{"total":30,"page":1,"count":30,"advisories":[{"id":"ab1b5ef0-6431-4672-a773-f479f0b53dce","num":209163,"source_id":"ncsc-nl","external_id":"NCSC-2026-0223 [1.00]","title":"NCSC-2026-0223 [1.00] [M/H] Vulnerabilities fixed in BeyondTrust Remote Support and Privileged Remote Access","summary":"BeyondTrust has fixed vulnerabilities in the products Remote Support and Privileged Remote Access. The vulnerabilities affect multiple aspects of the products Remote Support and Privileged Remote Access. There is a pre-authentication vulnerability that allows a network-based attacker to bypass access controls without prior authentication, provided a specific authentication configuration is enabled. This allows an attacker to gain unauthorized and potentially elevated access. Additionally, there is an issue with insufficient validation of client input in the network communication subsystem, allowing an unauthenticated attacker to cause a denial-of-service by disrupting normal network communication. Furthermore, authenticated users with limited rights can gain access to unauthorized resources due to insufficient input validation, although this is limited to accounts with specific permissions.","link":"https://advisories.ncsc.nl/advisory?id=NCSC-2026-0223","severity":"unknown","cvss":null,"cves":["CVE-2026-40140","CVE-2026-40141","CVE-2026-40138","CVE-2026-40139"],"exploited":false,"has_exploit":false,"published_at":"2026-07-10T05:54:08+00:00"},{"id":"d6eee96a-e660-422f-b6c8-505e1324b664","num":209164,"source_id":"ncsc-nl","external_id":"NCSC-2026-0222 [1.00]","title":"NCSC-2026-0222 [1.00] [M/H] Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition","summary":"GitLab has fixed multiple vulnerabilities in GitLab Enterprise Edition (EE) and Community Edition (CE) in versions ranging from 9.1 to before 18.11.7, 19.0 to before 19.0.4, and 19.1 to before 19.1.2. The vulnerabilities include: - Creating repositories with discrepancies between the web interface and the actual downloadable files due to incorrect processing of Git reference names. - Insufficient authorization controls in GraphQL operations allowing users with auditor permissions to modify compliance violation records. - Cross-site scripting (XSS) where users with developer permissions can inject malicious scripts into the browsers of other users due to improper input sanitization. - Unauthorized detection of private projects by unauthorized users via cross-project reference pages. - Bypassing authorization controls allowing users with minimal access rights to view metadata of work items in private projects. - Access to stored credentials of other users by maintainers due to insufficient access restrictions. - Unauthorized modification of group settings due to incorrect authorization controls at the group level. These vulnerabilities allow users with varying access rights to perform actions or view information that should normally be restricted, by bypassing authorization controls or exploiting improper input processing.","link":"https://advisories.ncsc.nl/advisory?id=NCSC-2026-0222","severity":"unknown","cvss":null,"cves":["CVE-2025-12506","CVE-2026-6352","CVE-2026-6896","CVE-2026-7492","CVE-2026-8472","CVE-2026-11827","CVE-2026-13151","CVE-2026-13320"],"exploited":false,"has_exploit":false,"published_at":"2026-07-10T05:48:41+00:00"},{"id":"0c007677-e406-44b0-b7c1-f55b4c938885","num":120093,"source_id":"ncsc-nl","external_id":"NCSC-2026-0221 [1.00]","title":"NCSC-2026-0221 [1.00] [M/H] Vulnerabilities fixed in UniFi products from Ubiquiti Networks","summary":"Ubiquiti Networks has fixed vulnerabilities in various UniFi products, including UniFi Connect Application, UniFi Talk Application, UniFi Access Application, UniFi OS, UniFi Network Application, and UniFi Protect Application. The vulnerabilities affect multiple UniFi products and include command injection, SQL injection, improper input validation, improper access control, server-side request forgery (SSRF), path traversal, authentication bypass, and persistent privilege escalation. Attackers with network access, sometimes with limited privileges and sometimes after authentication, can execute arbitrary commands, escalate privileges, read or modify files, bypass authentication, and cause Denial of Service (DoS). Some vulnerabilities require user interaction, such as visiting a malicious website, while others can be exploited directly via network access. The vulnerabilities are present in applications and platforms used for network management, access control, video surveillance, and security monitoring within the UniFi product line.","link":"https://advisories.ncsc.nl/advisory?id=NCSC-2026-0221","severity":"unknown","cvss":null,"cves":["CVE-2026-50746","CVE-2026-50747","CVE-2026-50748","CVE-2026-54400","CVE-2026-54401","CVE-2026-54402","CVE-2026-54403","CVE-2026-54404","CVE-2026-54405","CVE-2026-54406","CVE-2026-54407","CVE-2026-54408","CVE-2026-54409","CVE-2026-55110","CVE-2026-55111","CVE-2026-55112","CVE-2026-55113","CVE-2026-55114","CVE-2026-55115","CVE-2026-55116","CVE-2026-55117","CVE-2026-55118","CVE-2026-55119","CVE-2026-56841","CVE-2026-56842"],"exploited":false,"has_exploit":true,"published_at":"2026-07-07T07:04:45+00:00"},{"id":"9aa9b4b7-9d23-4906-ad39-3c102ac98302","num":1959,"source_id":"ncsc-nl","external_id":"NCSC-2026-0220 [1.00]","title":"NCSC-2026-0220 [1.00] [M/H] Vulnerabilities fixed in Rancher by Rancher Labs","summary":"Rancher Labs has fixed vulnerabilities in Rancher versions 2.13.0 to 2.13.7 and 2.14.0 to 2.14.3. The first vulnerability concerns a SAML authentication replay issue in the Assertion Consumer Service (ACS) handler in Rancher versions 2.14.0 to, but not including, 2.14.3. The ACS handler does not enforce the one-time use of SAML assertions, allowing an attacker to reuse intercepted assertions. This can lead to man-in-the-middle attacks that compromise the integrity of the authentication process. The second vulnerability is in the legacy Project Role Template Binding reconciler in Rancher versions 2.13.0 to 2.13.7 and 2.14.0 to 2.14.3. Due to the lack of a cleanup step, users can retain Pod Security Admission permissions that should have been revoked when an administrator removes these permissions from a RoleTemplate. This is because the reconciler does not correctly update or remove permissions, allowing unauthorized access to persist and users to potentially retain elevated privileges outside their allowed scope.","link":"https://advisories.ncsc.nl/advisory?id=NCSC-2026-0220","severity":"unknown","cvss":null,"cves":["CVE-2026-44946","CVE-2026-44947"],"exploited":false,"has_exploit":false,"published_at":"2026-07-03T08:21:34+00:00"},{"id":"7dbb0fb0-f267-4d96-b276-d5a7553af4d4","num":1857,"source_id":"ncsc-nl","external_id":"NCSC-2026-0219 [1.00]","title":"NCSC-2026-0219 [1.00] [M/H] Vulnerabilities fixed in GitHub Enterprise Server","summary":"GitHub has fixed multiple vulnerabilities in GitHub Enterprise Server, specifically in versions prior to 3.21 and 3.22. The first vulnerability concerns a stored cross-site scripting (XSS) where authenticated attackers can inject malicious JavaScript payloads into Discussion titles. These scripts are executed in the context of other users viewing the respective discussions. The second vulnerability is a UI misrepresentation where the OAuth scope manage_runners:org was hidden on the consent screen, allowing OAuth applications to unintentionally gain access to organization runner management functions. The third vulnerability involves a missing authorization, allowing authenticated users to access source code of private repositories for which they had no rights, via the Copilot pull request description diff summary endpoint.","link":"https://advisories.ncsc.nl/advisory?id=NCSC-2026-0219","severity":"unknown","cvss":null,"cves":["CVE-2026-10585","CVE-2026-9106","CVE-2026-9132"],"exploited":false,"has_exploit":false,"published_at":"2026-07-03T08:21:21+00:00"},{"id":"3395ae7a-0d3d-4923-bd2f-56db81846a3d","num":939,"source_id":"ncsc-nl","external_id":"NCSC-2026-0218 [1.00]","title":"NCSC-2026-0218 [1.00] [M/H] Vulnerability fixed in Cisco Catalyst Center","summary":"Cisco has fixed a vulnerability in Cisco Catalyst Center. The vulnerability lies in the insufficient validation of user-supplied input, which can be manipulated via specially crafted HTTP requests to gain access to files within a restricted container. This allows unauthenticated attackers to read arbitrary files without authentication, potentially exposing sensitive information. The vulnerability is specifically exploited via HTTP request manipulation.","link":"https://advisories.ncsc.nl/advisory?id=NCSC-2026-0218","severity":"unknown","cvss":null,"cves":["CVE-2026-20191"],"exploited":false,"has_exploit":false,"published_at":"2026-07-02T12:39:15+00:00"},{"id":"e7da23e9-ad64-42f0-a15d-eae07ad0b315","num":1001,"source_id":"ncsc-nl","external_id":"NCSC-2026-0217 [1.00]","title":"NCSC-2026-0217 [1.00] [M/H] Vulnerabilities fixed in Adobe ColdFusion","summary":"Adobe has fixed multiple vulnerabilities in Adobe ColdFusion versions 25.9, 23.20, and earlier versions. The vulnerabilities in Adobe ColdFusion include unrestricted upload of dangerous file types, improper input validation, path traversal, reflected Cross-Site Scripting (XSS), and Server-Side Request Forgery (SSRF). These vulnerabilities allow an attacker to execute arbitrary code without any user interaction, read or write files, and bypass security measures. The path traversal vulnerabilities can lead to access to and modification of files outside the intended directories. The XSS vulnerability arises from insufficient sanitization of user input in URLs, allowing malicious scripts to be injected and executed in a user's browser. The SSRF vulnerability allows an attacker to manipulate server-side requests and gain unauthorized access to resources. These issues are present in multiple versions of ColdFusion, indicating a broad impact area within the product line.","link":"https://advisories.ncsc.nl/advisory?id=NCSC-2026-0217","severity":"unknown","cvss":null,"cves":["CVE-2026-48276","CVE-2026-48277","CVE-2026-48281","CVE-2026-48282","CVE-2026-48283","CVE-2026-48313","CVE-2026-48315","CVE-2026-48307","CVE-2026-48285","CVE-2026-48314","CVE-2026-48316"],"exploited":false,"has_exploit":true,"published_at":"2026-07-01T08:52:48+00:00"},{"id":"7fd822b7-4d69-4522-8430-1e1ca1f16634","num":714,"source_id":"ncsc-nl","external_id":"NCSC-2026-0216 [1.00]","title":"NCSC-2026-0216 [1.00] [M/H] Vulnerabilities fixed in Citrix Netscaler ADC and Netscaler Gateway","summary":"Citrix has fixed vulnerabilities in NetScaler ADC and NetScaler Gateway related to insufficient input validation, improper access control, and incorrect memory release. The vulnerabilities with CVE-2026-8451 and CVE-2026-10817 arise from insufficient input validation, where the software does not correctly check input sizes and limits. This can lead to memory overreads, potentially resulting in unauthorized disclosure of sensitive information when the products are configured as SAML IDP, or when TCP TimeStamp is enabled on a TCP profile linked to a virtual server of type: Load Balancing (LB), Content Switching (CS), or VPN. The vulnerabilities with CVE-2026-8452 and CVE-2026-8655 are in the way memory is managed in NetScaler ADC and NetScaler Gateway. This can lead to a denial-of-service (DoS) or unwanted control flow when the products are configured as Gateway, DNS proxy, recursive DNS resolver, or AAA virtual server. The vulnerability with CVE-2026-13474 arises from incorrect memory release. Malicious actors can exploit this vulnerability to cause a denial-of-service (DoS) via specially crafted HTTP/2 requests. The vulnerability with CVE-2026-10816 concerns an access control issue within the Management Interface. Unauthenticated malicious actors can exploit this vulnerability to read arbitrary files, potentially resulting in unauthorized disclosure of sensitive information. Researchers have shared Proof-of-Concept (PoC) code demonstrating the vulnerability with CVE-2026-8451.","link":"https://advisories.ncsc.nl/advisory?id=NCSC-2026-0216","severity":"unknown","cvss":null,"cves":["CVE-2026-8451","CVE-2026-10817","CVE-2026-8452","CVE-2026-8655","CVE-2026-13474","CVE-2026-10816"],"exploited":false,"has_exploit":true,"published_at":"2026-06-30T20:43:47+00:00"},{"id":"5ba4eec4-6214-45b6-a498-3bb7a9b1f637","num":1013,"source_id":"ncsc-nl","external_id":"NCSC-2026-0215 [1.00]","title":"NCSC-2026-0215 [1.00] [M/H] Vulnerabilities fixed in Apple iOS and iPadOS","summary":"Apple has fixed multiple vulnerabilities in iOS and iPadOS. The vulnerabilities include out-of-bounds access, use-after-free, memory handling errors, insufficient input validation, type confusion, double free, stack overflow, race conditions, and path handling issues. These errors can lead to unexpected crashes of processes, memory corruption, unauthorized access to sensitive data such as clipboard content and kernel state, and bypassing sandbox restrictions. Malicious actors can exploit these vulnerabilities by providing specially crafted web content or applications that trigger the mentioned errors, resulting in process instability, system termination, or data leaks. The vulnerabilities have been resolved through improved bounds checking, input validation, memory management, state management, and security controls in the affected software components.","link":"https://advisories.ncsc.nl/advisory?id=NCSC-2026-0215","severity":"unknown","cvss":null,"cves":["CVE-2026-28979","CVE-2026-39868","CVE-2026-39872","CVE-2026-43663","CVE-2026-43676","CVE-2026-43699","CVE-2026-43700","CVE-2026-43701","CVE-2026-43703","CVE-2026-43704","CVE-2026-43705","CVE-2026-43706","CVE-2026-43707","CVE-2026-43708","CVE-2026-43709","CVE-2026-43712","CVE-2026-43713","CVE-2026-43715","CVE-2026-43716","CVE-2026-43717","CVE-2026-43718","CVE-2026-43720","CVE-2026-43721","CVE-2026-43722","CVE-2026-43724","CVE-2026-43725","CVE-2026-43726","CVE-2026-43727","CVE-2026-43731","CVE-2026-43732","CVE-2026-43734","CVE-2026-43735","CVE-2026-43740","CVE-2026-43742","CVE-2026-43743","CVE-2026-43745","CVE-2026-43746"],"exploited":false,"has_exploit":true,"published_at":"2026-06-30T11:48:34+00:00"},{"id":"d7f3de9d-810b-42f0-8bd8-0542ed7e1153","num":763,"source_id":"ncsc-nl","external_id":"NCSC-2026-0214 [1.00]","title":"NCSC-2026-0214 [1.00] [M/H] Vulnerabilities fixed in Apple MacOS","summary":"Apple has fixed multiple vulnerabilities in macOS Tahoe. The vulnerabilities included out-of-bounds access, use-after-free, memory handling errors, type confusion, double free, stack overflow, insufficient input validation, and race conditions. These could lead to unexpected crashes of processes, memory corruption, unauthorized access to sensitive data such as clipboard content and kernel information, and bypassing sandbox restrictions. Malicious actors can exploit these vulnerabilities by providing specially crafted web content or applications that trigger the mentioned errors, resulting in process instability, system termination, or data leaks. The vulnerabilities have been resolved through improved bounds checking, input validation, memory management, state management, and synchronization.","link":"https://advisories.ncsc.nl/advisory?id=NCSC-2026-0214","severity":"unknown","cvss":null,"cves":["CVE-2026-28979","CVE-2026-39868","CVE-2026-39872","CVE-2026-43663","CVE-2026-43676","CVE-2026-43699","CVE-2026-43700","CVE-2026-43701","CVE-2026-43703","CVE-2026-43704","CVE-2026-43705","CVE-2026-43706","CVE-2026-43707","CVE-2026-43708","CVE-2026-43709","CVE-2026-43712","CVE-2026-43713","CVE-2026-43715","CVE-2026-43716","CVE-2026-43717","CVE-2026-43718","CVE-2026-43720","CVE-2026-43721","CVE-2026-43722","CVE-2026-43724","CVE-2026-43725","CVE-2026-43726","CVE-2026-43727","CVE-2026-43731","CVE-2026-43732","CVE-2026-43734","CVE-2026-43735","CVE-2026-43740","CVE-2026-43742","CVE-2026-43743","CVE-2026-43745","CVE-2026-43746"],"exploited":false,"has_exploit":true,"published_at":"2026-06-30T11:47:30+00:00"},{"id":"7a6b4d30-6593-400f-927d-2e8a7329e9d3","num":1991,"source_id":"ncsc-nl","external_id":"NCSC-2026-0213 [1.00]","title":"NCSC-2026-0213 [1.00] [M/H] Vulnerabilities fixed in MISP platform","summary":"MISP has fixed multiple vulnerabilities in the MISP platform. The vulnerabilities include manipulating client-supplied primary and foreign keys by authenticated users, leading to unauthorized data overwriting, ownership transfer, and modification of record scopes. Furthermore, there was inadequate access control during bulk deletion of Event Reports and Sharing Groups, allowing users with broad role rights to delete items from other organizations. There were also multiple access control issues that allowed unauthorized changes or deletions across organizational boundaries. Additionally, the platform contained a vulnerability where authenticated site administrators could set the NDJSON error log path to a web-accessible PHP file, leading to remote code execution via injected PHP code in log files. Furthermore, authenticated administrators could specify arbitrary Kafka configuration files, enabling arbitrary code execution by loading malicious libraries. These vulnerabilities have been mitigated by implementing server-side validation, strict authorization controls, restrictions on log path configurations, and enforcing allowed locations for configuration files.","link":"https://advisories.ncsc.nl/advisory?id=NCSC-2026-0213","severity":"unknown","cvss":null,"cves":["CVE-2026-56422","CVE-2026-56423","CVE-2026-56424","CVE-2026-56425","CVE-2026-56446","CVE-2026-56447"],"exploited":false,"has_exploit":false,"published_at":"2026-06-29T08:08:17+00:00"},{"id":"93b06da7-8e52-40d1-bbda-c48fc12223d3","num":767,"source_id":"ncsc-nl","external_id":"NCSC-2026-0212 [1.00]","title":"NCSC-2026-0212 [1.00] [M/H] Vulnerabilities fixed in n8n workflow automation platform","summary":"n8n has fixed multiple vulnerabilities in the n8n workflow automation platform, specifically in versions prior to 1.123.55, 2.24.0, 2.25.7, 2.26.1, and 2.26.2. The vulnerabilities affect various components of the n8n platform. Authenticated users with workflow editing rights can bypass Content-Security-Policy (CSP) via the Respond to Webhook node and inject JavaScript via the Chat Trigger node. Furthermore, they can exfiltrate API tokens via the SecurityScorecard node and access, overwrite, or revoke credentials of other users via the Dynamic Credentials feature. Users with editor access to shared workflows can view others' credentials due to insufficient ownership checks. Unauthenticated attackers can submit false payloads via the MicrosoftAgent365Trigger and StripeTrigger nodes, leading to the execution of workflows with malicious data.","link":"https://advisories.ncsc.nl/advisory?id=NCSC-2026-0212","severity":"unknown","cvss":null,"cves":["CVE-2026-54301","CVE-2026-54302","CVE-2026-54304","CVE-2026-54305","CVE-2026-54306","CVE-2026-54307","CVE-2026-54308","CVE-2026-54309","CVE-2026-54310","CVE-2026-54311","CVE-2026-54312","CVE-2026-54313","CVE-2026-54314","CVE-2026-54303"],"exploited":false,"has_exploit":false,"published_at":"2026-06-29T08:02:42+00:00"},{"id":"149be157-288a-4051-b07a-1b172d1c7025","num":832,"source_id":"ncsc-nl","external_id":"NCSC-2026-0211 [1.00]","title":"NCSC-2026-0211 [1.00] [M/H] Vulnerabilities fixed in GitLab Community Edition and Enterprise Edition","summary":"GitLab Inc. has fixed multiple vulnerabilities in GitLab Enterprise Edition (EE) and other GitLab versions, specifically in releases from version 8.3 to 19.1.1, with emphasis on versions around 18.11.6, 19.0.3, and 19.1.1. The vulnerabilities affect various components of GitLab, including the package management system, DAST site profile management, CI/CD API endpoints, Snippet feature, mirror synchronization, and project issue tracking. Various issues are related to improper authorization controls, insufficient validation of input and output, and improper filtering of sensitive data. This allows users with limited or authenticated rights to, among other things: - access package metadata despite disabled registrations, - bypass security rules for packages and overwrite metadata, - read secrets from DAST site profiles, - perform cross-site scripting (XSS) attacks via insufficient path validation and input sanitization, - access or modify protected environment configurations despite visibility settings, - place hidden or unauthorized content in Snippets, - view sensitive project information without proper rights, - inject client-side code into sessions of other users, - cause sensitive information to appear in logs due to insufficient filtering, - access confidential issue references on public projects without authentication, - access internal network resources via mirror synchronization due to insufficient URL validation, - and modify virtual registry cleanup policies of other groups due to insufficient access control. These vulnerabilities are present in multiple consecutive versions of GitLab and involve both authentication and authorization issues, as well as input and output validation.","link":"https://advisories.ncsc.nl/advisory?id=NCSC-2026-0211","severity":"unknown","cvss":null,"cves":["CVE-2026-5796","CVE-2026-5952","CVE-2026-11379","CVE-2026-10712","CVE-2026-0934","CVE-2026-1606","CVE-2026-3176","CVE-2026-10086","CVE-2026-12053","CVE-2026-8330","CVE-2026-2238","CVE-2026-12635","CVE-2026-5309"],"exploited":false,"has_exploit":false,"published_at":"2026-06-25T11:26:42+00:00"},{"id":"61cd1b7a-be6f-414b-a3cc-00f83651f4d6","num":859,"source_id":"ncsc-nl","external_id":"NCSC-2026-0210 [1.01]","title":"NCSC-2026-0210 [1.01] [M/H] Vulnerabilities fixed in libssh2 by libssh","summary":"libssh has fixed vulnerabilities in libssh2 up to version 1.11.1. The first vulnerability concerns a pre-authentication denial of service in the SSH_MSG_EXT_INFO handler. A malicious SSH server can send a specially crafted extension_count value, causing the client to enter a CPU exhaustion loop and disrupting the processing of SSH messages. The second vulnerability is in the ssh2_transport_read() function, where improper bounds checking on the packet_length variable leads to an out-of-bounds write. This can be exploited by an attacker to cause a Denial-of-Service with specially crafted SSH packets, or theoretically to execute arbitrary code on the affected system, if no additional measures such as Address Space Layout Randomization (ALSR) are taken. However, this is not a common setting on systems. Both vulnerabilities are present in all implementations using libssh2 version 1.11.1 or lower. Update: Public PoC code has emerged confirming that the vulnerability can lead to arbitrary code execution under specific conditions.","link":"https://advisories.ncsc.nl/advisory?id=NCSC-2026-0210","severity":"unknown","cvss":null,"cves":["CVE-2026-55199","CVE-2026-55200"],"exploited":false,"has_exploit":false,"published_at":"2026-06-24T09:01:34+00:00"},{"id":"cd974e31-4131-4740-9374-89b38d85e183","num":2022,"source_id":"ncsc-nl","external_id":"NCSC-2026-0209 [1.00]","title":"NCSC-2026-0209 [1.00] [M/H] Vulnerabilities fixed in MongoDB Server","summary":"MongoDB has fixed multiple vulnerabilities in MongoDB Server. The vulnerabilities affect various components of MongoDB Server. A vulnerability in the logging mechanisms can lead to full authentication credentials, including sensitive credentials, being logged in server logs without redaction during SASL authentication sessions. Another vulnerability in BSON validation causes a crash of the mongod process due to uncontrolled mutual recursion during the validation of nested binary data, resulting in a denial-of-service.","link":"https://advisories.ncsc.nl/advisory?id=NCSC-2026-0209","severity":"unknown","cvss":null,"cves":["CVE-2026-9735","CVE-2026-9740","CVE-2026-9741","CVE-2026-9742","CVE-2026-9743","CVE-2026-9746","CVE-2026-9747","CVE-2026-9748","CVE-2026-9749","CVE-2026-9750","CVE-2026-9751","CVE-2026-9752","CVE-2026-9753","CVE-2026-9754"],"exploited":false,"has_exploit":false,"published_at":"2026-06-23T09:52:48+00:00"},{"id":"5ef3902b-94ba-4690-a44d-caff30f9ee92","num":2025,"source_id":"ncsc-nl","external_id":"NCSC-2026-0198 [1.01]","title":"NCSC-2026-0198 [1.01] [M/H] Vulnerabilities fixed in Splunk Enterprise and Splunk Cloud Platform","summary":"Splunk has fixed multiple vulnerabilities in Splunk Enterprise and Splunk Cloud Platform. The vulnerabilities affect various components of Splunk Enterprise and Splunk Cloud Platform. Splunk has assessed the vulnerability with CVE-2026-20253 in the PostgreSQL sidecar service endpoint as critical, allowing unauthenticated users to create or delete arbitrary files due to the lack of authentication controls. Another vulnerability with CVE-2026-20251 concerns Remote Code Execution (RCE) via unsafe deserialization of KV Store data with the 'jsonpickle' Python library, allowing low-privileged users without admin or power roles to execute code remotely. Furthermore, multiple vulnerabilities have been identified that allow sensitive data to be exfiltrated via SSRF, CSS injection, and XSS attacks. Due to insufficient validation of URLs, domains, and user input, attackers can bypass security controls, access internal systems, and exfiltrate data. Update: The Splunk Product Security Incident Response Team (PSIRT) reports that limited and targeted exploitation of the vulnerability with CVE-2026-20253 has been observed. The vulnerability allows a malicious actor to create or delete files, disrupting the operation of the system. As far as known, code execution is not possible.","link":"https://advisories.ncsc.nl/advisory?id=NCSC-2026-0198","severity":"unknown","cvss":null,"cves":["CVE-2026-20253","CVE-2026-20251"],"exploited":true,"has_exploit":true,"published_at":"2026-06-19T12:42:32+00:00"},{"id":"7fa5d7bb-84de-47ca-bcf5-e7e9d478a949","num":2031,"source_id":"ncsc-nl","external_id":"NCSC-2026-0208 [1.00]","title":"NCSC-2026-0208 [1.00] [M/H] Vulnerabilities fixed in Cisco Identity Services Engine","summary":"Cisco has fixed multiple vulnerabilities in Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC). The vulnerabilities can be exploited by both authenticated and unauthenticated attackers. An authenticated attacker with administrative rights can send specially crafted HTTP requests to execute arbitrary commands, potentially leading to Denial-of-Service and privilege escalation, compromising the integrity and availability of the systems. Additionally, some vulnerabilities can lead to unauthorized information disclosure. Unauthenticated attackers can also execute arbitrary code remotely and access sensitive information such as hashed login credentials. The cause lies in improper authorization controls when accessing certain resources within the systems.","link":"https://advisories.ncsc.nl/advisory?id=NCSC-2026-0208","severity":"unknown","cvss":null,"cves":["CVE-2026-20181","CVE-2026-20190"],"exploited":false,"has_exploit":false,"published_at":"2026-06-19T06:52:57+00:00"},{"id":"e750ac8a-028e-4f23-a1c1-881397182c48","num":887,"source_id":"ncsc-nl","external_id":"NCSC-2026-0207 [1.00]","title":"NCSC-2026-0207 [1.00] [M/H] Vulnerabilities fixed in Oracle Fusion Middleware products","summary":"Oracle has fixed multiple vulnerabilities in various products within the Oracle Fusion Middleware suite, including WebLogic Server, WebCenter Content, WebCenter Sites, WebCenter Portal, WebCenter Enterprise Capture, Identity Manager, Identity Manager Connector, Access Manager, Coherence, Unified Directory, Virtual Directory, and Application Development Framework (ADF). The vulnerabilities affect various versions of Oracle Fusion Middleware products, where an attacker with network access via HTTP, HTTPS, LDAP, T3, IIOP, or RMI protocols, depending on the product and vulnerability, can perform unauthorized actions. These actions include full system compromise, remote code execution, unauthorized creation, modification, or deletion of critical data, and bypassing authentication. Some vulnerabilities require user interaction, while others can be exploited by unauthenticated attackers. The vulnerabilities impact the confidentiality, integrity, and availability of the affected systems. Specific components such as WebLogic Server Console, Identity Manager Connector, Access Manager Authentication Engine, and Coherence are also affected. The CVSS 3.1 base scores range from moderate (around 4.1) to critical (10.0), depending on the vulnerability and product. Exploitation can lead to complete takeover of systems and may impact other Oracle products that rely on the vulnerable components.","link":"https://advisories.ncsc.nl/advisory?id=NCSC-2026-0207","severity":"critical","cvss":null,"cves":["CVE-2026-46788","CVE-2026-46789","CVE-2026-46790","CVE-2026-46791","CVE-2026-46792","CVE-2026-46793","CVE-2026-46794","CVE-2026-46795","CVE-2026-46796","CVE-2026-46797","CVE-2026-46798","CVE-2026-46799","CVE-2026-46800","CVE-2026-46801","CVE-2026-46802","CVE-2026-46803","CVE-2026-46804","CVE-2026-46805","CVE-2026-46806","CVE-2026-46807","CVE-2026-46808","CVE-2026-46809","CVE-2026-46810","CVE-2026-46812","CVE-2026-46813","CVE-2026-46814","CVE-2026-46838","CVE-2026-46844","CVE-2026-46845","CVE-2026-46846","CVE-2026-46847","CVE-2026-46848","CVE-2026-35258","CVE-2026-35259","CVE-2026-35261","CVE-2026-35262","CVE-2026-35263","CVE-2026-35265","CVE-2026-35267","CVE-2026-35268","CVE-2026-35269","CVE-2026-35270","CVE-2026-35280","CVE-2026-35281","CVE-2026-35282","CVE-2026-35283","CVE-2026-35284","CVE-2026-35285","CVE-2026-35286","CVE-2026-35291","CVE-2026-35292","CVE-2026-35293","CVE-2026-35294","CVE-2026-35295","CVE-2026-35296","CVE-2026-35298","CVE-2026-35299","CVE-2026-35300","CVE-2026-35301","CVE-2026-35302"],"exploited":false,"has_exploit":false,"published_at":"2026-06-17T09:28:34+00:00"},{"id":"5829fed9-9350-4497-978c-ed775390f81c","num":2039,"source_id":"ncsc-nl","external_id":"NCSC-2026-0206 [1.00]","title":"NCSC-2026-0206 [1.00] [M/H] Vulnerabilities fixed in Oracle JD Edwards EnterpriseOne","summary":"Oracle has fixed multiple vulnerabilities in Oracle JD Edwards EnterpriseOne, including the Tools, Accounts Payable, Human Resources Management, General Ledger, Order Promising, and Project Costing modules, specifically for versions 9.2.0.0 to 9.2.26.2. The vulnerabilities in Oracle JD Edwards EnterpriseOne allow an attacker to gain full control over the system without authentication or with low privileges via network access (HTTP or SMB). This includes creating, deleting, or modifying critical data, gaining unauthorized access to sensitive information, and causing a denial-of-service by crashing the system. The vulnerabilities affect the confidentiality, integrity, and availability of the system. Some vulnerabilities may also impact other related Oracle products due to the integrated nature of the suite.","link":"https://advisories.ncsc.nl/advisory?id=NCSC-2026-0206","severity":"unknown","cvss":null,"cves":["CVE-2026-46878","CVE-2026-46879","CVE-2026-46880","CVE-2026-46881","CVE-2026-46882","CVE-2026-46883","CVE-2026-46891","CVE-2026-46892","CVE-2026-46893","CVE-2026-46903","CVE-2026-46904","CVE-2026-46905","CVE-2026-46906","CVE-2026-46907","CVE-2026-46908","CVE-2026-46909","CVE-2026-46910","CVE-2026-46911","CVE-2026-46912","CVE-2026-46913"],"exploited":false,"has_exploit":false,"published_at":"2026-06-17T09:25:49+00:00"},{"id":"d5128e83-d79c-4256-a78b-fd36cfd0603c","num":893,"source_id":"ncsc-nl","external_id":"NCSC-2026-0205 [1.00]","title":"NCSC-2026-0205 [1.00] [M/H] Vulnerabilities fixed in Oracle MySQL products","summary":"Oracle has fixed vulnerabilities in Oracle MySQL Shell for VS Code, MySQL Router, MySQL NDB Cluster, and MySQL Server. The vulnerabilities are present in various Oracle MySQL products and versions. In MySQL Shell for VS Code (version 2026.2.0+9.6.1), attackers with low privileges and network access via HTTP or user-interactive network access can gain full control over the MySQL Shell or unauthorized access to critical data. In MySQL Router (versions 8.4.0 to 8.4.9 and 9.0.0 to 9.7.0), unauthenticated attackers can achieve full device takeover or cause a denial-of-service by crashing or hanging the system via HTTP or TLS. MySQL NDB Cluster (versions 8.0.11 to 8.0.46, 8.4.0 to 8.4.9, and 9.0.0 to 9.7.0) contains a vulnerability that allows an attacker with low privileges and network access via HTTP to create, delete, or modify unauthorized critical data. MySQL Server and MySQL Cluster contain a vulnerability that allows an unauthenticated network attacker to cause a denial-of-service by crashing or hanging the server. The vulnerabilities have various CVSS 3.1 base scores ranging from 6.5 to 9.9, depending on the product and the nature of the vulnerability.","link":"https://advisories.ncsc.nl/advisory?id=NCSC-2026-0205","severity":"unknown","cvss":null,"cves":["CVE-2026-46850","CVE-2026-46860","CVE-2026-46861","CVE-2026-46862","CVE-2026-46863","CVE-2026-46869","CVE-2026-46870","CVE-2026-46871"],"exploited":false,"has_exploit":false,"published_at":"2026-06-17T09:20:53+00:00"},{"id":"11ee9a96-2deb-46e2-92cc-0d5f6f8facb4","num":907,"source_id":"ncsc-nl","external_id":"NCSC-2026-0204 [1.00]","title":"NCSC-2026-0204 [1.00] [M/H] Vulnerabilities fixed in Oracle PeopleSoft Enterprise","summary":"Oracle has fixed vulnerabilities in Oracle PeopleSoft Enterprise PT PeopleTools (versions 8.61 and 8.62) and PeopleSoft Enterprise CS Campus Community and Student Financials (version 9.2.38). The vulnerabilities in Oracle PeopleSoft Enterprise PT PeopleTools versions 8.61 and 8.62 allow unauthenticated attackers with network access via HTTP or HTTPS to bypass authentication controls, enabling them to create, delete, or modify critical data. Some vulnerabilities allow for complete system compromise, including executing arbitrary code and taking over the system. Additionally, attackers with high privileges and infrastructure access can gain full control over the system. The vulnerabilities affect the confidentiality, integrity, and availability of the system. For PeopleSoft Enterprise CS Campus Community and Student Financials version 9.2.38, attackers with low or high privileges and network access via HTTP or HTTPS can also manipulate critical data or take over the system. The vulnerabilities are related to insufficient access control and affect key components of the PeopleSoft environment.","link":"https://advisories.ncsc.nl/advisory?id=NCSC-2026-0204","severity":"unknown","cvss":null,"cves":["CVE-2026-35271","CVE-2026-35272","CVE-2026-35274","CVE-2026-35276","CVE-2026-35278","CVE-2026-35279","CVE-2026-35288","CVE-2026-35289","CVE-2026-46849","CVE-2026-46851","CVE-2026-46979"],"exploited":false,"has_exploit":false,"published_at":"2026-06-17T09:11:23+00:00"},{"id":"bb0f8f2e-3bf4-4a92-93fa-5e564fd98911","num":908,"source_id":"ncsc-nl","external_id":"NCSC-2026-0203 [1.00]","title":"NCSC-2026-0203 [1.00] [M/H] Vulnerabilities fixed in Oracle VM VirtualBox","summary":"Oracle has fixed multiple vulnerabilities in Oracle VM VirtualBox version 7.2.8. The vulnerabilities are present in various components of Oracle VM VirtualBox 7.2.8, including Shared Folders and the VMSVGA device. An attacker with low to high privileges and access to the underlying infrastructure can create, delete, or modify data, gain unauthorized read access, crash or hang the system, and potentially gain control over the virtualization environment. The vulnerabilities affect the confidentiality, integrity, and availability of the system. Some vulnerabilities have a CVSS score of up to 7.5, while others range from low to medium.","link":"https://advisories.ncsc.nl/advisory?id=NCSC-2026-0203","severity":"medium","cvss":null,"cves":["CVE-2026-35275","CVE-2026-46768","CVE-2026-46815","CVE-2026-46816","CVE-2026-46825","CVE-2026-46873","CVE-2026-46874","CVE-2026-46877","CVE-2026-46974","CVE-2026-46977"],"exploited":false,"has_exploit":false,"published_at":"2026-06-17T09:05:28+00:00"},{"id":"dce06de6-75dd-4edb-9961-a2eb1be44af2","num":909,"source_id":"ncsc-nl","external_id":"NCSC-2026-0202 [1.00]","title":"NCSC-2026-0202 [1.00] [M/H] Vulnerabilities fixed in Oracle Enterprise Manager","summary":"Oracle has fixed multiple vulnerabilities in Oracle Enterprise Manager versions 13.5 and 24.1. The vulnerabilities in Oracle Enterprise Manager Base Platform versions 13.5 and 24.1 allow an attacker with low or no privileges and network access via HTTP or HTTPS to gain full control over the platform. Some vulnerabilities do not require authentication and can lead to unauthorized data modification, denial-of-service, or complete system compromise. Additionally, an attacker with SSH access can also achieve full system compromise. The vulnerabilities may also impact other Oracle products that are integrated with the platform. Furthermore, there is a vulnerability in Apache Log4j's JsonTemplateLayout up to version 2.25.3 that generates incorrect JSON output when serializing non-finite floating-point values, which can disrupt downstream log processing systems when MapMessages are logged.","link":"https://advisories.ncsc.nl/advisory?id=NCSC-2026-0202","severity":"unknown","cvss":null,"cves":["CVE-2026-34481","CVE-2026-46832","CVE-2026-46852","CVE-2026-46853","CVE-2026-46854","CVE-2026-46855","CVE-2026-46856","CVE-2026-46857","CVE-2026-46858","CVE-2026-46864","CVE-2026-46865","CVE-2026-46866","CVE-2026-46867","CVE-2026-46868","CVE-2026-46872","CVE-2026-46875"],"exploited":false,"has_exploit":false,"published_at":"2026-06-17T08:55:54+00:00"},{"id":"03be188c-0424-416a-b443-1feafe4603a2","num":910,"source_id":"ncsc-nl","external_id":"NCSC-2026-0201 [1.00]","title":"NCSC-2026-0201 [1.00] [M/H] Vulnerabilities fixed in Oracle E-Business Suite products","summary":"Oracle has fixed vulnerabilities in various Oracle E-Business Suite products, including Oracle Enterprise Command Center Framework, iSupplier Portal, Complex Maintenance, Repair and Overhaul, Process Manufacturing Product Development, HR Intelligence, Receivables, Spares Management, Cost Management, Enterprise Asset Management, Applications Manager, iSupport, Advanced Outbound Telephony, Quality, HRMS (UK), Human Resources, Property Manager, Subledger Accounting, Project Portfolio Analysis, Universal Work Queue, Public Sector Financials (International), Financials for EMEA, Outsourced Manufacturing, and Public Sector Payroll. The vulnerabilities allow an attacker with network access and often low to high privileges to perform unauthorized actions, including gaining full control over the system, creating, modifying, or deleting critical data, and causing partial or complete denial-of-service. Some vulnerabilities require user interaction, while others can be exploited without authentication. The vulnerabilities affect the confidentiality, integrity, and availability of the systems. The CVSS 3.1 base scores range from 7.1 to 9.9, with multiple vulnerabilities scoring 8.8 or higher. The vulnerabilities are present in various versions, primarily between 12.2.3 and 12.2.15, and in some cases also in versions 15 and 16 of the Enterprise Command Center Framework. Exploitation can lead to complete system compromise and may also impact other Oracle products that depend on the vulnerable components.","link":"https://advisories.ncsc.nl/advisory?id=NCSC-2026-0201","severity":"unknown","cvss":null,"cves":["CVE-2026-46949","CVE-2026-46950","CVE-2026-46951","CVE-2026-46952","CVE-2026-46953","CVE-2026-46955","CVE-2026-46956","CVE-2026-46957","CVE-2026-46958","CVE-2026-46959","CVE-2026-46960","CVE-2026-46961","CVE-2026-46962","CVE-2026-46963","CVE-2026-46964","CVE-2026-46965","CVE-2026-46966","CVE-2026-46967","CVE-2026-46969","CVE-2026-46970","CVE-2026-46971","CVE-2026-46972","CVE-2026-46973","CVE-2026-46976","CVE-2026-46894","CVE-2026-46895","CVE-2026-46896","CVE-2026-46897","CVE-2026-46898","CVE-2026-46899","CVE-2026-46900","CVE-2026-46901","CVE-2026-46902","CVE-2026-46915","CVE-2026-46916","CVE-2026-46918","CVE-2026-46922","CVE-2026-46927","CVE-2026-46928","CVE-2026-46929","CVE-2026-46930","CVE-2026-46931","CVE-2026-46932","CVE-2026-46933","CVE-2026-46934","CVE-2026-46935","CVE-2026-46937","CVE-2026-46938","CVE-2026-46939","CVE-2026-46940","CVE-2026-46942","CVE-2026-46944","CVE-2026-46945","CVE-2026-46946","CVE-2026-46947"],"exploited":false,"has_exploit":false,"published_at":"2026-06-17T08:53:15+00:00"},{"id":"76bf049c-4ee7-4d2b-84ac-968e0d61ca25","num":2049,"source_id":"ncsc-nl","external_id":"NCSC-2026-0200 [1.00]","title":"NCSC-2026-0200 [1.00] [M/H] Vulnerabilities fixed in Oracle Communications","summary":"Oracle has fixed vulnerabilities in Oracle Communications. The vulnerabilities are in two underlying products: SQLite and Log4j and have been previously fixed by the developers of these products. Oracle has incorporated the updates into its own software. In SQLite, a remote attacker can leak heap memory via specially crafted ZIP files due to an information leak in the zipfileInflate function of the zipfile extension. In Log4j, incorrect serialization of non-finite floating-point values such as NaN or infinity in the JsonTemplateLayout leads to invalid JSON output, which can disrupt downstream log processing systems when applications log MapMessages controlled by the attacker, causing a denial of service in log analysis workflows.","link":"https://advisories.ncsc.nl/advisory?id=NCSC-2026-0200","severity":"unknown","cvss":null,"cves":["CVE-2025-70873","CVE-2026-34481"],"exploited":false,"has_exploit":false,"published_at":"2026-06-17T08:50:12+00:00"},{"id":"c88fce04-99cf-4a7d-9150-0664e4be53dc","num":2052,"source_id":"ncsc-nl","external_id":"NCSC-2026-0199 [1.00]","title":"NCSC-2026-0199 [1.00] [M/H] Vulnerability fixed in Cisco Catalyst SD-WAN Manager","summary":"Cisco has fixed a vulnerability in Cisco Catalyst SD-WAN Manager. The vulnerability is in the web user interface of Cisco Catalyst SD-WAN Manager and concerns a directory traversal flaw. This is caused by improper input validation during the file upload process. An authenticated attacker can create or overwrite arbitrary files on the underlying system. Upon successful exploitation, the attacker can gain root-level access, affecting system integrity. Cisco reports having information that the vulnerability has been exploited in a limited manner.","link":"https://advisories.ncsc.nl/advisory?id=NCSC-2026-0199","severity":"unknown","cvss":null,"cves":["CVE-2026-20262"],"exploited":false,"has_exploit":true,"published_at":"2026-06-16T13:30:10+00:00"},{"id":"52577d43-35cd-4397-bb7f-94a6ed0db747","num":2059,"source_id":"ncsc-nl","external_id":"NCSC-2026-0179 [1.01]","title":"NCSC-2026-0179 [1.01] [H/H] Vulnerabilities fixed in Check Point Remote and Mobile Access VPN products","summary":"Check Point has fixed vulnerabilities in Remote and Mobile Access VPN products, specifically for implementations using the IKEv1 key exchange protocol. Two vulnerabilities have been identified in Check Point Security Gateways and Remote Access VPN environments using the outdated IKEv1 protocol. The vulnerabilities CVE-2026-50751 and CVE-2026-50752 affect VPN authentication and certificate validation. These vulnerabilities allow attackers to gain access to VPN environments without valid authentication. The vulnerability CVE-2026-50751 has been exploited as a zero-day. According to Check Point, ransomware was also deployed in one case following this exploitation. The first detected exploitation dates back to May 7. The IKEv1 protocol is an outdated protocol still used in such implementations. The NCSC-NL expects large-scale exploitation to occur in the near term and urges organizations to follow Check Point's advisory. The NCSC-NL also calls on organizations to check Check Point's IoCs if relevant products using IKEv1 are in use within the organization. UPDATE: Publicly available Proof-of-Concept (PoC) code is now available, increasing the likelihood of exploitation. IOCs 45.77.149[.]152 209.182.225[.]136 38.60.157[.]139 162.33.177[.]101 45.76.26[.]42 144.208.127[.]155 38.54.88[.]201 38.54.107[.]167 66.42.99[.]200 52fda5c1b9704544f32ee98d9060e689 51d39aa39478beeac94f2d12f682ecce","link":"https://advisories.ncsc.nl/advisory?id=NCSC-2026-0179","severity":"unknown","cvss":null,"cves":["CVE-2026-50751","CVE-2026-50752"],"exploited":true,"has_exploit":true,"published_at":"2026-06-16T13:13:03+00:00"},{"id":"8263fc83-7c76-4040-abe6-9704876bc029","num":2060,"source_id":"ncsc-nl","external_id":"NCSC-2026-0197 [1.00]","title":"NCSC-2026-0197 [1.00] [M/H] Vulnerability fixed in Fortinet FortiPortal","summary":"Fortinet has fixed a vulnerability in FortiPortal versions 7.0 to 7.4.7. The vulnerability concerns the FortiPortal API endpoints, where an external attacker with an organizational user role can access sensitive network configuration data via specially crafted HTTP requests. These issues affect the integrity of the access control mechanisms and can lead to exposure of critical network configuration information to unauthorized users.","link":"https://advisories.ncsc.nl/advisory?id=NCSC-2026-0197","severity":"unknown","cvss":null,"cves":["CVE-2026-49938"],"exploited":false,"has_exploit":false,"published_at":"2026-06-12T07:45:00+00:00"},{"id":"74960630-2bdb-430d-a217-70edf7ee4693","num":1828,"source_id":"ncsc-nl","external_id":"NCSC-2026-0196 [1.00]","title":"NCSC-2026-0196 [1.00] [M/H] Vulnerabilities fixed in GitLab Enterprise Edition","summary":"GitLab has fixed multiple vulnerabilities in GitLab Community Edition and Enterprise Edition (EE) versions ranging from 12.0 to 19.0.2, including major releases such as 17.x, 18.10.8, 18.11.5, and 19.0.2. The vulnerabilities affect various components of GitLab CE & EE. Authenticated users with developer permissions can execute arbitrary client-side code via the Analytics Dashboard interface due to insufficient sanitization of user input. A denial of service (DoS) can be caused on the CI/CD Catalog page by improper input sanitization, making the page unavailable. A DoS can also occur by uploading specially crafted files that lead to resource exhaustion, which can crash or make the GitLab service unresponsive. Furthermore, authenticated users can gain unauthorized access to confidential issue data due to improper authorization controls. Developer users can modify hidden merge requests due to flawed authorization, and also manipulate merge request diff views by improper handling of file names, which can hide changes during code reviews. Users with the Security Manager role can manage project security settings despite this feature being disabled, due to improper authorization. Within Group SAML identity management, group Owners can take control over other group members due to improper authorization controls. Unauthorized email addresses can be added to accounts via insufficient input sanitization in group settings. During repository import, insufficient validation of secondary URLs can lead to reading arbitrary files on the Gitaly server and access to internal network resources. Finally, an unauthenticated user can impersonate the GitLab Support Bot by injecting arbitrary content into Service Desk email responses, caused by improper handling of email templates.","link":"https://advisories.ncsc.nl/advisory?id=NCSC-2026-0196","severity":"unknown","cvss":null,"cves":["CVE-2026-10087","CVE-2026-10733","CVE-2026-1500","CVE-2026-3553","CVE-2026-6269","CVE-2026-6277","CVE-2026-6552","CVE-2026-6976","CVE-2026-7250","CVE-2026-8589","CVE-2026-9204","CVE-2026-9694"],"exploited":false,"has_exploit":false,"published_at":"2026-06-12T07:39:37+00:00"},{"id":"4ef0fce1-016a-4b67-a533-8f289a389811","num":1830,"source_id":"ncsc-nl","external_id":"NCSC-2026-0195 [1.00]","title":"NCSC-2026-0195 [1.00] [M/H] Vulnerability fixed in Oracle PeopleSoft Enterprise PeopleTools","summary":"Oracle has fixed a vulnerability in Oracle PeopleSoft Enterprise PeopleTools versions 8.61 and 8.62. The vulnerability allows unauthenticated attackers to exploit the system remotely via HTTP. This can lead to remote code execution, potentially resulting in full system takeover. The vulnerability affects Oracle PeopleSoft Enterprise PeopleTools and is particularly exploitable when the PeopleSoft Environment Management Hub (PSEMHUB) is accessible from the internet. It is common to make such management components accessible only through internal networks or a VPN. Google CTI reports that this vulnerability has been exploited as a zero-day since at least May 27.","link":"https://advisories.ncsc.nl/advisory?id=NCSC-2026-0195","severity":"unknown","cvss":null,"cves":["CVE-2026-35273"],"exploited":true,"has_exploit":true,"published_at":"2026-06-12T07:25:07+00:00"}]}