CVE Vulnerabilities - 1 June 2026

Cloud Foundry's UAA server, used for authentication and authorization, is vulnerable to exposing private keys. This affects organizations using Elliptic Curve (EC) keys to sign JSON Web Tokens (JWTs)....

An attacker with local access can gain elevated privileges on an Android device without needing to interact with it. This affects Android devices using the InputMethodManagerService. To protect your d...

A security issue in CloudPirates Helm Charts exposed GitHub credentials, which could have been used by malicious users. This issue has been fixed, but it's essential to update to the latest version to...

CloudPirates Helm Charts contains a GitHub Actions workflow that executes code from untrusted pull requests, potentially exposing sensitive information like Docker Hub credentials. This issue has been...

Langroid versions prior to 0.63.0 are vulnerable to SQL injection, which can allow an attacker to execute code on the database host. This can be prevented by updating to the latest version of Langroid...

The Arm Whois software has a bug that lets hackers send it too much information. This can allow them to take control of the computer running Whois. You should update to the latest version to fix this ...

The Sergey AIWU software has a vulnerability that allows unauthorized access to sensitive areas. This means that an attacker could gain higher-level permissions and access data they shouldn't. Update ...

A security flaw in Contest Gallery Pro allows an attacker to gain higher levels of access to the system. This could lead to unauthorized changes or data theft. Update to the latest version to fix this...

If you're using Vitest UI on Windows and exposing it to the network, or running it on Windows without proper security, an attacker could access and execute arbitrary files. To protect yourself, make s...

Versions of Teamwork Cloud and Magic Collaboration Studio from 2022 to 2026 are affected by a vulnerability that could allow hackers to execute malicious code remotely without needing a password. This...

Apache Solr versions 9.4.0 to 10.0.0 contain hardcoded default credentials that can be used by an attacker to gain full administrative access to the cluster. To protect your cluster, delete or change ...

The Cline Kanban Server on your local machine may allow unauthorized websites to access sensitive data and take control of running tasks. This can happen if you visit a malicious website while the ser...

A security issue in Gravity Forms could allow attackers to access files they shouldn't be able to, which could lead to sensitive information being stolen. This issue affects all versions of Gravity Fo...

A vulnerability in praisonai-platform allows any workspace member to add any user, including new or existing accounts, as the owner of the workspace. This means a malicious user can gain full control ...

Vitest's browser mode can execute malicious JavaScript if you visit a specially crafted URL. This could allow an attacker to steal your Vitest API token and use it to access your server-side code. To ...

Disig Web Signer, a digital signature tool, has a critical vulnerability that allows attackers to run their own code on your server. This could lead to unauthorized access, data theft, or disruption o...

WP Directory Kit, a plugin for WordPress, has a security flaw that could allow attackers to access sensitive information. This could happen if an attacker sends malicious input to the plugin's databas...

Poly Voice devices on Linux platforms may allow unauthorized code to be executed if an attacker takes advantage of a buffer overflow vulnerability when Interactive Connectivity Establishment (ICE) is ...

IBM WebSphere Application Server versions 9.0 and 8.5 allow an attacker to pretend to be someone else, potentially gaining unauthorized access to sensitive information. This is a significant risk beca...

An incorrectly configured security setting in wpForo Forum can allow unauthorized users to access restricted areas of the forum. This is a security concern because it could allow users to view or modi...

An OTRS or OTRS Community Edition system can be vulnerable to SQL injection attacks, which could allow an attacker to bypass authentication and access the system. This issue affects several versions o...

IBM WebSphere Application Server versions 9.0 and 8.5 are at risk of attackers running malicious code on the server if they can send untrusted data to the application. This could allow an attacker to ...

IBM WebSphere Application Server 9.0 and 8.5 has a security weakness that allows hackers to run malicious code on your server. This means they could potentially access sensitive data or take control o...

Strongbox, a secure storage system, has a bug that allows an attacker to write too much data into a fixed amount of memory, causing the system to crash or behave unpredictably. This could potentially ...

Adobe Acrobat's Strongbox feature may allow malicious files to corrupt memory, potentially leading to a crash or security breach. This issue affects users who open specific types of files in Adobe Acr...