Aggregated Known Exploited Vulnerabilities Catalogs

[CIRCL] CVE-2026-20245 - Suspected Exploitation

2026-06-25T20:26:40+00:00

CVE-2026-20245

Catalog: CIRCL

Status: Suspected

Exploited: Yes

Status Updated: 2026-06-25 20:26 UTC

First Seen: 2026-06-25

Asserted: 2026-06-25

[KEVIntel] CVE-2026-12569 - Confirmed Exploitation

2026-06-25T20:00:16.811203+00:00

CVE-2026-12569

Catalog: KEVIntel

Status: Confirmed

Exploited: Yes

Status Updated: 2026-06-25 00:00 UTC

Evidence Sources: 1

First Seen: 2026-06-25

Asserted: 2026-06-25

[CISA] CVE-2026-12569 - Confirmed Exploitation

2026-06-25T20:00:01.904999+00:00

CVE-2026-12569

Catalog: CISA

Status: Confirmed

Exploited: Yes

Status Updated: 2026-06-25 00:00 UTC

Evidence Sources: 1

First Seen: 2026-06-25

Asserted: 2026-06-25

Scope Notes: KEV entry: PTC Windchill and FlexPLM Improper Input Validation Vulnerability | Affected: PTC / Windchill and FlexPLM | Description: PTC Windchill and FlexPLM contains an improper input validation vulnerability allowing an unauthenticated, remote attacker to execute arbitrary code by sending a malicious request to the network. | Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines. | Due date: 2026-06-28 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.ptc.com/en/support/article/CS473270 ; BOD 26-04: https://www.cisa.gov/news-events/directives/bod-26-04-prioritizing-security-updates-based-risk ; Forensics Triage Requirements: https://www.cisa.gov/news-events/directives/bod-26-04-implementation-guidance-prioritizing-security-updates-based-risk ; https://nvd.nist.gov/vuln/detail/CVE-2026-12569

[CISA] CVE-2026-20230 - Confirmed Exploitation

2026-06-25T20:00:01.979782+00:00

CVE-2026-20230

Catalog: CISA

Status: Confirmed

Exploited: Yes

Status Updated: 2026-06-25 00:00 UTC

Evidence Sources: 1

First Seen: 2026-06-25

Asserted: 2026-06-25

Scope Notes: KEV entry: Cisco Unified Communications Manager Server-Side Request Forgery (SSRF) Vulnerability | Affected: Cisco / Unified Communications Manager | Description: Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) contain a server-side request forgery (SSRF) Vulnerability that could allow an unauthenticated, remote attacker to write files to the underlying operating system that could be used later to elevate to root. | Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines. | Due date: 2026-06-28 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-cucm-ssrf-cXPnHcW.html ; BOD 26-04: https://www.cisa.gov/news-events/directives/bod-26-04-prioritizing-security-updates-based-risk ; Forensics Triage Requirements: https://www.cisa.gov/news-events/directives/bod-26-04-implementation-guidance-prioritizing-security-updates-based-risk ; https://nvd.nist.gov/vuln/detail/CVE-2026-20230

[KEVIntel] CVE-2026-20230 - Confirmed Exploitation

2026-06-23T23:00:21.171298+00:00

CVE-2026-20230

Catalog: KEVIntel

Status: Confirmed

Exploited: Yes

Status Updated: 2026-06-23 22:20 UTC

Evidence Sources: 1

First Seen: 2026-06-23

Asserted: 2026-06-23

Scope Notes: KEVIntel entry: A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified... | Affected: Cisco / Cisco Unified Communications Manager | CVSS: 8.6 (HIGH) | EPSS: 0.20442 | Used in malware: unknown | Not yet in CISA KEV: True

[KEVIntel] CVE-2025-67038 - Confirmed Exploitation

2026-06-23T19:00:19.290787+00:00

CVE-2025-67038

Catalog: KEVIntel

Status: Confirmed

Exploited: Yes

Status Updated: 2026-06-23 00:00 UTC

Evidence Sources: 1

First Seen: 2026-06-23

Asserted: 2026-06-23

Scope Notes: KEVIntel entry: An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell command to write logs when user's authantication... | Affected: Lantronix / EDS5000 | EPSS: 0.00469 | Used in malware: unknown | Not yet in CISA KEV: False

[CISA] CVE-2026-34910 - Confirmed Exploitation

2026-06-23T18:00:02.392228+00:00

CVE-2026-34910

Catalog: CISA

Status: Confirmed

Exploited: Yes

Status Updated: 2026-06-23 00:00 UTC

Evidence Sources: 1

First Seen: 2026-06-23

Asserted: 2026-06-23

Scope Notes: KEV entry: Ubiquiti UniFi OS Improper Input Validation Vulnerability | Affected: Ubiquiti / UniFi OS | Description: Ubiquiti UniFi OS contains an improper input validation vulnerability which could allow a malicious actor with access to the network to conduct command injection. | Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines. | Due date: 2026-06-26 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://community.ui.com/releases/Security-Advisory-Bulletin-064-064/84811c09-4cf4-42ab-bd61-cc994445963b ; BOD 26-04: https://www.cisa.gov/news-events/directives/bod-26-04-prioritizing-security-updates-based-risk ; Forensics Triage Requirements: https://www.cisa.gov/news-events/directives/bod-26-04-implementation-guidance-prioritizing-security-updates-based-risk ; https://nvd.nist.gov/vuln/detail/CVE-2026-34910

[CISA] CVE-2025-67038 - Confirmed Exploitation

2026-06-23T18:00:02.321943+00:00

CVE-2025-67038

Catalog: CISA

Status: Confirmed

Exploited: Yes

Status Updated: 2026-06-23 00:00 UTC

Evidence Sources: 1

First Seen: 2026-06-23

Asserted: 2026-06-23

Scope Notes: KEV entry: Lantronix EDS5000 Code Injection Vulnerability | Affected: Lantronix / EDS5000 | Description: Lantronix EDS5000 contains a code injection vulnerability that could allow attackers to inject arbitrary OS commands into the username parameter. Injected commands are executed with root privileges. | Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines. | Due date: 2026-06-26 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://ltrxdev.atlassian.net/wiki/spaces/LTRXTS/pages/2538438657/Latest+Firmware+for+the+EDS5000+series+EDS5008+EDS5016+EDS5032 ; BOD 26-04: https://www.cisa.gov/news-events/directives/bod-26-04-prioritizing-security-updates-based-risk ; Forensics Triage Requirements: https://www.cisa.gov/news-events/directives/bod-26-04-implementation-guidance-prioritizing-security-updates-based-risk ; https://nvd.nist.gov/vuln/detail/CVE-2025-67038

[CISA] CVE-2026-34908 - Confirmed Exploitation

2026-06-23T18:00:02.504889+00:00

CVE-2026-34908

Catalog: CISA

Status: Confirmed

Exploited: Yes

Status Updated: 2026-06-23 00:00 UTC

Evidence Sources: 1

First Seen: 2026-06-23

Asserted: 2026-06-23

Scope Notes: KEV entry: Ubiquiti UniFi OS Improper Access Control Vulnerability | Affected: Ubiquiti / UniFi OS | Description: Ubiquiti UniFi OS contains an improper access control vulnerability which could allow a malicious actor with access to the network to make unauthorized changes to the system. | Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines. | Due date: 2026-06-26 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://community.ui.com/releases/Security-Advisory-Bulletin-064-064/84811c09-4cf4-42ab-bd61-cc994445963b ; BOD 26-04: https://www.cisa.gov/news-events/directives/bod-26-04-prioritizing-security-updates-based-risk ; Forensics Triage Requirements: https://www.cisa.gov/news-events/directives/bod-26-04-implementation-guidance-prioritizing-security-updates-based-risk ; https://nvd.nist.gov/vuln/detail/CVE-2026-34908

[CISA] CVE-2026-34909 - Confirmed Exploitation

2026-06-23T18:00:02.445228+00:00

CVE-2026-34909

Catalog: CISA

Status: Confirmed

Exploited: Yes

Status Updated: 2026-06-23 00:00 UTC

Evidence Sources: 1

First Seen: 2026-06-23

Asserted: 2026-06-23

Scope Notes: KEV entry: Ubiquiti UniFi OS Path Traversal Vulnerability | Affected: Ubiquiti / UniFi OS | Description: Ubiquiti UniFi OS contains a path traversal vulnerability which could allow a malicious actor with access to the network to access files on the underlying system that could be manipulated to access an underlying account. | Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines. | Due date: 2026-06-26 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://community.ui.com/releases/Security-Advisory-Bulletin-064-064/84811c09-4cf4-42ab-bd61-cc994445963b ; BOD 26-04: https://www.cisa.gov/news-events/directives/bod-26-04-prioritizing-security-updates-based-risk ; Forensics Triage Requirements: https://www.cisa.gov/news-events/directives/bod-26-04-implementation-guidance-prioritizing-security-updates-based-risk ; https://nvd.nist.gov/vuln/detail/CVE-2026-34909

[CIRCL] CVE-2026-39813 - Confirmed Exploitation

2026-06-22T10:49:19+00:00

CVE-2026-39813

Catalog: CIRCL

Status: Confirmed

Exploited: Yes

Status Updated: 2026-06-22 10:49 UTC

Characteristics: Severity: 100.0, No Authentication Required, Remote Access

First Seen: 2026-06-22

Asserted: 2026-06-22

[CISA] CVE-2026-20253 - Confirmed Exploitation

2026-06-18T17:00:02.266043+00:00

CVE-2026-20253

Catalog: CISA

Status: Confirmed

Exploited: Yes

Status Updated: 2026-06-18 00:00 UTC

Evidence Sources: 1

First Seen: 2026-06-18

Asserted: 2026-06-18

Scope Notes: KEV entry: Splunk Enterprise Missing Authentication for Critical Function Vulnerability | Affected: Splunk / Enterprise | Description: Splunk Enterprise contains a missing authentication for critical function vulnerability which could allow an unauthenticated user to create or truncate arbitrary files through a PostgreSQL sidecar service endpoint. | Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines. | Due date: 2026-06-21 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://advisory.splunk.com/advisories/SVD-2026-0603 ; BOD 26-04: https://www.cisa.gov/news-events/directives/bod-26-04-prioritizing-security-updates-based-risk ; Forensics Triage Requirements: https://www.cisa.gov/news-events/directives/bod-26-04-implementation-guidance-prioritizing-security-updates-based-risk ; https://nvd.nist.gov/vuln/detail/CVE-2026-20253

[KEVIntel] CVE-2026-4020 - Confirmed Exploitation

2026-06-19T12:42:00.260518+00:00

CVE-2026-4020

Catalog: KEVIntel

Status: Confirmed

Exploited: Yes

Status Updated: 2026-06-17 10:28 UTC

Evidence Sources: 1

First Seen: 2026-06-17

Asserted: 2026-06-17

[CISA] CVE-2026-48907 - Confirmed Exploitation

2026-06-16T20:00:01.385020+00:00

CVE-2026-48907

Catalog: CISA

Status: Confirmed

Exploited: Yes

Status Updated: 2026-06-16 00:00 UTC

Evidence Sources: 1

First Seen: 2026-06-16

Asserted: 2026-06-16

Scope Notes: KEV entry: Widget Factory Joomla Content Editor Improper Access Control Vulnerability | Affected: Widget Factory / Joomla Content Editor | Description: Widget Factory Joomla Content Editor contains an improper access control vulnerability which could allow for upload and execution of PHP code via the creation of new editor profiles for unauthenticated users. | Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines. | Due date: 2026-06-19 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.joomlacontenteditor.net/news/jce-security-update-and-a-free-patch-for-older-sites ; https://www.joomlacontenteditor.net/support/changelog/editor ; BOD 26-04: https://www.cisa.gov/news-events/directives/bod-26-04-prioritizing-security-updates-based-risk ; Forensics Triage Requirements: https://www.cisa.gov/news-events/directives/bod-26-04-implementation-guidance-prioritizing-security-updates-based-risk ; https://nvd.nist.gov/vuln/detail/CVE-2026-48907

[KEVIntel] CVE-2026-48907 - Confirmed Exploitation

2026-06-19T12:42:00.334512+00:00

CVE-2026-48907

Catalog: KEVIntel

Status: Confirmed

Exploited: Yes

Status Updated: 2026-06-16 00:00 UTC

Evidence Sources: 1

First Seen: 2026-06-16

Asserted: 2026-06-16

Scope Notes: KEVIntel entry: Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5 | Affected: joomlacontenteditor.net / Joomla Content Editor (JCE) extension for Joomla | CVSS: 10.0 (CRITICAL) | EPSS: 0.06854 | Used in malware: unknown | Not yet in CISA KEV: False

[KEVIntel] CVE-2026-39813 - Confirmed Exploitation

2026-06-19T12:42:00.409364+00:00

CVE-2026-39813

Catalog: KEVIntel

Status: Confirmed

Exploited: Yes

Status Updated: 2026-06-15 12:48 UTC

Evidence Sources: 1

First Seen: 2026-06-15

Asserted: 2026-06-15

Scope Notes: KEVIntel entry: A path traversal: '../filedir' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8 may allow attacker to... | Affected: Fortinet / FortiSandbox, FortiSandbox Cloud | CVSS: 9.1 (CRITICAL) | EPSS: 0.18703 | Used in malware: unknown | Not yet in CISA KEV: True

[KEVIntel] CVE-2026-53435 - Confirmed Exploitation

2026-06-19T12:42:00.476721+00:00

CVE-2026-53435

Catalog: KEVIntel

Status: Confirmed

Exploited: Yes

Status Updated: 2026-06-15 09:02 UTC

Evidence Sources: 1

First Seen: 2026-06-15

Asserted: 2026-06-15

Scope Notes: KEVIntel entry: In Jenkins 2.567 and earlier, LTS 2.555.2 and earlier, it is possible for attackers to have Jenkins deserialize arbitrary types defined in Jenkins... | Affected: Jenkins Project / Jenkins | CVSS: 8.8 (HIGH) | EPSS: 0.00368 | Used in malware: unknown | Not yet in CISA KEV: True

[KEVIntel] CVE-2026-20253 - Confirmed Exploitation

2026-06-19T12:42:00.542648+00:00

CVE-2026-20253

Catalog: KEVIntel

Status: Confirmed

Exploited: Yes

Status Updated: 2026-06-15 05:15 UTC

Evidence Sources: 1

First Seen: 2026-06-15

Asserted: 2026-06-15

Scope Notes: KEVIntel entry: Unauthenticated Arbitrary File Creation and Truncation in a PostgreSQL Sidecar Service Endpoint in Splunk Enterprise | Affected: Splunk / Splunk Enterprise | CVSS: 9.8 (CRITICAL) | EPSS: 0.01731 | Used in malware: unknown | Not yet in CISA KEV: False

[KEVIntel] CVE-2025-27222 - Confirmed Exploitation

2026-06-19T12:42:00.801746+00:00

CVE-2025-27222

Catalog: KEVIntel

Status: Confirmed

Exploited: Yes

Status Updated: 2026-06-15 00:00 UTC

Evidence Sources: 1

First Seen: 2026-06-15

Asserted: 2026-06-15

Scope Notes: KEVIntel entry: TRUfusion Enterprise through 7.10.4.0 uses the /trufusionPortal/getCobrandingData endpoint to retrieve files. However, the application doesn't... | Affected: Rocket Software / TRUfusion Enterprise | CVSS: 8.6 (HIGH) | EPSS: 0.01773 | Used in malware: unknown | Not yet in CISA KEV: True

[KEVIntel] CVE-2023-31059 - Confirmed Exploitation

2026-06-19T12:42:01.014128+00:00

CVE-2023-31059

Catalog: KEVIntel

Status: Confirmed

Exploited: Yes

Status Updated: 2026-06-15 00:00 UTC

Evidence Sources: 1

First Seen: 2026-06-15

Asserted: 2026-06-15

Scope Notes: KEVIntel entry: Repetier Server through 1.4.10 allows ..%5c directory traversal for reading files that contain credentials, as demonstrated by connectionLost.php. | Affected: Repetier / Repetier Server | CVSS: 7.5 (HIGH) | EPSS: 0.05574 | Used in malware: unknown | Not yet in CISA KEV: True