CVEDigest

CVE explainer catalog

This catalog explains 40 high-impact CVEs in plain English. Each entry gives the CVSS severity, affected vendor and product, a non-jargon summary of how the flaw is exploited, and the remediation step. The list is anchored to the CISA Known Exploited Vulnerabilities (KEV) catalog — vulnerabilities with confirmed real-world exploitation — so it doubles as a patch-priority shortlist. Click any CVE for the full explainer and FAQ.

Source: CISA Known Exploited Vulnerabilities Catalog. Data as of 2026-06-13.

All vulnerabilities (40)

CVEVulnerabilityVendorSeverity (CVSS)RansomwareAdded to KEV
CVE-2026-35273Oracle PeopleSoft Enterprise PeopleTools Missing Authentication for Critical Function VulnerabilityOracleYes2026-06-12
CVE-2026-10520Ivanti Sentry OS Command Injection VulnerabilityIvanti2026-06-11
CVE-2026-11645Google Chromium V8 Out-of-Bounds Read and Write VulnerabilityGoogle2026-06-09
CVE-2026-7473Arista Extensible Operating System Incomplete Comparison with Missing Factors VulnerabilityArista2026-06-09
CVE-2026-20245Cisco Catalyst SD-WAN Manager Improper Encoding or Escaping of Output VulnerabilityCisco2026-06-09
CVE-2026-42271BerriAI LiteLLM Command Injection VulnerabilityBerriAI2026-06-08
CVE-2026-50751Check Point Security Gateway Improper Authentication VulnerabilityCheck PointYes2026-06-08
CVE-2026-28318SolarWinds Serv-U Uncontrolled Resource Consumption VulnerabilitySolarWinds2026-06-05
CVE-2026-45247Mirasvit Full Page Cache Warmer Deserialization of Untrusted Data VulnerabilityMirasvit2026-06-03
CVE-2022-0492Linux Kernel Improper Authentication VulnerabilityLinux2026-06-02
CVE-2025-48595Android Framework Integer Overflow VulnerabilityAndroid2026-06-02
CVE-2024-21182Oracle WebLogic Server Unspecified VulnerabilityOracle2026-06-01
CVE-2026-0257Palo Alto Networks PAN-OS Authentication Bypass VulnerabilityPalo Alto Networks2026-05-29
CVE-2026-48027Nx Console Embedded Malicious Code VulnerabilityNxYes2026-05-27
CVE-2026-45321TanStack Unspecified VulnerabilityTanStackYes2026-05-27
CVE-2026-8398Daemon Tools Lite Embedded Malicious Code VulnerabilityDaemon2026-05-27
CVE-2026-48172LiteSpeed cPanel Plugin Privilege Escalation VulnerabilityLiteSpeed2026-05-26
CVE-2026-9082Drupal Core SQL Injection VulnerabilityDrupal2026-05-22
CVE-2025-34291Langflow Origin Validation Error VulnerabilityLangflow2026-05-21
CVE-2026-34926Trend Micro Apex One (On-Premise) Directory Traversal VulnerabilityTrend Micro2026-05-21
CVE-2008-4250Microsoft Windows Buffer Overflow VulnerabilityMicrosoft2026-05-20
CVE-2009-1537Microsoft DirectX NULL Byte Overwrite VulnerabilityMicrosoft2026-05-20
CVE-2009-3459Adobe Acrobat and Reader Heap-Based Buffer Overflow VulnerabilityAdobe2026-05-20
CVE-2010-0249Microsoft Internet Explorer Use-After-Free VulnerabilityMicrosoft2026-05-20
CVE-2010-0806Microsoft Internet Explorer Use-After-Free VulnerabilityMicrosoft2026-05-20
CVE-2026-41091Microsoft Defender Link Following VulnerabilityMicrosoft2026-05-20
CVE-2026-45498Microsoft Defender Denial of Service VulnerabilityMicrosoft2026-05-20
CVE-2026-42897Microsoft Exchange Server Cross-Site Scripting VulnerabilityMicrosoft2026-05-15
CVE-2026-20182Cisco Catalyst SD-WAN Controller Authentication Bypass VulnerabilityCisco2026-05-14
CVE-2026-42208BerriAI LiteLLM SQL Injection VulnerabilityBerriAI2026-05-08
CVE-2026-6973Ivanti Endpoint Manager Mobile (EPMM) Improper Input Validation VulnerabilityIvanti2026-05-07
CVE-2026-0300Palo Alto Networks PAN-OS Out-of-bounds Write VulnerabilityPalo Alto Networks2026-05-06
CVE-2026-31431Linux Kernel Incorrect Resource Transfer Between Spheres VulnerabilityLinux2026-05-01
CVE-2026-41940WebPros cPanel & WHM and WP2 (WordPress Squared) Missing Authentication for Critical Function VulnerabilityWebProsYes2026-04-30
CVE-2024-1708ConnectWise ScreenConnect Path Traversal VulnerabilityConnectWiseYes2026-04-28
CVE-2026-32202Microsoft Windows Protection Mechanism Failure VulnerabilityMicrosoft2026-04-28
CVE-2025-29635D-Link DIR-823X Command Injection VulnerabilityD-Link2026-04-24
CVE-2024-7399Samsung MagicINFO 9 Server Path Traversal VulnerabilitySamsung2026-04-24
CVE-2024-57728SimpleHelp Path Traversal VulnerabilitySimpleHelpYes2026-04-24
CVE-2024-57726SimpleHelp Missing Authorization VulnerabilitySimpleHelpYes2026-04-24

Source: CISA Known Exploited Vulnerabilities Catalog. Data as of 2026-06-13.

Open the explainers

CVE-2026-35273

Oracle PeopleSoft Enterprise PeopleTools Missing Authentication for Critical Function Vulnerability

 CVE-2026-10520

Ivanti Sentry OS Command Injection Vulnerability

 CVE-2026-11645

Google Chromium V8 Out-of-Bounds Read and Write Vulnerability

 CVE-2026-7473

Arista Extensible Operating System Incomplete Comparison with Missing Factors Vulnerability

 CVE-2026-20245

Cisco Catalyst SD-WAN Manager Improper Encoding or Escaping of Output Vulnerability

 CVE-2026-42271

BerriAI LiteLLM Command Injection Vulnerability

 CVE-2026-50751

Check Point Security Gateway Improper Authentication Vulnerability

 CVE-2026-28318

SolarWinds Serv-U Uncontrolled Resource Consumption Vulnerability

 CVE-2026-45247

Mirasvit Full Page Cache Warmer Deserialization of Untrusted Data Vulnerability

 CVE-2022-0492

Linux Kernel Improper Authentication Vulnerability

 CVE-2025-48595

Android Framework Integer Overflow Vulnerability

 CVE-2024-21182

Oracle WebLogic Server Unspecified Vulnerability

 CVE-2026-0257

Palo Alto Networks PAN-OS Authentication Bypass Vulnerability

 CVE-2026-48027

Nx Console Embedded Malicious Code Vulnerability

 CVE-2026-45321

TanStack Unspecified Vulnerability

 CVE-2026-8398

Daemon Tools Lite Embedded Malicious Code Vulnerability

 CVE-2026-48172

LiteSpeed cPanel Plugin Privilege Escalation Vulnerability

 CVE-2026-9082

Drupal Core SQL Injection Vulnerability

 CVE-2025-34291

Langflow Origin Validation Error Vulnerability

 CVE-2026-34926

Trend Micro Apex One (On-Premise) Directory Traversal Vulnerability

 CVE-2008-4250

Microsoft Windows Buffer Overflow Vulnerability

 CVE-2009-1537

Microsoft DirectX NULL Byte Overwrite Vulnerability

 CVE-2009-3459

Adobe Acrobat and Reader Heap-Based Buffer Overflow Vulnerability

 CVE-2010-0249

Microsoft Internet Explorer Use-After-Free Vulnerability

 CVE-2010-0806

Microsoft Internet Explorer Use-After-Free Vulnerability

 CVE-2026-41091

Microsoft Defender Link Following Vulnerability

 CVE-2026-45498

Microsoft Defender Denial of Service Vulnerability

 CVE-2026-42897

Microsoft Exchange Server Cross-Site Scripting Vulnerability

 CVE-2026-20182

Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability

 CVE-2026-42208

BerriAI LiteLLM SQL Injection Vulnerability

 CVE-2026-6973

Ivanti Endpoint Manager Mobile (EPMM) Improper Input Validation Vulnerability

 CVE-2026-0300

Palo Alto Networks PAN-OS Out-of-bounds Write Vulnerability

 CVE-2026-31431

Linux Kernel Incorrect Resource Transfer Between Spheres Vulnerability

 CVE-2026-41940

WebPros cPanel & WHM and WP2 (WordPress Squared) Missing Authentication for Critical Function Vulnerability

 CVE-2024-1708

ConnectWise ScreenConnect Path Traversal Vulnerability

 CVE-2026-32202

Microsoft Windows Protection Mechanism Failure Vulnerability

 CVE-2025-29635

D-Link DIR-823X Command Injection Vulnerability

 CVE-2024-7399

Samsung MagicINFO 9 Server Path Traversal Vulnerability

 CVE-2024-57728

SimpleHelp Path Traversal Vulnerability

 CVE-2024-57726

SimpleHelp Missing Authorization Vulnerability

How this list is built

Entries are normalized from the CISA KEV catalog and enriched with CVSS severity and plain-English context. Some entries are labelled illustrative — worked examples that show the record format without claiming to be a specific published vulnerability. See our methodology for sources and limitations.

Last updated: 2026-06-13