Critical Unauthenticated Authentication Bypass Vulnerability Patched in UpdraftPlus WordPress Plugin

On June 2nd, 2026, we received a submission for a critical Unauthenticated Authentication Bypass vulnerability in UpdraftPlus, a WordPress plugin with more than 3 million active installations. Although the plugin has such a large install base, the vulnerability is only exploitable on sites that...

Spring Boot: Spring Boot: Remote code execution via timing attack in DevTools remote secret comparison

A flaw was found in Spring Boot. An attacker on the same network as the remote application may be able to utilize a timing attack to discover information about a remote secret. In extreme circumstances, this could allow the attacker to determine the secret and upload changed classes, leading to...

Spring Boot: Spring Boot: Arbitrary Code Execution and Session Hijacking via predictable temporary directory

A flaw was found in Spring Boot. A local attacker on the same host as the application may be able to take control of the ApplicationTemp directory due to predictable temporary directory handling. When the server.servlet.session.persistent setting is enabled and the attack persists across...

CVE-2026-45565 Roxy-WI: EscapedString validator skips its '..' block when stripping (root cause for several path-traversal/RCE vectors)

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, EscapedString app/modules/roxywi/classmodels.py:16-30 is the centralised Pydantic validator used on dozens of fields including SSH credential name, username, description, etc. Its...

CVE-2026-45565 Roxy-WI: EscapedString validator skips its '..' block when stripping (root cause for several path-traversal/RCE vectors)

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, EscapedString app/modules/roxywi/classmodels.py:16-30 is the centralised Pydantic validator used on dozens of fields including SSH credential name, username, description, etc. Its...

CVE-2026-45565

CVE-2026-45565 affects Roxy-WI up to 8.2.6.4. The issue lies in the EscapedString Pydantic validator (app/modules/roxywi/class_models.py:16-30): its if/elif/else path strips metacharacters but does not apply the surrounding .. block, allowing an attacker to append a single ;, &, |, $, or ` to a p...

CVE-2026-9045

During an internal security assessment, a potential vulnerability was discovered in Lenovo Accessories and Display Manager for Enterprise for Windows that could allow a local authenticated user to execute arbitrary code with elevated privileges...

CVE-2026-53476

A flaw was found in assisted-migration-agent. An unauthenticated attacker, located on the same local area network LAN, can exploit a path traversal vulnerability. By crafting a specially designed gzipped tarball, the attacker can bypass security checks and write arbitrary files to the system. Thi...

CVE-2026-8637

A potential uncontrolled search path vulnerability was reported in the LanSchool Classic client application that could allow a local authenticated user to execute arbitrary code with elevated privileges...

CVE-2026-45556

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, POST /waf///rule//save accepts a configfilename form field that is passed straight through to configmod.masterslaveuploadandrestart... as the destination path. The validation chai...

CVE-2026-45558

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the HAProxy section-save endpoints POST /api/service/haproxy//section/ and the PUT / global / defaults variants accept a JSON option field that is not validated, not escaped, and ...

CVE-2025-10238

During an internal security assessment, a potential out-of-bounds write vulnerability was discovered in the BIOS of some ThinkPad products could allow a privileged local user to execute code in System Management Mode SMM...

Ivanti, Fortinet, and SAP Release Patches for Multiple Critical Vulnerabilities

Fortinet, Ivanti, and SAP have released security updates to address multiple critical security vulnerabilities that could result in arbitrary code execution and information disclosure. The security flaw patched by Fortinet relates to a command injection vulnerability in FortiSandbox, FortiSandbox...

CVE-2026-24065

Waves Central for macOS versions 13.0.9 through 16.5.5 contain a local privilege escalation vulnerability in the privileged helper service. The helper validates connecting XPC clients using the client process identifier PID to verify code-signing identity. Because process identifiers can be reuse...

CVE-2026-49740

TYPO3's cache frontend VariableFrontend and persistent key-value store Registry deserialized PHP payloads without integrity validation or class restrictions. An attacker with write access to the underlying storage backend cache store or sysregistry database table could inject a crafted serialized...

Langflow Vulnerability CVE-2026-5027 Exploited for Unauthenticated RCE

A high-severity security flaw in Langflow, an open-source low-code platform to build artificial intelligence AI applications, has come under active exploitation in the wild, according to findings from VulnCheck. The vulnerability in question is CVE-2026-5027 CVSS score: 8.8, a case of path...

CVE-2026-9279

Logseq exposes an IPC handler that allows the renderer process to execute shell commands. While an allowlist restricts the command name e.g. git, pandoc, grep, the argument string is concatenated with the command and passed to childprocess.spawn with the shell: true option, allowing shell...

CVE-2026-10520

An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution...

Sandbox Escape

vm2 is vulnerable to Sandbox Escape. The vulnerability is due to incomplete protection of dangerous cross-realm symbols in setup-sandbox.js and missing validation in the bridge's set, defineProperty, and deleteProperty traps. This allows sandboxed code to obtain and manipulate real cross-realm...

CVE-2026-41283

A flaw was found in OpenStack Mistral. When the API is exposed, a remote attacker can exploit certain endpoints to achieve arbitrary code execution. This allows the attacker to run malicious code on the system and potentially exfiltrate sensitive service credentials. Mitigation Restrict network...