Weekly Exploit Roundup

Generated 2026-06-09T08:00:14.985693+00:00 (UTC)

1. Critical Check Point VPN Zero-Day Exploited in the Wild (CVE-2026-50751)
   Source: Rapid7 Cybersecurity Blog | Published: 2026-06-08T17:05:16+00:00 | Score: 29.356
   Overview On June 8, 2026, Check Point published a security advisory for CVE-2026-50751 , a critical authentication bypass vulnerability affecting Check Point Remote Access VPN, Mobile Access, and Spark Firewall products. The vulnerability affects deployments configured to use the deprecated IKEv1 key exchange protocol where gateways accept legacy Remote Access clients and do not require a machine certificate for connections. CVE-2026-50751, classified as improper authentication ( CWE-287 ), has a CVSS score of 9.3. The vulnerability stems from a logic flow weakness in how Remote Access and Mobile Access components validate certificates during IKEv1 key exchange; successful exploitation allows an unauthenticated attacker to establish a VPN session without providing valid credentials. Per the vendor, additional post-authentication activity is required to access internal resources or escalate privileges. Check Point has indicated that CVE-2026-50751 is being actively exploited in the wild
2. Weekly Metasploit Update: Apache ActiveMQ RCE, Gogs Rebase RCE, and Windows Kernel Pointer Enum
   Source: Rapid7 Cybersecurity Blog | Published: 2026-06-05T17:01:48+00:00 | Score: 21.411
   When Open Source is a bit too Open Several fun modules landed this week, including an Apache RCE, Windows Kernel pointer collection, and Gogs RCE via naming. Leading off is Gogs' RCE that allows an attacker to execute commands by naming their branch –exec <command> and requesting a rebase. Another useful post module by CharlesQuinnDev enumerates the Kernel pointers leaked via the popular NtQuerySystemInformation technique. Those exposed pointers, combined with a good write primitive, make local privilege escalation easier to accomplish. Several local privilege escalations already use that technique, so exposing just that technique was a great call! New module content (3) Apache ActiveMQ RCE via Jolokia addNetworkConnector Authors: dinosn and h00die Type: Exploit Pull request: #21497 contributed by h00die Path: multi/http/apache_activemq_jolokia_rce AttackerKB reference: CVE-2026-34197 Adds a new exploit module exploit/multi/http/apache_activemq_jolokia_rce targeting CVE-2026-34197 in
3. Cisco Catalyst SD-WAN Manager CVE-2026-20245 Flaw Actively Exploited – No Patch Available
   Source: The Hacker News | Published: 2026-06-06T04:19:28+00:00 | Score: 21.348
   Cisco has warned that a high-severity security flaw impacting Catalyst SD-WAN Manager has come under active exploitation.

   The vulnerability, tracked as CVE-2026-20245, carries a CVSS score of 7.8 out of a maximum of 10.0. It affects the following deployment types –

   On-Prem Deployment
   Cisco SD-WAN Cloud-Pro
   Cisco SD-WAN Cloud (Cisco Managed)
   Cisco SD-WAN for Government (FedRAMP)

   "A

4. LiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to Unauthenticated RCE
   Source: The Hacker News | Published: 2026-06-09T06:26:14+00:00 | Score: 21.053
   The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity flaw impacting BerriAI LiteLLM to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.

   The vulnerability, tracked as CVE-2026-42271 (CVSS score: 8.7), is a command injection vulnerability that could allow any authenticated user to run arbitrary commands on the

5. Google June 2026 Android Update Patches 124 Flaws, One Actively Exploited
   Source: The Hacker News | Published: 2026-06-02T18:46:00+00:00 | Score: 19.42
   Google on Monday released patches for 124 security vulnerabilities impacting its Android operating system for the month of June 2026, including one high-severity flaw in the Framework component that has come under active exploitation.

   Tracked as CVE-2025-48595 (CVSS score: 8.4), the security flaw has been described as a case of privilege escalation without requiring any user interaction. The

6. Google Patches 5th Chrome Zero-Day Exploited in 2026
   Source: SecurityWeek | Published: 2026-06-09T05:57:40+00:00 | Score: 18.939
   The vulnerability is tracked as CVE-2026-11645 and it was reported in late April by an anonymous researcher. The post Google Patches 5th Chrome Zero-Day Exploited in 2026 appeared first on SecurityWeek .
7. Critical Check Point VPN Flaw Exploited to Bypass Passwords in IKEv1 Setups
   Source: The Hacker News | Published: 2026-06-08T14:17:39+00:00 | Score: 18.873
   Check Point has warned of active exploitation of a critical vulnerability impacting Remote Access VPN and Mobile Access deployments that are configured to use the deprecated IKEv1 key exchange protocol.

   The vulnerability, tracked as CVE-2026-50751 (CVSS score: 9.3), is a case of a logic flow weakness in certificate validation that allows an unauthenticated remote attacker to bypass user

8. CISA Adds Exploited Magento RCE Flaw CVE-2026-45247 to KEV Catalog
   Source: The Hacker News | Published: 2026-06-03T16:30:00+00:00 | Score: 18.567
   The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical flaw impacting Mirasvit Cache Warmer, a popular Magento full-page cache extension, to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation in the wild.

   The vulnerability, tracked as CVE-2026-45247 (CVSS score: 9.8), is a case of deserialization of untrusted

9. Hackers Exploit Critical Everest Forms Pro WordPress Plugin Flaw to Take Over Sites
   Source: The Hacker News | Published: 2026-06-05T08:38:59+00:00 | Score: 18.262
   Threat actors are actively exploiting a critical security flaw in Everest Forms Pro, a WordPress plugin with about 4,000 active installations, to execute arbitrary code, leading to a complete site compromise.

   The vulnerability in question is CVE-2026-3300 (CVSS score: 9.8), a remote code execution bug impacting all versions of the plugin up to, and including, 1.9.12. A patch for the flaw was

10. CISA Adds Actively Exploited SolarWinds Serv-U DoS Flaw to KEV Catalog
    Source: The Hacker News | Published: 2026-06-06T08:14:31+00:00 | Score: 17.464
    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity security flaw impacting SolarWinds Serv-U multi-protocol file server software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.

    The vulnerability, tracked as CVE-2026-28318 (CVSS score: 7.5), is a denial-of-service (DoS) bug that causes the service to crash

End of report.