Threat Intel · Updated Hourly

Live cybersecurity intel, straight from the sources we trust.

Actively exploited vulnerabilities (CISA KEV), recently disclosed CVEs (NVD), and the cybersecurity newsroom — all in one place. We refresh on the hour so what you see is what's hitting the wire.

Feed catching up · last update 21 d ago

CISA Known Exploited Vulnerabilities

What's being actively exploited right now

Every CVE below is on CISA's KEV catalog — meaning attackers are using it in the wild, today. Filter to the categories your stack actually runs.

CVE-2026-11645 Actively exploited
Google Chromium V8 Out-of-Bounds Read and Write Vulnerability
Google Chromium V8 out-of-bounds read and write vulnerability that could allow a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utili…
Google · Chromium V8 Added Jun 9, 2026
browser smb essential
Read advisory at NVD →
CVE-2026-5281 Actively exploited
Google Dawn Use-After-Free Vulnerability
Google Dawn contains an use-after-free vulnerability that could allow a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. This vulnerability could affect multiple Chromium…
Google · Dawn Added Apr 1, 2026
browser smb essential
Read advisory at NVD →
CVE-2026-3909 Actively exploited
Google Skia Out-of-Bounds Write Vulnerability
Google Skia contains an out-of-bounds write vulnerability that could allow a remote attacker to perform out of bounds memory access via a crafted HTML page. This vulnerability affects Google Chrome and ChromeOS, Android, Flutter,…
Google · Skia Added Mar 13, 2026
browser smb essential
Read advisory at NVD →
CVE-2026-3910 Actively exploited
Google Chromium V8 Improper Restriction of Operations Within the Bounds of a Memory Buffer Vul…
Google Chromium V8 contains an improper restriction of operations within the bounds of a memory buffer vulnerability that could allow a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. This vuln…
Google · Chromium V8 Added Mar 13, 2026
browser smb essential
Read advisory at NVD →
CVE-2026-2441 Actively exploited
Google Chromium CSS Use-After-Free Vulnerability
Google Chromium CSS contains a use-after-free vulnerability that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chr…
Google · Chromium Added Feb 17, 2026
browser smb essential
Read advisory at NVD →
CVE-2025-43529 Actively exploited
Apple Multiple Products Use-After-Free WebKit Vulnerability
Apple iOS, iPadOS, macOS, and other Apple products contain a use-after-free vulnerability in WebKit. Processing maliciously crafted web content may lead to memory corruption. This vulnerability could impact HTML parsers that use …
Apple · Multiple Products Added Dec 15, 2025
browser endpoint mobile smb essential
Read advisory at NVD →
CVE-2025-14174 Actively exploited
Google Chromium Out of Bounds Memory Access Vulnerability
Google Chromium contains an out of bounds memory access vulnerability in ANGLE that could allow a remote attacker to perform out of bounds memory access via a crafted HTML page. This vulnerability could affect multiple web browse…
Google · Chromium Added Dec 12, 2025
browser smb essential
Read advisory at NVD →
CVE-2025-13223 Actively exploited
Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8 contains a type confusion vulnerability that allows for heap corruption.
Google · Chromium V8 Added Nov 19, 2025
browser smb essential
Read advisory at NVD →
CVE-2010-3765 Actively exploited
Mozilla Multiple Products Remote Code Execution Vulnerability
Mozilla Firefox, SeaMonkey, and Thunderbird contain an unspecified vulnerability when JavaScript is enabled. This allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, th…
Mozilla · Multiple Products Added Oct 6, 2025
browser smb essential
Read advisory at NVD →
CVE-2025-10585 Actively exploited
Google Chromium V8 Type Confusion Vulnerability
Google Chromium contains a type confusion vulnerability in the V8 JavaScript and WebAssembly engine.
Google · Chromium V8 Added Sep 23, 2025
browser smb essential
Read advisory at NVD →
CVE-2025-6558 Actively exploited
Google Chromium ANGLE and GPU Improper Input Validation Vulnerability
Google Chromium contains an improper input validation vulnerability in ANGLE and GPU. This vulnerability could allow a remote attacker to potentially perform a sandbox escape via a crafted HTML page. This vulnerability could affe…
Google · Chromium Added Jul 22, 2025
browser smb essential
Read advisory at NVD →
CVE-2025-6554 Actively exploited
Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8 contains a type confusion vulnerability that could allow a remote attacker to perform arbitrary read/write via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, i…
Google · Chromium V8 Added Jul 2, 2025
browser smb essential
Read advisory at NVD →

See the full KEV catalog (1,619 entries) →

NVD · Recent Disclosures

Recently disclosed CVEs (last 7 days)

Newly published vulnerabilities from the National Vulnerability Database, ranked critical-first. Most of these aren't being exploited yet — but the patches need to be on your roadmap.

CVE CVSS Severity Published Description
CVE-2026-11499 9.8 CRITICAL Jun 8, 2026 A vulnerability was determined in Tenda HG7HG9 and HG10 300001138_en_xpon. This affects the function formDOMAINBLK of the file /boaform/formDOMAINBLK. Executing a manipulation of the argument blkDomain can lead to stack-based buffer overflow. The attack may be performed from remote.
CVE-2024-58349 9.8 CRITICAL Jun 8, 2026 WordPress Theme Travelscape 1.0.3 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by exploiting insufficient validation in the theme's upload functionality. Attackers can upload arbitrary files to the theme directory and execute them to achieve remote code execution on the affected WordPress in…
CVE-2024-58348 9.8 CRITICAL Jun 8, 2026 WordPress Background Image Cropper version 1.2 contains a remote code execution vulnerability that allows unauthenticated attackers to upload arbitrary files by accessing the ups.php endpoint. Attackers can upload PHP files through the file upload form in the plugin directory to execute arbitrary code on the server.
CVE-2023-54352 9.8 CRITICAL Jun 8, 2026 WordPress Seotheme contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by uploading malicious files to the theme directory. Attackers can access the uploaded PHP shell at /wp-content/themes/seotheme/mar.php to execute system commands and upload additional files for persistent access.
CVE-2026-45779 9.8 CRITICAL Jun 5, 2026 OpenXDMoD is an open framework for collecting and analyzing HPC metrics. An SQL injection vulnerability exists in Open XDMoD versions prior to 10.0.3 that allows an unauthenticated remote attacker to execute arbitrary SQL statements. Exploitation requires no authentication or user interaction and can result in complete compromise of the underlying database.…
CVE-2026-45777 9.8 CRITICAL Jun 5, 2026 OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Starting in version 9.5.0 and prior to version 11.0.3, an attacker can remotely execute arbitrary system commands on the web server hosting Open XDMoD with the privileges of the web server process. This could allow an attacker to read or modify application data, alter system configurat…
CVE-2026-45758 9.6 CRITICAL Jun 5, 2026 Guardrails AI is a Python framework that helps build AI applications. On May 11, 2026 at approximately 6:00 PM Pacific, an attacker published a malicious version of `guardrails-ai` (0.10.1) to PyPI. Aany user who installed `guardrails-ai==0.10.1` from PyPI on May 11, 2026 may be affected. Security researchers identified the malicious package within approxim…
CVE-2026-50751 9.3 CRITICAL Jun 8, 2026 A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password.
CVE-2026-11517 8.8 HIGH Jun 8, 2026 A vulnerability was determined in UTT HiPER 2610G up to 3.0.0-171107. This impacts the function strcpy of the file /goform/formConfigDnsFilterGlobal. Executing a manipulation of the argument GroupName can lead to buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.
CVE-2026-11504 8.8 HIGH Jun 8, 2026 A vulnerability was detected in Tenda CX12L 16.03.53.12. The impacted element is the function setSchedWifi of the file /goform/openSchedWifi of the component Wi-Fi Schedule Configuration Endpoint. Performing a manipulation of the argument schedStartTime/schedEndTime results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is…
CVE-2026-11503 8.8 HIGH Jun 8, 2026 A security vulnerability has been detected in Tenda CX12L 16.03.53.12. The affected element is the function form_fast_setting_wifi_set of the file /goform/fast_setting_wifi_set of the component Wi-Fi Configuration Endpoint. Such manipulation of the argument ssid leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been…
CVE-2026-11498 8.8 HIGH Jun 8, 2026 A vulnerability was found in Tenda HG7HG9 and HG10 300001138_en_xpon. Affected by this issue is the function asp_voip_OtherSet of the file /boaform/voip_other_set of the component Web Management Interface. Performing a manipulation of the argument funckey_transfer results in stack-based buffer overflow. The attack is possible to be carried out remotely.
CVE-2026-11413 8.8 HIGH Jun 6, 2026 A security vulnerability has been detected in JingDong JD Cloud Box AX6600 4.5.3.r4546. The impacted element is the function set_macfilter of the file /sbin/jdcweb_rpc. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early…
CVE-2026-7654 8.8 HIGH Jun 5, 2026 The Admin Columns plugin for WordPress is vulnerable to PHP Object Injection leading to Remote Code Execution in versions up to and including 7.0.18. This is due to the use of `unserialize()` without an `allowed_classes` restriction in the `IdsToCollection::get_ids_from_string()` function, which processes attacker-controlled post meta values without proper…
CVE-2026-26422 8.4 HIGH Jun 6, 2026 clash-verge-service-ipc before 2.3.0 has a world-reachable IPC endpoint, leading to local privilege escalation.
CVE-2026-11416 8.1 HIGH Jun 5, 2026 MoviePilot contains a path traversal vulnerability in the AliPan, U115, and Rclone cloud storage download handlers where the local destination path is constructed by concatenating the configured download directory with a filename taken directly from remote cloud API metadata without basename normalization or path validation. An attacker who controls a filen…
CVE-2026-41724 8 HIGH Jun 8, 2026 VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities.A malicious actor with privileges to create policies, views or text-widgets may be able to inject scripts to perform administrative actions in VMware Cloud Foundation Operations.
CVE-2026-41723 8 HIGH Jun 8, 2026 VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities.A malicious actor with privileges to create policies, views or text-widgets may be able to inject scripts to perform administrative actions in VMware Cloud Foundation Operations.
CVE-2026-41722 8 HIGH Jun 8, 2026 VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities.A malicious actor with privileges to create policies, views or text-widgets may be able to inject scripts to perform administrative actions in VMware Cloud Foundation Operations.
CVE-2026-11401 8 HIGH Jun 5, 2026 An untrusted search path issue in the GlobalDatabasePlugin in the AWS Advanced Go Wrapper for Amazon Aurora PostgreSQL will allow a remote authenticated low-privilege actor to escalate privileges to those of another Amazon RDS user, including rds_superuser, via a crafted function created by the actor that runs when that user connects to the cluster through…
CVE-2026-11400 8 HIGH Jun 5, 2026 An untrusted search path issue in the GlobalDatabasePlugin in the AWS Advanced JDBC Wrapper for Amazon Aurora PostgreSQL will allow a remote authenticated low-privilege actor to escalate privileges to those of another Amazon RDS user, including rds_superuser, via a crafted function created by the actor that runs when that user connects to the cluster throug…
CVE-2026-49235 7.5 HIGH Jun 8, 2026 When Routinator encounters a file via RRDP using a specifically crafted Document Type Definition, Routinator crashes.
CVE-2026-49234 7.5 HIGH Jun 8, 2026 When sending a specifically crafted non-UTF-8 string as select-asn query parameter to the /api/v1/origins endpoint, Routinator crashes. This only affects users who allow API access from untrusted networks.
CVE-2026-49233 7.5 HIGH Jun 8, 2026 Routinator does not properly check the module component of rsync URIs, which are used to create the file system paths for the Routinator cache. This allows for path traversal by having a module name containing .., potentially providing an attacker access to the entire Routinator rsync cache.
CVE-2026-36789 7.5 HIGH Jun 8, 2026 Shenzhen Tenda Technology Co., Ltd Tenda AC1206 v15.03.06.23 was discovered to contain multiple stack overflows in the fromGstDhcpSetSer function via the username and password parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request.

From the Cybersecurity Newsroom

What's making cyber headlines

Hand-picked feeds from Krebs on Security, The Hacker News, BleepingComputer, and SANS Internet Storm Center. Headlines link to the original source — full credit, no scraping.

BleepingComputer
Maine disables data breach notification portal after fake disclosures
Maine has taken its public data breach reporting portal offline after fraudulent breach disclosures were published on the state's website, prompting a review of procedures to prevent abuse in the future. [...]
Jun 12, 2026
Read at source →
The Hacker News
400+ Arch Linux AUR Packages Hijacked to Install Rust Credential Stealer
Attackers took over more than 400 packages in the Arch User Repository (AUR) this week and rewrote their build scripts to install a credential stealer on any machine that built them. The malware is a Rust binary built to harvest developer secrets. When it lands with root, it can…
Jun 12, 2026
Read at source →
The Hacker News
Google Sues Chinese Smishing Network Accused of Using Gemini AI in Phishing
Google on Friday said it's pursuing legal action against a Chinese cybercrime network, accusing it of using its Gemini artificial intelligence (AI) agent to send phishing text messages targeting Americans. The network is said to be behind the development and management of a phis…
Jun 12, 2026
Read at source →
BleepingComputer
phpBB forum fixes auth bypass bug lurking for a decade
A 10-year-old authentication bypass vulnerability discovered in the phpBB forum software allows an attacker to log in as any user, including administrators. [...]
Jun 12, 2026
Read at source →
The Hacker News
China-Linked Hackers Backdoored Linux Login Software to Hide for Nearly a Decade
Instead of hiding on the laptops and servers defenders watch most closely, a China-nexus group spent close to a decade hidden inside the Linux login system itself. Sygnia, which tracks the group as Velvet Ant, says it backdoored the PAM and OpenSSH components that decide who is…
Jun 12, 2026
Read at source →
BleepingComputer
Ukrainian national pleads guilty to role in Conti ransomware operation
A Ukrainian national extradited from Ireland to the United States last year has pleaded guilty to conspiracy charges tied to the Conti ransomware operation. [...]
Jun 12, 2026
Read at source →
BleepingComputer
Over 400 Arch Linux packages compromised to push rootkit, infostealer
More than 400 packages in the Arch User Repository (AUR) are distributing a Linux rootkit and infostealer malware targeting credentials and access tokens. [...]
Jun 12, 2026
Read at source →
BleepingComputer
Early Warning Signs of Supply-Chain Attacks Live in the Dark Web
GitHub access sales, leaked repositories, and stolen API keys can all become supply-chain attack footholds. Flare explores how underground forums expose early signals tied to software supply-chain risk. [...]
Jun 12, 2026
Read at source →
SANS Internet Storm Center
ISC Stormcast For Friday, June 12th, 2026 https://isc.sans.edu/podcastdetail/9970, (Fri, Jun 12th)
Jun 12, 2026
Read at source →
The Hacker News
Agentjacking Attack Tricks AI Coding Agents Into Running Malicious Code
Cybersecurity researchers have described what they say is a new class of attack that can trick artificial intelligence (AI) coding agents into running arbitrary code on developer machines. Called Agentjacking by Tenet Security, the attack can be triggered by means of a fake erro…
Jun 12, 2026
Read at source →
The Hacker News
Rethinking MDR as Attackers and Defenders Embrace AI
For most of the past decade, managed detection and response was the answer to a real problem. Security teams couldn't staff around the clock, couldn't hire enough analysts, and needed someone else to handle the alert queue. MDR stepped in. It worked well enough. Until now. The t…
Jun 12, 2026
Read at source →
SANS Internet Storm Center
ISC Stormcast For Thursday, June 11th, 2026 https://isc.sans.edu/podcastdetail/9968, (Thu, Jun 11th)
Jun 11, 2026
Read at source →

Headlines and snippets © their respective publishers; links go directly to the original sources.

Why this matters for your business

Most of these attacks start with a person, not a firewall

Phishing, hostile Wi-Fi, an unpatched laptop in the wrong place — the techniques behind the headlines are the same ones that target every small and growing business today. OfficeGuardIT keeps the patches current, the EDR sharp, and your team trained to spot what slips through.

Worried about what you don't know?

A free OfficeGuardIT assessment finds the gaps before someone else does.

Book a 20-Min IT Risk Review