Microsoft SharePoint Server Deserialization of Untrusted Data Vulnerability
criticalMicrosoft SharePoint Server contains a deserialization of untrusted data vulnerability which allows an authorized attacker to execute code over a network.

Known exploited vulnerabilities and urgent federal threat notices.
Watch items
Showing the 20 most recent items, newest first. Each row links to the official advisory.
20 rows ยท sorted newest first
Operations viewMicrosoft SharePoint Server contains a deserialization of untrusted data vulnerability which allows an authorized attacker to execute code over a network.
SimpleHelp contains an authentication bypass vulnerability in the OIDC authentication flow. When OIDC authentication is configured, identity tokens submitted during login are accepted without verifying their cryptographic signature. In a vulnerable configuration, a remote, unauthenticated attacker can submit a forged token containing arbitrary identity claims to obtain a fully authenticated technician session. In some configurations, this may also allow bypass of multi-factor authentication.
Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) contain a server-side request forgery (SSRF) Vulnerability that could allow an unauthenticated, remote attacker to write files to the underlying operating system that could be used later to elevate to root.
PTC Windchill and FlexPLM contains an improper input validation vulnerability allowing an unauthenticated, remote attacker to execute arbitrary code by sending a malicious request to the network.
Ubiquiti UniFi OS contains an improper input validation vulnerability which could allow a malicious actor with access to the network to conduct command injection.
Ubiquiti UniFi OS contains a path traversal vulnerability which could allow a malicious actor with access to the network to access files on the underlying system that could be manipulated to access an underlying account.
Ubiquiti UniFi OS contains an improper access control vulnerability which could allow a malicious actor with access to the network to make unauthorized changes to the system.
Lantronix EDS5000 contains a code injection vulnerability that could allow attackers to inject arbitrary OS commands into the username parameter. Injected commands are executed with root privileges.
Splunk Enterprise contains a missing authentication for critical function vulnerability which could allow an unauthenticated user to create or truncate arbitrary files through a PostgreSQL sidecar service endpoint.
Widget Factory Joomla Content Editor contains an improper access control vulnerability which could allow for upload and execution of PHP code via the creation of new editor profiles for unauthenticated users.
Cisco Catalyst SD-WAN Manager contains a directory or path traversal vulnerability that could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem of an affected system.
LiteSpeed cPanel plugin contains a UNIX symbolic link (Symlink) following vulnerability that could allow a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS.
Oracle PeopleSoft Enterprise PeopleTools contains a missing authentication for critical function vulnerability which could allow an unauthenticated attacker to obtain takeover of PeopleSoft Enterprise PeopleTools. Known ransomware use: Known.
Ivanti Sentry (formerly known as MobileIron Sentry) contains an OS command injection vulnerability which could allow a remote unauthenticated user to achieve root-level remote code execution. This vulnerability can be successfully exploited in cases where the Sentry appliance is in an unmanaged state with its endpoints externally reachable. The use of mTLS with EPMM or restricted HTTPS access through Neurons for MDM makes interfaces inaccessible to external actors.
Google Chromium V8 out-of-bounds read and write vulnerability that could allow a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Cisco Catalyst SD-WAN Manager formerly SD-WAN vManage contains an improper encoding or escaping of output vulnerability. This vulnerability could allow an authenticated, local attacker to execute arbitrary commands as root by supplying a crafted file to the affected system.
Arista Extensible Operating System (EOS) contains an incomplete comparison with missing factors vulnerability when the switch incorrectly decapsulate and forwards other unexpected tunneled packet with a destination IP matching its configured decapsulation IP.
BerriAI LiteLLM contains a command injection vulnerability that could allow any authenticated user, including holders of low-privilege internal-user keys, to run arbitrary commands on the host.
Check Point Security Gateway contains an improper authentication vulnerability in IKEv1 key exchange that could allow an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password. Known ransomware use: Known.
SolarWinds Serv-U contains an uncontrolled resource consumption vulnerability that allows specially crafted POST requests using the Content-Encoding: deflate header to crash the Serv-U service without authentication.
| Alert | Exposure | Status | Published | Source |
|---|---|---|---|---|
Microsoft SharePoint Server Deserialization of Untrusted Data VulnerabilityMicrosoft SharePoint Server contains a deserialization of untrusted data vulnerability which allows an authorized attacker to execute code over a network. SharePoint Server | criticalCVE-2026-45659 Critical | active | Jun 30, 2026, 7:00 PM | CISA KEVOpen source |
SimpleHelp Authentication Bypass VulnerabilitySimpleHelp contains an authentication bypass vulnerability in the OIDC authentication flow. When OIDC authentication is configured, identity tokens submitted during login are accepted without verifying their cryptographic signature. In a vulnerable configuration, a remote, unauthenticated attacker can submit a forged token containing arbitrary identity claims to obtain a fully authenticated technician session. In some configurations, this may also allow bypass of multi-factor authentication. SimpleHelp | criticalCVE-2026-48558 Critical | active | Jun 28, 2026, 7:00 PM | CISA KEVOpen source |
Cisco Unified Communications Manager Server-Side Request Forgery (SSRF) VulnerabilityCisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) contain a server-side request forgery (SSRF) Vulnerability that could allow an unauthenticated, remote attacker to write files to the underlying operating system that could be used later to elevate to root. Unified Communications Manager | criticalCVE-2026-20230 Critical | active | Jun 24, 2026, 7:00 PM | CISA KEVOpen source |
PTC Windchill and FlexPLM Improper Input Validation VulnerabilityPTC Windchill and FlexPLM contains an improper input validation vulnerability allowing an unauthenticated, remote attacker to execute arbitrary code by sending a malicious request to the network. Windchill and FlexPLM | criticalCVE-2026-12569 Critical | active | Jun 24, 2026, 7:00 PM | CISA KEVOpen source |
Ubiquiti UniFi OS Improper Input Validation VulnerabilityUbiquiti UniFi OS contains an improper input validation vulnerability which could allow a malicious actor with access to the network to conduct command injection. UniFi OS | criticalCVE-2026-34910 Critical | active | Jun 22, 2026, 7:00 PM | CISA KEVOpen source |
Ubiquiti UniFi OS Path Traversal VulnerabilityUbiquiti UniFi OS contains a path traversal vulnerability which could allow a malicious actor with access to the network to access files on the underlying system that could be manipulated to access an underlying account. UniFi OS | criticalCVE-2026-34909 Critical | active | Jun 22, 2026, 7:00 PM | CISA KEVOpen source |
Ubiquiti UniFi OS Improper Access Control VulnerabilityUbiquiti UniFi OS contains an improper access control vulnerability which could allow a malicious actor with access to the network to make unauthorized changes to the system. UniFi OS | criticalCVE-2026-34908 Critical | active | Jun 22, 2026, 7:00 PM | CISA KEVOpen source |
Lantronix EDS5000 Code Injection VulnerabilityLantronix EDS5000 contains a code injection vulnerability that could allow attackers to inject arbitrary OS commands into the username parameter. Injected commands are executed with root privileges. EDS5000 | criticalCVE-2025-67038 Critical | active | Jun 22, 2026, 7:00 PM | CISA KEVOpen source |
Splunk Enterprise Missing Authentication for Critical Function VulnerabilitySplunk Enterprise contains a missing authentication for critical function vulnerability which could allow an unauthenticated user to create or truncate arbitrary files through a PostgreSQL sidecar service endpoint. Enterprise | criticalCVE-2026-20253 Critical | active | Jun 17, 2026, 7:00 PM | CISA KEVOpen source |
Widget Factory Joomla Content Editor Improper Access Control VulnerabilityWidget Factory Joomla Content Editor contains an improper access control vulnerability which could allow for upload and execution of PHP code via the creation of new editor profiles for unauthenticated users. Joomla Content Editor | criticalCVE-2026-48907 Critical | active | Jun 15, 2026, 7:00 PM | CISA KEVOpen source |
Cisco Catalyst SD-WAN Manager Directory or Path Traversal VulnerabilityCisco Catalyst SD-WAN Manager contains a directory or path traversal vulnerability that could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem of an affected system. Catalyst SD-WAN Manager | criticalCVE-2026-20262 Critical | active | Jun 14, 2026, 7:00 PM | CISA KEVOpen source |
LiteSpeed cPanel Plugin UNIX Symbolic Link (Symlink) Following VulnerabilityLiteSpeed cPanel plugin contains a UNIX symbolic link (Symlink) following vulnerability that could allow a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS. cPanel Plugin | criticalCVE-2026-54420 Critical | active | Jun 14, 2026, 7:00 PM | CISA KEVOpen source |
Oracle PeopleSoft Enterprise PeopleTools Missing Authentication for Critical Function VulnerabilityOracle PeopleSoft Enterprise PeopleTools contains a missing authentication for critical function vulnerability which could allow an unauthenticated attacker to obtain takeover of PeopleSoft Enterprise PeopleTools. Known ransomware use: Known. PeopleSoft Enterprise PeopleTools | criticalCVE-2026-35273 Critical | active | Jun 11, 2026, 7:00 PM | CISA KEVOpen source |
Ivanti Sentry OS Command Injection VulnerabilityIvanti Sentry (formerly known as MobileIron Sentry) contains an OS command injection vulnerability which could allow a remote unauthenticated user to achieve root-level remote code execution. This vulnerability can be successfully exploited in cases where the Sentry appliance is in an unmanaged state with its endpoints externally reachable. The use of mTLS with EPMM or restricted HTTPS access through Neurons for MDM makes interfaces inaccessible to external actors. Sentry | criticalCVE-2026-10520 Critical | active | Jun 10, 2026, 7:00 PM | CISA KEVOpen source |
Google Chromium V8 Out-of-Bounds Read and Write VulnerabilityGoogle Chromium V8 out-of-bounds read and write vulnerability that could allow a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. Chromium V8 | criticalCVE-2026-11645 Critical | active | Jun 8, 2026, 7:00 PM | CISA KEVOpen source |
Cisco Catalyst SD-WAN Manager Improper Encoding or Escaping of Output VulnerabilityCisco Catalyst SD-WAN Manager formerly SD-WAN vManage contains an improper encoding or escaping of output vulnerability. This vulnerability could allow an authenticated, local attacker to execute arbitrary commands as root by supplying a crafted file to the affected system. Catalyst SD-WAN Manager | criticalCVE-2026-20245 Critical | active | Jun 8, 2026, 7:00 PM | CISA KEVOpen source |
Arista Extensible Operating System Incomplete Comparison with Missing Factors VulnerabilityArista Extensible Operating System (EOS) contains an incomplete comparison with missing factors vulnerability when the switch incorrectly decapsulate and forwards other unexpected tunneled packet with a destination IP matching its configured decapsulation IP. Extensible Operating System | criticalCVE-2026-7473 Critical | active | Jun 8, 2026, 7:00 PM | CISA KEVOpen source |
BerriAI LiteLLM Command Injection VulnerabilityBerriAI LiteLLM contains a command injection vulnerability that could allow any authenticated user, including holders of low-privilege internal-user keys, to run arbitrary commands on the host. LiteLLM | criticalCVE-2026-42271 Critical | active | Jun 7, 2026, 7:00 PM | CISA KEVOpen source |
Check Point Security Gateway Improper Authentication VulnerabilityCheck Point Security Gateway contains an improper authentication vulnerability in IKEv1 key exchange that could allow an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password. Known ransomware use: Known. Security Gateway | criticalCVE-2026-50751 Critical | active | Jun 7, 2026, 7:00 PM | CISA KEVOpen source |
SolarWinds Serv-U Uncontrolled Resource Consumption VulnerabilitySolarWinds Serv-U contains an uncontrolled resource consumption vulnerability that allows specially crafted POST requests using the Content-Encoding: deflate header to crash the Serv-U service without authentication. Serv-U | criticalCVE-2026-28318 Critical | active | Jun 4, 2026, 7:00 PM | CISA KEVOpen source |
Vendor watch hub
The CISAwatch hub is a vendor-specific view inside ITECS MSP Threat Radar. We pull the latest security advisories, incidents, and known-exploited CVEs directly from the official feeds below, score each one for MSP relevance, and surface what's most likely to need attention this week.
At a glance
Tracked
Active
Featured
Unique CVEs
Most recent entry
Jun 30, 2026, 7:00 PM
Feed refreshes daily ยท 5:15 a.m. Central
SourcesยทCISA Known Exploited Vulnerabilities catalog
"Most recent entry" is the newest item the upstream feed has published โ not our sync time.
Related vendors
ITECS response pathways
These pathways connect the vendor watch feed into service-owner resources that already carry commercial authority.
Use the cybersecurity services pathway when this vendor alert needs an ITECS-managed response plan.
Connect the vendor watch page to broader managed detection, response, and governance planning.
Translate current watch items into a faster risk snapshot and prioritized remediation plan.
Return to the hub for cross-vendor prioritization, live filtering, and broader MSP threat context.
Vendor watch FAQ
It is the CISA-specific view inside ITECS Threat Radar, built to track recent advisories, incidents, and watch items that may affect Dallas-area business operations.
Use it to confirm whether current CISA issues overlap with your environment, prioritize remediation, and decide whether you need an assessment, managed security follow-through, or vendor-specific hardening work.
Yes. ITECS can help map CISA advisories against your systems, validate affected services, prioritize remediation, and connect the issue to broader managed cybersecurity or managed IT workflows.