THE weekly CVE report from June 15-21, 2026, highlights 2,060 new vulnerabilities with 358 classified as critical and 861 as high severity. Four of these vulnerabilities are actively exploited and included in the CISA Known Exploited Vulnerabilities catalog. Notably, 1,703 entries have a CVSS score, averaging 7.50. Attackers particularly target edge devices and developer tools.
The report emphasizes the immediate need for remediation on actively exploited vulnerabilities and urges prioritization of internet-facing systems. Oracle products are the major source of vulnerabilities this week, along with notable risks from open-source ecosystems and WordPress plugins.