CVE ID :CVE-2026-12569 Published : June 18, 2026, 12:11 a.m. | 57 minutes ago Description :A critical remote code execution (RCE) vulnerability has been reported in PTC Windchill PDMlink and PTC FlexPLM. The…
CVE-2026-53676 – ThingsBoard Prototype Pollution
CVE ID :CVE-2026-53676 Published : June 17, 2026, 10:53 p.m. | 2 hours, 15 minutes ago Description :ThingsBoard contains a prototype pollution vulnerability which may lead to arbitrary code execution within a sandboxed context…
CVE-2026-12530 – Improper neutralization of argument delimiters in AWS Bedrock AgentCore Python SDK install_packages()
CVE ID :CVE-2026-12530 Published : June 17, 2026, 9:05 p.m. | 4 hours, 4 minutes ago Description :Improper neutralization of argument delimiters in the install_packages() method in AWS Bedrock AgentCore Python SDK versions >=…
CVE-2026-11407 – Pimcore CMS 12.3.8 Twig Sandbox Bypass via SecurityPolicy checkMethodAllowed
CVE ID :CVE-2026-11407 Published : June 17, 2026, 8:07 p.m. | 5 hours, 1 minute ago Description :Pimcore CMS/DXP version 12.3.8 contains a sandbox bypass vulnerability that allows authenticated administrative attackers to execute arbitrary…
CVE-2026-50107 – NGINX Gateway Fabric vulnerability
CVE ID :CVE-2026-50107 Published : June 17, 2026, 8:04 p.m. | 5 hours, 4 minutes ago Description :When NGINX Plus or NGINX Open Source is configured as the data plane for NGINX Gateway Fabric,…
CVE-2026-48781 – Postiz has cross-tenant SUPERADMIN takeover via Skool-provider JWT forgery
CVE ID :CVE-2026-48781 Published : June 16, 2026, 9:31 p.m. | 3 hours, 37 minutes ago Description :Postiz is an AI social media scheduling tool. In versions prior to 2.21.8, the Skool integration callback…
CVE-2026-25470 – WordPress ACPT (Pro) – Custom Post Types plugin for WordPress plugin <= 2.0.47 – Remote Code Execution (RCE) vulnerability
CVE ID :CVE-2026-25470 Published : June 16, 2026, 9:25 p.m. | 3 hours, 43 minutes ago Description :Improper Control of Generation of Code (‘Code Injection’) vulnerability in ACPT ACPT (Pro) – Custom Post Types…
CVE-2026-39598 – WordPress Academy LMS Pro plugin < 3.5.2 – Arbitrary File Upload vulnerability
CVE ID :CVE-2026-39598 Published : June 16, 2026, 9:24 p.m. | 3 hours, 44 minutes ago Description :Unrestricted Upload of File with Dangerous Type vulnerability in Kodezen LLC Academy LMS Pro allows Upload a…
CVE-2026-49073 – WordPress Directorist Booking plugin <= 3.0.3 – SQL Injection vulnerability
CVE ID :CVE-2026-49073 Published : June 16, 2026, 9:23 p.m. | 3 hours, 45 minutes ago Description :Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in wpWax Directorist Booking…
CVE-2026-48055 – Streambert: Arbitrary File Write (Zip Slip) via Subtitle Extraction
CVE ID :CVE-2026-48055 Published : June 16, 2026, 9:17 p.m. | 3 hours, 50 minutes ago Description :Streambert is a cross-platform Electron Desktop App to stream and download any video media. In versions 2.4.0…