THE CVE report for June 22-28, 2026, reveals 1,909 new vulnerabilities, with 173 categorized as critical; 14 of these have a maximum CVSS score of 10. The week saw high-severity vulnerabilities primarily involving cross-site scripting and SQL injection. CISA added six new flaws to its Known Exploited Vulnerabilities catalog, highlighting active threats that need immediate attention.
Among the notable vulnerabilities are several critical flaws in various software and hardware that can allow unauthenticated access or account takeover. Organizations are advised to prioritize patching the KEV entries and critical 10-rated vulnerabilities, as exploitation is a concern.