cyber·news

CRITICAL

CVE-2026-10580 (CVSS 9.8) — The Hippoo Mobile App for WooCommerce plugin for WordPress is vulnerable to Authentication Bypass le...

NVD CVE-2026-10580 3h ago

CRITICAL

CVE-2025-71318 (CVSS 9.8) — NetMan 204 fails to enforce authentication on its administrative pages and command endpoints. A remo...

NVD CVE-2025-71318 4h ago

CRITICAL

CVE-2025-71317 (CVSS 9.8) — NetMan 204 contains a hard-coded backdoor account with the username and password 'eurek' that grants...

NVD CVE-2025-71317 4h ago

CRITICAL

CVE-2026-6209 (CVSS 9.1) — Improper Access Control, Missing Authorization vulnerability in HAVELSAN Inc. Geographic Tracking Sy...

NVD CVE-2026-6209 7h ago

CRITICAL

CVE-2026-6208 (CVSS 9.1) — Authorization bypass through User-Controlled key vulnerability in HAVELSAN Inc. Geographic Tracking ...

NVD CVE-2026-6208 7h ago

CRITICAL

CVE-2026-6207 (CVSS 9.1) — Observable response discrepancy vulnerability in HAVELSAN Inc. Geographic Tracking System allows Sys...

NVD CVE-2026-6207 7h ago

CRITICAL

CVE-2026-6274 (CVSS 9.8) — Improper Authentication, Missing authentication for critical function, Weak Authentication vulnerabi...

NVD CVE-2026-6274 13h ago

CRITICAL

CVE-2026-28318: SolarWinds Serv-U Uncontrolled Resource Consumption Vulnerability (SolarWinds Serv-U)

CISA KEV CVE-2026-28318actively-exploited +1 22h ago

HIGH

CVE-2026-28318 (CVSS 7.5) — SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service wi...

NVD 1d ago

CRITICAL

CVE-2026-48579 (CVSS 9.1) — Improper authorization in Microsoft Exchange Online allows an unauthorized attacker to disclose info...

NVD CVE-2026-48579 22h ago

CRITICAL

CVE-2026-48567 (CVSS 10) — Authentication bypass by spoofing in Azure HorizonDB allows an unauthorized attacker to elevate priv...

NVD CVE-2026-48567 22h ago

CRITICAL

CVE-2026-10974 (CVSS 9.6) — Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 149.0.7827.53 allowed ...

NVD CVE-2026-10974 23h ago

CRITICAL

CVE-2026-10972 (CVSS 9.6) — Use after free in Ozone in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker t...

NVD CVE-2026-10972 23h ago

CRITICAL

CVE-2026-10971 (CVSS 9.6) — Insufficient validation of untrusted input in Printing in Google Chrome on Windows prior to 149.0.78...

NVD CVE-2026-10971 23h ago

CRITICAL

CVE-2026-10966 (CVSS 9.6) — Inappropriate implementation in Codecs in Google Chrome prior to 149.0.7827.53 allowed a remote atta...

NVD CVE-2026-10966 23h ago

CRITICAL

CVE-2026-10931 (CVSS 9.6) — Use after free in FileSystem in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to po...

NVD CVE-2026-10931 23h ago

CRITICAL

CVE-2026-48040 (CVSS 9.1) — The netty incubator codec.bhttp is a java language binary http parser. The library implements Oblivi...

NVD CVE-2026-48040 1d ago

CRITICAL

CVE-2026-25550 (CVSS 9.8) — Seagull Software BarTender 2010, 2016, and 2019 contain an unauthenticated remote code execution vul...

NVD CVE-2026-25550 1d ago

CRITICAL

CVE-2019-25741 (CVSS 9.8) — Mobatek MobaXterm 12.1 contains a structured exception handling (SEH) based buffer overflow vulnerab...

NVD CVE-2019-25741 1d ago

CRITICAL

CVE-2019-25738 (CVSS 9.8) — WordPress Hybrid Composer 1.4.6 contains an unauthenticated settings change vulnerability that allow...

NVD CVE-2019-25738 1d ago

CRITICAL

CVE-2019-25729 (CVSS 9.8) — PDF Signer 3.0 contains a server-side template injection vulnerability that allows unauthenticated a...

NVD CVE-2019-25729 1d ago

CRITICAL

CVE-2019-25727 (CVSS 9.8) — WordPress Plugin ad manager wd 1.0.11 contains an arbitrary file download vulnerability that allows ...

NVD CVE-2019-25727 1d ago

CRITICAL

CVE-2026-4104 (CVSS 9.8) — Authorization bypass through User-Controlled SQL primary key vulnerability in Akmer Informatics Auto...

NVD CVE-2026-4104 1d ago

CRITICAL

CVE-2026-10840 (CVSS 9.6) — A flaw was found in the OpenShift Pipelines operator. The tekton-scheduler-rolebinding ClusterRoleBi...

NVD CVE-2026-10840 1d ago

CRITICAL

CVE-2026-50211 (CVSS 9.8) — Leftover engineering diagnostics and factory-level diagnostic software remain exposed on retail buil...

NVD CVE-2026-50211 1d ago

CRITICAL

CVE-2026-50208 (CVSS 9.4) — High-risk TrustAllCerts routines disable standard TLS certificate validation. Combined with hard-cod...

NVD CVE-2026-50208 1d ago

CRITICAL

CVE-2026-49191 (CVSS 9.8) — The production build of the M3WebServer hard-codes its backend API keys, which can be easily interce...

NVD CVE-2026-49191 1d ago

CRITICAL

CVE-2026-49188 (CVSS 9.8) — The ai_cmd utility executes with full root permissions. It pipes socket inputs directly to popen(), ...

NVD CVE-2026-49188 1d ago

CRITICAL

CVE-2026-49186 (CVSS 9.8) — The local MQTT broker does not enforce topic-level Access Control Lists (ACLs). This allows any clie...

NVD CVE-2026-49186 1d ago

CRITICAL

CVE-2026-49185 (CVSS 9.8) — The FieldX MDM adb messaging topic passes unverified payloads directly into Runtime.exec(), allowing...

NVD CVE-2026-49185 1d ago

CRITICAL

CVE-2026-5241 (CVSS 9.6) — A vulnerability in the LightGlue model loading path of huggingface/transformers version 5.2.0 allows...

NVD CVE-2026-5241 2d ago

CRITICAL

CVE-2026-35075 (CVSS 9.8) — An unauthenticated remote attacker can recover a default, hard coded password from a firmware image ...

NVD CVE-2026-35075 2d ago

CRITICAL

CVE-2026-45247: Mirasvit Full Page Cache Warmer Deserialization of Untrusted Data Vulnerability (Mirasvit Mirasvit Full Page Cache Warmer)

CISA KEV CVE-2026-45247actively-exploited +2 2d ago

CRITICAL

CVE-2026-45247 (CVSS 9.8) — Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a PHP object injection...

NVD 10d ago

INFO

CISA Adds Exploited Magento RCE Flaw CVE-2026-45247 to KEV Catalog

The Hacker News 1d ago

CRITICAL

CVE-2026-5076 (CVSS 9.8) — The ARMember Premium plugin for WordPress is vulnerable to an insecure password reset mechanism in a...

NVD CVE-2026-5076CVE-2026-5073CVE-2026-5074 3d ago

CRITICAL

CVE-2026-42074 (CVSS 9.8) — OpenClaude is an open-source coding-agent command line interface for cloud and local model providers...

NVD CVE-2026-42074 3d ago

CRITICAL

CVE-2026-0611 (CVSS 9.8) — Spacelabs Healthcare Sentinel versions 10.5.x and higher and 11.x.x before 11.6.0 contain an unauthe...

NVD CVE-2026-0611 3d ago

CRITICAL

CVE-2026-47117 (CVSS 9.8) — OpenMed before 1.5.2 contains a remote code execution vulnerability in the PII privacy-filter model ...

NVD CVE-2026-47117 3d ago

CRITICAL

CVE-2026-7312 (CVSS 10) — CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from 14...

NVD CVE-2026-7312 3d ago

CRITICAL

CVE-2026-8206 (CVSS 9.8) — The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable t...

NVD CVE-2026-8206 +1 3d ago

INFO

Critical Kirki flaw exploited to hijack WordPress admin accounts

BleepingComputer 3d ago

CRITICAL

CVE-2022-0492: Linux Kernel Improper Authentication Vulnerability (Linux Kernel)

CISA KEV CVE-2022-0492actively-exploited +1 3d ago

HIGH

CVE-2022-0492 (CVSS 7.8) — A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgro...

NVD 1555d ago

CRITICAL

CVE-2025-48595: Android Framework Integer Overflow Vulnerability (Android Framework)

CISA KEV CVE-2025-48595actively-exploited +2 3d ago

INFO

Android Update Patches Exploited Zero-Day, 123 Other Vulnerabilities

SecurityWeek 3d ago

INFO

Google June 2026 Android Update Patches 124 Flaws, One Actively Exploited

The Hacker News 3d ago

CRITICAL

CVE-2018-25427 (CVSS 9.8) — Arm Whois 3.11 contains a stack-based buffer overflow vulnerability that allows remote attackers to ...

NVD CVE-2018-25427 4d ago

CRITICAL

CVE-2026-9319 (CVSS 9) — IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to potential remote code execution due t...

NVD CVE-2026-9319 4d ago

CRITICAL

CVE-2026-9311 (CVSS 9) — IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to remote code execution caused by the b...

NVD CVE-2026-9311 4d ago

CRITICAL

CVE-2026-8644 (CVSS 9.1) — IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to identity spoofing.

NVD CVE-2026-8644 4d ago

CRITICAL

CVE-2026-22872 (CVSS 9.1) — Capsule is a multi-tenancy and policy-based framework for Kubernetes. The Capsule Controller runs wi...

NVD CVE-2026-22872 4d ago

CRITICAL

CVE-2024-21182: Oracle WebLogic Server Unspecified Vulnerability (Oracle WebLogic Server)

CISA KEV CVE-2024-21182actively-exploited +2 4d ago

INFO

Oracle WebLogic Vulnerability Exploited in the Wild

SecurityWeek 3d ago

INFO

Oracle WebLogic CVE-2024-21182 Added to KEV Catalog After Active Exploitation

The Hacker News 3d ago

CRITICAL

CVE-2026-10187 (CVSS 9.8) — A vulnerability was detected in Totolink N300RH 6.1c.1353_B20190305. Affected by this issue is the f...

NVD CVE-2026-10187 5d ago

CRITICAL

CVE-2018-25412 (CVSS 9.8) — Delta Sql 1.8.2 contains an arbitrary file upload vulnerability that allows unauthenticated attacker...

NVD CVE-2018-25412 6d ago

CRITICAL

CVE-2026-45700 (CVSS 9.8) — FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, FreeRDP's planar b...

NVD CVE-2026-45700 7d ago

CRITICAL

CVE-2026-4290 (CVSS 9.1) — The WP Travel Pro plugin for WordPress is vulnerable to arbitrary user deletion via the /wp-json/wp-...

NVD CVE-2026-4290 7d ago

Page 1 / 7 Next

CRITICAL CISA KEV Fri, 05 Jun 2026 00:00:00 UTC

CVE-2026-28318: SolarWinds Serv-U Uncontrolled Resource Consumption Vulnerability (SolarWinds Serv-U)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog

TL;DR

SolarWinds Serv-U contains an uncontrolled resource consumption vulnerability that allows specially crafted POST requests using the Content-Encoding: deflate header to crash the Serv-U service without authentication. Due: 2026-06-19. Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CVE-2026-28318actively-exploited

Read full story ↗