New Vulnerability
04 July 2026
New Remote Code Execution Vulnerabilities Affecting Windows, Linux, and AI Tools
Security researchers have reported new vulnerabilities that could allow attackers to remotely take control of systems running common Windows and Linux software, as well as some AI tools. These weaknesses could let hackers run malicious code on affected devices, posing a serious risk to small organisations if not addressed promptly.
Read brief
New Vulnerability
03 July 2026
Urgent: Microsoft SharePoint Security Flaw Being Actively Exploited
A serious security weakness in Microsoft SharePoint has been found and is currently being exploited by attackers. This could allow hackers to take control of affected systems remotely, posing a risk to organisations using this software.
Read brief
New Vulnerability
03 July 2026
CVE-2025-5777
Critical Security Flaw Found in Common VPN and Remote Access Tools
A serious security weakness has been found in certain Citrix NetScaler configurations used for VPN and remote access. This flaw could allow attackers to access sensitive information or disrupt services, making it important for organisations using these tools to check their systems and apply fixes.
Read brief
New Vulnerability
02 July 2026
CVE-2026-50549
Critical Security Flaw in AI Code Editor Could Let Hackers Run Dangerous Commands
A serious security weakness has been found in an AI-powered code editor called Cursor. This flaw could allow attackers to run harmful commands on your computer without your permission, potentially leading to data loss or system damage. The issue is fixed in the latest version 3.0.
Read brief
New Vulnerability
02 July 2026
CVE-2026-50548
Critical Security Flaw in AI Code Editor Could Let Hackers Run Dangerous Commands
A serious security weakness has been found in an AI-powered code editor called Cursor. This flaw could allow attackers to run harmful commands on your computer without your permission, potentially causing damage or stealing information. The issue has been fixed in the latest version, so updating is important.
Read brief
New Vulnerability
01 July 2026
CVE-2026-33017
Critical Security Flaw in Langflow AI Tool Allows Remote Code Execution
A serious security flaw has been found in Langflow, a tool used to build AI-powered workflows. This flaw lets attackers run harmful code on systems using vulnerable versions, potentially leading to data theft or system misuse. Small organisations using Langflow should act quickly to protect themselves.
Read brief
New Vulnerability
01 July 2026
CVE-2026-33825
Microsoft Defender Vulnerability Used in Ransomware Attacks
A serious security flaw has been found in Microsoft Defender that allows attackers with some access to your computer to gain higher control. This vulnerability is actively being exploited in ransomware attacks, making it important for small organisations using Microsoft products to take action.
Read brief
New Vulnerability
30 June 2026
CVE-2026-48558
Critical Security Flaw in SimpleHelp Remote Support Software
A serious security weakness has been found in SimpleHelp software that could let attackers gain full access without logging in properly. This flaw is actively being exploited, so it is important for organisations using SimpleHelp to act quickly to protect themselves.
Read brief
New Vulnerability
30 June 2026
CVE-2026-46817
Critical Oracle Payments Flaw Being Actively Exploited
A serious security flaw has been found in Oracle Payments, part of Oracle E-Business Suite, which hackers are actively exploiting. This vulnerability allows attackers to take full control of the payment system without needing to log in, posing a major risk to organisations using affected versions.
Read brief
New Vulnerability
30 June 2026
CVE-2026-8037
Critical Security Flaw in Progress Kemp LoadMaster Could Let Hackers Take Control
A serious security weakness has been found in Progress Kemp LoadMaster devices that manage internet traffic for businesses. This flaw could allow attackers to run harmful commands without needing to log in, potentially taking full control of the device. Small organisations using these devices should act quickly to protect themselves.
Read brief
New Vulnerability
29 June 2026
CVE-2026-55200
Critical Security Flaw Found in Common SSH Software
A serious security weakness has been found in libssh2, a widely used software library that helps computers securely connect over the internet. This flaw could allow attackers to take control of affected systems remotely. Small organisations using software that relies on libssh2 should act quickly to reduce risk.
Read brief
New Vulnerability
28 June 2026
CVE-2026-43503
Linux Kernel Vulnerability Could Let Local Users Gain Full Control
A serious security flaw has been found and fixed in the Linux kernel that could allow someone with local access to a system to gain full control by exploiting how network data packets are handled. This matters because many small businesses and organisations use Linux-based systems, and if left unpatched, this vulnerability could let attackers escalate their privileges to the highest level.
Read brief
New Vulnerability
28 June 2026
CVE-2026-12957
Security Flaw in AWS Language Servers Could Let Malicious Code Run
A security weakness has been found in AWS Language Servers that could allow harmful code to run automatically if a user opens a risky project workspace and trusts it. This matters because it could let attackers take control of systems if the vulnerable software is used.
Read brief
New Vulnerability
27 June 2026
CVE-2025-29927
Critical Security Flaw in Next.js Web Applications Could Let Hackers Bypass Access Controls
A serious security weakness has been found in certain versions of Next.js, a popular tool used to build websites and web applications. This flaw could allow unauthorised users to bypass security checks and access parts of a website they shouldn’t. It is important for organisations using Next.js to update their software or take protective steps to avoid potential cyberattacks.
Read brief
New Vulnerability
27 June 2026
CVE-2026-45087
Critical Security Flaw in Dalfox Tool Could Let Attackers Run Commands
A serious security weakness has been found in Dalfox, a tool used for scanning websites for certain types of attacks. This flaw could let unauthorised people run harmful commands on the computer running Dalfox if it is set up in a specific way. This matters because it could lead to data loss or system damage if exploited.
Read brief
New Vulnerability
27 June 2026
CVE-2025-25205
Security Flaw in Audiobookshelf Could Expose Your Data or Crash Your Server
A serious security weakness has been found in Audiobookshelf, a popular self-hosted audiobook and podcast server. This flaw could let attackers bypass login controls to access protected information or cause the server to crash. A fix is available in the latest software update.
Read brief
New Vulnerability
26 June 2026
CVE-2026-12569
Critical Security Flaw Found in PTC Windchill and FlexPLM Software
A serious security weakness has been discovered in PTC Windchill and FlexPLM software that could allow attackers to run harmful code remotely. This vulnerability is actively being exploited, making it important for organisations using these products to act quickly.
Read brief
New Vulnerability
25 June 2026
CVE-2026-34908
Critical Security Flaw in Ubiquiti UniFi OS Could Let Attackers Change Your System
A serious security weakness has been found in Ubiquiti UniFi OS devices that could allow someone on your network to make unauthorised changes. This vulnerability is already being actively exploited, so it’s important to act quickly to protect your business.
Read brief
New Vulnerability
24 June 2026
CVE-2025-67038
Urgent Security Issue in Lantronix EDS5000 Devices
A serious security flaw has been found in Lantronix EDS5000 devices that is already being exploited by attackers. This vulnerability allows malicious code to be injected, potentially giving attackers control over the device. Small businesses using these devices should act quickly to reduce risk.
Read brief
New Vulnerability
24 June 2026
CVE-2026-34910
Security Flaw Found in Ubiquiti UniFi OS Could Allow Attacks
A security weakness in Ubiquiti's UniFi OS has been identified and is actively being exploited by attackers. This means devices running this software could be at risk if not properly protected. Small businesses using UniFi OS should take action to reduce the risk of compromise.
Read brief
New Vulnerability
24 June 2026
CVE-2026-34909
Security Flaw Found in Ubiquiti UniFi OS Could Let Hackers Access Your Network
A serious security weakness has been found in Ubiquiti's UniFi OS software that is actively being exploited by attackers. This flaw could allow unauthorised users to access sensitive parts of your network, posing a risk to businesses using this common networking system.
Read brief
New Vulnerability
22 June 2026
CVE-2026-4020
Serious Data Leak Risk in Popular WordPress Email Plugin
A security flaw in the Gravity SMTP plugin for WordPress lets anyone on the internet access detailed system information, including sensitive data like API keys. This could help hackers break into your website and systems.
Read brief
New Vulnerability
21 June 2026
CVE-2026-46333
Important Linux Kernel Security Fix for Memory Access Control
A high-severity security issue has been fixed in the Linux kernel related to how certain system tasks manage memory access permissions. This matters because it could potentially allow unauthorised access to sensitive system information if exploited.
Read brief
New Vulnerability
21 June 2026
CVE-2026-34414
Remote Code Risk in Common AI Plugin for Windows and Linux
A security weakness has been found in a popular AI-related plugin used on Windows and Linux systems. This flaw could let attackers run harmful commands remotely, potentially taking control of affected computers. Small businesses using this technology should be aware and take steps to protect themselves.
Read brief
New Vulnerability
21 June 2026
CVE-2026-41459
Remote Code Execution Vulnerability in Common AI Plugin Could Affect Your Systems
A new security flaw has been reported in a widely used AI plugin that runs on Windows and Linux systems. This flaw could allow attackers to run harmful software remotely, potentially taking control of affected computers. Small businesses using this technology should be aware and take steps to protect themselves.
Read brief
New Vulnerability
20 June 2026
CVE-2026-34415
Critical Security Flaw in Xerte Online Toolkits Could Let Hackers Take Control
A serious security weakness has been found in Xerte Online Toolkits, a tool used to create online learning content. This flaw could allow attackers to run harmful commands on the server without needing to log in, potentially leading to data loss or service disruption.
Read brief
New Vulnerability
20 June 2026
CVE-2026-41679
Critical Security Flaw in Paperclip AI Software Allows Remote Attacks
A serious security weakness has been found in Paperclip, a popular AI software used to help run businesses. This flaw lets attackers take full control of the software remotely without needing passwords or user actions. If your organisation uses Paperclip, this could put your data and systems at risk.
Read brief
New Vulnerability
20 June 2026
CVE-2026-34413
Serious Security Flaw in Xerte Online Toolkits Could Let Hackers Access Your Files
A high-risk security issue has been found in Xerte Online Toolkits, a tool used to create online learning content. This flaw could let attackers access and change files without needing to log in, potentially leading to serious damage like deleting or altering important files.
Read brief
New Vulnerability
19 June 2026
CVE-2026-20253
Urgent Security Issue Found in Splunk Enterprise Software
A serious security flaw has been found and actively exploited in Splunk Enterprise, a software used for managing and analysing data. This flaw allows attackers to access critical functions without proper authentication, potentially leading to remote control of the system. Small organisations using this software need to act quickly to reduce risk.
Read brief
New Vulnerability
19 June 2026
CVE-2026-42530
Critical Security Flaw Found in NGINX Web Server Software
A serious security weakness has been found in the popular NGINX web server software that could allow hackers to take control of affected systems remotely. This matters because many small businesses use NGINX to run their websites or online services, and if exploited, it could lead to data loss or service disruption.
Read brief
New Vulnerability
18 June 2026
CVE-2026-50656
Microsoft Defender Zero-Day Vulnerability Could Let Hackers Gain Control
A new security flaw called a zero-day has been found in Microsoft Defender, a common security tool. This flaw could allow hackers to gain higher access rights on affected computers. Microsoft is working on a fix, but until then, small organisations should be aware and take precautions.
Read brief
New Vulnerability
18 June 2026
Urgent Patch Needed for Joomla Plugin Vulnerability Actively Exploited
A serious security flaw in a popular Joomla plugin is being actively exploited by attackers. The US Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch it immediately, highlighting the urgency. Small businesses using Joomla plugins should act quickly to protect their websites.
Read brief
New Vulnerability
18 June 2026
New Remote Code Execution Risk in Common Office and AI Tools
A new security weakness has been reported that could allow attackers to run harmful software remotely through popular office and AI-related tools. This matters because it could let cybercriminals take control of affected systems, potentially leading to data loss or disruption.
Read brief
New Vulnerability
17 June 2026
CVE-2026-48907
Critical Joomla Editor Flaw Could Let Hackers Run Malicious Code
A serious security flaw has been found in the Joomla Content Editor (JCE) that lets unauthorised users create new editor profiles and upload harmful code. This vulnerability is actively being exploited, meaning attackers are using it now to compromise websites. Small organisations using this editor should act quickly to protect their sites.
Read brief
New Vulnerability
17 June 2026
CVE-2026-39808
Critical Security Flaw Found in Fortinet FortiSandbox Software
A serious security weakness has been found in certain versions of Fortinet FortiSandbox software that could let attackers run harmful commands on affected systems. This matters because FortiSandbox is used to protect networks, and if compromised, it could lead to unauthorised access or damage.
Read brief
New Vulnerability
17 June 2026
CVE-2026-39813
Critical Security Flaw Found in Fortinet FortiSandbox Software
A serious security weakness has been found in certain versions of Fortinet FortiSandbox, a tool used to detect cyber threats. This flaw could let attackers gain higher access rights, potentially compromising your network. It is important for organisations using this software to check and update promptly.
Read brief
New Vulnerability
16 June 2026
CVE-2026-54420
Urgent: Security Flaw in LiteSpeed cPanel Plugin Could Let Hackers Take Control
A serious security flaw has been found in the LiteSpeed cPanel plugin used on some shared hosting servers. This flaw has already been exploited by attackers to gain higher access rights, potentially allowing them to control websites or servers. Small businesses using shared hosting with this plugin should act quickly to reduce risk.
Read brief
New Vulnerability
16 June 2026
CVE-2026-20262
Important Security Update for Cisco Catalyst SD-WAN Manager
A security weakness has been found in Cisco Catalyst SD-WAN Manager that could let an attacker with some access create or change files on the system. This flaw is actively being exploited, so it’s important for organisations using this software to act quickly to reduce risk.
Read brief
New Vulnerability
16 June 2026
CVE-2026-25089
Critical Security Flaw Found in Fortinet FortiSandbox Software
A serious security weakness has been found in several versions of Fortinet's FortiSandbox software. This flaw could let attackers run harmful commands on affected systems without needing to log in, potentially leading to data loss or system damage. Small businesses using this software should take immediate steps to protect themselves.
Read brief
New Vulnerability
14 June 2026
CVE-2013-3821
Critical Oracle PeopleSoft Vulnerability Could Expose Your Business Data
A serious security weakness has been found in Oracle PeopleSoft software that could allow attackers to access sensitive information or disrupt services. This vulnerability is actively being exploited, so it is important for organisations using this software to take action promptly.
Read brief
New Vulnerability
14 June 2026
CVE-2017-3548
Security Flaw in Oracle PeopleSoft Could Let Attackers Access Data and Disrupt Service
A security weakness has been found in Oracle PeopleSoft software that could allow attackers to read some data without permission and cause partial service interruptions. This matters because PeopleSoft is used by many organisations to manage business processes, and the flaw can be exploited remotely without needing to log in.
Read brief
New Vulnerability
14 June 2026
Critical Security Flaw in LangGraph AI Software Could Let Hackers Take Control
A serious security weakness has been found in LangGraph, a tool used to run AI agents on your own servers. This flaw could allow hackers to run harmful commands remotely, potentially taking over your system. This matters because some small businesses and organisations may use this AI software to automate tasks, and if not protected, they could be at risk.
Read brief
New Vulnerability
13 June 2026
CVE-2023-38035
Critical Security Flaw in Ivanti MobileIron Sentry Could Let Attackers Bypass Admin Login
A serious security weakness has been found in Ivanti MobileIron Sentry's admin portal that could allow hackers to get past login controls. This matters because it could let attackers take control of important management tools, potentially harming your organisation's IT systems.
Read brief
New Vulnerability
13 June 2026
CVE-2020-15505
Critical Security Flaw Found in Ivanti MobileIron Software
A serious security weakness has been found in certain versions of Ivanti MobileIron software that could let attackers take control of affected systems remotely. This matters because it could allow unauthorised access to your business devices or data if the software is in use.
Read brief
New Vulnerability
13 June 2026
CVE-2026-10523
Critical Security Flaw in Ivanti Sentry Could Let Attackers Take Over Your System
A serious security weakness has been found in Ivanti Sentry software that could allow attackers to bypass login controls and create admin accounts without permission. This means someone could gain full control over the system remotely, which is a critical risk for any organisation using this software.
Read brief
New Vulnerability
12 June 2026
CVE-2026-10520
Critical Security Flaw in Ivanti Sentry Software Needs Immediate Attention
A serious security weakness has been found in Ivanti Sentry software that could allow hackers to take full control of affected systems remotely without needing to log in. This vulnerability is actively being exploited, making it urgent for organisations using this software to act quickly.
Read brief
New Vulnerability
12 June 2026
CVE-2026-35273
Critical Oracle PeopleSoft Vulnerability Could Allow Remote Takeover
A critical security flaw has been found in Oracle PeopleSoft software that allows attackers to take full control without needing a password. This vulnerability is actively being exploited, including in attacks targeting universities. Small organisations using affected versions should act quickly to reduce risk.
Read brief
New Vulnerability
12 June 2026
CVE-2026-10879
Critical Security Flaw Found in Popular Perl Database Software
A serious security flaw has been found in a Perl software component used for handling database queries. This flaw could allow attackers to run harmful code remotely, potentially compromising systems that use this software. Immediate attention is recommended to prevent possible attacks.
Read brief
New Vulnerability
11 June 2026
CVE-2026-5027
Serious File Security Flaw in Popular AI Development Platform
A high-risk security flaw has been found in the AI development platform Langflow that could let attackers place harmful files anywhere on a system. This could allow unauthorised control of affected computers, posing a serious risk to organisations using this software.
Read brief
New Vulnerability
11 June 2026
CVE-2026-42911
Important Windows Security Update: Fix for Privilege Escalation Vulnerability
A serious security flaw has been found in a part of Windows that handles network functions. This flaw could let someone with access to a computer gain higher control than they should have. It is important for small organisations using Windows to address this quickly to keep their systems secure.
Read brief
New Vulnerability
11 June 2026
CVE-2026-47652
Important Windows Hyper-V Security Update Needed
A serious security flaw has been found in Windows Hyper-V that could let attackers run harmful code on your computer without permission. This matters because many small businesses use Windows systems, and if not fixed, this vulnerability could lead to data loss or disruption.
Read brief
New Vulnerability
10 June 2026
CVE-2026-11645
Urgent: Google Chrome Vulnerability Allows Remote Code Execution
A serious security flaw has been found in Google Chrome's core technology, Chromium V8, which could let attackers run harmful code on your computer by tricking you into visiting a malicious web page. This vulnerability is actively being exploited, so it is important for small organisations using Chrome to act quickly.
Read brief
New Vulnerability
10 June 2026
CVE-2026-7473
Arista Network Switch Vulnerability Could Let Attackers Misuse Tunnel Traffic
A security flaw has been found in Arista network switches that handle certain types of tunnelled data traffic. This flaw can cause the switch to incorrectly process unexpected tunnel traffic, potentially allowing attackers to misuse the network. This issue is already being actively exploited, so it is important to check if your equipment is affected and take action.
Read brief
New Vulnerability
10 June 2026
CVE-2025-10263
Critical Security Flaw Found in Common Processor Chips
A serious security weakness has been found in many popular processor chips used in devices running Microsoft Windows and related software. This flaw could let attackers gain higher control over affected systems, making it important for small organisations to act quickly.
Read brief
New Vulnerability
09 June 2026
CVE-2026-42271
Critical Security Flaw in BerriAI LiteLLM Could Let Attackers Run Dangerous Commands
A serious security weakness has been found in BerriAI's LiteLLM software that could allow attackers to run harmful commands on the system. This flaw is actively being exploited, meaning attackers are already using it to cause damage. Small organisations using this software should act quickly to protect themselves.
Read brief
New Vulnerability
09 June 2026
CVE-2024-24919
Critical Security Flaw in Check Point VPN Could Expose Your Network
A serious security weakness has been found in Check Point Security Gateways used for VPN and remote access. This flaw could let attackers access sensitive information if your system is connected to the internet with certain remote access features enabled. A fix is available and should be applied promptly.
Read brief
New Vulnerability
09 June 2026
CVE-2026-50752
High Risk VPN Certificate Flaw Could Let Attackers Spy on Your Business Traffic
A serious weakness has been found in an older VPN technology that some businesses still use to connect multiple sites securely. This flaw could let attackers intercept or change your business communications if exploited.
Read brief
New Vulnerability
08 June 2026
CVE-2026-50751
Critical VPN Security Flaw Allows Password Bypass in Some Remote Access Setups
A serious security weakness has been found in certain remote access VPN systems that use an older method called IKEv1. This flaw lets attackers connect to your VPN without needing a valid password, potentially giving them access to your business network.
Read brief
New Vulnerability
08 June 2026
Critical VPN Security Flaw Linked to Ransomware Attacks
A serious security flaw in VPN software used for remote access has been linked to attacks by the Qilin ransomware gang. This zero-day vulnerability means hackers can exploit the flaw before a fix is widely available, putting organisations using affected VPNs at risk of ransomware infection.
Read brief
New Vulnerability
08 June 2026
Microsoft GitHub Supply Chain Attack Hits 73 Repositories
A cyberattack called the Miasma Worm has compromised 73 Microsoft GitHub repositories, potentially allowing hackers to spread malicious code through software supply chains. This matters because many businesses rely on software from these sources, and infected code could lead to serious security issues.
Read brief
New Vulnerability
07 June 2026
CVE-2026-32985
Critical Security Flaw Found in Xerte Online Toolkits Could Let Hackers Take Control
A serious security weakness has been found in Xerte Online Toolkits, a tool used to create online learning materials. This flaw lets attackers upload harmful files without logging in, potentially allowing them to take control of the website hosting the tool. This matters because it could lead to data theft or damage to your website.
Read brief
New Vulnerability
07 June 2026
CVE-2019-19699
Serious Security Flaw in Centreon Monitoring Software Could Let Attackers Take Control
A high-risk security flaw has been found in Centreon Infrastructure Monitoring software that could allow attackers with admin access to run harmful commands on your system. This could lead to full control of your server, putting your business data and operations at risk.
Read brief
New Vulnerability
07 June 2026
CVE-2020-36939
Important Security Flaw in Apache Cassandra Web Plugin Could Expose Sensitive Files
A serious security weakness has been found in a web plugin used with Apache Cassandra databases. This flaw could let attackers access sensitive files and database credentials without needing a password, which could lead to data breaches.
Read brief
New Vulnerability
06 June 2026
CVE-2026-28318
Urgent: SolarWinds Serv-U Vulnerability Could Disrupt Your Service
A serious security flaw has been found in SolarWinds Serv-U software that can be exploited remotely to crash the service without needing a password. This issue is actively being exploited and could cause downtime or disruption for organisations using this product.
Read brief
New Vulnerability
06 June 2026
CVE-2012-2576
Critical Security Flaw in SolarWinds Storage and Backup Software
A serious security weakness has been found in older versions of SolarWinds Storage Manager, Storage Profiler, and Backup Profiler software. This flaw could let attackers access and control parts of your system remotely, which is dangerous for any organisation using these tools.
Read brief
New Vulnerability
06 June 2026
CVE-2015-10144
Security Risk in WordPress Image Upload Plugin Could Let Attackers Take Control
A serious security flaw has been found in a popular WordPress plugin used for image sliders. This flaw could allow someone with basic user access to upload harmful files and potentially take control of your website. This is important because many small organisations use WordPress for their websites, and this vulnerability could lead to data loss or website downtime.
Read brief
New Vulnerability
05 June 2026
CVE-2026-20245
Urgent: Cisco SD-WAN Software Vulnerability Could Let Attackers Take Control
A serious security flaw has been found in Cisco's SD-WAN Manager software that could allow attackers with certain access to take full control of the system. This matters because it could lead to unauthorised changes and disruptions in your network.
Read brief
New Vulnerability
05 June 2026
CVE-2026-3300
Critical Security Flaw Found in Everest Forms Pro WordPress Plugin
A serious security weakness has been found in the Everest Forms Pro plugin for WordPress, allowing attackers to run harmful code on your website without needing to log in. This affects all versions up to 1.9.12 and could let hackers take control of your site if you use the plugin's calculation features.
Read brief
New Vulnerability
04 June 2026
CVE-2026-23479
Important Security Fix for Redis Software to Prevent Remote Attacks
A serious security flaw has been found in Redis, a common software used to manage data quickly. This flaw could allow attackers to take control of affected systems remotely. A fix is available, so it is important to update to the latest version to stay safe.
Read brief
New Vulnerability
04 June 2026
CVE-2026-20230
Important Cisco Phone System Vulnerability Could Let Attackers Gain Full Control
A serious security flaw has been found in Cisco's Unified Communications Manager, a system used to manage business phone calls. This flaw could let attackers remotely take control of the system if a specific feature is enabled. It is important to check if your organisation uses this system and take steps to protect it.
Read brief
New Vulnerability
04 June 2026
New Security Risk Highlights Importance of Choosing the Right Cybersecurity Service
A recent report highlights a serious security weakness that could allow hackers to take control of systems through common technologies like Windows, VPNs, and firewalls. This shows why small organisations should carefully select managed detection and response (MDR) providers to protect against such threats.
Read brief
New Vulnerability
03 June 2026
CVE-2026-45247
Critical Security Flaw in Mirasvit Full Page Cache Warmer for Magento
A critical security vulnerability has been found in the Mirasvit Full Page Cache Warmer plugin for Magento 2. This flaw allows attackers to run harmful code on your website without needing to log in, potentially compromising your business data and website operations.
Read brief
New Vulnerability
03 June 2026
CVE-2026-8206
Critical WordPress Plugin Flaw Could Let Hackers Take Over Your Website
A serious security flaw has been found in the Kirki plugin for WordPress that could allow attackers to reset passwords and take control of user accounts, including admin accounts. This matters because it could let someone hijack your website without needing to log in first.
Read brief
New Vulnerability
02 June 2026
CVE-2025-48595
Urgent Android Security Flaw Could Let Hackers Take Control
A serious security flaw in the Android operating system's core framework has been found and is already being exploited by attackers. This flaw allows hackers to run harmful code on affected devices without needing the user to do anything, potentially giving them full control over the device.
Read brief
New Vulnerability
02 June 2026
CVE-2022-0492
Important Linux Security Flaw Could Let Hackers Gain Control
A serious security weakness has been found in the Linux operating system kernel that could allow attackers to gain higher access rights than they should have. This flaw is actively being exploited and affects many systems using Linux, which is common in small business servers and cloud services.
Read brief
New Vulnerability
02 June 2026
CVE-2025-8088
Critical WinRAR Flaw Lets Hackers Run Harmful Code on Windows PCs
A serious security flaw in the Windows version of WinRAR has been found and actively exploited by attackers. This flaw allows hackers to run harmful software by tricking users into opening specially crafted archive files. Since many small businesses use Windows and WinRAR, this vulnerability could put your organisation at risk.
Read brief
New Vulnerability
01 June 2026
CVE-2024-21182
Urgent Security Issue Found in Oracle WebLogic Server
A serious security flaw has been found in Oracle WebLogic Server that could allow attackers to access sensitive data without needing a password. This vulnerability is actively being exploited and affects certain versions of the software commonly used in business environments.
Read brief
New Vulnerability
01 June 2026
CVE-2026-0826
Critical Security Flaw Found in Poly Voice Devices Could Let Hackers Take Control
A serious security weakness has been found in certain Poly Voice products running on Linux. This flaw could allow attackers to run harmful software remotely, potentially compromising your phone system and business communications.
Read brief
New Vulnerability
01 June 2026
CVE-2026-8732
Critical Security Flaw in WP Maps Pro Plugin Could Let Hackers Take Over Your Website
A serious security weakness has been found in the WP Maps Pro plugin for WordPress that could allow attackers to create an administrator account without permission. This means hackers could gain full control of your website, potentially leading to data loss or damage.
Read brief
New Vulnerability
31 May 2026
CVE-2026-43284
Important Linux Security Fix for Network Data Handling
A serious security flaw has been found and fixed in the Linux operating system's handling of certain encrypted network data packets. This could allow attackers to run harmful code remotely, potentially taking control of affected systems. Small businesses using Linux servers or devices should ensure their systems are updated to stay protected.
Read brief
New Vulnerability
31 May 2026
CVE-2026-43500
Important Linux Kernel Security Fix for Data Handling Vulnerability
A serious security issue has been found and fixed in the Linux operating system kernel that could allow attackers to run harmful code remotely or gain higher access privileges. This matters because many small businesses use Linux-based systems, and if not updated, they could be at risk.
Read brief
New Vulnerability
31 May 2026
CVE-2026-35616
Critical Security Flaw Found in Fortinet FortiClient EMS Software
A serious security weakness has been found in Fortinet FortiClient EMS versions 7.4.5 and 7.4.6. This flaw could let hackers run harmful commands without needing to log in, potentially leading to stolen information or other damage. Small businesses using this software should act quickly to protect themselves.
Read brief
New Vulnerability
30 May 2026
CVE-2022-28368
Critical Security Flaw in Dompdf Could Let Hackers Take Over Your Website
A serious security weakness has been found in Dompdf, a tool used to convert web pages into PDF files. This flaw could allow hackers to run harmful code on your website, potentially leading to full control of your systems. Small businesses using Dompdf, especially within platforms like WordPress or Linux servers, should act quickly to protect themselves.
Read brief
New Vulnerability
30 May 2026
CVE-2026-3055
Critical Security Flaw Found in Citrix NetScaler Devices
A serious security weakness has been discovered in Citrix NetScaler devices used for secure remote access. This flaw could allow attackers to access sensitive information or take control of the system, posing a significant risk to organisations relying on these devices.
Read brief
New Vulnerability
30 May 2026
CVE-2026-4257
Critical Security Flaw Found in Popular WordPress Contact Form Plugin
A serious security weakness has been found in the Contact Form by Supsystic plugin for WordPress. This flaw could allow attackers to take control of your website without needing to log in, potentially leading to data theft or damage. Small organisations using this plugin should act quickly to protect their sites.
Read brief
New Vulnerability
29 May 2026
CVE-2026-0257
VPN Security Flaw in Palo Alto Networks Could Let Attackers Bypass Login
A security weakness has been found in the VPN software used by Palo Alto Networks, which could allow attackers to connect without proper login. This matters because it could let unauthorised people access your organisation’s network remotely.
Read brief
New Vulnerability
29 May 2026
CVE-2026-26194
Security Flaw Found in Gogs Git Service Could Let Hackers Run Code
A serious security flaw has been found in Gogs, a popular tool for managing code projects. This flaw could let attackers run harmful commands on your system if you use an older version of Gogs. It’s important to update to the latest version to keep your data and systems safe.
Read brief
New Vulnerability
29 May 2026
CVE-2026-39987
Critical Security Flaw in Marimo Python Notebook Allows Remote Code Execution
A serious security weakness has been found in Marimo, a Python notebook tool used for interactive coding. This flaw lets attackers run commands on your system without logging in, potentially taking full control. The issue affects versions before 0.23.0 and has been fixed in the latest update.
Read brief
New Vulnerability
28 May 2026
CVE-2024-39930
Critical Security Flaw in Gogs Software Could Let Attackers Take Control
A serious security weakness has been found in Gogs, a software tool used for managing code repositories. This flaw could allow someone with access to the system to run harmful commands remotely, potentially taking control of the affected computer. This matters because it could lead to data loss or disruption if exploited.
Read brief
New Vulnerability
28 May 2026
CVE-2024-39932
Critical Security Flaw Found in Gogs Software Used for Code Management
A serious security weakness has been found in Gogs, a tool some businesses use to manage software code. This flaw could let attackers run harmful commands on your system if they have access, potentially leading to data loss or system damage.
Read brief
New Vulnerability
28 May 2026
CVE-2024-39933
New Security Flaw Found in Gogs Software Could Let Attackers Run Code
A security weakness has been reported in Gogs, a tool some small organisations use to manage software projects. This flaw could allow someone with access to the system to run harmful commands remotely. It is important to check if you use this software and take steps to protect your organisation.
Read brief
New Vulnerability
27 May 2026
CVE-2026-45321
Critical Security Issue Found in TanStack Software Packages
A serious security problem was found in many TanStack software packages used in web development. Attackers managed to publish harmful versions of these packages that can steal credentials, posing a risk to organisations using them. This issue is actively being exploited, so urgent action is needed.
Read brief
New Vulnerability
27 May 2026
CVE-2026-8398
Critical Security Issue Found in Daemon Tools Lite Installation Files
A serious security problem has been found in certain versions of Daemon Tools Lite for Windows. Between early April and early May 2026, the official installation files were tampered with to include harmful software. This means users who installed or updated the program during that time may have unknowingly put their computers at risk.
Read brief
New Vulnerability
27 May 2026
CVE-2026-48027
Critical Security Issue Found in Nx Console Software
A critical security problem was found in a popular software tool called Nx Console, used by developers. A malicious version was briefly available, potentially exposing users to harm. Immediate action is recommended to protect your organisation.
Read brief
New Vulnerability
26 May 2026
CVE-2026-45659
Important Microsoft SharePoint Security Update to Prevent Remote Attacks
A serious security flaw has been found in Microsoft Office SharePoint that could let attackers run harmful software remotely. This matters because SharePoint is commonly used by many small organisations to manage documents and collaborate, so the risk of data loss or disruption is real if the flaw is not fixed.
Read brief
New Vulnerability
26 May 2026
Urgent Patch Needed for Active Security Flaw in Drupal Websites
A serious security flaw in Drupal, a popular website platform, is being actively exploited by attackers. This vulnerability allows hackers to run harmful commands on affected websites, potentially leading to data theft or website damage. Immediate action is recommended to protect your site.
Read brief
New Vulnerability
25 May 2026
CVE-2026-26980
Critical Security Flaw Found in Ghost Website Software
A serious security weakness has been found in Ghost, a popular website management tool used by many small businesses. This flaw allows attackers to access sensitive information without needing to log in. It has already been used to attack hundreds of sites, so updating the software is essential.
Read brief
New Vulnerability
25 May 2026
Urgent: New Security Flaws Found in Linux and Routers Could Let Hackers In
Recent reports reveal serious security weaknesses in Linux systems and common routers that hackers can exploit immediately. These flaws could allow attackers to take control of devices or create botnets, posing risks to small businesses relying on these technologies.
Read brief
New Vulnerability
24 May 2026
CVE-2023-7101
High Risk in Excel File Parsing Could Let Hackers Run Code
A serious security flaw has been found in a common tool used to read Excel files in some software. This flaw could allow attackers to run harmful code on your computer if you open a malicious Excel file. It’s important for small organisations to be aware and take steps to protect themselves.
Read brief
New Vulnerability
24 May 2026
CVE-2026-31431
Important Linux Kernel Security Fix for Encryption Vulnerability
A serious security flaw has been found and fixed in the Linux kernel's encryption system. This flaw could allow attackers to run harmful code remotely, putting your systems at risk. It is important for organisations using Linux-based systems to ensure they have applied the latest updates to stay protected.
Read brief
New Vulnerability
24 May 2026
CVE-2026-48172
Critical Security Flaw in LiteSpeed cPanel Plugin Could Let Hackers Take Over Your Server
A serious security weakness has been found in the LiteSpeed User-End cPanel Plugin that could allow attackers to gain full control of affected servers. This flaw is actively being exploited, meaning hackers are already using it to run harmful commands as the highest-level user.
Read brief
New Vulnerability
23 May 2026
CVE-2026-9082
Important Security Update for Drupal Websites: SQL Injection Vulnerability
A security flaw has been found in Drupal, a popular website platform, that could allow attackers to access or control your website's data. This vulnerability is actively being exploited, so it is important for organisations using Drupal to take action quickly.
Read brief
New Vulnerability
23 May 2026
CVE-2023-7102
Critical Security Flaw Found in Barracuda Email Security Appliances
A serious security weakness has been found in certain Barracuda Email Security Gateway (ESG) appliances that could allow attackers to take control remotely. This matters because many small organisations use these devices to protect their email, and if not fixed, it could lead to data breaches or disruption.
Read brief
New Vulnerability
23 May 2026
CVE-2026-24479
Critical Security Flaw in HUSTOF Software Could Let Hackers Take Control
A serious security weakness has been found in HUSTOF, an open-source system used for programming contests and training. This flaw could allow attackers to run harmful code on the server by uploading specially crafted files. It is important to check if your organisation uses this software and update it promptly to avoid risks.
Read brief
New Vulnerability
22 May 2026
CVE-2025-34291
Critical Security Flaw in Langflow AI Software Could Let Hackers Take Over Your System
A serious security weakness has been found in Langflow, an AI-related software used by some businesses. This flaw lets attackers hijack user accounts and run harmful code remotely, potentially taking full control of affected systems. It is actively being exploited, so urgent action is needed.
Read brief
New Vulnerability
22 May 2026
CVE-2026-34926
Urgent Security Issue Found in Trend Micro Apex One Software
A serious security flaw has been found and actively exploited in Trend Micro Apex One, a popular security product used by many organisations. This means attackers can potentially access sensitive parts of your system if the software is not updated or protected properly.
Read brief
New Vulnerability
22 May 2026
CVE-2026-45498
Microsoft Defender Vulnerability Could Disrupt Your Security Software
A new vulnerability in Microsoft Defender has been identified that could allow attackers to cause the software to stop working properly. This issue is actively being exploited, meaning attackers are using it in the wild. It is important for small businesses using Microsoft Defender to take action to reduce the risk.
Read brief
New Vulnerability
21 May 2026
CVE-2008-4250
Critical Microsoft Windows Vulnerability Actively Exploited
A serious security flaw in older Microsoft Windows systems has been confirmed as actively exploited by attackers. This vulnerability allows remote hackers to run harmful code on affected computers, posing a significant risk to organisations still using these versions.
Read brief
New Vulnerability
21 May 2026
CVE-2009-1537
Urgent: Microsoft DirectX Vulnerability Actively Exploited
A serious security weakness in Microsoft DirectX, a common Windows component, is being actively exploited by attackers. This vulnerability allows harmful files to run dangerous code on affected computers, posing a risk to organisations using older Windows systems.
Read brief
New Vulnerability
21 May 2026
CVE-2010-0806
Important Security Flaw Found in Older Microsoft Internet Explorer Versions
A serious security weakness has been confirmed in older versions of Microsoft Internet Explorer, which hackers are actively exploiting. This flaw could allow attackers to take control of affected computers remotely, making it important for organisations still using these browsers to act quickly.
Read brief
New Vulnerability
20 May 2026
CVE-2010-0249
Important Security Alert: Microsoft Internet Explorer Vulnerability
A serious security flaw affecting older versions of Microsoft Internet Explorer has been officially recognised as actively exploited by attackers. This vulnerability could allow hackers to take control of affected computers remotely, posing a significant risk to organisations still using these outdated browsers.
Read brief
New Vulnerability
20 May 2026
CVE-2009-3459
Urgent: Adobe Acrobat and Reader Security Flaw Being Exploited
A serious security flaw in older versions of Adobe Acrobat and Reader has been confirmed as actively exploited by attackers. This vulnerability allows hackers to run harmful code on your computer through a malicious PDF file. It is important for organisations using these products to take immediate action to protect their systems.
Read brief
New Vulnerability
20 May 2026
CVE-2026-41091
Urgent: Microsoft Defender Vulnerability Could Let Attackers Gain Higher Access
A serious security flaw has been found in Microsoft Defender that could allow attackers with some access to your computer to increase their control. This vulnerability is actively being exploited, so it is important for organisations using Microsoft Defender to act quickly.
Read brief
New Vulnerability
19 May 2026
CVE-2026-31635
High-Risk Linux Kernel Vulnerability Could Allow Privilege Escalation
A serious security flaw has been found and fixed in the Linux operating system kernel, which could allow attackers to gain higher access rights than they should have. This matters because many small businesses use Linux servers or devices, and if unpatched, this vulnerability could be exploited to take control of systems.
Read brief
New Vulnerability
19 May 2026
New Windows Security Flaw Could Let Hackers Take Full Control
A new security flaw has been found in Windows that can let attackers gain full control of a computer, even if it is fully updated. This is serious because it allows hackers to do almost anything on the affected system.
Read brief
New Vulnerability
19 May 2026
New Linux Security Flaw Could Let Hackers Gain Full Control
A new security flaw called DirtyDecrypt has been found in Linux systems that could allow hackers to gain full control of affected computers. This matters because Linux is commonly used in many small business systems and AI applications, and an exploit is already available.
Read brief
New Vulnerability
18 May 2026
CVE-2026-8043
Critical Security Flaw Found in Ivanti Xtraction Software
A serious security weakness has been found in Ivanti Xtraction software versions before 2026.2. This flaw could let attackers access sensitive files and add harmful web content, potentially exposing your organisation to data leaks and attacks on users.
Read brief
New Vulnerability
18 May 2026
CVE-2026-42945
Critical NGINX Vulnerability Could Cause Website Crashes and Security Risks
A serious security flaw has been found in NGINX web server software that can cause website crashes and potentially allow attackers to run harmful code. This matters because many small businesses use NGINX to manage their websites, and if not fixed, it could disrupt services or lead to data breaches.
Read brief
New Vulnerability
18 May 2026
CVE-2023-30253
High-Risk Security Flaw Found in Dolibarr Software
A serious security weakness has been found in Dolibarr, a popular business management software. This flaw could let someone with access to the system run harmful code, potentially causing damage or stealing information. Small organisations using Dolibarr should take steps to protect themselves.
Read brief
New Vulnerability
17 May 2026
CVE-2024-48760
Critical Security Flaw in GestioIP Could Let Hackers Take Control
A serious security weakness has been found in GestioIP version 3.5.7, a tool used for managing IP addresses. This flaw allows attackers to upload harmful files that can take control of the system remotely. It is important because it could let hackers run commands on your system without permission.
Read brief
New Vulnerability
17 May 2026
CVE-2025-6793
Critical Security Flaw in Marvell QConvergeConsole Could Allow File Deletion and Data Exposure
A serious security weakness has been found in Marvell QConvergeConsole software that could let attackers remotely delete important files and access sensitive information without needing to log in. This matters because it can disrupt your systems and expose private data.
Read brief
New Vulnerability
17 May 2026
CVE-2026-0265
Important Security Flaw in Palo Alto Networks Firewalls Could Let Attackers Bypass Login
A serious security weakness has been found in Palo Alto Networks firewall software that could allow attackers to bypass login controls if a specific cloud authentication feature is enabled. This matters because it could let unauthorised users access your network management settings, potentially compromising your security.
Read brief
New Vulnerability
16 May 2026
CVE-2026-20182
Critical Cisco SD-WAN Vulnerability Allows Remote Admin Access
A serious security flaw has been found and fixed in Cisco's Catalyst SD-WAN Controller that could let attackers bypass login controls and gain high-level access to network settings. This is important because it affects how securely your network is managed and could allow attackers to change your network without permission.
Read brief
New Vulnerability
16 May 2026
CVE-2026-42897
Urgent: Microsoft Exchange Server Vulnerability Being Actively Exploited
A serious security flaw in Microsoft Exchange Server has been found and is currently being exploited by attackers. This vulnerability allows hackers to trick users and potentially gain access to your network through crafted emails. It is important for organisations using Exchange Server to act quickly to protect themselves.
Read brief
New Vulnerability
16 May 2026
CVE-2026-20127
Critical Security Flaw in Cisco SD-WAN Controllers Could Let Attackers Take Control
A serious security weakness has been found in Cisco SD-WAN Controllers that could allow attackers to bypass login controls and gain high-level access to your network management system. This matters because it could let attackers change your network settings without permission, potentially disrupting your business or exposing sensitive information.
Read brief
New Vulnerability
14 May 2026
CVE-2026-46300
New Linux Vulnerability Could Let Hackers Take Full Control
A new security flaw has been found in the Linux operating system used by many small business devices like network storage (NAS) and AI systems. This flaw could allow attackers to gain full control of affected devices, which is serious but can be managed with proper updates and checks.
Read brief
New Vulnerability
14 May 2026
CVE-2020-13949
Important Security Update: Apache Thrift Vulnerability Could Disrupt Your Services
A serious security weakness has been found in Apache Thrift software used in some business applications. This flaw could allow attackers to overload systems, causing them to crash and stop working. It is important to check if your systems use this software and apply updates to prevent disruption.
Read brief
New Vulnerability
14 May 2026
CVE-2025-14179
Important Security Update for PHP Users to Prevent Data Breaches
A serious security flaw has been found in certain versions of PHP software that could allow attackers to access or change your business data without permission. This matters because many websites and applications use PHP, and if not fixed, it could lead to data theft or disruption.
Read brief
New Vulnerability
13 May 2026
CVE-2026-31705
Critical Linux Kernel Vulnerability Affecting File Sharing Services
A critical security flaw has been found and fixed in the Linux kernel's file sharing component, which could allow attackers to overwrite memory and potentially take control of affected systems. This matters because many small organisations use Linux-based servers or devices for file sharing and could be at risk if not updated.
Read brief
New Vulnerability
13 May 2026
CVE-2026-31718
Critical Linux File Sharing Vulnerability Fixed – Important Patch Needed
A serious security flaw has been fixed in the Linux kernel's file sharing system that could allow attackers to cause crashes or run harmful code remotely. This matters because many small organisations use Linux servers for file sharing, and unpatched systems could be at risk.
Read brief
New Vulnerability
13 May 2026
CVE-2026-33117
Critical Security Flaw in Microsoft Azure Software Could Let Hackers Bypass Protections
A serious security weakness has been found in Microsoft Azure software that could allow hackers to bypass important security checks remotely. This could put small businesses using Microsoft cloud services or related software at risk if not addressed quickly.
Read brief
New Vulnerability
12 May 2026
CVE-2026-41940
Critical Security Flaw in cPanel Could Let Hackers Access Your Website Control Panel
A serious security weakness has been found in cPanel, a popular tool used to manage websites and hosting. This flaw lets attackers bypass login security and access the control panel without permission, potentially putting your website and data at risk.
Read brief