Skip to content
Auto-CTI
Archive view — this data may be outdated.

CTI status

Joel Traber AG

As of:

Last pipeline run:

Status High

All threats

Sorted by KEV · Risk · EPSS
Admiralty grading (A–F · 1–6)

Source reliability

  • A Completely reliable
  • B Usually reliable
  • C Fairly reliable
  • D Not usually reliable
  • E Unreliable
  • F Cannot be judged

Information credibility

  • 1 Confirmed
  • 2 Probably true
  • 3 Possibly true
  • 4 Doubtful
  • 5 Improbable
  • 6 Cannot be judged

NATO Admiralty (AJP-2.1) grades confidence, independent of the risk score. Cross-source corroboration isn't tracked for non-CVE news, so single-source items are capped at a lower credibility number; a low number does not imply low quality.

KEV NEW B1
84

The June 2026 Security Update Review

HTTP.sys CVE-2026-47291 (CVSS 9.8) enables unauthenticated remote code execution, but systems using default MaxRequestBytes registry values are protected; registry-based mitigation available during testing.

Critical CVSS 7.8 EPSS 9%
KEV NEW Earth Dahu (Gamaredon), SHADOW-EARTH-066 (UAC-0226) C1
75

WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Stealers in Ukraine

Russia-aligned groups (Earth Dahu, UAC-0226) continue to actively exploit the WinRAR vulnerability CVE-2025-8088 nearly a year after patches were released to deploy stealers against Ukrainian organisations,signalling coordinated campaigns targeting European infrastructure.

Critical CVSS 8.8 EPSS 12%
KEV NEW Russian state-sponsored APT C1
70

Russian Attackers Weaponize WinRAR Flaw Against Ukrainian Orgs

Russian state-sponsored actors are exploiting an already-patched WinRAR vulnerability in active campaigns against Ukrainian military and government targets, signalling ongoing cyber-warfare in a strategically relevant geographical zone for DACH.

High CVSS 8.8 EPSS 12%
NEW C3
100

Google Patches 5th Chrome Zero-Day Exploited in 2026

An actively exploited zero-day in Chrome's V8 engine enables remote code execution within the sandbox; attackers have likely chained this with a sandbox escape flaw.

Critical CVSS 8.8 EPSS 0%
NEW A2
100

CVE-2026-45602

A vulnerability in Windows DHCP Server allows unauthorized network-level tampering with critical network configuration without authentication.

Critical CVSS 9.1 EPSS 0%
NEW A2
100

CVE-2026-45648

Active Directory vulnerabilities with RCE potential are targets for nation-state APTs and require prioritized patching, as AD is central to enterprise authentication.

Critical CVSS 8.8 EPSS 0%
NEW A2
98

CVE-2026-45484

A deserialization vulnerability in Microsoft Office SharePoint allows authenticated attackers to elevate privileges over a network.

Critical CVSS 8.8 EPSS 0%
NEW A2
97

CVE-2026-47298

An authentication flaw in SharePoint allows authorized attackers to execute code remotely , a critical risk for organisations using SharePoint as a central collaboration platform.

Critical CVSS 8.0 EPSS 0%
NEW A2
91

CVE-2026-44801

A heap-based buffer overflow in Remote Desktop Client enables attackers to execute code over the network without authentication,an immediate threat to remote access entry points in infrastructure.

Critical CVSS 7.5 EPSS 0%
NEW A2
91

CVE-2026-48563

CVE-2026-48563 enables unauthenticated remote code execution over RDP, immediately threatening organizations operating Remote Desktop Gateway.

Critical CVSS 7.5 EPSS 0%
NEW A2
90

CVE-2026-44815

The vulnerability enables unauthenticated remote code execution via the DHCP protocol without requiring prior authentication or user interaction.

Critical CVSS 9.8 EPSS 0%
NEW A2
88

CVE-2026-47634

The vulnerability requires authentication and enables spoofing over the network rather than code execution; threat potential depends on trust abuse by internal users.

Critical CVSS 7.3 EPSS 0%
NEW A2
86

CVE-2026-47288

An integer overflow vulnerability in Windows Kerberos allows authenticated network attackers to execute code in AD environments without needing to breach the network perimeter.

Critical CVSS 7.1 EPSS 0%
NEW APT29, UNC6692 B3
85

When "Hi, This Is IT" Comes Through Microsoft Teams

APT29 and UNC6692 actively exploit compromised Microsoft Teams accounts and IT helpdesk impersonation for credential harvesting,a shift from traditional email phishing to SaaS collaboration apps with higher success rates.

Critical
NEW A2
79

CVE-2026-42907

The vulnerability enables information disclosure only through local, authorized attackers , a relevant threat primarily for insider risks, not external threat actors.

Critical CVSS 6.5 EPSS 0%
NEW A2
79

CVE-2026-45454

A path-traversal vulnerability in Microsoft SharePoint allows authenticated attackers to execute code remotely; its presence in an NVD entry suggests an already-documented vulnerability likely addressed through Patch Tuesday.

Critical CVSS 6.5 EPSS 0%
NEW A2
76

CVE-2026-44810

Local privilege escalation in Windows Cryptographic Services requires prior authentication on the system; strategic significance limited without indication of active exploitation or PoC.

Critical CVSS 8.4 EPSS 0%
NEW A2
76

CVE-2026-45456

The vulnerability enables local code execution through type confusion in Microsoft Office, posing a critical risk to all systems running Office.

Critical CVSS 8.4 EPSS 0%
NEW A2
76

CVE-2026-45458

A type-confusion vulnerability in Microsoft Office enables local code execution, although no details on active exploitation or affected versions are disclosed in this alert.

Critical CVSS 8.4 EPSS 0%
NEW A2
76

CVE-2026-45474

The vulnerability enables local code execution via a heap overflow in Microsoft Office, posing a significant risk for manufacturing environments with productive Office installations.

Critical CVSS 8.4 EPSS 0%
NEW A2
76

CVE-2026-47635

Type-confusion vulnerability in Microsoft Office allows unauthenticated attacker local code execution; exploitation requires access to affected Office document.

Critical CVSS 8.4 EPSS 0%
NEW A2
74

CVE-2025-40808

The vulnerability affects SIPROTEC 5 protection relays in critical power supply networks and requires timely security assessment for installations using these devices.

High CVSS 6.1 EPSS 0%
NEW A2
74

CVE-2026-45500

An XSS vulnerability in Microsoft Exchange Server enables unauthenticated network-based spoofing attacks, potentially facilitating phishing and impersonation campaigns.

High CVSS 6.1 EPSS 0%
NEW A2
73

CVE-2026-45641

This alert describes an out-of-bounds read vulnerability in Windows Hyper-V that enables local code execution and is therefore critical for environments running hypervisors.

High CVSS 8.4 EPSS 0%
NEW A2
72

CVE-2026-45588

Authorized local attackers can bypass a critical security feature in the operating system via a failure in the Secure Boot mechanism, which poses elevated risk for systems with physical or remote access.

High CVSS 7.9 EPSS 0%
NEW A2
72

CVE-2026-45654

The vulnerability requires local authentication and authorization, significantly reducing practical attack risk in environments with strong access controls.

High CVSS 7.9 EPSS 0%
NEW A2
72

CVE-2026-47656

The vulnerability requires local access and an authorized user account, limiting the risk for distributed production environments against external attacks.

High CVSS 7.9 EPSS 0%
NEW A2
72

CVE-2026-48570

A flaw in Windows Secure Boot allows a locally authorized attacker to bypass security features and potentially achieve full system compromise.

High CVSS 7.9 EPSS 0%
NEW A2
72

CVE-2026-48573

A bypass of Windows Secure Boot by authorized local attackers compromises boot-process integrity and enables deep system manipulation.

High CVSS 7.9 EPSS 0%
NEW A2
72

CVE-2026-48575

A local Secure Boot bypass could enable authenticated users to circumvent bootloader verification and establish firmware-level persistence.

High CVSS 7.9 EPSS 0%
NEW A2
72

CVE-2026-48576

The vulnerability allows a locally authorized attacker to bypass Secure Boot and compromise the integrity of the boot process , relevant for hardened Windows Server environments.

High CVSS 7.9 EPSS 0%
NEW A2
72

CVE-2026-48578

The vulnerability requires local authentication and allows bypass of Secure Boot as a protection mechanism, but has limited practical impact without initial system access.

High CVSS 7.9 EPSS 0%
NEW A2
71

CVE-2026-33828

Local privilege escalation via Windows Attestation allows authorized attackers to escalate to system level,relevant for secured RDP and remote-access infrastructures.

High CVSS 7.8 EPSS 0%
NEW A2
71

CVE-2026-42828

The vulnerability requires local authorization and enables privilege escalation on Windows Server 2022/2019, but is already addressed via official Microsoft patches.

High CVSS 7.8 EPSS 0%
NEW A2
71

CVE-2026-42829

The vulnerability allows authenticated local attackers to bypass a critical Windows security feature, but requires prior system access.

High CVSS 7.8 EPSS 0%
NEW A2
71

CVE-2026-42905

A use-after-free vulnerability in Windows DWM Core Library enables local privilege escalation by authorized attackers; this is a standard patch element with no signs of active exploitation or specific campaigns.

High CVSS 7.8 EPSS 0%
NEW A2
71

CVE-2026-42910

Local privilege escalation vulnerability in Windows Hotpatch Monitoring Service that can be exploited by authorized attackers to elevate privileges; already documented in NVD.

High CVSS 7.8 EPSS 0%
NEW A2
71

CVE-2026-42980

The vulnerability requires local authentication and enables privilege escalation on Windows systems , typical of routine monthly patch-cycle disclosures without active campaign context.

High CVSS 7.8 EPSS 0%
NEW A2
71

CVE-2026-44813

A use-after-free vulnerability in Windows DWM Core Library enables local privilege escalation by authenticated attackers; this is a standard vulnerability with no active exploitation reported in the wild.

High CVSS 7.8 EPSS 0%
NEW A2
71

CVE-2026-44817

Integer underflow in Excel enables unauthenticated local code execution; no information provided on active exploitation or affected versions.

High CVSS 7.8 EPSS 0%
NEW A2
71

CVE-2026-44820

The vulnerability enables remote code execution through integer underflow; however, details on exploitability and PoC status are not evident from the minimal NVD description.

High CVSS 7.8 EPSS 0%
NEW A2
71

CVE-2026-45469

The vulnerability enables local code execution through an integer underflow in Excel; relevant patches should already be available through NVD or vendor advisories.

High CVSS 7.8 EPSS 0%
NEW A2
71

CVE-2026-45586

A local privilege escalation vulnerability in Windows Collaborative Translation Framework requires an already-authenticated attacker, limiting the threat to insider actors or compromised user accounts.

High CVSS 7.8 EPSS 0%
NEW A2
71

CVE-2026-45600

Local privilege escalation in Windows Kernel via type confusion that can be exploited by authenticated attackers and requires immediate attention for affected servers.

High CVSS 7.8 EPSS 0%
NEW A2
71

CVE-2026-45656

UEFI protection mechanism bypass allows local attackers with physical or boot access to disable security features and gain system control.

High CVSS 7.8 EPSS 0%
NEW A2
71

CVE-2026-47913

The vulnerability requires user interaction (opening a malicious PDF file) for exploitation; there are currently no indications of active exploitation in the wild.

High CVSS 7.8 EPSS 0%
NEW A2
71

CVE-2026-47914

This vulnerability is already documented in NVD and Adobe security databases and presents no novel attack scenarios.

High CVSS 7.8 EPSS 0%
NEW A2
71

CVE-2026-47918

The vulnerability requires user interaction (opening a malicious file), which means risk can be mitigated through user awareness and content filtering.

High CVSS 7.8 EPSS 0%
NEW A2
71

CVE-2026-47921

The vulnerability affects widely deployed Acrobat Reader versions and requires user interaction, making it a likely vector for spear-phishing or supply-chain attacks.

High CVSS 7.8 EPSS 0%
NEW A2
71

CVE-2026-47952

The vulnerability requires user interaction (opening a malicious file) and enables code execution in the context of the current user.

High CVSS 7.8 EPSS 0%
NEW A2
68

CVE-2026-45490

Vulnerability requires prior authentication and local execution, thus lower immediate risk from network-based attackers; focus on internal access controls and privilege management.

High CVSS 7.8 EPSS 0%
NEW A2
68

CVE-2026-45636

A local heap buffer overflow in the Windows NTFS driver enables unauthorized code execution on affected systems without requiring additional privilege escalation.

High CVSS 7.8 EPSS 0%
NEW A2
67

CVE-2026-47937

The vulnerability enables arbitrary code execution in the user context without local privilege escalation, but requires explicit opening of a malicious file by the victim.

High CVSS 7.4 EPSS 0%
NEW A2
65

CVE-2026-33113

An XSS vulnerability in SharePoint allows authorized attackers to perform spoofing attacks , the security risk lies in insufficient input validation during page generation.

High CVSS 5.4 EPSS 0%
NEW A2
65

CVE-2026-45595

The vulnerability allows attackers to bypass the Mark of the Web security warning and execute malicious files undetected when delivered over the network.

High CVSS 5.4 EPSS 0%
NEW A2
64

CVE-2026-34335

A use-after-free vulnerability in the Windows Ancillary Function Driver allows authenticated attackers to escalate privileges locally on Windows servers.

Medium CVSS 7.0 EPSS 0%
NEW A2
64

CVE-2026-42984

The vulnerability enables local privilege escalation and could be exploited for lateral movement following initial compromise.

Medium CVSS 7.0 EPSS 0%
NEW A2
64

CVE-2026-44818

The vulnerability enables local code execution through integer underflow in Excel; critical for systems running Excel with elevated privileges or when processing untrusted files.

Medium CVSS 7.0 EPSS 0%
NEW A2
64

CVE-2026-45653

The vulnerability requires pre-existing local authentication and thus primarily poses risk for internal threat scenarios; the extent of impact on productive systems depends on the distribution breadth of the kernel version and existing mitigations.

Medium CVSS 7.0 EPSS 0%
NEW A2
64

CVE-2026-47648

Local privilege escalation in Windows Storage can be exploited by authorized attackers; relevant for manufacturing environments where maintenance personnel have system access.

Medium CVSS 7.0 EPSS 0%
NEW Qilin C2
63

Check Point VPN Zero-Day Exploited in Qilin Ransomware Attacks

Qilin ransomware gang is actively exploiting a Check Point VPN zero-day to gain access without valid credentials; parallel exploitation of similar vulnerabilities in Palo Alto, Fortinet, and F5 products indicates a coordinated supply-chain targeting campaign.

Critical
NEW A2
62

CVE-2026-50507

The vulnerability allows BitLocker protection to be bypassed under certain physical attack conditions, which is particularly critical in data centers and hardware disposal scenarios.

Medium CVSS 6.8 EPSS 0%
NEW A2
56

CVE-2026-45462

The vulnerability requires authentication and spoofing capabilities; automatic patching via WSUS is expected, therefore no immediate risk without targeted attack.

Medium CVSS 4.6 EPSS 0%
NEW A2
56

CVE-2026-45479

The vulnerability requires authentication and enables only spoofing , not remote code execution or data access , therefore presenting low operational risk in standard SharePoint configurations.

Medium CVSS 4.6 EPSS 0%
NEW A2
56

CVE-2026-47641

The vulnerability requires prior authentication and enables spoofing over the network , no indication of active exploitation in the wild.

Medium CVSS 4.6 EPSS 0%
NEW A2
50

CVE-2026-45594

The vulnerability requires local access by an authenticated attacker and therefore has limited exploitability in typical enterprise environments with proper access control management.

Medium CVSS 5.5 EPSS 0%
NEW A2
50

CVE-2026-45647

A TOCTOU race condition in Microsoft Defender for Endpoint enables local privilege escalation by authorized attackers, compromising the security product itself as an attack vector.

Medium CVSS 5.5 EPSS 0%
NEW A3
47

Apache HTTP Server: Multiple Vulnerabilities

The BSI warns of multiple unspecified vulnerabilities in Apache HTTP Server with critical potential (RCE, DoS); without explicit CVE numbers, precise assessment is limited.

Critical
NEW A2
45

CVE-2026-44743

An authentication gap in SAP Business Objects allows unauthorized access to sensitive data via a specific endpoint; no integrity or availability risk currently known.

Medium CVSS 3.7 EPSS 0%
NEW A2
43

CVE-2026-45460

The vulnerability enables local information disclosure through out-of-bounds read, but requires local authentication and is therefore primarily a risk in multi-user environments or remote-access scenarios.

Medium CVSS 4.7 EPSS 0%
NEW A2
30

CVE-2026-45459

The vulnerability enables local security mechanism bypasses in Excel, but requires direct system access and is therefore a moderate risk in network-isolated or multi-user environments.

Low CVSS 3.3 EPSS 0%
NEW A2
30

CVE-2026-45485

The CVE affects an out-of-bounds read vulnerability in Microsoft Office; however, the alert provides no information on active exploitation, specific attack scenarios, or temporal urgency beyond standard patch information.

Low CVSS 3.3 EPSS 0%
NEW A3
20

[UPDATE] Linux Kernel: Multiple Vulnerabilities

BSI warns of multiple unspecified Linux kernel vulnerabilities; the vague description (CVE IDs missing) suggests an aggregated security advisory rather than a single critical finding.

High
NEW A3
20

CVE-2026-45447

The vulnerability affects OpenSSL implementations processing S/MIME signed emails and could enable remote code execution when the SignedData digestAlgorithms field is empty.

High EPSS 0%
What has changed since yesterday? →
ESC