PoC Week 2026-06-15
The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count.
For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. I don’t vouch for any links in this list: follow them with caution.
CVE-2026-47291 NEW
- Severity: 9.8 CRITICAL
- Impacted Products: Microsoft Windows Server 2025, version 10.0.26100.32995
- Description: Microsoft Windows Server 2025 is affected by an integer overflow vulnerability in the Windows HTTP Protocol Stack (http.sys) that allows for remote code execution. An unauthenticated attacker can exploit this flaw by sending a specially crafted packet to a targeted server that utilizes the affected protocol stack.
- Remediation:
- More Info: NVD - CVE-2026-47291
- PoC:
CVE-2026-28318 NEW
- Severity: 7.5 HIGH
- Impacted Products: SolarWinds Serv-U versions prior to 15.5.4
- Description: SolarWinds Serv-U is affected by an uncontrolled resource consumption vulnerability that allows an unauthenticated remote attacker to cause a denial-of-service condition. The flaw is triggered by sending specially crafted POST requests using the Content-Encoding: deflate header to the service.
- Remediation:
- More Info: NVD - CVE-2026-28318
- PoC:
CVE-2026-7473 NEW
- Severity: 5.8 MEDIUM
- Impacted Products: Arista EOS
- Description: Arista EOS is affected by a security bypass vulnerability in its tunnel decapsulation handler that allows for the unauthorized processing and forwarding of tunneled traffic. This issue occurs because the system fails to verify the tunnel protocol type of incoming packets destined for a configured decapsulation IP address.
- Remediation:
- More Info: NVD - CVE-2026-7473
- PoC:
CVE-2026-50751 NEW
- Severity: 9.4 CRITICAL
- Impacted Products: Check Point Remote Access VPN, Check Point Mobile Access, Check Point Spark Firewall
- Description: Check Point Remote Access VPN, Mobile Access, and Spark Firewall products are affected by an authentication bypass vulnerability in the certificate validation logic. This flaw allows an unauthenticated remote attacker to establish a VPN connection without providing a valid password.
- Remediation:
- More Info: NVD - CVE-2026-50751
- PoC:
CVE-2026-35273 NEW
- Severity: 9.8 CRITICAL
- Impacted Products: Oracle PeopleSoft Enterprise PeopleTools 8.61, Oracle PeopleSoft Enterprise PeopleTools 8.62
- Description: Oracle PeopleSoft Enterprise PeopleTools is affected by a missing authentication vulnerability in the Updates Environment Management component that allows for remote code execution. This flaw enables an unauthenticated attacker to gain full control over the PeopleSoft environment via network access over HTTP.
- Remediation:
- More Info: NVD - CVE-2026-35273
- PoC:
CVE-2026-20245 NEW
- Severity: 7.8 HIGH
- Impacted Products: Cisco Catalyst SD-WAN Manager
- Description: Cisco Catalyst SD-WAN Manager is affected by a command injection vulnerability in its command-line interface (CLI) that allows an authenticated, local attacker to execute arbitrary commands with root privileges. The issue stems from insufficient validation of user-supplied input when processing files uploaded to the system.
- Remediation:
- More Info: NVD - CVE-2026-20245
- PoC:
CVE-2026-11645 NEW
- Severity: 9.6 CRITICAL
- Impacted Products: Google Chrome 149.0.7827.103
- Description: Google Chrome versions prior to 149.0.7827.103 are affected by an out-of-bounds read and write vulnerability in the V8 JavaScript engine. This flaw allows a remote attacker to execute arbitrary code within the browser’s sandbox via a crafted HTML page.
- Remediation:
- More Info: NVD - CVE-2026-11645
- PoC:
CVE-2026-45748 NEW
- Severity: 10.0 CRITICAL
- Impacted Products: Termix prior to version 2.3.2
- Description: Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. The
POST /ssh/tunnel/connectendpoint in Termix prior to version 2.3.2 builds an SSH tunnel command by interpolating user-controlled host record fields (endpointIP,endpointUsername,password) directly into a shell command without escaping, allowing persistent OS command injection on the source SSH host. Version 2.3.2 patches the issue. - Remediation:
- More Info: NVD - CVE-2026-45748
- PoC:
CVE-2026-25550 NEW
- Severity: 9.8 CRITICAL
- Impacted Products: Seagull Software BarTender 2010, Seagull Software BarTender 2016 <= R9, Seagull Software BarTender 2019 <= R10
- Description: Seagull Software BarTender 2010, 2016, and 2019 contain an unauthenticated remote code execution vulnerability in the .NET Remoting service exposed on TCP port 7375 via BtSystem.Service.exe. The service registers an unauthenticated singleton endpoint — BarTenderSystem for BarTender 2016 <= R9, and DataServiceSingleton for BarTender 2019 <= R10 — configured with BinaryServerFormatterSinkProvider and TypeFilterLevel set to Full. An unauthenticated remote attacker can exploit .NET Remoting…
- Remediation: Follow vendor security advisories and apply the latest patches. Review affected systems and prioritize patching based on exploitability and business impact.
- More Info: NVD - CVE-2026-25550
- PoC:
CVE-2026-20230 NEW
- Severity: 8.6 HIGH
- Impacted Products: Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition
- Description: Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) are affected by a server-side request forgery (SSRF) vulnerability that allows an unauthenticated, remote attacker to escalate privileges to root. This vulnerability is exploitable only when the WebDialer service, which is disabled by default, is enabled on the device.
- Remediation:
- More Info: NVD - CVE-2026-20230
- PoC:
CVE-2022-0492
- Severity: 7.8 HIGH
- Impacted Products: Linux Kernel versions from 2.6.24 up to 5.16
- Description: A flaw in Linux kernel’s cgroup_release_agent_write allows privilege escalation and namespace isolation bypass.
- Remediation: Update to a patched Linux Kernel version.
- More Info: NVD - CVE-2022-0492
- PoC: https://github.com/T1erno/CVE-2022-0492-Docker-Breakout-Checker-and-PoC
CVE-2020-1938
- Severity: 9.8 CRITICAL
- Impacted Products: Apache Tomcat
- Description: A vulnerability exists within the AJP Connector in Tomcat because the default configuration allows AJP connections to have higher trust and it is also enabled to listen on all configured IP addresses. Apache wrote that the risks were previously documented and they recommended steps to disable the Connector if it wasn’t required.
- Remediation:
- More Info: NVD - CVE-2020-1938
- PoC:
CVE-2026-4747 NEW
- Severity: 8.8 HIGH
- Impacted Products: FreeBSD, kgssapi.ko, librpcgss_sec
- Description: FreeBSD is affected by a stack-based buffer overflow vulnerability in its RPCSEC_GSS implementation that can lead to remote code execution. This flaw exists in both the kernel module kgssapi.ko and the userspace library librpcgss_sec during the validation of RPCSEC_GSS data packets.
- Remediation:
- More Info: NVD - CVE-2026-4747
- PoC:
CVE-2026-33691 NEW
- Severity: 6.8 MEDIUM
- Impacted Products: OWASP Core Rule Set (CRS) versions prior to 3.3.9, OWASP Core Rule Set (CRS) versions prior to 4.25.0
- Description: OWASP Core Rule Set (CRS) is affected by a security bypass vulnerability that allows attackers to upload files with dangerous extensions by using whitespace padding in filenames. This flaw enables the upload of restricted file types like .php or .jsp, potentially leading to remote code execution.
- Remediation:
- More Info: NVD - CVE-2026-33691
- PoC:
References
This list was scraped from the quite amazing and highly recommended newsletters below:
Thanks for reading! For corrections, omissions (e.g. newsletter recs) feel free to get in touch.