Vulnerability Intelligence Archives - Page 5 of 10

binding.gyp npm Supply Chain Attack: Dozens of Packages Compromised Across Maintainer Accounts

June 5, 2026 by nick

A supply chain attack targeting the npm ecosystem has compromised dozens of packages across multiple maintainer accounts, using the binding.gyp package — a core build … Read More

Seagull BarTender Unauthenticated Remote Code Execution (CVE-2026-25550): .NET Remoting Vulnerability in Enterprise Label Automation Platform

June 5, 2026 by nick

An unauthenticated remote code execution vulnerability in Seagull Scientific BarTender, tracked as CVE-2026-25550, allows attackers to execute arbitrary commands on affected systems via the exposed … Read More

Microsoft Exchange Online Information Disclosure (CVE-2026-48579): Unauthorized Access to Email and Collaboration Data

June 5, 2026 by nick

An improper authorization vulnerability in Microsoft Exchange Online, tracked as CVE-2026-48579, allows an unauthorised attacker to disclose information over a network. The vulnerability carries a … Read More

Azure HorizonDB Authentication Bypass (CVE-2026-48567): CVSS 10.0 — Maximum Severity in Microsoft Azure Database Service

June 5, 2026 by nick

A maximum-severity authentication bypass vulnerability in Azure HorizonDB, tracked as CVE-2026-48567, allows an unauthenticated attacker to elevate privileges over a network. The vulnerability carries a … Read More

Cisco SD-WAN Manager Root Command Execution (CVE-2026-20245): Actively Exploited Vulnerability in Network Management Platform

June 5, 2026 by nick

A critical vulnerability in Cisco SD-WAN Manager, tracked as CVE-2026-20245, allows attackers to execute arbitrary commands as root on affected instances. Cisco has confirmed active … Read More

Windows MiniPlasma Zero-Day (CVE-2026-33825): SYSTEM Privilege Escalation on Fully Patched Windows, PoC Publicly Released

June 5, 2026 by nick

A zero-day privilege escalation vulnerability in the Windows Cloud Filter driver (cldflt.sys), tracked as CVE-2026-33825 and dubbed “MiniPlasma,” allows any local user or application to … Read More

SolarWinds Serv-U and Web Help Desk Denial of Service (CVE-2026-28318, CVE-2026-28299): Unauthenticated Service Crash via Crafted Requests

June 4, 2026 by nick

Two denial-of-service vulnerabilities have been disclosed in SolarWinds products, tracked as CVE-2026-28318 and CVE-2026-28299. Both allow unauthenticated attackers to crash services through specially crafted requests. … Read More

FOSSBilling Password Reset Token Exposure (CVE-2026-43926): Reset Confirmation Endpoint Leaks Token Hash

June 4, 2026 by nick

A vulnerability in FOSSBilling, the open-source billing and client management system, tracked as CVE-2026-43926, exposes password reset tokens through the confirmation endpoint at /client/reset-password-confirm/:hash. Versions … Read More

Perl Cpanel::JSON::XS Type Confusion (CVE-2026-9334): Duplicate Object Keys Bypass Validation When dupkeys_as_arrayref Is Enabled

June 4, 2026 by nick

A type confusion vulnerability in the Perl Cpanel::JSON::XS module, tracked as CVE-2026-9334, allows attackers to bypass JSON validation when dupkeys_as_arrayref is enabled. Versions before 4.41 … Read More

React Router Remote Code Execution and SSRF (CVE-2026-42211, CVE-2026-42342): Critical Framework Vulnerabilities Affecting React Applications

June 4, 2026 by nick

Two critical vulnerabilities have been disclosed in React Router, the standard routing library for React applications used by millions of projects, tracked as CVE-2026-42211 (CVSS … Read More

Vulnerability Intelligence

Threat Modeling and Security by Design