12
CVEs Today
5
Threats Today
0
News Today
🛡 Security Vulnerabilities (CVE)
CVE-2026-5411
The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the same slug) plugin for Wor
03:18 KSA
The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the same slug) plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 5.38. This is due to a capability check in the save_ajax() function of the l…
CVE-2026-5415
The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the same slug) plugin for Wor
03:18 KSA
The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the same slug) plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 5.38. This is due to the ajax_run_tool() AJAX handler relying solely on a no…
CVE-2026-7654
The Admin Columns plugin for WordPress is vulnerable to PHP Object Injection leading to Remote Code Execution in version
03:18 KSA
The Admin Columns plugin for WordPress is vulnerable to PHP Object Injection leading to Remote Code Execution in versions up to and including 7.0.18. This is due to the use of `unserialize()` without an `allowed_classes` restriction in the `IdsToCollection::get_ids_from_string()`…
CVE-2026-46246
In the Linux kernel, the following vulnerability has been resolved:
power: supply: pm8916_lbc: Fix use-after-free for e
03:18 KSA
In the Linux kernel, the following vulnerability has been resolved:
power: supply: pm8916_lbc: Fix use-after-free for extcon in IRQ handler
Using the `devm_` variant for requesting IRQ _before_ the `devm_`
variant for allocating/registering the `extcon` handle, means that the
`…
CVE-2026-46267
In the Linux kernel, the following vulnerability has been resolved:
nfc: hci: shdlc: Stop timers and work before freein
03:18 KSA
In the Linux kernel, the following vulnerability has been resolved:
nfc: hci: shdlc: Stop timers and work before freeing context
llc_shdlc_deinit() purges SHDLC skb queues and frees the llc_shdlc
structure while its timers and state machine work may still be active.
Timer call…
The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.17 via the (profile template scope) function. This makes it possible for unauthenticated attackers to include and execute a…
A security vulnerability has been detected in Jinher OA 1.0. This affects an unknown function of the file nextselectplan.aspx. Such manipulation of the argument httpOID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be…
A flaw has been found in perfree go-fastdfs-web up to 1.3.7. Affected is the function checkServer of the file /install/checkServer of the component Installation Endpoint. Executing a manipulation can lead to server-side request forgery. The attack can be executed remotely. The ex…
The MDJM Event Management plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.7.8.3 via the mdjm_send_comm_email function. This is due to no file type, extension, or MIME type validation being performed on uploaded files. This makes…
The All-In-One Security (AIOS) – Security and Firewall plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 5.4.7. This is due to insufficient input sanitization in the get_rest_route() function and missing output escaping in the colum…
The Integration for Freshsales – Contact Form 7, WPForms, Elementor, Gravity Forms and More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Form Submission Data in all versions up to, and including, 1.0.15 due to insufficient input sanitization and output es…
The Booking Package plugin for WordPress is vulnerable to Privilege Escalation via Account Takeover in versions up to, and including, 1.7.16. This is due to a missing capability check on the 'updateUser' branch of the package_app_action AJAX endpoint, where the handler only valid…
⚠️ Threat Intelligence
5 threats
rss:Dark Reading
—
04:49 KSA
Blame AI: Patch Tuesday Hits Record 206 CVEs
Microsoft released a record 206 CVE patches in a single Patch Tuesday cycle, driven by AI-accelerated vulnerability discovery processes. This trend indicates that organizations will face increasingly voluminous securi…
rss:Dark Reading
—
04:49 KSA
Microsoft Exchange Flaw Lets Attackers Spoof Any Email Address
A vulnerability dubbed 'Ghost-Sender' in Microsoft Exchange Online and on-premises hybrid configurations allows attackers to spoof email addresses by exploiting third-party mail servers or spam filte…
rss:Krebs on Securit
—
04:49 KSA
A Record-Breaking Patch Tuesday for June 2026
Microsoft released approximately 200 security patches across Windows operating systems and supported software in June 2026, marking a record number of fixes in a single Patch Tuesday cycle. Nearly 36 vulnerabilities …
rss:BleepingComputer
—
04:49 KSA
ServiceNow discloses security incident exposing customer data
ServiceNow disclosed a security incident where attackers exploited an unauthenticated API endpoint vulnerability to access customer data from multiple instances. The vulnerability allowed unauthorized…
rss:BleepingComputer
—
04:49 KSA
OpenClaw AI agent found falling for phishing attacks, spills user data
Security researchers demonstrated that OpenClaw AI email agent is vulnerable to phishing attacks, successfully extracting user data through social engineering tactics commonly used against hu…
📰 Cybersecurity News
0 articles
No news aggregated today yet
This digest is updated automatically every day — Last updated: Wednesday, June 10, 2026
CVE Archive ·
Threats ·
News