IsItPatched — Emerging (security news linked to tracked software, BETA)

IsItPatched — Emerging (security news linked to tracked software, BETA) https://isitpatched.com/emerging Trusted security reporting (first-party vendor advisories, research & CISA) machine-linked to the software IsItPatched tracks. BETA — attributed to the source, never asserted as our own finding. en Compiled by IsItPatched (isitpatched.com) from NVD, CISA KEV, EPSS and endoflife.date. IsItPatched (https://isitpatched.com) https://www.rssboard.org/rss-specification 15 https://isitpatched.com/icon-192.png IsItPatched — Emerging (security news linked to tracked software, BETA) https://isitpatched.com/emerging Tue, 16 Jun 2026 22:43:51 GMT Cyber Security News: Hackers Weaponize Microsoft Teams Relay to Hide Ransomware Traffic https://cybersecuritynews.com/microsoft-teams-relay-abused/ https://cybersecuritynews.com/microsoft-teams-relay-abused/ Cyber Security News reports on Microsoft Teams. Machine-linked to tracked software by IsItPatched (BETA) — attributed, may be wrong; verify at the source. Reported IsItPatched Tue, 16 Jun 2026 13:59:55 GMT The Hacker News: New Rokarolla Android Malware Steals PINs, SMS Codes, and Crypto Wallet Funds https://thehackernews.com/2026/06/new-rokarolla-android-malware-steals.html https://thehackernews.com/2026/06/new-rokarolla-android-malware-steals.html The Hacker News reports on Android. Machine-linked to tracked software by IsItPatched (BETA) — attributed, may be wrong; verify at the source. Reported IsItPatched Tue, 16 Jun 2026 13:10:17 GMT CISA Advisories: Rockwell Automation Logix 5370 & 5570 Controllers Vulnerable To Denial of Service Via CIP https://www.cisa.gov/news-events/ics-advisories/icsa-26-167-03 https://www.cisa.gov/news-events/ics-advisories/icsa-26-167-03 CISA Advisories reports (CVE-2026-11317). Machine-linked to tracked software by IsItPatched (BETA) — attributed, may be wrong; verify at the source. Reported IsItPatched Tue, 16 Jun 2026 12:00:00 GMT CISA Advisories: Rockwell Automation RSLinx https://www.cisa.gov/news-events/ics-advisories/icsa-26-167-02 https://www.cisa.gov/news-events/ics-advisories/icsa-26-167-02 CISA Advisories reports (CVE-2020-13573). Machine-linked to tracked software by IsItPatched (BETA) — attributed, may be wrong; verify at the source. Reported IsItPatched Tue, 16 Jun 2026 12:00:00 GMT CISA Advisories: Rockwell Automation FLEX I/O EtherNet/IP Adapters https://www.cisa.gov/news-events/ics-advisories/icsa-26-167-05 https://www.cisa.gov/news-events/ics-advisories/icsa-26-167-05 CISA Advisories reports (CVE-2026-0646). Machine-linked to tracked software by IsItPatched (BETA) — attributed, may be wrong; verify at the source. Reported IsItPatched Tue, 16 Jun 2026 12:00:00 GMT CISA Advisories: Rockwell Automation FactoryTalk Analytics PavilionX https://www.cisa.gov/news-events/ics-advisories/icsa-26-167-01 https://www.cisa.gov/news-events/ics-advisories/icsa-26-167-01 CISA Advisories reports (CVE-2025-14272). Machine-linked to tracked software by IsItPatched (BETA) — attributed, may be wrong; verify at the source. Reported IsItPatched Tue, 16 Jun 2026 12:00:00 GMT Cyber Security News: Microsoft Teams Analyze the Wi-Fi Hotspot Data Connected to an Employee’s Device https://cybersecuritynews.com/microsoft-teams-analyze-the-wi-fi-hotspot-data/ https://cybersecuritynews.com/microsoft-teams-analyze-the-wi-fi-hotspot-data/ Cyber Security News reports on Microsoft Teams. Machine-linked to tracked software by IsItPatched (BETA) — attributed, may be wrong; verify at the source. Reported IsItPatched Tue, 16 Jun 2026 11:17:58 GMT BleepingComputer: CISA warns of another cPanel plugin flaw exploited in attacks https://www.bleepingcomputer.com/news/security/cisa-warns-of-another-actively-exploited-cpanel-plugin-flaw/ https://www.bleepingcomputer.com/news/security/cisa-warns-of-another-actively-exploited-cpanel-plugin-flaw/ BleepingComputer reports on cPanel Plugin (CVE-2026-54420). Machine-linked to tracked software by IsItPatched (BETA) — attributed, may be wrong; verify at the source. Exploited IsItPatched Tue, 16 Jun 2026 10:47:59 GMT The Hacker News: Attackers Exploit Three Fortinet FortiSandbox Flaws, One Patched Last Week https://thehackernews.com/2026/06/attackers-exploit-three-fortinet.html https://thehackernews.com/2026/06/attackers-exploit-three-fortinet.html The Hacker News reports (CVE-2026-39813). Machine-linked to tracked software by IsItPatched (BETA) — attributed, may be wrong; verify at the source. Exploited IsItPatched Tue, 16 Jun 2026 10:30:41 GMT BleepingComputer: Ransomware gang abuses Microsoft Teams relays to hide malicious traffic https://www.bleepingcomputer.com/news/security/ransomware-gang-abuses-microsoft-teams-relays-to-hide-malicious-traffic/ https://www.bleepingcomputer.com/news/security/ransomware-gang-abuses-microsoft-teams-relays-to-hide-malicious-traffic/ BleepingComputer reports on Microsoft Teams. Machine-linked to tracked software by IsItPatched (BETA) — attributed, may be wrong; verify at the source. Reported IsItPatched Tue, 16 Jun 2026 10:18:48 GMT MSRC: CVE-2026-34182 CMS AuthEnvelopedData Processing May Accept Forged Messages https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-34182 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-34182 MSRC reports (CVE-2026-34182). Machine-linked to tracked software by IsItPatched (BETA) — attributed, may be wrong; verify at the source. Reported IsItPatched Tue, 16 Jun 2026 09:14:59 GMT MSRC: CVE-2026-54411 Linux-PAM through 1.7.2 contains an observable timing discrepancy (CWE-208) in the pam_userdb module's plaintext-password comparison path in modules/pam_userdb/pam_userdb.c that allows a local or network-adjacent attacker able to repeatedly drive authentication through a calling service to recover the plaintext password of a target account by measuring response-timing differences. The comparison uses strncmp() (or strncasecmp() when PAM_ICASE_ARG is set) preceded by a length-equality check, so the time to reject a candidate depends on the index of the first differing byte and on whether the candidate's length matches the stored password, leaking the password length and individual prefix bytes. The vulnerable path is reached when the administrator configures pam_userdb with crypt=none, with an unrecognized crypt method, or without a crypt= argument, causing the module to store and compare credentials in plaintext. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-54411 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-54411 MSRC reports (CVE-2026-54411). Machine-linked to tracked software by IsItPatched (BETA) — attributed, may be wrong; verify at the source. Reported IsItPatched Tue, 16 Jun 2026 08:01:29 GMT The Hacker News: Cisco Releases Security Updates for Actively Exploited SD-WAN Manager Flaw https://thehackernews.com/2026/06/cisco-releases-security-updates-for.html https://thehackernews.com/2026/06/cisco-releases-security-updates-for.html The Hacker News reports (CVE-2026-20262). Machine-linked to tracked software by IsItPatched (BETA) — attributed, may be wrong; verify at the source. Exploited IsItPatched Tue, 16 Jun 2026 06:05:58 GMT The Hacker News: CISA Flags LiteSpeed cPanel Plugin Flaw Exploited for Root Privilege Escalation https://thehackernews.com/2026/06/cisa-flags-litespeed-cpanel-plugin-flaw.html https://thehackernews.com/2026/06/cisa-flags-litespeed-cpanel-plugin-flaw.html The Hacker News reports on cPanel Plugin (CVE-2026-54420). Machine-linked to tracked software by IsItPatched (BETA) — attributed, may be wrong; verify at the source. Exploited IsItPatched Tue, 16 Jun 2026 05:41:52 GMT MSRC: Chromium: CVE-2026-11700 Use after free in Tracing https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11701 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11701 MSRC reports (CVE-2026-11700). Machine-linked to tracked software by IsItPatched (BETA) — attributed, may be wrong; verify at the source. Reported IsItPatched Tue, 16 Jun 2026 02:15:07 GMT MSRC: Chromium: CVE-2026-11699 Use after free in Bluetooth https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11700 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11700 MSRC reports (CVE-2026-11699). Machine-linked to tracked software by IsItPatched (BETA) — attributed, may be wrong; verify at the source. Reported IsItPatched Tue, 16 Jun 2026 02:15:06 GMT MSRC: Chromium: CVE-2026-11698 Use after free in Bluetooth https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11699 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11699 MSRC reports (CVE-2026-11698). Machine-linked to tracked software by IsItPatched (BETA) — attributed, may be wrong; verify at the source. Reported IsItPatched Tue, 16 Jun 2026 02:15:05 GMT MSRC: Chromium: CVE-2026-11697 Insufficient validation of untrusted input in UI https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11698 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11698 MSRC reports (CVE-2026-11697). Machine-linked to tracked software by IsItPatched (BETA) — attributed, may be wrong; verify at the source. Reported IsItPatched Tue, 16 Jun 2026 02:15:03 GMT MSRC: Chromium: CVE-2026-11696 Uninitialized Use in Video https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11697 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11697 MSRC reports (CVE-2026-11696). Machine-linked to tracked software by IsItPatched (BETA) — attributed, may be wrong; verify at the source. Reported IsItPatched Tue, 16 Jun 2026 02:15:02 GMT MSRC: Chromium: CVE-2026-11695 Inappropriate implementation in Passwords https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11696 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11696 MSRC reports (CVE-2026-11695). Machine-linked to tracked software by IsItPatched (BETA) — attributed, may be wrong; verify at the source. Reported IsItPatched Tue, 16 Jun 2026 02:15:01 GMT Cisco PSIRT: Cisco Catalyst SD-WAN Manager Arbitrary File Write Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-arbfw-c2rZvQ?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20Catalyst%20SD-WAN%20Manager%20Arbitrary%20File%20Write%20Vulnerability%26vs_k=1 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-arbfw-c2rZvQ?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20Catalyst%20SD-WAN%20Manager%20Arbitrary%20File%20Write%20Vulnerability%26vs_k=1 Cisco PSIRT reports on Catalyst SD-WAN Manager. Machine-linked to tracked software by IsItPatched (BETA) — attributed, may be wrong; verify at the source. Reported IsItPatched Mon, 15 Jun 2026 22:00:51 GMT BleepingComputer: SimpleHelp bug lets hackers create rogue remote support accounts https://www.bleepingcomputer.com/news/security/simplehelp-bug-lets-hackers-create-rogue-remote-support-accounts/ https://www.bleepingcomputer.com/news/security/simplehelp-bug-lets-hackers-create-rogue-remote-support-accounts/ BleepingComputer reports on SimpleHelp. Machine-linked to tracked software by IsItPatched (BETA) — attributed, may be wrong; verify at the source. Reported IsItPatched Mon, 15 Jun 2026 20:06:52 GMT BleepingComputer: Cisco fixes SD-WAN vManage flaw exploited in zero-day attacks https://www.bleepingcomputer.com/news/security/cisco-fixes-sd-wan-vmanage-flaw-exploited-in-zero-day-attacks/ https://www.bleepingcomputer.com/news/security/cisco-fixes-sd-wan-vmanage-flaw-exploited-in-zero-day-attacks/ BleepingComputer reports (CVE-2026-20262). Machine-linked to tracked software by IsItPatched (BETA) — attributed, may be wrong; verify at the source. Exploited IsItPatched Mon, 15 Jun 2026 17:12:42 GMT The Hacker News: LiteLLM Vulnerability Chain Lets Low-Privilege Users Take Over AI Gateway Servers https://thehackernews.com/2026/06/litellm-vulnerability-chain-lets-low.html https://thehackernews.com/2026/06/litellm-vulnerability-chain-lets-low.html The Hacker News reports on LiteLLM. Machine-linked to tracked software by IsItPatched (BETA) — attributed, may be wrong; verify at the source. Reported IsItPatched Mon, 15 Jun 2026 16:39:01 GMT The Hacker News: One-Click Microsoft 365 Copilot Flaw Could Have Let Attackers Steal Emails, Files, and MFA Codes https://thehackernews.com/2026/06/one-click-microsoft-365-copilot-flaw.html https://thehackernews.com/2026/06/one-click-microsoft-365-copilot-flaw.html The Hacker News reports on Microsoft 365 Copilot. Machine-linked to tracked software by IsItPatched (BETA) — attributed, may be wrong; verify at the source. Reported IsItPatched Mon, 15 Jun 2026 15:09:05 GMT The Hacker News: ⚡ Weekly Recap: Chrome 0-Day, UniFi Exploits, macOS Stealers, VPN Flaw and More https://thehackernews.com/2026/06/weekly-recap-chrome-0-day-unifi.html https://thehackernews.com/2026/06/weekly-recap-chrome-0-day-unifi.html The Hacker News reports on macOS. Machine-linked to tracked software by IsItPatched (BETA) — attributed, may be wrong; verify at the source. Exploited IsItPatched Mon, 15 Jun 2026 13:49:29 GMT CISA Advisories: CISA Adds Two Known Exploited Vulnerabilities to Catalog https://www.cisa.gov/news-events/alerts/2026/06/15/cisa-adds-two-known-exploited-vulnerabilities-catalog https://www.cisa.gov/news-events/alerts/2026/06/15/cisa-adds-two-known-exploited-vulnerabilities-catalog CISA Advisories reports (CVE-2026-20262). Machine-linked to tracked software by IsItPatched (BETA) — attributed, may be wrong; verify at the source. Exploited IsItPatched Mon, 15 Jun 2026 12:00:00 GMT The Hacker News: Palo Alto Warns of Active Exploitation of PAN-OS GlobalProtect VPN Flaw https://thehackernews.com/2026/06/palo-alto-warns-of-active-exploitation.html https://thehackernews.com/2026/06/palo-alto-warns-of-active-exploitation.html The Hacker News reports on Palo Alto PAN-OS (CVE-2026-0257). Machine-linked to tracked software by IsItPatched (BETA) — attributed, may be wrong; verify at the source. Exploited IsItPatched Mon, 15 Jun 2026 06:17:32 GMT The Hacker News: Critical Splunk Enterprise Flaw Lets Attackers Run Code Without Authentication https://thehackernews.com/2026/06/critical-splunk-enterprise-flaw-lets.html https://thehackernews.com/2026/06/critical-splunk-enterprise-flaw-lets.html The Hacker News reports on Splunk Enterprise (CVE-2026-20253). Machine-linked to tracked software by IsItPatched (BETA) — attributed, may be wrong; verify at the source. Reported IsItPatched Sat, 13 Jun 2026 13:23:03 GMT Palo Alto PSIRT: CVE-2026-0249 GlobalProtect App: Certificate Validation Bypass Vulnerabilities (Severity: MEDIUM) https://security.paloaltonetworks.com/CVE-2026-0249 https://security.paloaltonetworks.com/CVE-2026-0249 Palo Alto PSIRT reports (CVE-2026-0249). Machine-linked to tracked software by IsItPatched (BETA) — attributed, may be wrong; verify at the source. Reported IsItPatched Sat, 13 Jun 2026 01:45:00 GMT Palo Alto PSIRT: CVE-2026-0250 GlobalProtect App: Buffer Overflow Vulnerability during connection to Portal or Gateway (Severity: MEDIUM) https://security.paloaltonetworks.com/CVE-2026-0250 https://security.paloaltonetworks.com/CVE-2026-0250 Palo Alto PSIRT reports (CVE-2026-0250). Machine-linked to tracked software by IsItPatched (BETA) — attributed, may be wrong; verify at the source. Reported IsItPatched Sat, 13 Jun 2026 01:30:00 GMT Cisco PSIRT: Cisco Catalyst SD-WAN Controller, Catalyst SD-WAN Manager, and Catalyst SD-WAN Validator Authenticated Privilege Escalation Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-privesc-4uxFrdzx?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20Catalyst%20SD-WAN%20Controller,%20Catalyst%20SD-WAN%20Manager,%20and%20Catalyst%20SD-WAN%20Validator%20Authenticated%20Privilege%20Escalation%20Vulnerability%26vs_k=1 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-privesc-4uxFrdzx?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20Catalyst%20SD-WAN%20Controller,%20Catalyst%20SD-WAN%20Manager,%20and%20Catalyst%20SD-WAN%20Validator%20Authenticated%20Privilege%20Escalation%20Vulnerability%26vs_k=1 Cisco PSIRT reports on Catalyst SD-WAN Manager. Machine-linked to tracked software by IsItPatched (BETA) — attributed, may be wrong; verify at the source. Reported IsItPatched Fri, 12 Jun 2026 20:36:49 GMT Rapid7: Active Exploitation of Oracle PeopleSoft Zero-Day (CVE-2026-35273) https://www.rapid7.com/blog/post/etr-active-exploitation-of-oracle-peoplesoft-zero-day-cve-2026-35273 https://www.rapid7.com/blog/post/etr-active-exploitation-of-oracle-peoplesoft-zero-day-cve-2026-35273 Rapid7 reports (CVE-2026-35273). Machine-linked to tracked software by IsItPatched (BETA) — attributed, may be wrong; verify at the source. Exploited IsItPatched Fri, 12 Jun 2026 13:43:04 GMT CISA Advisories: CISA Adds One Known Exploited Vulnerability to Catalog https://www.cisa.gov/news-events/alerts/2026/06/12/cisa-adds-one-known-exploited-vulnerability-catalog https://www.cisa.gov/news-events/alerts/2026/06/12/cisa-adds-one-known-exploited-vulnerability-catalog CISA Advisories reports (CVE-2026-35273). Machine-linked to tracked software by IsItPatched (BETA) — attributed, may be wrong; verify at the source. Exploited IsItPatched Fri, 12 Jun 2026 12:00:00 GMT The Hacker News: ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-35273) to Breach Universities https://thehackernews.com/2026/06/shinyhunters-exploits-oracle-peoplesoft.html https://thehackernews.com/2026/06/shinyhunters-exploits-oracle-peoplesoft.html The Hacker News reports (CVE-2026-35273). Machine-linked to tracked software by IsItPatched (BETA) — attributed, may be wrong; verify at the source. Exploited IsItPatched Thu, 11 Jun 2026 20:29:23 GMT The Hacker News: New Attacks Trick OpenClaw AI Agent Into Running Code and Leaking Secrets https://thehackernews.com/2026/06/new-attacks-trick-openclaw-ai-agent.html https://thehackernews.com/2026/06/new-attacks-trick-openclaw-ai-agent.html The Hacker News reports on OpenClaw. Machine-linked to tracked software by IsItPatched (BETA) — attributed, may be wrong; verify at the source. Reported IsItPatched Thu, 11 Jun 2026 17:46:32 GMT The Hacker News: ThreatsDay Bulletin: Worm Code Leaked, AI Agent Phished, Claude Code Patch + 28 New Stories https://thehackernews.com/2026/06/threatsday-bulletin-worm-code-leaked-ai.html https://thehackernews.com/2026/06/threatsday-bulletin-worm-code-leaked-ai.html The Hacker News reports on Claude Code. Machine-linked to tracked software by IsItPatched (BETA) — attributed, may be wrong; verify at the source. Patch available IsItPatched Thu, 11 Jun 2026 13:20:41 GMT CISA Advisories: Yarbo Android/iOS Mobile Application and Cloud Infrastructure https://www.cisa.gov/news-events/ics-advisories/icsa-26-162-01 https://www.cisa.gov/news-events/ics-advisories/icsa-26-162-01 CISA Advisories reports on Android. Machine-linked to tracked software by IsItPatched (BETA) — attributed, may be wrong; verify at the source. Reported IsItPatched Thu, 11 Jun 2026 12:00:00 GMT Trend Micro ZDI: ZDI-26-360: MATE Desktop Atril Document Viewer EPUB File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-26-360/ http://www.zerodayinitiative.com/advisories/ZDI-26-360/ Trend Micro ZDI reports (CVE-2026-52849). Machine-linked to tracked software by IsItPatched (BETA) — attributed, may be wrong; verify at the source. Reported IsItPatched Thu, 11 Jun 2026 05:00:00 GMT Trend Micro ZDI: ZDI-26-359: Samsung rlottie Numeric Truncation Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-26-359/ http://www.zerodayinitiative.com/advisories/ZDI-26-359/ Trend Micro ZDI reports (CVE-2026-8916). Machine-linked to tracked software by IsItPatched (BETA) — attributed, may be wrong; verify at the source. Reported IsItPatched Thu, 11 Jun 2026 05:00:00 GMT Trend Micro ZDI: ZDI-26-358: Allegra downloadAttachment Cross-Site Scripting Authentication Bypass Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-26-358/ http://www.zerodayinitiative.com/advisories/ZDI-26-358/ Trend Micro ZDI reports (CVE-2026-11443). Machine-linked to tracked software by IsItPatched (BETA) — attributed, may be wrong; verify at the source. Reported IsItPatched Thu, 11 Jun 2026 05:00:00 GMT Trend Micro ZDI: ZDI-26-357: Allegra exportReport Directory Traversal Information Disclosure Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-26-357/ http://www.zerodayinitiative.com/advisories/ZDI-26-357/ Trend Micro ZDI reports (CVE-2026-11442). Machine-linked to tracked software by IsItPatched (BETA) — attributed, may be wrong; verify at the source. Reported IsItPatched Thu, 11 Jun 2026 05:00:00 GMT Trend Micro ZDI: ZDI-26-356: Apache HTTP Server mod_proxy_ajp Out-Of-Bounds Read Information Disclosure Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-26-356/ http://www.zerodayinitiative.com/advisories/ZDI-26-356/ Trend Micro ZDI reports on Apache HTTP Server (CVE-2026-34032). Machine-linked to tracked software by IsItPatched (BETA) — attributed, may be wrong; verify at the source. Reported IsItPatched Thu, 11 Jun 2026 05:00:00 GMT Palo Alto PSIRT: CVE-2026-0273 PAN-OS: Authenticated Admin Command Injection Vulnerability via CLI or Web UI (Severity: MEDIUM) https://security.paloaltonetworks.com/CVE-2026-0273 https://security.paloaltonetworks.com/CVE-2026-0273 Palo Alto PSIRT reports on Palo Alto PAN-OS (CVE-2026-0273). Machine-linked to tracked software by IsItPatched (BETA) — attributed, may be wrong; verify at the source. Reported IsItPatched Thu, 11 Jun 2026 01:00:00 GMT Dark Reading: Bug Bounty Research Triggers ServiceNow Security Alert https://www.darkreading.com/vulnerabilities-threats/bug-bounty-research-triggers-servicenow-security-alert https://www.darkreading.com/vulnerabilities-threats/bug-bounty-research-triggers-servicenow-security-alert Dark Reading reports on ServiceNow. Machine-linked to tracked software by IsItPatched (BETA) — attributed, may be wrong; verify at the source. Reported IsItPatched Wed, 10 Jun 2026 20:07:53 GMT Palo Alto PSIRT: CVE-2026-0270 Cortex XSOAR: Path Traversal Vulnerability (Severity: MEDIUM) https://security.paloaltonetworks.com/CVE-2026-0270 https://security.paloaltonetworks.com/CVE-2026-0270 Palo Alto PSIRT reports (CVE-2026-0270). Machine-linked to tracked software by IsItPatched (BETA) — attributed, may be wrong; verify at the source. Reported IsItPatched Wed, 10 Jun 2026 16:00:00 GMT Palo Alto PSIRT: CVE-2026-0272 PAN-OS: Privilege Escalation (PE) Vulnerability in the Command Line Interface (CLI) (Severity: MEDIUM) https://security.paloaltonetworks.com/CVE-2026-0272 https://security.paloaltonetworks.com/CVE-2026-0272 Palo Alto PSIRT reports on Palo Alto PAN-OS (CVE-2026-0272). Machine-linked to tracked software by IsItPatched (BETA) — attributed, may be wrong; verify at the source. Reported IsItPatched Wed, 10 Jun 2026 16:00:00 GMT Palo Alto PSIRT: CVE-2026-0268 Prisma Access Agent: Local Authenticated VPN Enforcement Bypass on Linux (Severity: MEDIUM) https://security.paloaltonetworks.com/CVE-2026-0268 https://security.paloaltonetworks.com/CVE-2026-0268 Palo Alto PSIRT reports (CVE-2026-0268). Machine-linked to tracked software by IsItPatched (BETA) — attributed, may be wrong; verify at the source. Reported IsItPatched Wed, 10 Jun 2026 16:00:00 GMT Palo Alto PSIRT: CVE-2026-0274 Cortex XSOAR: Improper Validation of Credentials in CommvaultSecurityIQ integration (Severity: HIGH) https://security.paloaltonetworks.com/CVE-2026-0274 https://security.paloaltonetworks.com/CVE-2026-0274 Palo Alto PSIRT reports (CVE-2026-0274). Machine-linked to tracked software by IsItPatched (BETA) — attributed, may be wrong; verify at the source. Reported IsItPatched Wed, 10 Jun 2026 16:00:00 GMT Palo Alto PSIRT: CVE-2026-0267 GlobalProtect App: Information Exposure Vulnerability on macOS (Severity: MEDIUM) https://security.paloaltonetworks.com/CVE-2026-0267 https://security.paloaltonetworks.com/CVE-2026-0267 Palo Alto PSIRT reports on macOS (CVE-2026-0267). Machine-linked to tracked software by IsItPatched (BETA) — attributed, may be wrong; verify at the source. Reported IsItPatched Wed, 10 Jun 2026 16:00:00 GMT Palo Alto PSIRT: CVE-2026-0271 Prisma Access Agent: Local Privilege Escalation by Authorized Users (Severity: MEDIUM) https://security.paloaltonetworks.com/CVE-2026-0271 https://security.paloaltonetworks.com/CVE-2026-0271 Palo Alto PSIRT reports (CVE-2026-0271). Machine-linked to tracked software by IsItPatched (BETA) — attributed, may be wrong; verify at the source. Reported IsItPatched Wed, 10 Jun 2026 16:00:00 GMT Palo Alto PSIRT: CVE-2026-0269 PAN-OS: Denial of Service (DoS) in Tunnel Traffic Processing (Severity: MEDIUM) https://security.paloaltonetworks.com/CVE-2026-0269 https://security.paloaltonetworks.com/CVE-2026-0269 Palo Alto PSIRT reports on Palo Alto PAN-OS (CVE-2026-0269). Machine-linked to tracked software by IsItPatched (BETA) — attributed, may be wrong; verify at the source. Reported IsItPatched Wed, 10 Jun 2026 16:00:00 GMT Palo Alto PSIRT: CVE-2026-0266 PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface (Severity: LOW) https://security.paloaltonetworks.com/CVE-2026-0266 https://security.paloaltonetworks.com/CVE-2026-0266 Palo Alto PSIRT reports on Palo Alto PAN-OS (CVE-2026-0266). Machine-linked to tracked software by IsItPatched (BETA) — attributed, may be wrong; verify at the source. Reported IsItPatched Wed, 10 Jun 2026 16:00:00 GMT The Hacker News: Ivanti, Fortinet, and SAP Release Patches for Multiple Critical Vulnerabilities https://thehackernews.com/2026/06/ivanti-fortinet-and-sap-release-patches.html https://thehackernews.com/2026/06/ivanti-fortinet-and-sap-release-patches.html The Hacker News reports (CVE-2026-25089). Machine-linked to tracked software by IsItPatched (BETA) — attributed, may be wrong; verify at the source. Patch available IsItPatched Wed, 10 Jun 2026 15:10:59 GMT The Hacker News: Langflow Vulnerability CVE-2026-5027 Exploited for Unauthenticated RCE https://thehackernews.com/2026/06/unpatched-langflow-flaw-cve-2026-5027.html https://thehackernews.com/2026/06/unpatched-langflow-flaw-cve-2026-5027.html The Hacker News reports on Langflow (CVE-2026-5027). Machine-linked to tracked software by IsItPatched (BETA) — attributed, may be wrong; verify at the source. Exploited IsItPatched Wed, 10 Jun 2026 15:00:59 GMT The Hacker News: CISA Adds Cisco, Chrome, and Arista Flaws to KEV Catalog Amid Active Exploitation https://thehackernews.com/2026/06/cisa-adds-cisco-chrome-and-arista-flaws.html https://thehackernews.com/2026/06/cisa-adds-cisco-chrome-and-arista-flaws.html The Hacker News reports (CVE-2026-20245). Machine-linked to tracked software by IsItPatched (BETA) — attributed, may be wrong; verify at the source. Exploited IsItPatched Wed, 10 Jun 2026 14:44:29 GMT Rapid7: CVE-2026-10520, CVE-2026-10523 - Multiple critical vulnerabilities affecting Ivanti Sentry https://www.rapid7.com/blog/post/etr-cve-2026-10520-cve-2026-10523-multiple-critical-vulnerabilities-affecting-ivanti-sentry https://www.rapid7.com/blog/post/etr-cve-2026-10520-cve-2026-10523-multiple-critical-vulnerabilities-affecting-ivanti-sentry Rapid7 reports (CVE-2026-10520). Machine-linked to tracked software by IsItPatched (BETA) — attributed, may be wrong; verify at the source. Reported IsItPatched Wed, 10 Jun 2026 10:21:07 GMT The Hacker News: ServiceNow Flaw Exploited to Gain Unauthorized Access to Customer Instances https://thehackernews.com/2026/06/servicenow-flaw-exploited-to-gain.html https://thehackernews.com/2026/06/servicenow-flaw-exploited-to-gain.html The Hacker News reports on ServiceNow. Machine-linked to tracked software by IsItPatched (BETA) — attributed, may be wrong; verify at the source. Exploited IsItPatched Wed, 10 Jun 2026 07:02:08 GMT The Hacker News: Microsoft Defender RoguePlanet Zero-Day Grants SYSTEM Access on Updated Windows https://thehackernews.com/2026/06/microsoft-defender-rogueplanet-zero-day.html https://thehackernews.com/2026/06/microsoft-defender-rogueplanet-zero-day.html The Hacker News reports on Defender. Machine-linked to tracked software by IsItPatched (BETA) — attributed, may be wrong; verify at the source. Exploited IsItPatched Wed, 10 Jun 2026 05:22:01 GMT The Hacker News: Six Proto6 Vulnerabilities in protobuf.js Expose Node.js Apps to RCE and DoS https://thehackernews.com/2026/06/six-proto6-vulnerabilities-in.html https://thehackernews.com/2026/06/six-proto6-vulnerabilities-in.html The Hacker News reports on Node.js. Machine-linked to tracked software by IsItPatched (BETA) — attributed, may be wrong; verify at the source. Reported IsItPatched Wed, 10 Jun 2026 05:08:35 GMT