Vulnerability Intelligence Archives - Page 7 of 10

Tautulli Plex Monitoring Tool Vulnerabilities (CVE-2026-43984, CVE-2026-43985, CVE-2026-43986): Unauthenticated SSRF, CSRF Admin Takeover, and Stored XSS

June 4, 2026 by nick

Three vulnerabilities have been disclosed in Tautulli, the popular Python-based monitoring and tracking tool for Plex Media Server, tracked as CVE-2026-43984, CVE-2026-43985, and CVE-2026-43986. The … Read More

OpenStack oslo.messaging TLS Hostname Verification Bypass (CVE-2026-44393): Man-in-the-Middle on RabbitMQ Control-Plane Traffic

June 4, 2026 by nick

A TLS hostname verification vulnerability in OpenStack’s oslo.messaging library, tracked as CVE-2026-44393, allows an attacker who can intercept control-plane traffic to impersonate the RabbitMQ message … Read More

Cisco Unified Communications Manager SSRF to Root (CVE-2026-20230): Exploit Code Publicly Available, Cisco Rates Critical

June 4, 2026 by nick

A server-side request forgery (SSRF) vulnerability in Cisco Unified Communications Manager, tracked as CVE-2026-20230, allows an unauthenticated remote attacker to write files to the underlying … Read More

Acer Wave 7 Router Zero-Day Vulnerabilities (CVE-2026-49200, CVE-2026-49201): Plaintext Credentials and Hardcoded Encryption Key, No Patch Available

June 4, 2026 by nick

Acer has confirmed two maximum-severity zero-day vulnerabilities in its Wave 7 mesh routers, tracked as CVE-2026-49200 and CVE-2026-49201. Together, they enable a complete device compromise … Read More

Mirasvit Full Page Cache Warmer Remote Code Execution (CVE-2026-45247): Actively Exploited Magento Deserialization, Added to CISA KEV

June 4, 2026 by nick

A critical PHP object injection vulnerability in the Mirasvit Full Page Cache Warmer extension for Magento 2 / Adobe Commerce, tracked as CVE-2026-45247, allows unauthenticated … Read More

Genetec Security Center Credential Exposure (CVE-2026-40619): Local Attacker Can Access Server Admin Credentials

June 3, 2026 by nick

A high-severity vulnerability in Genetec Security Center, tracked as CVE-2026-40619, allows an attacker with local operating system privileges on the main server to access Server … Read More

OpenTelemetry eBPF Instrumentation Vulnerabilities (CVE-2026-45679 through CVE-2026-45686): Multiple Security Issues in Observability Framework

June 3, 2026 by nick

Eight vulnerabilities have been disclosed in OpenTelemetry eBPF Instrumentation, an open-source observability framework that provides eBPF-based instrumentation for the OpenTelemetry standard. The vulnerabilities span CVSS … Read More

NiceGUI Static Asset Information Disclosure (CVE-2026-45554): Uncaught Exception in FastAPI Routes

June 3, 2026 by nick

A vulnerability in NiceGUI, a Python-based UI framework, tracked as CVE-2026-45554, could allow attackers to trigger uncaught exceptions through two FastAPI routes that serve per-component … Read More

OpenMed Remote Code Execution (CVE-2026-47117): Malicious Hugging Face Models via PII Privacy Filter

June 3, 2026 by nick

A critical remote code execution vulnerability in OpenMed, tracked as CVE-2026-47117, allows attackers to achieve arbitrary code execution by manipulating the PII privacy-filter model loading … Read More

elixir-mint HTTP/2 Denial of Service (CVE-2026-48862): Uncontrolled Resource Consumption via Attacker-Controlled HTTP/2 Frames

June 3, 2026 by nick

A resource exhaustion vulnerability in the elixir-mint HTTP client library, tracked as CVE-2026-48862, allows remote attackers to cause denial of service by sending attacker-controlled HTTP/2 … Read More

Vulnerability Intelligence

Threat Modeling and Security by Design