Currently exploited — week of June 17, 2026
Newly catalogued exploited vulnerabilities affecting Widget Factory, Cisco, and others — per CISA's KEV feed this week.
Newly added to the KEV catalog
3 vulnerabilities were added to CISA's Known Exploited Vulnerabilities catalog this week.
CVE-2026-48907 (Widget Factory): Widget Factory Joomla Content Editor contains an improper access control vulnerability which could allow for upload and execution of PHP code via the creation of new editor profiles for unauthenticated users.
CVE-2026-20262 (Cisco): Cisco Catalyst SD-WAN Manager contains a directory or path traversal vulnerability that could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem of an affected system.
CVE-2026-54420 (LiteSpeed): LiteSpeed cPanel plugin contains a UNIX symbolic link (Symlink) following vulnerability that could allow a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS.
Note: KEV captures vulnerabilities with **observed active exploitation** — older CVE ids that show up here are not stale, they're being exploited *now*.
Run a scan at scorifya.com to check if your stack exposes any of the same weaknesses — TLS, headers, DNS, and more in under 30 seconds.
Try a scan on scorifya.com, read how we score, or see Pro for unlimited scans and exports.