A3
20 Microsoft Edge: Multiple Vulnerabilities
BSI warns of multiple vulnerabilities in Microsoft Edge enabling active security bypass and code execution; specific CVE numbers and patch status are not detailed in the source.
High
What has changed?
Comparing 13 June 2026 with the previous day 12 June 2026.
Newly added
1Newly KEV-listed
0No changes in this category.
Score moved
0No changes in this category.
No longer in report
26 KEV B1
62 The April 2026 Security Update Review
Extensive patch collection with 60+ Adobe CVEs and Windows EoP bugs; active exploitation in Reader area requires prioritization, but no nation-state implication identified.
Medium
CVSS
6.5
EPSS
53%
NEW A2
100 CVE-2026-47368 , Path Traversal Vulnerability in UniFi OS
The vulnerability enables data theft directly from UniFi devices by network-internal attackers without requiring authentication.
Critical
CVSS
8.6
EPSS
0%
NEW A2
100 CVE-2026-47369 , Improper Input Validation in UniFi OS Allows Local Privilege Escalation
The vulnerability requires existing network access with low privileges and affects locally installed UniFi OS devices, not cloud-based management consoles.
Critical
CVSS
9.9
EPSS
0%
NEW A2
100 CVE-2026-48610
The vulnerability allows unauthorized network-based modification of UniFi OS device configurations without authentication.
Critical
CVSS
8.1
EPSS
0%
NEW A2
100 CVE-2026-47370: Command Injection Vulnerability in UniFi OS
The vulnerability enables Command Injection on UniFi OS devices with only low-privilege network access, presenting elevated lateral movement risk within network infrastructure.
Critical
CVSS
9.9
EPSS
0%
NEW Velvet Ant C3
80 China-Linked Hackers Backdoored Linux Login Software to Hide for Nearly a Decade
Chinese APT group Velvet Ant has compromised Linux authentication components (PAM/OpenSSH) themselves over nearly a decade to achieve deep persistence , a strategy that evades conventional malware detection and requires integrity verification of core OS components.
Critical
NEW A2
71 CVE-2026-47965
The vulnerability enables remote code execution with user interaction and affects Acrobat Reader versions deployed across many production environments.
High
CVSS
7.8
EPSS
0%
B2
68 CVE-2026-33824: Remote Code Execution in Windows IKEv2
Unauthenticated remote exploitation of a double-free vulnerability in Windows IKEv2 can crash or execute code on VPN gateways.
High
CVSS
9.8
EPSS
0%
NEW A3
54 CVE-2026-12007: Use-After-Free in Google Chrome on Windows Prior to 149.0.7827.115 Allows Remote Code Execution
A use-after-free vulnerability in Chrome's core allows attackers to execute arbitrary code via crafted HTML pages,a frequently exploited attack class targeting browsers.
Critical
EPSS
0%
NEW A3
54 CVE-2026-12008: Use-After-Free in DigitalCredentials in Google Chrome prior to 149.0.7827.115 allows sandbox escape
A sandbox escape in Google Chrome's renderer process enables attack-chain escalation if an attacker already controls renderer-process code execution.
Critical
EPSS
0%
NEW A3
54 CVE-2026-12009: Critical Sandbox Escape in Google Chrome on Mac prior to 149.0.7827.115
A critical sandbox escape vulnerability enables remote code execution with full OS-level access if an attacker has already compromised the Chrome renderer process.
Critical
EPSS
0%
NEW C3
51 Ubiquiti UniFi OS: Critical Vulnerabilities Allow Code Injection
Five vulnerabilities in UniFi OS and UID Enterprise Agent allow attackers not only code injection but also security bypass and data access; patches are already available.
Critical
NEW A3
51 [UPDATE] Ubiquiti UniFi OS: Multiple Vulnerabilities
BSI warning of multiple critical vulnerabilities in Ubiquiti UniFi OS enabling remote code execution and privilege escalation , patches required.
Critical
NEW C3
51 Ubiquiti UniFi OS: Critical Code Injection Vulnerabilities and More
The report is a patch announcement without details on active exploits or attack campaigns; specific CVE numbers and vulnerability details are not fully accessible from the provided text.
Critical
NEW A2
47 CVE-2026-47224: Heap Buffer-Overflow in NanaZip LVM2 Metadata Parser
The vulnerability enables heap buffer-overflow via crafted LVM disk images when opened locally , patching to version 6.0.1698.0 or later is required.
Medium
CVSS
4.3
EPSS
0%
A2
41 VU#158530: PCTCore64.sys Windows kernel driver contains missing access control vulnerability
A signed but legacy driver from PC Tools (unmaintained since 2013) can still be exploited as a BYOVD vector in modern Windows systems for privilege escalation and credential theft.
Medium
CVSS
7.8
EPSS
0%
C3
37 Patch Now: Another Palo Alto Auth Bypass Bug Under Active Exploit
A Palo Alto Networks GlobalProtect authentication bypass is currently being exploited in active attack waves since mid-May, not theoretical proof-of-concept.
Critical
NEW A3
20 CVE-2026-12014: Use After Free in Cast in Google Chrome prior to 149.0.7827.115
The vulnerability enables sandbox escape through malicious local network traffic, going beyond a simple crash and allowing code execution with elevated privileges.
High
EPSS
0%
NEW A3
20 CVE-2026-12015: Use After Free in Autofill in Google Chrome Prior to 149.0.7827.115
The vulnerability allows an attacker with access to the renderer process to extract sensitive data from process memory; exploitation requires a pre-compromised rendering environment.
High
EPSS
0%
NEW A3
20 CVE-2026-12016: Inappropriate Implementation in DevTools in Google Chrome Prior to 149.0.7827.115 Allows Sandbox Escape
A sandbox escape in Chrome DevTools requires a compromised renderer process but enables elevated attack capabilities against targeted developers or technical users.
High
EPSS
0%
NEW A3
20 CVE-2026-12029 , Use After Free in Video in Google Chrome on Windows prior to 149.0.7827.115
The vulnerability requires that the renderer process must already be compromised; exploit potential is therefore limited to scenarios involving prior code execution.
High
EPSS
0%
NEW A3
20 CVE-2026-12024: Insufficient Policy Enforcement in Google Chrome DevTools Allows Same-Origin Policy Bypass
A same-origin policy bypass in Chrome DevTools allows attackers to access data from other origins via crafted HTML pages, which is particularly relevant for phishing and data theft scenarios.
High
EPSS
0%
NEW A3
20 CVE-2026-12031: Google Chrome Sandbox Escape Vulnerability on Windows Prior to 149.0.7827.115
The vulnerability requires an already-compromised renderer process, limiting practical exploitability; this is a routine patch notification with no indication of active exploitation.
High
EPSS
0%
NEW A3
20 CVE-2026-12035 | Use after free in Views in Google Chrome on Windows prior to 149.0.7827.115
This is a standard Chrome security update with no indication of active exploitation or targeted campaigns against manufacturing organizations.
High
EPSS
0%
NEW A3
20 Google Chrome: Multiple Vulnerabilities
BSI warning for multiple unspecified Chrome vulnerabilities without CVE details; patch availability and exploitation status not mentioned in the source.
High
A3
20 Google Chrome and Microsoft Edge: Multiple Vulnerabilities
The BSI warns of multiple unspecified vulnerabilities in widely deployed browsers without providing specific CVE numbers or exploitation status , patch management action required, but no active campaign known.
High