CVE-2026-35273

CVE-2026-35273 is a remote, unauthenticated RCE in Oracle PeopleSoft Enterprise PeopleTools Updates Environment Management (PSEMHUB) affecting PeopleTools 8.61 and 8.62. Vendor advisories describe the flaw as a high-severity, network-exposed vulnerability with CVSS v3.1 score 9.8. Exploitation ha...

CVE-2026-45447

CVE-2026-45447 is a heap use-after-free in OpenSSL PKCS7_verify triggered when SignedData digestAlgorithms is an empty ASN.1 SET, risking process crashes, heap corruption, or remote code execution. It affects applications processing PKCS#7/S/MIME with OpenSSL PKCS#7 APIs (CMS APIs are not affecte...

June 9, 2026—KB5094126 (OS Builds 26200.8655 and 26100.8655)

June 9, 2026—KB5094126 OS Builds 26200.8655 and 26100.8655 This cumulative update for Windows 11, version 25H2 and 24H2 KB5094126 includes the latest security fixes and improvements, along with non-security updates from last month's optional preview release.Visit the Windows release health...

June 9, 2026—KB5094123 (OS Build 17763.8880)

June 9, 2026—KB5094123 OS Build 17763.8880 Summary This article lists the security issues and quality improvements included in this cumulative security update. Windows Server 2019Windows 10, version 1809 Applies to: Windows Server 2019This security update includes fixes and quality improvements...

June 9, 2026—KB5094128 (OS Build 20348.5256)

June 9, 2026—KB5094128 OS Build 20348.5256 This cumulative update for Windows Server 2022 KB5094128, includes the latest security fixes and improvements, along with non-security updates from last month’s optional preview release. To learn more about differences between security updates, optional...

CVE-2026-44815

CVE-2026-44815 is a stack-based buffer overflow in the Windows DHCP Client that enables remote code execution over the network. Affected component: Windows DHCP Client; root cause is a stack-based overflow. Consequences are remote code execution with high impact, as indicated by the CVSS vector (...

June 9, 2026—KB5094122 (OS Build 14393.9234)

June 9, 2026—KB5094122 OS Build 14393.9234 Summary This article lists the security issues and quality improvements included in this cumulative security update. Windows Server 2016Windows 10, version 1607 Applies to: Windows Server 2016This security update includes fixes and improvements that are ...

CVE-2026-20253

In Splunk Enterprise 10.2 versions below 10.2.4 and 10 versions below 10.0.7, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint. The vulnerability exists because the PostgreSQL sidecar service endpoint lacks authentication controls,...

CVE-2026-45657

CVE-2026-45657 is a use-after-free in the Windows Kernel that enables a remote attacker to execute code over a network without user interaction. The formal CVSSv3.1 base score is 9.8 (CRITICAL), with network attack vector, low attack complexity, no privileges required, and high impact to confiden...

CVE-2026-42904

CVE-2026-42904 is a Windows TCP/IP heap-based buffer overflow vulnerability that allows an unauthenticated attacker on an adjacent network to elevate privileges. The issue affects the Windows TCP/IP stack and is identified as a 9.6 (CRITICAL) CVSSv3.1 Base Score with attacker-friendly characteris...

CVE-2026-20253

In Splunk Enterprise 10.2 versions below 10.2.4 and 10 versions below 10.0.7, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint. The vulnerability exists because the PostgreSQL sidecar service endpoint lacks authentication controls,...

Exploit for CVE-2026-10795

CVE-2026-10795 CVE-2026-10795 – UpdraftPlus Authentication Byp...

POC_cve_2026_35273

POCcve202635273 Universal Unauthenticated RCE via PeopleSof...

KB5094128: Windows Server 2022 / Azure Stack HCI 22H2 Security Update (June 2026)

The remote Windows host is missing security update 5094128. It is, therefore, affected by multiple vulnerabilities - Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network. CVE-2026-47291 - Heap-based buffer overflow in Remote Desktop...

esbuild: Missing binary integrity verification in Deno module enables remote code execution via NPM_CONFIG_REGISTRY

Summary The esbuild Deno module lib/deno/mod.ts downloads native binary executables from an npm registry and writes them to disk with executable permissions 0o755 without performing any integrity verification e.g., SHA-256 hash check. The Node.js equivalent lib/npm/node-install.ts includes a robu...

Windows Malicious Software Removal Tool - v5.142 (KB890830)

After the download, this tool runs one time to check your computer for infection by specific, prevalent malicious software including Blaster, Sasser, and Mydoom and helps remove any infection that is found. If an infection is found, the tool will display a status report the next time that you sta...

CVE-2026-10795

CVE-2026-10795 concerns UpdraftPlus: WP Backup & Migration Plugin for WordPress, affected up to version 1.26.4. The root cause is insufficient validation of the remote communications message format in UpdraftPlus_Remote_Communications_V2::wp_loaded, allowing an unauthenticated attacker to bypass ...

Exploit for Heap-based Buffer Overflow in Microsoft

CVE-2026-47291 Overview RCE exploit for CVE-2026-47291 t...

CVE-2026-12033

CVE-2026-12033 affects Google Chrome’s VideoCapture component. The issue is an out-of-bounds read in VideoCapture that could allow a remote attacker who has compromised the GPU process to read potentially sensitive data from process memory via a crafted HTML page. The vulnerability is tied to Chr...

Exploit for CVE-2026-5027

CV...