A vulnerability in MLflow versions prior to 3.11.0, tracked as CVE-2026-4035, allows the resolution of environment variables in AI Gateway secrets, enabling attackers to exfiltrate … Read More
A critical stack-based buffer overflow vulnerability in the BIRD Internet Routing Daemon, tracked as CVE-2026-49943, allows remote attackers to trigger a buffer overflow through crafted … Read More
Five vulnerabilities have been disclosed in authentik, the open-source identity provider, affecting versions prior to the 2025.12.6, 2026.2.4, and 2026.5.1 patch releases. The most severe … Read More
A path traversal bypass in Python’s tarfile module, tracked as CVE-2026-7774, allows a malicious tar archive to circumvent the data_filter — the security mechanism designed … Read More
Three vulnerabilities have been disclosed in Tautulli, the popular Python-based monitoring and tracking tool for Plex Media Server, tracked as CVE-2026-43984, CVE-2026-43985, and CVE-2026-43986. The … Read More
A TLS hostname verification vulnerability in OpenStack’s oslo.messaging library, tracked as CVE-2026-44393, allows an attacker who can intercept control-plane traffic to impersonate the RabbitMQ message … Read More
A server-side request forgery (SSRF) vulnerability in Cisco Unified Communications Manager, tracked as CVE-2026-20230, allows an unauthenticated remote attacker to write files to the underlying … Read More
Acer has confirmed two maximum-severity zero-day vulnerabilities in its Wave 7 mesh routers, tracked as CVE-2026-49200 and CVE-2026-49201. Together, they enable a complete device compromise … Read More
A critical PHP object injection vulnerability in the Mirasvit Full Page Cache Warmer extension for Magento 2 / Adobe Commerce, tracked as CVE-2026-45247, allows unauthenticated … Read More
Vulnerability Intelligence Report — June 4, 2026 Coverage: June 3–4, 2026 | New CISA KEV additions: 1 | New items: 5 | KEV deadlines today: … Read More
