Secure Bulletin Navigating the cyber sea with knowledge
Home > Tag > actively exploited
#actively exploited

Hackers Actively Exploit CVE-2026-46817 in Oracle E-Business Suite — 456 Attacks Recorded in 24 Hours

30 June 2026  |  dark6  |  Vulnerability

Threat actors are actively exploiting CVE-2026-46817, a critical CVSS 9.8 unauthenticated remote takeover flaw in Oracle E-Business Suite, with 456 attack hits recorded in a single day across...

>> read more

CISA Flags Actively Exploited Ubiquiti UniFi OS Vulnerabilities — Patch Deadline June 26

25 June 2026  |  dark6  |  Vulnerability

CISA has added three Ubiquiti UniFi OS vulnerabilities to its KEV catalog following confirmed active exploitation. Federal agencies must patch by June 26, 2026; the chained flaws enable...

>> read more

Critical Fortinet FortiSandbox Vulnerabilities Actively Exploited in the Wild

17 June 2026  |  dark6  |  Vulnerability

Threat actors are actively exploiting three critical Fortinet FortiSandbox vulnerabilities — including CVE-2026-39813, which has no prior exploitation history. All flaws allow unauthenticated remote access via the JRPC...

>> read more

CVE-2026-20262: Cisco Catalyst SD-WAN vManage Zero-Day Actively Exploited in Enterprise Attacks

16 June 2026  |  dark6  |  Vulnerability

Cisco has confirmed active zero-day exploitation of CVE-2026-20262, an arbitrary-file-write vulnerability in Catalyst SD-WAN Manager (vManage) that allows attackers to deploy web shells and escalate to root. No...

>> read more

CVE-2026-54420: LiteSpeed cPanel Plugin Zero-Day Actively Exploited to Escalate Privileges to Root

16 June 2026  |  dark6  |  Vulnerability

A critical actively exploited zero-day in the LiteSpeed cPanel user-end plugin (CVE-2026-54420) enables attackers to escalate privileges to root, breaking tenant isolation in shared hosting environments. Patch to...

>> read more

CISA BOD 26-04: Federal Agencies Must Patch Critical Vulnerabilities Within 3 Days Under New Risk-Based Mandate

12 June 2026  |  dark6  |  Vulnerability

CISA has issued Binding Operational Directive BOD 26-04, requiring federal civilian agencies to patch the most critical vulnerabilities — those that are internet-exposed, KEV-listed, automatable, and grant full...

>> read more

CVE-2026-5027: Critical Langflow Path Traversal Flaw Actively Exploited for Remote Code Execution

12 June 2026  |  dark6  |  Vulnerability

A critical path traversal vulnerability (CVE-2026-5027, CVSS 8.8) in Langflow is being actively exploited to achieve remote code execution on exposed servers. No official patch is available, and...

>> read more

CVE-2025-48595: Android 0-Day Actively Exploited — Patch Your Devices Now

4 June 2026  |  dark6  |  Vulnerability

Google has confirmed active exploitation of CVE-2025-48595, a zero-click Android Framework privilege escalation flaw affecting Android 14-16. Devices without the June 2026 patch remain at risk of complete...

>> read more