nick

Vulnerability Intelligence Report — June 7, 2026 Coverage: June 6–7, 2026 | New items: 4 | KEV deadlines June 9 (OpenSSL): 1 | KEV deadlines … Read More

An authentication bypass vulnerability in the Hippoo Mobile App for WooCommerce WordPress plugin, tracked as CVE-2026-10580 (CVSS 9.8), allows unauthenticated attackers to gain administrator-level access … Read More

An argument injection vulnerability in ansible-core’s ansible-galaxy role install command, tracked as CVE-2026-11332 (CVSS 7.8), allows a malicious Ansible role to execute arbitrary code on … Read More

Six privilege escalation vulnerabilities have been disclosed in the X.Org X server and Xwayland, the display server infrastructure present on virtually every Linux and Unix … Read More

A critical remote code execution vulnerability in the Hugging Face Transformers library, tracked as CVE-2026-4372, allows an attacker to execute arbitrary code by crafting a … Read More

Vulnerability Intelligence Report — June 6, 2026 Coverage: June 5–6, 2026 | New CISA KEV additions: 1 | New items: 5 | KEV deadlines today: … Read More

Two vulnerabilities in Microsoft Copilot have been disclosed: an injection vulnerability in Copilot Chat for Microsoft Edge (CVE-2026-47644, CVSS 6.5) and a command injection vulnerability … Read More

An information disclosure vulnerability in Microsoft Graph, tracked as CVE-2026-47655 (CVSS 6.5), allows an authorised attacker to disclose information over a network. Microsoft Graph is … Read More

Two vulnerabilities in Microsoft Defender have been disclosed: a heap-based buffer overflow (CVE-2026-45584, CVSS 8.1) enabling unauthorised remote code execution, and a denial-of-service vulnerability (CVE-2026-45498, … Read More

Microsoft has acknowledged a security feature bypass vulnerability in Windows BitLocker, publicly known as “YellowKey” and tracked as CVE-2026-45585. The vulnerability affects Windows 11 (24H2, … Read More