Markdown Preview Enhanced before 0
Description
Markdown Preview Enhanced before 0
AI Analyst Comment
Remediation
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Search and filter 17426 vulnerabilities with AI analyst insights
Markdown Preview Enhanced before 0
Markdown Preview Enhanced before 0
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Markdown Preview Enhanced before 0
Markdown Preview Enhanced before 0
---METADATA---
VENDOR: Markdown Preview Enhanced
PRODUCT: Markdown Preview Enhanced
AFFECTED_VERSIONS: Markdown Preview Enhanced before 0.8.28
---END_METADATA---
Description Summary:
Markdown Preview Enhanced contains vulnerabilities allowing for OS command injection and arbitrary JavaScript execution via untrusted markdown content.
Executive Summary:
Markdown Preview Enhanced is vulnerable to OS command injection and arbitrary JavaScript execution, enabling attackers to compromise systems through malicious markdown documents.
Vulnerability Details
CVE-ID: CVE-2026-49492
Affected Software: Markdown Preview Enhanced
Affected Versions: Markdown Preview Enhanced before 0.8.28
Vulnerability: The plugin suffers from OS command injection when opening external files/links due to lack of input validation. Furthermore, it parses WaveDrom diagrams by evaluating untrusted content with eval(), leading to arbitrary JavaScript execution.
Business Impact
With a CVSS score of 8.8, this vulnerability poses a high risk to developer workstations and systems where Markdown Preview Enhanced is utilized. Successful exploitation allows for complete control over the user's local environment, potentially leading to the theft of sensitive development credentials or source code.
Remediation Plan
Immediate Action: Update the Markdown Preview Enhanced extension to version 0.8.28 or later.
Proactive Monitoring: Review system logs for suspicious process creation or unexpected network connections originating from the editor environment.
Compensating Controls: Disable the automatic rendering of untrusted markdown files or diagrams until the update can be applied, and restrict the editor's permissions if possible.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 7, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
The combination of command injection and arbitrary code execution makes this a severe risk for any software development environment. Users should upgrade to version 0.8.28 immediately and exercise caution when opening markdown documents from untrusted sources.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
OpenCATS from version 0
OpenCATS from version 0
---METADATA---
VENDOR: OpenCATS
PRODUCT: OpenCATS
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A security vulnerability has been identified in the OpenCATS software that may allow for unauthorized system interaction.
Executive Summary:
OpenCATS is affected by a high-severity vulnerability that could allow unauthorized actors to gain elevated access or compromise the applicant tracking environment.
Vulnerability Details
CVE-ID: CVE-2026-49490
Affected Software: OpenCATS
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This vulnerability affects the OpenCATS applicant tracking software. The flaw may allow an attacker to bypass authentication or manipulate application data, potentially leading to unauthorized system access.
Business Impact
A CVSS score of 8.1 indicates a high risk of compromise to the OpenCATS platform. As this system often handles sensitive candidate data, unauthorized access could lead to significant data privacy violations, reputational damage, and non-compliance with data protection regulations.
Remediation Plan
Immediate Action: Update the OpenCATS installation to the latest version provided by the vendor to remediate the vulnerability.
Proactive Monitoring: Monitor database query logs and application access logs for unusual activity or unauthorized attempts to access candidate records.
Compensating Controls: Use a Web Application Firewall (WAF) to filter malicious traffic and block known attack patterns targeting recruitment software.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 1, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Given the sensitive nature of the data stored in OpenCATS, immediate remediation is required. Security teams should verify the integrity of their installation and ensure all security patches are applied to prevent potential data breaches.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
OpenCATS through 0
OpenCATS through 0
---METADATA---
VENDOR: OpenCATS
PRODUCT: OpenCATS
AFFECTED_VERSIONS: See vendor advisory for affected versions
---END_METADATA---
Description Summary:
OpenCATS contains a high-severity vulnerability that could allow for unauthorized actions, requiring immediate attention from security administrators.
Executive Summary:
OpenCATS is affected by a high-severity vulnerability that poses a significant risk of unauthorized access or system compromise.
Vulnerability Details
CVE-ID: CVE-2026-49489
Affected Software: OpenCATS
Affected Versions: See vendor advisory for affected versions
Vulnerability: This vulnerability involves a critical flaw in the OpenCATS software that may allow an attacker to bypass security controls or perform unauthorized operations within the application.
Business Impact
With a CVSS score of 8.5, this vulnerability presents a substantial risk to the confidentiality and integrity of the data managed within the OpenCATS platform. Unauthorized access could result in the exposure of sensitive applicant or organizational data, leading to significant reputational and legal consequences.
Remediation Plan
Immediate Action: Update to the most recent version of OpenCATS provided by the vendor. Consult the official OpenCATS security advisories for specific version requirements and mitigation instructions.
Proactive Monitoring: Monitor application logs for unauthorized access attempts or unusual administrative activities that may indicate an exploitation attempt.
Compensating Controls: Ensure that the OpenCATS instance is isolated behind a secure network perimeter and utilize a WAF to inspect incoming web traffic for malicious payloads.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 1, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Given the high CVSS score, it is imperative that organizations running OpenCATS prioritize the application of security patches. Failure to remediate this issue promptly could leave the system vulnerable to exploitation by remote attackers.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A critical vulnerability in the LiteLLM proxy server, prior to version 1.84.0, exposes the AI gateway to potential unauthorized access or exploitation...
A critical vulnerability in the LiteLLM proxy server, prior to version 1.84.0, exposes the AI gateway to potential unauthorized access or exploitation.
---METADATA---
VENDOR: BerriAI
PRODUCT: LiteLLM
AFFECTED_VERSIONS: prior to version 1.84.0
CONFIDENCE: high
MISSING: none
---END_METADATA---
Description Summary:
A critical authentication bypass in LiteLLM allows unauthenticated remote attackers to access restricted management endpoints by spoofing request attributes.
Executive Summary:
A critical authentication bypass vulnerability in BerriAI LiteLLM prior to version 1.84.0 enables unauthenticated remote attackers to gain unauthorized access to the AI gateway.
Vulnerability Details
CVE-ID: CVE-2026-49468
Affected Software: BerriAI LiteLLM
Affected Versions: prior to version 1.84.0
Vulnerability: This vulnerability [CWE-290] exists in the get_request_route() function, where improper validation of request paths allows an unauthenticated attacker to manipulate the Host header. This creates a discrepancy between the authentication layer and the FastAPI routing, permitting unauthorized access to restricted management endpoints.
Business Impact
Successful exploitation allows an unauthorized actor to bypass credential checks, leading to full control or manipulation of the AI proxy server. With a CVSS score of 9.5, this flaw poses a severe risk to confidentiality, integrity, and availability, potentially exposing sensitive downstream AI systems and credentials.
Remediation Plan
Immediate Action: Update BerriAI LiteLLM to version 1.84.0 or later immediately to resolve the authentication logic flaw.
Proactive Monitoring: Review access logs for anomalous requests featuring unusual Host headers or attempts to access internal management paths.
Compensating Controls: Ensure the LiteLLM proxy is deployed behind a robust upstream CDN, WAF, or reverse proxy configured to strictly validate and sanitize the Host header.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of Jun 22, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the ease of crafting the malicious Host header and the high CVSS score, the potential for exploitation is significant.
Analyst Recommendation
Given the critical nature of this authentication bypass, organizations must prioritize patching to version 1.84.0. If immediate patching is not possible, ensure the proxy is not directly exposed to the internet and enforce strict header validation at the network perimeter.
Update BerriAI litellm to the latest version. Check the vendor security advisory for specific patch details. Monitor for exploitation attempts and review access logs.
Ghidra versions prior to 12
Ghidra versions prior to 12
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
An authentication bypass vulnerability in the authentik Source stage allows unauthenticated attackers to bypass security checks by sending an empty PO...
An authentication bypass vulnerability in the authentik Source stage allows unauthenticated attackers to bypass security checks by sending an empty POST request.
---METADATA---
VENDOR: authentik
PRODUCT: authentik
AFFECTED_VERSIONS: Prior to 2025.12.6, 2026.2.4, and 2026.5.1
---END_METADATA---
Description Summary:
An authentication bypass vulnerability in the authentik Source stage allows unauthenticated attackers to bypass security checks by sending an empty POST request.
Executive Summary:
A critical authentication bypass in the authentik identity provider allows unauthenticated attackers to potentially gain unauthorized access to protected services.
Vulnerability Details
CVE-ID: CVE-2026-49448
Affected Software: authentik
Affected Versions: Prior to 2025.12.6, 2026.2.4, and 2026.5.1
Vulnerability: The vulnerability exists in the Source stage of the authentik identity provider. An unauthenticated attacker can bypass the intended authentication flow simply by submitting an empty POST request, effectively circumventing identity verification.
Business Impact
With a CVSS score of 9.8, this flaw is extremely critical as it undermines the foundation of identity and access management. Unauthorized access to the identity provider can lead to a complete compromise of all downstream applications integrated with authentik, resulting in massive data breaches and loss of control over organizational resources.
Remediation Plan
Immediate Action: Upgrade all instances of authentik to versions 2025.12.6, 2026.2.4, 2026.5.1, or later immediately.
Proactive Monitoring: Review authentication logs for anomalous login patterns or spikes in empty POST requests targeting the Source stage.
Compensating Controls: Implement additional network-level access controls or WAF rules to block malformed or unexpected requests directed at the identity provider's authentication endpoints.
Exploitation Status
Public Exploit Available: Unknown
Analyst Notes: As of June 2, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the ease of exploitation and the criticality of the target, the potential for exploitation is high.
Analyst Recommendation
This vulnerability is a high-severity authentication bypass that should be remediated immediately. Given that it affects the identity provider, any delay in patching significantly increases the risk of unauthorized access across the entire integrated application ecosystem.
Update Unknown Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
authentik is an open-source identity provider
authentik is an open-source identity provider
---METADATA---
VENDOR: authentik
PRODUCT: authentik
AFFECTED_VERSIONS: See vendor advisory for affected versions
---END_METADATA---
Description Summary:
A security vulnerability has been identified in authentik, an open-source identity provider, requiring immediate attention from security administrators.
Executive Summary:
A high-severity vulnerability in the authentik identity provider platform mandates immediate review and patching to ensure secure authentication services.
Vulnerability Details
CVE-ID: CVE-2026-49443
Affected Software: authentik
Affected Versions: See vendor advisory for affected versions
Vulnerability: This vulnerability affects the authentik identity provider. While specific technical details are pending further disclosure, identity provider flaws typically involve unauthorized access or authentication bypass vectors.
Business Impact
The compromise of an identity provider like authentik can lead to widespread unauthorized access across all integrated applications, resulting in total loss of confidentiality and integrity for managed user accounts. With a CVSS score of 8.8, the potential for catastrophic failure of access control mechanisms is high. Organizations should treat this as a critical threat to their authentication infrastructure and overall security perimeter.
Remediation Plan
Immediate Action: Check the official authentik security repository or vendor advisory for the latest release and apply the update immediately.
Proactive Monitoring: Review authentication logs for unusual login patterns, unexpected administrative access, or failed authentication attempts that may indicate probing.
Compensating Controls: Enforce strict Multi-Factor Authentication (MFA) across all integrated services and consider placing the authentik instance behind a restricted-access network or VPN.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 3, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Identity providers are high-value targets for attackers. Administrators should prioritize the update of their authentik instance. If an immediate patch is not currently available, ensure that monitoring is heightened and that all administrative interfaces are shielded from public access to minimize the attack surface.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
vllm-project/vllm version 0
vllm-project/vllm version 0
---METADATA---
VENDOR: vllm-project
PRODUCT: vllm
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
CONFIDENCE: low
MISSING: versions, patch, technical_details
---END_METADATA---
Description Summary:
A vulnerability exists in the vllm-project vllm software, potentially allowing unauthorized actions or system compromise.
Executive Summary:
The vllm-project vllm software contains a high-severity vulnerability that may expose systems to significant security risks.
Vulnerability Details
CVE-ID: CVE-2026-4944
Affected Software: vllm-project vllm
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The provided documentation lacks specific technical details regarding the vulnerability type or the required authentication level; therefore, the flaw should be treated as a high-risk security defect.
Business Impact
With a CVSS score of 8.8, this vulnerability represents a significant threat to operational integrity. Successful exploitation could lead to unauthorized system access, data exfiltration, or service disruption, potentially resulting in severe reputational and financial damage.
Remediation Plan
Immediate Action: Monitor the official vllm-project repository and advisory channels for the release of security patches or configuration guidance.
Proactive Monitoring: Review system and application access logs for any anomalous behavior or unauthorized requests originating from internal or external sources.
Compensating Controls: Implement strict network segmentation and egress filtering to limit the potential reach of an attacker if the software is compromised.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of May 29, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the high CVSS score, the potential for exploitation remains significant.
Analyst Recommendation
Given the high severity rating, administrators must prioritize the monitoring of vendor communications for patch availability. It is recommended to apply updates immediately upon release to mitigate the risk of exploitation.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Deno is a JavaScript, TypeScript, and WebAssembly runtime
Deno is a JavaScript, TypeScript, and WebAssembly runtime
---METADATA---
VENDOR: Deno Land
PRODUCT: Deno
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A vulnerability exists within the Deno JavaScript/TypeScript runtime that may allow for unauthorized system-level interactions.
Executive Summary:
The Deno runtime is vulnerable to a security flaw that could potentially lead to unauthorized system access or execution, posing a high risk to environments utilizing this infrastructure.
Vulnerability Details
CVE-ID: CVE-2026-49402
Affected Software: Deno Land Deno
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This vulnerability involves an unspecified flaw within the Deno runtime environment. The specific authentication requirements for exploitation remain indeterminate pending further vendor disclosure.
Business Impact
The potential for exploitation in a core runtime environment like Deno presents a significant risk to the integrity and confidentiality of applications built upon it. Given the CVSS score of 8.1, this is classified as a High-severity vulnerability that could lead to full application compromise, service disruption, or unauthorized data exfiltration if exploited.
Remediation Plan
Immediate Action: Administrators must monitor the official Deno security advisories and apply the latest patches as soon as they are made available by the vendor.
Proactive Monitoring: Review system and application logs for unusual runtime behavior, unexpected process spawning, or unauthorized network connections originating from the Deno environment.
Compensating Controls: Implement strict sandbox policies and use containerization with restricted resource access to limit the potential blast radius of an exploit.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 24, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Given the critical role Deno plays in modern development stacks, this vulnerability warrants immediate attention. Security teams should prioritize identifying all instances of Deno within their environment and prepare for an emergency patching cycle as soon as the vendor releases remediating updates.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
In JetBrains YouTrack before 2026
In JetBrains YouTrack before 2026
---METADATA---
VENDOR: JetBrains
PRODUCT: YouTrack
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
CONFIDENCE: medium
MISSING: patch, technical_details
---END_METADATA---
Description Summary:
A vulnerability exists in JetBrains YouTrack versions prior to 2026 that may allow for unauthorized system impact.
Executive Summary:
JetBrains YouTrack versions prior to 2026 are susceptible to a security vulnerability that poses a high risk to organizational data integrity and system availability.
Vulnerability Details
CVE-ID: CVE-2026-49368
Affected Software: JetBrains YouTrack
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The vulnerability affects JetBrains YouTrack instances prior to the 2026 release cycle. The specific nature of the flaw is currently restricted, requiring administrators to consult vendor documentation for technical specifics.
Business Impact
With a CVSS score of 8.7, this vulnerability is classified as High severity, indicating a significant potential for unauthorized access or service disruption. Successful exploitation could compromise sensitive project management data and administrative credentials, leading to broader organizational security failures.
Remediation Plan
Immediate Action: Upgrade all YouTrack instances to the latest available version as specified by JetBrains.
Proactive Monitoring: Review administrative access logs for unusual login patterns or unauthorized configuration changes.
Compensating Controls: Ensure the instance is not exposed to the public internet and utilize network segmentation to restrict access to authorized personnel only.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of May 30, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Given the High severity rating of this vulnerability, immediate patching is recommended to maintain a secure posture. Organizations should prioritize updating their YouTrack installations to the latest version to eliminate the identified risk.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
The OttoKit: All-in-One Automation Platform WordPress plugin before 1
The OttoKit: All-in-One Automation Platform WordPress plugin before 1
Update WordPress plugin/theme to the latest version. Review WordPress security settings and remove if no longer needed.
gonic is a music streaming server / free-software subsonic server API implementation
gonic is a music streaming server / free-software subsonic server API implementation
---METADATA---
VENDOR: gonic
PRODUCT: gonic
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
The gonic music streaming server and Subsonic API implementation contains a security vulnerability that may impact server stability or data access.
Executive Summary:
The gonic music streaming server is affected by a security vulnerability that poses a significant risk to the integrity and availability of the service.
Vulnerability Details
CVE-ID: CVE-2026-49340
Affected Software: gonic
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This vulnerability affects the gonic music streaming server, specifically within its Subsonic API implementation. The flaw potentially allows for unauthorized access or service disruption, though the specific attack vector remains dependent on the implementation of the API endpoints.
Business Impact
With a CVSS score of 8.1 (High), the vulnerability represents a substantial risk of unauthorized access to media assets or the underlying server infrastructure. Exploitation could result in the compromise of user data or the total disruption of the streaming service, negatively impacting operational continuity.
Remediation Plan
Immediate Action: Update the gonic server to the latest version released by the vendor to ensure all security patches are applied.
Proactive Monitoring: Review access logs for anomalous API requests or unexpected authentication attempts directed at the Subsonic interface.
Compensating Controls: Restrict access to the gonic server using network-level controls or VPNs to limit exposure to untrusted entities.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 21, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
It is critical that administrators prioritize patching this vulnerability to prevent potential exploitation of the API. Ensure that the server is not exposed to the public internet without adequate authentication and network restrictions.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A bug in Apache Airflow's KubernetesExecutor caused JWT tokens used by worker pods to authenticate against the Execution API to be passed to the worke...
A bug in Apache Airflow's KubernetesExecutor caused JWT tokens used by worker pods to authenticate against the Execution API to be passed to the worker container as command-line arguments visible in the pod spec
---METADATA---
VENDOR: Apache
PRODUCT: Airflow
AFFECTED_VERSIONS: before 3.2.2
---END_METADATA---
Description Summary:
A bug in Apache Airflow's KubernetesExecutor causes sensitive JWT tokens to be exposed as command-line arguments in pod specifications.
Executive Summary:
Apache Airflow contains a vulnerability in its KubernetesExecutor that exposes authentication tokens to unauthorized users within the cluster.
Vulnerability Details
CVE-ID: CVE-2026-49298
Affected Software: Apache Airflow
Affected Versions: before 3.2.2
Vulnerability: The KubernetesExecutor improperly handles JWT tokens used for Execution API authentication by passing them as visible command-line arguments. This allows an authenticated UI or API user with Kubernetes read-only access to harvest these tokens and perform unauthorized state-mutating actions.
Business Impact
With a CVSS score of 8.8, this vulnerability presents a high risk of privilege escalation and unauthorized API manipulation. Successful exploitation could allow attackers to bypass intended access controls, potentially compromising the integrity of data pipelines and the underlying Airflow execution environment.
Remediation Plan
Immediate Action: Upgrade to apache-airflow 3.2.2 or later to ensure JWT tokens are no longer exposed in pod specifications.
Proactive Monitoring: Review Kubernetes pod logs and audit access logs for suspicious API calls or unexpected execution patterns.
Compensating Controls: Restrict Kubernetes read-only access for users who do not strictly require it, and implement network policies to isolate the Execution API.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 3, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Given the high CVSS score and the potential for unauthorized execution of API commands, administrators should prioritize updating to version 3.2.2. Restricting cluster-level visibility is a critical secondary defense measure to mitigate the risk until the patch can be deployed.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Apache Airflow's Google provider operators `GCSToSFTPOperator` and `GCSTimeSpanFileTransformOperator` joined GCS object names returned by the bucket l...
Apache Airflow's Google provider operators `GCSToSFTPOperator` and `GCSTimeSpanFileTransformOperator` joined GCS object names returned by the bucket listing API directly to a destination filesystem path without normalisation or containment check
---METADATA---
VENDOR: Apache Software Foundation
PRODUCT: Apache Airflow Google provider
AFFECTED_VERSIONS: 0 up to 22.2.1 (excluding 22.2.1)
CONFIDENCE: high
MISSING: none
---END_METADATA---
Description Summary:
A path traversal vulnerability in Apache Airflow's Google provider allows attackers to potentially write files to unauthorized locations due to insufficient sanitization of GCS object names.
Executive Summary:
A high-severity path traversal vulnerability in Apache Airflow’s Google provider could allow an attacker to write files outside of intended directories.
Vulnerability Details
CVE-ID: CVE-2026-49297
Affected Software: Apache Software Foundation Apache Airflow Google provider
Affected Versions: 0 up to 22.2.1 (excluding 22.2.1)
Vulnerability: The operators GCSToSFTPOperator and GCSTimeSpanFileTransformOperator fail to normalize or check GCS object names retrieved from the bucket listing API. This allows an attacker to influence the destination filesystem path, resulting in an improper limitation of a pathname to a restricted directory (path traversal).
Business Impact
This vulnerability carries a CVSS score of 8.1, reflecting a high risk to system integrity. By exploiting path traversal, an attacker could potentially overwrite critical system files or configuration files, leading to unauthorized code execution or service disruption.
Remediation Plan
Immediate Action: Update the Apache Airflow Google provider package to version 22.2.1 or later.
Proactive Monitoring: Audit logs for unusual file write operations or attempts to access directories outside of the designated storage paths.
Compensating Controls: Implement strict filesystem permissions for the service user running the Airflow operators to limit the scope of potential file system modifications.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of Jul 7, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Users of the Apache Airflow Google provider should prioritize upgrading to the patched version. Ensuring proper input validation for external API data is essential to preventing path traversal attacks in cloud-integrated workflows.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
mcp-memory-service is a semantic memory layer for AI applications
mcp-memory-service is a semantic memory layer for AI applications
---METADATA---
VENDOR: MCP
PRODUCT: mcp-memory-service
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
The mcp-memory-service, a semantic memory layer for AI applications, is affected by a security vulnerability that may expose sensitive data or allow unauthorized system access.
Executive Summary:
A high-severity vulnerability in the mcp-memory-service AI memory layer poses a substantial risk of unauthorized data access and potential exploitation of AI application logic.
Vulnerability Details
CVE-ID: CVE-2026-49291
Affected Software: MCP mcp-memory-service
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This vulnerability affects the mcp-memory-service, which functions as a semantic memory layer for AI applications. The flaw potentially allows attackers to interact with or manipulate the stored memory state, leading to unauthorized data exposure or service disruption.
Business Impact
The CVSS score of 8.1 reflects a High-severity risk. As this service handles semantic data for AI applications, an exploit could result in the leakage of sensitive training data, poisoning of the AI's memory, or unauthorized control over the application's reasoning capabilities, leading to significant business disruption.
Remediation Plan
Immediate Action: Update the mcp-memory-service to the latest version released by the vendor to address the identified vulnerability.
Proactive Monitoring: Monitor service logs for anomalous read/write operations or unauthorized attempts to access or query the semantic memory layer.
Compensating Controls: Restrict network access to the memory service using strict firewall rules or VPC security groups to ensure only trusted application components can communicate with the service.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 21, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
The reliance of AI applications on the mcp-memory-service makes this vulnerability critical to remediate. Teams should prioritize updating this component to maintain the integrity and confidentiality of their AI-driven workflows.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page
PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page
---METADATA---
VENDOR: PhpWeasyPrint
PRODUCT: PhpWeasyPrint
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
PhpWeasyPrint is susceptible to security vulnerabilities due to its functionality as a PHP library for PDF generation from URLs or HTML pages.
Executive Summary:
The PhpWeasyPrint library contains a security vulnerability that could potentially expose systems to unauthorized interactions through its PDF generation functionality.
Vulnerability Details
CVE-ID: CVE-2026-49286
Affected Software: PhpWeasyPrint
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The vulnerability relates to the library's core functionality of rendering PDF content from external URLs or HTML input, which may allow for server-side request forgery or arbitrary file access depending on implementation. Without specific authentication requirements listed, it is assumed that any application utilizing this library in an unauthenticated context is at risk.
Business Impact
A successful exploit could lead to unauthorized data exfiltration, internal network scanning, or full system compromise. With a CVSS score of 8.1 (High), this vulnerability poses a significant risk to the confidentiality and integrity of the hosting environment, necessitating immediate attention to prevent malicious abuse.
Remediation Plan
Immediate Action: Review the official PhpWeasyPrint repository and apply the latest security patches or updates provided by the maintainers.
Proactive Monitoring: Monitor server logs for unusual outbound requests or unexpected file access patterns originating from the application process.
Compensating Controls: Implement a Web Application Firewall (WAF) to filter malicious input and restrict the library's ability to reach internal network resources.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 21, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Given the High severity rating, organizations should treat this vulnerability with urgency. Evaluate the necessity of the library's current configuration and ensure that all updates are applied promptly to mitigate potential unauthorized access vectors.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Apple M1 GPUs retain register file data between compute shader dispatches from different processes
Apple M1 GPUs retain register file data between compute shader dispatches from different processes
---METADATA---
VENDOR: Apple
PRODUCT: M1 GPU
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
Apple M1 GPUs fail to clear register file data between compute shader dispatches, potentially allowing data leakage between processes.
Executive Summary:
A critical information disclosure vulnerability in Apple M1 GPUs allows for cross-process data leakage, posing a significant risk to data confidentiality.
Vulnerability Details
CVE-ID: CVE-2026-49269
Affected Software: Apple M1 GPU
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This vulnerability involves improper memory isolation where register file data is retained between compute shader dispatches. Because the GPU does not clear this data, a malicious process can potentially access sensitive information previously processed by a different, unrelated process.
Business Impact
The retention of register data creates a high risk of sensitive information exposure, including cryptographic keys or private user data processed by the GPU. Given the CVSS score of 8.6, this flaw represents a significant threat to multi-tenant environments or systems where untrusted code may be executed, potentially leading to unauthorized data access and severe reputational damage.
Remediation Plan
Immediate Action: Apply all relevant security updates provided by Apple as soon as they become available.
Proactive Monitoring: Monitor system logs for unusual GPU-related errors or performance anomalies that may indicate unauthorized shader execution.
Compensating Controls: Restrict the execution of untrusted or third-party compute shaders in environments where data isolation is critical.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 25, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
The severity of this vulnerability necessitates immediate attention to prevent potential cross-process memory exposure. Administrators should prioritize the deployment of Apple's security patches across all affected M1-based hardware to ensure proper register clearing and data isolation.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A command injection vulnerability in MariaDB server allows shell command execution via the joiner node name when the `wsrep_notify_cmd` configuration...
A command injection vulnerability in MariaDB server allows shell command execution via the joiner node name when the `wsrep_notify_cmd` configuration is enabled.
---METADATA---
VENDOR: MariaDB
PRODUCT: MariaDB Server
AFFECTED_VERSIONS: MariaDB server Versions 10.6.1 through 10.6.26, 10.11.1 through 10.11.17, 11.4.1 through 11.4.11, 11.8.1 through 11.8.7, and 12.3.1
---END_METADATA---
Description Summary:
A command injection vulnerability in MariaDB server allows shell command execution via the joiner node name when the wsrep_notify_cmd configuration is enabled.
Executive Summary:
A critical command injection vulnerability in MariaDB server allows for arbitrary shell command execution, potentially leading to full server compromise.
Vulnerability Details
CVE-ID: CVE-2026-49261
Affected Software: MariaDB Server
Affected Versions: MariaDB server Versions 10.6.1 through 10.6.26, 10.11.1 through 10.11.17, 11.4.1 through 11.4.11, 11.8.1 through 11.8.7, and 12.3.1
Vulnerability: The issue arises when the wsrep_notify_cmd feature is enabled, as the server fails to sanitize the joiner node name, allowing shell commands to be injected and executed by the system.
Business Impact
With a CVSS score of 10.0, this vulnerability provides an attacker with the highest level of risk, enabling remote code execution with the privileges of the database service. This could result in total data exfiltration, database destruction, or lateral movement within the network.
Remediation Plan
Immediate Action: Upgrade MariaDB to versions 10.6.27, 10.11.18, 11.4.12, 11.8.8, or 12.3.2 as applicable to your release branch.
Proactive Monitoring: Monitor database logs and system process activity for unexpected shell command executions or suspicious joiner node naming conventions.
Compensating Controls: If immediate patching is not possible, disable the wsrep_notify_cmd feature immediately to eliminate the attack vector.
Exploitation Status
Public Exploit Available: False
Analyst Notes: As of Jun 11, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
This vulnerability carries a maximum severity rating and must be treated as an emergency. If your MariaDB cluster uses Galera replication, verify if wsrep_notify_cmd is enabled and apply the necessary patches or configuration changes immediately.
Update MySQL server to the latest version. Monitor for exploitation attempts and review access logs.
PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page
PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page
---METADATA---
VENDOR: PhpWeasyPrint
PRODUCT: PhpWeasyPrint
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
PhpWeasyPrint is a PHP library that facilitates PDF generation from URLs or HTML pages, containing a vulnerability that requires immediate remediation.
Executive Summary:
A high-severity vulnerability exists in the PhpWeasyPrint library, potentially allowing unauthorized actions or system compromise through malicious PDF generation requests.
Vulnerability Details
CVE-ID: CVE-2026-49260
Affected Software: PhpWeasyPrint PhpWeasyPrint
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The vulnerability pertains to the core PDF generation functionality of the library. While the specific authentication requirements depend on implementation, such flaws often permit unauthenticated remote attackers to trigger unintended behavior or data exfiltration.
Business Impact
The CVSS score of 8.2 classifies this as a High-severity risk. Successful exploitation could lead to unauthorized system access, server-side request forgery (SSRF), or the exposure of sensitive internal data processed by the library, causing significant reputational and operational damage to the organization.
Remediation Plan
Immediate Action: Update to the latest version of the PhpWeasyPrint library as soon as a patch is released by the vendor.
Proactive Monitoring: Monitor server logs for unusual URL requests or high volumes of PDF generation requests that may indicate exploitation attempts.
Compensating Controls: Implement strict egress filtering on servers running this library to prevent unauthorized outgoing connections if the library is used to fetch external URLs.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 21, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Given the High-severity CVSS rating, organizations utilizing the PhpWeasyPrint library should prioritize this issue in their vulnerability management lifecycle. Administrators must monitor the vendor's security channels for the release of an official patch and apply it immediately upon availability to mitigate the risk of remote compromise.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
The mcp-pinot server defaults to an unauthenticated configuration, allowing any network-adjacent attacker to execute arbitrary SQL and mutate table co...
The mcp-pinot server defaults to an unauthenticated configuration, allowing any network-adjacent attacker to execute arbitrary SQL and mutate table configurations.
---METADATA---
VENDOR: Apache
PRODUCT: Pinot (via mcp-pinot)
AFFECTED_VERSIONS: 3.0.1 and below
---END_METADATA---
Description Summary:
The mcp-pinot server defaults to an unauthenticated configuration, allowing any network-adjacent attacker to execute arbitrary SQL and mutate table configurations.
Executive Summary:
The Apache Pinot MCP server is affected by a critical authentication bypass vulnerability that grants unauthenticated attackers full administrative control over the cluster.
Vulnerability Details
CVE-ID: CVE-2026-49257
Affected Software: Apache Pinot (mcp-pinot)
Affected Versions: 3.0.1 and below
Vulnerability: The software defaults to binding an HTTP MCP server to 0.0.0.0:8080 without requiring authentication. This creates a confused-deputy condition where an unauthenticated, network-adjacent attacker can perform unauthorized SQL queries, schema modifications, and table-config mutations using the server’s elevated privileges.
Business Impact
With a CVSS score of 10.0, this vulnerability represents the highest level of risk to the confidentiality, integrity, and availability of data stored in the Pinot cluster. An attacker can manipulate data, delete tables, or exfiltrate sensitive business information, potentially leading to total loss of trust in the platform and significant operational disruption.
Remediation Plan
Immediate Action: Upgrade to Apache Pinot version 3.1.0 or higher, which enforces secure authentication defaults.
Proactive Monitoring: Audit access logs for any unauthorized connections to port 8080 and monitor for suspicious SQL query patterns or unexpected configuration changes.
Compensating Controls: Immediately restrict access to the affected service by implementing network-level access control lists (ACLs) or firewalls to block external access to port 8080.
Exploitation Status
Public Exploit Available: False
Analyst Notes: As of June 18, 2026, there is no public information indicating active exploitation. However, the lack of authentication makes this a trivial target for automated scanners and malicious actors.
Analyst Recommendation
The severity of this issue cannot be overstated. Immediate transition to version 3.1.0 is mandatory. If an immediate upgrade is not feasible, the service must be taken offline or firewalled from all untrusted network segments to prevent unauthorized access.
Update Apache Pinot to the latest version. Monitor for exploitation attempts and review access logs.
Jellyfin is an open source self hosted media server
Jellyfin is an open source self hosted media server
---METADATA---
VENDOR: Jellyfin
PRODUCT: Media Server
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A vulnerability exists in the Jellyfin media server that may allow for unauthorized access or system compromise.
Executive Summary:
The Jellyfin media server is vulnerable to a high-severity flaw that could lead to unauthorized system access and potential compromise of media library integrity.
Vulnerability Details
CVE-ID: CVE-2026-49247
Affected Software: Jellyfin Media Server
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The vulnerability involves an unspecified security flaw within the Jellyfin self-hosted media server environment, necessitating prompt investigation into authentication and access control mechanisms. The precise vector remains under analysis, but it is classified as a high-risk security defect.
Business Impact
Successful exploitation of this vulnerability could result in unauthorized access to sensitive media libraries, potential data exfiltration, or complete server compromise. With a CVSS score of 8.8, this flaw represents a significant risk to the availability and confidentiality of the self-hosted environment, necessitating immediate prioritization of defensive measures.
Remediation Plan
Immediate Action: Review the official Jellyfin security advisories and apply the latest available software patches or version updates immediately.
Proactive Monitoring: Monitor server access logs for anomalous behavior, unauthorized login attempts, or unexpected API calls originating from unknown sources.
Compensating Controls: Implement network-level restrictions, such as placing the media server behind a reverse proxy with robust authentication and a configured Web Application Firewall (WAF) to filter malicious traffic.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 25, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Given the high CVSS score, administrators must treat this vulnerability as a priority. Ensure all Jellyfin instances are updated to the most recent secure version and audit current access logs for any signs of prior compromise to mitigate the risk of unauthorized access.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
The Angular Language Service VS Code Extension provides a rich editing experience for Angular templates
The Angular Language Service VS Code Extension provides a rich editing experience for Angular templates
---METADATA---
VENDOR: Google
PRODUCT: Angular Language Service VS Code Extension
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
The Angular Language Service extension for VS Code contains a high-severity vulnerability that may allow for unauthorized system interaction or code execution.
Executive Summary:
A high-severity vulnerability in the Angular Language Service VS Code extension poses a significant risk to developer environments and local workstation integrity.
Vulnerability Details
CVE-ID: CVE-2026-49241
Affected Software: Google Angular Language Service
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This vulnerability involves a flaw in the extension's template processing logic. While the specific authentication requirement is dependent on the exploit vector, such extension flaws often allow local attackers or malicious workspace configurations to trigger unintended code execution.
Business Impact
With a CVSS score of 8.7, this vulnerability represents a significant risk to organizational security. Successful exploitation could allow a malicious actor to gain unauthorized access to the developer's local machine, potentially leading to the exfiltration of sensitive source code, credentials, or lateral movement into the corporate network.
Remediation Plan
Immediate Action: Update the Angular Language Service extension within Visual Studio Code to the latest patched version provided by Google.
Proactive Monitoring: Review workstation logs and monitor for unusual process spawning originating from the VS Code extension host.
Compensating Controls: Restrict the use of untrusted VS Code extensions and utilize workspace trust features to limit the capabilities of extensions in sensitive directories.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 23, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Given the high CVSS score, organizations should treat this vulnerability with urgency. Developers should immediately verify their extension version and apply updates to prevent potential compromise of development environments.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Improper authentication in the two-factor authentication (2FA) feature in Devolutions Server 2026
Improper authentication in the two-factor authentication (2FA) feature in Devolutions Server 2026
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
An issue was discovered in Canonical Multipass before version 1
An issue was discovered in Canonical Multipass before version 1
---METADATA---
VENDOR: Canonical
PRODUCT: Multipass
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
CONFIDENCE: medium
MISSING: versions, patch, technical_details
---END_METADATA---
Description Summary:
A security vulnerability has been identified in Canonical Multipass, necessitating prompt review and remediation by system administrators.
Executive Summary:
Canonical Multipass is affected by a high-severity vulnerability that could allow for unauthorized access or system manipulation.
Vulnerability Details
CVE-ID: CVE-2026-49238
Affected Software: Canonical Multipass
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The software contains an unspecified security issue that requires further investigation; the specific authentication requirements are currently unknown.
Business Impact
The CVSS score of 8.4 indicates a high risk to environment security. Exploitation of this vulnerability could compromise the host system running Multipass instances, potentially leading to privilege escalation or unauthorized data access within the virtualized environment.
Remediation Plan
Immediate Action: Check for updates via the official Canonical Multipass release channels and apply all available security patches.
Proactive Monitoring: Audit virtual machine configuration changes and monitor host-level system logs for signs of unauthorized access or process execution.
Compensating Controls: Ensure that Multipass instances are run with the principle of least privilege and that host systems are hardened against unauthorized container or VM breakout attempts.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of May 29, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Security teams should treat this vulnerability as a priority due to the high CVSS score. Ensure all instances of Multipass are accounted for in your asset inventory and apply the vendor-provided patches as soon as they become available.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Unauthenticated Debug Service
Unauthenticated Debug Service
---METADATA---
VENDOR: Unknown
PRODUCT: Debug Service
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
An unauthenticated debug service vulnerability allows potential remote code execution or unauthorized system access.
Executive Summary:
A critical vulnerability in an exposed debug service allows unauthenticated attackers to potentially gain full control of the affected product.
Vulnerability Details
CVE-ID: CVE-2026-49195
Affected Software: Unknown, Debug Service
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The vulnerability resides in an unauthenticated debug service that is active by default or through misconfiguration. This allows an unauthenticated attacker to interact with the service and potentially execute commands with elevated privileges.
Business Impact
With a CVSS score of 8.8, this vulnerability represents a significant risk to the confidentiality, integrity, and availability of any system running the affected debug service. Successful exploitation could lead to full system compromise, data theft, and persistent unauthorized access.
Remediation Plan
Immediate Action: Disable the debug service immediately if it is not required for production operations. If required, ensure it is restricted to authorized internal management interfaces.
Proactive Monitoring: Monitor for unexpected network connections on ports associated with debug services and review system logs for unauthorized command execution.
Compensating Controls: Utilize host-based firewalls to block external access to debug ports and ensure the service is not exposed to the internet.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 9, 2026, there is no public information indicating active exploitation of this vulnerability. However, the presence of an unauthenticated debug interface is a severe security misconfiguration that must be addressed immediately.
Analyst Recommendation
Security teams should scan their environment for any instances of exposed debug services. We recommend taking the service offline immediately and applying vendor-provided security patches to remove the underlying vulnerability.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
The debugging routine SCREEN_CLICK(5053) enables a connection to skip the standard device login prompt entirely and directly enter an interactive shel...
The debugging routine SCREEN_CLICK(5053) enables a connection to skip the standard device login prompt entirely and directly enter an interactive shell interface
---METADATA---
VENDOR: Unknown
PRODUCT: Unknown
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
The SCREEN_CLICK(5053) debugging routine allows an unauthenticated connection to bypass the login prompt and access an interactive shell.
Executive Summary:
An authentication bypass vulnerability in a debugging routine allows attackers to gain direct shell access to the affected device without valid credentials.
Vulnerability Details
CVE-ID: CVE-2026-49194
Affected Software: Unknown
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The vulnerability resides in a specific debugging function, SCREEN_CLICK(5053), which fails to enforce authentication. This allows an attacker to bypass the login process entirely and gain an interactive shell interface.
Business Impact
The CVSS score of 8.8 indicates a high-risk scenario where an attacker can gain administrative access to the system. This level of access poses a severe threat, including full system control, data theft, and the ability to pivot into other parts of the network.
Remediation Plan
Immediate Action: Disable the affected debugging routine if possible or apply the vendor-provided security patch.
Proactive Monitoring: Monitor for unusual shell access, unexpected login events, and unauthorized connections to device interfaces.
Compensating Controls: Restrict network access to the affected device to trusted management networks and utilize network-level authentication (e.g., VPN) to mitigate unauthorized access.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 5, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
The ability to bypass authentication for a shell interface is an extreme security failure. Organizations must treat this as a high-priority incident and apply vendor updates or disable the vulnerable debug feature immediately to prevent unauthorized access.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
The M3WebServer in the Acer Connect M6E 5G router hard-codes backend API keys, which are exposed via verbose error pages.
The M3WebServer in the Acer Connect M6E 5G router hard-codes backend API keys, which are exposed via verbose error pages.
---METADATA---
VENDOR: Acer
PRODUCT: Connect M6E 5G Portable WiFi Router
AFFECTED_VERSIONS: Acer Connect M6E 5G Portable WiFi Router affected through M6E_AI_1.00.000019
---END_METADATA---
Description Summary:
The M3WebServer in the Acer Connect M6E 5G router hard-codes backend API keys, which are exposed via verbose error pages.
Executive Summary:
A critical security vulnerability in the Acer Connect M6E 5G router allows for the unauthorized retrieval of hard-coded API keys, potentially compromising backend services.
Vulnerability Details
CVE-ID: CVE-2026-49191
Affected Software: Acer Connect M6E 5G Portable WiFi Router
Affected Versions: Acer Connect M6E 5G Portable WiFi Router affected through M6E_AI_1.00.000019
Vulnerability: This vulnerability involves the use of hard-coded credentials within the M3WebServer component. These sensitive keys can be intercepted by unauthenticated attackers through verbose error handling pages generated by the web server.
Business Impact
The exposure of backend API keys grants attackers the ability to impersonate the device or access protected cloud services associated with the router. Given the CVSS score of 9.8, this vulnerability poses a severe risk to the confidentiality and integrity of the device's management ecosystem and associated infrastructure.
Remediation Plan
Immediate Action: Update the device firmware to the latest available version as specified in the Acer security advisory.
Proactive Monitoring: Monitor device access logs for unusual requests or repeated errors directed toward the web management interface.
Compensating Controls: Restrict access to the router's web management interface to trusted administrative IPs only, preventing external exposure of error pages.
Exploitation Status
Public Exploit Available: False
Analyst Notes: As of Jun 4, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
This vulnerability represents a significant security failure due to the exposure of sensitive credentials. Organizations using the Acer Connect M6E 5G must prioritize firmware updates to remediate the hard-coded key issue and secure the web server environment.
Update Unknown Multiple Products to the latest version. Check vendor security advisory for specific patch details. Monitor for exploitation attempts and review access logs.
The system fails to evaluate instructional permissions over multiple internal operation codes (opcodes), permitting unauthorized application installat...
The system fails to evaluate instructional permissions over multiple internal operation codes (opcodes), permitting unauthorized application installations or command executions
---METADATA---
VENDOR: Unknown
PRODUCT: Unknown
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
The system fails to enforce proper instructional permissions over internal opcodes, enabling unauthorized application installation or command execution.
Executive Summary:
A critical permission evaluation failure allows unauthorized actors to execute arbitrary commands or install malicious software on the affected system.
Vulnerability Details
CVE-ID: CVE-2026-49190
Affected Software: Unknown
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The vulnerability stems from an insufficient check on internal operation codes (opcodes). By bypassing these permission checks, an attacker can trigger unauthorized administrative functions, such as installing packages or executing system-level commands.
Business Impact
With a CVSS score of 8.8, this vulnerability represents a severe threat to system integrity and confidentiality. Unauthorized command execution could lead to a complete system compromise, data exfiltration, or the deployment of persistent backdoors.
Remediation Plan
Immediate Action: Apply the vendor-provided security patches immediately upon availability.
Proactive Monitoring: Audit system logs for unauthorized installation events, unexpected process execution, and changes to system configuration files.
Compensating Controls: Enforce strict application whitelisting and restrict administrative access to the system to prevent unauthorized command execution until a patch is applied.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 5, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
This vulnerability is highly critical due to the potential for full system control. It is recommended that organizations identify the affected software in their environment and apply remediation measures as soon as the vendor releases a security update.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
The ai_cmd utility on the Acer Connect M6E 5G router runs with root privileges and is vulnerable to unauthenticated command injection via popen().
The ai_cmd utility on the Acer Connect M6E 5G router runs with root privileges and is vulnerable to unauthenticated command injection via popen().
---METADATA---
VENDOR: Acer
PRODUCT: Connect M6E 5G Portable WiFi Router
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
The ai_cmd utility on the Acer Connect M6E 5G router runs with root privileges and is vulnerable to unauthenticated command injection via popen().
Executive Summary:
A critical vulnerability in the ai_cmd utility of the Acer Connect M6E 5G router allows unauthenticated attackers to execute arbitrary code with root-level privileges.
Vulnerability Details
CVE-ID: CVE-2026-49188
Affected Software: Acer Connect M6E 5G Portable WiFi Router
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The ai_cmd utility executes with full root permissions and pipes socket inputs directly into the popen() function without sanitization. This enables unauthenticated attackers to trigger arbitrary command execution with the highest level of system privilege.
Business Impact
Full root compromise allows an attacker to take complete control of the router, potentially leading to persistent malware installation, data interception, and lateral movement within the network. The CVSS score of 9.8 reflects the extreme risk this vulnerability poses to the host system.
Remediation Plan
Immediate Action: Apply the latest firmware update from Acer to patch the ai_cmd utility and sanitize input handling.
Proactive Monitoring: Audit system logs for unauthorized root process execution or suspicious socket activity.
Compensating Controls: Use network segmentation to ensure the device is not reachable from the public internet, limiting the attack surface for unauthenticated exploit attempts.
Exploitation Status
Public Exploit Available: False
Analyst Notes: As of Jun 4, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
This is a high-urgency vulnerability due to the root privilege escalation path. Immediate patching is required to prevent total system compromise by remote, unauthenticated attackers.
Update Unknown Multiple Products to the latest version. Check vendor security advisory for specific patch details. Monitor for exploitation attempts and review access logs.
The local MQTT broker on the Acer Connect M6E 5G router fails to enforce ACLs, allowing unauthorized clients to enumerate devices and publish rogue co...
The local MQTT broker on the Acer Connect M6E 5G router fails to enforce ACLs, allowing unauthorized clients to enumerate devices and publish rogue commands.
---METADATA---
VENDOR: Acer
PRODUCT: Connect M6E 5G Portable WiFi Router
AFFECTED_VERSIONS: Acer Connect M6E 5G Portable WiFi Router up to M6E_AI_1.00.000019
---END_METADATA---
Description Summary:
The local MQTT broker on the Acer Connect M6E 5G router fails to enforce ACLs, allowing unauthorized clients to enumerate devices and publish rogue commands.
Executive Summary:
A critical access control vulnerability in the Acer Connect M6E 5G router’s MQTT broker allows unauthorized clients to manipulate network devices and intercept data.
Vulnerability Details
CVE-ID: CVE-2026-49186
Affected Software: Acer Connect M6E 5G Portable WiFi Router
Affected Versions: Acer Connect M6E 5G Portable WiFi Router up to M6E_AI_1.00.000019
Vulnerability: The local MQTT broker lacks topic-level Access Control Lists (ACLs). This allows any client to use wildcard characters to subscribe to sensitive topics, enumerate hidden network devices, or publish unauthorized control commands.
Business Impact
The lack of access control exposes the internal network architecture and allows for rogue control of connected IoT/network devices. With a CVSS score of 9.8, this flaw poses a significant risk to the integrity and availability of the local network environment.
Remediation Plan
Immediate Action: Update to the latest firmware version to ensure proper MQTT broker configuration and ACL enforcement are implemented.
Proactive Monitoring: Monitor MQTT traffic for unexpected subscription patterns or unauthorized publish requests.
Compensating Controls: Isolate the router from untrusted network segments and restrict access to the MQTT broker port (typically 1883) to authorized internal clients only.
Exploitation Status
Public Exploit Available: False
Analyst Notes: As of Jun 4, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
The vulnerability significantly undermines the security of the local network. Organizations should prioritize updating the device firmware to enforce necessary access controls on the MQTT broker.
Update Unknown Multiple Products to the latest version. Check vendor security advisory for specific patch details. Monitor for exploitation attempts and review access logs.
The FieldX MDM component in the Acer Connect M6E 5G router is vulnerable to command injection via unverified payloads in the adb messaging topic.
The FieldX MDM component in the Acer Connect M6E 5G router is vulnerable to command injection via unverified payloads in the adb messaging topic.
---METADATA---
VENDOR: Acer
PRODUCT: Connect M6E 5G Portable WiFi Router
AFFECTED_VERSIONS: Acer Connect M6E 5G Portable WiFi Router up to M6E_AI_1.00.000019
---END_METADATA---
Description Summary:
The FieldX MDM component in the Acer Connect M6E 5G router is vulnerable to command injection via unverified payloads in the adb messaging topic.
Executive Summary:
A critical command injection vulnerability in the Acer Connect M6E 5G router's FieldX MDM module allows for arbitrary instruction execution.
Vulnerability Details
CVE-ID: CVE-2026-49185
Affected Software: Acer Connect M6E 5G Portable WiFi Router
Affected Versions: Acer Connect M6E 5G Portable WiFi Router up to M6E_AI_1.00.000019
Vulnerability: The vulnerability exists in the adb messaging topic, which fails to verify payloads before passing them to the Runtime.exec() function. This allows attackers to inject and execute arbitrary commands on the affected device.
Business Impact
The ability to execute arbitrary commands with high privileges provides an attacker with complete control over the device. Given the CVSS score of 9.8, this could lead to the compromise of the local network environment where the router is deployed.
Remediation Plan
Immediate Action: Apply the latest firmware update provided by Acer to address the command injection flaw in the MDM component.
Proactive Monitoring: Monitor for anomalous adb messaging traffic or unexpected process execution on the router.
Compensating Controls: Disable remote management and ADB-related features if they are not strictly required for current operations.
Exploitation Status
Public Exploit Available: False
Analyst Notes: As of Jun 4, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
This vulnerability is highly critical due to the ease of command execution. It is imperative that users update their firmware to the latest version to prevent unauthorized system control.
Update Unknown Multiple Products to the latest version. Check vendor security advisory for specific patch details. Monitor for exploitation attempts and review access logs.
Incorrect Default Permissions vulnerability in Apache ActiveMQ
Incorrect Default Permissions vulnerability in Apache ActiveMQ
---METADATA---
VENDOR: Apache
PRODUCT: ActiveMQ
AFFECTED_VERSIONS: Apache ActiveMQ: before 5.19.7, from 6.0.0 before 6.2.6
---END_METADATA---
Description Summary:
Incorrect default permissions in Apache ActiveMQ allow low-privilege web-login accounts to perform sensitive administrative operations via Jolokia.
Executive Summary:
A critical security flaw in Apache ActiveMQ permits low-privilege users to execute unauthorized administrative management operations due to improper default authorization settings.
Vulnerability Details
CVE-ID: CVE-2026-49157
Affected Software: Apache ActiveMQ
Affected Versions: Apache ActiveMQ: before 5.19.7, from 6.0.0 before 6.2.6
Vulnerability: The vulnerability stems from incorrect default Jolokia authorization settings. This allows an authenticated, low-privilege user to access and execute management operations—such as adding or removing queues—that are intended exclusively for administrators.
Business Impact
With a CVSS score of 8.8, this flaw poses a high risk to message broker integrity. An attacker could disrupt critical business services by manipulating queues or potentially causing a denial of service, leading to significant operational downtime and potential data loss within the messaging infrastructure.
Remediation Plan
Immediate Action: Upgrade Apache ActiveMQ to version 6.2.6 or 5.19.7 to correct the default authorization settings.
Proactive Monitoring: Audit ActiveMQ management logs for unauthorized attempts to invoke management operations from non-admin accounts.
Compensating Controls: Implement strict network-level access controls to limit access to the Jolokia management interface to authorized administrative personnel only.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 2, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
This vulnerability highlights the danger of overly permissive default configurations. Organizations running Apache ActiveMQ should prioritize updating to the patched versions immediately to prevent unauthorized management of the message broker, which is essential for maintaining system stability and data flow.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
BrowserStack Runner through 0
BrowserStack Runner through 0
---METADATA---
VENDOR: BrowserStack
PRODUCT: Runner
AFFECTED_VERSIONS: through 0.9.5
---END_METADATA---
Description Summary:
BrowserStack Runner contains a remote code execution vulnerability in its HTTP handler that can be exploited by unauthenticated, network-adjacent attackers.
Executive Summary:
BrowserStack Runner is vulnerable to remote code execution due to improper handling of JSON requests in its logging component.
Vulnerability Details
CVE-ID: CVE-2026-49143
Affected Software: BrowserStack Runner
Affected Versions: through 0.9.5
Vulnerability: The /_log HTTP handler in BrowserStack Runner fails to properly sanitize or authorize requests. An unauthenticated, network-adjacent attacker can submit a crafted JSON request body to execute arbitrary code on the host system.
Business Impact
The CVSS score of 8.8 highlights the critical nature of this RCE vulnerability. Successful exploitation grants attackers full control over the affected Runner instance, which could be used to disrupt testing pipelines or serve as a pivot point for further network infiltration.
Remediation Plan
Immediate Action: Update BrowserStack Runner to the latest version immediately to patch the vulnerable HTTP handler.
Proactive Monitoring: Monitor network traffic for anomalous JSON payloads directed toward the runner service and review system logs for unauthorized processes.
Compensating Controls: Implement strict network access controls to ensure that only authorized internal systems can communicate with the BrowserStack Runner service.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 3, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Given the risk of remote code execution, all instances of BrowserStack Runner must be updated to the latest version as soon as possible. Organizations should also verify that their runner instances are not exposed to untrusted networks or the public internet.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Music Player Daemon (MPD) before version 0
Music Player Daemon (MPD) before version 0
---METADATA---
VENDOR: Music Player Daemon (MPD)
PRODUCT: Music Player Daemon
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
CONFIDENCE: medium
MISSING: versions, patch, technical_details
---END_METADATA---
Description Summary:
A vulnerability has been identified in the Music Player Daemon (MPD) that may pose a security risk to systems running the software.
Executive Summary:
The Music Player Daemon (MPD) is susceptible to a high-severity vulnerability that could impact system security.
Vulnerability Details
CVE-ID: CVE-2026-49127
Affected Software: Music Player Daemon (MPD)
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The vulnerability exists within the MPD service; however, the lack of specific technical details prevents a definitive assessment of the authentication requirements.
Business Impact
With a CVSS score of 8.6, this vulnerability poses a substantial risk to the availability and security of the host system. Unauthorized exploitation could lead to service disruption or potential remote code execution, depending on the specific nature of the flaw.
Remediation Plan
Immediate Action: Verify the current version of MPD in use and monitor the project's official security advisories for patch releases.
Proactive Monitoring: Monitor system logs for crashes or unexpected service restarts, which may indicate an attempt to exploit the vulnerability.
Compensating Controls: Restrict access to the MPD service interface to trusted internal networks only, utilizing firewall rules to prevent unauthorized external connections.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of May 29, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Due to the high severity, it is critical to keep the Music Player Daemon updated to the latest secure version. Administrators should review their deployment configurations to ensure the service is not exposed to untrusted networks while awaiting a patch.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Medplum before 5
Medplum before 5
---METADATA---
VENDOR: Medplum
PRODUCT: Medplum
AFFECTED_VERSIONS: Medplum before 5.1.14
---END_METADATA---
Description Summary:
A server-side request forgery (SSRF) vulnerability in the Medplum subscription worker allows authenticated users to trigger unauthorized requests to internal services.
Executive Summary:
Medplum is affected by a high-severity SSRF vulnerability that allows authenticated attackers to exfiltrate sensitive data from internal infrastructure.
Vulnerability Details
CVE-ID: CVE-2026-49120
Affected Software: Medplum
Affected Versions: Medplum before 5.1.14
Vulnerability: This SSRF vulnerability in the subscription worker allows an authenticated user to create FHIR Subscription resources with arbitrary endpoint URLs. This flaw allows the application to be coerced into making unauthorized network requests to internal services.
Business Impact
With a CVSS score of 8.5, the vulnerability poses a significant risk of data exfiltration. Attackers can leverage this flaw to access internal resources, potentially stealing sensitive patient health information (PHI) or internal IAM credentials, leading to broader network compromise.
Remediation Plan
Immediate Action: Update the Medplum instance to version 5.1.14 or later to remediate the SSRF vulnerability.
Proactive Monitoring: Review audit logs for the creation of new FHIR Subscription resources, particularly those pointing to internal IP addresses or sensitive endpoints.
Compensating Controls: Restrict outbound network access from the subscription worker service to only necessary, trusted external endpoints using egress filtering.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 4, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Given the sensitivity of the data handled by Medplum, this vulnerability must be addressed urgently. Organizations should apply the update to version 5.1.14 and conduct a review of existing subscription resources to ensure no unauthorized endpoints have been configured.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Subscriber Arbitrary Code Execution in Cornerstone < 7
Subscriber Arbitrary Code Execution in Cornerstone < 7
---METADATA---
VENDOR: Cornerstone
PRODUCT: Cornerstone
AFFECTED_VERSIONS: < 7
---END_METADATA---
Description Summary:
Cornerstone versions prior to 7 allow arbitrary code execution for authenticated subscribers.
Executive Summary:
A high-severity vulnerability in Cornerstone allows authenticated subscribers to execute arbitrary code, potentially leading to full system compromise.
Vulnerability Details
CVE-ID: CVE-2026-49113
Affected Software: Cornerstone Cornerstone
Affected Versions: < 7
Vulnerability: The vulnerability allows an authenticated subscriber to achieve arbitrary code execution. By exploiting this flaw, a user with low-level access can elevate their privileges and execute commands on the server.
Business Impact
A CVSS score of 8.5 highlights the significant danger posed by this vulnerability. The ability to execute arbitrary code grants an attacker total control over the affected application, leading to potential data breaches, malware deployment, or lateral movement within the network.
Remediation Plan
Immediate Action: Upgrade Cornerstone to version 7 or higher immediately to eliminate the code execution vector.
Proactive Monitoring: Monitor for abnormal system processes, unauthorized service executions, and unexpected modifications to system files.
Compensating Controls: Restrict user permissions and monitor account activity for signs of privilege escalation or unusual administrative commands.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 18, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
While this requires authentication, the impact—arbitrary code execution—is extreme. Administrators must ensure that all subscriber accounts are audited and the application is patched immediately to prevent exploitation of this critical flaw.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Incorrect Privilege Assignment vulnerability in ThemeGrill Masteriyo - LMS allows Privilege Escalation
Incorrect Privilege Assignment vulnerability in ThemeGrill Masteriyo - LMS allows Privilege Escalation
---METADATA---
VENDOR: ThemeGrill
PRODUCT: Masteriyo - LMS
AFFECTED_VERSIONS: Masteriyo - LMS: from n/a through 2.2.0
---END_METADATA---
Description Summary:
ThemeGrill Masteriyo - LMS contains an incorrect privilege assignment vulnerability that permits unauthorized privilege escalation.
Executive Summary:
A critical privilege escalation vulnerability in ThemeGrill Masteriyo - LMS allows lower-privileged users to gain unauthorized administrative access to the system.
Vulnerability Details
CVE-ID: CVE-2026-49111
Affected Software: ThemeGrill Masteriyo - LMS
Affected Versions: Masteriyo - LMS: from n/a through 2.2.0
Vulnerability: This vulnerability (CWE-266) arises from incorrect privilege assignment within the Masteriyo - LMS plugin. It allows an authenticated user to escalate their current privileges to an administrative level with ease.
Business Impact
With a CVSS score of 8.8, this vulnerability represents a high-severity risk to business operations. Unauthorized administrative access can lead to the total compromise of the Learning Management System, including the theft of student data, modification of course content, and potential lateral movement into the host WordPress environment.
Remediation Plan
Immediate Action: Update the Masteriyo - LMS plugin to a version beyond 2.2.0 immediately to resolve the privilege assignment flaw.
Proactive Monitoring: Audit user account roles and permissions regularly, specifically looking for users who have been granted administrative privileges unexpectedly.
Compensating Controls: Restrict access to administrative portals to trusted IP ranges and employ a WAF to monitor for attempts to execute administrative-level functions by non-admin users.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 16, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
The ease of exploitation for this privilege escalation flaw necessitates immediate attention. Administrators must prioritize updating the Masteriyo plugin and conduct a thorough audit of current user permissions to ensure no unauthorized administrative accounts have already been established.
Update to patched version immediately. Review user permissions and access controls.
An unauthenticated PHP Object Injection vulnerability in the CRM Perks Integration for Salesforce allows remote attackers to achieve arbitrary code ex...
An unauthenticated PHP Object Injection vulnerability in the CRM Perks Integration for Salesforce allows remote attackers to achieve arbitrary code execution.
---METADATA---
VENDOR: CRM Perks
PRODUCT: Integration for Salesforce
AFFECTED_VERSIONS: <= 1.4.3
---END_METADATA---
Description Summary:
An unauthenticated PHP Object Injection vulnerability in the CRM Perks Integration for Salesforce allows remote attackers to achieve arbitrary code execution.
Executive Summary:
A critical unauthenticated PHP Object Injection vulnerability in the CRM Perks Integration for Salesforce creates a severe risk of full system compromise.
Vulnerability Details
CVE-ID: CVE-2026-49109
Affected Software: CRM Perks, Integration for Salesforce
Affected Versions: <= 1.4.3
Vulnerability: This vulnerability is an unauthenticated PHP Object Injection flaw. Attackers can bypass authentication to inject malicious objects, which are deserialized by the application, potentially resulting in remote code execution.
Business Impact
The CVSS score of 9.8 indicates that this vulnerability is critical. Exploitation could lead to complete system takeover, unauthorized access to Salesforce integration data, and significant risk to the overall security posture of the affected organization.
Remediation Plan
Immediate Action: Update the Integration for Salesforce plugin to the latest version immediately as per vendor instructions.
Proactive Monitoring: Review server logs for signs of unauthorized access, particularly requests that involve complex or malformed serialized data strings.
Compensating Controls: Deploy a WAF with protective rules specifically targeting PHP deserialization vulnerabilities to block exploitation attempts.
Exploitation Status
Public Exploit Available: False
Analyst Notes: As of Jun 15, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Given the critical nature of this vulnerability, immediate remediation is essential. Users must update to the latest plugin version to protect against potential unauthenticated remote code execution attacks.
Update HP Object Injection to the latest version. Check vendor security advisory for specific patch details. Monitor for exploitation attempts and review access logs.
An unauthenticated PHP Object Injection vulnerability exists in the CRM Perks Integration for Contact Form 7 and Constant Contact, enabling potential...
An unauthenticated PHP Object Injection vulnerability exists in the CRM Perks Integration for Contact Form 7 and Constant Contact, enabling potential remote code execution.
---METADATA---
VENDOR: CRM Perks
PRODUCT: Integration for Contact Form 7 and Constant Contact
AFFECTED_VERSIONS: <= 1.1.6
---END_METADATA---
Description Summary:
An unauthenticated PHP Object Injection vulnerability exists in the CRM Perks Integration for Contact Form 7 and Constant Contact, enabling potential remote code execution.
Executive Summary:
A critical unauthenticated PHP Object Injection vulnerability in the CRM Perks integration for Constant Contact poses a severe risk of remote system compromise.
Vulnerability Details
CVE-ID: CVE-2026-49106
Affected Software: CRM Perks, Integration for Contact Form 7 and Constant Contact
Affected Versions: <= 1.1.6
Vulnerability: The vulnerability is an unauthenticated PHP Object Injection flaw. This allows remote attackers to supply malicious serialized data to the application, which is then insecurely deserialized, potentially leading to arbitrary code execution.
Business Impact
A CVSS score of 9.8 underscores the critical nature of this vulnerability. An attacker can exploit this flaw to gain unauthorized access to the underlying server, potentially compromising sensitive business data and leading to a total loss of system integrity.
Remediation Plan
Immediate Action: Update the Integration for Contact Form 7 and Constant Contact plugin to the latest version to address the vulnerability.
Proactive Monitoring: Perform regular audits of application logs to identify suspicious activity or unusual input patterns directed at the plugin.
Compensating Controls: Use a Web Application Firewall (WAF) to block requests containing serialized object patterns, providing a temporary shield until the official patch is applied.
Exploitation Status
Public Exploit Available: False
Analyst Notes: As of Jun 15, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
This vulnerability is highly critical and presents a significant security risk. Administrators must apply the latest plugin updates immediately to mitigate the threat of remote code execution.
Update HP Object Injection to the latest version. Check vendor security advisory for specific patch details. Monitor for exploitation attempts and review access logs.
An unauthenticated PHP Object Injection vulnerability in the WP Zendesk integration for WordPress allows attackers to execute arbitrary code via deser...
An unauthenticated PHP Object Injection vulnerability in the WP Zendesk integration for WordPress allows attackers to execute arbitrary code via deserialization of untrusted data.
---METADATA---
VENDOR: CRM Perks
PRODUCT: WP Zendesk
AFFECTED_VERSIONS: <= 1.1.4
---END_METADATA---
Description Summary:
An unauthenticated PHP Object Injection vulnerability in the WP Zendesk integration for WordPress allows attackers to execute arbitrary code via deserialization of untrusted data.
Executive Summary:
A critical unauthenticated PHP Object Injection vulnerability in the WP Zendesk plugin exposes the host system to potential remote code execution.
Vulnerability Details
CVE-ID: CVE-2026-49105
Affected Software: CRM Perks, WP Zendesk
Affected Versions: <= 1.1.4
Vulnerability: This vulnerability is a deserialization of untrusted data (CWE-502) that can be triggered by unauthenticated remote attackers. The lack of proper input validation allows the injection of malicious objects into the application's PHP execution flow.
Business Impact
The CVSS score of 9.8 highlights the critical nature of this vulnerability. Successful exploitation could lead to total compromise of the WordPress site, resulting in the unauthorized access to Zendesk credentials, customer data, and full remote control over the server environment.
Remediation Plan
Immediate Action: Update the WP Zendesk plugin to the latest version as soon as the vendor makes a patch available.
Proactive Monitoring: Monitor application logs for unexpected behavior or errors related to deserialization or unusual object instantiation processes.
Compensating Controls: Implement a WAF to filter malicious traffic and prevent the delivery of serialized PHP objects to the vulnerable plugin endpoints.
Exploitation Status
Public Exploit Available: False
Analyst Notes: As of Jun 15, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Due to the critical severity and the ease of exploitation for unauthenticated users, immediate patching is mandatory. Organizations should verify their plugin version and apply updates as soon as the vendor releases the security fix.
Update HP Object Injection to the latest version. Check vendor security advisory for specific patch details. Monitor for exploitation attempts and review access logs.
An unauthenticated PHP Object Injection vulnerability in the CRM Perks Integration for Keap/infusionsoft allows remote attackers to perform deserializ...
An unauthenticated PHP Object Injection vulnerability in the CRM Perks Integration for Keap/infusionsoft allows remote attackers to perform deserialization of untrusted data.
---METADATA---
VENDOR: CRM Perks
PRODUCT: Integration for Keap/infusionsoft
AFFECTED_VERSIONS: <= 1.2.1
---END_METADATA---
Description Summary:
An unauthenticated PHP Object Injection vulnerability in the CRM Perks Integration for Keap/infusionsoft allows remote attackers to perform deserialization of untrusted data.
Executive Summary:
A critical unauthenticated PHP Object Injection vulnerability in the CRM Perks Integration for Keap/infusionsoft plugin creates a high risk of remote system compromise.
Vulnerability Details
CVE-ID: CVE-2026-49104
Affected Software: CRM Perks, Integration for Keap/infusionsoft
Affected Versions: <= 1.2.1
Vulnerability: The vulnerability allows remote, unauthenticated attackers to perform deserialization of untrusted data. This flaw, classified as CWE-502, enables the execution of arbitrary code by injecting malicious PHP objects into the application.
Business Impact
With a CVSS score of 9.8, this vulnerability represents a critical risk to the confidentiality, integrity, and availability of the affected system. Exploitation would likely grant an attacker full administrative control over the WordPress installation, facilitating data theft and potential backend system infiltration.
Remediation Plan
Immediate Action: Update the CRM Perks Integration for Keap/infusionsoft plugin to the latest version immediately to patch the insecure deserialization vulnerability.
Proactive Monitoring: Monitor server logs for unauthorized access attempts or suspicious serialized object patterns frequently associated with PHP injection attacks.
Compensating Controls: Utilize a Web Application Firewall (WAF) to inspect incoming traffic and block requests containing suspicious serialized PHP payloads.
Exploitation Status
Public Exploit Available: False
Analyst Notes: As of Jun 15, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
This vulnerability is critical and requires urgent attention. System administrators must prioritize updating the affected plugin to the latest version to eliminate the risk of unauthenticated remote code execution.
Update HP Object Injection to the latest version. Check vendor security advisory for specific patch details. Monitor for exploitation attempts and review access logs.
An unauthenticated PHP Object Injection vulnerability exists in the WP Insightly integration plugin for various WordPress form builders, allowing pote...
An unauthenticated PHP Object Injection vulnerability exists in the WP Insightly integration plugin for various WordPress form builders, allowing potential remote code execution.
---METADATA---
VENDOR: CRM Perks
PRODUCT: WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms
AFFECTED_VERSIONS: <= 1.1.4
---END_METADATA---
Description Summary:
An unauthenticated PHP Object Injection vulnerability exists in the WP Insightly integration plugin for various WordPress form builders, allowing potential remote code execution.
Executive Summary:
A critical unauthenticated PHP Object Injection vulnerability in the WP Insightly plugin poses a severe risk of remote code execution and full system compromise.
Vulnerability Details
CVE-ID: CVE-2026-49085
Affected Software: CRM Perks, WP Insightly
Affected Versions: <= 1.1.4
Vulnerability: This vulnerability involves the insecure deserialization of untrusted data, categorized as PHP Object Injection. Because the vulnerability is unauthenticated, a remote attacker can trigger this flaw without requiring prior access to the WordPress administrative environment.
Business Impact
The CVSS score of 9.8 reflects the extreme severity of this flaw, as it permits unauthorized code execution. Successful exploitation could lead to total site compromise, exfiltration of sensitive customer data, and the potential for lateral movement within the hosting environment, resulting in significant operational downtime and reputational harm.
Remediation Plan
Immediate Action: Update the WP Insightly integration plugin to the latest available version provided by the vendor to remediate the deserialization flaw.
Proactive Monitoring: Review web server access logs for anomalous POST requests containing serialized PHP objects or suspicious character strings.
Compensating Controls: Deploy a Web Application Firewall (WAF) with rules configured to detect and block malicious serialized input patterns targeting PHP deserialization sinks.
Exploitation Status
Public Exploit Available: False
Analyst Notes: As of Jun 15, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Given the critical CVSS severity and the unauthenticated nature of this vulnerability, immediate patching is required. Administrators should verify their current version and update the plugin immediately to prevent potential remote exploitation.
Update HP Object Injection to the latest version. Check vendor security advisory for specific patch details. Monitor for exploitation attempts and review access logs.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpWax Directorist Booking allows Blind SQL Injec...
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpWax Directorist Booking allows Blind SQL Injection
---METADATA---
VENDOR: wpWax
PRODUCT: Directorist Booking
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A blind SQL injection vulnerability in the wpWax Directorist Booking plugin allows authenticated users to exfiltrate database information.
Executive Summary:
The Directorist Booking plugin contains a critical blind SQL injection vulnerability that allows authenticated attackers to perform unauthorized database queries.
Vulnerability Details
CVE-ID: CVE-2026-49073
Affected Software: wpWax Directorist Booking
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This flaw stems from insufficient neutralization of user-supplied input within the plugin's booking functionality. Authenticated users can execute blind SQL injection attacks, potentially leading to the extraction of sensitive data from the database.
Business Impact
With a CVSS score of 8.5, this vulnerability represents a high risk to business operations. Exploitation could result in the theft of proprietary business data, customer booking information, or other sensitive records, leading to significant reputational and operational damage.
Remediation Plan
Immediate Action: Update the Directorist Booking plugin to the latest patched version released by wpWax.
Proactive Monitoring: Review database access logs for unusual, high-frequency query patterns that may indicate automated data exfiltration attempts.
Compensating Controls: Implement WAF filtering to intercept and block SQL injection payloads targeting the application's booking endpoints.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 18, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Administrators must treat this vulnerability with high urgency. Applying the provided vendor update is the only definitive way to remediate the flaw and protect against potential data exfiltration by authenticated users.
Apply vendor patches immediately. Review database access controls and enable query logging.
Unauthenticated Broken Access Control in Hippoo Mobile App for WooCommerce <= 1
Unauthenticated Broken Access Control in Hippoo Mobile App for WooCommerce <= 1
---METADATA---
VENDOR: Hippoo
PRODUCT: Mobile App for WooCommerce
AFFECTED_VERSIONS: <= 1
---END_METADATA---
Description Summary:
The Hippoo Mobile App for WooCommerce version 1 and below contains an unauthenticated broken access control vulnerability, allowing unauthorized access to restricted functions.
Executive Summary:
A critical broken access control vulnerability in the Hippoo Mobile App for WooCommerce allows unauthenticated attackers to bypass security restrictions and access unauthorized functionality.
Vulnerability Details
CVE-ID: CVE-2026-49065
Affected Software: Hippoo Mobile App for WooCommerce
Affected Versions: <= 1
Vulnerability: This is an unauthenticated broken access control flaw where the application fails to enforce proper authorization checks on sensitive backend functions. This allows an attacker to interact with the API or application features without needing to provide valid credentials.
Business Impact
With a CVSS score of 8.2, this vulnerability poses a high risk to the security of the WooCommerce store. Unauthorized access could lead to the exposure of customer personal identifiable information (PII), order history, or the ability to manipulate store settings, causing significant reputational and financial damage.
Remediation Plan
Immediate Action: Update the Hippoo Mobile App for WooCommerce to the latest version that includes the security patch for access control.
Proactive Monitoring: Audit API logs for suspicious access patterns or unauthorized calls to administrative or sensitive endpoints.
Compensating Controls: Use a Web Application Firewall (WAF) to restrict access to sensitive API paths and monitor for unusual request volumes from external IP addresses.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 16, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Broken access control is a major security failure that can lead to complete data exposure. It is imperative that users of this plugin update to the latest version immediately to close the security gap and protect store data.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Authentication Bypass Using an Alternate Path or Channel vulnerability in WP Engine Faust
Authentication Bypass Using an Alternate Path or Channel vulnerability in WP Engine Faust
---METADATA---
VENDOR: WP Engine
PRODUCT: Faust.Js
AFFECTED_VERSIONS: Faust.Js: from n/a through 1.8.7
---END_METADATA---
Description Summary:
WP Engine Faust.Js contains an authentication bypass vulnerability that allows unauthorized password recovery exploitation.
Executive Summary:
A critical authentication bypass vulnerability in WP Engine Faust.Js could allow attackers to perform unauthorized password recovery actions, potentially leading to full account takeover.
Vulnerability Details
CVE-ID: CVE-2026-49062
Affected Software: WP Engine Faust.Js
Affected Versions: Faust.Js: from n/a through 1.8.7
Vulnerability: This vulnerability (CWE-288) involves an authentication bypass using an alternate path or channel within the Faust.Js framework. It specifically facilitates the exploitation of password recovery mechanisms, allowing an unauthenticated attacker to manipulate the process.
Business Impact
The vulnerability carries a CVSS score of 8.8, indicating a high severity risk. Successful exploitation could result in unauthorized access to user accounts, leading to sensitive data exposure and potential compromise of the underlying web application. The ability to bypass authentication during password recovery poses a significant risk to user integrity and overall system security.
Remediation Plan
Immediate Action: Update the Faust.Js framework to a version beyond 1.8.7 as specified in the vendor advisory.
Proactive Monitoring: Monitor authentication logs for suspicious password reset requests or anomalous account access patterns.
Compensating Controls: Implement a Web Application Firewall (WAF) with rules configured to block abnormal traffic patterns associated with password recovery endpoints.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 16, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Given the high CVSS score and the critical nature of authentication bypass flaws, it is imperative that administrators apply the relevant security updates immediately. Failure to patch allows for trivial account compromise; ensure all instances of Faust.Js are verified and updated to secure versions.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
An incorrect privilege assignment vulnerability in Hippoo Mobile App for WooCommerce allows remote attackers to perform privilege escalation.
An incorrect privilege assignment vulnerability in Hippoo Mobile App for WooCommerce allows remote attackers to perform privilege escalation.
---METADATA---
VENDOR: Hippoo Mobile
PRODUCT: Hippoo Mobile App for WooCommerce
AFFECTED_VERSIONS: Hippoo Mobile App for WooCommerce: from n/a through 1.9.4
---END_METADATA---
Description Summary:
An incorrect privilege assignment vulnerability in Hippoo Mobile App for WooCommerce allows remote attackers to perform privilege escalation.
Executive Summary:
A critical privilege escalation vulnerability in the Hippoo Mobile App for WooCommerce allows unauthorized users to gain elevated administrative access.
Vulnerability Details
CVE-ID: CVE-2026-49060
Affected Software: Hippoo Mobile App for WooCommerce
Affected Versions: Hippoo Mobile App for WooCommerce: from n/a through 1.9.4
Vulnerability: The application suffers from improper handling of user permissions, allowing an attacker to manipulate access controls and gain privileges they are not authorized to possess.
Business Impact
With a CVSS score of 9.8, this vulnerability allows attackers to gain unauthorized administrative control over the WooCommerce environment. This can result in the modification of store settings, financial fraud, and unauthorized access to customer order data.
Remediation Plan
Immediate Action: Update the Hippoo Mobile App for WooCommerce to the latest available version to resolve the privilege assignment flaw.
Proactive Monitoring: Audit user roles and permissions within the WooCommerce environment for any anomalous changes or unauthorized account escalations.
Compensating Controls: Implement the principle of least privilege by restricting administrative access to the WooCommerce backend and monitoring for suspicious login activity.
Exploitation Status
Public Exploit Available: False
Analyst Notes: As of Jun 11, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
This vulnerability poses a significant risk to the integrity of e-commerce operations. Users should verify their plugin versions and ensure that any user account with administrative rights is protected by multi-factor authentication while awaiting the update.
Update Hippoo Mobile Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
A vulnerability was determined in Tenda AC5 15
A vulnerability was determined in Tenda AC5 15
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was found in Tenda AC5 15
A vulnerability was found in Tenda AC5 15
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
---METADATA---
VENDOR: Markdown Preview Enhanced
PRODUCT: Markdown Preview Enhanced
AFFECTED_VERSIONS: Markdown Preview Enhanced before 0.8.28
---END_METADATA---
Description Summary:
Markdown Preview Enhanced contains a remote code execution vulnerability due to improper parsing of Bitfield fenced code blocks using unsafe JavaScript evaluation.
Executive Summary:
A critical remote code execution vulnerability in Markdown Preview Enhanced allows unauthenticated attackers to execute arbitrary code via crafted markdown documents.
Vulnerability Details
CVE-ID: CVE-2026-49493
Affected Software: Markdown Preview Enhanced
Affected Versions: Markdown Preview Enhanced before 0.8.28
Vulnerability: The application utilizes the
interpretJS()function to parse Bitfield fenced code blocks, which evaluates content viavm.runInNewContext(). This allows an unauthenticated attacker to trigger arbitrary code execution on the server side when a malicious markdown document is rendered or exported.Business Impact
With a CVSS score of 8.8, this vulnerability poses a severe risk to organizational infrastructure. Successful exploitation grants an attacker the ability to execute code with the privileges of the application process, potentially leading to full system compromise, unauthorized data access, and lateral movement within the network.
Remediation Plan
Immediate Action: Upgrade to version 0.8.28 or later immediately to implement secure JSON5 parsing for bitfield definitions.
Proactive Monitoring: Audit server logs for unexpected child process creation or unusual outbound network connections originating from the markdown rendering service.
Compensating Controls: Implement strict input validation or utilize a Web Application Firewall (WAF) to inspect incoming markdown content for suspicious Bitfield patterns, though patching remains the only definitive fix.
Exploitation Status
Public Exploit Available: true
Analyst Notes: As of June 7, 2026, public proof-of-concept exploits exist for this vulnerability. Given the ease of triggering this flaw through document rendering, the potential for exploitation is extremely high.
Analyst Recommendation
The severity of this vulnerability, combined with the availability of public exploit code, necessitates immediate action. Administrators must prioritize updating to version 0.8.28 to mitigate the risk of remote code execution.