What you need to know today.

Oracle WebLogic Server is the latest addition to CISA's Known Exploited Vulnerabilities catalog, with CVE-2024-21182 flagged for active exploitation. This critical vulnerability allows unauthenticated attackers to bypass security controls, potentially leading to remote code execution. The flaw affects supported versions 12.2.1.4.0 and 14.1.1.0.0, and its inclusion in the KEV catalog mandates federal agency patching by early July. Multiple security outlets, including The Hacker News and BleepingComputer, have highlighted the urgency of this advisory, emphasizing the risk to organizations running vulnerable Oracle Fusion Middleware components.

A significant wave of critical vulnerabilities has been disclosed across various Progress Software products, particularly impacting Sitefinity. CVE-2026-7312 and CVE-2026-7198 are highlighted for their severity, with the former involving insufficient credential protection and the latter an improper access control flaw allowing unauthorized content access and potential full system compromise. These issues affect multiple versions of Sitefinity, underscoring the need for diligent patching across the product line. Cyber Security News and Vypr Intelligence have reported on these findings, noting the critical nature of the vulnerabilities.

Cloud Foundry's UAA component is susceptible to a critical private key exposure vulnerability, CVE-2026-40965. This flaw allows attackers to inadvertently obtain Elliptic Curve private keys through the public /token_keys endpoint, posing a severe risk to authentication and authorization mechanisms. The vulnerability affects UAA versions v76.12.0 through v78.12.0. While specific exploitation details are scarce, the direct exposure of cryptographic keys represents a high-impact security risk.

Several critical vulnerabilities have been identified in embedded and IoT devices, including Jinan USR IOT Technology Limited's USR-W610 converter and multiple Waterfall WF-500 models. CVE-2026-7786 in the USR-W610 firmware exposes plaintext administrative credentials, allowing easy extraction and unauthorized access. Meanwhile, multiple CVEs affecting Waterfall WF-500 devices, such as CVE-2025-41269, CVE-2025-41270, CVE-2025-41274, and CVE-2025-41275, involve OS command injection, while CVE-2025-41273 allows authentication bypass. These findings, reported by CISA and Vypr Intelligence, highlight ongoing risks in industrial and network edge devices.

Critical vulnerabilities affecting open-source projects and platforms include CVE-2026-0072 in the Android input method service, allowing local privilege escalation due to a missing permission check. Additionally, CVE-2025-53209 in WordPress Masteriyo LMS PRO enables privilege escalation, and CVE-2026-46376 in FreePBX could allow unauthenticated access to the User Control Panel via hard-coded credentials if not changed post-installation. These disclosures, noted by Vypr Intelligence and The Hacker News, underscore the importance of timely patching in widely used software ecosystems.