oracle Corporation / Oracle Payments | CVSS: 9.8 (CRITICAL) | EPSS: 0.00418 | Used in malware: unknown | Not yet in CISA KEV: True"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Vulnerability in the Oracle Payments product of Oracle E-Business Suite (component: File Transmission).  Supported versions that are affected are...", "vendor": "Oracle Corporation", "product": "Oracle Payments", "added_date": "2026-06-29T15:45:00.000Z", "cvss_score": 9.8, "epss_score": 0.00418, "cvss_severity": "CRITICAL", "epss_percentile": 0.3353, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}], "references": [{"id": "CVE-2026-46817", "url": "https://www.cve.org/CVERecord?id=CVE-2026-46817"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-46817"}]}, {"uuid": "885e6fd4-e620-46f3-85eb-794dd7c822e6", "vulnerability": {"vulnId": "CVE-2026-48558", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "885e6fd4-e620-46f3-85eb-794dd7c822e6"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-29T14:20:22+00:00"}, "timestamps": {"asserted_at": "2026-06-29T14:20:22+00:00", "recorded_at": "2026-06-29T15:00:02+00:00", "first_seen_at": "2026-06-29T14:20:22+00:00"}, "scope": {"notes": "KEVIntel entry: SimpleHelp Authentication Bypass via Missing OIDC JWT Signature Verification | Affected: SimpleHelp / SimpleHelp | CVSS: 9.5 (CRITICAL) | EPSS: 0.00721 | Used in malware: unknown | Not yet in CISA KEV: True"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "SimpleHelp Authentication Bypass via Missing OIDC JWT Signature Verification", "vendor": "SimpleHelp", "product": "SimpleHelp", "added_date": "2026-06-29T14:20:22.145Z", "cvss_score": 9.5, "epss_score": 0.00721, "cvss_severity": "CRITICAL", "epss_percentile": 0.49308, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}], "references": [{"id": "CVE-2026-48558", "url": "https://www.cve.org/CVERecord?id=CVE-2026-48558"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-48558"}]}, {"uuid": "76cd7564-c28a-45e1-9c61-de0ad80fd2f5", "vulnerability": {"vulnId": "CVE-2026-8054", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "76cd7564-c28a-45e1-9c61-de0ad80fd2f5"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-27T14:36:50+00:00"}, "timestamps": {"asserted_at": "2026-06-27T14:36:50+00:00", "recorded_at": "2026-06-27T15:00:01+00:00", "first_seen_at": "2026-06-27T14:36:50+00:00"}, "scope": {"notes": "KEVIntel entry: Unauthenticated SQL Injection in dotCMS Publish Audit API | Affected: dotCMS / dotCMS Core | CVSS: 10.0 (CRITICAL) | EPSS: 0.01584 | Used in malware: unknown | Not yet in CISA KEV: True"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Unauthenticated SQL Injection in dotCMS Publish Audit API", "vendor": "dotCMS", "product": "dotCMS Core", "added_date": "2026-06-27T14:36:50.219Z", "cvss_score": 10.0, "epss_score": 0.01584, "cvss_severity": "CRITICAL", "epss_percentile": 0.72506, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}], "references": [{"id": "CVE-2026-8054", "url": "https://www.cve.org/CVERecord?id=CVE-2026-8054"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-8054"}]}, {"uuid": "1004b842-5eb5-4b13-95b4-1e46330b29bb", "vulnerability": {"vulnId": "CVE-2023-6567", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "1004b842-5eb5-4b13-95b4-1e46330b29bb"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-27T14:36:38+00:00"}, "timestamps": {"asserted_at": "2026-06-27T14:36:38+00:00", "recorded_at": "2026-06-27T15:00:01+00:00", "first_seen_at": "2026-06-27T14:36:38+00:00"}, "scope": {"notes": "KEVIntel entry: The LearnPress plugin for WordPress is vulnerable to time-based SQL Injection via the \u2018order_by\u2019 parameter in all versions up to, and including,... | Affected: thimpress / LearnPress \u2013 WordPress LMS Plugin | CVSS: 9.8 (CRITICAL) | EPSS: 0.51394 | Used in malware: unknown | Not yet in CISA KEV: True"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The LearnPress plugin for WordPress is vulnerable to time-based SQL Injection via the \u2018order_by\u2019 parameter in all versions up to, and including,...", "vendor": "thimpress", "product": "LearnPress \u2013 WordPress LMS Plugin", "added_date": "2026-06-27T14:36:38.919Z", "cvss_score": 9.8, "epss_score": 0.51394, "cvss_severity": "CRITICAL", "epss_percentile": 0.98802, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}], "references": [{"id": "CVE-2023-6567", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6567"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-6567"}]}, {"uuid": "1897383c-d052-42c0-8d39-9cd023b8b6a3", "vulnerability": {"vulnId": "CVE-2026-12569", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "1897383c-d052-42c0-8d39-9cd023b8b6a3"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-25T00:00:00+00:00"}, "timestamps": {"asserted_at": "2026-06-25T00:00:00+00:00", "recorded_at": "2026-06-25T20:00:01+00:00", "first_seen_at": "2026-06-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Remote Code Execution (RCE) vulnerability in Windchill PDMlink | Affected: PTC / Windchill PDMLink, FlexPLM | CVSS: 9.3 (CRITICAL) | EPSS: 0.00499 | Used in malware: unknown | Not yet in CISA KEV: False"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Remote Code Execution (RCE) vulnerability in Windchill PDMlink", "vendor": "PTC", "product": "Windchill PDMLink, FlexPLM", "added_date": "2026-06-25T00:00:00.000Z", "cvss_score": 9.3, "epss_score": 0.00499, "cvss_severity": "CRITICAL", "epss_percentile": 0.38899, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}], "references": [{"id": "CVE-2026-12569", "url": "https://www.cve.org/CVERecord?id=CVE-2026-12569"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-12569"}]}, {"uuid": "52ee6f16-bdc2-4950-ad34-a2d8c19aafbd", "vulnerability": {"vulnId": "CVE-2026-20230", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "52ee6f16-bdc2-4950-ad34-a2d8c19aafbd"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-23T22:20:36+00:00"}, "timestamps": {"asserted_at": "2026-06-23T22:20:36+00:00", "recorded_at": "2026-06-23T23:00:01+00:00", "first_seen_at": "2026-06-23T22:20:36+00:00"}, "scope": {"notes": "KEVIntel entry: A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified... | Affected: Cisco / Cisco Unified Communications Manager | CVSS: 8.6 (HIGH) | EPSS: 0.20442 | Used in malware: unknown | Not yet in CISA KEV: True"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified...", "vendor": "Cisco", "product": "Cisco Unified Communications Manager", "added_date": "2026-06-23T22:20:36.536Z", "cvss_score": 8.6, "epss_score": 0.20442, "cvss_severity": "HIGH", "epss_percentile": 0.97156, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}], "references": [{"id": "CVE-2026-20230", "url": "https://www.cve.org/CVERecord?id=CVE-2026-20230"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-20230"}]}, {"uuid": "652ed326-7713-416f-bf90-c92d1145572f", "vulnerability": {"vulnId": "CVE-2025-67038", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "652ed326-7713-416f-bf90-c92d1145572f"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-23T00:00:00+00:00"}, "timestamps": {"asserted_at": "2026-06-23T00:00:00+00:00", "recorded_at": "2026-06-23T19:00:01+00:00", "first_seen_at": "2026-06-23T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell command to write logs when user's authantication... | Affected: Lantronix / EDS5000 | EPSS: 0.00469 | Used in malware: unknown | Not yet in CISA KEV: False"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell command to write logs when user's authantication...", "vendor": "Lantronix", "product": "EDS5000", "added_date": "2026-06-23T00:00:00.000Z", "cvss_score": null, "epss_score": 0.00469, "cvss_severity": null, "epss_percentile": 0.36913, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}], "references": [{"id": "CVE-2025-67038", "url": "https://www.cve.org/CVERecord?id=CVE-2025-67038"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-67038"}]}, {"uuid": "cbae0eae-766c-43d7-bd5f-5d723d5ef7d5", "vulnerability": {"vulnId": "CVE-2026-4020", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "cbae0eae-766c-43d7-bd5f-5d723d5ef7d5"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-17T10:28:34+00:00"}, "timestamps": {"asserted_at": "2026-06-17T10:28:34+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-17T10:28:34+00:00"}, "scope": {"notes": "KEVIntel entry: Gravity SMTP <= 2.1.4 - Unauthenticated Sensitive Information Exposure via REST API | Affected: RocketGenius / Gravity SMTP | CVSS: 7.5 (HIGH) | EPSS: 0.0298 | Used in malware: unknown | Not yet in CISA KEV: True"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Gravity SMTP <= 2.1.4 - Unauthenticated Sensitive Information Exposure via REST API", "vendor": "RocketGenius", "product": "Gravity SMTP", "added_date": "2026-06-17T10:28:34.000Z", "cvss_score": 7.5, "epss_score": 0.0298, "cvss_severity": "HIGH", "epss_percentile": 0.85527, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}], "references": [{"id": "CVE-2026-4020", "url": "https://www.cve.org/CVERecord?id=CVE-2026-4020"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-4020"}]}, {"uuid": "3b350b79-811d-4e07-a651-6771def715f5", "vulnerability": {"vulnId": "CVE-2026-48907", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "3b350b79-811d-4e07-a651-6771def715f5"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-16T00:00:00+00:00"}, "timestamps": {"asserted_at": "2026-06-16T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-16T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5 | Affected: joomlacontenteditor.net / Joomla Content Editor (JCE) extension for Joomla | CVSS: 10.0 (CRITICAL) | EPSS: 0.06854 | Used in malware: unknown | Not yet in CISA KEV: False"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5", "vendor": "joomlacontenteditor.net", "product": "Joomla Content Editor (JCE) extension for Joomla", "added_date": "2026-06-16T00:00:00.000Z", "cvss_score": 10.0, "epss_score": 0.06854, "cvss_severity": "CRITICAL", "epss_percentile": 0.93214, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}], "references": [{"id": "CVE-2026-48907", "url": "https://www.cve.org/CVERecord?id=CVE-2026-48907"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-48907"}]}, {"uuid": "6b1d1a8e-5f37-45a9-85d1-b876feb512c4", "vulnerability": {"vulnId": "CVE-2026-39813", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "6b1d1a8e-5f37-45a9-85d1-b876feb512c4"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-15T12:48:52+00:00"}, "timestamps": {"asserted_at": "2026-06-15T12:48:52+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-15T12:48:52+00:00"}, "scope": {"notes": "KEVIntel entry: A path traversal: '../filedir' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8 may allow attacker to... | Affected: Fortinet / FortiSandbox, FortiSandbox Cloud | CVSS: 9.1 (CRITICAL) | EPSS: 0.18703 | Used in malware: unknown | Not yet in CISA KEV: True"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A path traversal: '../filedir' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8 may allow attacker to...", "vendor": "Fortinet", "product": "FortiSandbox, FortiSandbox Cloud", "added_date": "2026-06-15T12:48:52.791Z", "cvss_score": 9.1, "epss_score": 0.18703, "cvss_severity": "CRITICAL", "epss_percentile": 0.96908, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}], "references": [{"id": "CVE-2026-39813", "url": "https://www.cve.org/CVERecord?id=CVE-2026-39813"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-39813"}]}, {"uuid": "ded4285b-0f26-4008-abc1-7a77523a9c25", "vulnerability": {"vulnId": "CVE-2026-53435", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "ded4285b-0f26-4008-abc1-7a77523a9c25"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-15T09:02:00+00:00"}, "timestamps": {"asserted_at": "2026-06-15T09:02:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-15T09:02:00+00:00"}, "scope": {"notes": "KEVIntel entry: In Jenkins 2.567 and earlier, LTS 2.555.2 and earlier, it is possible for attackers to have Jenkins deserialize arbitrary types defined in Jenkins... | Affected: Jenkins Project / Jenkins | CVSS: 8.8 (HIGH) | EPSS: 0.00368 | Used in malware: unknown | Not yet in CISA KEV: True"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "In Jenkins 2.567 and earlier, LTS 2.555.2 and earlier, it is possible for attackers to have Jenkins deserialize arbitrary types defined in Jenkins...", "vendor": "Jenkins Project", "product": "Jenkins", "added_date": "2026-06-15T09:02:00.000Z", "cvss_score": 8.8, "epss_score": 0.00368, "cvss_severity": "HIGH", "epss_percentile": 0.28443, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}], "references": [{"id": "CVE-2026-53435", "url": "https://www.cve.org/CVERecord?id=CVE-2026-53435"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-53435"}]}, {"uuid": "3f9ef71a-5889-4be3-8b58-82875f9c614f", "vulnerability": {"vulnId": "CVE-2026-20253", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "3f9ef71a-5889-4be3-8b58-82875f9c614f"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-15T05:15:25+00:00"}, "timestamps": {"asserted_at": "2026-06-15T05:15:25+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-15T05:15:25+00:00"}, "scope": {"notes": "KEVIntel entry: Unauthenticated Arbitrary File Creation and Truncation in a PostgreSQL Sidecar Service Endpoint in Splunk Enterprise | Affected: Splunk / Splunk Enterprise | CVSS: 9.8 (CRITICAL) | EPSS: 0.01731 | Used in malware: unknown | Not yet in CISA KEV: False"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Unauthenticated Arbitrary File Creation and Truncation in a PostgreSQL Sidecar Service Endpoint in Splunk Enterprise", "vendor": "Splunk", "product": "Splunk Enterprise", "added_date": "2026-06-15T05:15:25.399Z", "cvss_score": 9.8, "epss_score": 0.01731, "cvss_severity": "CRITICAL", "epss_percentile": 0.74662, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 3}, "not_yet_in_cisa_kev": false}}], "references": [{"id": "CVE-2026-20253", "url": "https://www.cve.org/CVERecord?id=CVE-2026-20253"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-20253"}]}, {"uuid": "2d62ba33-6a45-42b2-b9d8-d2964150e3fd", "vulnerability": {"vulnId": "CVE-2017-9833", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "2d62ba33-6a45-42b2-b9d8-d2964150e3fd"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-15T00:00:00+00:00"}, "timestamps": {"asserted_at": "2026-06-15T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-15T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: /cgi-bin/wapopen in Boa 0.94.14rc21 allows the injection of \"../..\" using the FILECAMERA variable (sent by GET) to read files with root privileges.... | Affected: Boa / Boa Web Server | CVSS: 7.5 (HIGH) | EPSS: 0.67725 | Used in malware: unknown | Not yet in CISA KEV: True"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "/cgi-bin/wapopen in Boa 0.94.14rc21 allows the injection of \"../..\" using the FILECAMERA variable (sent by GET) to read files with root privileges....", "vendor": "Boa", "product": "Boa Web Server", "added_date": "2026-06-15T00:00:00.000Z", "cvss_score": 7.5, "epss_score": 0.67725, "cvss_severity": "HIGH", "epss_percentile": 0.99225, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}], "references": [{"id": "CVE-2017-9833", "url": "https://www.cve.org/CVERecord?id=CVE-2017-9833"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-9833"}]}, {"uuid": "c67b158f-1ebf-43c9-b3e8-5a1047ea95c3", "vulnerability": {"vulnId": "CVE-2020-24949", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "c67b158f-1ebf-43c9-b3e8-5a1047ea95c3"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-15T00:00:00+00:00"}, "timestamps": {"asserted_at": "2026-06-15T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-15T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Privilege escalation in PHP-Fusion 9.03.50 downloads/downloads.php allows an authenticated user (not admin) to send a crafted request to the server... | Affected: PHP-Fusion / PHP-Fusion | CVSS: 8.8 (HIGH) | EPSS: 0.67516 | Used in malware: unknown | Not yet in CISA KEV: True"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Privilege escalation in PHP-Fusion 9.03.50 downloads/downloads.php allows an authenticated user (not admin) to send a crafted request to the server...", "vendor": "PHP-Fusion", "product": "PHP-Fusion", "added_date": "2026-06-15T00:00:00.000Z", "cvss_score": 8.8, "epss_score": 0.67516, "cvss_severity": "HIGH", "epss_percentile": 0.99217, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}], "references": [{"id": "CVE-2020-24949", "url": "https://www.cve.org/CVERecord?id=CVE-2020-24949"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-24949"}]}, {"uuid": "4eea7983-a515-41f9-9c0d-14b2f7ce1a99", "vulnerability": {"vulnId": "CVE-2017-15363", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "4eea7983-a515-41f9-9c0d-14b2f7ce1a99"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-15T00:00:00+00:00"}, "timestamps": {"asserted_at": "2026-06-15T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-15T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Directory traversal vulnerability in public/examples/resources/getsource.php in Luracast Restler through 3.0.0, as used in the restler extension... | Affected: Luracast / Restler | CVSS: 7.5 (HIGH) | EPSS: 0.13649 | Used in malware: unknown | Not yet in CISA KEV: True"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Directory traversal vulnerability in public/examples/resources/getsource.php in Luracast Restler through 3.0.0, as used in the restler extension...", "vendor": "Luracast", "product": "Restler", "added_date": "2026-06-15T00:00:00.000Z", "cvss_score": 7.5, "epss_score": 0.13649, "cvss_severity": "HIGH", "epss_percentile": 0.95997, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}], "references": [{"id": "CVE-2017-15363", "url": "https://www.cve.org/CVERecord?id=CVE-2017-15363"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-15363"}]}, {"uuid": "70dcba80-894a-46fa-aef6-74a3c03ee6e6", "vulnerability": {"vulnId": "CVE-2023-31059", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "70dcba80-894a-46fa-aef6-74a3c03ee6e6"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-15T00:00:00+00:00"}, "timestamps": {"asserted_at": "2026-06-15T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-15T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Repetier Server through 1.4.10 allows ..%5c directory traversal for reading files that contain credentials, as demonstrated by connectionLost.php. | Affected: Repetier / Repetier Server | CVSS: 7.5 (HIGH) | EPSS: 0.05574 | Used in malware: unknown | Not yet in CISA KEV: True"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Repetier Server through 1.4.10 allows ..%5c directory traversal for reading files that contain credentials, as demonstrated by connectionLost.php.", "vendor": "Repetier", "product": "Repetier Server", "added_date": "2026-06-15T00:00:00.000Z", "cvss_score": 7.5, "epss_score": 0.05574, "cvss_severity": "HIGH", "epss_percentile": 0.91876, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}], "references": [{"id": "CVE-2023-31059", "url": "https://www.cve.org/CVERecord?id=CVE-2023-31059"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-31059"}]}, {"uuid": "5bd93969-31e7-466c-9711-ee910f5dcee3", "vulnerability": {"vulnId": "CVE-2024-32738", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "5bd93969-31e7-466c-9711-ee910f5dcee3"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-15T00:00:00+00:00"}, "timestamps": {"asserted_at": "2026-06-15T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-15T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: CyberPower PowerPanel Enterprise SQL Injection | Affected: CyberPower / CyberPower PowerPanel Enterprise | CVSS: 7.5 (HIGH) | EPSS: 0.04515 | Used in malware: unknown | Not yet in CISA KEV: True"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "CyberPower PowerPanel Enterprise SQL Injection", "vendor": "CyberPower", "product": "CyberPower PowerPanel Enterprise", "added_date": "2026-06-15T00:00:00.000Z", "cvss_score": 7.5, "epss_score": 0.04515, "cvss_severity": "HIGH", "epss_percentile": 0.90301, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}], "references": [{"id": "CVE-2024-32738", "url": "https://www.cve.org/CVERecord?id=CVE-2024-32738"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-32738"}]}, {"uuid": "e14d33b7-25bb-45fb-9b85-bc6645d7e782", "vulnerability": {"vulnId": "CVE-2025-27222", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "e14d33b7-25bb-45fb-9b85-bc6645d7e782"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-15T00:00:00+00:00"}, "timestamps": {"asserted_at": "2026-06-15T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-15T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: TRUfusion Enterprise through 7.10.4.0 uses the /trufusionPortal/getCobrandingData endpoint to retrieve files. However, the application doesn't... | Affected: Rocket Software / TRUfusion Enterprise | CVSS: 8.6 (HIGH) | EPSS: 0.01773 | Used in malware: unknown | Not yet in CISA KEV: True"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "TRUfusion Enterprise through 7.10.4.0 uses the /trufusionPortal/getCobrandingData endpoint to retrieve files. However, the application doesn't...", "vendor": "Rocket Software", "product": "TRUfusion Enterprise", "added_date": "2026-06-15T00:00:00.000Z", "cvss_score": 8.6, "epss_score": 0.01773, "cvss_severity": "HIGH", "epss_percentile": 0.75283, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}], "references": [{"id": "CVE-2025-27222", "url": "https://www.cve.org/CVERecord?id=CVE-2025-27222"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-27222"}]}, {"uuid": "0d092dd8-9f66-4d7e-a596-94fd1f4d74a4", "vulnerability": {"vulnId": "CVE-2024-27497", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "0d092dd8-9f66-4d7e-a596-94fd1f4d74a4"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-15T00:00:00+00:00"}, "timestamps": {"asserted_at": "2026-06-15T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-15T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Linksys E2000 Ver.1.0.06 build 1 is vulnerable to authentication bypass via the position.js file. | Affected: Linksys / E2000 | CVSS: 8.8 (HIGH) | EPSS: 0.2646 | Used in malware: unknown | Not yet in CISA KEV: True"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Linksys E2000 Ver.1.0.06 build 1 is vulnerable to authentication bypass via the position.js file.", "vendor": "Linksys", "product": "E2000", "added_date": "2026-06-15T00:00:00.000Z", "cvss_score": 8.8, "epss_score": 0.2646, "cvss_severity": "HIGH", "epss_percentile": 0.97752, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}], "references": [{"id": "CVE-2024-27497", "url": "https://www.cve.org/CVERecord?id=CVE-2024-27497"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-27497"}]}, {"uuid": "31cd8fcc-8b44-4807-857f-014211b10d4a", "vulnerability": {"vulnId": "CVE-2026-20262", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "31cd8fcc-8b44-4807-857f-014211b10d4a"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-15T00:00:00+00:00"}, "timestamps": {"asserted_at": "2026-06-15T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-15T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Cisco Catalyst SD-WAN Manager Arbitrary File Write Vulnerability | Affected: Cisco / Cisco Catalyst SD-WAN Manager | CVSS: 6.5 (MEDIUM) | EPSS: 0.01145 | Used in malware: unknown | Not yet in CISA KEV: False"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Cisco Catalyst SD-WAN Manager Arbitrary File Write Vulnerability", "vendor": "Cisco", "product": "Cisco Catalyst SD-WAN Manager", "added_date": "2026-06-15T00:00:00.000Z", "cvss_score": 6.5, "epss_score": 0.01145, "cvss_severity": "MEDIUM", "epss_percentile": 0.62597, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}], "references": [{"id": "CVE-2026-20262", "url": "https://www.cve.org/CVERecord?id=CVE-2026-20262"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-20262"}]}, {"uuid": "46ca9d3b-b316-454f-9b24-b87addf817b1", "vulnerability": {"vulnId": "CVE-2022-25485", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "46ca9d3b-b316-454f-9b24-b87addf817b1"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-15T00:00:00+00:00"}, "timestamps": {"asserted_at": "2026-06-15T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-15T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertLightbox.php. | Affected: CuppaCMS / CuppaCMS | CVSS: 7.8 (HIGH) | EPSS: 0.07927 | Used in malware: unknown | Not yet in CISA KEV: True"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertLightbox.php.", "vendor": "CuppaCMS", "product": "CuppaCMS", "added_date": "2026-06-15T00:00:00.000Z", "cvss_score": 7.8, "epss_score": 0.07927, "cvss_severity": "HIGH", "epss_percentile": 0.93983, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}], "references": [{"id": "CVE-2022-25485", "url": "https://www.cve.org/CVERecord?id=CVE-2022-25485"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-25485"}]}, {"uuid": "da332c3d-d822-41aa-ac44-a39da741fd25", "vulnerability": {"vulnId": "CVE-2024-31750", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "da332c3d-d822-41aa-ac44-a39da741fd25"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-15T00:00:00+00:00"}, "timestamps": {"asserted_at": "2026-06-15T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-15T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: SQL injection vulnerability in f-logic datacube3 v.1.0 allows a remote attacker to obtain sensitive information via the req_id parameter. | Affected: f-logic / datacube3 | CVSS: 9.8 (CRITICAL) | EPSS: 0.1942 | Used in malware: unknown | Not yet in CISA KEV: True"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "SQL injection vulnerability in f-logic datacube3 v.1.0 allows a remote attacker to obtain sensitive information via the req_id parameter.", "vendor": "f-logic", "product": "datacube3", "added_date": "2026-06-15T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.1942, "cvss_severity": "CRITICAL", "epss_percentile": 0.97017, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}], "references": [{"id": "CVE-2024-31750", "url": "https://www.cve.org/CVERecord?id=CVE-2024-31750"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-31750"}]}, {"uuid": "abbb1b27-fc04-40fa-b76e-e849a315db7e", "vulnerability": {"vulnId": "CVE-2022-25486", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "abbb1b27-fc04-40fa-b76e-e849a315db7e"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-15T00:00:00+00:00"}, "timestamps": {"asserted_at": "2026-06-15T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-15T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertConfigField.php. | Affected: CuppaCMS / CuppaCMS | CVSS: 7.8 (HIGH) | EPSS: 0.09966 | Used in malware: unknown | Not yet in CISA KEV: True"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertConfigField.php.", "vendor": "CuppaCMS", "product": "CuppaCMS", "added_date": "2026-06-15T00:00:00.000Z", "cvss_score": 7.8, "epss_score": 0.09966, "cvss_severity": "HIGH", "epss_percentile": 0.94998, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}], "references": [{"id": "CVE-2022-25486", "url": "https://www.cve.org/CVERecord?id=CVE-2022-25486"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-25486"}]}, {"uuid": "5ee10a93-2d01-4ce9-b596-39d0355e4cce", "vulnerability": {"vulnId": "CVE-2026-54420", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "5ee10a93-2d01-4ce9-b596-39d0355e4cce"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-14T04:01:15+00:00"}, "timestamps": {"asserted_at": "2026-06-14T04:01:15+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-14T04:01:15+00:00"}, "scope": {"notes": "KEVIntel entry: LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provided by a user with FTP or web... | Affected: LiteSpeed Technologies / cPanel Plugin | CVSS: 8.5 (HIGH) | EPSS: 0.00654 | Used in malware: unknown | Not yet in CISA KEV: False"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provided by a user with FTP or web...", "vendor": "LiteSpeed Technologies", "product": "cPanel Plugin", "added_date": "2026-06-14T04:01:15.820Z", "cvss_score": 8.5, "epss_score": 0.00654, "cvss_severity": "HIGH", "epss_percentile": 0.46447, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "hour", "count": 20}, "not_yet_in_cisa_kev": false}}], "references": [{"id": "CVE-2026-54420", "url": "https://www.cve.org/CVERecord?id=CVE-2026-54420"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-54420"}]}, {"uuid": "a751dd2b-ae10-42b7-b189-ac95f0bf993c", "vulnerability": {"vulnId": "CVE-2023-39796", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "a751dd2b-ae10-42b7-b189-ac95f0bf993c"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-14T00:00:00+00:00"}, "timestamps": {"asserted_at": "2026-06-14T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-14T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: SQL injection vulnerability in the miniform module in WBCE CMS v.1.6.0 allows remote unauthenticated attacker to execute arbitrary code via the... | Affected: WBCE / WBCE CMS | CVSS: 9.8 (CRITICAL) | EPSS: 0.06096 | Used in malware: unknown | Not yet in CISA KEV: True"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "SQL injection vulnerability in the miniform module in WBCE CMS v.1.6.0 allows remote unauthenticated attacker to execute arbitrary code via the...", "vendor": "WBCE", "product": "WBCE CMS", "added_date": "2026-06-14T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.06096, "cvss_severity": "CRITICAL", "epss_percentile": 0.92498, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}], "references": [{"id": "CVE-2023-39796", "url": "https://www.cve.org/CVERecord?id=CVE-2023-39796"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-39796"}]}, {"uuid": "7b0577d2-314f-4699-a229-249801590837", "vulnerability": {"vulnId": "CVE-2022-38296", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "7b0577d2-314f-4699-a229-249801590837"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-13T00:00:00+00:00"}, "timestamps": {"asserted_at": "2026-06-13T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-13T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Cuppa CMS v1.0 was discovered to contain an arbitrary file upload vulnerability via the File Manager. | Affected: Cuppa CMS / Cuppa CMS | CVSS: 9.8 (CRITICAL) | EPSS: 0.0377 | Used in malware: unknown | Not yet in CISA KEV: True"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Cuppa CMS v1.0 was discovered to contain an arbitrary file upload vulnerability via the File Manager.", "vendor": "Cuppa CMS", "product": "Cuppa CMS", "added_date": "2026-06-13T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.0377, "cvss_severity": "CRITICAL", "epss_percentile": 0.88535, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}], "references": [{"id": "CVE-2022-38296", "url": "https://www.cve.org/CVERecord?id=CVE-2022-38296"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-38296"}]}, {"uuid": "450831fe-2b65-4c13-b91e-060c8e1f043b", "vulnerability": {"vulnId": "CVE-2026-39808", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "450831fe-2b65-4c13-b91e-060c8e1f043b"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-12T13:59:12+00:00"}, "timestamps": {"asserted_at": "2026-06-12T13:59:12+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-12T13:59:12+00:00"}, "scope": {"notes": "KEVIntel entry: A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through... | Affected: Fortinet / FortiSandbox, FortiSandbox PaaS | CVSS: 9.8 (CRITICAL) | EPSS: 0.66168 | Used in malware: unknown | Not yet in CISA KEV: True"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through...", "vendor": "Fortinet", "product": "FortiSandbox, FortiSandbox PaaS", "added_date": "2026-06-12T13:59:12.791Z", "cvss_score": 9.8, "epss_score": 0.66168, "cvss_severity": "CRITICAL", "epss_percentile": 0.9918, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}], "references": [{"id": "CVE-2026-39808", "url": "https://www.cve.org/CVERecord?id=CVE-2026-39808"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-39808"}]}, {"uuid": "c2c8b36a-5c58-4d4c-9ffe-883b8202bcbb", "vulnerability": {"vulnId": "CVE-2021-31805", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "c2c8b36a-5c58-4d4c-9ffe-883b8202bcbb"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-12T00:32:51+00:00"}, "timestamps": {"asserted_at": "2026-06-12T00:32:51+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-12T00:32:51+00:00"}, "scope": {"notes": "KEVIntel entry: Forced OGNL evaluation, when evaluated on raw not validated user input in tag attributes, may lead to RCE. | Affected: Apache Software Foundation / Apache Struts | CVSS: 9.8 (CRITICAL) | EPSS: 0.85101 | Used in malware: unknown | Not yet in CISA KEV: True"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Forced OGNL evaluation, when evaluated on raw not validated user input in tag attributes, may lead to RCE.", "vendor": "Apache Software Foundation", "product": "Apache Struts", "added_date": "2026-06-12T00:32:51.325Z", "cvss_score": 9.8, "epss_score": 0.85101, "cvss_severity": "CRITICAL", "epss_percentile": 0.99684, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}], "references": [{"id": "CVE-2021-31805", "url": "https://www.cve.org/CVERecord?id=CVE-2021-31805"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-31805"}]}, {"uuid": "e9ba9e5d-7227-4a86-8275-c31e1b2aab8c", "vulnerability": {"vulnId": "CVE-2021-30128", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "e9ba9e5d-7227-4a86-8275-c31e1b2aab8c"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-12T00:32:50+00:00"}, "timestamps": {"asserted_at": "2026-06-12T00:32:50+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2026-06-12T00:32:50+00:00"}, "scope": {"notes": "KEVIntel entry: Unsafe deserialization in Apache OFBiz | Affected: Apache Software Foundation / Apache OFBiz | CVSS: 9.8 (CRITICAL) | EPSS: 0.81079 | Used in malware: unknown | Not yet in CISA KEV: True"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Unsafe deserialization in Apache OFBiz", "vendor": "Apache Software Foundation", "product": "Apache OFBiz", "added_date": "2026-06-12T00:32:50.259Z", "cvss_score": 9.8, "epss_score": 0.81079, "cvss_severity": "CRITICAL", "epss_percentile": 0.99583, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}], "references": [{"id": "CVE-2021-30128", "url": "https://www.cve.org/CVERecord?id=CVE-2021-30128"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-30128"}]}, {"uuid": "8f3b5b51-0f4b-4110-81fd-8ec81938d7c4", "vulnerability": {"vulnId": "CVE-2020-6286", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "8f3b5b51-0f4b-4110-81fd-8ec81938d7c4"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-12T00:32:46+00:00"}, "timestamps": {"asserted_at": "2026-06-12T00:32:46+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-12T00:32:46+00:00"}, "scope": {"notes": "KEVIntel entry: The insufficient input path validation of certain parameter in the web service of SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30,... | Affected: SAP SE / SAP NetWeaver AS JAVA (LM Configuration Wizard) | CVSS: 5.3 (MEDIUM) | EPSS: 0.28312 | Used in malware: unknown | Not yet in CISA KEV: True"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The insufficient input path validation of certain parameter in the web service of SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30,...", "vendor": "SAP SE", "product": "SAP NetWeaver AS JAVA (LM Configuration Wizard)", "added_date": "2026-06-12T00:32:46.583Z", "cvss_score": 5.3, "epss_score": 0.28312, "cvss_severity": "MEDIUM", "epss_percentile": 0.97872, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}], "references": [{"id": "CVE-2020-6286", "url": "https://www.cve.org/CVERecord?id=CVE-2020-6286"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-6286"}]}, {"uuid": "3a1e6236-2c1e-44c0-a25d-0049adc05c2f", "vulnerability": {"vulnId": "CVE-2026-35273", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "3a1e6236-2c1e-44c0-a25d-0049adc05c2f"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-11T20:20:23+00:00"}, "timestamps": {"asserted_at": "2026-06-11T20:20:23+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-11T20:20:23+00:00"}, "scope": {"notes": "KEVIntel entry: Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Management). Supported versions... | Affected: Oracle Corporation / PeopleSoft Enterprise PeopleTools | CVSS: 9.8 (CRITICAL) | EPSS: 0.00717 | Used in malware: yes | Not yet in CISA KEV: False"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Management). Supported versions...", "vendor": "Oracle Corporation", "product": "PeopleSoft Enterprise PeopleTools", "added_date": "2026-06-11T20:20:23.651Z", "cvss_score": 9.8, "epss_score": 0.00717, "cvss_severity": "CRITICAL", "epss_percentile": 0.48925, "used_in_malware": "yes", "ahead_of_cisa_kev": {"unit": "hour", "count": 4}, "not_yet_in_cisa_kev": false}}], "references": [{"id": "CVE-2026-35273", "url": "https://www.cve.org/CVERecord?id=CVE-2026-35273"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-35273"}]}, {"uuid": "7cca623f-6e18-4cb6-b221-dc0e78595a5c", "vulnerability": {"vulnId": "CVE-2026-10795", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "7cca623f-6e18-4cb6-b221-dc0e78595a5c"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-11T07:20:32+00:00"}, "timestamps": {"asserted_at": "2026-06-11T07:20:32+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-11T07:20:32+00:00"}, "scope": {"notes": "KEVIntel entry: UpdraftPlus: WP Backup & Migration Plugin <= 1.26.4 - Unauthenticated Authentication Bypass via UpdraftCentral udrpc | Affected: davidanderson / UpdraftPlus: WP Backup & Migration Plugin | CVSS: 8.1 (HIGH) | EPSS: 0.01252 | Used in malware: unknown | Not yet in CISA KEV: True"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "UpdraftPlus: WP Backup & Migration Plugin <= 1.26.4 - Unauthenticated Authentication Bypass via UpdraftCentral udrpc", "vendor": "davidanderson", "product": "UpdraftPlus: WP Backup & Migration Plugin", "added_date": "2026-06-11T07:20:32.076Z", "cvss_score": 8.1, "epss_score": 0.01252, "cvss_severity": "HIGH", "epss_percentile": 0.65563, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}], "references": [{"id": "CVE-2026-10795", "url": "https://www.cve.org/CVERecord?id=CVE-2026-10795"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-10795"}]}, {"uuid": "ecd01b57-baf6-4215-b130-c74a585ee5c0", "vulnerability": {"vulnId": "CVE-2025-5821", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "ecd01b57-baf6-4215-b130-c74a585ee5c0"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-11T00:20:49+00:00"}, "timestamps": {"asserted_at": "2026-06-11T00:20:49+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-11T00:20:49+00:00"}, "scope": {"notes": "KEVIntel entry: Case Theme User <= 1.0.3 - Authentication Bypass via Social Login | Affected: Case-Themes / Case Theme User | CVSS: 9.8 (CRITICAL) | EPSS: 0.00714 | Used in malware: unknown | Not yet in CISA KEV: True"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Case Theme User <= 1.0.3 - Authentication Bypass via Social Login", "vendor": "Case-Themes", "product": "Case Theme User", "added_date": "2026-06-11T00:20:49.551Z", "cvss_score": 9.8, "epss_score": 0.00714, "cvss_severity": "CRITICAL", "epss_percentile": 0.48822, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}], "references": [{"id": "CVE-2025-5821", "url": "https://www.cve.org/CVERecord?id=CVE-2025-5821"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-5821"}]}, {"uuid": "e672aea8-6ef3-4acc-854b-e88dff8c8a61", "vulnerability": {"vulnId": "CVE-2026-5027", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "e672aea8-6ef3-4acc-854b-e88dff8c8a61"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-10T16:20:36+00:00"}, "timestamps": {"asserted_at": "2026-06-10T16:20:36+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-10T16:20:36+00:00"}, "scope": {"notes": "KEVIntel entry: Langflow - Path Traversal Arbitrary File Write via upload_user_file | Affected: langflow-ai / langflow | CVSS: 8.8 (HIGH) | EPSS: 0.02289 | Used in malware: unknown | Not yet in CISA KEV: True"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Langflow - Path Traversal Arbitrary File Write via upload_user_file", "vendor": "langflow-ai", "product": "langflow", "added_date": "2026-06-10T16:20:36.494Z", "cvss_score": 8.8, "epss_score": 0.02289, "cvss_severity": "HIGH", "epss_percentile": 0.80961, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}], "references": [{"id": "CVE-2026-5027", "url": "https://www.cve.org/CVERecord?id=CVE-2026-5027"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-5027"}]}, {"uuid": "524a908a-0142-4138-b5a9-f396e4e36e0c", "vulnerability": {"vulnId": "CVE-2026-10520", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "524a908a-0142-4138-b5a9-f396e4e36e0c"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-10T09:50:00+00:00"}, "timestamps": {"asserted_at": "2026-06-10T09:50:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-10T09:50:00+00:00"}, "scope": {"notes": "KEVIntel entry: An OS Command Injection vulnerability\u00a0in Ivanti\u00a0Sentry before\u00a0the\u00a0R10.5.2, R10.6.2 and R10.7.1\u00a0versions\u00a0allows\u00a0a remote unauthenticated user to... | Affected: ivanti / Sentry | CVSS: 10.0 (CRITICAL) | EPSS: 0.59524 | Used in malware: unknown | Not yet in CISA KEV: False"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An OS Command Injection vulnerability\u00a0in Ivanti\u00a0Sentry before\u00a0the\u00a0R10.5.2, R10.6.2 and R10.7.1\u00a0versions\u00a0allows\u00a0a remote unauthenticated user to...", "vendor": "ivanti", "product": "Sentry", "added_date": "2026-06-10T09:50:00.000Z", "cvss_score": 10.0, "epss_score": 0.59524, "cvss_severity": "CRITICAL", "epss_percentile": 0.99005, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}], "references": [{"id": "CVE-2026-10520", "url": "https://www.cve.org/CVERecord?id=CVE-2026-10520"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-10520"}]}, {"uuid": "45a952dd-c3c3-429b-85e8-2265f8f5adc9", "vulnerability": {"vulnId": "CVE-2026-11645", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "45a952dd-c3c3-429b-85e8-2265f8f5adc9"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-09T13:20:17+00:00"}, "timestamps": {"asserted_at": "2026-06-09T13:20:17+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-09T13:20:17+00:00"}, "scope": {"notes": "KEVIntel entry: Out of bounds read and write in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox... | Affected: Google / Chrome | CVSS: 8.8 (HIGH) | EPSS: 0.00713 | Used in malware: unknown | Not yet in CISA KEV: False"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Out of bounds read and write in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox...", "vendor": "Google", "product": "Chrome", "added_date": "2026-06-09T13:20:17.736Z", "cvss_score": 8.8, "epss_score": 0.00713, "cvss_severity": "HIGH", "epss_percentile": 0.48789, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "hour", "count": 5}, "not_yet_in_cisa_kev": false}}], "references": [{"id": "CVE-2026-11645", "url": "https://www.cve.org/CVERecord?id=CVE-2026-11645"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-11645"}]}, {"uuid": "789dd99a-1e53-44a1-a731-dac63a350697", "vulnerability": {"vulnId": "CVE-2026-34910", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "789dd99a-1e53-44a1-a731-dac63a350697"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-09T08:18:00+00:00"}, "timestamps": {"asserted_at": "2026-06-09T08:18:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-09T08:18:00+00:00"}, "scope": {"notes": "KEVIntel entry: A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a... | Affected: Ubiquiti Inc / UniFi OS Server, UDM, UDM-Pro, UDM-SE, UDM-Pro-Max, UDM-Beast, EFG, UDW, UDR, UDR7, UDR-5G, Express 7, UNVR, UNVR-Pro, UNVR-Instant, UNVR-G2, UNVR-G2-Pro, ENVR, ENVR-Core, UNAS-2, UNAS-4, UNAS-Pro, UNAS-Pro-4, UNAS-Pro-8, UCKP, UCK, UCK-Enterprise, UCG-Ultra, UCG-Max, UCG-Fiber, UCG-Industrial | CVSS: 10.0 (CRITICAL) | EPSS: 0.04509 | Used in malware: unknown | Not yet in CISA KEV: True"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a...", "vendor": "Ubiquiti Inc", "product": "UniFi OS Server, UDM, UDM-Pro, UDM-SE, UDM-Pro-Max, UDM-Beast, EFG, UDW, UDR, UDR7, UDR-5G, Express 7, UNVR, UNVR-Pro, UNVR-Instant, UNVR-G2, UNVR-G2-Pro, ENVR, ENVR-Core, UNAS-2, UNAS-4, UNAS-Pro, UNAS-Pro-4, UNAS-Pro-8, UCKP, UCK, UCK-Enterprise, UCG-Ultra, UCG-Max, UCG-Fiber, UCG-Industrial", "added_date": "2026-06-09T08:18:00.000Z", "cvss_score": 10.0, "epss_score": 0.04509, "cvss_severity": "CRITICAL", "epss_percentile": 0.9029, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}], "references": [{"id": "CVE-2026-34910", "url": "https://www.cve.org/CVERecord?id=CVE-2026-34910"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-34910"}]}, {"uuid": "8d69f7cd-4645-4528-8084-410d4e004779", "vulnerability": {"vulnId": "CVE-2026-34909", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "8d69f7cd-4645-4528-8084-410d4e004779"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-09T07:29:00+00:00"}, "timestamps": {"asserted_at": "2026-06-09T07:29:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-09T07:29:00+00:00"}, "scope": {"notes": "KEVIntel entry: A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the... | Affected: Ubiquiti Inc / UniFi OS Server, Express, UDM, UDM-Pro, UDM-SE, UDM-Pro-Max, UDM-Beast, EFG, UDW, UDR, UDR7, UDR-5G, Express 7, UNVR, UNVR-Pro, UNVR-Instant, UNVR-G2, UNVR-G2-Pro, ENVR, ENVR-Core, UNAS-2, UNAS-4, UNAS-Pro, UNAS-Pro-4, UNAS-Pro-8, UCKP, UCK, UCK-Enterprise, UCG-Ultra, UCG-Max, UCG-Fiber, UCG-Industrial | CVSS: 10.0 (CRITICAL) | EPSS: 0.00623 | Used in malware: unknown | Not yet in CISA KEV: True"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the...", "vendor": "Ubiquiti Inc", "product": "UniFi OS Server, Express, UDM, UDM-Pro, UDM-SE, UDM-Pro-Max, UDM-Beast, EFG, UDW, UDR, UDR7, UDR-5G, Express 7, UNVR, UNVR-Pro, UNVR-Instant, UNVR-G2, UNVR-G2-Pro, ENVR, ENVR-Core, UNAS-2, UNAS-4, UNAS-Pro, UNAS-Pro-4, UNAS-Pro-8, UCKP, UCK, UCK-Enterprise, UCG-Ultra, UCG-Max, UCG-Fiber, UCG-Industrial", "added_date": "2026-06-09T07:29:00.000Z", "cvss_score": 10.0, "epss_score": 0.00623, "cvss_severity": "CRITICAL", "epss_percentile": 0.45123, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}], "references": [{"id": "CVE-2026-34909", "url": "https://www.cve.org/CVERecord?id=CVE-2026-34909"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-34909"}]}, {"uuid": "614d811c-34aa-48e0-ad83-76e5891e175c", "vulnerability": {"vulnId": "CVE-2026-34908", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "614d811c-34aa-48e0-ad83-76e5891e175c"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-09T07:27:00+00:00"}, "timestamps": {"asserted_at": "2026-06-09T07:27:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-09T07:27:00+00:00"}, "scope": {"notes": "KEVIntel entry: A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized... | Affected: Ubiquiti Inc / UniFi OS Server, UDM, UDM-Pro, UDM-SE, UDM-Pro-Max, UDM-Beast, EFG, UDW, UDR, UDR7, UDR-5G, Express 7, UNVR, UNVR-Pro, UNVR-Instant, UNVR-G2, UNVR-G2-Pro, ENVR, ENVR-Core, UNAS-2, UNAS-4, UNAS-Pro, UNAS-Pro-4, UNAS-Pro-8, UCKP, UCK, UCK-Enterprise, UCG-Ultra, UCG-Max, UCG-Fiber, UCG-Industrial | CVSS: 10.0 (CRITICAL) | EPSS: 0.00565 | Used in malware: unknown | Not yet in CISA KEV: True"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized...", "vendor": "Ubiquiti Inc", "product": "UniFi OS Server, UDM, UDM-Pro, UDM-SE, UDM-Pro-Max, UDM-Beast, EFG, UDW, UDR, UDR7, UDR-5G, Express 7, UNVR, UNVR-Pro, UNVR-Instant, UNVR-G2, UNVR-G2-Pro, ENVR, ENVR-Core, UNAS-2, UNAS-4, UNAS-Pro, UNAS-Pro-4, UNAS-Pro-8, UCKP, UCK, UCK-Enterprise, UCG-Ultra, UCG-Max, UCG-Fiber, UCG-Industrial", "added_date": "2026-06-09T07:27:00.000Z", "cvss_score": 10.0, "epss_score": 0.00565, "cvss_severity": "CRITICAL", "epss_percentile": 0.42425, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}], "references": [{"id": "CVE-2026-34908", "url": "https://www.cve.org/CVERecord?id=CVE-2026-34908"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-34908"}]}, {"uuid": "8c62718f-8b3d-436a-999b-a63f5a1c748b", "vulnerability": {"vulnId": "CVE-2026-42271", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "8c62718f-8b3d-436a-999b-a63f5a1c748b"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-08T18:00:45+00:00"}, "timestamps": {"asserted_at": "2026-06-08T18:00:45+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-08T18:00:45+00:00"}, "scope": {"notes": "KEVIntel entry: LiteLLM: Authenticated command execution via MCP stdio test endpoints | Affected: BerriAI / litellm | CVSS: 8.7 (HIGH) | EPSS: 0.53701 | Used in malware: unknown | Not yet in CISA KEV: False"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "LiteLLM: Authenticated command execution via MCP stdio test endpoints", "vendor": "BerriAI", "product": "litellm", "added_date": "2026-06-08T18:00:45.030Z", "cvss_score": 8.7, "epss_score": 0.53701, "cvss_severity": "HIGH", "epss_percentile": 0.98862, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}], "references": [{"id": "CVE-2026-42271", "url": "https://www.cve.org/CVERecord?id=CVE-2026-42271"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-42271"}]}, {"uuid": "c1e58597-3eee-4787-8148-4a312f0b967b", "vulnerability": {"vulnId": "CVE-2026-50751", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "c1e58597-3eee-4787-8148-4a312f0b967b"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-08T14:20:34+00:00"}, "timestamps": {"asserted_at": "2026-06-08T14:20:34+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-08T14:20:34+00:00"}, "scope": {"notes": "KEVIntel entry: User Authentication Bypass in VPN Remote Access and Mobile Access | Affected: checkpoint / Quantum Security Gateway, Spark Firewalls | CVSS: 9.3 (CRITICAL) | EPSS: 0.41152 | Used in malware: yes | Not yet in CISA KEV: False"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "User Authentication Bypass in VPN Remote Access and Mobile Access", "vendor": "checkpoint", "product": "Quantum Security Gateway, Spark Firewalls", "added_date": "2026-06-08T14:20:34.968Z", "cvss_score": 9.3, "epss_score": 0.41152, "cvss_severity": "CRITICAL", "epss_percentile": 0.98488, "used_in_malware": "yes", "ahead_of_cisa_kev": {"unit": "hour", "count": 6}, "not_yet_in_cisa_kev": false}}], "references": [{"id": "CVE-2026-50751", "url": "https://www.cve.org/CVERecord?id=CVE-2026-50751"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-50751"}]}, {"uuid": "d4e84ef9-8458-44b2-96cc-b23d22436339", "vulnerability": {"vulnId": "CVE-2025-8085", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "d4e84ef9-8458-44b2-96cc-b23d22436339"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-08T00:00:00+00:00"}, "timestamps": {"asserted_at": "2026-06-08T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-08T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Ditty < 3.1.58 - Unauthenticated SSRF | Affected: Unknown / Ditty | CVSS: 8.6 (HIGH) | EPSS: 0.16399 | Used in malware: unknown | Not yet in CISA KEV: True"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Ditty < 3.1.58 - Unauthenticated SSRF", "vendor": "Unknown", "product": "Ditty", "added_date": "2026-06-08T00:00:00.000Z", "cvss_score": 8.6, "epss_score": 0.16399, "cvss_severity": "HIGH", "epss_percentile": 0.96574, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}], "references": [{"id": "CVE-2025-8085", "url": "https://www.cve.org/CVERecord?id=CVE-2025-8085"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-8085"}]}, {"uuid": "fe680b89-8e0f-41e6-b048-c945f16a2fb0", "vulnerability": {"vulnId": "CVE-2025-61666", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "fe680b89-8e0f-41e6-b048-c945f16a2fb0"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-08T00:00:00+00:00"}, "timestamps": {"asserted_at": "2026-06-08T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-08T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Traccar Unauthenticated Local File Inclusion on Windows - Leakage of Traccar Config File | Affected: traccar / traccar | CVSS: 8.7 (HIGH) | EPSS: 0.01214 | Used in malware: unknown | Not yet in CISA KEV: True"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Traccar Unauthenticated Local File Inclusion on Windows - Leakage of Traccar Config File", "vendor": "traccar", "product": "traccar", "added_date": "2026-06-08T00:00:00.000Z", "cvss_score": 8.7, "epss_score": 0.01214, "cvss_severity": "HIGH", "epss_percentile": 0.6458, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}], "references": [{"id": "CVE-2025-61666", "url": "https://www.cve.org/CVERecord?id=CVE-2025-61666"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-61666"}]}, {"uuid": "043a8e22-8194-4c18-97c2-fc5b2d131011", "vulnerability": {"vulnId": "CVE-2021-33544", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "043a8e22-8194-4c18-97c2-fc5b2d131011"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-08T00:00:00+00:00"}, "timestamps": {"asserted_at": "2026-06-08T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-08T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: UDP Technology/Geutebr\u00fcck camera devices: command injection leading to RCE | Affected: Geutebr\u00fcck / E2 Series, Encoder G-Code | CVSS: 7.2 (HIGH) | EPSS: 0.94622 | Used in malware: unknown | Not yet in CISA KEV: True"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "UDP Technology/Geutebr\u00fcck camera devices: command injection leading to RCE", "vendor": "Geutebr\u00fcck", "product": "E2 Series, Encoder G-Code", "added_date": "2026-06-08T00:00:00.000Z", "cvss_score": 7.2, "epss_score": 0.94622, "cvss_severity": "HIGH", "epss_percentile": 0.99846, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}], "references": [{"id": "CVE-2021-33544", "url": "https://www.cve.org/CVERecord?id=CVE-2021-33544"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-33544"}]}, {"uuid": "06c1eef2-ecfa-4fc6-9df6-a8c27e83ad6b", "vulnerability": {"vulnId": "CVE-2022-34121", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "06c1eef2-ecfa-4fc6-9df6-a8c27e83ad6b"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-07T00:00:00+00:00"}, "timestamps": {"asserted_at": "2026-06-07T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Cuppa CMS v1.0 was discovered to contain a local file inclusion (LFI) vulnerability via the component /templates/default/html/windows/right.php. | Affected: Cuppa CMS / Cuppa CMS | CVSS: 7.5 (HIGH) | EPSS: 0.02955 | Used in malware: unknown | Not yet in CISA KEV: True"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Cuppa CMS v1.0 was discovered to contain a local file inclusion (LFI) vulnerability via the component /templates/default/html/windows/right.php.", "vendor": "Cuppa CMS", "product": "Cuppa CMS", "added_date": "2026-06-07T00:00:00.000Z", "cvss_score": 7.5, "epss_score": 0.02955, "cvss_severity": "HIGH", "epss_percentile": 0.85396, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}], "references": [{"id": "CVE-2022-34121", "url": "https://www.cve.org/CVERecord?id=CVE-2022-34121"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-34121"}]}, {"uuid": "2955fb61-dff0-4860-8482-30dd296f0658", "vulnerability": {"vulnId": "CVE-2021-3577", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "2955fb61-dff0-4860-8482-30dd296f0658"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-07T00:00:00+00:00"}, "timestamps": {"asserted_at": "2026-06-07T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An unauthenticated remote code execution vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker... | Affected: Motorola / Binatone Hubble Cameras | CVSS: 8.8 (HIGH) | EPSS: 0.59893 | Used in malware: unknown | Not yet in CISA KEV: True"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An unauthenticated remote code execution vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker...", "vendor": "Motorola", "product": "Binatone Hubble Cameras", "added_date": "2026-06-07T00:00:00.000Z", "cvss_score": 8.8, "epss_score": 0.59893, "cvss_severity": "HIGH", "epss_percentile": 0.99014, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}], "references": [{"id": "CVE-2021-3577", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3577"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-3577"}]}, {"uuid": "b325b9f4-ca8e-4569-9e41-2566ca4697d7", "vulnerability": {"vulnId": "CVE-2021-20166", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "b325b9f4-ca8e-4569-9e41-2566ca4697d7"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-07T00:00:00+00:00"}, "timestamps": {"asserted_at": "2026-06-07T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Netgear RAX43 version 1.0.3.96 contains a buffer overrun vulnerability. The URL parsing functionality in the cgi-bin endpoint of the router... | Affected: Netgear / RAX43 | CVSS: 8.8 (HIGH) | EPSS: 0.02177 | Used in malware: unknown | Not yet in CISA KEV: True"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Netgear RAX43 version 1.0.3.96 contains a buffer overrun vulnerability. The URL parsing functionality in the cgi-bin endpoint of the router...", "vendor": "Netgear", "product": "RAX43", "added_date": "2026-06-07T00:00:00.000Z", "cvss_score": 8.8, "epss_score": 0.02177, "cvss_severity": "HIGH", "epss_percentile": 0.79988, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}], "references": [{"id": "CVE-2021-20166", "url": "https://www.cve.org/CVERecord?id=CVE-2021-20166"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-20166"}]}, {"uuid": "1d21810f-0dd8-47e0-aa7a-5040d65276d4", "vulnerability": {"vulnId": "CVE-2022-3801", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "1d21810f-0dd8-47e0-aa7a-5040d65276d4"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-07T00:00:00+00:00"}, "timestamps": {"asserted_at": "2026-06-07T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: IBAX go-ibax rowsInfo sql injection | Affected: IBAX / go-ibax | CVSS: 6.3 (MEDIUM) | EPSS: 0.30082 | Used in malware: unknown | Not yet in CISA KEV: True"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "IBAX go-ibax rowsInfo sql injection", "vendor": "IBAX", "product": "go-ibax", "added_date": "2026-06-07T00:00:00.000Z", "cvss_score": 6.3, "epss_score": 0.30082, "cvss_severity": "MEDIUM", "epss_percentile": 0.97976, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}], "references": [{"id": "CVE-2022-3801", "url": "https://www.cve.org/CVERecord?id=CVE-2022-3801"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-3801"}]}, {"uuid": "2225e278-0b76-47ce-bad4-ba058ba0a064", "vulnerability": {"vulnId": "CVE-2024-55457", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "2225e278-0b76-47ce-bad4-ba058ba0a064"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-07T00:00:00+00:00"}, "timestamps": {"asserted_at": "2026-06-07T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: MasterSAM Star Gate 11 is vulnerable to directory traversal via /adama/adama/downloadService. An attacker can exploit this vulnerability by... | Affected: MasterSAM / Star Gate 11 | CVSS: 6.5 (MEDIUM) | EPSS: 0.03012 | Used in malware: unknown | Not yet in CISA KEV: True"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "MasterSAM Star Gate 11 is vulnerable to directory traversal via /adama/adama/downloadService. An attacker can exploit this vulnerability by...", "vendor": "MasterSAM", "product": "Star Gate 11", "added_date": "2026-06-07T00:00:00.000Z", "cvss_score": 6.5, "epss_score": 0.03012, "cvss_severity": "MEDIUM", "epss_percentile": 0.85684, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}], "references": [{"id": "CVE-2024-55457", "url": "https://www.cve.org/CVERecord?id=CVE-2024-55457"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-55457"}]}, {"uuid": "a50013b6-0888-4e93-a867-fed077da58ce", "vulnerability": {"vulnId": "CVE-2026-1405", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "a50013b6-0888-4e93-a867-fed077da58ce"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-07T00:00:00+00:00"}, "timestamps": {"asserted_at": "2026-06-07T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Slider Future <= 1.0.5 - Unauthenticated Arbitrary File Upload | Affected: franchidesign / Slider Future | CVSS: 9.8 (CRITICAL) | EPSS: 0.03177 | Used in malware: unknown | Not yet in CISA KEV: True"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Slider Future <= 1.0.5 - Unauthenticated Arbitrary File Upload", "vendor": "franchidesign", "product": "Slider Future", "added_date": "2026-06-07T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.03177, "cvss_severity": "CRITICAL", "epss_percentile": 0.86392, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}], "references": [{"id": "CVE-2026-1405", "url": "https://www.cve.org/CVERecord?id=CVE-2026-1405"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-1405"}]}, {"uuid": "ec5ec735-4446-4939-ac59-1815cf146b01", "vulnerability": {"vulnId": "CVE-2023-4490", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "ec5ec735-4446-4939-ac59-1815cf146b01"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-07T00:00:00+00:00"}, "timestamps": {"asserted_at": "2026-06-07T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: WP Job Portal < 2.0.6 - Unauthenticated SQLi | Affected: Unknown / WP Job Portal | CVSS: 9.8 (CRITICAL) | EPSS: 0.03122 | Used in malware: unknown | Not yet in CISA KEV: True"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "WP Job Portal < 2.0.6 - Unauthenticated SQLi", "vendor": "Unknown", "product": "WP Job Portal", "added_date": "2026-06-07T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.03122, "cvss_severity": "CRITICAL", "epss_percentile": 0.86164, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}], "references": [{"id": "CVE-2023-4490", "url": "https://www.cve.org/CVERecord?id=CVE-2023-4490"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-4490"}]}, {"uuid": "a42dd5ea-9004-46d0-afd7-97f0d9969e18", "vulnerability": {"vulnId": "CVE-2024-8752", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "a42dd5ea-9004-46d0-afd7-97f0d9969e18"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-07T00:00:00+00:00"}, "timestamps": {"asserted_at": "2026-06-07T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: WebIQ 2.15.9 Runtime on Windows - Directory Traversal Vulnerability | Affected: Smart HMI / WebIQ | CVSS: 9.3 (CRITICAL) | EPSS: 0.1166 | Used in malware: unknown | Not yet in CISA KEV: True"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "WebIQ 2.15.9 Runtime on Windows - Directory Traversal Vulnerability", "vendor": "Smart HMI", "product": "WebIQ", "added_date": "2026-06-07T00:00:00.000Z", "cvss_score": 9.3, "epss_score": 0.1166, "cvss_severity": "CRITICAL", "epss_percentile": 0.9551, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}], "references": [{"id": "CVE-2024-8752", "url": "https://www.cve.org/CVERecord?id=CVE-2024-8752"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-8752"}]}, {"uuid": "f772a712-c920-4196-873f-d2c9bc456e5b", "vulnerability": {"vulnId": "CVE-2021-24227", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "f772a712-c920-4196-873f-d2c9bc456e5b"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-07T00:00:00+00:00"}, "timestamps": {"asserted_at": "2026-06-07T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Patreon WordPress < 1.7.0 - Unauthenticated Local File Disclosure | Affected: Unknown / Patreon WordPress | CVSS: 7.5 (HIGH) | EPSS: 0.05879 | Used in malware: unknown | Not yet in CISA KEV: True"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Patreon WordPress < 1.7.0 - Unauthenticated Local File Disclosure", "vendor": "Unknown", "product": "Patreon WordPress", "added_date": "2026-06-07T00:00:00.000Z", "cvss_score": 7.5, "epss_score": 0.05879, "cvss_severity": "HIGH", "epss_percentile": 0.92266, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}], "references": [{"id": "CVE-2021-24227", "url": "https://www.cve.org/CVERecord?id=CVE-2021-24227"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-24227"}]}, {"uuid": "13ae7f9e-6561-4080-887d-7960d8c16c26", "vulnerability": {"vulnId": "CVE-2024-39713", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "13ae7f9e-6561-4080-887d-7960d8c16c26"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-07T00:00:00+00:00"}, "timestamps": {"asserted_at": "2026-06-07T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A Server-Side Request Forgery (SSRF) affects Rocket.Chat's Twilio webhook endpoint before version 6.10.1. | Affected: Rocket.Chat / Rocket.Chat | CVSS: 8.6 (HIGH) | EPSS: 0.03201 | Used in malware: unknown | Not yet in CISA KEV: True"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A Server-Side Request Forgery (SSRF) affects Rocket.Chat's Twilio webhook endpoint before version 6.10.1.", "vendor": "Rocket.Chat", "product": "Rocket.Chat", "added_date": "2026-06-07T00:00:00.000Z", "cvss_score": 8.6, "epss_score": 0.03201, "cvss_severity": "HIGH", "epss_percentile": 0.86478, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}], "references": [{"id": "CVE-2024-39713", "url": "https://www.cve.org/CVERecord?id=CVE-2024-39713"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-39713"}]}, {"uuid": "30447ca0-f03f-499c-979b-584a06b8a6e0", "vulnerability": {"vulnId": "CVE-2017-10974", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "30447ca0-f03f-499c-979b-584a06b8a6e0"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-07T00:00:00+00:00"}, "timestamps": {"asserted_at": "2026-06-07T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Yaws 1.91 allows Unauthenticated Remote File Disclosure via HTTP Directory Traversal with /%5C../ to port 8080. NOTE: this CVE is only about use of... | Affected: Yaws / Yaws | CVSS: 7.5 (HIGH) | EPSS: 0.81028 | Used in malware: unknown | Not yet in CISA KEV: True"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Yaws 1.91 allows Unauthenticated Remote File Disclosure via HTTP Directory Traversal with /%5C../ to port 8080. NOTE: this CVE is only about use of...", "vendor": "Yaws", "product": "Yaws", "added_date": "2026-06-07T00:00:00.000Z", "cvss_score": 7.5, "epss_score": 0.81028, "cvss_severity": "HIGH", "epss_percentile": 0.99583, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}], "references": [{"id": "CVE-2017-10974", "url": "https://www.cve.org/CVERecord?id=CVE-2017-10974"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2017-10974"}]}, {"uuid": "b9136156-40a3-4533-814a-60ec73db4a21", "vulnerability": {"vulnId": "CVE-2021-27358", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "b9136156-40a3-4533-814a-60ec73db4a21"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-07T00:00:00+00:00"}, "timestamps": {"asserted_at": "2026-06-07T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The snapshot feature in Grafana 6.7.3 through 7.4.1 can allow an unauthenticated remote attackers to trigger a Denial of Service via a remote API... | Affected: Grafana Labs / Grafana | CVSS: 7.5 (HIGH) | EPSS: 0.83042 | Used in malware: unknown | Not yet in CISA KEV: True"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The snapshot feature in Grafana 6.7.3 through 7.4.1 can allow an unauthenticated remote attackers to trigger a Denial of Service via a remote API...", "vendor": "Grafana Labs", "product": "Grafana", "added_date": "2026-06-07T00:00:00.000Z", "cvss_score": 7.5, "epss_score": 0.83042, "cvss_severity": "HIGH", "epss_percentile": 0.99636, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}], "references": [{"id": "CVE-2021-27358", "url": "https://www.cve.org/CVERecord?id=CVE-2021-27358"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-27358"}]}, {"uuid": "f3ca5deb-7413-4e2a-b849-79dcb61a0144", "vulnerability": {"vulnId": "CVE-2021-41569", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "f3ca5deb-7413-4e2a-b849-79dcb61a0144"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-07T00:00:00+00:00"}, "timestamps": {"asserted_at": "2026-06-07T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: SAS/Intrnet 9.4 build 1520 and earlier allows Local File Inclusion. The samples library (included by default) in the appstart.sas file, allows... | Affected: SAS Institute Inc. / SAS/Intrnet | CVSS: 7.5 (HIGH) | EPSS: 0.07845 | Used in malware: unknown | Not yet in CISA KEV: True"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "SAS/Intrnet 9.4 build 1520 and earlier allows Local File Inclusion. The samples library (included by default) in the appstart.sas file, allows...", "vendor": "SAS Institute Inc.", "product": "SAS/Intrnet", "added_date": "2026-06-07T00:00:00.000Z", "cvss_score": 7.5, "epss_score": 0.07845, "cvss_severity": "HIGH", "epss_percentile": 0.9393, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}], "references": [{"id": "CVE-2021-41569", "url": "https://www.cve.org/CVERecord?id=CVE-2021-41569"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-41569"}]}, {"uuid": "11c78b06-b8d5-4925-82f4-dccfb9125efa", "vulnerability": {"vulnId": "CVE-2022-34753", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "11c78b06-b8d5-4925-82f4-dccfb9125efa"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-07T00:00:00+00:00"}, "timestamps": {"asserted_at": "2026-06-07T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-07T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote... | Affected: Schneider Electric / SpaceLogic C-Bus Home Controller | CVSS: 8.8 (HIGH) | EPSS: 0.71084 | Used in malware: unknown | Not yet in CISA KEV: True"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote...", "vendor": "Schneider Electric", "product": "SpaceLogic C-Bus Home Controller", "added_date": "2026-06-07T00:00:00.000Z", "cvss_score": 8.8, "epss_score": 0.71084, "cvss_severity": "HIGH", "epss_percentile": 0.99326, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}], "references": [{"id": "CVE-2022-34753", "url": "https://www.cve.org/CVERecord?id=CVE-2022-34753"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-34753"}]}, {"uuid": "142dabd1-c666-4391-b6ee-294c380514be", "vulnerability": {"vulnId": "CVE-2021-21805", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "142dabd1-c666-4391-b6ee-294c380514be"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-06T00:00:00+00:00"}, "timestamps": {"asserted_at": "2026-06-06T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-06T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An OS Command Injection vulnerability exists in the ping.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). A specially crafted... | Affected: Advantech / R-SeeNet | CVSS: 9.8 (CRITICAL) | EPSS: 0.69631 | Used in malware: unknown | Not yet in CISA KEV: True"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An OS Command Injection vulnerability exists in the ping.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). A specially crafted...", "vendor": "Advantech", "product": "R-SeeNet", "added_date": "2026-06-06T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.69631, "cvss_severity": "CRITICAL", "epss_percentile": 0.99279, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}], "references": [{"id": "CVE-2021-21805", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21805"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-21805"}]}, {"uuid": "77004d97-6fdc-4f76-8cc6-6d7aac2229d9", "vulnerability": {"vulnId": "CVE-2021-27670", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "77004d97-6fdc-4f76-8cc6-6d7aac2229d9"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-06T00:00:00+00:00"}, "timestamps": {"asserted_at": "2026-06-06T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-06T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Appspace 6.2.4 allows SSRF via the api/v1/core/proxy/jsonprequest url parameter. | Affected: Appspace / Appspace 6.2.4 | CVSS: 9.8 (CRITICAL) | EPSS: 0.60404 | Used in malware: unknown | Not yet in CISA KEV: True"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Appspace 6.2.4 allows SSRF via the api/v1/core/proxy/jsonprequest url parameter.", "vendor": "Appspace", "product": "Appspace 6.2.4", "added_date": "2026-06-06T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.60404, "cvss_severity": "CRITICAL", "epss_percentile": 0.99027, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}], "references": [{"id": "CVE-2021-27670", "url": "https://www.cve.org/CVERecord?id=CVE-2021-27670"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-27670"}]}, {"uuid": "854c2644-c7f7-43ba-a958-fdf57647e90a", "vulnerability": {"vulnId": "CVE-2021-4458", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "854c2644-c7f7-43ba-a958-fdf57647e90a"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-06T00:00:00+00:00"}, "timestamps": {"asserted_at": "2026-06-06T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-06T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Modern Events Calendar Lite <= 6.3.0 - Unauthenticated SQL Injection | Affected: webnus / Modern Events Calendar Lite | CVSS: 5.9 (MEDIUM) | EPSS: 0.00354 | Used in malware: unknown | Not yet in CISA KEV: True"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Modern Events Calendar Lite <= 6.3.0 - Unauthenticated SQL Injection", "vendor": "webnus", "product": "Modern Events Calendar Lite", "added_date": "2026-06-06T00:00:00.000Z", "cvss_score": 5.9, "epss_score": 0.00354, "cvss_severity": "MEDIUM", "epss_percentile": 0.27111, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}], "references": [{"id": "CVE-2021-4458", "url": "https://www.cve.org/CVERecord?id=CVE-2021-4458"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2021-4458"}]}, {"uuid": "32606c42-a48d-491a-971f-a5fd4fdc729e", "vulnerability": {"vulnId": "CVE-2022-1390", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "32606c42-a48d-491a-971f-a5fd4fdc729e"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-06T00:00:00+00:00"}, "timestamps": {"asserted_at": "2026-06-06T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-06T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Admin Word Count Column <= 2.2 - Unauthenticated Arbitrary File Read | Affected: Unknown / Admin Word Count Column | CVSS: 9.8 (CRITICAL) | EPSS: 0.20846 | Used in malware: unknown | Not yet in CISA KEV: True"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Admin Word Count Column <= 2.2 - Unauthenticated Arbitrary File Read", "vendor": "Unknown", "product": "Admin Word Count Column", "added_date": "2026-06-06T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.20846, "cvss_severity": "CRITICAL", "epss_percentile": 0.97232, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}], "references": [{"id": "CVE-2022-1390", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1390"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-1390"}]}, {"uuid": "b5002c90-55f8-4078-a7a0-f44884bc1071", "vulnerability": {"vulnId": "CVE-2022-29078", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "b5002c90-55f8-4078-a7a0-f44884bc1071"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-06T00:00:00+00:00"}, "timestamps": {"asserted_at": "2026-06-06T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-06T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view... | Affected: mde / ejs | CVSS: 9.8 (CRITICAL) | EPSS: 0.30623 | Used in malware: unknown | Not yet in CISA KEV: True"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view...", "vendor": "mde", "product": "ejs", "added_date": "2026-06-06T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.30623, "cvss_severity": "CRITICAL", "epss_percentile": 0.98007, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}], "references": [{"id": "CVE-2022-29078", "url": "https://www.cve.org/CVERecord?id=CVE-2022-29078"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-29078"}]}, {"uuid": "e2f4e4de-0fc1-4c80-92b4-d95f284133a8", "vulnerability": {"vulnId": "CVE-2026-28318", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "e2f4e4de-0fc1-4c80-92b4-d95f284133a8"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-05T18:00:36+00:00"}, "timestamps": {"asserted_at": "2026-06-05T18:00:36+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-05T18:00:36+00:00"}, "scope": {"notes": "KEVIntel entry: SolarWinds Serv-U Unauthenticated Denial of Service Vulnerability | Affected: SolarWinds / Serv-U | CVSS: 7.5 (HIGH) | EPSS: 0.01054 | Used in malware: unknown | Not yet in CISA KEV: False"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "SolarWinds Serv-U Unauthenticated Denial of Service Vulnerability", "vendor": "SolarWinds", "product": "Serv-U", "added_date": "2026-06-05T18:00:36.180Z", "cvss_score": 7.5, "epss_score": 0.01054, "cvss_severity": "HIGH", "epss_percentile": 0.59955, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}], "references": [{"id": "CVE-2026-28318", "url": "https://www.cve.org/CVERecord?id=CVE-2026-28318"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-28318"}]}, {"uuid": "75f17fd9-5da3-4337-b9ce-6e1c6d072098", "vulnerability": {"vulnId": "CVE-2026-7473", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "75f17fd9-5da3-4337-b9ce-6e1c6d072098"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-05T16:40:23+00:00"}, "timestamps": {"asserted_at": "2026-06-05T16:40:23+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-05T16:40:23+00:00"}, "scope": {"notes": "KEVIntel entry: Arista EOS Unexpected Tunnel Protocol Decapsulation and Forwarding Bypass | Affected: Arista Networks / EOS | CVSS: 6.9 (MEDIUM) | EPSS: 0.00378 | Used in malware: unknown | Not yet in CISA KEV: False"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Arista EOS Unexpected Tunnel Protocol Decapsulation and Forwarding Bypass", "vendor": "Arista Networks", "product": "EOS", "added_date": "2026-06-05T16:40:23.554Z", "cvss_score": 6.9, "epss_score": 0.00378, "cvss_severity": "MEDIUM", "epss_percentile": 0.29461, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 4}, "not_yet_in_cisa_kev": false}}], "references": [{"id": "CVE-2026-7473", "url": "https://www.cve.org/CVERecord?id=CVE-2026-7473"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-7473"}]}, {"uuid": "c20efae4-2b36-42a9-9ffa-97657146df9a", "vulnerability": {"vulnId": "CVE-2026-3300", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "c20efae4-2b36-42a9-9ffa-97657146df9a"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-05T09:20:13+00:00"}, "timestamps": {"asserted_at": "2026-06-05T09:20:13+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-05T09:20:13+00:00"}, "scope": {"notes": "KEVIntel entry: Everest Forms Pro <= 1.9.12 - Unauthenticated Remote Code Execution via Calculation Field | Affected: WPEverest / Everest Forms Pro | CVSS: 9.8 (CRITICAL) | EPSS: 0.04756 | Used in malware: unknown | Not yet in CISA KEV: True"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Everest Forms Pro <= 1.9.12 - Unauthenticated Remote Code Execution via Calculation Field", "vendor": "WPEverest", "product": "Everest Forms Pro", "added_date": "2026-06-05T09:20:13.225Z", "cvss_score": 9.8, "epss_score": 0.04756, "cvss_severity": "CRITICAL", "epss_percentile": 0.90732, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}], "references": [{"id": "CVE-2026-3300", "url": "https://www.cve.org/CVERecord?id=CVE-2026-3300"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-3300"}]}, {"uuid": "ba4d53ae-a786-4acb-9d93-47b721ca5d5b", "vulnerability": {"vulnId": "CVE-2026-20245", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "ba4d53ae-a786-4acb-9d93-47b721ca5d5b"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-05T06:24:20+00:00"}, "timestamps": {"asserted_at": "2026-06-05T06:24:20+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-05T06:24:20+00:00"}, "scope": {"notes": "KEVIntel entry: Cisco Catalyst SD-WAN Controller Authenticated Privilege Escalation Vulnerability | Affected: Cisco / Cisco Catalyst SD-WAN Controller, Cisco Catalyst SD-WAN Manager | CVSS: 7.8 (HIGH) | EPSS: 0.00952 | Used in malware: unknown | Not yet in CISA KEV: False"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Cisco Catalyst SD-WAN Controller Authenticated Privilege Escalation Vulnerability", "vendor": "Cisco", "product": "Cisco Catalyst SD-WAN Controller, Cisco Catalyst SD-WAN Manager", "added_date": "2026-06-05T06:24:20.000Z", "cvss_score": 7.8, "epss_score": 0.00952, "cvss_severity": "HIGH", "epss_percentile": 0.56677, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 4}, "not_yet_in_cisa_kev": false}}], "references": [{"id": "CVE-2026-20245", "url": "https://www.cve.org/CVERecord?id=CVE-2026-20245"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-20245"}]}, {"uuid": "369d4ecc-0da9-4326-a96a-d6c6fc2cb51e", "vulnerability": {"vulnId": "CVE-2024-45309", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "369d4ecc-0da9-4326-a96a-d6c6fc2cb51e"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-05T00:00:00+00:00"}, "timestamps": {"asserted_at": "2026-06-05T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-05T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: OneDev vulnerable to arbitrary file reading for unauthenticated user | Affected: theonedev / onedev | CVSS: 8.7 (HIGH) | EPSS: 0.24822 | Used in malware: unknown | Not yet in CISA KEV: True"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "OneDev vulnerable to arbitrary file reading for unauthenticated user", "vendor": "theonedev", "product": "onedev", "added_date": "2026-06-05T00:00:00.000Z", "cvss_score": 8.7, "epss_score": 0.24822, "cvss_severity": "HIGH", "epss_percentile": 0.97627, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}], "references": [{"id": "CVE-2024-45309", "url": "https://www.cve.org/CVERecord?id=CVE-2024-45309"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-45309"}]}, {"uuid": "31c88694-9979-4b1f-bfa9-cfe99425f499", "vulnerability": {"vulnId": "CVE-2024-27564", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "31c88694-9979-4b1f-bfa9-cfe99425f499"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-05T00:00:00+00:00"}, "timestamps": {"asserted_at": "2026-06-05T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-05T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: pictureproxy.php in the dirk1983 mm1.ltd source code f9f4bbc allows SSRF via the url parameter. NOTE: the references section has an archived copy... | Affected: dirk1983 / mm1.ltd source code | CVSS: 5.8 (MEDIUM) | EPSS: 0.40637 | Used in malware: unknown | Not yet in CISA KEV: True"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "pictureproxy.php in the dirk1983 mm1.ltd source code f9f4bbc allows SSRF via the url parameter. NOTE: the references section has an archived copy...", "vendor": "dirk1983", "product": "mm1.ltd source code", "added_date": "2026-06-05T00:00:00.000Z", "cvss_score": 5.8, "epss_score": 0.40637, "cvss_severity": "MEDIUM", "epss_percentile": 0.98474, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}], "references": [{"id": "CVE-2024-27564", "url": "https://www.cve.org/CVERecord?id=CVE-2024-27564"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-27564"}]}, {"uuid": "5acde580-6a5c-4f7d-bedc-2e79e98a34b9", "vulnerability": {"vulnId": "CVE-2025-30567", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "5acde580-6a5c-4f7d-bedc-2e79e98a34b9"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-05T00:00:00+00:00"}, "timestamps": {"asserted_at": "2026-06-05T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-05T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: WordPress WP01 plugin <= 2.6.2 - Arbitrary File Download Vulnerability | Affected: WP01 / WP01 | CVSS: 7.5 (HIGH) | EPSS: 0.02584 | Used in malware: unknown | Not yet in CISA KEV: True"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "WordPress WP01 plugin <= 2.6.2 - Arbitrary File Download Vulnerability", "vendor": "WP01", "product": "WP01", "added_date": "2026-06-05T00:00:00.000Z", "cvss_score": 7.5, "epss_score": 0.02584, "cvss_severity": "HIGH", "epss_percentile": 0.83226, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}], "references": [{"id": "CVE-2025-30567", "url": "https://www.cve.org/CVERecord?id=CVE-2025-30567"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-30567"}]}, {"uuid": "72daf2b9-a0b1-449f-a883-2a4091eb66ac", "vulnerability": {"vulnId": "CVE-2022-24716", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "72daf2b9-a0b1-449f-a883-2a4091eb66ac"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-04T00:00:00+00:00"}, "timestamps": {"asserted_at": "2026-06-04T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-04T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Path traversal in Icinga Web 2 | Affected: Icinga / icingaweb2 | CVSS: 7.5 (HIGH) | EPSS: 0.89378 | Used in malware: unknown | Not yet in CISA KEV: True"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Path traversal in Icinga Web 2", "vendor": "Icinga", "product": "icingaweb2", "added_date": "2026-06-04T00:00:00.000Z", "cvss_score": 7.5, "epss_score": 0.89378, "cvss_severity": "HIGH", "epss_percentile": 0.99767, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}], "references": [{"id": "CVE-2022-24716", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24716"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-24716"}]}, {"uuid": "4656f0b0-7245-43f9-b74c-96f22feadbaf", "vulnerability": {"vulnId": "CVE-2020-13379", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "4656f0b0-7245-43f9-b74c-96f22feadbaf"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-04T00:00:00+00:00"}, "timestamps": {"asserted_at": "2026-06-04T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-04T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows any unauthenticated... | Affected: Grafana / Grafana | CVSS: 8.2 (HIGH) | EPSS: 0.99856 | Used in malware: unknown | Not yet in CISA KEV: True"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows any unauthenticated...", "vendor": "Grafana", "product": "Grafana", "added_date": "2026-06-04T00:00:00.000Z", "cvss_score": 8.2, "epss_score": 0.99856, "cvss_severity": "HIGH", "epss_percentile": 0.99959, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}], "references": [{"id": "CVE-2020-13379", "url": "https://www.cve.org/CVERecord?id=CVE-2020-13379"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2020-13379"}]}, {"uuid": "76bafc4e-39af-4419-9eaa-6052d2de5027", "vulnerability": {"vulnId": "CVE-2023-6875", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "76bafc4e-39af-4419-9eaa-6052d2de5027"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-04T00:00:00+00:00"}, "timestamps": {"asserted_at": "2026-06-04T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-04T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The POST SMTP Mailer \u2013 Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to... | Affected: wpexpertsio / POST SMTP \u2013 The #1 WordPress SMTP Plugin with Advanced Email Logging and Delivery Failure Notifications | CVSS: 9.8 (CRITICAL) | EPSS: 0.90339 | Used in malware: unknown | Not yet in CISA KEV: True"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The POST SMTP Mailer \u2013 Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to...", "vendor": "wpexpertsio", "product": "POST SMTP \u2013 The #1 WordPress SMTP Plugin with Advanced Email Logging and Delivery Failure Notifications", "added_date": "2026-06-04T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.90339, "cvss_severity": "CRITICAL", "epss_percentile": 0.99784, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}], "references": [{"id": "CVE-2023-6875", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6875"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-6875"}]}, {"uuid": "dec5b753-1eb9-4a41-b361-5a6668a1e5a6", "vulnerability": {"vulnId": "CVE-2025-67303", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "dec5b753-1eb9-4a41-b361-5a6668a1e5a6"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-04T00:00:00+00:00"}, "timestamps": {"asserted_at": "2026-06-04T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-04T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An issue in ComfyUI-Manager prior to version 3.38 allowed remote attackers to potentially manipulate its configuration and critical data. This was... | Affected: Comfy-Org / ComfyUI-Manager | CVSS: 7.5 (HIGH) | EPSS: 0.01361 | Used in malware: unknown | Not yet in CISA KEV: True"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An issue in ComfyUI-Manager prior to version 3.38 allowed remote attackers to potentially manipulate its configuration and critical data. This was...", "vendor": "Comfy-Org", "product": "ComfyUI-Manager", "added_date": "2026-06-04T00:00:00.000Z", "cvss_score": 7.5, "epss_score": 0.01361, "cvss_severity": "HIGH", "epss_percentile": 0.68144, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}], "references": [{"id": "CVE-2025-67303", "url": "https://www.cve.org/CVERecord?id=CVE-2025-67303"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-67303"}]}, {"uuid": "bb8d8891-933e-4075-84e7-a19214a37ad1", "vulnerability": {"vulnId": "CVE-2024-6671", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "bb8d8891-933e-4075-84e7-a19214a37ad1"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-04T00:00:00+00:00"}, "timestamps": {"asserted_at": "2026-06-04T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-04T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: WhatsUp Gold GetStatisticalMonitorList SQL Injection Authentication Bypass Vulnerability | Affected: Progress Software Corporation / WhatsUp Gold | CVSS: 9.8 (CRITICAL) | EPSS: 0.14886 | Used in malware: unknown | Not yet in CISA KEV: True"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "WhatsUp Gold GetStatisticalMonitorList SQL Injection Authentication Bypass Vulnerability", "vendor": "Progress Software Corporation", "product": "WhatsUp Gold", "added_date": "2026-06-04T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.14886, "cvss_severity": "CRITICAL", "epss_percentile": 0.96272, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}], "references": [{"id": "CVE-2024-6671", "url": "https://www.cve.org/CVERecord?id=CVE-2024-6671"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-6671"}]}, {"uuid": "b4f6c125-eb5a-4978-8e6b-63dbd1ffe3bf", "vulnerability": {"vulnId": "CVE-2023-22620", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "b4f6c125-eb5a-4978-8e6b-63dbd1ffe3bf"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-04T00:00:00+00:00"}, "timestamps": {"asserted_at": "2026-06-04T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-04T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows sessionid information disclosure via an... | Affected: SecurePoint / UTM | CVSS: 7.5 (HIGH) | EPSS: 0.03888 | Used in malware: unknown | Not yet in CISA KEV: True"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows sessionid information disclosure via an...", "vendor": "SecurePoint", "product": "UTM", "added_date": "2026-06-04T00:00:00.000Z", "cvss_score": 7.5, "epss_score": 0.03888, "cvss_severity": "HIGH", "epss_percentile": 0.8888, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}], "references": [{"id": "CVE-2023-22620", "url": "https://www.cve.org/CVERecord?id=CVE-2023-22620"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-22620"}]}, {"uuid": "e0933d36-025f-4922-89ae-5fe3cd385113", "vulnerability": {"vulnId": "CVE-2026-45247", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "e0933d36-025f-4922-89ae-5fe3cd385113"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-03T18:00:21+00:00"}, "timestamps": {"asserted_at": "2026-06-03T18:00:21+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-03T18:00:21+00:00"}, "scope": {"notes": "KEVIntel entry: Mirasvit Cache Warmer for Magento < 1.11.12 PHP Object Injection | Affected: Mirasvit / Full Page Cache Warmer for Magento 2 | CVSS: 9.3 (CRITICAL) | EPSS: 0.01502 | Used in malware: unknown | Not yet in CISA KEV: False"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Mirasvit Cache Warmer for Magento < 1.11.12 PHP Object Injection", "vendor": "Mirasvit", "product": "Full Page Cache Warmer for Magento 2", "added_date": "2026-06-03T18:00:21.829Z", "cvss_score": 9.3, "epss_score": 0.01502, "cvss_severity": "CRITICAL", "epss_percentile": 0.70972, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}], "references": [{"id": "CVE-2026-45247", "url": "https://www.cve.org/CVERecord?id=CVE-2026-45247"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-45247"}]}, {"uuid": "81272b99-8d02-476a-83e6-2cfd3160135d", "vulnerability": {"vulnId": "CVE-2025-48827", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "81272b99-8d02-476a-83e6-2cfd3160135d"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-03T10:06:54+00:00"}, "timestamps": {"asserted_at": "2026-06-03T10:06:54+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-03T10:06:54+00:00"}, "scope": {"notes": "KEVIntel entry: vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 allows unauthenticated users to invoke protected API controllers' methods when running on PHP... | Affected: vBulletin / vBulletin | CVSS: 10.0 (CRITICAL) | EPSS: 0.69649 | Used in malware: unknown | Not yet in CISA KEV: True"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 allows unauthenticated users to invoke protected API controllers' methods when running on PHP...", "vendor": "vBulletin", "product": "vBulletin", "added_date": "2026-06-03T10:06:54.268Z", "cvss_score": 10.0, "epss_score": 0.69649, "cvss_severity": "CRITICAL", "epss_percentile": 0.9928, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}], "references": [{"id": "CVE-2025-48827", "url": "https://www.cve.org/CVERecord?id=CVE-2025-48827"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-48827"}]}, {"uuid": "c4f5a8c5-797b-4a85-a15f-45020b89c596", "vulnerability": {"vulnId": "CVE-2026-8206", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "c4f5a8c5-797b-4a85-a15f-45020b89c596"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-03T08:20:48+00:00"}, "timestamps": {"asserted_at": "2026-06-03T08:20:48+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-03T08:20:48+00:00"}, "scope": {"notes": "KEVIntel entry: Kirki 6.0.0 - 6.0.6 - Unauthenticated Privilege Escalation via 'handle_forgot_password' | Affected: themeum / Kirki \u2013 Freeform Page Builder, Website Builder & Customizer | CVSS: 9.8 (CRITICAL) | EPSS: 0.00623 | Used in malware: unknown | Not yet in CISA KEV: True"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Kirki 6.0.0 - 6.0.6 - Unauthenticated Privilege Escalation via 'handle_forgot_password'", "vendor": "themeum", "product": "Kirki \u2013 Freeform Page Builder, Website Builder & Customizer", "added_date": "2026-06-03T08:20:48.478Z", "cvss_score": 9.8, "epss_score": 0.00623, "cvss_severity": "CRITICAL", "epss_percentile": 0.45121, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}], "references": [{"id": "CVE-2026-8206", "url": "https://www.cve.org/CVERecord?id=CVE-2026-8206"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-8206"}]}, {"uuid": "efcd9187-55cc-4a6c-9631-8811a726cc0e", "vulnerability": {"vulnId": "CVE-2025-9316", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "efcd9187-55cc-4a6c-9631-8811a726cc0e"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-03T00:00:00+00:00"}, "timestamps": {"asserted_at": "2026-06-03T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: N-central unauthenticated sessionID generation | Affected: N-able / N-central | CVSS: 6.9 (MEDIUM) | EPSS: 0.36673 | Used in malware: unknown | Not yet in CISA KEV: True"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "N-central unauthenticated sessionID generation", "vendor": "N-able", "product": "N-central", "added_date": "2026-06-03T00:00:00.000Z", "cvss_score": 6.9, "epss_score": 0.36673, "cvss_severity": "MEDIUM", "epss_percentile": 0.98303, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}], "references": [{"id": "CVE-2025-9316", "url": "https://www.cve.org/CVERecord?id=CVE-2025-9316"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-9316"}]}, {"uuid": "6a4cdf26-e033-4f06-b832-6597211e98d6", "vulnerability": {"vulnId": "CVE-2026-41176", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "6a4cdf26-e033-4f06-b832-6597211e98d6"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-03T00:00:00+00:00"}, "timestamps": {"asserted_at": "2026-06-03T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Rclone: Unauthenticated options/set allows runtime auth bypass, leading to sensitive operations and command execution | Affected: rclone / rclone | CVSS: 9.2 (CRITICAL) | EPSS: 0.35437 | Used in malware: unknown | Not yet in CISA KEV: True"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Rclone: Unauthenticated options/set allows runtime auth bypass, leading to sensitive operations and command execution", "vendor": "rclone", "product": "rclone", "added_date": "2026-06-03T00:00:00.000Z", "cvss_score": 9.2, "epss_score": 0.35437, "cvss_severity": "CRITICAL", "epss_percentile": 0.98248, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}], "references": [{"id": "CVE-2026-41176", "url": "https://www.cve.org/CVERecord?id=CVE-2026-41176"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-41176"}]}, {"uuid": "14b605c4-9d49-490a-8762-9bd407e96f72", "vulnerability": {"vulnId": "CVE-2023-6909", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "14b605c4-9d49-490a-8762-9bd407e96f72"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-03T00:00:00+00:00"}, "timestamps": {"asserted_at": "2026-06-03T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Path Traversal: '\\..\\filename' in mlflow/mlflow | Affected: mlflow / mlflow/mlflow | CVSS: 7.5 (HIGH) | EPSS: 0.89716 | Used in malware: unknown | Not yet in CISA KEV: True"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Path Traversal: '\\..\\filename' in mlflow/mlflow", "vendor": "mlflow", "product": "mlflow/mlflow", "added_date": "2026-06-03T00:00:00.000Z", "cvss_score": 7.5, "epss_score": 0.89716, "cvss_severity": "HIGH", "epss_percentile": 0.99773, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}], "references": [{"id": "CVE-2023-6909", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6909"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-6909"}]}, {"uuid": "f8685c83-0de7-4b31-b0d8-9715cc2a94a6", "vulnerability": {"vulnId": "CVE-2022-4059", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "f8685c83-0de7-4b31-b0d8-9715cc2a94a6"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-03T00:00:00+00:00"}, "timestamps": {"asserted_at": "2026-06-03T00:00:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-03T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Cryptocurrency Widgets Pack < 2.0 - Unauthenticated SQLi | Affected: Unknown / Cryptocurrency Widgets Pack | CVSS: 9.8 (CRITICAL) | EPSS: 0.04756 | Used in malware: unknown | Not yet in CISA KEV: True"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Cryptocurrency Widgets Pack < 2.0 - Unauthenticated SQLi", "vendor": "Unknown", "product": "Cryptocurrency Widgets Pack", "added_date": "2026-06-03T00:00:00.000Z", "cvss_score": 9.8, "epss_score": 0.04756, "cvss_severity": "CRITICAL", "epss_percentile": 0.90732, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}], "references": [{"id": "CVE-2022-4059", "url": "https://www.cve.org/CVERecord?id=CVE-2022-4059"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-4059"}]}, {"uuid": "8b55ae87-2ae8-4c0b-a5ee-98fc4de49ae4", "vulnerability": {"vulnId": "CVE-2022-0492", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "8b55ae87-2ae8-4c0b-a5ee-98fc4de49ae4"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-02T18:00:02+00:00"}, "timestamps": {"asserted_at": "2026-06-02T18:00:02+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-02T18:00:02+00:00"}, "scope": {"notes": "KEVIntel entry: A vulnerability was found in the Linux kernel\u2019s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain... | Affected: Linux / kernel | CVSS: 7.8 (HIGH) | EPSS: 0.05495 | Used in malware: unknown | Not yet in CISA KEV: False"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A vulnerability was found in the Linux kernel\u2019s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain...", "vendor": "Linux", "product": "kernel", "added_date": "2026-06-02T18:00:02.476Z", "cvss_score": 7.8, "epss_score": 0.05495, "cvss_severity": "HIGH", "epss_percentile": 0.91767, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "hour", "count": 1}, "not_yet_in_cisa_kev": false}}], "references": [{"id": "CVE-2022-0492", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0492"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-0492"}]}, {"uuid": "1b8ae0b1-dbb2-4423-b66f-6523bae273b4", "vulnerability": {"vulnId": "CVE-2025-48595", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "1b8ae0b1-dbb2-4423-b66f-6523bae273b4"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-02T12:15:00+00:00"}, "timestamps": {"asserted_at": "2026-06-02T12:15:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-02T12:15:00+00:00"}, "scope": {"notes": "KEVIntel entry: In multiple locations, there is a possible way to achieve code execution due to an integer overflow. This could lead to local escalation of... | Affected: Google / Android | CVSS: 8.4 (HIGH) | EPSS: 0.0015 | Used in malware: unknown | Not yet in CISA KEV: False"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "In multiple locations, there is a possible way to achieve code execution due to an integer overflow. This could lead to local escalation of...", "vendor": "Google", "product": "Android", "added_date": "2026-06-02T12:15:00.000Z", "cvss_score": 8.4, "epss_score": 0.0015, "cvss_severity": "HIGH", "epss_percentile": 0.04532, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "hour", "count": 6}, "not_yet_in_cisa_kev": false}}], "references": [{"id": "CVE-2025-48595", "url": "https://www.cve.org/CVERecord?id=CVE-2025-48595"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-48595"}]}, {"uuid": "ab82db45-2875-4983-a9e7-cbc585531708", "vulnerability": {"vulnId": "CVE-2026-41089", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "ab82db45-2875-4983-a9e7-cbc585531708"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-02T11:06:00+00:00"}, "timestamps": {"asserted_at": "2026-06-02T11:06:00+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-02T11:06:00+00:00"}, "scope": {"notes": "KEVIntel entry: Windows Netlogon Remote Code Execution Vulnerability | Affected: Microsoft / Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation) | CVSS: 9.8 (CRITICAL) | EPSS: 0.43788 | Used in malware: unknown | Not yet in CISA KEV: True"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Windows Netlogon Remote Code Execution Vulnerability", "vendor": "Microsoft", "product": "Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation)", "added_date": "2026-06-02T11:06:00.000Z", "cvss_score": 9.8, "epss_score": 0.43788, "cvss_severity": "CRITICAL", "epss_percentile": 0.98582, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}], "references": [{"id": "CVE-2026-41089", "url": "https://www.cve.org/CVERecord?id=CVE-2026-41089"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-41089"}]}, {"uuid": "5aff0473-e19d-48f9-bfcc-c851558aa827", "vulnerability": {"vulnId": "CVE-2024-21182", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "5aff0473-e19d-48f9-bfcc-c851558aa827"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T18:00:02+00:00"}, "timestamps": {"asserted_at": "2026-06-01T18:00:02+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T18:00:02+00:00"}, "scope": {"notes": "KEVIntel entry: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).  Supported versions that are affected are... | Affected: Oracle Corporation / WebLogic Server | CVSS: 7.5 (HIGH) | EPSS: 0.48244 | Used in malware: unknown | Not yet in CISA KEV: False"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).  Supported versions that are affected are...", "vendor": "Oracle Corporation", "product": "WebLogic Server", "added_date": "2026-06-01T18:00:02.554Z", "cvss_score": 7.5, "epss_score": 0.48244, "cvss_severity": "HIGH", "epss_percentile": 0.98715, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "hour", "count": 1}, "not_yet_in_cisa_kev": false}}], "references": [{"id": "CVE-2024-21182", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21182"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2024-21182"}]}, {"uuid": "b25c662c-0db0-4b33-b890-bc2f49f8a9db", "vulnerability": {"vulnId": "CVE-2025-31277", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "b25c662c-0db0-4b33-b890-bc2f49f8a9db"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T13:30:35+00:00"}, "timestamps": {"asserted_at": "2026-06-01T13:30:35+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T13:30:35+00:00"}, "scope": {"notes": "KEVIntel entry: The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6,... | Affected: Apple / Safari, iOS and iPadOS, macOS, tvOS, visionOS, watchOS | CVSS: 8.8 (HIGH) | EPSS: 0.01428 | Used in malware: unknown | Not yet in CISA KEV: False"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6,...", "vendor": "Apple", "product": "Safari, iOS and iPadOS, macOS, tvOS, visionOS, watchOS", "added_date": "2026-06-01T13:30:35.304Z", "cvss_score": 8.8, "epss_score": 0.01428, "cvss_severity": "HIGH", "epss_percentile": 0.69516, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}], "references": [{"id": "CVE-2025-31277", "url": "https://www.cve.org/CVERecord?id=CVE-2025-31277"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-31277"}]}, {"uuid": "dd94cbdf-4857-4878-9948-f60f1226a873", "vulnerability": {"vulnId": "CVE-2023-43000", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "dd94cbdf-4857-4878-9948-f60f1226a873"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T13:30:35+00:00"}, "timestamps": {"asserted_at": "2026-06-01T13:30:35+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T13:30:35+00:00"}, "scope": {"notes": "KEVIntel entry: A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.5, iOS 16.6 and iPadOS 16.6, Safari... | Affected: Apple / macOS, iOS and iPadOS, Safari | CVSS: 8.8 (HIGH) | EPSS: 0.03817 | Used in malware: unknown | Not yet in CISA KEV: False"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.5, iOS 16.6 and iPadOS 16.6, Safari...", "vendor": "Apple", "product": "macOS, iOS and iPadOS, Safari", "added_date": "2026-06-01T13:30:35.576Z", "cvss_score": 8.8, "epss_score": 0.03817, "cvss_severity": "HIGH", "epss_percentile": 0.88691, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}], "references": [{"id": "CVE-2023-43000", "url": "https://www.cve.org/CVERecord?id=CVE-2023-43000"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2023-43000"}]}, {"uuid": "0b724562-30e4-487b-b9b7-ebfb311517f0", "vulnerability": {"vulnId": "CVE-2026-9082", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "0b724562-30e4-487b-b9b7-ebfb311517f0"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T13:29:38+00:00"}, "timestamps": {"asserted_at": "2026-06-01T13:29:38+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T13:29:38+00:00"}, "scope": {"notes": "KEVIntel entry: Drupal core - Highly critical - SQL injection - SA-CORE-2026-004 | Affected: Drupal / Drupal core | CVSS: 9.8 (CRITICAL) | EPSS: 0.33665 | Used in malware: unknown | Not yet in CISA KEV: False"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Drupal core - Highly critical - SQL injection - SA-CORE-2026-004", "vendor": "Drupal", "product": "Drupal core", "added_date": "2026-06-01T13:29:38.047Z", "cvss_score": 9.8, "epss_score": 0.33665, "cvss_severity": "CRITICAL", "epss_percentile": 0.98171, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}], "references": [{"id": "CVE-2026-9082", "url": "https://www.cve.org/CVERecord?id=CVE-2026-9082"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-9082"}]}, {"uuid": "2cd4d0c8-e72c-4363-9dd5-0ac847120b2c", "vulnerability": {"vulnId": "CVE-2026-48172", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "2cd4d0c8-e72c-4363-9dd5-0ac847120b2c"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T13:29:31+00:00"}, "timestamps": {"asserted_at": "2026-06-01T13:29:31+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T13:29:31+00:00"}, "scope": {"notes": "KEVIntel entry: LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possibly to root), as exploited in the wild in May 2026. Detection is... | Affected: LiteSpeed Technologies / cPanel Plugin, WHM Plugin | CVSS: 10.0 (CRITICAL) | EPSS: 0.01233 | Used in malware: unknown | Not yet in CISA KEV: False"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possibly to root), as exploited in the wild in May 2026. Detection is...", "vendor": "LiteSpeed Technologies", "product": "cPanel Plugin, WHM Plugin", "added_date": "2026-06-01T13:29:31.681Z", "cvss_score": 10.0, "epss_score": 0.01233, "cvss_severity": "CRITICAL", "epss_percentile": 0.65121, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}], "references": [{"id": "CVE-2026-48172", "url": "https://www.cve.org/CVERecord?id=CVE-2026-48172"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-48172"}]}, {"uuid": "e1bd0e0b-f3a9-4bb2-9bed-8b6977de00a8", "vulnerability": {"vulnId": "CVE-2026-34926", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "e1bd0e0b-f3a9-4bb2-9bed-8b6977de00a8"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T13:29:30+00:00"}, "timestamps": {"asserted_at": "2026-06-01T13:29:30+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T13:29:30+00:00"}, "scope": {"notes": "KEVIntel entry: A directory traversal vulnerability in the Apex One (on-premise) server could allow a pre-authenticated local attacker to modify a key table on the... | Affected: Trend Micro, Inc. / TrendAI Apex One, TrendAI Apex One as a Service | CVSS: 6.7 (MEDIUM) | EPSS: 0.01112 | Used in malware: unknown | Not yet in CISA KEV: False"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "A directory traversal vulnerability in the Apex One (on-premise) server could allow a pre-authenticated local attacker to modify a key table on the...", "vendor": "Trend Micro, Inc.", "product": "TrendAI Apex One, TrendAI Apex One as a Service", "added_date": "2026-06-01T13:29:30.761Z", "cvss_score": 6.7, "epss_score": 0.01112, "cvss_severity": "MEDIUM", "epss_percentile": 0.617, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}], "references": [{"id": "CVE-2026-34926", "url": "https://www.cve.org/CVERecord?id=CVE-2026-34926"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-34926"}]}, {"uuid": "3f34b1b2-ac5c-45d1-8cb7-63f44cae28f7", "vulnerability": {"vulnId": "CVE-2025-34291", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "3f34b1b2-ac5c-45d1-8cb7-63f44cae28f7"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T13:29:30+00:00"}, "timestamps": {"asserted_at": "2026-06-01T13:29:30+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T13:29:30+00:00"}, "scope": {"notes": "KEVIntel entry: Langflow <= 1.6.9 CORS Misconfiguration to Token Hijack & RCE | Affected: Langflow / Langflow | CVSS: 9.4 (CRITICAL) | EPSS: 0.25153 | Used in malware: unknown | Not yet in CISA KEV: False"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Langflow <= 1.6.9 CORS Misconfiguration to Token Hijack & RCE", "vendor": "Langflow", "product": "Langflow", "added_date": "2026-06-01T13:29:30.499Z", "cvss_score": 9.4, "epss_score": 0.25153, "cvss_severity": "CRITICAL", "epss_percentile": 0.9766, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}], "references": [{"id": "CVE-2025-34291", "url": "https://www.cve.org/CVERecord?id=CVE-2025-34291"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2025-34291"}]}, {"uuid": "0d671665-f6d7-4bbd-a722-e6224391fd94", "vulnerability": {"vulnId": "CVE-2026-41091", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "0d671665-f6d7-4bbd-a722-e6224391fd94"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T13:29:26+00:00"}, "timestamps": {"asserted_at": "2026-06-01T13:29:26+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T13:29:26+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft Defender Elevation of Privilege Vulnerability | Affected: Microsoft / Microsoft Malware Protection Engine | CVSS: 7.8 (HIGH) | EPSS: 0.01172 | Used in malware: unknown | Not yet in CISA KEV: False"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft Defender Elevation of Privilege Vulnerability", "vendor": "Microsoft", "product": "Microsoft Malware Protection Engine", "added_date": "2026-06-01T13:29:26.114Z", "cvss_score": 7.8, "epss_score": 0.01172, "cvss_severity": "HIGH", "epss_percentile": 0.63386, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}], "references": [{"id": "CVE-2026-41091", "url": "https://www.cve.org/CVERecord?id=CVE-2026-41091"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-41091"}]}, {"uuid": "3f3816f2-5c4c-4b0f-aa08-70390df76fa6", "vulnerability": {"vulnId": "CVE-2026-45498", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "3f3816f2-5c4c-4b0f-aa08-70390df76fa6"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T13:29:26+00:00"}, "timestamps": {"asserted_at": "2026-06-01T13:29:26+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T13:29:26+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft Defender Denial of Service Vulnerability | Affected: Microsoft / Microsoft Defender Antimalware Platform | CVSS: 4.0 (MEDIUM) | EPSS: 0.025 | Used in malware: unknown | Not yet in CISA KEV: False"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft Defender Denial of Service Vulnerability", "vendor": "Microsoft", "product": "Microsoft Defender Antimalware Platform", "added_date": "2026-06-01T13:29:26.865Z", "cvss_score": 4.0, "epss_score": 0.025, "cvss_severity": "MEDIUM", "epss_percentile": 0.82641, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}], "references": [{"id": "CVE-2026-45498", "url": "https://www.cve.org/CVERecord?id=CVE-2026-45498"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-45498"}]}, {"uuid": "7f665a38-c1a9-453f-80d1-0936302d2a64", "vulnerability": {"vulnId": "CVE-2026-34234", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "7f665a38-c1a9-453f-80d1-0936302d2a64"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T13:29:18+00:00"}, "timestamps": {"asserted_at": "2026-06-01T13:29:18+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T13:29:18+00:00"}, "scope": {"notes": "KEVIntel entry: CtrlPanel: Unauthenticated RCE using installer script | Affected: Ctrlpanel-gg / panel | CVSS: 10.0 (CRITICAL) | EPSS: 0.00858 | Used in malware: unknown | Not yet in CISA KEV: True"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "CtrlPanel: Unauthenticated RCE using installer script", "vendor": "Ctrlpanel-gg", "product": "panel", "added_date": "2026-06-01T13:29:18.130Z", "cvss_score": 10.0, "epss_score": 0.00858, "cvss_severity": "CRITICAL", "epss_percentile": 0.53676, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": true}}], "references": [{"id": "CVE-2026-34234", "url": "https://www.cve.org/CVERecord?id=CVE-2026-34234"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-34234"}]}, {"uuid": "bb439849-ad12-4ae3-aa28-15fb8601fcde", "vulnerability": {"vulnId": "CVE-2026-42897", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "bb439849-ad12-4ae3-aa28-15fb8601fcde"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-01T13:29:03+00:00"}, "timestamps": {"asserted_at": "2026-06-01T13:29:03+00:00", "recorded_at": "2026-06-19T12:41:46+00:00", "first_seen_at": "2026-06-01T13:29:03+00:00"}, "scope": {"notes": "KEVIntel entry: Microsoft Exchange Server Spoofing Vulnerability | Affected: Microsoft / Microsoft Exchange Server 2016 Cumulative Update 23, Microsoft Exchange Server 2019 Cumulative Update 14, Microsoft Exchange Server 2019 Cumulative Update 15, Microsoft Exchange Server Subscription Edition RTM | CVSS: 8.1 (HIGH) | EPSS: 0.02509 | Used in malware: unknown | Not yet in CISA KEV: False"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Microsoft Exchange Server Spoofing Vulnerability", "vendor": "Microsoft", "product": "Microsoft Exchange Server 2016 Cumulative Update 23, Microsoft Exchange Server 2019 Cumulative Update 14, Microsoft Exchange Server 2019 Cumulative Update 15, Microsoft Exchange Server Subscription Edition RTM", "added_date": "2026-06-01T13:29:03.497Z", "cvss_score": 8.1, "epss_score": 0.02509, "cvss_severity": "HIGH", "epss_percentile": 0.82703, "used_in_malware": "unknown", "ahead_of_cisa_kev": {"unit": "day", "count": 1}, "not_yet_in_cisa_kev": false}}], "references": [{"id": "CVE-2026-42897", "url": "https://www.cve.org/CVERecord?id=CVE-2026-42897"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2026-42897"}]}]}
