A deserialization vulnerability in Nuance PowerScribe, tracked as CVE-2026-26142 (CVSS 9.8), allows an unauthorised attacker to execute arbitrary code over a network. Nuance PowerScribe is … Read More
A denial-of-service vulnerability in Spring Framework’s Expression Language (SpEL) evaluation, tracked as CVE-2026-41851, allows attackers to trigger unbounded cache growth by supplying crafted SpEL expressions. … Read More
An out-of-bounds read and write vulnerability in Google Chromium’s V8 JavaScript engine, tracked as CVE-2026-11645, allows a remote attacker to execute arbitrary code inside the … Read More
A buffer overflow vulnerability in Perl’s DBI (Database Interface) module, tracked as CVE-2026-9698 (CVSS 9.8), allows attackers who can influence error text to trigger remote … Read More
Adobe has released critical security updates for ColdFusion and Campaign Classic. CVE-2026-47928 (ColdFusion, CVSS 9.6) allows arbitrary code execution with no user interaction required. CVE-2026-48303 … Read More
A remote code execution vulnerability in Azure Stack Edge, tracked as CVE-2026-47643 (CVSS 9.8), allows an unauthorised attacker to execute code over a network through … Read More
Microsoft’s June 2026 Patch Tuesday addresses five critical vulnerabilities in core Windows networking and kernel components. CVE-2026-45657 (CVSS 9.8) is a use-after-free in the Windows … Read More
A zero-day privilege escalation vulnerability in Microsoft Defender / Visual Studio Code, tracked as CVE-2026-47281 (CVSS 9.6) and dubbed “RoguePlanet,” grants attackers SYSTEM-level access on … Read More
Vulnerability Intelligence Report — June 10, 2026 Coverage: June 9–10, 2026 | Microsoft Patch Tuesday: 198 vulns, 3 zero-days | New CISA KEV: 3 | … Read More
A command injection vulnerability in BerriAI LiteLLM, tracked as CVE-2026-42271, allows any authenticated user — including holders of low-privilege internal-user API keys — to execute … Read More
