nick, Author at Threat-Modeling.com

Microsoft SharePoint Deserialization Vulnerabilities (CVE-2026-47294, CVE-2026-45659): Authenticated Remote Code Execution

June 5, 2026 by nick

Two deserialization vulnerabilities in Microsoft SharePoint Server, tracked as CVE-2026-47294 (CVSS 8.0) and CVE-2026-45659 (CVSS 8.8), allow authenticated attackers to execute arbitrary code over a … Read More

Azure Resource Manager Authentication Bypass (CVE-2026-47280): CVSS 10.0 Privilege Escalation in Azure Management Platform

June 5, 2026 by nick

An improper authentication vulnerability in Azure Resource Manager (ARM), tracked as CVE-2026-47280, allows an unauthorised attacker to elevate privileges over a network. The vulnerability carries … Read More

Acer Connect M6E 5G Router Critical Firmware Vulnerabilities (CVE-2026-49185 through CVE-2026-50213): Multiple Unauthenticated RCE and Authentication Bypass Flaws

June 5, 2026 by nick

Multiple critical vulnerabilities have been disclosed in Acer Connect M6E 5G router firmware, including unauthenticated remote code execution, authentication bypass, hardcoded credentials, and cleartext logging … Read More

OpenShift Cloud Credential Operator Privilege Escalation (CVE-2026-10843): Overly Permissive AWS IAM Policies Enable Cross-Account Impact

June 5, 2026 by nick

A privilege escalation vulnerability in the OpenShift Cloud Credential Operator (CCO), tracked as CVE-2026-10843, provisions AWS IAM policies with account-wide scope for destructive actions rather … Read More

OpenStack Ironic Path Traversal (CVE-2026-48681): File Overwrite via Crafted ISO During Bare Metal Deployment

June 5, 2026 by nick

A path traversal vulnerability in OpenStack Ironic, the bare metal provisioning service, tracked as CVE-2026-48681, allows an attacker to overwrite arbitrary files during deployment by … Read More

binding.gyp npm Supply Chain Attack: Dozens of Packages Compromised Across Maintainer Accounts

June 5, 2026 by nick

A supply chain attack targeting the npm ecosystem has compromised dozens of packages across multiple maintainer accounts, using the binding.gyp package — a core build … Read More

Seagull BarTender Unauthenticated Remote Code Execution (CVE-2026-25550): .NET Remoting Vulnerability in Enterprise Label Automation Platform

June 5, 2026 by nick

An unauthenticated remote code execution vulnerability in Seagull Scientific BarTender, tracked as CVE-2026-25550, allows attackers to execute arbitrary commands on affected systems via the exposed … Read More

Microsoft Exchange Online Information Disclosure (CVE-2026-48579): Unauthorized Access to Email and Collaboration Data

June 5, 2026 by nick

An improper authorization vulnerability in Microsoft Exchange Online, tracked as CVE-2026-48579, allows an unauthorised attacker to disclose information over a network. The vulnerability carries a … Read More

Azure HorizonDB Authentication Bypass (CVE-2026-48567): CVSS 10.0 — Maximum Severity in Microsoft Azure Database Service

June 5, 2026 by nick

A maximum-severity authentication bypass vulnerability in Azure HorizonDB, tracked as CVE-2026-48567, allows an unauthenticated attacker to elevate privileges over a network. The vulnerability carries a … Read More

Cisco SD-WAN Manager Root Command Execution (CVE-2026-20245): Actively Exploited Vulnerability in Network Management Platform

June 5, 2026 by nick

A critical vulnerability in Cisco SD-WAN Manager, tracked as CVE-2026-20245, allows attackers to execute arbitrary commands as root on affected instances. Cisco has confirmed active … Read More

nick

Threat Modeling and Security by Design