CVE-2026-53675

BuddyPress 14.4.0 contains an insecure direct object reference vulnerability in the friends REST API that allows any authenticated attacker to enumerate another user's complete friend list. Attackers can query the friends endpoint with an arbitrary userid because the getitemspermissionscheck meth...

Microsoft and Adobe Patch Tuesday, June 2026 Security Update Review

Every Patch Tuesday presents a race between defenders applying fixes and attackers seeking opportunities. Microsoft’s June 2026 release is no exception, delivering security updates for vulnerabilities that could significantly impact enterprise environments if left unaddressed. Microsoft Patch...

[SECURITY] [DSA 6333-1] mistral security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6333-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 09, 2026 https://www.debian.org/security/faq -...

CVE-2026-36719

An information disclosure vulnerability in the /api/v1/user/info endpoint of AgentChat v2.3.0 allows unauthenticated attackers to obtain sensitive information, including SHA256 password hashes, via enumerating user IDs...

EUVD-2026-35520

Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally...

EUVD-2026-35653

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally...

EUVD-2026-35678

Server-side request forgery ssrf in Microsoft Exchange Server allows an authorized attacker to disclose information over a network...

EUVD-2026-35679

Improper authorization in Microsoft Exchange Server allows an authorized attacker to disclose information over a network...

EUVD-2026-35672

Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to disclose information locally...

EUVD-2026-35664

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally...

EUVD-2026-35537

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network...

EUVD-2026-35670

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally...

EUVD-2026-35535

Improper neutralization of special elements in output used by a downstream component 'injection' in Microsoft Teams for Android allows an authorized attacker to disclose information over a network...

EUVD-2026-35499

NVIDIA DALI contains a vulnerability in a component where an attacker could cause a heap-based buffer overflow. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and information disclosure...

EUVD-2026-35465

An information disclosure vulnerability in the NETGEAR Orbi satellites could allow a user connected to your network to gain administrator access to the Orbi router. The listed NETGEAR models are affected by this vulnerability. Orbi WiFi Systems without satellite devices are not impacted by this...

CVE-2026-48566

Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally...

CVE-2026-45639

Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network...

CVE-2026-45634

Out-of-bounds read in Windows DHCP Server allows an authorized attacker to disclose information locally...

CVE-2026-45604

Out-of-bounds read in Windows Application Identity AppID Subsystem allows an authorized attacker to disclose information locally...

CVE-2026-45502

Server-side request forgery ssrf in Microsoft Exchange Server allows an authorized attacker to disclose information over a network...