Critical vulnerabilities, curated daily for security professionals
🎯 SSCV Profile
See how vulnerabilities affect your specific environment
CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework
Risk scores will be adjusted based on your selected environment
📊
Today's Security Brief
Friday's disclosures center on widely deployed infrastructure and web platforms, including a maximum-severity flaw in MariaDB Server and high-impact issues across Ubiquiti's UniFi OS and UID Enterprise Agent, cPanel's WordPress Toolkit, and the ClipBucket video platform. The brief covers 12 critical CVEs, unchanged from the prior day, alongside 61 high-priority vulnerabilities, a 65% increase. Notable entries include CVE-2026-49261 (CVSS 10, MariaDB Server), CVE-2026-47369 (CVSS 9.9, Ubiquiti UniFi OS), and CVE-2026-47365 (CVSS 9.9, cPanel WordPress Toolkit). Remote code execution, authentication bypass, and unauthenticated access dominate the affected products, spanning database, network management, hosting, and WordPress ecosystems. No patches were available at disclosure time for the tracked critical issues, so teams should prioritize compensating controls and monitor vendor advisories closely; seven CVEs carry confirmed active exploitation.
MariaDB Server CVE-2026-49261 reaches the maximum CVSS 10 rating, with critical flaws also affecting Ubiquiti UniFi OS and UID Enterprise Agent (CVSS 9.9)
12 critical CVEs (CVSS 9.0+), unchanged from the prior day
61 high-priority CVEs (CVSS 7.0-8.9), a 65% increase from 37 the prior day
Remote code execution and authentication bypass patterns affect cPanel WordPress Toolkit, ClipBucket, and Hippoo Mobile App for WooCommerce
Patch availability stands at 0% for the tracked critical vulnerabilities, requiring interim mitigations across database, hosting, and network-management systems
7 vulnerabilities have confirmed active exploitation, including Ivanti Sentry (CVSS 10), Check Point Security Gateway, and Cisco Catalyst SD-WAN Manager
Immediate action: Prioritize MariaDB Server, Ubiquiti UniFi OS and UID Enterprise Agent, cPanel WordPress Toolkit, and ClipBucket deployments for immediate review, and apply compensating controls for actively exploited products including Ivanti Sentry, Check Point Security Gateway, SolarWinds Serv-U, and Cisco Catalyst SD-WAN Manager. With no patches available for the tracked critical issues at disclosure, restrict network exposure of affected services and monitor vendor channels for fixes.
💡 Tip: Swipe CVE cards left to ⭐ star, right to ❌ remove
Section Navigation
⚠️
CISA Known Exploited Vulnerabilities
⚠️ CISA KEVURGENT
CVE-2026-50751
9.5📝
Check PointSecurity Gateway
⏰ Federal Deadline:June 10, 2026(EXPIRED)
Check Point Security Gateway is affected by an improper authentication vulnerability that is currently being exploited in the wild.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEVURGENT
CVE-2026-10520
10📝
IvantiSentry
⏰ Federal Deadline:June 13, 2026(2 days remaining)
A critical OS command injection vulnerability in Ivanti Sentry allows remote unauthenticated users to achieve root-level remote code execution.
CVSS Base10
→
CRSSelect profile
⚠️ CISA KEVURGENT
CVE-2026-28318
9.5📝
SolarWindsServ-U
⏰ Federal Deadline:June 18, 2026(7 days remaining)
SolarWinds Serv-U is vulnerable to an uncontrolled resource consumption flaw allowing unauthenticated attackers to crash the service via specially crafted POST requests.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEV
CVE-2026-42271
9.5📝
LiteLLMLiteLLM
⏰ Federal Deadline:June 21, 2026(10 days remaining)
LiteLLM contains a command injection vulnerability in its MCP server test endpoints that, when chained with a host header bypass, enables unauthenticated remote code execution.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEV
CVE-2026-11645
9.5📝
GoogleChrome
⏰ Federal Deadline:June 22, 2026(11 days remaining)
An out-of-bounds read and write vulnerability in the V8 JavaScript engine allows remote attackers to execute arbitrary code via a crafted HTML page.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEV
CVE-2026-7473
9.5📝
AristaExtensible Operating System
⏰ Federal Deadline:June 22, 2026(11 days remaining)
Arista Extensible Operating System is affected by an incomplete comparison vulnerability, currently tracked in the CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEV
CVE-2026-20245
9.5📝
CiscoCatalyst SD-WAN Manager
⏰ Federal Deadline:June 22, 2026(11 days remaining)
A command injection and privilege escalation vulnerability exists in the CLI of Cisco Catalyst SD-WAN Manager due to insufficient input validation.
CVSS Base9.5
→
CRSSelect profile
🚨
Critical Vulnerabilities
CVE-2026-47365
9.9📝
cPanelWordPress Toolkit
An argument injection vulnerability in WordPress Toolkit allows authenticated users to bypass cross-tenant authorization and execute arbitrary CLI commands as another account.
CVSS Base9.9
→
CRSSelect profile
CVE-2026-45060
9.8📝
ClipBucketClipBucket
The ClipBucket video sharing platform is vulnerable to unauthenticated blind SQL injection, allowing attackers to execute unauthorized database queries.
CVSS Base9.8
→
CRSSelect profile
CVE-2026-38581
9.8📝
damasacthaipalliative_lte
A SQL injection vulnerability in thaipalliative_lte allows remote attackers to execute arbitrary SQL commands via unsanitized input in the idFormMain and id parameters.
CVSS Base9.8
→
CRSSelect profile
CVE-2026-49261
10📝
MariaDBMariaDB Server
A command injection vulnerability in MariaDB server allows shell command execution via the joiner node name when the `wsrep_notify_cmd` configuration is enabled.
CVSS Base10
→
CRSSelect profile
CVE-2026-49060
9.8📝
Hippoo MobileHippoo Mobile App for WooCommerce
An incorrect privilege assignment vulnerability in Hippoo Mobile App for WooCommerce allows remote attackers to perform privilege escalation.
CVSS Base9.8
→
CRSSelect profile
CVE-2026-11839
9.9📝
Başarsoft Information Technologies Inc.Rotaban
An unrestricted file upload vulnerability in Başarsoft Rotaban allows remote attackers to upload and execute a web shell on the server.
CVSS Base9.9
→
CRSSelect profile
CVE-2026-7852
9.8📝
Limatek SystemLimRAD NAC
Limatek System LimRAD NAC contains an unrestricted file upload vulnerability that allows for remote code inclusion and arbitrary code execution.
CVSS Base9.8
→
CRSSelect profile
CVE-2026-42846
9.8📝
ClipBucketClipBucket v5
ClipBucket v5 contains a command injection vulnerability in the Remote Play feature, allowing authenticated users to execute arbitrary shell commands via unsanitized URL inputs.
CVSS Base9.8
→
CRSSelect profile
CVE-2026-47367
9.9📝
UbiquitiUID Enterprise Agent
The Ubiquiti UID Enterprise Agent contains an improper input validation vulnerability that allows low-privileged network attackers to execute arbitrary commands on the host device.
CVSS Base9.9
→
CRSSelect profile
CVE-2026-47369
9.9📝
UbiquitiUniFi OS
Certain Ubiquiti devices running UniFi OS are susceptible to an improper input validation vulnerability that allows network-based attackers to escalate privileges on the device.
CVSS Base9.9
→
CRSSelect profile
CVE-2026-47370
9.9📝
UbiquitiUniFi OS
Certain Ubiquiti devices running UniFi OS contain an improper input validation vulnerability allowing low-privileged network attackers to execute arbitrary commands.
CVSS Base9.9
→
CRSSelect profile
CVE-2026-48611
9.8📝
UnknownUnknown
Improper authentication checks in the OAuth implementation of the affected software allow for account hijacking, even when the feature is disabled.
CVSS Base9.8
→
CRSSelect profile
⚠️
High Priority Updates
CVE-2026-11933
8.8📝
MongoDBServer
A use-after-free vulnerability in the MongoDB Server JavaScript engine allows authenticated users to trigger memory corruption.
CVSS Base8.8
→
CRSSelect profile
CVE-2026-12007
8.8📝
GoogleChrome
A use-after-free vulnerability in the core of Google Chrome on Windows allows for potential arbitrary code execution.
CVSS Base8.8
→
CRSSelect profile
CVE-2026-12013
8.8📝
GoogleChrome
A use-after-free vulnerability exists in the Media component of Google Chrome on Windows, potentially allowing remote code execution or system compromise.
CVSS Base8.8
→
CRSSelect profile
CVE-2026-12020
8.8📝
GoogleChrome
A use-after-free vulnerability in the Autofill component of Google Chrome on Mac could allow a remote attacker to trigger heap corruption via a crafted HTML page.
CVSS Base8.8
→
CRSSelect profile
CVE-2026-12008
8.3📝
GoogleChrome
A use-after-free vulnerability in DigitalCredentials in Google Chrome allows a compromised renderer process to potentially perform a sandbox escape.
CVSS Base8.3
→
CRSSelect profile
CVE-2026-12010
8.3📝
GoogleChrome
A heap buffer overflow in the GPU component of Google Chrome on Android allows a compromised renderer process to potentially perform a sandbox escape.
CVSS Base8.3
→
CRSSelect profile
CVE-2026-12011
8.3📝
GoogleChrome
A use-after-free vulnerability in the WebMIDI component of Google Chrome on Windows allows an attacker to potentially escape the sandbox.
CVSS Base8.3
→
CRSSelect profile
CVE-2026-12014
8.3📝
GoogleChrome
A use-after-free vulnerability exists in the Cast component of Google Chrome, potentially allowing for a sandbox escape via malicious network traffic.
CVSS Base8.3
→
CRSSelect profile
CVE-2026-12019
8.3📝
GoogleChrome
A heap buffer overflow in the Codecs component of Google Chrome for Linux and ChromeOS could allow a remote attacker to perform a sandbox escape.
CVSS Base8.3
→
CRSSelect profile
CVE-2026-12023
8.3📝
GoogleChrome
A use-after-free vulnerability in the GPU component of Google Chrome for Mac allows for potential sandbox escape via crafted HTML content.
CVSS Base8.3
→
CRSSelect profile
CVE-2026-12028
8.3📝
GoogleChrome
A use-after-free vulnerability in the GPU component of Google Chrome for Android could allow a remote attacker to perform a sandbox escape.
CVSS Base8.3
→
CRSSelect profile
CVE-2026-12029
8.3📝
GoogleChrome
A use-after-free vulnerability in the Video component of Google Chrome for Windows allows for potential sandbox escape via crafted HTML content.
CVSS Base8.3
→
CRSSelect profile
CVE-2026-11672
8.3📝
GoogleChrome on Android
A heap buffer overflow vulnerability in the GPU process of Google Chrome on Android may allow for sandbox escape and privilege escalation.
CVSS Base8.3
→
CRSSelect profile
CVE-2026-50223
8.8📝
ApacheOFBiz
Apache OFBiz contains a template injection vulnerability that allows authenticated users with specific privileges to execute arbitrary code.
CVSS Base8.8
→
CRSSelect profile
CVE-2026-12018
8.8📝
GoogleChrome on Windows
An inappropriate implementation in the Mojo inter-process communication system within Google Chrome on Windows may lead to security boundary violations.
CVSS Base8.8
→
CRSSelect profile
CVE-2026-45456
8.4📝
MicrosoftOffice
A type confusion vulnerability in Microsoft Office allows an unauthorized attacker to execute arbitrary code locally on an affected system.
CVSS Base8.4
→
CRSSelect profile
CVE-2026-45458
8.4📝
MicrosoftOffice
A type confusion vulnerability in Microsoft Office allows an unauthorized attacker to execute arbitrary code locally on an affected system.
CVSS Base8.4
→
CRSSelect profile
CVE-2026-47635
8.4📝
MicrosoftOffice
A type confusion vulnerability in Microsoft Office allows an unauthorized attacker to execute arbitrary code locally on an affected system.
CVSS Base8.4
→
CRSSelect profile
CVE-2026-12009
8.3📝
GoogleChrome
Insufficient validation of untrusted input in the Accessibility feature of Google Chrome on Mac allows for potential sandbox escapes.
CVSS Base8.3
→
CRSSelect profile
CVE-2026-12016
8.3📝
GoogleChrome
An inappropriate implementation in Google Chrome's DevTools component allows for a sandbox escape via a crafted HTML page.
CVSS Base8.3
→
CRSSelect profile
CVE-2026-12022
8.3📝
GoogleChrome
A race condition in the Safe Browsing feature of Google Chrome on Mac allows for a sandbox escape via a malicious file.
CVSS Base8.3
→
CRSSelect profile
CVE-2026-12030
8.3📝
GoogleChrome
An out-of-bounds write vulnerability in the GPU component of Google Chrome on Android allows for potential sandbox escapes.
CVSS Base8.3
→
CRSSelect profile
CVE-2026-12031
8.3📝
GoogleChrome
An inappropriate implementation in the Views component of Google Chrome on Windows allows for a sandbox escape.
CVSS Base8.3
→
CRSSelect profile
CVE-2026-12034
8.3📝
GoogleChrome
Google Chrome on Linux contains a vulnerability due to insufficient validation of untrusted input within the Linux Toolkit Theming component.
CVSS Base8.3
→
CRSSelect profile
CVE-2026-11676
8.3📝
GoogleChrome
Insufficient validation of untrusted input in the Dawn graphics component of Google Chrome on Linux and ChromeOS allows for potential sandbox escapes.
CVSS Base8.3
→
CRSSelect profile
CVE-2026-11682
8.3📝
GoogleChrome
An inappropriate implementation in the Views component of Google Chrome on Linux allows for potential sandbox escapes.
CVSS Base8.3
→
CRSSelect profile
CVE-2026-44822
8.2📝
MicrosoftOffice Excel
An out-of-bounds read vulnerability in Microsoft Office Excel allows an unauthorized attacker to disclose sensitive information over a network.
CVSS Base8.2
→
CRSSelect profile
CVE-2026-45567
8.3📝
Roxy-WIRoxy-WI
A vulnerability exists in the Roxy-WI interface, which is used for managing Haproxy, Nginx, Apache, and Keepalived servers.
CVSS Base8.3
→
CRSSelect profile
CVE-2026-47102
8.8📝
LiteLLMLiteLLM
A vulnerability in LiteLLM prior to version 1 allows for potential unauthorized actions or information disclosure within the platform.
CVSS Base8.8
→
CRSSelect profile
CVE-2026-44494
8.7📝
AxiosAxios
Axios is vulnerable to a Prototype Pollution attack that can be escalated into a full Man-in-the-Middle (MITM) attack.
CVSS Base8.7
→
CRSSelect profile
CVE-2026-44492
8.6📝
AxiosAxios
Axios fails to properly validate IPv4-mapped IPv6 addresses in its proxy bypass function, leading to potential SSRF.
CVSS Base8.6
→
CRSSelect profile
CVE-2026-44810
8.4📝
MicrosoftWindows
Improper authentication in Windows Cryptographic Services allows an unauthorized attacker to perform local privilege escalation.
CVSS Base8.4
→
CRSSelect profile
CVE-2026-45607
8.4📝
MicrosoftWindows Hyper-V
An out-of-bounds read vulnerability in Windows Hyper-V allows an authenticated attacker on a guest VM to execute arbitrary code on the host server.
CVSS Base8.4
→
CRSSelect profile
CVE-2026-45641
8.4📝
MicrosoftWindows Hyper-V
A type confusion vulnerability in Windows Hyper-V allows an authenticated attacker on a guest VM to execute arbitrary code on the host server.
CVSS Base8.4
→
CRSSelect profile
CVE-2026-46519
8.8📝
Kubernetesmcp-server-kubernetes
An access control bypass in mcp-server-kubernetes allows clients to invoke Kubernetes operations directly, bypassing tool discovery restrictions.
CVSS Base8.8
→
CRSSelect profile
CVE-2026-45418
8.8📝
ClipBucketClipBucket
A critical vulnerability has been identified in the ClipBucket open-source video sharing platform.
CVSS Base8.8
→
CRSSelect profile
CVE-2026-50570
8.5📝
FissionFission
A security vulnerability in Fission allows unauthorized modification of container capabilities, potentially leading to node-level clock corruption.
CVSS Base8.5
→
CRSSelect profile
CVE-2026-12059
8.8📝
CellopointCelloOS
An improper access control vulnerability in the CelloOS SSH service allows authenticated remote attackers to bypass command restrictions and execute unauthorized OS commands.
CVSS Base8.8
→
CRSSelect profile
CVE-2026-49824
8.5📝
FissionFission
Fission contains a namespace validation flaw in its admission webhook, allowing users to bypass security boundaries when deploying functions.
CVSS Base8.5
→
CRSSelect profile
CVE-2026-53807
8.8📝
OpenClawOpenClaw
A vulnerability in OpenClaw's interactive callback functionality poses a significant security risk to users.
CVSS Base8.8
→
CRSSelect profile
CVE-2026-10087
8.7📝
GitLabGitLab EE
A stored cross-site scripting (XSS) vulnerability in the Analytics Dashboard allows authenticated developers to execute malicious code in the context of other users.
CVSS Base8.7
→
CRSSelect profile
CVE-2026-6552
8.7📝
GitLabGitLab EE
An improper authorization flaw in Group SAML identity management allows authenticated group owners to perform account takeovers of other group members.
CVSS Base8.7
→
CRSSelect profile
CVE-2026-7870
8.8📝
IBMIBM i
A privilege escalation vulnerability in IBM i allows unauthorized users to execute code with administrator privileges via an unqualified library call.
CVSS Base8.8
→
CRSSelect profile
CVE-2025-24284
8.8📝
ApplemacOS
A protection mechanism failure in macOS Sequoia 15.4 allows an application to break out of its sandbox, potentially leading to unauthorized system actions.
CVSS Base8.8
→
CRSSelect profile
CVE-2026-53806
8.8📝
OpenClawMultiple Products
OpenClaw contains a shell option parsing vulnerability that allows combined POSIX shell flags to bypass exec revalidation checks.
CVSS Base8.8
→
CRSSelect profile
CVE-2026-53810
8.8📝
OpenClawMultiple Products
A code execution vulnerability in OpenClaw allows marketplace runtime extension metadata to redirect loading toward unscanned package payloads.
CVSS Base8.8
→
CRSSelect profile
CVE-2026-53811
8.8📝
OpenClawMultiple Products
OpenClaw contains a privilege escalation vulnerability in the Matrix allowFrom feature that allows authenticated accounts to match policy entries through mutable display name metadata.
CVSS Base8.8
→
CRSSelect profile
CVE-2026-53817
8.8📝
OpenClawMultiple Products
A locality validation vulnerability in the OpenClaw Control UI pairing allows network-adjacent attackers to obtain durable admin-capable device tokens.
CVSS Base8.8
→
CRSSelect profile
CVE-2026-53819
8.8📝
OpenClawMultiple Products
An arbitrary code execution vulnerability exists in OpenClaw skill install flows where workspace .env files can override the Homebrew executable selection.
CVSS Base8.8
→
CRSSelect profile
CVE-2026-47101
8.8📝
LiteLLMLiteLLM
LiteLLM contains a privilege escalation vulnerability allowing authenticated users to generate unauthorized API keys, granting them full proxy administrative access.
CVSS Base8.8
→
CRSSelect profile
CVE-2026-47368
8.6📝
UbiquitiUniFi OS
A path traversal vulnerability in UniFi OS allows an attacker with network access to read sensitive data from the device.
CVSS Base8.6
→
CRSSelect profile
CVE-2026-24066
8.4📝
Slate DigitalSlate Digital Connect
Slate Digital Connect for macOS contains an improper certificate chain of trust validation flaw in its XPC Service, enabling local privilege escalation via malicious client signing.
CVSS Base8.4
→
CRSSelect profile
CVE-2026-24067
8.4📝
Slate DigitalSlate Digital Connect
Slate Digital Connect for macOS contains a TOCTOU race condition in its PID-based client validation, allowing local attackers to escalate privileges.
CVSS Base8.4
→
CRSSelect profile
CVE-2026-47929
8.4📝
AdobeColdFusion
Adobe ColdFusion contains an incorrect authorization vulnerability that allows a high-privileged attacker to achieve arbitrary code execution.
CVSS Base8.4
→
CRSSelect profile
CVE-2026-47931
8.4📝
AdobeColdFusion
Adobe ColdFusion contains an improper input validation vulnerability that allows high-privileged attackers on an adjacent network to execute arbitrary code.
CVSS Base8.4
→
CRSSelect profile
CVE-2026-46558
8.3📝
PlanePlane
A cross-workspace asset authorization bypass exists in Plane, allowing authenticated users to read, copy, delete, and overwrite assets in other workspaces.
CVSS Base8.3
→
CRSSelect profile
CVE-2026-53814
8.3📝
OpenClawOpenClaw
OpenClaw versions prior to 2026 contain a critical security vulnerability requiring immediate remediation.
CVSS Base8.3
→
CRSSelect profile
CVE-2026-50637
8.2📝
CPAN (Metrics::Any)Metrics::Any::Adapter::Statsd
The Metrics::Any::Adapter::Statsd library contains a vulnerability affecting versions prior to the current release.
CVSS Base8.2
→
CRSSelect profile
CVE-2026-40994
8.2📝
SpringWeb Services
An initialization error in Wss4jSecurityInterceptor disables WS-I Basic Security Profile enforcement, potentially causing services to accept invalid security messages.
CVSS Base8.2
→
CRSSelect profile
CVE-2026-40998
8.2📝
SpringWeb Services
The Jaxp13XPathTemplate component uses an insecure, unhardened XML parser for XPath expressions, potentially exposing applications to XML External Entity (XXE) attacks.
CVSS Base8.2
→
CRSSelect profile
CVE-2026-49982
8.2📝
Raszinode-tmp
A type-confusion vulnerability in node-tmp allows attackers to perform path traversal by supplying non-string values to file path parameters.