CVE ID :CVE-2026-7888 Published : June 3, 2026, 7:16 p.m. | 3 hours, 57 minutes ago Description :Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize() calls in the Workflow, Form…
CVE-2026-36608 – Mercusys UPnP Port Forwarding Vulnerability
CVE ID :CVE-2026-36608 Published : June 3, 2026, 6:16 p.m. | 4 hours, 57 minutes ago Description :Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 allows UPnP AddPortMapping to forward external ports to the…
CVE-2026-36607 – Mercusys AC12G Brute-Force Vulnerability
CVE ID :CVE-2026-36607 Published : June 3, 2026, 6:16 p.m. | 4 hours, 57 minutes ago Description :Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 allows unauthenticated brute-force attacks via the TDDP password change…
CVE-2026-20230 – Cisco Unified Communications Manager SSRF Vulnerability
CVE ID :CVE-2026-20230 Published : June 3, 2026, 6:16 p.m. | 4 hours, 57 minutes ago Description :A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition…
CVE-2026-42321 – GLPI has stored XSS in asset locks
CVE ID :CVE-2026-42321 Published : June 3, 2026, 4:16 p.m. | 6 hours, 57 minutes ago Description :GLPI is a free asset and IT management software package. Starting in version 10.0.4 and prior to…
CVE-2026-35482 – alf.io has an Authenticated RCE via Extension Script Sandbox Escape
CVE ID :CVE-2026-35482 Published : June 2, 2026, 11:16 p.m. | 1 hour, 57 minutes ago Description :alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to…
CVE-2026-32625 – LibreChat Exfiltrates Server Secrets via MCP Server URL Injection
CVE ID :CVE-2026-32625 Published : June 2, 2026, 11:16 p.m. | 1 hour, 57 minutes ago Description :LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including…
CVE-2026-25861 – QloApps 1.7.0 Weak Password Hashing via MD5 in Tools.php
CVE ID :CVE-2026-25861 Published : June 2, 2026, 11:16 p.m. | 1 hour, 57 minutes ago Description :QloApps through 1.7.0, fixed in commit 64e9722, contains a weak cryptographic algorithm vulnerability that allows attackers to…
CVE-2026-8936 – Unbounded recursion in grpcfuse kernel module allows container to crash Docker Desktop VM
CVE ID :CVE-2026-8936 Published : June 2, 2026, 10:16 p.m. | 57 minutes ago Description :Fixed a VM panic caused by unbounded recursion in the grpcfuse kernel module when a container created deeply…
CVE-2024-14036 – Dräger Core 1.0.5 Denial of Service via Malformed SDC Message
CVE ID :CVE-2024-14036 Published : June 2, 2026, 10:16 p.m. | 57 minutes ago Description :Dräger Core 1.0.5 and Dräger M540 Converter Service 1.0.9 contain a denial of service vulnerability that allows network-adjacent…