Critical-severity advisories
60 alerts in this category.
CVEs and security advisories rated CRITICAL — exploitation is trivial or already observed in the wild and impact is severe. These are the alerts that get prioritized first in any sane vulnerability-management program.
Critical Vulnerability: CVE-2024-58351
Flowise before 2.1.4 allows configuration to be injected into the Chainflow during execution via the overrideConfig option, supported in both the frontend web integration and the backend Prediction AP
CVE-2024-58351Critical Vulnerability: CVE-2019-25763
WordPress Ultimate Addons for Beaver Builder 1.2.4.1 contains an authentication bypass vulnerability that allows attackers to gain unauthorized access by exploiting the social media login form functio
CVE-2019-25763Critical Vulnerability: CVE-2022-50972
WooCommerce 7.1.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary PHP code by injecting shell commands through the product-type parameter. Attackers can send
CVE-2022-50972Microsoft links Mastra AI supply chain attack to North Korean hackers
BleepingComputer published an news on "Microsoft links Mastra AI supply chain attack to North Korean hackers". Topic areas: ransomware, malware, data-breach, zero-day. Published June 20, 2026. See the
MicrosoftFrench President Urges US to Share Cutting-Edge AI and Democracies to Cooperate on Regulation
French President Emmanuel Macron urged the world’s wealthy democracies to work together on regulating advanced AI systems. The post French President Urges US to Share Cutting-Edge AI and Democracies t
Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys
The Hacker News published an news on "Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys". Topic areas: zero-day, malware, ransomware, data-breach. Published June 20, 2026. See the o
WordPressCVE-2026-46331 net/sched: fix pedit partial COW leading to page cache corruption
Microsoft Security Response Center published an advisory on "CVE-2026-46331 net/sched: fix pedit partial COW leading to page cache corruption". Topic areas: microsoft, windows, azure, patch. Published
CVE-2026-46331Threat Brief: Mitigating Large-Scale Credential Attacks
We provide guidance for preparing for and mitigating large-scale credential attacks, focusing on recent campaigns targeting security vendors' devices. The post Threat Brief: Mitigating Large-Scale Cre
Critical Vulnerability: CVE-2026-11551
The Branda plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.4.29. This is due to the plugin not properly validating a user's iden
CVE-2026-11551Klue OAuth breach victim list grows as Icarus hackers claim attack
BleepingComputer published an news on "Klue OAuth breach victim list grows as Icarus hackers claim attack". Topic areas: ransomware, malware, data-breach, zero-day. Published June 19, 2026. See the or
DSA-6354-1 libconfig-inifiles-perl - security update
https://security-tracker.debian.org/tracker/DSA-6354-1
DebianDSA-6353-1 gst-libav1.0 - security update
https://security-tracker.debian.org/tracker/DSA-6353-1
DebianCritical Vulnerability: CVE-2026-56081
Cap-go before 12.128.2 contains an authentication logic flaw that lets an attacker register and control an account bound to a victim's email address before that email is verified. By enabling two-fact
CVE-2026-56081Critical Vulnerability: CVE-2026-56073
Cap-go before 12.128.2 contains an authentication bypass vulnerability in OTP verification that allows attackers to bypass email verification by modifying server responses. Attackers can intercept OTP
CVE-2026-56073Friday Squid Blogging: Victims of Unregulated Squid Fishing
Dolphins, sharks, turtles, and human workers are all victims of unregulated squid fishing fleets. Another news article. As usual, you can also use this squid post to talk about the security stories in
CVE-2026-12463 Inappropriate implementation in Views
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) f
MicrosoftCVE-2026-12463CVE-2026-12444 Out of bounds read in Chromoting
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) f
MicrosoftCVE-2026-12444CVE-2026-12458 Incorrect security UI in Passwords
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) f
MicrosoftCVE-2026-12458CVE-2026-12445 Use after free in Extensions
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) f
MicrosoftCVE-2026-12445CVE-2026-12447 Heap buffer overflow in WebRTC
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) f
MicrosoftCVE-2026-12447CVE-2026-12455 Use after free in Tab Strip
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) f
MicrosoftCVE-2026-12455CVE-2026-12453 Insufficient validation of untrusted input in Input
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) f
MicrosoftCVE-2026-12453CVE-2026-12464 Use after free in Browser
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) f
MicrosoftCVE-2026-12464CVE-2026-12466 Heap buffer overflow in WebRTC
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) f
MicrosoftCVE-2026-12466CVE-2026-12454 Race in Safe Browsing
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) f
MicrosoftCVE-2026-12454CVE-2026-12451 Use after free in DigitalCredentials
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) f
MicrosoftCVE-2026-12451CVE-2026-12456 Insufficient validation of untrusted input in Extensions
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) f
MicrosoftCVE-2026-12456CVE-2026-12452 Use after free in Downloads
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) f
MicrosoftCVE-2026-12452CVE-2026-12460 Insufficient policy enforcement in File System Access
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) f
MicrosoftCVE-2026-12460CVE-2026-12468 Inappropriate implementation in Updater
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) f
MicrosoftCVE-2026-12468CVE-2026-12462 Use after free in Media
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) f
MicrosoftCVE-2026-12462CVE-2026-12437 Use after free in WebShare
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) f
MicrosoftCVE-2026-12437CVE-2026-12467 Use after free in Extensions
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) f
MicrosoftCVE-2026-12467CVE-2026-12449 Use after free in Chromoting
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) f
MicrosoftCVE-2026-12449CVE-2026-12459 Inappropriate implementation in Serial
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) f
MicrosoftCVE-2026-12459CVE-2026-12440 Use after free in DigitalCredentials
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) f
MicrosoftCVE-2026-12440CVE-2026-12439 Use after free in Digital Credentials
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) f
MicrosoftCVE-2026-12439CVE-2026-12446 Insufficient data validation in Passwords
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) f
MicrosoftCVE-2026-12446CVE-2026-12443 Use after free in Web Authentication
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) f
MicrosoftCVE-2026-12443CVE-2026-12465 Insufficient validation of untrusted input in Metrics
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) f
MicrosoftCVE-2026-12465CVE-2026-12461 Out of bounds read in WebRTC
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) f
MicrosoftCVE-2026-12461CVE-2026-12457 Insufficient data validation in Extensions
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) f
MicrosoftCVE-2026-12457CVE-2026-12441 Use after free in File Input
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) f
MicrosoftCVE-2026-12441Critical Vulnerability: CVE-2026-48773
ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. Versions 2.0.18 through 3.0.8 have a pre-authentication heap memory corruption vulnerability in the MySQL and PostgreSQL protocol fi
CVE-2026-48773Critical Vulnerability: CVE-2026-48772
ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. In versions 2.0.0 through 3.0.8, the ProxySQL MySQL frontend accepts the `PROXY UNKNOWN <addr> <addr> <port> <port>\r\n` PP1 frame a
CVE-2026-48772Hackers exploit info disclosure bug in Gravity SMTP WordPress plugin
BleepingComputer published an news on "Hackers exploit info disclosure bug in Gravity SMTP WordPress plugin". Topic areas: ransomware, malware, data-breach, zero-day. Published June 19, 2026. See the
WordPressUnpatchable 'usbliter8' Exploit Breaks Apple A12 and A13 SecureROM Boot Chain
The Hacker News published an news on "Unpatchable 'usbliter8' Exploit Breaks Apple A12 and A13 SecureROM Boot Chain". Topic areas: zero-day, malware, ransomware, data-breach. Published June 19, 2026.
AppleThe Gentlemen RaaS Uses GentleKiller EDR Framework Targeting 400 Security Processes
The Hacker News published an news on "The Gentlemen RaaS Uses GentleKiller EDR Framework Targeting 400 Security Processes". Topic areas: zero-day, malware, ransomware, data-breach. Published June 19,
AutoJack Attack Lets One Web Page Hijack AI Agent for Host Code Execution
The Hacker News published an news on "AutoJack Attack Lets One Web Page Hijack AI Agent for Host Code Execution". Topic areas: zero-day, malware, ransomware, data-breach. Published June 19, 2026. See
The Record by Recorded Future Advisory — Jun 19, 2026
The Record by Recorded Future published an news on "The Record by Recorded Future Advisory — Jun 19, 2026". Topic areas: ransomware, apt, data-breach, malware. Published June 19, 2026. See the origina
SANS Internet Storm Center Advisory — Jun 19, 2026
I detected an interesting phishing email this morning. It targets a major Belgian bank: ]]>
Cisco to Acquire WideField Security to Boost Splunk’s Agentic SOC
WideField will accelerate Agentic SOC capabilities by expanding the lens on threat investigation to include identity, credentials, sessions, and blast radius. The post Cisco to Acquire WideField Secur
CiscoCybersecurity Firms Impacted by Klue Supply Chain Attack
The hackers exfiltrated data from Salesforce instances of Klue customers, such as Huntress and Recorded Future. The post Cybersecurity Firms Impacted by Klue Supply Chain Attack appeared first on Secu
In Other News: Apple Patches Beats Eavesdropping Flaw, DOT Closes Delta CrowdStrike Probe, AWS Continuum
Other noteworthy stories that might have slipped under the radar: Android TV botnet Popa linked to Israeli firm, Velvet Ant maintained decade-long stealth, unpatched GCP Config Connector flaw enables
AppleCryptoBandits Malware Doubles as a Backdoor, Abuses Tor
CryptoBandits uses a local SOCKS5 proxy for traffic routing, blending data theft with remote code execution. The post CryptoBandits Malware Doubles as a Backdoor, Abuses Tor appeared first on Security
FortiBleed: 86,000 Fortinet Device Credentials Compromised
The large-scale credential theft campaign hit roughly half of the internet-accessible Fortinet firewalls and VPNs. The post FortiBleed: 86,000 Fortinet Device Credentials Compromised appeared first on
FortinetAnthropic’s Fable and the State of AI
On June 9th, Anthropic released its Fable generative AI model. Three days later, the US government classified it as a dangerous munition, and used its export-control authority to prohibit any foreign
Every AI Agent Is an Identity. Most Organizations Don't Treat Them That Way
BleepingComputer published an news on "Every AI Agent Is an Identity. Most Organizations Don't Treat Them That Way". Topic areas: ransomware, malware, data-breach, zero-day. Published June 19, 2026. S
CISA: Splunk Enterprise flaw actively exploited, patch by Sunday
BleepingComputer published an news on "CISA: Splunk Enterprise flaw actively exploited, patch by Sunday". Topic areas: ransomware, malware, data-breach, zero-day. Published June 19, 2026. See the orig
Microsoft: June 2026 Windows updates break Recycle Bin prompts
BleepingComputer published an news on "Microsoft: June 2026 Windows updates break Recycle Bin prompts". Topic areas: ransomware, malware, data-breach, zero-day. Published June 19, 2026. See the origin
Microsoft
Get alerts that match YOUR environment
This page shows everything in the category. Vulnios narrows it down to alerts that affect your actual asset inventory — only the CVEs you need to act on.
Start a free scan