IBM WebSphere CVE-2026-8633: CVSS 9.8 No-Auth RCE Flaw Patched
June 2, 2026
CVE-2026-8633 is a CVSS 9.8 unauthenticated RCE in IBM WebSphere’s Web Server Plug-ins. Patches are available for WebSphere 8.5 and
CVE Vulnerability Alerts
IBM WebSphere CVE-2026-8633: CVSS 9.8 No-Auth RCE Flaw Patched
CVE-2026-8633 is a CVSS 9.8 unauthenticated RCE in IBM WebSphere's Web Server Plug-ins. Patches are available for WebSphere 8.5 and 9.0 and Liberty builds.
Google Patches Android Zero-Day CVE-2025-48595 Under Active Exploit
Google confirmed CVE-2025-48595, a no-interaction privilege escalation flaw in Android 14–16, is under active targeted attack. Patches arrive June 5.
CVE-2026-41089 Exploited: Windows Netlogon RCE Under Active Attack
Belgium's CCB confirmed active exploitation of CVE-2026-41089, a CVSS 9.8 unauthenticated Windows Netlogon RCE affecting all supported Windows Server versions.
PAN-OS CVE-2026-0257 Exploited Just 4 Days After Public Disclosure
CVE-2026-0257, a PAN-OS GlobalProtect authentication bypass, saw active exploitation begin just four days after public disclosure, with attacks ongoing for weeks.
CIFSwitch Linux Kernel Flaw Gets Public PoC, Root Access Possible
CIFSwitch is a 19-year-old Linux kernel privilege escalation flaw with a public PoC that enables root access on Ubuntu, RHEL, Debian, and other distributions.
Public Exploit Raises Flowise CVE-2026-40933 RCE to Immediate Risk
Public exploit code for CVE-2026-40933 now targets Flowise, a self-hosted AI chatflow builder, via a one-click malicious import that executes arbitrary code on the server.
Gogs CVSS 9.4 RCE Zero-Day Has No Patch and a Metasploit Module
A CVSS 9.4 argument injection zero-day in Gogs lets any authenticated user achieve RCE on internet-exposed servers. No patch exists and Rapid7 has released a ...
Public Exploit Raises Flowise CVE-2026-40933 RCE to Immediate Risk
Public exploit code for CVE-2026-40933 now targets Flowise, a self-hosted AI chatflow builder, via a one-click malicious import that executes arbitrary code on the server.
Gogs CVSS 9.4 RCE Zero-Day Has No Patch and a Metasploit Module
A CVSS 9.4 argument injection zero-day in Gogs lets any authenticated user achieve RCE on internet-exposed servers. No patch exists and Rapid7 has released a ...
Ghost CMS CVE-2026-26980 Exploited in ClickFix Campaign
Attackers exploited CVE-2026-26980 in Ghost CMS to compromise 700+ domains including Harvard and Oxford, turning them into ClickFix malware distribution points.
Google Patches Android Zero-Day CVE-2025-48595 Under Active Exploit
June 2, 2026
Google confirmed CVE-2025-48595, a no-interaction privilege escalation flaw in Android 14–16, is under active targeted attack. Patches arrive June 5.
CVE-2026-41089 Exploited: Windows Netlogon RCE Under Active Attack
June 1, 2026
Belgium’s CCB confirmed active exploitation of CVE-2026-41089, a CVSS 9.8 unauthenticated Windows Netlogon RCE affecting all supported Windows Server versions.
PAN-OS CVE-2026-0257 Exploited Just 4 Days After Public Disclosure
June 1, 2026
CVE-2026-0257, a PAN-OS GlobalProtect authentication bypass, saw active exploitation begin just four days after public disclosure, with attacks ongoing for
CIFSwitch Linux Kernel Flaw Gets Public PoC, Root Access Possible
June 1, 2026
CIFSwitch is a 19-year-old Linux kernel privilege escalation flaw with a public PoC that enables root access on Ubuntu, RHEL,
Public Exploit Raises Flowise CVE-2026-40933 RCE to Immediate Risk
June 1, 2026
Public exploit code for CVE-2026-40933 now targets Flowise, a self-hosted AI chatflow builder, via a one-click malicious import that executes
Gogs CVSS 9.4 RCE Zero-Day Has No Patch and a Metasploit Module
June 1, 2026
A CVSS 9.4 argument injection zero-day in Gogs lets any authenticated user achieve RCE on internet-exposed servers. No patch exists
Public Exploit Raises Flowise CVE-2026-40933 RCE to Immediate Risk
June 1, 2026
Public exploit code for CVE-2026-40933 now targets Flowise, a self-hosted AI chatflow builder, via a one-click malicious import that executes
Gogs CVSS 9.4 RCE Zero-Day Has No Patch and a Metasploit Module
June 1, 2026
A CVSS 9.4 argument injection zero-day in Gogs lets any authenticated user achieve RCE on internet-exposed servers. No patch exists
Ghost CMS CVE-2026-26980 Exploited in ClickFix Campaign
May 25, 2026
Attackers exploited CVE-2026-26980 in Ghost CMS to compromise 700+ domains including Harvard and Oxford, turning them into ClickFix malware distribution
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.