Google Patches 5th Chrome Zero-Day; V8 Flaw Chains for OS Access
June 10, 2026
Google patched CVE-2026-11645, a V8 out-of-bounds flaw being chained with a sandbox escape to achieve OS code execution. The fifth
CVE Vulnerability Alerts
Google Patches 5th Chrome Zero-Day; V8 Flaw Chains for OS Access
Google patched CVE-2026-11645, a V8 out-of-bounds flaw being chained with a sandbox escape to achieve OS code execution. The fifth Chrome zero-day of 2026.
LiteLLM CVE-2026-42271 Added to CISA KEV: AI API Keys at Risk
CISA added BerriAI LiteLLM CVE-2026-42271 to the KEV catalog. The command injection flaw enables OS access and theft of all configured AI provider API keys.
SAP Patches CVSS 9.9 SAML Flaw and ABAP Memory Corruption
SAP's June 2026 Patch Day addressed 15 security notes including CVE-2026-44748, a CVSS 9.9 XML Signature Wrapping flaw in NetWeaver SAML authentication.
Exploit Published for Linux Kernel nf_tables CVE-2026-23111
Exodus Intelligence released a working exploit for Linux kernel CVE-2026-23111, a nf_tables flaw enabling root escalation on unpatched Ubuntu and Debian.
Apache HTTP Server 2.4.68 Patches 13 CVEs Including HTTP/2 DoS
Apache HTTP Server 2.4.68 patches 13 vulnerabilities including CVE-2026-49975, the HTTP/2 bomb denial-of-service flaw affecting nginx, Envoy, and Cloudflare.
Veeam CVE-2026-44963 Exposes Backup Servers to Low-Privilege RCE
Veeam patched CVE-2026-44963, a CVSS 9.4 RCE flaw letting any domain user execute code on backup servers across its 550,000-customer install base.
Fortinet FortiSandbox CVE-2026-25089 Allows Unauthenticated RCE
Fortinet patched CVE-2026-25089, a CVSS 9.1 OS command injection in FortiSandbox's Web UI exploitable by unauthenticated attackers via crafted HTTP requests.
OpenSSL Patches 16 Flaws Including Heap Use-After-Free RCE Risk
OpenSSL released 16 security fixes, led by CVE-2026-45447, a HIGH severity heap use-after-free in PKCS7_verify() that may enable RCE via crafted S/MIME messages.
Microsoft Patches Exploited Exchange XSS as Secure Boot Deadline Looms
Microsoft's June Patch Tuesday closes the actively exploited Exchange Server CVE-2026-42897 and sets a 17-day countdown to a critical Secure Boot deadline.
Check Point VPN CVE-2026-50751 Exploited by Qilin Before Patch Release
Check Point disclosed CVE-2026-50751, a critical VPN authentication bypass exploited by Qilin ransomware for five weeks, and released an emergency hotfix.
LiteLLM CVE-2026-42271 Added to CISA KEV: AI API Keys at Risk
June 10, 2026
CISA added BerriAI LiteLLM CVE-2026-42271 to the KEV catalog. The command injection flaw enables OS access and theft of all
SAP Patches CVSS 9.9 SAML Flaw and ABAP Memory Corruption
June 10, 2026
SAP’s June 2026 Patch Day addressed 15 security notes including CVE-2026-44748, a CVSS 9.9 XML Signature Wrapping flaw in NetWeaver
Exploit Published for Linux Kernel nf_tables CVE-2026-23111
June 10, 2026
Exodus Intelligence released a working exploit for Linux kernel CVE-2026-23111, a nf_tables flaw enabling root escalation on unpatched Ubuntu and
Apache HTTP Server 2.4.68 Patches 13 CVEs Including HTTP/2 DoS
June 10, 2026
Apache HTTP Server 2.4.68 patches 13 vulnerabilities including CVE-2026-49975, the HTTP/2 bomb denial-of-service flaw affecting nginx, Envoy, and Cloudflare.
Veeam CVE-2026-44963 Exposes Backup Servers to Low-Privilege RCE
June 10, 2026
Veeam patched CVE-2026-44963, a CVSS 9.4 RCE flaw letting any domain user execute code on backup servers across its 550,000-customer
Fortinet FortiSandbox CVE-2026-25089 Allows Unauthenticated RCE
June 10, 2026
Fortinet patched CVE-2026-25089, a CVSS 9.1 OS command injection in FortiSandbox’s Web UI exploitable by unauthenticated attackers via crafted HTTP
OpenSSL Patches 16 Flaws Including Heap Use-After-Free RCE Risk
June 10, 2026
OpenSSL released 16 security fixes, led by CVE-2026-45447, a HIGH severity heap use-after-free in PKCS7_verify() that may enable RCE via
Microsoft Patches Exploited Exchange XSS as Secure Boot Deadline Looms
June 9, 2026
Microsoft’s June Patch Tuesday closes the actively exploited Exchange Server CVE-2026-42897 and sets a 17-day countdown to a critical Secure
Check Point VPN CVE-2026-50751 Exploited by Qilin Before Patch Release
June 9, 2026
Check Point disclosed CVE-2026-50751, a critical VPN authentication bypass exploited by Qilin ransomware for five weeks, and released an emergency
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.