2026-06-18: [CVE-2026-20253] Splunk Enterprise Missing Authentication for Critical Function Vulnerability

Splunk Enterprise contains a missing authentication for critical function vulnerability which could allow an unauthenticated user to create or truncate arbitrary files through a PostgreSQL sidecar service endpoint.

#cisakev

2026-06-16: [CVE-2026-48907] Widget Factory Joomla Content Editor Improper Access Control Vulnerability

Widget Factory Joomla Content Editor contains an improper access control vulnerability which could allow for upload and execution of PHP code via the creation of new editor profiles for unauthenticated users.

#cisakev

2026-06-15: [CVE-2026-54420] LiteSpeed cPanel Plugin UNIX Symbolic Link (Symlink) Following Vulnerability

LiteSpeed cPanel plugin contains a UNIX symbolic link (Symlink) following vulnerability that could allow a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS.

#cisakev

2026-06-15: [CVE-2026-20262] Cisco Catalyst SD-WAN Manager Directory or Path Traversal Vulnerability

Cisco Catalyst SD-WAN Manager contains a directory or path traversal vulnerability that could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem of an affected system.

#cisakev

2026-06-12: [CVE-2026-35273] Oracle PeopleSoft Enterprise PeopleTools Missing Authentication for Critical Function Vulnerability

Oracle PeopleSoft Enterprise PeopleTools contains a missing authentication for critical function vulnerability which could allow an unauthenticated attacker to obtain takeover of PeopleSoft Enterprise PeopleTools.

#cisakev

2026-06-11: [CVE-2026-10520] Ivanti Sentry OS Command Injection Vulnerability

Ivanti Sentry (formerly known as MobileIron Sentry) contains an OS command injection vulnerability which could allow a remote unauthenticated user to achieve root-level remote code execution. This vulnerability can be successfully exploited in cases where the Sentry appliance is in an unmanaged state with its endpoints externally reachable. The use of mTLS with EPMM or restricted HTTPS access through Neurons for MDM makes interfaces inaccessible to external actors.

#cisakev

2026-06-09: [CVE-2026-20245] Cisco Catalyst SD-WAN Manager Improper Encoding or Escaping of Output Vulnerability

Cisco Catalyst SD-WAN Manager formerly SD-WAN vManage contains an improper encoding or escaping of output vulnerability. This vulnerability could allow an authenticated, local attacker to execute arbitrary commands as root by supplying a crafted file to the affected system.

#cisakev

2026-06-09: [CVE-2026-11645] Google Chromium V8 Out-of-Bounds Read and Write Vulnerability

Google Chromium V8 out-of-bounds read and write vulnerability that could allow a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

#cisakev

2026-06-09: [CVE-2026-7473] Arista Extensible Operating System Incomplete Comparison with Missing Factors Vulnerability

Arista Extensible Operating System (EOS) contains an incomplete comparison with missing factors vulnerability when the switch incorrectly decapsulate and forwards other unexpected tunneled packet with a destination IP matching its configured decapsulation IP.

#cisakev