// Deep technical intelligence on the highest-severity known-exploited vulnerabilities
We cover only Critical and High-severity vulnerabilities from the CISA Known Exploited Vulnerabilities catalogue — confirmed active threats with CVSS 7.0 or above. Each analysis breaks down the exploit mechanism, real-world attack campaigns, and concrete remediation steps so your team can act fast.
Ivanti — Sentry (formerly MobileIron Sentry)
A pre-authentication OS command injection in Ivanti Sentry's management interface allows remote unauthenticated attackers to execute arbitrary commands as root. CVSS 10.0. PoC public. Active backdooring confirmed by Shadowserver within 48 hours of advisory publication.
Oracle — PeopleSoft Enterprise PeopleTools
Critical CVSS 9.8 missing authentication flaw in Oracle PeopleSoft PeopleTools 8.61 and 8.62 enables unauthenticated remote code execution; actively exploited as a zero-day by ShinyHunters and Cl0p since late May 2026.
Google — Chromium V8
An out-of-bounds read and write in V8's TurboFan JIT optimizer allows remote attackers to achieve arbitrary code execution via a crafted HTML page. Google confirmed in-the-wild exploitation on the June 8 patch release.
Cisco — Catalyst SD-WAN Manager
A command injection vulnerability in Cisco Catalyst SD-WAN Manager allows an authenticated attacker with netadmin privileges to execute arbitrary commands as root. No patch is available. Actively exploited and added to CISA KEV on June 9, 2026.
BerriAI — LiteLLM
A command injection vulnerability in LiteLLM's MCP preview endpoints allows any authenticated user — including low-privilege internal-user keys — to execute arbitrary OS commands on the proxy host. Chains with CVE-2026-48710 for unauthenticated RCE.
Check Point — Security Gateway
A critical authentication bypass in Check Point Security Gateway's IKEv1 VPN implementation allows unauthenticated remote attackers to establish VPN sessions without valid credentials. Qilin ransomware affiliates have been exploiting this since May 2026. CISA remediation deadline: 11 June 2026.
Vuln Brief provides authoritative technical analysis of Critical and High-severity vulnerabilities from the CISA Known Exploited Vulnerabilities (KEV) catalogue — the definitive list of CVEs actively exploited in the wild.
We focus exclusively on CVSS 7.0+ entries — the vulnerabilities that represent the highest real-world risk to organisations. Each article goes beyond the NVD description, examining the exploit mechanism, affected code paths, real-world attack campaigns, and concrete remediation steps.
Coverage spans high-priority targets: enterprise network infrastructure, endpoint management, cloud-adjacent systems, and developer tooling — wherever Critical and High KEVs are actively exploited.
We cover only CVSS 7.0+ entries from the CISA KEV catalogue — confirmed active exploitation, highest real-world risk, no noise from lower-severity entries.
We cover exploit mechanisms, vulnerable code paths, CVSS breakdowns, and detection indicators — not just vendor advisories.
Every article includes patch guidance, version ranges, and interim mitigations for when immediate patching isn't possible.