2026-06-09: [CVE-2026-20245] Cisco Catalyst SD-WAN Manager Improper Encoding or Escaping of Output Vulnerability

Cisco Catalyst SD-WAN Manager formerly SD-WAN vManage contains an improper encoding or escaping of output vulnerability. This vulnerability could allow an authenticated, local attacker to execute arbitrary commands as root by supplying a crafted file to the affected system.

#cisakev

2026-06-09: [CVE-2026-11645] Google Chromium V8 Out-of-Bounds Read and Write Vulnerability

Google Chromium V8 out-of-bounds read and write vulnerability that could allow a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

#cisakev

2026-06-09: [CVE-2026-7473] Arista Extensible Operating System Incomplete Comparison with Missing Factors Vulnerability

Arista Extensible Operating System (EOS) contains an incomplete comparison with missing factors vulnerability when the switch incorrectly decapsulate and forwards other unexpected tunneled packet with a destination IP matching its configured decapsulation IP.

#cisakev

2026-06-08: [CVE-2026-50751] Check Point Security Gateway Improper Authentication Vulnerability

Check Point Security Gateway contains an improper authentication vulnerability in IKEv1 key exchange that could allow an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password.

#cisakev

2026-06-08: [CVE-2026-42271] BerriAI LiteLLM Command Injection Vulnerability

BerriAI LiteLLM contains a command injection vulnerability that could allow any authenticated user, including holders of low-privilege internal-user keys, to run arbitrary commands on the host.

#cisakev

2026-06-05: [CVE-2026-28318] SolarWinds Serv-U Uncontrolled Resource Consumption Vulnerability

SolarWinds Serv-U contains an uncontrolled resource consumption vulnerability that allows specially crafted POST requests using the Content-Encoding: deflate header to crash the Serv-U service without authentication.

#cisakev

2026-06-03: [CVE-2026-45247] Mirasvit Full Page Cache Warmer Deserialization of Untrusted Data Vulnerability

Mirasvit Full Page Cache Warmer contains a deserialization of untrusted data vulnerability that could allow unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in the CacheWarmer cookie.

#cisakev

2026-06-02: [CVE-2022-0492] Linux Kernel Improper Authentication Vulnerability

Linux Kernel contains an improper authentication vulnerability which could allow for privilege escalation via the cgroups v1 release_agent feature.

#cisakev

2026-06-02: [CVE-2025-48595] Android Framework Integer Overflow Vulnerability

Android Framework contains an integer overflow vulnerability that allows for code execution that could allow for local privilege escalation.

#cisakev