// Deep technical intelligence on the highest-severity known-exploited vulnerabilities
We cover only Critical and High-severity vulnerabilities from the CISA Known Exploited Vulnerabilities catalogue — confirmed active threats with CVSS 7.0 or above. Each analysis breaks down the exploit mechanism, real-world attack campaigns, and concrete remediation steps so your team can act fast.
Microsoft — Windows Netlogon (Windows Server)
A stack-based buffer overflow in Windows Netlogon allows an unauthenticated attacker to achieve SYSTEM-level code execution on any unpatched domain controller. Active exploitation confirmed by Belgium's CCB. Patch immediately — no workaround removes the attack surface.
Mirasvit — Full Page Cache Warmer for Magento 2
PHP object injection via the CacheWarmer cookie in Mirasvit's Magento 2 extension allows unauthenticated attackers to execute arbitrary commands on any unpatched Magento or Adobe Commerce store. Actively exploited and added to CISA KEV.
Linux — Kernel
A missing authorisation check in the Linux kernel's cgroups v1 release_agent mechanism allows unprivileged users with a container user namespace to escape container isolation and execute code as root on the host. Added to CISA KEV with a June 5, 2026 remediation deadline.
Android — Framework
An integer overflow in the Android Framework component allows a local attacker to execute arbitrary code and escalate privileges without requiring any user interaction. Actively exploited in limited targeted attacks and added to CISA KEV with a June 5, 2026 deadline.
Oracle — WebLogic Server
A pre-authentication information disclosure vulnerability in Oracle WebLogic Server exploitable via T3/IIOP protocols, allowing remote attackers to read sensitive server data without credentials. Added to CISA KEV June 2026.
Palo Alto Networks — PAN-OS
CWE-565 cookie integrity failure in PAN-OS GlobalProtect allows unauthenticated attackers to forge authentication override cookies and establish unauthorised VPN tunnels. Actively exploited since May 2026; CISA KEV-listed with June 1 federal deadline.
Vuln Brief provides authoritative technical analysis of Critical and High-severity vulnerabilities from the CISA Known Exploited Vulnerabilities (KEV) catalogue — the definitive list of CVEs actively exploited in the wild.
We focus exclusively on CVSS 7.0+ entries — the vulnerabilities that represent the highest real-world risk to organisations. Each article goes beyond the NVD description, examining the exploit mechanism, affected code paths, real-world attack campaigns, and concrete remediation steps.
Coverage spans high-priority targets: enterprise network infrastructure, endpoint management, cloud-adjacent systems, and developer tooling — wherever Critical and High KEVs are actively exploited.
We cover only CVSS 7.0+ entries from the CISA KEV catalogue — confirmed active exploitation, highest real-world risk, no noise from lower-severity entries.
We cover exploit mechanisms, vulnerable code paths, CVSS breakdowns, and detection indicators — not just vendor advisories.
Every article includes patch guidance, version ranges, and interim mitigations for when immediate patching isn't possible.