freshcrate
Skin:/

freshcrate security

Latest high-impact CVEs, exploited vulnerability links, breach disclosures, and security news for agent operators.

Critical CVEs
0
High CVEs
0
CISA KEV
30
Breaches
20
News
30
Fetched: 7/9/2026, 7:10:46 PM • API: /api/security
Recent high CVEs
No recent CVEs cached yet.
Known exploited vulnerabilities
CVE-2026-48908unknownexploited2026-07-07

JoomShaper SP Page Builder contains an unrestricted upload of file with dangerous type vulnerability that allows unauthenticated users to upload arbitrary files, ultimately resulting in the upload and execution of PHP code.

JoomShaperSP Page Builder
CISA due: 2026-07-10Ransomware use: Unknown
CVE-2026-55255unknownexploited2026-07-07

Langflow contains an authorization bypass through user-controlled key vulnerability which allows an authenticated attacker to execute any flow belonging to another user by specifying the victim's flow ID in the request.

LangflowLangflow
CISA due: 2026-07-10Ransomware use: Unknown
CVE-2026-56290unknownexploited2026-07-07

Joomlack Page Builder contains an improper access control vulnerability that could allow for remote code execution via unauthenticated arbitrary file upload.

JoomlackPage Builder
CISA due: 2026-07-10Ransomware use: Unknown
CVE-2026-48282unknownexploited2026-07-07

Adobe ColdFusion contains a path traversal vulnerability that could lead to arbitrary code execution in the context of the current user.

AdobeColdFusion
CISA due: 2026-07-10Ransomware use: Unknown
CVE-2026-45659unknownexploited2026-07-01

Microsoft SharePoint Server contains a deserialization of untrusted data vulnerability which allows an authorized attacker to execute code over a network.

MicrosoftSharePoint Server
CISA due: 2026-07-04Ransomware use: Unknown
CVE-2026-48558unknownexploited2026-06-29

SimpleHelp contains an authentication bypass vulnerability in the OIDC authentication flow. When OIDC authentication is configured, identity tokens submitted during login are accepted without verifying their cryptographic signature. In a vulnerable configuration, a remote, unauthenticated attacker can submit a forged token containing arbitrary identity claims to obtain a fully authenticated technician session. In som

SimpleHelp SimpleHelp
CISA due: 2026-07-02Ransomware use: Unknown
CVE-2026-12569unknownexploited2026-06-25

PTC Windchill and FlexPLM contains an improper input validation vulnerability allowing an unauthenticated, remote attacker to execute arbitrary code by sending a malicious request to the network.

PTCWindchill and FlexPLM
CISA due: 2026-06-28Ransomware use: Unknown
CVE-2026-20230unknownexploited2026-06-25

Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) contain a server-side request forgery (SSRF) Vulnerability that could allow an unauthenticated, remote attacker to write files to the underlying operating system that could be used later to elevate to root.

CiscoUnified Communications Manager
CISA due: 2026-06-28Ransomware use: Unknown
CVE-2025-67038unknownexploited2026-06-23

Lantronix EDS5000 contains a code injection vulnerability that could allow attackers to inject arbitrary OS commands into the username parameter. Injected commands are executed with root privileges.

LantronixEDS5000
CISA due: 2026-06-26Ransomware use: Unknown
CVE-2026-34910unknownexploited2026-06-23

Ubiquiti UniFi OS contains an improper input validation vulnerability which could allow a malicious actor with access to the network to conduct command injection.

UbiquitiUniFi OS
CISA due: 2026-06-26Ransomware use: Unknown
CVE-2026-34909unknownexploited2026-06-23

Ubiquiti UniFi OS contains a path traversal vulnerability which could allow a malicious actor with access to the network to access files on the underlying system that could be manipulated to access an underlying account.

UbiquitiUniFi OS
CISA due: 2026-06-26Ransomware use: Unknown
CVE-2026-34908unknownexploited2026-06-23

Ubiquiti UniFi OS contains an improper access control vulnerability which could allow a malicious actor with access to the network to make unauthorized changes to the system.

UbiquitiUniFi OS
CISA due: 2026-06-26Ransomware use: Unknown
CVE-2026-20253unknownexploited2026-06-18

Splunk Enterprise contains a missing authentication for critical function vulnerability which could allow an unauthenticated user to create or truncate arbitrary files through a PostgreSQL sidecar service endpoint.

SplunkEnterprise
CISA due: 2026-06-21Ransomware use: Unknown
CVE-2026-48907unknownexploited2026-06-16

Widget Factory Joomla Content Editor contains an improper access control vulnerability which could allow for upload and execution of PHP code via the creation of new editor profiles for unauthenticated users.

Widget FactoryJoomla Content Editor
CISA due: 2026-06-19Ransomware use: Unknown
CVE-2026-54420unknownexploited2026-06-15

LiteSpeed cPanel plugin contains a UNIX symbolic link (Symlink) following vulnerability that could allow a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS.

LiteSpeedcPanel Plugin
CISA due: 2026-06-18Ransomware use: Unknown
CVE-2026-20262unknownexploited2026-06-15

Cisco Catalyst SD-WAN Manager contains a directory or path traversal vulnerability that could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem of an affected system.

CiscoCatalyst SD-WAN Manager
CISA due: 2026-06-29Ransomware use: Unknown
CVE-2026-35273unknownexploited2026-06-12

Oracle PeopleSoft Enterprise PeopleTools contains a missing authentication for critical function vulnerability which could allow an unauthenticated attacker to obtain takeover of PeopleSoft Enterprise PeopleTools.

Oracle PeopleSoft Enterprise PeopleTools
CISA due: 2026-06-15Ransomware use: Known
CVE-2026-10520unknownexploited2026-06-11

Ivanti Sentry (formerly known as MobileIron Sentry) contains an OS command injection vulnerability which could allow a remote unauthenticated user to achieve root-level remote code execution. This vulnerability can be successfully exploited in cases where the Sentry appliance is in an unmanaged state with its endpoints externally reachable. The use of mTLS with EPMM or restricted HTTPS access through Neurons for MDM

IvantiSentry
CISA due: 2026-06-14Ransomware use: Unknown
CVE-2026-11645unknownexploited2026-06-09

Google Chromium V8 out-of-bounds read and write vulnerability that could allow a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

GoogleChromium V8
CISA due: 2026-06-23Ransomware use: Unknown
CVE-2026-7473unknownexploited2026-06-09

Arista Extensible Operating System (EOS) contains an incomplete comparison with missing factors vulnerability when the switch incorrectly decapsulate and forwards other unexpected tunneled packet with a destination IP matching its configured decapsulation IP.

AristaExtensible Operating System
CISA due: 2026-06-23Ransomware use: Unknown
CVE-2026-20245unknownexploited2026-06-09

Cisco Catalyst SD-WAN Manager formerly SD-WAN vManage contains an improper encoding or escaping of output vulnerability. This vulnerability could allow an authenticated, local attacker to execute arbitrary commands as root by supplying a crafted file to the affected system.

CiscoCatalyst SD-WAN Manager
CISA due: 2026-06-23Ransomware use: Unknown
CVE-2026-42271unknownexploited2026-06-08

BerriAI LiteLLM contains a command injection vulnerability that could allow any authenticated user, including holders of low-privilege internal-user keys, to run arbitrary commands on the host.

BerriAILiteLLM
CISA due: 2026-06-22Ransomware use: Unknown
CVE-2026-50751unknownexploited2026-06-08

Check Point Security Gateway contains an improper authentication vulnerability in IKEv1 key exchange that could allow an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password.

Check PointSecurity Gateway
CISA due: 2026-06-11Ransomware use: Known
CVE-2026-28318unknownexploited2026-06-05

SolarWinds Serv-U contains an uncontrolled resource consumption vulnerability that allows specially crafted POST requests using the Content-Encoding: deflate header to crash the Serv-U service without authentication.

SolarWindsServ-U
CISA due: 2026-06-19Ransomware use: Unknown
CVE-2026-45247unknownexploited2026-06-03

Mirasvit Full Page Cache Warmer contains a deserialization of untrusted data vulnerability that could allow unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in the CacheWarmer cookie.

MirasvitMirasvit Full Page Cache Warmer
CISA due: 2026-06-06Ransomware use: Unknown
CVE-2022-0492unknownexploited2026-06-02

Linux Kernel contains an improper authentication vulnerability which could allow for privilege escalation via the cgroups v1 release_agent feature.

LinuxKernel
CISA due: 2026-06-05Ransomware use: Unknown
CVE-2025-48595unknownexploited2026-06-02

Android Framework contains an integer overflow vulnerability that allows for code execution that could allow for local privilege escalation.

AndroidFramework
CISA due: 2026-06-05Ransomware use: Unknown
CVE-2024-21182unknownexploited2026-06-01

Oracle WebLogic contains an unspecified vulnerability that could allow an unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data.

OracleWebLogic Server
CISA due: 2026-06-04Ransomware use: Unknown
CVE-2026-0257unknownexploited2026-05-29

Palo Alto Networks PAN-OS contains an authentication bypass vulnerability that allows attackers to bypass security restrictions and establish an unauthorized VPN connection.

Palo Alto NetworksPAN-OS
CISA due: 2026-06-01Ransomware use: Unknown
CVE-2026-48027unknownexploited2026-05-27

Nx Console contains an embedded malicious code vulnerability that allowed a malicious version of Nx Console to be published. The compromised extension fetched an obfuscated payload that could harvested credentials from multiple sources on disk and in memory.

NxNx Console
CISA due: 2026-06-10Ransomware use: Known
Latest breach disclosures
Moody Bible Instituteverified2026-07-03
2.3M accountsmoody.edu
Dates of birthEmail addressesGendersMarital statusesNamesPhone numbersPhysical addresses
Syscoverified2026-06-28
2.7M accountssysco.com
Customer feedbackEmail addressesEmployersJob titlesNamesPhone numbersPhysical addressesUsernames
American Towerverified2026-06-26
217K accountsamericantower.com
Email addressesJob titlesNamesPhone numbersPhysical addresses
9.8M accountsmsgsports.com
Customer service recordsEmail addressesNamesPhone numbersPhysical addresses
JCPenneyverified2026-06-20
368K accountsjcpenny.com
Dates of birthEmail addressesGovernment issued IDsJob titlesNamesPhone numbersPhysical addressesUsernames
Ralph Laurenverified2026-06-18
140K accountsralphlauren.com
Age groupsEmail addressesGendersNamesPhone numbers
CFGIverified2026-06-18
248K accountscfgi.com
Email addressesEmployersJob titlesNamesPhone numbersPhysical addresses
Berkadiaverified2026-06-15
305K accountsberkadia.com
Email addressesEmployersNamesPhone numbersPhysical addresses
Infinite Campusverified2026-06-15
137K accountsinfinitecampus.com
Email addressesEmployersJob titlesNamesPhone numbersPhysical addressesSupport ticketsUsernames
University of Nottinghamverified2026-06-10
455K accountsnottingham.ac.uk
Academic recordsCitizenship statusesDates of birthDisabilitiesEmail addressesEthnicitiesGendersIP addresses
Baker Distributingverified2026-06-07
103K accountsbakerdist.com
Email addressesNamesPhone numbersPhysical addressesSupport tickets
BCD Travelverified2026-06-05
396K accountsbcdtravel.com
Email addressesEmployersJob titlesNamesPhone numbersPhysical addressesSupport tickets
DentaQuestverified2026-06-03
2.6M accountsdentaquest.com
Dates of birthEmail addressesGendersGovernment issued IDsHealth insurance informationNamesPhone numbersPhysical addresses
Edmundsverified2026-06-01
178K accountsedmunds.com
Device informationEmail addressesIP addressesPasswordsPhone numbersUsernames
Atlas Menuverified2026-05-30
64K accountsatlasmenu.net
Email addressesIP addressesPasswordsSupport ticketsUsernames
Charterverified2026-05-28
4.9M accountscharter.com
Email addressesJob titlesNamesPhone numbersPhysical addresses
Kemperverified2026-05-28
269K accountskemper.com
Email addressesNamesPartial credit card dataPhone numbersPhysical addressesPurchases
Mytheresaverified2026-05-27
84K accountsmytheresa.com
Email addressesNamesPartial credit card dataPhone numbersPhysical addressesPurchasesSalutations
Security news

GitHub has officially announced the release of npm version 12 with install scripts disabled by default, along with deprecating granular access tokens (GATs) designed to bypass two-factor authentication (2FA). The Microsoft-owned subsidiary noted that the follo

2026-07-09

Security operations don't slow down when IT teams take vacation, but staffing levels often do. Kaseya explains how AI-driven automation can help organizations maintain consistent security operations and reduce reliance on manual processes year-round. [...]

2026-07-09

Everyone seems to have announced a clearinghouse over the past few weeks. We did too. Ours is called Athena, and the main thing that sets it apart is that it was already real and running when we announced it — built quietly months earlier, heads down, taking f

2026-07-09

Cybersecurity researchers have flagged a new ransomware family called GodDamn that employs the PoisonX kernel driver to neutralize security software as part of its defense evasion strategy. According to a new report published by the Threat Hunter Team from Sym

2026-07-09

Cybersecurity researchers have disclosed details of a new threat actor dubbed Lurking Lizard that has been operating an end-to-end malicious residential proxy business using an infrastructure comprising more than 230 lookalike domains. The activity dates back

2026-07-09

Specops Software explains how AI is making service desk impersonation attacks more convincing, personalized, and scalable, along with practical steps organizations can take to strengthen onboarding and identity verification. [...]

2026-07-08

A recent EvilTokens campaign targeting businesses across the US and Europe is exposing a new email security blind spot. This “ghost phishing” technique keeps the malicious page hidden until it decrypts and comes to life inside the victim’s browser. For securit

2026-07-08

A new banking fraudulent operation is targeting customers of Mexican banks, fintech, payment processors, and cryptocurrency exchanges using ClickFix lures. The activity cluster, tracked by Elastic Security Labs under the moniker REF6045, involves infecting vic

2026-07-08

For years, account takeover (ATO) followed a predictable script. Attackers bought stolen credentials in bulk, ran them through automated tools, and waited for matches. Credential stuffing was cheap, scalable, and for defenders, relatively well understood. That

2026-07-08
Sources