Critical vulnerabilities, curated daily for security professionals
🎯 SSCV Profile
See how vulnerabilities affect your specific environment
CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework
Risk scores will be adjusted based on your selected environment
📊
Today's Security Brief
Monday's disclosures concentrate on network edge and enterprise communications platforms, led by multiple Ubiquiti UniFi OS flaws, a Cisco Unified Communications Manager defect, and PTC Windchill/FlexPLM. No new critical-rated (CVSS 9.0+) CVEs were recorded, down from 1 the prior day, while high-priority CVEs fell to 24 from 55, a 56% decrease. Notable entries include CVE-2026-34910, CVE-2026-34909, and CVE-2026-34908 affecting Ubiquiti UniFi OS, CVE-2026-20230 in Cisco Unified CM, and CVE-2026-12569 in PTC Windchill and FlexPLM, all scored 9.5. Six of these vulnerabilities carry confirmed active exploitation, spanning network appliances, IoT device servers, and PLM systems. No patches were available across the disclosed set at publication time, so affected organizations should prioritize monitoring and compensating controls until vendor fixes ship.
Ubiquiti UniFi OS is the most affected platform, with three actively exploited flaws (CVE-2026-34910, CVE-2026-34909, CVE-2026-34908) each scored CVSS 9.5
Zero new critical-rated CVEs, down 100% from 1 the prior day
24 high-priority CVEs, down 56% from 55 the prior day
Exploitation activity targets network and communications infrastructure, including Cisco Unified CM (CVE-2026-20230) and PTC Windchill/FlexPLM (CVE-2026-12569)
Patch availability stands at 0% across the disclosed set, leaving affected systems reliant on mitigations
Six vulnerabilities have confirmed active exploitation, also including Lantronix EDS5000 (CVE-2025-67038)
Immediate action: Prioritize Ubiquiti UniFi OS, Cisco Unified Communications Manager, PTC Windchill/FlexPLM, and Lantronix EDS5000 deployments, as these carry actively exploited vulnerabilities. With no patches currently available, restrict network exposure of these systems, apply vendor-recommended mitigations, and increase monitoring until fixes are released.
💡 Tip: Swipe CVE cards left to ⭐ star, right to ❌ remove
Section Navigation
⚠️
CISA Known Exploited Vulnerabilities
⚠️ CISA KEVURGENT
CVE-2025-67038
9.5📝
LantronixEDS5000
⏰ Federal Deadline:June 25, 2026(-3 days remaining)
The Lantronix EDS5000 contains a code injection vulnerability that is currently being actively exploited in the wild.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEVURGENT
CVE-2026-34910
9.5📝
UbiquitiUniFi OS
⏰ Federal Deadline:June 25, 2026(-3 days remaining)
An improper input validation flaw in Ubiquiti UniFi OS enables network-adjacent attackers to execute arbitrary commands on the underlying system.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEVURGENT
CVE-2026-34909
9.5📝
UbiquitiUniFi OS
⏰ Federal Deadline:June 25, 2026(-3 days remaining)
A path traversal vulnerability in Ubiquiti UniFi OS allows network-adjacent attackers to read sensitive system files and potentially compromise user accounts.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEVURGENT
CVE-2026-34908
9.5📝
UbiquitiUniFi OS
⏰ Federal Deadline:June 25, 2026(-3 days remaining)
An improper access control vulnerability in Ubiquiti UniFi OS devices allows network-adjacent attackers to modify system configurations without authorization.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEVURGENT
CVE-2026-12569
9.5📝
PTCWindchill and FlexPLM
⏰ Federal Deadline:June 27, 2026(EXPIRED)
PTC Windchill and FlexPLM are vulnerable to improper input validation, allowing for potential exploitation. This vulnerability is confirmed as actively exploited in the wild.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEVURGENT
CVE-2026-20230
9.5📝
CiscoUnified Communications Manager (Unified CM)
⏰ Federal Deadline:June 27, 2026(EXPIRED)
A server-side request forgery (SSRF) vulnerability in Cisco Unified Communications Manager allows unauthenticated remote attackers to perform arbitrary file operations and escalate privileges to root.
CVSS Base9.5
→
CRSSelect profile
⚠️
High Priority Updates
CVE-2026-13498
7.3📝
yashpokharna2555restaurent-management-system
A high-severity security vulnerability has been identified in the yashpokharna2555 Restaurant Management System, potentially allowing for unauthorized system impact.
CVSS Base7.3
→
CRSSelect profile
CVE-2026-58050
7📝
libssh2libssh2
A security vulnerability exists in the libssh2 library, potentially impacting systems relying on this component for secure shell communication.
CVSS Base7
→
CRSSelect profile
CVE-2026-13545
8.8📝
D-LinkDCS-935L
A critical vulnerability has been discovered in the D-Link DCS-935L network camera, potentially allowing attackers to gain unauthorized access to the device.
CVSS Base8.8
→
CRSSelect profile
CVE-2026-13539
8.8📝
WavlinkWL-NU516U1-A
A security vulnerability has been identified in the Wavlink WL-NU516U1-A device firmware, potentially allowing unauthorized system impact.
CVSS Base8.8
→
CRSSelect profile
CVE-2026-13519
8.8📝
TendaJD12L
A security vulnerability has been identified in Tenda JD12L firmware, which may allow for unauthorized system manipulation.
CVSS Base8.8
→
CRSSelect profile
CVE-2026-13517
8.8📝
TendaJD12L
A security flaw has been discovered in the Tenda JD12L router firmware that could potentially lead to unauthorized system access.
CVSS Base8.8
→
CRSSelect profile
CVE-2026-13518
8.8📝
TendaJD12L
A critical security vulnerability has been identified in the Tenda JD12L router, potentially allowing for unauthorized system access or control.
CVSS Base8.8
→
CRSSelect profile
CVE-2026-13516
8.8📝
TendaJD12L
A security vulnerability has been detected in the Tenda JD12L router, requiring immediate investigation and remediation to prevent potential exploitation.
CVSS Base8.8
→
CRSSelect profile
CVE-2026-13515
8.8📝
TendaJD12L
A security vulnerability has been detected in the Tenda JD12L router, which requires immediate attention to protect network integrity.
CVSS Base8.8
→
CRSSelect profile
CVE-2025-2902
8.3📝
HitachiVirtual Storage Platform (VSP) E-series and H-series
Hitachi Virtual Storage Platform maintenance utilities contain an improper authorization vulnerability that may allow unauthorized access.
CVSS Base8.3
→
CRSSelect profile
CVE-2026-13546
7.3📝
FeehiCMS
A security vulnerability exists in Feehi CMS up to version 2 that could lead to unauthorized system impacts.
CVSS Base7.3
→
CRSSelect profile
CVE-2026-13547
7.3📝
Hanwange-Face General Management Platform
The Hanwang e-Face General Management Platform version 6 contains a security vulnerability that may expose the system to unauthorized access.
CVSS Base7.3
→
CRSSelect profile
CVE-2026-13550
7.3📝
itsourcecodeBaptism Information Management System
A security weakness has been identified in the itsourcecode Baptism Information Management System that could potentially allow for unauthorized system interaction.
CVSS Base7.3
→
CRSSelect profile
CVE-2026-13551
7.3📝
itsourcecodeBaptism Information Management System
A security vulnerability has been identified within the itsourcecode Baptism Information Management System that may pose risks to system security.
CVSS Base7.3
→
CRSSelect profile
CVE-2026-22078
7.3📝
O+ ConnectO+ Connect
The O+ Connect IPC service fails to authenticate clients, allowing external applications to escalate privileges and perform sensitive actions.
CVSS Base7.3
→
CRSSelect profile
CVE-2026-13527
7.3📝
SourceCodesterClass and Exam Timetabling System
A security vulnerability has been identified in the SourceCodester Class and Exam Timetabling System that requires immediate attention from system administrators.
CVSS Base7.3
→
CRSSelect profile
CVE-2026-13528
7.3📝
YunaiVruoyi-vue-pro
A security vulnerability has been identified in the YunaiV ruoyi-vue-pro platform, necessitating immediate review and remediation by security teams.
CVSS Base7.3
→
CRSSelect profile
CVE-2026-13526
7.3📝
SourceCodesterClass and Exam Timetabling System
A security flaw has been identified in the SourceCodester Class and Exam Timetabling System, requiring swift remediation to maintain system security.
CVSS Base7.3
→
CRSSelect profile
CVE-2026-13521
7.3📝
SourceCodesterClass and Exam Timetabling System
A security vulnerability has been identified in the SourceCodester Class and Exam Timetabling System that may expose the application to unauthorized access or manipulation.
CVSS Base7.3
→
CRSSelect profile
CVE-2026-13500
7.3📝
ANTLRANTLR4
A security weakness has been identified in the ANTLR4 parser generator, potentially impacting applications that rely on its framework for processing input data.
CVSS Base7.3
→
CRSSelect profile
CVE-2026-13487
7.3📝
SourceCodesterClass and Exam Timetabling System
A vulnerability has been identified in the SourceCodester Class and Exam Timetabling System, which may allow attackers to exploit flaws in the application's handling of user requests.
CVSS Base7.3
→
CRSSelect profile
CVE-2026-13488
7.3📝
SourceCodesterClass and Exam Timetabling System
A security flaw has been discovered in the SourceCodester Class and Exam Timetabling System, potentially exposing the application to unauthorized exploitation.
CVSS Base7.3
→
CRSSelect profile
CVE-2026-13485
7.3📝
SourceCodesterClass and Exam Timetabling System
A vulnerability has been identified within the SourceCodester Class and Exam Timetabling System that may compromise application security.
CVSS Base7.3
→
CRSSelect profile
CVE-2026-13486
7.3📝
SourceCodesterClass and Exam Timetabling System
A security vulnerability has been determined in the SourceCodester Class and Exam Timetabling System, requiring administrative attention.