CISA threat watch

Known exploited vulnerabilities and urgent federal threat notices.

Watch items

Recent CISA watch items

Showing the 20 most recent items, newest first. Each row links to the official advisory.

20 rows ยท sorted newest first

Operations view

Microsoft SharePoint Server Deserialization of Untrusted Data Vulnerability

critical
activeCISA KEVCVE-2026-45659

Microsoft SharePoint Server contains a deserialization of untrusted data vulnerability which allows an authorized attacker to execute code over a network.

Jun 30, 2026, 7:00 PMOfficial source

SimpleHelp Authentication Bypass Vulnerability

critical
activeCISA KEVCVE-2026-48558

SimpleHelp contains an authentication bypass vulnerability in the OIDC authentication flow. When OIDC authentication is configured, identity tokens submitted during login are accepted without verifying their cryptographic signature. In a vulnerable configuration, a remote, unauthenticated attacker can submit a forged token containing arbitrary identity claims to obtain a fully authenticated technician session. In some configurations, this may also allow bypass of multi-factor authentication.

Jun 28, 2026, 7:00 PMOfficial source

Cisco Unified Communications Manager Server-Side Request Forgery (SSRF) Vulnerability

critical
activeCISA KEVCVE-2026-20230

Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) contain a server-side request forgery (SSRF) Vulnerability that could allow an unauthenticated, remote attacker to write files to the underlying operating system that could be used later to elevate to root.

Jun 24, 2026, 7:00 PMOfficial source

PTC Windchill and FlexPLM Improper Input Validation Vulnerability

critical
activeCISA KEVCVE-2026-12569

PTC Windchill and FlexPLM contains an improper input validation vulnerability allowing an unauthenticated, remote attacker to execute arbitrary code by sending a malicious request to the network.

Jun 24, 2026, 7:00 PMOfficial source

Ubiquiti UniFi OS Improper Input Validation Vulnerability

critical
activeCISA KEVCVE-2026-34910

Ubiquiti UniFi OS contains an improper input validation vulnerability which could allow a malicious actor with access to the network to conduct command injection.

Jun 22, 2026, 7:00 PMOfficial source

Ubiquiti UniFi OS Path Traversal Vulnerability

critical
activeCISA KEVCVE-2026-34909

Ubiquiti UniFi OS contains a path traversal vulnerability which could allow a malicious actor with access to the network to access files on the underlying system that could be manipulated to access an underlying account.

Jun 22, 2026, 7:00 PMOfficial source

Ubiquiti UniFi OS Improper Access Control Vulnerability

critical
activeCISA KEVCVE-2026-34908

Ubiquiti UniFi OS contains an improper access control vulnerability which could allow a malicious actor with access to the network to make unauthorized changes to the system.

Jun 22, 2026, 7:00 PMOfficial source

Lantronix EDS5000 Code Injection Vulnerability

critical
activeCISA KEVCVE-2025-67038

Lantronix EDS5000 contains a code injection vulnerability that could allow attackers to inject arbitrary OS commands into the username parameter. Injected commands are executed with root privileges.

Jun 22, 2026, 7:00 PMOfficial source

Splunk Enterprise Missing Authentication for Critical Function Vulnerability

critical
activeCISA KEVCVE-2026-20253

Splunk Enterprise contains a missing authentication for critical function vulnerability which could allow an unauthenticated user to create or truncate arbitrary files through a PostgreSQL sidecar service endpoint.

Jun 17, 2026, 7:00 PMOfficial source

Widget Factory Joomla Content Editor Improper Access Control Vulnerability

critical
activeCISA KEVCVE-2026-48907

Widget Factory Joomla Content Editor contains an improper access control vulnerability which could allow for upload and execution of PHP code via the creation of new editor profiles for unauthenticated users.

Jun 15, 2026, 7:00 PMOfficial source

Cisco Catalyst SD-WAN Manager Directory or Path Traversal Vulnerability

critical
activeCISA KEVCVE-2026-20262

Cisco Catalyst SD-WAN Manager contains a directory or path traversal vulnerability that could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem of an affected system.

Jun 14, 2026, 7:00 PMOfficial source

LiteSpeed cPanel Plugin UNIX Symbolic Link (Symlink) Following Vulnerability

critical
activeCISA KEVCVE-2026-54420

LiteSpeed cPanel plugin contains a UNIX symbolic link (Symlink) following vulnerability that could allow a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS.

Jun 14, 2026, 7:00 PMOfficial source

Oracle PeopleSoft Enterprise PeopleTools Missing Authentication for Critical Function Vulnerability

critical
activeCISA KEVCVE-2026-35273

Oracle PeopleSoft Enterprise PeopleTools contains a missing authentication for critical function vulnerability which could allow an unauthenticated attacker to obtain takeover of PeopleSoft Enterprise PeopleTools. Known ransomware use: Known.

Jun 11, 2026, 7:00 PMOfficial source

Ivanti Sentry OS Command Injection Vulnerability

critical
activeCISA KEVCVE-2026-10520

Ivanti Sentry (formerly known as MobileIron Sentry) contains an OS command injection vulnerability which could allow a remote unauthenticated user to achieve root-level remote code execution. This vulnerability can be successfully exploited in cases where the Sentry appliance is in an unmanaged state with its endpoints externally reachable. The use of mTLS with EPMM or restricted HTTPS access through Neurons for MDM makes interfaces inaccessible to external actors.

Jun 10, 2026, 7:00 PMOfficial source

Google Chromium V8 Out-of-Bounds Read and Write Vulnerability

critical
activeCISA KEVCVE-2026-11645

Google Chromium V8 out-of-bounds read and write vulnerability that could allow a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Jun 8, 2026, 7:00 PMOfficial source

Cisco Catalyst SD-WAN Manager Improper Encoding or Escaping of Output Vulnerability

critical
activeCISA KEVCVE-2026-20245

Cisco Catalyst SD-WAN Manager formerly SD-WAN vManage contains an improper encoding or escaping of output vulnerability. This vulnerability could allow an authenticated, local attacker to execute arbitrary commands as root by supplying a crafted file to the affected system.

Jun 8, 2026, 7:00 PMOfficial source

Arista Extensible Operating System Incomplete Comparison with Missing Factors Vulnerability

critical
activeCISA KEVCVE-2026-7473

Arista Extensible Operating System (EOS) contains an incomplete comparison with missing factors vulnerability when the switch incorrectly decapsulate and forwards other unexpected tunneled packet with a destination IP matching its configured decapsulation IP.

Jun 8, 2026, 7:00 PMOfficial source

BerriAI LiteLLM Command Injection Vulnerability

critical
activeCISA KEVCVE-2026-42271

BerriAI LiteLLM contains a command injection vulnerability that could allow any authenticated user, including holders of low-privilege internal-user keys, to run arbitrary commands on the host.

Jun 7, 2026, 7:00 PMOfficial source

Check Point Security Gateway Improper Authentication Vulnerability

critical
activeCISA KEVCVE-2026-50751

Check Point Security Gateway contains an improper authentication vulnerability in IKEv1 key exchange that could allow an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password. Known ransomware use: Known.

Jun 7, 2026, 7:00 PMOfficial source

SolarWinds Serv-U Uncontrolled Resource Consumption Vulnerability

critical
activeCISA KEVCVE-2026-28318

SolarWinds Serv-U contains an uncontrolled resource consumption vulnerability that allows specially crafted POST requests using the Content-Encoding: deflate header to crash the Serv-U service without authentication.

Jun 4, 2026, 7:00 PMOfficial source

Vendor watch hub

What this page covers

The CISAwatch hub is a vendor-specific view inside ITECS MSP Threat Radar. We pull the latest security advisories, incidents, and known-exploited CVEs directly from the official feeds below, score each one for MSP relevance, and surface what's most likely to need attention this week.

  • Confirm whether recent CISA activity overlaps with your environment.
  • Prioritize advisories by MSP-relevance score, severity, and status.
  • Turn the signal into an assessment, briefing, or managed-service engagement with ITECS.

At a glance

Tracked

1631

Active

1631

Featured

1631

Unique CVEs

20

Most recent entry

Jun 30, 2026, 7:00 PM

Feed refreshes daily ยท 5:15 a.m. Central

SourcesยทCISA Known Exploited Vulnerabilities catalog

"Most recent entry" is the newest item the upstream feed has published โ€” not our sync time.

Related vendors

Other research feeds in the radar

Vendor watch FAQ

Common questions

What is the CISA threat watch page?

It is the CISA-specific view inside ITECS Threat Radar, built to track recent advisories, incidents, and watch items that may affect Dallas-area business operations.

How should teams use the CISA watch page?

Use it to confirm whether current CISA issues overlap with your environment, prioritize remediation, and decide whether you need an assessment, managed security follow-through, or vendor-specific hardening work.

Can ITECS help respond to CISA security issues?

Yes. ITECS can help map CISA advisories against your systems, validate affected services, prioritize remediation, and connect the issue to broader managed cybersecurity or managed IT workflows.