396 items
Unread (2811) All Dismissed
CRITICAL
CVE-2026-45247: Mirasvit Full Page Cache Warmer Deserialization of Untrusted Data Vulnerability (Mirasvit Mirasvit Full Page Cache Warmer)
CISA KEV CVE-2026-45247actively-exploited +2 10d ago
CRITICAL
CVE-2026-45247 (CVSS 9.8) — Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a PHP object injection...
NVD 17d ago
INFO
CISA Adds Exploited Magento RCE Flaw CVE-2026-45247 to KEV Catalog
The Hacker News 9d ago
CRITICAL
CVE-2026-5076 (CVSS 9.8) — The ARMember Premium plugin for WordPress is vulnerable to an insecure password reset mechanism in a...
NVD CVE-2026-5076CVE-2026-5073CVE-2026-5074 10d ago
CRITICAL
CVE-2026-42074 (CVSS 9.8) — OpenClaude is an open-source coding-agent command line interface for cloud and local model providers...
NVD CVE-2026-42074 10d ago
CRITICAL
CVE-2026-0611 (CVSS 9.8) — Spacelabs Healthcare Sentinel versions 10.5.x and higher and 11.x.x before 11.6.0 contain an unauthe...
NVD CVE-2026-0611 10d ago
CRITICAL
CVE-2026-47117 (CVSS 9.8) — OpenMed before 1.5.2 contains a remote code execution vulnerability in the PII privacy-filter model ...
NVD CVE-2026-47117 10d ago
CRITICAL
CVE-2026-7312 (CVSS 10) — CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from 14...
NVD CVE-2026-7312 10d ago
CRITICAL
CVE-2026-8206 (CVSS 9.8) — The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable t...
NVD CVE-2026-8206 +1 11d ago
INFO
Critical Kirki flaw exploited to hijack WordPress admin accounts
BleepingComputer 10d ago
CRITICAL
CVE-2022-0492: Linux Kernel Improper Authentication Vulnerability (Linux Kernel)
CISA KEV CVE-2022-0492actively-exploited +1 11d ago
HIGH
CVE-2022-0492 (CVSS 7.8) — A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgro...
NVD 1562d ago
CRITICAL
CVE-2025-48595: Android Framework Integer Overflow Vulnerability (Android Framework)
CISA KEV CVE-2025-48595actively-exploited +2 11d ago
INFO
Android Update Patches Exploited Zero-Day, 123 Other Vulnerabilities
SecurityWeek 10d ago
INFO
Google June 2026 Android Update Patches 124 Flaws, One Actively Exploited
The Hacker News 10d ago
CRITICAL
CVE-2018-25427 (CVSS 9.8) — Arm Whois 3.11 contains a stack-based buffer overflow vulnerability that allows remote attackers to ...
NVD CVE-2018-25427 11d ago
CRITICAL
CVE-2026-9319 (CVSS 9) — IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to potential remote code execution due t...
NVD CVE-2026-9319 11d ago
CRITICAL
CVE-2026-9311 (CVSS 9) — IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to remote code execution caused by the b...
NVD CVE-2026-9311 11d ago
CRITICAL
CVE-2026-8644 (CVSS 9.1) — IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to identity spoofing.
NVD CVE-2026-8644 11d ago
CRITICAL
CVE-2026-22872 (CVSS 9.1) — Capsule is a multi-tenancy and policy-based framework for Kubernetes. The Capsule Controller runs wi...
NVD CVE-2026-22872 11d ago
CRITICAL
CVE-2024-21182: Oracle WebLogic Server Unspecified Vulnerability (Oracle WebLogic Server)
CISA KEV CVE-2024-21182actively-exploited +2 12d ago
INFO
Oracle WebLogic Vulnerability Exploited in the Wild
SecurityWeek 10d ago
INFO
Oracle WebLogic CVE-2024-21182 Added to KEV Catalog After Active Exploitation
The Hacker News 10d ago
CRITICAL
CVE-2026-10187 (CVSS 9.8) — A vulnerability was detected in Totolink N300RH 6.1c.1353_B20190305. Affected by this issue is the f...
NVD CVE-2026-10187 12d ago
CRITICAL
CVE-2018-25412 (CVSS 9.8) — Delta Sql 1.8.2 contains an arbitrary file upload vulnerability that allows unauthenticated attacker...
NVD CVE-2018-25412 13d ago
CRITICAL
CVE-2026-45700 (CVSS 9.8) — FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, FreeRDP's planar b...
NVD CVE-2026-45700 14d ago
CRITICAL
CVE-2026-4290 (CVSS 9.1) — The WP Travel Pro plugin for WordPress is vulnerable to arbitrary user deletion via the /wp-json/wp-...
NVD CVE-2026-4290 14d ago
CRITICAL
CVE-2026-10042 (CVSS 9.8) — manga-image-translator contains a remote code execution vulnerability in the shared API server mode ...
NVD CVE-2026-10042 14d ago
CRITICAL
CVE-2026-46376 (CVSS 9.8) — FreePBX is an open source IP PBX. From 15.0.42 to before 16.0.45 and 17.0.7, unauthenticated users m...
NVD CVE-2026-46376 14d ago
CRITICAL
CVE-2026-10071 (CVSS 9.8) — DreamMaker developed by Interinfo has an Arbitrary File Upload vulnerability, allowing unauthenticat...
NVD CVE-2026-10071 14d ago
CRITICAL
CVE-2025-41277 (CVSS 9.8) — Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS ...
NVD CVE-2025-41277 14d ago
CRITICAL
CVE-2025-41276 (CVSS 9.8) — Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS ...
NVD CVE-2025-41276 14d ago
CRITICAL
CVE-2025-41275 (CVSS 9.8) — Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS ...
NVD CVE-2025-41275 14d ago
CRITICAL
CVE-2025-41274 (CVSS 9.8) — Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS ...
NVD CVE-2025-41274 14d ago
CRITICAL
CVE-2025-41273 (CVSS 9.8) — Nozomi Networks Labs identified a CWE-288: Authentication Bypass Using an Alternate Path or Channel ...
NVD CVE-2025-41273 14d ago
CRITICAL
CVE-2025-41272 (CVSS 9.8) — Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS ...
NVD CVE-2025-41272 14d ago
CRITICAL
CVE-2025-41270 (CVSS 9.8) — Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS ...
NVD CVE-2025-41270 14d ago
CRITICAL
CVE-2025-41269 (CVSS 9.8) — Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS ...
NVD CVE-2025-41269 14d ago
CRITICAL
CVE-2025-41268 (CVSS 9.1) — Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Administration WebUI in Wat...
NVD CVE-2025-41268 14d ago
CRITICAL
CVE-2026-49201 (CVSS 9.8) — The upload.cgi binary, responsible for processing device backups, contains a hardcoded AES encryptio...
NVD CVE-2026-49201 14d ago
CRITICAL
CVE-2026-49200 (CVSS 9.8) — The acer_cgi.log file in the device firmware is accessible without authentication via the web interf...
NVD CVE-2026-49200 14d ago
CRITICAL
CVE-2026-49199 (CVSS 9.8) — Crafted MQTT messages can trigger command injection, resulting in root-level code execution on the t...
NVD CVE-2026-49199 14d ago
CRITICAL
CVE-2026-49197 (CVSS 9.8) — Web endpoints intended for the Acer Connect app improperly validate the HTTP Authorization header, f...
NVD CVE-2026-49197 14d ago
CRITICAL
CVE-2026-3655 (CVSS 9.8) — The OTP Login With Phone Number, OTP Verification plugin for WordPress is vulnerable to authenticati...
NVD CVE-2026-3655 15d ago
CRITICAL
CVE-2026-8732 (CVSS 9.8) — The WP Maps Pro plugin for WordPress is vulnerable to Privilege Escalation via Administrator Account...
NVD CVE-2026-8732 +1 15d ago
INFO
WP Maps Pro Vulnerability Exploited to Take Over WordPress Sites
SecurityWeek 11d ago
CRITICAL
CVE-2026-0257: Palo Alto Networks PAN-OS Authentication Bypass Vulnerability (Palo Alto Networks PAN-OS)
CISA KEV CVE-2026-0257actively-exploited +5 15d ago
CRITICAL
CVE-2026-0257 (CVSS 9.1) — Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks ...
NVD 30d ago
INFO
PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Under Active Exploitation
The Hacker News 14d ago
INFO
Palo Alto GlobalProtect VPN auth bypass flaw now exploited in attacks
BleepingComputer 13d ago
INFO
Recent Palo Alto Networks Vulnerability Exploited for Weeks
SecurityWeek 11d ago
INFO
Threat Brief: Active Exploitation of PAN-OS CVE-2026-0257
rss:unit42 7d ago
CRITICAL
CVE-2026-9874 (CVSS 9.6) — Use after free in Dawn in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potenti...
NVD CVE-2026-9874 15d ago
CRITICAL
CVE-2026-8809 (CVSS 9.8) — The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Privilege Escalation via ...
NVD CVE-2026-8809 15d ago
CRITICAL
CVE-2026-44881 (CVSS 9.9) — Portainer Community Edition is a lightweight service delivery platform for containerized application...
NVD CVE-2026-44881 15d ago
CRITICAL
CVE-2026-46840 (CVSS 10) — Vulnerability in Oracle REST Data Services (component: Backend-as-a-Service). Supported versions th...
NVD CVE-2026-46840 15d ago
CRITICAL
CVE-2026-46839 (CVSS 9.9) — Vulnerability in Oracle REST Data Services (component: Core). Supported versions that are affected ...
NVD CVE-2026-46839 15d ago
CRITICAL
CVE-2026-46833 (CVSS 9) — Vulnerability in the Net Service component of Oracle Database Server. Supported versions that are a...
NVD CVE-2026-46833 15d ago
CRITICAL
CVE-2026-46824 (CVSS 9.9) — Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Work...
NVD CVE-2026-46824 15d ago
CRITICAL
CVE-2026-46822 (CVSS 9.9) — Vulnerability in the Oracle iAssets product of Oracle E-Business Suite (component: Internal Operatio...
NVD CVE-2026-46822 15d ago
CRITICAL
CVE-2026-46819 (CVSS 9.1) — Vulnerability in the Oracle Internet Procurement Connector product of Oracle E-Business Suite (compo...
NVD CVE-2026-46819 15d ago
CRITICAL
CVE-2026-46817 (CVSS 9.8) — Vulnerability in the Oracle Payments product of Oracle E-Business Suite (component: File Transmissio...
NVD CVE-2026-46817 15d ago
CRITICAL
CVE-2026-46775 (CVSS 9.9) — Vulnerability in Oracle REST Data Services (component: Core). Supported versions that are affected ...
NVD CVE-2026-46775 15d ago
CRITICAL
CVE-2026-34311 (CVSS 9.8) — Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Oracle Hospitality Appl...
NVD CVE-2026-34311 15d ago
CRITICAL CISA KEV Wed, 03 Jun 2026 00:00:00 UTC
CVE-2026-45247: Mirasvit Full Page Cache Warmer Deserialization of Untrusted Data Vulnerability (Mirasvit Mirasvit Full Page Cache Warmer)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
TL;DR
Mirasvit Full Page Cache Warmer contains a deserialization of untrusted data vulnerability that could allow unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in the CacheWarmer cookie. Due: 2026-06-06. Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigat…
CVE-2026-45247actively-exploited
Read full story ↗
Related coverage (2)
CVE-2026-45247 (CVSS 9.8) — Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a PHP object injection...
NVD 17d ago
CISA Adds Exploited Magento RCE Flaw CVE-2026-45247 to KEV Catalog
The Hacker News 9d ago