Emerging BETA · EXPERIMENTAL RSS ↗
Emerging is a BETA feed that watches a curated set of trusted security-news outlets and links what they report to the 613 products IsItPatched tracks — often ahead of full NVD enrichment. Every item is attributed to its source and links out; IsItPatched never asserts its own findings here. Right now it surfaces 120 machine-linked reports, 20 describing active exploitation.
⚠ Items are machine-linked third-party reporting and may be wrong. Each shows its source and links out — we never assert our own findings here. Treat low-confidence items as leads, and always verify against the source and the vendor advisory.
120
linked reports · last 45 days
20
describing active exploitation
73
CVEs referenced
See news about the software you run Add your products to My Stack and Emerging flags reporting that hits them — a violet node on the graph, “you run this” on the feed.
Open My Stack → Sign in free → Tuesday 16 June
New Rokarolla Android Malware Steals PINs, SMS Codes, and Crypto Wallet Funds
Rockwell Automation Logix 5370 & 5570 Controllers Vulnerable To Denial of Service Via CIP
Rockwell Automation RSLinx
Rockwell Automation FLEX I/O EtherNet/IP Adapters
No items match.
Unlock the full newsroom — free 115 more linked reports, the live Connections graph, filters, and “you run this” flags on software in your stack.
Sign in free → or RSS ↗ Rockwell Automation FactoryTalk Analytics PavilionX
Microsoft Teams Analyze the Wi-Fi Hotspot Data Connected to an Employee’s Device
CISA warns of another cPanel plugin flaw exploited in attacks
Attackers Exploit Three Fortinet FortiSandbox Flaws, One Patched Last Week
Ransomware gang abuses Microsoft Teams relays to hide malicious traffic
CVE-2026-34182 CMS AuthEnvelopedData Processing May Accept Forged Messages
CVE-2026-54411 Linux-PAM through 1.7.2 contains an observable timing discrepancy (CWE-208) in the pam_userdb module's plaintext-password comparison path in modules/pam_userdb/pam_userdb.c that allows a local or network-adjacent attacker able to repeatedly drive authentication through a calling service to recover the plaintext password of a target account by measuring response-timing differences. The comparison uses strncmp() (or strncasecmp() when PAM_ICASE_ARG is set) preceded by a length-equality check, so the time to reject a candidate depends on the index of the first differing byte and on whether the candidate's length matches the stored password, leaking the password length and individual prefix bytes. The vulnerable path is reached when the administrator configures pam_userdb with crypt=none, with an unrecognized crypt method, or without a crypt= argument, causing the module to store and compare credentials in plaintext.
Cisco Releases Security Updates for Actively Exploited SD-WAN Manager Flaw
CISA Flags LiteSpeed cPanel Plugin Flaw Exploited for Root Privilege Escalation
Chromium: CVE-2026-11700 Use after free in Tracing
Chromium: CVE-2026-11699 Use after free in Bluetooth
Chromium: CVE-2026-11698 Use after free in Bluetooth
Chromium: CVE-2026-11697 Insufficient validation of untrusted input in UI
Chromium: CVE-2026-11696 Uninitialized Use in Video
Chromium: CVE-2026-11695 Inappropriate implementation in Passwords
Cisco Catalyst SD-WAN Manager Arbitrary File Write Vulnerability
SimpleHelp bug lets hackers create rogue remote support accounts
Cisco fixes SD-WAN vManage flaw exploited in zero-day attacks
LiteLLM Vulnerability Chain Lets Low-Privilege Users Take Over AI Gateway Servers
One-Click Microsoft 365 Copilot Flaw Could Have Let Attackers Steal Emails, Files, and MFA Codes
⚡ Weekly Recap: Chrome 0-Day, UniFi Exploits, macOS Stealers, VPN Flaw and More
CISA Adds Two Known Exploited Vulnerabilities to Catalog
Palo Alto Warns of Active Exploitation of PAN-OS GlobalProtect VPN Flaw
Critical Splunk Enterprise Flaw Lets Attackers Run Code Without Authentication
CVE-2026-0249 GlobalProtect App: Certificate Validation Bypass Vulnerabilities (Severity: MEDIUM)
CVE-2026-0250 GlobalProtect App: Buffer Overflow Vulnerability during connection to Portal or Gateway (Severity: MEDIUM)
Cisco Catalyst SD-WAN Controller, Catalyst SD-WAN Manager, and Catalyst SD-WAN Validator Authenticated Privilege Escalation Vulnerability
Active Exploitation of Oracle PeopleSoft Zero-Day (CVE-2026-35273)
CISA Adds One Known Exploited Vulnerability to Catalog
ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-35273) to Breach Universities
New Attacks Trick OpenClaw AI Agent Into Running Code and Leaking Secrets
ThreatsDay Bulletin: Worm Code Leaked, AI Agent Phished, Claude Code Patch + 28 New Stories
Yarbo Android/iOS Mobile Application and Cloud Infrastructure
ZDI-26-360: MATE Desktop Atril Document Viewer EPUB File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
ZDI-26-359: Samsung rlottie Numeric Truncation Remote Code Execution Vulnerability
ZDI-26-358: Allegra downloadAttachment Cross-Site Scripting Authentication Bypass Vulnerability
ZDI-26-357: Allegra exportReport Directory Traversal Information Disclosure Vulnerability
ZDI-26-356: Apache HTTP Server mod_proxy_ajp Out-Of-Bounds Read Information Disclosure Vulnerability
CVE-2026-0273 PAN-OS: Authenticated Admin Command Injection Vulnerability via CLI or Web UI (Severity: MEDIUM)
Bug Bounty Research Triggers ServiceNow Security Alert
CVE-2026-0270 Cortex XSOAR: Path Traversal Vulnerability (Severity: MEDIUM)
CVE-2026-0272 PAN-OS: Privilege Escalation (PE) Vulnerability in the Command Line Interface (CLI) (Severity: MEDIUM)
CVE-2026-0268 Prisma Access Agent: Local Authenticated VPN Enforcement Bypass on Linux (Severity: MEDIUM)
CVE-2026-0274 Cortex XSOAR: Improper Validation of Credentials in CommvaultSecurityIQ integration (Severity: HIGH)
CVE-2026-0267 GlobalProtect App: Information Exposure Vulnerability on macOS (Severity: MEDIUM)
CVE-2026-0271 Prisma Access Agent: Local Privilege Escalation by Authorized Users (Severity: MEDIUM)
CVE-2026-0269 PAN-OS: Denial of Service (DoS) in Tunnel Traffic Processing (Severity: MEDIUM)
CVE-2026-0266 PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface (Severity: LOW)
Ivanti, Fortinet, and SAP Release Patches for Multiple Critical Vulnerabilities
Langflow Vulnerability CVE-2026-5027 Exploited for Unauthenticated RCE
CISA Adds Cisco, Chrome, and Arista Flaws to KEV Catalog Amid Active Exploitation
CVE-2026-10520, CVE-2026-10523 - Multiple critical vulnerabilities affecting Ivanti Sentry
ServiceNow Flaw Exploited to Gain Unauthorized Access to Customer Instances
Microsoft Defender RoguePlanet Zero-Day Grants SYSTEM Access on Updated Windows
Six Proto6 Vulnerabilities in protobuf.js Expose Node.js Apps to RCE and DoS
ZDI-26-355: Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability
ZDI-26-328: ASUS MyASUS Origin Validation Error Local Privilege Escalation Vulnerability
GitLab patch release notes
GitLab Patch Release: 19.0.2, 18.11.5, 18.10.8
SVD-2026-0610: Third-Party Package Updates in Splunk Enterprise - June 2026
SVD-2026-0609: Improper Access Control in Splunk Enterprise
SVD-2026-0608: Stored Cross-Site Scripting (XSS) through Classic Dashboard in Splunk Enterprise
SVD-2026-0607: Improper Input Validation through Classic Dashboard CSS in Splunk Enterprise
SVD-2026-0606: Improper Input Validation through Protocol-Relative URL in Classic Dashboards in Splunk Enterprise
SVD-2026-0605: Improper Input Validation through Classic Dashboards in Splunk Enterprise
SVD-2026-0604: Information Disclosure through External Content Restriction Bypass in Splunk Enterprise
SVD-2026-0603: Unauthenticated Arbitrary File Creation and Truncation in a PostgreSQL Sidecar Service Endpoint in Splunk Enterprise
SVD-2026-0602: Server-Side Request Forgery (SSRF) through Dashboard Studio PDF Export in Splunk Enterprise
Russian Attackers Weaponize WinRAR Flaw Against Ukrainian Orgs
CISA Adds Three Known Exploited Vulnerabilities to Catalog
ZDI-26-354: Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability
ZDI-26-353: Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability
ZDI-26-352: Adobe Acrobat Pro DC AcroForm Use-After-Free Remote Code Execution Vulnerability
ZDI-26-351: Adobe USD-Fileformat-plugins Heap-based Buffer Overflow Remote Code Execution Vulnerability
ZDI-26-350: Adobe USD-Fileformat-plugins Heap-based Buffer Overflow Remote Code Execution Vulnerability
ZDI-26-349: Adobe Acrobat Pro DC Annots.api Use-After-Free Remote Code Execution Vulnerability
ZDI-26-348: Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability
ZDI-26-347: Adobe Acrobat Reader DC Multimedia Rendition Use-After-Free Remote Code Execution Vulnerability
ZDI-26-346: Adobe Acrobat Reader DC Annotation Use-After-Free Information Disclosure Vulnerability
ZDI-26-345: Adobe Acrobat Reader DC Font Handling Use-After-Free Remote Code Execution Vulnerability
ZDI-26-344: Adobe Acrobat Reader DC Doc Object Out-Of-Bounds Read Information Disclosure Vulnerability
Critical Check Point VPN Zero-Day Exploited in the Wild (CVE-2026-50751)
Weekly Metasploit Update: Apache ActiveMQ RCE, Gogs Rebase RCE, and Windows Kernel Pointer Enum
NAVTOR NavBox
B&R PPT30 Operating System
All the passwords were stored in Active Directory description fields
Commvault says it's time to rethink resiliency as AI crooks leave victims in a 'dark, dead' state
Cisco Webex Meetings Cross-Site Scripting Vulnerability
Linux Kernel vulnerability Dirty Frag
CVE-2026-0257 PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities (Severity: HIGH)
Zoom CISO: AI as a Security Enabler, Not Role-Replacer
CVE-2026-0251 GlobalProtect App: Local Privilege Escalation Vulnerabilities (Severity: MEDIUM)
Microsoft's Zero-Day Legal Threats Spark Backlash
CVE-2026-0826: Critical unauthenticated stack buffer overflow in HP Poly VVX and Trio VoIP Phones (FIXED)
CVE-2026-0826: How an Old Bug Can Feed AI-Powered Impersonation
Metasploit Wrap Up 05/29/2026
Rapid7 Observed Exploitation of PAN-OS GlobalProtect Authentication Bypass Vulnerability (CVE-2026-0257)
CVE-2026-0259 WildFire WF-500 and WF-500-B: Arbitrary File Read and Delete Vulnerability in WildFire Appliance (WF-500, WF-500-B) (Severity: MEDIUM)
CVE-2026-0261 PAN-OS: Authenticated Admin Command Injection Vulnerability (Severity: MEDIUM)
CVE-2026-0263 PAN-OS: Remote Code Execution (RCE) in IKEv2 Processing (Severity: HIGH)
CVE-2026-0258 PAN-OS: Server-Side Request Forgery (SSRF) in IKEv2 Certificate URL Fetching (Severity: MEDIUM)
CVE-2026-0262 PAN-OS: Denial of Service Vulnerabilities in Network Traffic Parsing (Severity: MEDIUM)
Extending EOL/EOS Software Intelligence Across Containers, Kubernetes, and Modern Workloads
GitLab Patch Release: 18.9.8, 18.8.10, 18.7.7, 18.6.8, 18.5.7
GitLab Patch Release: 19.0.1, 18.11.4, 18.10.7
CVE-2026-46333: Local Root Privilege Escalation and Credential Disclosure in the Linux Kernel ptrace Path
SVD-2026-0516: Third-Party Package Updates in Splunk Add-on for Tomcat App - May 2026
SVD-2026-0511: Third-Party Package Updates in Splunk AppDynamics Python Agent - May 2026
SVD-2026-0505: Third-Party Package Updates in Splunk Enterprise - May 2026
SVD-2026-0504: Denial of Service through coldToFrozen.sh Script in Splunk Enterprise
SVD-2026-0503: Sensitive Information Disclosure through Log Files in Splunk Enterprise
Cisco Catalyst SD-WAN Manager Vulnerabilities
Linux Kernel Vulnerability copy.fail - CVE-2026-31431
A 0-click exploit chain for the Pixel 10: When a Door Closes, a Window Opens
GitLab Patch Release: 18.11.3, 18.10.6, 18.9.7
How this week’s reporting connects — 17 products, 49 CVEs and 14 sources. Lines are attributed links from the items above; positions are illustrative. Tap a node to open it. Violet = software in your stack.
In your stack Product CVE CVE (exploited) Source
Prefer the list? Switch back to . The graph is a visual aid; the timeline above carries every item with full attribution.
About this BETA
Emerging ingests only a hard-coded allow-list of trusted outlets — first-party vendor advisories (Microsoft MSRC, Cisco PSIRT, Fortinet, Palo Alto, Ivanti), security research (Google Project Zero, Rapid7, Qualys) and established reporting (CISA, Krebs on Security, BleepingComputer, The Hacker News, SecurityWeek, Dark Reading, The Register) — no open-web crawl, no social feeds, no user submissions. We store and show only a headline, the source, the time, an outbound link and (where available) a short own-words takeaway — never article text. Links between a report and a product or CVE are made by software and carry a confidence level; they can be wrong. This is an early experiment in linking breaking reporting to the software you actually run — tell us when we get a link wrong →.
Newest first · refreshes on every sync · sources retain all rights to their reporting. See our disclaimer.