News
Five flaws in enterprise CMS Sitefinity, unauthenticated data exposure: CVE-2026-7198 and more
SecurityInfrastructureGlobal Companies
Five flaws disclosed in enterprise CMS Progress Sitefinity: unauthenticated access to private content (CVE-2026-7198, 9.8) and conditional plain-text credential exposure (CVE-2026-7312, 10.0). From the maker of MOVEit. Conditions and fixed builds by branch.
2026.06.0310 views
News
OpenShift flaw CVE-2026-1784: low-privilege users can hijack cluster traffic
InfrastructureSecurityGlobal Companies
OpenShift flaw CVE-2026-1784 (CVSS 8.8): weak Route spec.path validation lets a low-privilege user inject the shared router's HAProxy config and hijack other tenants' traffic. Affected: OpenShift Container Platform 4. Patch and audit route permissions.
2026.06.0211 views
News
WordPress 'Kirki' flaw CVE-2026-8206 now exploited to hijack admins on 500k sites
Global CompaniesDevelopmentSecurity
Attacks are now hitting CVE-2026-8206 in Kirki, a WordPress plugin on 500,000+ sites. Wordfence blocked 222+ attempts in 24 hours. Unauthenticated attackers can hijack admin accounts — update to 6.0.7 now.
2026.06.0215 views
News
Flaw in two TP-Link Wi-Fi routers risks full takeover: CVE-2026-5509
InfrastructureGlobal CompaniesSecurity
TP-Link's Archer BE450 and BE7200 Wi-Fi routers have a flaw (CVE-2026-5509): an admin-logged-in attacker can take over the router. Update the firmware now.
2026.06.028 views
News
Langroid flaw CVE-2026-25879: AI-written SQL can hijack your database
AISecurityDevelopment
Langroid's SQLChatAgent runs AI-generated SQL unchecked (CVE-2026-25879, CVSS 9.8): prompt injection can reach DB-host RCE. Update to v0.63.0; least privilege.
2026.06.026 views
News
Cloud Foundry UAA leaks its private key: CVE-2026-40965 (CVSS 10.0)
SecurityGlobal CompaniesInfrastructure
Cloud Foundry UAA exposes its EC private key via a public page (CVE-2026-40965, CVSS 10.0): token forgery risk. Only EC configs affected. Patch and rotate keys.
2026.06.0224 views
News
Oracle WebLogic CVE-2024-21182 exploited in the wild; CISA orders a fix
InfrastructureSecurityGlobal Companies
CISA added Oracle WebLogic CVE-2024-21182 to its KEV catalog as exploited in the wild. Data can be read without login; the fix shipped July 2024. What to check now.
2026.06.0233 views
News
Four WordPress plugins hit with critical takeover flaws: CVE-2026-48866 and 3 more
Global CompaniesSecurityDevelopment
Four popular WordPress plugins were hit with critical flaws (up to CVSS 9.8): file deletion in Gravity Forms (CVE-2026-48866) and unauthenticated site takeover in Contest Gallery, wpForo and AIWU. Who's affected and what to update now.
2026.06.0223 views
News
CATIA design-data server hijacked without login: CVE-2026-7858 (and DELMIA XSS CVE-2026-9024)
SecurityInfrastructureGlobal Companies
Dassault disclosed CVE-2026-7858 (CVSS 9.8): an unauthenticated takeover of the CATIA design-data server Teamwork Cloud, plus a DELMIA XSS flaw. Who's affected and what to do.
2026.06.0116 views
News
Major Vulnerabilities in Products Japanese Enterprises Use, H1 2026
SecurityJapanese CompaniesInfrastructure
In H1 2026, serious vulnerabilities hit products Japanese firms rely on, from Fujitsu and NEC to Microsoft and Oracle. A cross-vendor hub for in-house IT teams.
2026.06.0121 views
News
CVE-2026-48188: OTRS Helpdesk Auth Bypass, No Login Needed (Fix 2026.4.X)
PrivacySecurity
CVE-2026-48188 (CVSS 9.1) lets attackers break into the OTRS helpdesk with no login via unauthenticated SQL injection, but only when MySQL/MariaDB runs in NO_BACKSLASH_ESCAPES mode. Fixed in OTRS 2026.4.X; the end-of-life Community Edition 6.0.x is most at risk.
2026.06.0126 views
News
ServerView Agents for Windows Flaws CVE-2026-27788 / 32325: SYSTEM Privilege Escalation
SecurityJapanese CompaniesInfrastructure
ServerView Agents for Windows, the PRIMERGY management software from Fsas Technologies (Fujitsu), has two privilege-escalation flaws: CVE-2026-27788 (CWE-732) and CVE-2026-32325 (CWE-268), CVSS 8.5. Anyone who can log in seizes Windows SYSTEM privileges; V11.60.04 and earlier are affected. Update to the latest version.
2026.06.0132 views
