Vulnerability Intelligence Report — June 6, 2026
Vulnerability Intelligence Report — June 6, 2026 Coverage: June 5–6, 2026 | New CISA KEV additions: 1 | New items: 5 | KEV deadlines today: … Read More
Microsoft Copilot Vulnerabilities (CVE-2026-47644, CVE-2026-45497): Injection and Command Execution
Two vulnerabilities in Microsoft Copilot have been disclosed: an injection vulnerability in Copilot Chat for Microsoft Edge (CVE-2026-47644, CVSS 6.5) and a command injection vulnerability … Read More
Microsoft Graph Information Disclosure (CVE-2026-47655): Unauthorized Data Access via Microsoft 365 API Platform
An information disclosure vulnerability in Microsoft Graph, tracked as CVE-2026-47655 (CVSS 6.5), allows an authorised attacker to disclose information over a network. Microsoft Graph is … Read More
Microsoft Defender Vulnerabilities (CVE-2026-45584, CVE-2026-45498): Heap-Based Buffer Overflow and Denial of Service
Two vulnerabilities in Microsoft Defender have been disclosed: a heap-based buffer overflow (CVE-2026-45584, CVSS 8.1) enabling unauthorised remote code execution, and a denial-of-service vulnerability (CVE-2026-45498, … Read More
Windows BitLocker Security Feature Bypass — YellowKey (CVE-2026-45585): PoC Publicly Released, Mitigation Available
Microsoft has acknowledged a security feature bypass vulnerability in Windows BitLocker, publicly known as “YellowKey” and tracked as CVE-2026-45585. The vulnerability affects Windows 11 (24H2, … Read More
Microsoft SharePoint Deserialization Vulnerabilities (CVE-2026-47294, CVE-2026-45659): Authenticated Remote Code Execution
Two deserialization vulnerabilities in Microsoft SharePoint Server, tracked as CVE-2026-47294 (CVSS 8.0) and CVE-2026-45659 (CVSS 8.8), allow authenticated attackers to execute arbitrary code over a … Read More
Azure Resource Manager Authentication Bypass (CVE-2026-47280): CVSS 10.0 Privilege Escalation in Azure Management Platform
An improper authentication vulnerability in Azure Resource Manager (ARM), tracked as CVE-2026-47280, allows an unauthorised attacker to elevate privileges over a network. The vulnerability carries … Read More
Acer Connect M6E 5G Router Critical Firmware Vulnerabilities (CVE-2026-49185 through CVE-2026-50213): Multiple Unauthenticated RCE and Authentication Bypass Flaws
Multiple critical vulnerabilities have been disclosed in Acer Connect M6E 5G router firmware, including unauthenticated remote code execution, authentication bypass, hardcoded credentials, and cleartext logging … Read More
OpenShift Cloud Credential Operator Privilege Escalation (CVE-2026-10843): Overly Permissive AWS IAM Policies Enable Cross-Account Impact
A privilege escalation vulnerability in the OpenShift Cloud Credential Operator (CCO), tracked as CVE-2026-10843, provisions AWS IAM policies with account-wide scope for destructive actions rather … Read More
OpenStack Ironic Path Traversal (CVE-2026-48681): File Overwrite via Crafted ISO During Bare Metal Deployment
A path traversal vulnerability in OpenStack Ironic, the bare metal provisioning service, tracked as CVE-2026-48681, allows an attacker to overwrite arbitrary files during deployment by … Read More