The Consensus Security Vulnerability Alert

ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html

From a VHDX File to a Remcos RAT

Published: 2026-06-16

Last Updated: 2026-06-16 07:09:13 UTC

by Xavier Mertens (Version: 1)

Yesterday, a reader reported to us a malicious ZIP archive. Once unzipped, it contains a VHDX file that discloses a malicious JavaScript after being mounted (which is automatic on modern Windows OSs) ...

Two different techniques to hide the payload help to bypass most first-line security controls. Using a disk image as a "malware container" has been used multiple times in the past but seemed to be less used these days. That’s why I decided to have a look at the JavaScript with a low VT score (only 5/57). Called “Partnerschaft_fur_neue_Angebotsanfrage[.]js” (“Partnership for new quotation request”), it probably targets German speaking victims. It contains three stages to deliver the last piece of malware.

In the first stage, the JavaScript (obfuscated and hidden in many comments) will launch a PowerShell script through WMI ...

Read the full entry: https://isc.sans.edu/diary/From+a+VHDX+File+to+a+Remcos+RAT/33080/

Evil MSI Background: BASE64 Statistical Analysis

Published: 2026-06-15

Last Updated: 2026-06-15 07:16:00 UTC

by Didier Stevens (Version: 1)

I like it when a fellow handler posts a diary entry about images with malicious content. Last one is Xavier: "The Evil MSI Background is Back!".

I like to have a go at the sample with my tools, and see if there are any improvements I can make to my tools.

Let's take a look at the bytes present in this suspicious JPEG file, using my tool byte-stats.py ...

Read the full entry: https://isc.sans.edu/diary/Evil+MSI+Background+BASE64+Statistical+Analysis/33072/

Microsoft June 2026 Patch Tuesday (2026.06.09)

https://isc.sans.edu/diary/Microsoft+June+2026+Patch+Tuesday/33064/

The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.

CVE-2026-10520 - Ivanti Sentry is vulnerable to OS Command Injection before versions R10.5.2, R10.6.2, and R10.7.1, allowing remote unauthenticated users to achieve root-level remote code execution.

Product: Ivanti Sentry

CVSS Score: 10.0

** KEV since 2026-06-11 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-10520

ISC Podcast: https://isc.sans.edu/podcastdetail/9970

NVD References:

- https://hub.ivanti.com/s/article/Security-Advisory-Ivanti-Sentry-CVE-2026-10520-CVE-2026-10523?language=en_US

- https://github.com/watchtowrlabs/watchTowr-vs-Ivanti-Sentry-RCE-CVE-2026-10520-CVE-2026-10523

- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-10520

CVE-2026-10523 - Ivanti Sentry before versions R10.5.2, R10.6.2, and R10.7.1 allows remote attackers to create unauthorized admin accounts and gain full administrative control.

Product: Ivanti Sentry

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-10523

ISC Podcast: https://isc.sans.edu/podcastdetail/9970

NVD References: https://hub.ivanti.com/s/article/Security-Advisory-Ivanti-Sentry-CVE-2026-10520-CVE-2026-10523?language=en_US

CVE-2026-35273 - PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft contains a critical vulnerability allowing unauthenticated attackers to compromise the system and potentially take over the software.

Product: Oracle PeopleSoft Enterprise PeopleTools

CVSS Score: 9.8

** KEV since 2026-06-12 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-35273

ISC Podcast: https://isc.sans.edu/podcastdetail/9970

NVD References:

- https://www.oracle.com/security-alerts/alert-cve-2026-35273.html

- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-35273

CVE-2026-11645 - Chromium: CVE-2026-11645 Out of bounds memory access in V8

Product: Google Chrome

CVSS Score: 0

** KEV since 2026-06-09 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-11645

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11645

NVD References:

- https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0153744567.html

NVD References: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-11645

CVE-2026-54420 - LiteSpeed cPanel plugin before 2.4.8 is vulnerable to symlink attacks by users with FTP or web shell access on shared hosting servers running CloudLinux/CageFS.

Product: Litespeedtech Litespeed cPanel Plugin

CVSS Score: 8.5

** KEV since 2026-06-15 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-54420

NVD References:

- https://blog.litespeedtech.com/2026/06/01/security-update-for-litespeed-cpanel-plugin-2/

- https://www.litespeedtech.com/products/litespeed-web-server/control-panel-support/cpanel

- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-54420

CVE-2026-20262 - Cisco Catalyst SD-WAN Manager is vulnerable to allowing an authenticated, remote attacker to create or overwrite files on the file system due to insufficient validation of user input during file uploads.

Product: Cisco Catalyst SD-WAN Manager

CVSS Score: 6.5

** KEV since 2026-06-15 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-20262

NVD References:

- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-arbfw-c2rZvQ

- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20262

CVE-2026-20253 - Splunk Enterprise and Splunk Cloud Platform are vulnerable to unauthenticated file creation and truncation through a PostgreSQL sidecar service endpoint.

Product: Splunk

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-20253

ISC Podcast: https://isc.sans.edu/podcastdetail/9972

NVD References:

- https://advisory.splunk.com/advisories/SVD-2026-0603

- https://labs.watchtowr.com/why-use-app-level-auth-when-every-database-has-auth-splunk-enterprise-cve-2026-20253-pre-auth-rce/

CVE-2025-10263 - ARM: CVE-2025-10263 Completion of affected memory accesses might not be guaranteed by completion of a TLBI [kernel]

Product: ARM Cortex-X925, Cortex-X4, Cortex-X3, Cortex-X2, Cortex-X1 & X1C, Cortex-A710, Cortex-A78, A78AE & A78C, Cortex-A77, Cortex-A76 & A76A

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-10263

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-10263

NVD References: https://developer.arm.com/documentation/112137

CVE-2026-26142 - Nuance PowerScribe Remote Code Execution Vulnerability

Product: Nuance PowerScribe

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-26142

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26142

CVE-2026-34182 - CMS AuthEnvelopedData Processing May Accept Forged Messages

Product: OpenSSL

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-34182

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-34182

NVD References: https://openssl-library.org/news/secadv/20260609.txt

CVE-2026-42904 - Windows TCP/IP Elevation of Privilege Vulnerability

Product: Microsoft Windows 10 21H2

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-42904

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42904

CVE-2026-44815 - DHCP Client Service Remote Code Execution Vulnerability

Product: Microsoft Windows 10 1607

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-44815

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-44815

CVE-2026-45602 - Windows Dynamic Host Configuration Protocol (DHCP) Tampering Vulnerability

Product: Microsoft Windows 10 1607

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-45602

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45602

CVE-2026-45657 - Windows Kernel Remote Code Execution Vulnerability

Product: Microsoft Windows 11 23H2

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-45657

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45657

CVE-2026-47281 - Visual Studio Code Elevation of Privilege Vulnerability

Product: Microsoft Visual Studio Code

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-47281

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47281

CVE-2026-47291 - HTTP.sys Remote Code Execution Vulnerability

Product: Microsoft Windows 10 1607

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-47291

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47291

CVE-2026-47643 - Azure Stack Edge Remote Code Execution Vulnerability

Product: Azure Stack Edge

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-47643

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47643

CVE-2026-44631 - Apache HTTP Server: Heap Underflow in `ap_regname` via Signed Char Overflow

Product: Apache HTTP Server

CVSS Score: 9.4

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-44631

CVE-2026-25089 - Fortinet FortiSandbox versions 4.2 through 5.0.5 may allow unauthorized command execution by an unauthenticated attacker via specially crafted HTTP requests.

Product: Fortinet FortiSandbox

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-25089

NVD References: https://fortiguard.fortinet.com/psirt/FG-IR-26-141

CVE-2026-9862 - Fortra's Core Privileged Access Manager (BoKS) is vulnerable to OS command injection in the boks_autoregisterd service, allowing a remote attacker to execute commands with service privileges during autoregistration.

Product: Fortra Core Privileged Access Manager (BoKS)

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-9862

NVD References: https://www.fortra.com/security/advisories/product-security/fi-2026-007

CVE-2026-5067 - Zephyr's HTTP server WebSocket upgrade path is vulnerable to memory corruption from a crafted Sec-WebSocket-Key header.

Product: Zephyr HTTP server WebSocket

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-5067

NVD References: https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-wgr4-9pwq-94vj

CVE-2026-44083 - QuMagie is susceptible to an authorization bypass through user-controlled key vulnerability allowing remote attackers to gain unintended privileges, which has been fixed in versions 2.9.1 and later.

Product: QNAP QuMagie

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-44083

NVD References: https://www.qnap.com/en/security-advisory/qsa-26-35

CVE-2025-66276 - QuTS hero is not affected by the vulnerability present in versions prior to QTS 5.2.7.3256 build 20250913.

Product: QNAP QuTS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-66276

NVD References: https://www.qnap.com/en/security-advisory/qsa-25-56

CVE-2026-26240 - File Station 5 is susceptible to a buffer overflow vulnerability that allows remote attackers to manipulate memory or crash processes, now resolved in version 5.5.6.5243 and later.

Product: QNAP File Station

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-26240

NVD References: https://www.qnap.com/en/security-advisory/qsa-26-32

CVE-2026-26241 - File Station 5 is susceptible to a buffer overflow vulnerability that allows remote attackers to manipulate memory or crash processes, now resolved in version 5.5.6.5243 and later.

Product: QNAP File Station

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-26241

NVD References: https://www.qnap.com/en/security-advisory/qsa-26-27

CVE-2026-9698 - DBI versions before 1.648 for Perl have a vulnerability where error messages are saved in a limited-sized buffer, allowing attackers to trigger a buffer overflow.

Product: Perl DBI

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-9698

CVE-2026-12087 - Perl Socket versions before 2.041 have an out-of-bounds heap read due to a flaw in pack_ip_mreq_source().

Product: Perl Socket

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-12087

CVE-2026-50638 - Metrics::Any::Adapter::DogStatsd versions before 0.04 for Perl is vulnerable to metric injections due to the lack of protection against newlines in metrics and tags.

Product: Metrics::Any::Adapter::DogStatsd Perl

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-50638

CVE-2026-12205 - Crypt::DSA versions before 1.21 for Perl expose private keys due to reuse of nonce across signatures.

Product: Crypt::DSA Perl

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-12205

CVE-2026-46316 - The Linux kernel vulnerability in KVM: arm64 has been resolved by ensuring proper dropping of the translation cache reference only for the erased entry.

Product: Linux KVM

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-46316

CVE-2026-49840 - FreeSWITCH is vulnerable to a heap corruption or crash due to a lack of sign or magnitude check in parsing Content-Length prior to version 1.11.1.

Product: FreeSWITCH

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-49840

NVD References: https://github.com/signalwire/freeswitch/security/advisories/GHSA-g597-9fgg-ghg9

CVE-2026-49841 - FreeSWITCH prior to version 1.11.1 allows for an attacker-controlled heap overflow due to a buffer size limitation in the mod_verto HTTP request handler.

Product: FreeSWITCH

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-49841

NVD References: https://github.com/signalwire/freeswitch/security/advisories/GHSA-wfrq-qvg2-f88f

CVE-2026-34691 - Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are vulnerable to stored XSS, allowing attackers to inject malicious scripts and potentially gain elevated access to users' accounts.

Product: Adobe Experience Manager

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-34691

NVD References: https://helpx.adobe.com/security/products/aem-forms/apsb26-57.html

CVE-2026-47928 - ColdFusion is susceptible to an Improper Input Validation vulnerability allowing arbitrary code execution without user interaction in versions 2023.19, 2025.8 and earlier.

Product: Adobe ColdFusion

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-47928

NVD References: https://helpx.adobe.com/security/products/coldfusion/apsb26-64.html

CVE-2026-47938 - Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier contain an SSRF vulnerability allowing privilege escalation without the need for user interaction, resulting in a change in scope.

Product: Adobe Campaign Classic

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-47938

NVD References: https://helpx.adobe.com/security/products/campaign/apsb26-66.html

CVE-2026-48303 - Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier are vulnerable to an Incorrect Authorization flaw allowing for arbitrary code execution without user interaction.

Product: Adobe Campaign

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-48303

NVD References: https://helpx.adobe.com/security/products/campaign/apsb26-66.html

CVE-2026-45328 - ESF-IDF, the Espressif IOT Development Framework, in versions 5.5.4 and 6.0, has a vulnerability in the esp_tee component exposing secure-service wrappers that has been patched in versions 5.5.5 and 6.0.1.

Product: Espressif ESF-IDF 6.0

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-45328

NVD References: https://github.com/espressif/esp-idf/security/advisories/GHSA-mmgp-73p4-92xp

CVE-2026-53469, CVE-2026-53470, CVE-2026-53471, CVE-2026-53474, CVE-2026-53475, CVE-2026-53476 - Vulnerabilities in migration planner and assisted migration agent.

Product Name: migration planner and assisted migration agent

CVSS Scores: 9.1 - 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-53469 (missing authentication for critical function)

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-53470 (authorization bypass)

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-53471 (authorization bypass)

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-53474 (SQL injection)

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-53475 (improper certificate validation)

NVD References:

- https://github.com/kubev2v/migration-planner/pull/1227

- https://github.com/kubev2v/migration-planner/pull/1218

- https://github.com/kubev2v/migration-planner/pull/1213

- https://github.com/kubev2v/migration-planner/pull/1231

- https://github.com/kubev2v/assisted-migration-agent/pull/268

- https://github.com/kubev2v/assisted-migration-agent/pull/256

CVE-2026-46614, CVE-2026-50545, CVE-2026-50563, CVE-2026-50564, CVE-2026-50566 - Multiple vulnerabilities in Fission.

Product: Fission

CVSS Scores: 9.8 - 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-46614

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-50545

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-50563

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-50564

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-50566

NVD References:

- https://github.com/fission/fission/security/advisories/GHSA-3g33-6vg6-27m8

- https://github.com/fission/fission/security/advisories/GHSA-wmgg-3p4h-48x7

- https://github.com/fission/fission/security/advisories/GHSA-v455-mv2v-5g92

- https://github.com/fission/fission/security/advisories/GHSA-gx55-f84r-v3r7

- https://github.com/fission/fission/security/advisories/GHSA-m63v-2g9w-2w6v

CVE-2026-47131, CVE-2026-47137, CVE-2026-47140, CVE-2026-47208 - Multiple vulnerabilities in vm2.

Product: vm2

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-47131 (improper control of dynamically-managed code resources)

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-47137 (improper control of dynamically-managed code resources)

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-47140 (protection mechanism failure)

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-47208 (improper control of dynamically-managed code resources)

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-47210 (improper control of dynamically-managed code resources)

NVD References:

- https://github.com/patriksimek/vm2/security/advisories/GHSA-v6mx-mf47-r5wg

- https://github.com/patriksimek/vm2/security/advisories/GHSA-m4wx-m65x-ghrr

- https://github.com/patriksimek/vm2/security/advisories/GHSA-rp36-8xq3-r6c4

- https://github.com/patriksimek/vm2/security/advisories/GHSA-76w7-j9cq-rx2j

- https://github.com/patriksimek/vm2/security/advisories/GHSA-6j2x-vhqr-qr7q

CVE-2026-49261 - MariaDB server versions 10.6.1 through 12.3.1 with `wsrep_notify_cmd` enabled allow for shell commands execution via joiner node names, fixed in later versions.

Product: MariaDB server

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-49261

NVD References: https://jira.mariadb.org/browse/MDEV-39721

CVE-2026-44170 - MariaDB server on Windows with installed CONNECT engine and enabled REST support had a vulnerability that allowed users to execute shell commands on the server, but has been patched in newer versions.

Product: MariaDB server

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-44170

NVD References: https://jira.mariadb.org/browse/MDEV-39289

CVE-2026-44172 - MariaDB server versions 3.3.18 and 3.4.8 were vulnerable to SQL injections due to a flaw in handling non-validated user input.

Product: MariaDB server

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-44172

NVD References: https://jira.mariadb.org/browse/CONC-819

CVE-2026-41005 - Cloud Foundry UAA incorrectly treated XML encryption to the Service Provider as a substitute for XML signatures from the Identity Provider, leaving encrypted content vulnerable to unauthorized decryption.

Product: Cloud Foundry UAA (User Account and Authentication)

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-41005

NVD References: https://www.cloudfoundry.org/blog/cve-2026-41005-uaa-accepts-saml-encrypted-assertions-authentication-bypass/

CVE-2026-12027 - Google Chrome prior to version 149.0.7827.115 is vulnerable to sandbox escape via a crafted HTML page, if the renderer process has been compromised.

Product: Google Chrome

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-12027

NVD References: https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_01962725236.html

CVE-2026-47365 - WordPress Toolkit before version 6.11.0 in cPanel & WHM allows remote authenticated users to execute arbitrary wp-toolkit CLI commands as another account.

Product: cPanel & WHM WordPress Toolkit

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-47365

NVD References: https://support.cpanel.net/hc/en-us/articles/41004584983703-WP-Toolkit-CVE-2026-47365

CVE-2026-49875, CVE-2026-50627, CVE-2026-50628 - Multiple vulnerabilities in Apache CXF.

Product: Apache CXF

CVSS Scores: 9.1 - 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-49875 (improper restriction of XML external entity reference)

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-50627 (authentication bypass)

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-50628 (improper input validation)

NVD References:

- https://lists.apache.org/thread/3kb9w5bg90xcp06fccoz9k3gpsvyy79o

- https://lists.apache.org/thread/0jfzz9q992957b99tw7hodcqjfyxwb1m

- https://lists.apache.org/thread/vb3ho8lf228gh90m1fpnohf2008xrdxk

CVE-2026-53787 - Amasty Order Attributes for Magento 2 before version 4.0.0 is vulnerable to an unauthenticated arbitrary file upload allowing attackers to write files to the store's media directory.

Product: Amasty Order Attributes for Magento 2

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-53787

NVD References: https://www.vulncheck.com/advisories/amasty-order-attributes-for-magento-2-unauthenticated-arbitrary-file-upload

CVE-2026-54133 - jmespath.php allows users to use JMESPath in PHP applications, but versions prior to 2.9.1 are vulnerable to generating and executing attacker-controlled PHP code.

Product: JMESPath

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-54133

NVD References: https://github.com/jmespath/jmespath.php/security/advisories/GHSA-pcw8-m77r-2528

CVE-2026-48558 - SimpleHelp versions 5.5.15 and prior and 6.0 pre-release versions have an authentication bypass vulnerability in the OIDC flow, allowing remote attackers to forge tokens and gain access to technician sessions without user interaction.

Product: SimpleHelp

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-48558

NVD References: https://horizon3.ai/attack-research/disclosures/cve-2026-48558-simplehelp-authentication-bypass-iocs/

CVE-2026-44990, CVE-2026-53609 - Vulnerabilities in ApostropheCMS.

Product: ApostropheCMS

CVSS Scores: 9.1 - 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-44990 (cross-site scripting)

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-53609 (prototype pollution)

NVD References:

- https://github.com/apostrophecms/apostrophe/security/advisories/GHSA-rpr9-rxv7-x643

- https://github.com/apostrophecms/apostrophe/security/advisories/GHSA-6h5j-32cf-4253

CVE-2026-46716, CVE-2026-53519 - Vulnerabilities in Nezha Monitoring.

Product: Nezha Monitoring

CVSS Scores: 9.1 - 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-46716 (prototype pollution)

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-53519 (path traversal)

NVD References:

- https://github.com/nezhahq/nezha/security/advisories/GHSA-99gv-2m7h-3hh9

- https://github.com/nezhahq/nezha/security/advisories/GHSA-5c25-7vpj-9mqh

CVE-2026-53838 - OpenClaw before 2026.5.27 has a state mutation vulnerability that allows paired nodes to confuse approval scope decisions by exploiting reconnection logic.

Product: OpenClaw

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-53838

NVD References: https://github.com/openclaw/openclaw/security/advisories/GHSA-83w9-h5wv-j9xm

CVE-2026-30120, CVE-2026-30121 - remotion-dev remotion v4.0.409 vulnerabilities.

Product: remotion-dev remotion

CVSS Scores: 9.1 - 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-30120 (code injection)

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-30121 (write-what-where condition)

NVD References:

- https://github.com/EaEa0001/security-advisories/blob/main/CVE-2026-30120.md

- https://github.com/EaEa0001/security-advisories/blob/main/CVE-2026-30121.md

CVE-2026-38060 through CVE-2026-38064 - Multiple OS command injection vulnerabilities in Tenda 5G03 V05.03.02.04 (Version 1.0).

Product: Tenda 5G03

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-38060

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-38061

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-38062

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-38063

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-38064

NVD References: https://github.com/sezangel/IOT-vul/tree/main/Tenda/5G03

CVE-2026-39196 - Datadog, Inc Vector v0.54.0 contains a SQL injection vulnerability in the set_uri_query parameter, allowing attackers to access sensitive database information.

Product: Datadog Inc, Vector

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-39196

NVD References: https://gist.github.com/pyuysig/423b15c69e3cd851c1e24c1312a0551a

CVE-2026-48114 - Metacat versions 2.0.0 and above have an unauthenticated SQL injection vulnerability in the /harvesterRegistration endpoint, allowing full database access.

Product: Metacat data repository software

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-48114

NVD References: https://github.com/NCEAS/metacat/security/advisories/GHSA-wrc6-rc34-hrcg

CVE-2026-48713, CVE-2026-48714 - Prototype pollution vulnerabilities in i18next

Product: i18next

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-48713

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-48714