321 items
Unread (2112) All Dismissed
CRITICAL
CVE-2026-10580 (CVSS 9.8) — The Hippoo Mobile App for WooCommerce plugin for WordPress is vulnerable to Authentication Bypass le...
NVD CVE-2026-10580 4h ago
CRITICAL
CVE-2025-71318 (CVSS 9.8) — NetMan 204 fails to enforce authentication on its administrative pages and command endpoints. A remo...
NVD CVE-2025-71318 5h ago
CRITICAL
CVE-2025-71317 (CVSS 9.8) — NetMan 204 contains a hard-coded backdoor account with the username and password 'eurek' that grants...
NVD CVE-2025-71317 5h ago
CRITICAL
CVE-2026-6209 (CVSS 9.1) — Improper Access Control, Missing Authorization vulnerability in HAVELSAN Inc. Geographic Tracking Sy...
NVD CVE-2026-6209 8h ago
CRITICAL
CVE-2026-6208 (CVSS 9.1) — Authorization bypass through User-Controlled key vulnerability in HAVELSAN Inc. Geographic Tracking ...
NVD CVE-2026-6208 8h ago
CRITICAL
CVE-2026-6207 (CVSS 9.1) — Observable response discrepancy vulnerability in HAVELSAN Inc. Geographic Tracking System allows Sys...
NVD CVE-2026-6207 8h ago
CRITICAL
CVE-2026-6274 (CVSS 9.8) — Improper Authentication, Missing authentication for critical function, Weak Authentication vulnerabi...
NVD CVE-2026-6274 14h ago
CRITICAL
CVE-2026-28318: SolarWinds Serv-U Uncontrolled Resource Consumption Vulnerability (SolarWinds Serv-U)
CISA KEV CVE-2026-28318actively-exploited +1 23h ago
HIGH
CVE-2026-28318 (CVSS 7.5) — SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service wi...
NVD 1d ago
CRITICAL
CVE-2026-48579 (CVSS 9.1) — Improper authorization in Microsoft Exchange Online allows an unauthorized attacker to disclose info...
NVD CVE-2026-48579 1d ago
CRITICAL
CVE-2026-48567 (CVSS 10) — Authentication bypass by spoofing in Azure HorizonDB allows an unauthorized attacker to elevate priv...
NVD CVE-2026-48567 1d ago
CRITICAL
CVE-2026-10974 (CVSS 9.6) — Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 149.0.7827.53 allowed ...
NVD CVE-2026-10974 1d ago
CRITICAL
CVE-2026-10972 (CVSS 9.6) — Use after free in Ozone in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker t...
NVD CVE-2026-10972 1d ago
CRITICAL
CVE-2026-10971 (CVSS 9.6) — Insufficient validation of untrusted input in Printing in Google Chrome on Windows prior to 149.0.78...
NVD CVE-2026-10971 1d ago
CRITICAL
CVE-2026-10966 (CVSS 9.6) — Inappropriate implementation in Codecs in Google Chrome prior to 149.0.7827.53 allowed a remote atta...
NVD CVE-2026-10966 1d ago
CRITICAL
CVE-2026-10931 (CVSS 9.6) — Use after free in FileSystem in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to po...
NVD CVE-2026-10931 1d ago
CRITICAL
CVE-2026-48040 (CVSS 9.1) — The netty incubator codec.bhttp is a java language binary http parser. The library implements Oblivi...
NVD CVE-2026-48040 1d ago
CRITICAL
CVE-2026-25550 (CVSS 9.8) — Seagull Software BarTender 2010, 2016, and 2019 contain an unauthenticated remote code execution vul...
NVD CVE-2026-25550 1d ago
CRITICAL
CVE-2019-25741 (CVSS 9.8) — Mobatek MobaXterm 12.1 contains a structured exception handling (SEH) based buffer overflow vulnerab...
NVD CVE-2019-25741 1d ago
CRITICAL
CVE-2019-25738 (CVSS 9.8) — WordPress Hybrid Composer 1.4.6 contains an unauthenticated settings change vulnerability that allow...
NVD CVE-2019-25738 1d ago
CRITICAL
CVE-2019-25729 (CVSS 9.8) — PDF Signer 3.0 contains a server-side template injection vulnerability that allows unauthenticated a...
NVD CVE-2019-25729 1d ago
CRITICAL
CVE-2019-25727 (CVSS 9.8) — WordPress Plugin ad manager wd 1.0.11 contains an arbitrary file download vulnerability that allows ...
NVD CVE-2019-25727 1d ago
CRITICAL
CVE-2026-4104 (CVSS 9.8) — Authorization bypass through User-Controlled SQL primary key vulnerability in Akmer Informatics Auto...
NVD CVE-2026-4104 1d ago
CRITICAL
CVE-2026-10840 (CVSS 9.6) — A flaw was found in the OpenShift Pipelines operator. The tekton-scheduler-rolebinding ClusterRoleBi...
NVD CVE-2026-10840 1d ago
CRITICAL
CVE-2026-50211 (CVSS 9.8) — Leftover engineering diagnostics and factory-level diagnostic software remain exposed on retail buil...
NVD CVE-2026-50211 1d ago
CRITICAL
CVE-2026-50208 (CVSS 9.4) — High-risk TrustAllCerts routines disable standard TLS certificate validation. Combined with hard-cod...
NVD CVE-2026-50208 1d ago
CRITICAL
CVE-2026-49191 (CVSS 9.8) — The production build of the M3WebServer hard-codes its backend API keys, which can be easily interce...
NVD CVE-2026-49191 1d ago
CRITICAL
CVE-2026-49188 (CVSS 9.8) — The ai_cmd utility executes with full root permissions. It pipes socket inputs directly to popen(), ...
NVD CVE-2026-49188 1d ago
CRITICAL
CVE-2026-49186 (CVSS 9.8) — The local MQTT broker does not enforce topic-level Access Control Lists (ACLs). This allows any clie...
NVD CVE-2026-49186 1d ago
CRITICAL
CVE-2026-49185 (CVSS 9.8) — The FieldX MDM adb messaging topic passes unverified payloads directly into Runtime.exec(), allowing...
NVD CVE-2026-49185 1d ago
CRITICAL
CVE-2026-5241 (CVSS 9.6) — A vulnerability in the LightGlue model loading path of huggingface/transformers version 5.2.0 allows...
NVD CVE-2026-5241 2d ago
CRITICAL
CVE-2026-35075 (CVSS 9.8) — An unauthenticated remote attacker can recover a default, hard coded password from a firmware image ...
NVD CVE-2026-35075 2d ago
CRITICAL
CVE-2010-0249: Microsoft Internet Explorer Use-After-Free Vulnerability (Microsoft Internet Explorer)
CISA KEV CVE-2010-0249actively-exploited +1 2d ago
HIGH
CVE-2010-0249 (CVSS 8.8) — Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4; ...
NVD 5985d ago
CRITICAL
CVE-2026-45247: Mirasvit Full Page Cache Warmer Deserialization of Untrusted Data Vulnerability (Mirasvit Mirasvit Full Page Cache Warmer)
CISA KEV CVE-2026-45247actively-exploited +2 2d ago
CRITICAL
CVE-2026-45247 (CVSS 9.8) — Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a PHP object injection...
NVD 10d ago
INFO
CISA Adds Exploited Magento RCE Flaw CVE-2026-45247 to KEV Catalog
The Hacker News 1d ago
CRITICAL
CVE-2026-5076 (CVSS 9.8) — The ARMember Premium plugin for WordPress is vulnerable to an insecure password reset mechanism in a...
NVD CVE-2026-5076CVE-2026-5073CVE-2026-5074 3d ago
CRITICAL
CVE-2026-42074 (CVSS 9.8) — OpenClaude is an open-source coding-agent command line interface for cloud and local model providers...
NVD CVE-2026-42074 3d ago
CRITICAL
CVE-2026-0611 (CVSS 9.8) — Spacelabs Healthcare Sentinel versions 10.5.x and higher and 11.x.x before 11.6.0 contain an unauthe...
NVD CVE-2026-0611 3d ago
CRITICAL
CVE-2026-47117 (CVSS 9.8) — OpenMed before 1.5.2 contains a remote code execution vulnerability in the PII privacy-filter model ...
NVD CVE-2026-47117 3d ago
CRITICAL
CVE-2026-7312 (CVSS 10) — CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from 14...
NVD CVE-2026-7312 3d ago
CRITICAL
CVE-2026-8206 (CVSS 9.8) — The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable t...
NVD CVE-2026-8206 +1 3d ago
INFO
Critical Kirki flaw exploited to hijack WordPress admin accounts
BleepingComputer 3d ago
CRITICAL
CVE-2022-0492: Linux Kernel Improper Authentication Vulnerability (Linux Kernel)
CISA KEV CVE-2022-0492actively-exploited +1 3d ago
HIGH
CVE-2022-0492 (CVSS 7.8) — A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgro...
NVD 1555d ago
CRITICAL
CVE-2025-48595: Android Framework Integer Overflow Vulnerability (Android Framework)
CISA KEV CVE-2025-48595actively-exploited +2 3d ago
INFO
Android Update Patches Exploited Zero-Day, 123 Other Vulnerabilities
SecurityWeek 3d ago
INFO
Google June 2026 Android Update Patches 124 Flaws, One Actively Exploited
The Hacker News 3d ago
CRITICAL
CVE-2018-25427 (CVSS 9.8) — Arm Whois 3.11 contains a stack-based buffer overflow vulnerability that allows remote attackers to ...
NVD CVE-2018-25427 4d ago
CRITICAL
CVE-2026-9319 (CVSS 9) — IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to potential remote code execution due t...
NVD CVE-2026-9319 4d ago
CRITICAL
CVE-2026-9311 (CVSS 9) — IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to remote code execution caused by the b...
NVD CVE-2026-9311 4d ago
CRITICAL
CVE-2026-8644 (CVSS 9.1) — IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to identity spoofing.
NVD CVE-2026-8644 4d ago
CRITICAL
CVE-2026-22872 (CVSS 9.1) — Capsule is a multi-tenancy and policy-based framework for Kubernetes. The Capsule Controller runs wi...
NVD CVE-2026-22872 4d ago
CRITICAL
CVE-2024-21182: Oracle WebLogic Server Unspecified Vulnerability (Oracle WebLogic Server)
CISA KEV CVE-2024-21182actively-exploited +2 4d ago
INFO
Oracle WebLogic Vulnerability Exploited in the Wild
SecurityWeek 3d ago
INFO
Oracle WebLogic CVE-2024-21182 Added to KEV Catalog After Active Exploitation
The Hacker News 3d ago
CRITICAL
CVE-2026-10187 (CVSS 9.8) — A vulnerability was detected in Totolink N300RH 6.1c.1353_B20190305. Affected by this issue is the f...
NVD CVE-2026-10187 5d ago
CRITICAL
CVE-2018-25412 (CVSS 9.8) — Delta Sql 1.8.2 contains an arbitrary file upload vulnerability that allows unauthenticated attacker...
NVD CVE-2018-25412 6d ago
CRITICAL
CVE-2026-45700 (CVSS 9.8) — FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, FreeRDP's planar b...
NVD CVE-2026-45700 7d ago
CRITICAL CISA KEV Fri, 05 Jun 2026 00:00:00 UTC
CVE-2026-28318: SolarWinds Serv-U Uncontrolled Resource Consumption Vulnerability (SolarWinds Serv-U)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
TL;DR
SolarWinds Serv-U contains an uncontrolled resource consumption vulnerability that allows specially crafted POST requests using the Content-Encoding: deflate header to crash the Serv-U service without authentication. Due: 2026-06-19. Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
CVE-2026-28318actively-exploited
Read full story ↗
Related coverage (1)
CVE-2026-28318 (CVSS 7.5) — SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service wi...
NVD 1d ago