Real-time intelligence on actively exploited vulnerabilities, CISA KEV additions, and emerging threats — curated from elvis.hk security intelligence feeds.
Sourced from elvis.hk CISA feed, ZDI, and CVE Trends — last 4 weeks
| CVE ID | Severity | Product | Type | Status | Age | Source |
|---|---|---|---|---|---|---|
| CVE-2026-3227 | HIGH | TP-Link TL-WR802N / TL-WR841N / TL-WR840N | OS Command Injection | Trending · Hype Score 34 | Today | CVE Trends |
| CVE-2026-24207 | HIGH | NVIDIA Triton Inference Server | Auth Bypass / Code Execution | Trending · Hype Score 16 | Today | CVE Trends |
| CVE-2025-8088 | HIGH | WinRAR (Windows) | Path Traversal / Code Execution | Exploited in the Wild | Today | CVE Trends |
| CVE-2026-12569 | CRITICAL | PTC Windchill / FlexPLM | RCE (Deserialization) | Actively Exploited · KEV | 2 days | CISA KEV |
| CVE-2026-20230 | HIGH | Cisco Unified Communications Manager | SSRF | Actively Exploited · KEV | 2 days | CISA KEV |
| CVE-2026-34908 | HIGH | Ubiquiti UniFi OS | Improper Access Control | Actively Exploited · CISA KEV | 4 days | CISA KEV |
| CVE-2026-20262 | HIGH | Cisco Catalyst SD-WAN Manager | Path Traversal / File Write | Zero-Day · KEV (due Jun 29) | 1 week | CISA KEV |
| CVE-2026-48027 | CRITICAL | Nx Console (VSCode extension) | Supply Chain · Malicious Code | KEV · Supply Chain Compromise | 11 days | CISA KEV |
| CVE-2026-35273 | CRITICAL | Oracle PeopleSoft Suite | RCE | Zero-Day · KEV OVERDUE | 2 weeks | CISA KEV |
| CVE-2026-10520 | CRITICAL | Ivanti Sentry | OS Cmd Injection / RCE | Actively Exploited · OVERDUE | 2 weeks | CISA KEV |
| CVE-2026-45657 | CRITICAL 9.8 | Windows Kernel (TCP/IP) | Wormable RCE | Zero-Day · Patch Available | 2 weeks | ZDI / elvis.hk |
| CVE-2026-47291 | CRITICAL 9.8 | Windows HTTP.sys | RCE Unauthenticated | Zero-Day · Patched | 2 weeks | ZDI / elvis.hk |
| CVE-2026-41091 | HIGH 7.8 | Microsoft Defender | Privilege Escalation | Zero-Day · Patched | 2 weeks | ZDI / elvis.hk |
| CVE-2026-11645 | HIGH | Chromium V8 (Chrome / Edge / Opera) | OOB Read/Write RCE | KEV — All Chromium Browsers | 2 weeks | CISA KEV |
| CVE-2026-50751 | HIGH | Check Point Security Gateway (IKEv1 VPN) | Auth Bypass / VPN | Ransomware Campaigns · OVERDUE | 2 weeks | CISA KEV |
| CVE-2026-20245 | HIGH | Cisco Catalyst SD-WAN (7th 2026 zero-day) | Privilege Escalation | Zero-Day · No Patch Initially | 2 weeks | CISA KEV |
| CVE-2026-42271 | HIGH | BerriAI LiteLLM (AI/ML gateway) | Command Injection | KEV · Due Jun 22 | 2 weeks | CISA KEV |
| CVE-2026-7473 | HIGH | Arista EOS | Tunnel Decapsulation / Seg Bypass | KEV · Network Segmentation Risk | 2 weeks | CISA KEV |
| CVE-2026-28318 | MEDIUM | SolarWinds Serv-U File Server | DoS / Unauth Resource Exhaustion | KEV · Patch Available | 3 weeks | CISA KEV |
| CVE-2026-45247 | CRITICAL | Mirasvit Full Page Cache Warmer (Magento) | Deserialization RCE | KEV OVERDUE (Jun 6) | 3 weeks | CISA KEV |
Data sourced from elvis.hk · CISA KEV feed · Zero Day Initiative · CVE Trends
The largest single Patch Tuesday release in program history. Three publicly disclosed zero-days including a wormable Windows Kernel RCE (CVE-2026-45657, CVSS 9.8) and an HTTP.sys RCE (CVE-2026-47291, CVSS 9.8). 38 critical-rated vulnerabilities.
Full ZDI Analysis →CVE-2026-20262 — Cisco confirmed active zero-day exploitation of a path traversal flaw in SD-WAN Manager allowing arbitrary file writes and RCE. The seventh SD-WAN zero-day in 2026. FedRAMP environments confirmed affected.
CISA KEV Entry →CVE-2026-35273 — Active unauthenticated RCE against Oracle PeopleSoft (CVSS 9.8) linked to ShinyHunters data theft campaigns. KEV deadline June 15 now overdue. HR and financial data directly at risk.
CISA KEV Details →A wave of critical vulnerabilities hitting AI/ML tooling: BerriAI LiteLLM command injection (CVE-2026-42271, KEV), NVIDIA Triton auth bypass (CVE-2026-24207), vLLM DoS (CVE-2026-5497), and Pipecat path traversal (CVE-2026-44716). AI development environments increasingly targeted.
CVE Trends →Staged advisories from Zero Day Initiative via elvis.hk — not yet publicly disclosed
RAGFlow — an open-source AI-based document RAG engine — has 3 staged ZDI advisories. Organisations using RAGFlow should monitor the ZDI feed closely and prepare to patch rapidly.
Elvis.hk aggregates CISA KEV, ZDI, VulDB, HAWKEYE threat digests, and Tenable in one place. Follow the feeds to track emerging threats in real time.