cyber
·
news
News
Deep Dives
Settings
Sign in
1015 items
Unread (2150)
All
Dismissed
All
Critical
High
Supply Chain
Ransomware
Breaches
Zero-Day
CVEs
HIGH
CVE-2026-6897 (CVSS 8.8) — The Wishlist Member plugin for WordPress is vulnerable to unauthorized modification of data due to a...
NVD
CVE-2026-6897
14d ago
HIGH
CVE-2026-6895 (CVSS 8.8) — The WishList Member plugin for WordPress is vulnerable to Missing Authorization leading to Sensitive...
NVD
CVE-2026-6895
14d ago
HIGH
CVE-2026-6419 (CVSS 8.8) — The WishList Member plugin for WordPress is vulnerable to Privilege Escalation via Missing Authoriza...
NVD
CVE-2026-6419
14d ago
HIGH
CVE-2026-45659 (CVSS 8.8) — Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to ex...
NVD
CVE-2026-45659
+1
14d ago
INFO
Microsoft Patches SharePoint RCE Flaw CVE-2026-45659 Across Server Versions
The Hacker News
11d ago
HIGH
CVE-2026-35430 (CVSS 8.8) — Authorization bypass through user-controlled key in Azure Privileged Identity Management (PIM) allow...
NVD
CVE-2026-35430
14d ago
HIGH
CVE-2026-26147 (CVSS 7.7) — Improper input validation in Azure Compute Gallery allows an authorized attacker to disclose informa...
NVD
CVE-2026-26147
14d ago
HIGH
CVE-2026-23663 (CVSS 7.5) — Improper privilege management in Azure Entra ID allows an unauthorized attacker to elevate privilege...
NVD
CVE-2026-23663
14d ago
HIGH
CVE-2026-41071 (CVSS 8.1) — libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a crafted ...
NVD
CVE-2026-41071
14d ago
HIGH
CVE-2026-3294 (CVSS 8.8) — An authentication logic vulnerability in multiple TP-Link range extenders allows an unauthenticated ...
NVD
CVE-2026-3294
14d ago
HIGH
CVE-2026-5843 (CVSS 8.2) — The MLX inference backend in Docker Model Runner on macOS uses the MLX-LM library, which uncondition...
NVD
CVE-2026-5843
14d ago
HIGH
CVE-2026-5817 (CVSS 8.2) — The vllm-metal inference backend in Docker Model Runner on macOS unconditionally sets trust_remote_c...
NVD
CVE-2026-5817
14d ago
HIGH
CVE-2026-8671 (CVSS 7.5) — Insertion of sensitive information into log file vulnerability in syslink software AG Avantra on Lin...
NVD
CVE-2026-8671
14d ago
HIGH
CVE-2026-9011 (CVSS 7.5) — The Ditty – Responsive News Tickers, Sliders, and Lists plugin for WordPress is vulnerable to author...
NVD
CVE-2026-9011
15d ago
HIGH
CVE-2026-8679 (CVSS 7.5) — The AudioIgniter plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions ...
NVD
CVE-2026-8679
15d ago
HIGH
CVE-2026-9018 (CVSS 8.8) — The Easy Elements for Elementor – Addons & Website Templates plugin for WordPress is vulnerable to P...
NVD
CVE-2026-9018
15d ago
HIGH
CVE-2026-4834 (CVSS 7.5) — The WP ERP Pro plugin for WordPress is vulnerable to SQL Injection via the 'search_key' parameter in...
NVD
CVE-2026-4834
15d ago
HIGH
CVE-2026-8434 (CVSS 8.8) — Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controlle...
NVD
CVE-2026-8434
15d ago
HIGH
CVE-2026-8433 (CVSS 8.8) — Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controlle...
NVD
CVE-2026-8433
15d ago
HIGH
CVE-2026-8432 (CVSS 8.8) — Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controlle...
NVD
CVE-2026-8432
15d ago
HIGH
CVE-2026-8427 (CVSS 8.8) — Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controlle...
NVD
CVE-2026-8427
15d ago
HIGH
CVE-2026-8416 (CVSS 8.8) — Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controlle...
NVD
CVE-2026-8416
15d ago
HIGH
CVE-2026-8415 (CVSS 8.8) — Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controlle...
NVD
CVE-2026-8415
15d ago
HIGH
CVE-2026-8414 (CVSS 8.8) — Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controlle...
NVD
CVE-2026-8414
15d ago
HIGH
CVE-2026-8413 (CVSS 8.8) — Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controlle...
NVD
CVE-2026-8413
15d ago
HIGH
CVE-2026-8412 (CVSS 8.8) — Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controll...
NVD
CVE-2026-8412
15d ago
HIGH
CVE-2026-8411 (CVSS 8.8) — Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controlle...
NVD
CVE-2026-8411
15d ago
HIGH
CVE-2026-8410 (CVSS 8.8) — Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controlle...
NVD
CVE-2026-8410
15d ago
HIGH
CVE-2026-8409 (CVSS 8.8) — Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controlle...
NVD
CVE-2026-8409
15d ago
HIGH
CVE-2026-8428 (CVSS 8.8) — Concrete CMS 9.5.0 and below emits a CSRF token in the local_available_update.php view ($token->outp...
NVD
CVE-2026-8428
15d ago
HIGH
CVE-2026-8426 (CVSS 8.8) — Concrete CMS 9.5.0 and below does not validate a CSRF token before processing requests to /dashboard...
NVD
CVE-2026-8426
15d ago
HIGH
CVE-2026-8421 (CVSS 8.8) — Concrete CMS 9.5.0 and below contains a CSRF vulnerability in the install_package() method of concre...
NVD
CVE-2026-8421
15d ago
HIGH
CVE-2026-8417 (CVSS 8.8) — Concrete CMS 9.5.0 and below does not validate a CSRF token before processing requests to /dashboard...
NVD
CVE-2026-8417
15d ago
HIGH
CVE-2026-8350 (CVSS 8.8) — Concrete CMS 9.5.0 and below is vulnerable to missing authorization in the bulk_user_assignment.php ...
NVD
CVE-2026-8350
15d ago
HIGH
CVE-2026-8135 (CVSS 7.2) — Concrete CMS 9.5.0 and below is vulnerable to Remote Code Execution due to insecure deserialization...
NVD
CVE-2026-8135
15d ago
HIGH
CVE-2026-8134 (CVSS 7.2) — Concrete CMS 9.5.0 and below fails to sanitize path traversal sequences in the ptComposerFormLayoutS...
NVD
CVE-2026-8134
15d ago
HIGH
CVE-2026-47102 (CVSS 8.8) — LiteLLM prior to 1.83.10 allows a user to modify their own user_role via the /user/update endpoint. ...
NVD
CVE-2026-47102
15d ago
HIGH
CVE-2026-47101 (CVSS 8.8) — LiteLLM prior to 1.83.14 allows an authenticated internal_user to create API keys with access to rou...
NVD
CVE-2026-47101
15d ago
HIGH
CVE-2026-47114 (CVSS 8.8) — IINA before 1.4.3 contains a user-assisted command execution vulnerability that allows remote attack...
NVD
CVE-2026-47114
15d ago
HIGH
CVE-2026-48242 (CVSS 8.1) — Open ISES Tickets before 3.44.2 contains hardcoded MySQL database connection credentials (host, user...
NVD
CVE-2026-48242
15d ago
HIGH
CVE-2026-48241 (CVSS 8.1) — Open ISES Tickets before 3.44.2 contains hardcoded MySQL database credentials in loader.php (a publi...
NVD
CVE-2026-48241
15d ago
HIGH
CVE-2026-48240 (CVSS 7.1) — Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/statistics.php where ...
NVD
CVE-2026-48240
15d ago
HIGH
CVE-2026-48239 (CVSS 7.1) — Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/reports.php where the...
NVD
CVE-2026-48239
15d ago
HIGH
CVE-2026-48238 (CVSS 7.1) — Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/mobile_main.php where...
NVD
CVE-2026-48238
15d ago
HIGH
CVE-2026-48237 (CVSS 7.1) — Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in message.php where the frm_...
NVD
CVE-2026-48237
15d ago
HIGH
CVE-2026-48236 (CVSS 7.1) — Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in db_loader.php where the mu...
NVD
CVE-2026-48236
15d ago
HIGH
CVE-2026-48235 (CVSS 8.2) — Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in incs/remotes.inc.php where...
NVD
CVE-2026-48235
15d ago
HIGH
CVE-2026-48234 (CVSS 7.1) — Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in portal/ajax/list_requests....
NVD
CVE-2026-48234
15d ago
HIGH
CVE-2026-48233 (CVSS 7.1) — Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/sit_incidents.php whe...
NVD
CVE-2026-48233
15d ago
HIGH
CVE-2026-48232 (CVSS 7.1) — Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/fullsit_incidents.php...
NVD
CVE-2026-48232
15d ago
HIGH
CVE-2026-48231 (CVSS 7.1) — Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in tables.php where the multi...
NVD
CVE-2026-48231
15d ago
Prev
Page 11 / 21
Next
HIGH
NVD
Fri, 22 May 2026 23:16:56 UTC
✕ Dismiss
CVE-2026-45659 (CVSS 8.8) — Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to ex...
https://nvd.nist.gov/vuln/detail/CVE-2026-45659
TL;DR
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-45659
Read full story ↗
Related coverage (1)
Microsoft Patches SharePoint RCE Flaw CVE-2026-45659 Across Server Versions
The Hacker News
11d ago