An improper access control vulnerability in Devolutions Server, tracked as CVE-2026-9590, allows authenticated users with entry edit privileges to modify asset information without the required … Read More
Two vulnerabilities in the ARMember Premium WordPress membership plugin, tracked as CVE-2026-5076 and CVE-2026-5073, create a dangerous attack chain enabling full site compromise. CVE-2026-5076 (CVSS … Read More
A privilege escalation vulnerability in the Linux kernel’s cgroups v1 subsystem, tracked as CVE-2022-0492, allows local attackers to break out of namespace isolation and escalate … Read More
Google has confirmed active exploitation of a zero-day vulnerability in the Android Framework, tracked as CVE-2025-48595, that allows local privilege escalation on Android 14 and … Read More
Vulnerability Intelligence Report — June 3, 2026 Coverage: June 2–3, 2026 | New CISA KEV additions: 2 | KEV deadlines today: 7 | KEV deadlines … Read More
A critical privilege escalation vulnerability in the Kirki — Freeform Page Builder plugin for WordPress, tracked as CVE-2026-8206, allows unauthenticated attackers to take over any … Read More
IBM has disclosed three critical vulnerabilities in IBM WebSphere Application Server versions 8.5 and 9.0, tracked as CVE-2026-8644, CVE-2026-9311, and CVE-2026-9319. The vulnerabilities include identity … Read More
A hardcoded credentials vulnerability in Apache Solr, tracked as CVE-2026-44825, causes the Basic Authentication setup tool to silently install additional administrator accounts with publicly known … Read More
Oracle WebLogic Server contains a vulnerability, tracked as CVE-2024-21182, that allows unauthenticated attackers with network access via the T3 and IIOP protocols to compromise the … Read More
A critical memory overread vulnerability in Citrix NetScaler ADC and NetScaler Gateway, tracked as CVE-2026-3055, allows unauthenticated remote code execution when the appliance is configured … Read More
