An unauthenticated SQL injection vulnerability in the GEO my WP WordPress plugin, tracked as CVE-2026-9757, allows remote attackers to execute arbitrary SQL queries against the … Read More
A privilege escalation vulnerability in the Simple History WordPress plugin, tracked as CVE-2026-7459, allows authenticated attackers with Subscriber-level access — the lowest WordPress user role … Read More
A remote code execution vulnerability in the Spectra — Gutenberg Blocks plugin for WordPress, tracked as CVE-2026-7465, allows authenticated attackers with Contributor-level access or higher … Read More
A local privilege escalation vulnerability in the Linux kernel’s CIFS subsystem — named CIFSwitch by its discoverer — allows any unprivileged local user to gain … Read More
Palo Alto Networks has disclosed an authentication bypass vulnerability in PAN-OS GlobalProtect, tracked as CVE-2026-0257, carrying a CVSS score of 9.1. The vulnerability has been … Read More
Vulnerability Intelligence Report — May 31, 2026 Coverage: May 30–31, 2026 | New items this report: 5 | Exploitation status changes: 1 | CISA KEV … Read More
Vulnerability Intelligence Report — May 30, 2026 Coverage: May 29–30, 2026 | New items this report: 6 | CISA KEV additions: 1 | Actively exploitable: … Read More
Vulnerability Intelligence Report — May 29, 2026 Coverage: May 28–29, 2026 | New items this report: 8 | Actively exploited: 4 Previous report: May 28, … Read More
Drupal has disclosed a critical SQL injection vulnerability in Drupal Core, tracked as CVE-2026-9082, that carries a CVSS score of 9.8. The vulnerability has been … Read More
Quick Reference – Active Vulnerabilities and Affected Software Nx Console: CVE-2026-48027 (KEV, due June 10) TanStack: CVE-2026-45321 (KEV, due June 10) Daemon Tools Lite: CVE-2026-8398 … Read More
