24h | 7d | 30d

CVE-2026-4109

Overview

  • arraytics
  • Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered)
14 Apr 2026
Published
14 Apr 2026
Updated
CVSS v3.1
MEDIUM (4.3)
EPSS
0.03%
KEV

Description

The Eventin – Events Calendar, Event Booking, Ticket & Registration (AI Powered) plugin for WordPress is vulnerable to unauthorized access of data due to a improper capability check on the get_item_permissions_check() function in all versions up to, and including, 4.1.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read arbitrary order data including customer PII (name, email, phone) by iterating order IDs.

Statistics

  • 1 Post
Last activity: 1 hour ago

Bluesky

Profile picture fallback
NEWSTECNICAS | Tecnología , IA y Gaming @newstecnicas.com
🚨 Alerta: Explotación activa de #vulnerabilidades críticas en #MicrosoftDefender | CVE-2026-4109 | CVE-2026-45498 | www.newstecnicas.com/2026/06/aler...
  • 0
  • 0
  • 0
  • 1h ago

CVE-2026-10881

Overview

  • Google
  • Chrome
04 Jun 2026
Published
05 Jun 2026
Updated
CVSS
Pending
EPSS
0.08%
KEV

Description

Out of bounds read and write in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Statistics

  • 1 Post
Last activity: 12 hours ago

Bluesky

Profile picture fallback
曖昧ナ犬 @aimainainnu.bsky.social
「Google Chrome 149」の脆弱性修正はなんと429件、できるだけ早めの更新を - 窓の杜 CVE-2026-10881:Out of bounds read and write in ANGLE(Critical) · CVE-2026-10882:Use after free in Network(Critical) ... forest.watch.impress.co.jp/docs/news/21...
  • 0
  • 0
  • 0
  • 12h ago

CVE-2026-41091

Overview

  • Microsoft
  • Microsoft Malware Protection Engine
20 May 2026
Published
05 Jun 2026
Updated
CVSS v3.1
HIGH (7.8)
EPSS
8.01%
KEV

Description

Improper link resolution before file access ('link following') in Microsoft Defender allows an authorized attacker to elevate privileges locally.

Statistics

  • 2 Posts
Last activity: 19 hours ago

Fediverse

Profile picture fallback
Wordfence @wordfence

2 Microsoft Defender Zero Days Exploited In The Wild

Wordfence Security News Clip | May 25, 2026

Two Microsoft Defender zero-days, CVE-2026-41091 and CVE-2026-45498, are under active exploitation in the wild.

Verify Defender Anti-Malware Platform 4.18.26040.7 and Malware Protection Engine 1.1.26040.8 are installed on all Windows systems.

Watch The Clip: youtube.com/watch?v=ZqEKj4Y2gVM

  • 0
  • 0
  • 0
  • 19h ago
Profile picture fallback
Wordfence @wordfence

Two Microsoft Defender Zero Days Exploited

Wordfence Security News Clip | May 25, 2026

Two Microsoft Defender zero-days, CVE-2026-41091 and CVE-2026-45498, are actively exploited in the wild.

Attackers chain BlueHammer, Red Sun, and Undefend to gain system-level access then block Defender signature updates.

Verify Defender Anti-Malware Platform 4.18.26040.7 and Malware Protection Engine 1.1.26040.8 are installed.

Watch The Clip: youtube.com/shorts/d2ubcB3DiXw

  • 0
  • 0
  • 0
  • 19h ago

CVE-2026-45247

Overview

  • Mirasvit
  • Full Page Cache Warmer for Magento 2
26 May 2026
Published
04 Jun 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
6.15%
KEV

Description

Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a PHP object injection vulnerability that allows unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in the CacheWarmer cookie. Attackers can exploit the unrestricted call to PHP's native unserialize() function combined with gadget chains available in Magento and its dependencies to execute arbitrary code on the server.

Statistics

  • 1 Post
Last activity: 7 hours ago

Fediverse

Profile picture fallback
𝔸𝕟𝕠𝕟𝕪𝕞𝕠𝕦𝕤 :verified: @youranonnewsirc

**Geopolitical:** The U.S. House passed legislation providing aid to Ukraine and imposing new sanctions on Russia. Middle East tensions remain high, with Iran linking any peace deal to the resolution of the Lebanon conflict and the release of frozen assets.

**Technology:** President Trump signed an executive order on AI in the national security enterprise, focusing on cybersecurity. SpaceX's $1.8 trillion IPO is anticipated by June 12. NASA successfully demonstrated multi-network communication for spacecraft.

**Cybersecurity:** Cisco issued a warning regarding an actively exploited zero-day vulnerability (CVE-2026-20245) in its Catalyst SD-WAN, for which no patch is currently available. CISA added a critical Magento RCE flaw (CVE-2026-45247) to its KEV catalog, with federal agencies mandated to apply fixes by June 6, 2026.

#Cybersecurity #Geopolitics #AI

  • 0
  • 0
  • 0
  • 7h ago

CVE-2026-10882

Overview

  • Google
  • Chrome
04 Jun 2026
Published
05 Jun 2026
Updated
CVSS
Pending
EPSS
0.13%
KEV

Description

Use after free in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)

Statistics

  • 1 Post
Last activity: 12 hours ago

Bluesky

Profile picture fallback
曖昧ナ犬 @aimainainnu.bsky.social
「Google Chrome 149」の脆弱性修正はなんと429件、できるだけ早めの更新を - 窓の杜 CVE-2026-10881:Out of bounds read and write in ANGLE(Critical) · CVE-2026-10882:Use after free in Network(Critical) ... forest.watch.impress.co.jp/docs/news/21...
  • 0
  • 0
  • 0
  • 12h ago
Showing 41 to 45 of 45 CVEs