PeopleSoft CVE-2026-35273 adds Nissan and NAIC named victims
Classification: UPDATED(newvictim).
Today's intelligence updates PeopleSoft CVE-2026-35273 with Nissan and NAIC as named victims. That makes the owner route more concrete for organisations with HR, supplier or payroll exposure in PeopleSoft environments. Known Exploited (CISA KEV).
Recommended action: verify Oracle emergency mitigation/patch status, review late-May to mid-June PeopleSoft logs, and use Nissan/NAIC as fresh supplier/HR exposure evidence.
Identifiers: CVE-2026-35273
Sources: [BleepingComputer Nissan report](https://www.bleepingcomputer.com/news/security/nissan-discloses-employee-data-breach-linked-to-oracle-zero-day-attacks/); [BleepingComputer NAIC report](https://www.bleepingcomputer.com/news/security/naic-says-public-data-stolen-in-shinyhunters-peoplesoft-breach/); [Google Cloud threat intelligence report](https://cloud.google.com/blog/topics/threat-intelligence/shinyhunters-targets-education-sector-oracle-exploit); [Oracle security alert](https://www.oracle.com/security-alerts/alert-cve-2026-35273.html)
SimpleHelp CVE-2026-48558 exploitation deploys TaskWeaver and Djinn Stealer
Classification: NEW.
SimpleHelp CVE-2026-48558 is newly promoted in today's intelligence with reported exploitation deploying TaskWeaver and Djinn Stealer. The evidence supports immediate exposure checks, fixed-version validation, session review and indicator hunting. Known Exploited (CISA KEV).
Recommended action: identify internet-facing SimpleHelp, update fixed versions, invalidate unknown technician sessions, and hunt Blackpoint-linked IOCs.
Identifiers: CVE-2026-48558
Sources: [BleepingComputer report](https://www.bleepingcomputer.com/news/security/hackers-exploit-critical-simplehelp-flaw-deploy-new-djinn-infostealer-taskweaver-malware/)
Oracle E-Business Suite CVE-2026-46817 exploitation begins
Classification: UPDATED(activeexploitationconfirmed).
Today's intelligence updates Oracle E-Business Suite CVE-2026-46817 with observed exploitation on EBS honeypots over the weekend before 29 June 2026. That moves the item from patch governance into exposed-surface confirmation and log review.
Recommended action: verify May 2026 CPU coverage for CVE-2026-46817 and inventory exposed EBS HTTP surfaces.
Identifiers: CVE-2026-46817
Sources: [BleepingComputer report](https://www.bleepingcomputer.com/news/security/new-oracle-e-business-suite-flaw-now-exploited-in-attacks/)
CVE-2026-58053 Gitea actrunner privilege escalation
Classification: NEW.
CVE-2026-58053 is newly promoted in today's intelligence for Gitea act_runner privilege-escalation risk. The supported response is to check runner isolation and secret scope before assuming local exposure.
Recommended action: route Gitea runner owners; validate runner isolation, secret scope, and fixed build availability.
Identifiers: CVE-2026-58053
Sources: [CERT-Bund security advisory](https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-2116)
CVE-2022-24724 CERT-Bund RHEL code-execution update
Classification: NEW.
CVE-2022-24724 is newly promoted in today's intelligence for CERT-Bund-driven Red Hat Enterprise Linux owner routing. The evidence supports a patch-state verification task, not an exploitation claim.
Recommended action: route to Linux platform owners and verify Red Hat Enterprise Linux patch state where CERT-Bund WID-SEC feeds drive triage.
Identifiers: CVE-2022-24724
Sources: [CERT-Bund security advisory](https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0717)
CVE-2022-45061 CERT-Bund Python denial-of-service update
Classification: NEW.
CVE-2022-45061 is newly promoted in today's intelligence as a Python denial-of-service routing item. The evidence supports baseline verification across runtimes and build stacks, with no added exploitation claim.
Recommended action: verify Python runtime baselines in application, automation, and build stacks.
Identifiers: CVE-2022-45061
Sources: [CERT-Bund security advisory](https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-2043)
Flowise CVE-2025-71324 arbitrary file read exposes default database content
Classification: NEW.
Flowise CVE-2025-71324 is newly promoted in today's intelligence as an arbitrary file-read issue that can expose default database content. The evidence supports patching and secret rotation if default SQLite database exposure cannot be ruled out.
Recommended action: patch Flowise to 3.0.6 or later and rotate secrets if the default Flowise SQLite database exposure cannot be ruled out.
Identifiers: CVE-2025-71324
Sources: [NVD vulnerability record](https://nvd.nist.gov/vuln/detail/CVE-2025-71324); [Flowise GitHub advisory](https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-99pg-hqvx-r4gf)
CVE-2026-44271 Dell Wyse Management Suite SQL injection
Classification: NEW.
CVE-2026-44271 is newly promoted in today's intelligence with Dell Wyse Management Suite affected. The brief supports updating to WMS 2605 or later and reviewing exposed management surfaces.
Recommended action: update Dell Wyse Management Suite to WMS 2605 or later and review exposed management surfaces.
Identifiers: CVE-2026-44271
Sources: [NVD vulnerability record](https://nvd.nist.gov/vuln/detail/CVE-2026-44271); [Dell security advisory](https://www.dell.com/support/kbdoc/en-us/000472001/dsa-2026-247)
Dgraph CVE-2026-44840 DQL injection through checkUserPassword GraphQL query
Classification: NEW.
Dgraph CVE-2026-44840 is newly promoted in today's intelligence for DQL injection through the checkUserPassword GraphQL query. The evidence supports upgrading and reviewing exposed GraphQL endpoints that use @secret.
Recommended action: upgrade Dgraph to 25.3.4 or later; review exposed GraphQL endpoints using @secret and hunt crafted checkUserPassword requests.
Identifiers: CVE-2026-44840
Sources: [Dgraph GitHub advisory](https://github.com/advisories/GHSA-q2m9-6jp9-c6mc); [Dgraph release notes](https://github.com/dgraph-io/dgraph/releases/tag/v25.3.4)
Dell DDPM Mac CVE-2026-46734 certificate-validation bypass
Classification: NEW.
Dell DDPM Mac CVE-2026-46734 is newly promoted in today's intelligence for certificate-validation bypass risk. The evidence supports updating Dell Display and Peripheral Manager for Mac across managed macOS fleets.
Recommended action: update Dell Display and Peripheral Manager for Mac to 2.3 or later across managed macOS fleets.
Identifiers: CVE-2026-46734
Sources: [NVD vulnerability record](https://nvd.nist.gov/vuln/detail/CVE-2026-46734); [Dell security advisory](https://www.dell.com/support/kbdoc/en-pw/000475656/dsa-2026-267)
Also tracked
- OpenAM CVE-2026-47424/CVE-2026-47426/CVE-2026-48717 identity cluster · CVE-2026-47424 · High
- Adobe Acrobat PDF Extension for Chrome CVE-2026-48294 exposes cross-origin session data · CVE-2026-48294 · High
- CVE-2026-58050 libssh2 publickey integer overflow · CVE-2026-58050 · High
- OpenText Access Manager CVE-2026-11877 allows unauthorized configuration modification · CVE-2026-11877 · Medium
- CVE-2026-12050 pgAdmin SQL injection · CVE-2026-12050 · Medium
- CVE-2026-41493 HCL BigFix Compliance Ruby advisory · CVE-2026-41493 · Medium
- Dell DDPM Mac CVE-2026-46732 race-condition privilege escalation · CVE-2026-46732 · Medium
- CVE-2026-50519 GitHub Copilot and Visual Studio Code insecure default · CVE-2026-50519 · Medium
- LibreChat CVE-2026-54040 weakens backup-code recovery controls · CVE-2026-54040 · Medium
- CVE-2026-55602 http-proxy-middleware host+path routing flaw · CVE-2026-55602 · Medium
- CVE-2026-58055 nghttp2 nghttpx request smuggling · CVE-2026-58055 · Medium
- Rapid7 InsightConnect plugin command-injection cluster · CVE-2026-8658 · Medium
- CVE-2026-50521 Microsoft Edge Chromium code-execution advisory · CVE-2026-50521 · Unknown
- CVE-2026-54347 Froxlor multi-vulnerability advisory · CVE-2026-54347 · Unknown
- Ubuntu USN-8480-1 ships SQLite FTS5 memory-handling fixes
- Ubuntu USN-8481-1 ships NSS PKCS#11 URI parsing fixes
- Polymarket frontend supply-chain incident reaches Check Point weekly reporting
- Weekly recap patch/remediation sidecar item