An argument injection vulnerability in ansible-core’s ansible-galaxy role install command, tracked as CVE-2026-11332 (CVSS 7.8), allows a malicious Ansible role to execute arbitrary code on … Read More
Six privilege escalation vulnerabilities have been disclosed in the X.Org X server and Xwayland, the display server infrastructure present on virtually every Linux and Unix … Read More
A critical remote code execution vulnerability in the Hugging Face Transformers library, tracked as CVE-2026-4372, allows an attacker to execute arbitrary code by crafting a … Read More
Vulnerability Intelligence Report — June 6, 2026 Coverage: June 5–6, 2026 | New CISA KEV additions: 1 | New items: 5 | KEV deadlines today: … Read More
Two vulnerabilities in Microsoft Copilot have been disclosed: an injection vulnerability in Copilot Chat for Microsoft Edge (CVE-2026-47644, CVSS 6.5) and a command injection vulnerability … Read More
An information disclosure vulnerability in Microsoft Graph, tracked as CVE-2026-47655 (CVSS 6.5), allows an authorised attacker to disclose information over a network. Microsoft Graph is … Read More
Two vulnerabilities in Microsoft Defender have been disclosed: a heap-based buffer overflow (CVE-2026-45584, CVSS 8.1) enabling unauthorised remote code execution, and a denial-of-service vulnerability (CVE-2026-45498, … Read More
Microsoft has acknowledged a security feature bypass vulnerability in Windows BitLocker, publicly known as “YellowKey” and tracked as CVE-2026-45585. The vulnerability affects Windows 11 (24H2, … Read More
Two deserialization vulnerabilities in Microsoft SharePoint Server, tracked as CVE-2026-47294 (CVSS 8.0) and CVE-2026-45659 (CVSS 8.8), allow authenticated attackers to execute arbitrary code over a … Read More
An improper authentication vulnerability in Azure Resource Manager (ARM), tracked as CVE-2026-47280, allows an unauthorised attacker to elevate privileges over a network. The vulnerability carries … Read More
