Attackers Actively Exploiting Critical Vulnerability in Burst Statistics Plugin

On May 13th, 2026, we publicly disclosed a critical Authentication Bypass vulnerability in Burst Statistics, a WordPress plugin with 200,000 active installations. This vulnerability can be leveraged by unauthenticated attackers, with knowledge of an administrator username, to impersonate that...

PT-2026-45209

CVE-2026-0142 does not exist. No NVD record, no CISA KEV entry, no published advisory. The identifier follows valid CVE format but carries nothing behind it — no CVSS score, no affected product, no CNA assignment. If a vendor, scanner, or third-party report handed you that number, the source...

MAL-2026-5091 Malicious code in discord-ban (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4e19806a65bf83b5648eb280baedca899972d98e8c3f921080390458e8394413 Package steals data from web browsers credentials, credit cards, history, ... --- Category: MALICIOUS - The campaign has clearly malicious intent, like...

Security Bulletin: Multiple security vulnerabilities addressed with IBM Business Automation Workflow cumulative fixes May 2026

Summary In addition to updating many operating system level packages, the following security vulnerabilities are addressed with IBM Business Automation Workflow cumulative fixes. Vulnerability Details CVEID:CVE-2025-12183 DESCRIPTION: Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and...

CVE-2026-44596

creationtimestamp| type| source ---|---|--- 2026-05-29 15:00:15+00:00| seen| Telegram/a86W4JR7O--z7UEFDSjPGooPu8cJg6Qw5misZZ2a8xOkaUM 2026-05-29 21:00:04+00:00| seen| Telegram/7EeES1995AuZh7L7sqmaK3TqJ83qHuwNNd4oo-aSS2rD4M...

CVE-2026-33386

creationtimestamp| type| source ---|---|--- 2026-05-29 07:15:00+00:00| seen| https://cert.pl/en/posts/2026/05/CVE-2026-33384...

CVE-2026-41236

creationtimestamp| type| source ---|---|--- 2026-05-29 06:30:36+00:00| published-proof-of-concept| https://github.com/froxlor/froxlor/security/advisories/GHSA-mq5v-pxpm-8jw2 2026-06-04 18:44:56+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnibsgjzcn2y...

CVE-2026-10004

creationtimestamp| type| source ---|---|--- 2026-05-28 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/google-chrome-multiple-vulnerabilities20260529 2026-05-28 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/microsoft-edge-multiple-vulnerabilities20260529 2026-05-29...

CVE-2026-47759

creationtimestamp| type| source ---|---|--- 2026-05-28 17:01:01+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mmwiq4djr42l 2026-05-28 17:23:57+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmwjz5vnzt2i 2026-05-28 21:37:06+00:00| seen|...

Threat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential Stealer

Threat actors are continuing to exploit a critical, now-patched security flaw impacting FortiClient Endpoint Management Server EMS deployments to deliver a credential-stealing malware family dubbed EKZ Infostealer. "The campaign abused trusted endpoint management infrastructure to deliver malware...

CVE-2026-44886

Pi.Alert’s web interface is vulnerable to unauthenticated blind SQL injection in the /pialert/php/server/devices.php endpoint when action=getDevicesTotals is used and the scansource parameter is injected. From 2024-06-29 until 2026-05-07, unauthenticated users could trigger the vulnerability; the...

CVE-2026-44888

Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Alert's SaveConfigFile endpoint writes user-supplied numeric config values e.g., SMTPPORT directly into pialert.conf without validation. Since pialert.conf is loaded via Python's exec every 3–5 minutes...

CVE-2026-48027 Compromised Nx Console version 18.95.0

Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious version of Nx Console, 18.95.0, was published at 12:30 PM UTC and removed soon after at 12:48 PM UTC, leaving it available for 18 minutes in Visual Studio Marketplace. For OpenVSX, the problem was detected later, and the...

CVE-2026-40816

creationtimestamp| type| source ---|---|--- 2026-05-27 08:11:14+00:00| seen| https://infosec.exchange/users/certvde/statuses/116645525736344350 2026-05-27 08:11:20+00:00| seen| https://bsky.app/profile/certvde.infosec.exchange.ap.brid.gy/post/3mmt2nw2pp232 2026-05-27 08:12:05+00:00| seen|...

CVE-2026-7493

creationtimestamp| type| source ---|---|--- 2026-05-27 04:53:58+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmspn5xkta2e...

PT-2026-44044

Name of the Vulnerable Software and Affected Versions Nx Console version 18.95.0 Description A supply chain compromise occurred where a malicious version of Nx Console, the user interface for Nx and Lerna, was published to official marketplaces. The compromised version was available in the Visual...

CVE-2026-9528

creationtimestamp| type| source ---|---|--- 2026-05-26 08:40:28+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmqltbjisq2o...

CVE-2026-9434

creationtimestamp| type| source ---|---|--- 2026-05-25 07:30:26+00:00| seen| https://infosec.exchange/users/offseq/statuses/116634040801870107 2026-05-25 07:30:29+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mmnxh5ydco2l...

CVE-2026-39965

creationtimestamp| type| source ---|---|--- 2026-05-22 22:16:07+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmhxk3at6w2q...

MAL-2026-4227 Malicious code in lognest (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 481f45cde243009853b52b584fb6a1af2eae31e637912c8b78f18a8d7ee0d9d0 On import lognest, the package's init.py spawns a detached background subprocess running a sibling check.py lognest/init.py:25...