Google has confirmed active exploitation of a zero-day vulnerability in the Android Framework, tracked as CVE-2025-48595, that allows local privilege escalation on Android 14 and … Read More
Vulnerability Intelligence Report — June 3, 2026 Coverage: June 2–3, 2026 | New CISA KEV additions: 2 | KEV deadlines today: 7 | KEV deadlines … Read More
A critical privilege escalation vulnerability in the Kirki — Freeform Page Builder plugin for WordPress, tracked as CVE-2026-8206, allows unauthenticated attackers to take over any … Read More
IBM has disclosed three critical vulnerabilities in IBM WebSphere Application Server versions 8.5 and 9.0, tracked as CVE-2026-8644, CVE-2026-9311, and CVE-2026-9319. The vulnerabilities include identity … Read More
A hardcoded credentials vulnerability in Apache Solr, tracked as CVE-2026-44825, causes the Basic Authentication setup tool to silently install additional administrator accounts with publicly known … Read More
Oracle WebLogic Server contains a vulnerability, tracked as CVE-2024-21182, that allows unauthenticated attackers with network access via the T3 and IIOP protocols to compromise the … Read More
A critical memory overread vulnerability in Citrix NetScaler ADC and NetScaler Gateway, tracked as CVE-2026-3055, allows unauthenticated remote code execution when the appliance is configured … Read More
A critical stack-based buffer overflow vulnerability in the Windows Netlogon service, tracked as CVE-2026-41089, allows unauthenticated attackers to execute arbitrary code over the network on … Read More
Vulnerability Intelligence Report — June 2, 2026 Coverage: June 1–2, 2026 | New CISA KEV additions: 1 | New items this report: 7 | KEV … Read More
A critical privilege escalation vulnerability in the WP Maps Pro WordPress plugin, tracked as CVE-2026-8732, allows unauthenticated attackers to create rogue administrator accounts on affected … Read More
