Threat Intel · Updated Hourly
Live cybersecurity intel, straight from the sources we trust.
Actively exploited vulnerabilities (CISA KEV), recently disclosed CVEs (NVD), and the cybersecurity newsroom — all in one place. We refresh on the hour so what you see is what's hitting the wire.
CISA Known Exploited Vulnerabilities
What's being actively exploited right now
Every CVE below is on CISA's KEV catalog — meaning attackers are using it in the wild, today. Filter to the categories your stack actually runs.
NVD · Recent Disclosures
Recently disclosed CVEs (last 7 days)
Newly published vulnerabilities from the National Vulnerability Database, ranked critical-first. Most of these aren't being exploited yet — but the patches need to be on your roadmap.
| CVE | CVSS | Severity | Published | Description |
|---|---|---|---|---|
| CVE-2026-11499 | 9.8 | CRITICAL | Jun 8, 2026 | A vulnerability was determined in Tenda HG7HG9 and HG10 300001138_en_xpon. This affects the function formDOMAINBLK of the file /boaform/formDOMAINBLK. Executing a manipulation of the argument blkDomain can lead to stack-based buffer overflow. The attack may be performed from remote. |
| CVE-2024-58349 | 9.8 | CRITICAL | Jun 8, 2026 | WordPress Theme Travelscape 1.0.3 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by exploiting insufficient validation in the theme's upload functionality. Attackers can upload arbitrary files to the theme directory and execute them to achieve remote code execution on the affected WordPress in… |
| CVE-2024-58348 | 9.8 | CRITICAL | Jun 8, 2026 | WordPress Background Image Cropper version 1.2 contains a remote code execution vulnerability that allows unauthenticated attackers to upload arbitrary files by accessing the ups.php endpoint. Attackers can upload PHP files through the file upload form in the plugin directory to execute arbitrary code on the server. |
| CVE-2023-54352 | 9.8 | CRITICAL | Jun 8, 2026 | WordPress Seotheme contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by uploading malicious files to the theme directory. Attackers can access the uploaded PHP shell at /wp-content/themes/seotheme/mar.php to execute system commands and upload additional files for persistent access. |
| CVE-2026-45779 | 9.8 | CRITICAL | Jun 5, 2026 | OpenXDMoD is an open framework for collecting and analyzing HPC metrics. An SQL injection vulnerability exists in Open XDMoD versions prior to 10.0.3 that allows an unauthenticated remote attacker to execute arbitrary SQL statements. Exploitation requires no authentication or user interaction and can result in complete compromise of the underlying database.… |
| CVE-2026-45777 | 9.8 | CRITICAL | Jun 5, 2026 | OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Starting in version 9.5.0 and prior to version 11.0.3, an attacker can remotely execute arbitrary system commands on the web server hosting Open XDMoD with the privileges of the web server process. This could allow an attacker to read or modify application data, alter system configurat… |
| CVE-2026-45758 | 9.6 | CRITICAL | Jun 5, 2026 | Guardrails AI is a Python framework that helps build AI applications. On May 11, 2026 at approximately 6:00 PM Pacific, an attacker published a malicious version of `guardrails-ai` (0.10.1) to PyPI. Aany user who installed `guardrails-ai==0.10.1` from PyPI on May 11, 2026 may be affected. Security researchers identified the malicious package within approxim… |
| CVE-2026-50751 | 9.3 | CRITICAL | Jun 8, 2026 | A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password. |
| CVE-2026-11517 | 8.8 | HIGH | Jun 8, 2026 | A vulnerability was determined in UTT HiPER 2610G up to 3.0.0-171107. This impacts the function strcpy of the file /goform/formConfigDnsFilterGlobal. Executing a manipulation of the argument GroupName can lead to buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. |
| CVE-2026-11504 | 8.8 | HIGH | Jun 8, 2026 | A vulnerability was detected in Tenda CX12L 16.03.53.12. The impacted element is the function setSchedWifi of the file /goform/openSchedWifi of the component Wi-Fi Schedule Configuration Endpoint. Performing a manipulation of the argument schedStartTime/schedEndTime results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is… |
| CVE-2026-11503 | 8.8 | HIGH | Jun 8, 2026 | A security vulnerability has been detected in Tenda CX12L 16.03.53.12. The affected element is the function form_fast_setting_wifi_set of the file /goform/fast_setting_wifi_set of the component Wi-Fi Configuration Endpoint. Such manipulation of the argument ssid leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been… |
| CVE-2026-11498 | 8.8 | HIGH | Jun 8, 2026 | A vulnerability was found in Tenda HG7HG9 and HG10 300001138_en_xpon. Affected by this issue is the function asp_voip_OtherSet of the file /boaform/voip_other_set of the component Web Management Interface. Performing a manipulation of the argument funckey_transfer results in stack-based buffer overflow. The attack is possible to be carried out remotely. |
| CVE-2026-11413 | 8.8 | HIGH | Jun 6, 2026 | A security vulnerability has been detected in JingDong JD Cloud Box AX6600 4.5.3.r4546. The impacted element is the function set_macfilter of the file /sbin/jdcweb_rpc. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early… |
| CVE-2026-7654 | 8.8 | HIGH | Jun 5, 2026 | The Admin Columns plugin for WordPress is vulnerable to PHP Object Injection leading to Remote Code Execution in versions up to and including 7.0.18. This is due to the use of `unserialize()` without an `allowed_classes` restriction in the `IdsToCollection::get_ids_from_string()` function, which processes attacker-controlled post meta values without proper… |
| CVE-2026-26422 | 8.4 | HIGH | Jun 6, 2026 | clash-verge-service-ipc before 2.3.0 has a world-reachable IPC endpoint, leading to local privilege escalation. |
| CVE-2026-11416 | 8.1 | HIGH | Jun 5, 2026 | MoviePilot contains a path traversal vulnerability in the AliPan, U115, and Rclone cloud storage download handlers where the local destination path is constructed by concatenating the configured download directory with a filename taken directly from remote cloud API metadata without basename normalization or path validation. An attacker who controls a filen… |
| CVE-2026-41724 | 8 | HIGH | Jun 8, 2026 | VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities.A malicious actor with privileges to create policies, views or text-widgets may be able to inject scripts to perform administrative actions in VMware Cloud Foundation Operations. |
| CVE-2026-41723 | 8 | HIGH | Jun 8, 2026 | VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities.A malicious actor with privileges to create policies, views or text-widgets may be able to inject scripts to perform administrative actions in VMware Cloud Foundation Operations. |
| CVE-2026-41722 | 8 | HIGH | Jun 8, 2026 | VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities.A malicious actor with privileges to create policies, views or text-widgets may be able to inject scripts to perform administrative actions in VMware Cloud Foundation Operations. |
| CVE-2026-11401 | 8 | HIGH | Jun 5, 2026 | An untrusted search path issue in the GlobalDatabasePlugin in the AWS Advanced Go Wrapper for Amazon Aurora PostgreSQL will allow a remote authenticated low-privilege actor to escalate privileges to those of another Amazon RDS user, including rds_superuser, via a crafted function created by the actor that runs when that user connects to the cluster through… |
| CVE-2026-11400 | 8 | HIGH | Jun 5, 2026 | An untrusted search path issue in the GlobalDatabasePlugin in the AWS Advanced JDBC Wrapper for Amazon Aurora PostgreSQL will allow a remote authenticated low-privilege actor to escalate privileges to those of another Amazon RDS user, including rds_superuser, via a crafted function created by the actor that runs when that user connects to the cluster throug… |
| CVE-2026-49235 | 7.5 | HIGH | Jun 8, 2026 | When Routinator encounters a file via RRDP using a specifically crafted Document Type Definition, Routinator crashes. |
| CVE-2026-49234 | 7.5 | HIGH | Jun 8, 2026 | When sending a specifically crafted non-UTF-8 string as select-asn query parameter to the /api/v1/origins endpoint, Routinator crashes. This only affects users who allow API access from untrusted networks. |
| CVE-2026-49233 | 7.5 | HIGH | Jun 8, 2026 | Routinator does not properly check the module component of rsync URIs, which are used to create the file system paths for the Routinator cache. This allows for path traversal by having a module name containing .., potentially providing an attacker access to the entire Routinator rsync cache. |
| CVE-2026-36789 | 7.5 | HIGH | Jun 8, 2026 | Shenzhen Tenda Technology Co., Ltd Tenda AC1206 v15.03.06.23 was discovered to contain multiple stack overflows in the fromGstDhcpSetSer function via the username and password parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. |
From the Cybersecurity Newsroom
What's making cyber headlines
Hand-picked feeds from Krebs on Security, The Hacker News, BleepingComputer, and SANS Internet Storm Center. Headlines link to the original source — full credit, no scraping.
Headlines and snippets © their respective publishers; links go directly to the original sources.
Why this matters for your business
Most of these attacks start with a person, not a firewall
Phishing, hostile Wi-Fi, an unpatched laptop in the wrong place — the techniques behind the headlines are the same ones that target every small and growing business today. OfficeGuardIT keeps the patches current, the EDR sharp, and your team trained to spot what slips through.
Worried about what you don't know?
A free OfficeGuardIT assessment finds the gaps before someone else does.
Book a 20-Min IT Risk Review