Vulnerability Intelligence

Vulnerability Intelligence Report — June 8, 2026 Coverage: June 7–8, 2026 | New CISA KEV additions: 0 | New items: 1 | KEV deadline tomorrow … Read More

An arbitrary file upload vulnerability in the MDJM Event Management WordPress plugin, tracked as CVE-2026-7537 (CVSS 7.2), allows authenticated attackers with administrator access to upload … Read More

A privilege escalation vulnerability in the Booking Package WordPress plugin, tracked as CVE-2026-9851 (CVSS 7.2), allows attackers to take over user accounts — including administrator … Read More

A local file inclusion vulnerability in the WP User Manager WordPress plugin, tracked as CVE-2026-9290 (CVSS 7.5), allows unauthenticated attackers to include and execute arbitrary … Read More

A critical remote code execution vulnerability in the Everest Forms Pro WordPress plugin, tracked as CVE-2026-3300, allows unauthenticated attackers to execute arbitrary PHP code on … Read More

Vulnerability Intelligence Report — June 7, 2026 Coverage: June 6–7, 2026 | New items: 4 | KEV deadlines June 9 (OpenSSL): 1 | KEV deadlines … Read More

An authentication bypass vulnerability in the Hippoo Mobile App for WooCommerce WordPress plugin, tracked as CVE-2026-10580 (CVSS 9.8), allows unauthenticated attackers to gain administrator-level access … Read More

An argument injection vulnerability in ansible-core’s ansible-galaxy role install command, tracked as CVE-2026-11332 (CVSS 7.8), allows a malicious Ansible role to execute arbitrary code on … Read More

Six privilege escalation vulnerabilities have been disclosed in the X.Org X server and Xwayland, the display server infrastructure present on virtually every Linux and Unix … Read More

A critical remote code execution vulnerability in the Hugging Face Transformers library, tracked as CVE-2026-4372, allows an attacker to execute arbitrary code by crafting a … Read More