Currently exploited — week of June 10, 2026
Newly catalogued exploited vulnerabilities affecting Google, Cisco, and others — per CISA's KEV feed this week.
Newly added to the KEV catalog
3 vulnerabilities were added to CISA's Known Exploited Vulnerabilities catalog this week.
CVE-2026-11645 (Google): Google Chromium V8 out-of-bounds read and write vulnerability that could allow a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
CVE-2026-20245 (Cisco): Cisco Catalyst SD-WAN Manager formerly SD-WAN vManage contains an improper encoding or escaping of output vulnerability. This vulnerability could allow an authenticated, local attacker to execute arbitrary commands as root by supplying a crafted file to the affected system.
CVE-2026-7473 (Arista): Arista Extensible Operating System (EOS) contains an incomplete comparison with missing factors vulnerability when the switch incorrectly decapsulate and forwards other unexpected tunneled packet with a destination IP matching its configured decapsulation IP.
Note: KEV captures vulnerabilities with **observed active exploitation** — older CVE ids that show up here are not stale, they're being exploited *now*.
Run a scan at scorifya.com to check if your stack exposes any of the same weaknesses — TLS, headers, DNS, and more in under 30 seconds.
Try a scan on scorifya.com, read how we score, or see Pro for unlimited scans and exports.