Threat feed

Known-exploited vulnerabilities

The Known-exploited slice of Stateward's threat feed: 4 curated incidents and attack techniques, each explaining how it happened and how to avoid it in your own code.

4 Known-exploited entries · 0 curated · part of 476 total advisories

RSS feed →JSON API →The vibe coder’s security checklist →

All topics (476)Web3 (78)Supply chain (262)AppSec (30)Secrets (8)OpSec (15)Phishing (8)Infra (31)AI/LLM (40)Known-exploited (4)

4 shown

HIGHKnown-exploitedexploitedCVE-2026-48907Widget Factory · Joomla Content Editor2026-06-16
Widget Factory Joomla Content Editor Improper Access Control Vulnerability. Widget Factory Joomla Content Editor contains an improper access control vulnerability which could allow for upload and execution of PHP code via the creation of new editor profiles for unauthenticated users.
HIGHKnown-exploitedexploitedCVE-2026-54420LiteSpeed · cPanel Plugin2026-06-15
LiteSpeed cPanel Plugin UNIX Symbolic Link (Symlink) Following Vulnerability. LiteSpeed cPanel plugin contains a UNIX symbolic link (Symlink) following vulnerability that could allow a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS.
HIGHKnown-exploitedexploitedCVE-2026-20262Cisco · Catalyst SD-WAN Manager2026-06-15
Cisco Catalyst SD-WAN Manager Directory or Path Traversal Vulnerability. Cisco Catalyst SD-WAN Manager contains a directory or path traversal vulnerability that could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem of an affected system.
CRITICALKnown-exploitedexploitedransomwareCVE-2026-35273Oracle · PeopleSoft Enterprise PeopleTools2026-06-12
Oracle PeopleSoft Enterprise PeopleTools Missing Authentication for Critical Function Vulnerability. Oracle PeopleSoft Enterprise PeopleTools contains a missing authentication for critical function vulnerability which could allow an unauthenticated attacker to obtain takeover of PeopleSoft Enterprise PeopleTools.

Get the weekly threat digest

New known-exploited vulnerabilities and landmark attacks, each with the fix, in your inbox. No spam, unsubscribe anytime.

Stateward checks your dependencies against this intelligence on every pull request, and tells you only what actually reaches your code.

See it on your repo