A critical privilege escalation vulnerability in the Kirki — Freeform Page Builder plugin for WordPress, tracked as CVE-2026-8206, allows unauthenticated attackers to take over any … Read More
IBM has disclosed three critical vulnerabilities in IBM WebSphere Application Server versions 8.5 and 9.0, tracked as CVE-2026-8644, CVE-2026-9311, and CVE-2026-9319. The vulnerabilities include identity … Read More
A hardcoded credentials vulnerability in Apache Solr, tracked as CVE-2026-44825, causes the Basic Authentication setup tool to silently install additional administrator accounts with publicly known … Read More
Oracle WebLogic Server contains a vulnerability, tracked as CVE-2024-21182, that allows unauthenticated attackers with network access via the T3 and IIOP protocols to compromise the … Read More
A critical memory overread vulnerability in Citrix NetScaler ADC and NetScaler Gateway, tracked as CVE-2026-3055, allows unauthenticated remote code execution when the appliance is configured … Read More
A critical stack-based buffer overflow vulnerability in the Windows Netlogon service, tracked as CVE-2026-41089, allows unauthenticated attackers to execute arbitrary code over the network on … Read More
Vulnerability Intelligence Report — June 2, 2026 Coverage: June 1–2, 2026 | New CISA KEV additions: 1 | New items this report: 7 | KEV … Read More
A critical privilege escalation vulnerability in the WP Maps Pro WordPress plugin, tracked as CVE-2026-8732, allows unauthenticated attackers to create rogue administrator accounts on affected … Read More
Vulnerability Intelligence Report — June 1, 2026 Coverage: May 31 – June 1, 2026 | New exploitation confirmations: 1 | CISA KEV deadlines today: 1 … Read More
An unauthenticated SQL injection vulnerability in the GEO my WP WordPress plugin, tracked as CVE-2026-9757, allows remote attackers to execute arbitrary SQL queries against the … Read More
