Public PoC Released for Cisco Unified CM SSRF Bug
June 4, 2026
Cisco confirmed public PoC code for CVE-2026-20230, a Unified CM SSRF enabling unauthenticated file writes and potential root access on
CVE Vulnerability Alerts
Public PoC Released for Cisco Unified CM SSRF Bug
Cisco confirmed public PoC code for CVE-2026-20230, a Unified CM SSRF enabling unauthenticated file writes and potential root access on enterprise systems.
AI Tool Uncovers Two-Year-Old Redis RCE CVE-2026-23479
Team Xint Code used an AI tool to find CVE-2026-23479, a two-year-old Redis RCE posing high risk in cloud environments where Redis runs without authentication.
CVE-2026-8206 Kirki Plugin Exploited; 500,000 WordPress Sites at Risk
CVE-2026-8206 in the Kirki WordPress plugin is under active attack, with Wordfence detecting 222 exploitation attempts targeting admin account takeover.
CVE-2026-0826 (CVSS 9.2): Unauthenticated RCE in HP Poly VoIP Phones
CVE-2026-0826 allows unauthenticated root-level RCE on HP Poly VVX and Trio VoIP phones via a crafted SIP INVITE request targeting the SDP/ICE parser.
CISA Adds CVE-2024-21182 Oracle WebLogic to KEV; Feds Have 3 Days
CISA confirmed active exploitation of Oracle WebLogic CVE-2024-21182, giving federal agencies a June 4 deadline to patch the unauthenticated data-access flaw.
CVE-2026-49975 HTTP/2 Bomb Hits nginx, Apache, Envoy, and Cloudflare
CVE-2026-49975 HTTP/2 Bomb exploit achieves 5,700:1 amplification against Envoy, crashing 32 GB of server memory with a single residential connection.
Google Patches Android Zero-Day CVE-2025-48595 Under Active Exploit
Google confirmed CVE-2025-48595, a no-interaction privilege escalation flaw in Android 14–16, is under active targeted attack. Patches arrive June 5.
IBM WebSphere CVE-2026-8633: CVSS 9.8 No-Auth RCE Flaw Patched
CVE-2026-8633 is a CVSS 9.8 unauthenticated RCE in IBM WebSphere's Web Server Plug-ins. Patches are available for WebSphere 8.5 and 9.0 and Liberty builds.
NIST Inspector General: NVD Backlog Hits 27,000 CVEs
A NIST Inspector General report finds the NVD backlog has grown to over 27,000 unprocessed CVEs, degrading enterprise vulnerability management programs.
NIST Inspector General: NVD Backlog Hits 27,000 CVEs
A NIST Inspector General report finds the NVD backlog has grown to over 27,000 unprocessed CVEs, degrading enterprise vulnerability management programs.
AI Tool Uncovers Two-Year-Old Redis RCE CVE-2026-23479
June 4, 2026
Team Xint Code used an AI tool to find CVE-2026-23479, a two-year-old Redis RCE posing high risk in cloud environments
CVE-2026-8206 Kirki Plugin Exploited; 500,000 WordPress Sites at Risk
June 3, 2026
CVE-2026-8206 in the Kirki WordPress plugin is under active attack, with Wordfence detecting 222 exploitation attempts targeting admin account takeover.
CVE-2026-0826 (CVSS 9.2): Unauthenticated RCE in HP Poly VoIP Phones
June 3, 2026
CVE-2026-0826 allows unauthenticated root-level RCE on HP Poly VVX and Trio VoIP phones via a crafted SIP INVITE request targeting
CISA Adds CVE-2024-21182 Oracle WebLogic to KEV; Feds Have 3 Days
June 3, 2026
CISA confirmed active exploitation of Oracle WebLogic CVE-2024-21182, giving federal agencies a June 4 deadline to patch the unauthenticated data-access
CVE-2026-49975 HTTP/2 Bomb Hits nginx, Apache, Envoy, and Cloudflare
June 3, 2026
CVE-2026-49975 HTTP/2 Bomb exploit achieves 5,700:1 amplification against Envoy, crashing 32 GB of server memory with a single residential connection.
Google Patches Android Zero-Day CVE-2025-48595 Under Active Exploit
June 2, 2026
Google confirmed CVE-2025-48595, a no-interaction privilege escalation flaw in Android 14–16, is under active targeted attack. Patches arrive June 5.
IBM WebSphere CVE-2026-8633: CVSS 9.8 No-Auth RCE Flaw Patched
June 2, 2026
CVE-2026-8633 is a CVSS 9.8 unauthenticated RCE in IBM WebSphere’s Web Server Plug-ins. Patches are available for WebSphere 8.5 and
NIST Inspector General: NVD Backlog Hits 27,000 CVEs
June 2, 2026
A NIST Inspector General report finds the NVD backlog has grown to over 27,000 unprocessed CVEs, degrading enterprise vulnerability management
NIST Inspector General: NVD Backlog Hits 27,000 CVEs
June 2, 2026
A NIST Inspector General report finds the NVD backlog has grown to over 27,000 unprocessed CVEs, degrading enterprise vulnerability management
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.