Common Vulnerabilities and Exposures (CVE)

CVE-2026-8918

Jun 24, 2026 03:56:12 UTC

A permissive list of allowed inputs in ASUS Armoury Crate allows a local administrator to perform arbitrary memory read/write operations or cause a system crash (BSOD) by bypassing the validation mechanism.Refer to the ' Security Update for...

CVE-2026-44914

Jun 24, 2026 03:56:11 UTC

Apache NiFi 1.12.0 through 2.9.0 are missing authorization when replacing Process Groups that include extension components with specific Required Permissions based on the Restricted annotation. The Restricted annotation indicates additional...

CVE-2026-8646

Jun 24, 2026 03:56:09 UTC

IBM WebSphere Application Server 9.0 and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to HTTP request smuggling. A remote attacker could smuggle a specially crafted request to the application s...

CVE-2026-9006

Jun 24, 2026 03:56:08 UTC

IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to server-side request forgery (SSRF) with the Ajax Proxy configured. This may allow an attacker to send unauthorized requests from the system, resulting in a security bypass or in...

CVE-2026-44273

Jun 24, 2026 03:56:06 UTC

Dell Wyse Management Suite (WMS), versions prior to WMS 2605, contain a Use of Default Credentials vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information Disclosure.

CVE-2026-11374

Jun 24, 2026 03:56:05 UTC

In ManageEngine ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus, the SSO tickets generated to authenticate that session could be predicted by an unauthenticated user, leading to account takeover.

CVE-2026-49468

Jun 24, 2026 03:56:03 UTC

LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.84.0, This vulnerability is fixed in 1.84.0.

CVE-2025-27511

Jun 24, 2026 03:56:02 UTC

GeoServer is an open source server that allows users to share and edit geospatial data. Prior to version 2.27.0 of the GeoServer DB2 DataStore Extension, an administrator can perform a JNDI attack through specially crafted DB2 jdbc url lead...

CVE-2025-52465

Jun 24, 2026 03:56:00 UTC

GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.26.4 and 2.27.3, a vulnerability exists that allows an authenticated administrator with access to GeoServer's security system to pas...

CVE-2026-54130

Jun 24, 2026 03:55:59 UTC

Missing authentication for critical function in M365 Copilot allows an unauthorized attacker to disclose information over a network.

CVE-2026-47647

Jun 24, 2026 03:55:58 UTC

Improper access control in Microsoft Dynamics 365 allows an authorized attacker to elevate privileges over a network.

CVE-2026-45480

Jun 24, 2026 03:55:57 UTC

Improper authentication in Azure Active Directory allows an unauthorized attacker to elevate privileges over a network.

CVE-2026-48582

Jun 24, 2026 03:55:56 UTC

Missing authorization in Microsoft Exchange Online allows an authorized attacker to elevate privileges over a network.

CVE-2025-67038

Jun 24, 2026 03:55:55 UTC

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell command to write logs when user's authantication fails. The username is directly concatenated with the command without any sanitization. This allow...

CVE-2026-47645

Jun 24, 2026 03:55:53 UTC

Url redirection to untrusted site ('open redirect') in Microsoft 365 Copilot's Business Chat allows an unauthorized attacker to elevate privileges over a network.