Published threat advisories for June 9, 2026

A critical vulnerability allows an authenticated domain user to execute arbitrary code on the Backup Server, potentially impacting the confidentiality, integrity, and availability of backup data and services. This issue requires an authenticated domain user to exploit, and infrastructure or security teams are likely re

NVD published: June 9, 2026

Adobe Campaign Classic is affected by an incorrect authorization vulnerability enabling arbitrary code execution without user interaction. Attackers can exploit this over the network, potentially leading to a broad compromise of the user's context. This issue is critical as it bypasses security layers and can be trigge

NVD published: June 9, 2026

A Server-Side Request Forgery vulnerability in Adobe Campaign Classic could allow unauthorized code execution without user interaction, changing the scope of impact. This issue is reachable externally and could lead to arbitrary code execution. Security-aware leaders should assess their Adobe Campaign Classic instances

NVD published: June 9, 2026

An authentication bypass vulnerability in a social sign-in endpoint could allow unauthorized access via a forged token. This critical issue may lead to exposure of system data. Confirmation of the technology's use and exposure within the environment is necessary.

NVD published: June 9, 2026

A vulnerability in bookcars' `validateAccessToken` function allows attackers to bypass authentication by submitting a forged JWT token. This could lead to unauthorized access to application functions and potentially sensitive information. Determining if bookcars is used within the environment is the primary concern.

NVD published: June 9, 2026

A buffer overflow in the LZW Decode function of the AnimatedGIF software library can be exploited by a remote attacker providing a crafted GIF file. This vulnerability could lead to a denial of service, causing an application crash, or potentially allow for arbitrary code execution. The impact is significant if the aff

NVD published: June 9, 2026

A critical vulnerability exists in Shenzhen Kangda Xin Intelligent Network Technology Company routers due to hardcoded credentials and default Telnet access. This allows unauthenticated attackers to read/write memory, modify firmware, and inspect network activity, posing a significant security risk. The vulnerability i

NVD published: June 9, 2026

Adobe Experience Manager Forms is affected by a stored Cross-Site Scripting vulnerability that allows attackers to inject malicious scripts into form fields. If a victim views a page with a vulnerable field, these scripts could execute in their browser, potentially leading to unauthorized access or control over their a

NVD published: June 9, 2026

A heap overflow vulnerability exists in FreeSWITCH's mod_verto component, allowing unauthenticated network access to exploit an attacker-controlled memory corruption before authentication checks. This could lead to impacts on data integrity and service availability.

NVD published: June 9, 2026

A vulnerability in FreeSWITCH's Event Socket Layer could allow an unauthenticated attacker to crash services or corrupt memory by sending a malicious frame with a negative content length. This could impact the availability and integrity of telecom systems before authentication. Understanding FreeSWITCH deployments and

NVD published: June 9, 2026

An external control of file name or path vulnerability in Azure Stack Edge could allow an unauthorized attacker to execute code over a network. This issue could impact the confidentiality, integrity, and availability of affected systems. As Azure Stack Edge devices often operate at the network edge and interact with ex

NVD published: June 9, 2026

An integer overflow in Windows HTTP.sys, a critical network request handler, allows remote, unauthorized code execution. This vulnerability impacts a core service for internet traffic and could compromise system integrity and confidentiality.

NVD published: June 9, 2026

An improper input validation vulnerability in Visual Studio Code could allow an unauthorized attacker to elevate privileges over a network. While the application is typically used locally, its reachability and potential impact on system integrity and availability are key concerns. The primary need is to confirm if this

NVD published: June 9, 2026

A use-after-free vulnerability in the Windows Kernel allows an unauthorized attacker to execute code over a network. This critical flaw could lead to remote code execution, potentially impacting system integrity and availability. It is uncertain if the affected technology is present or reachable within our environment.

NVD published: June 9, 2026

A network tampering vulnerability in Windows DHCP Server could allow an unauthorized attacker to modify data without authentication. This could impact network stability and traffic redirection, necessitating confirmation of its presence and exposure within the environment.

NVD published: June 9, 2026

A vulnerability in OpenSSL related to PKCS#7 signature verification could allow a specially crafted message to trigger a use-after-free, potentially leading to process crashes, memory corruption, or remote code execution. This issue may affect applications processing PKCS#7 or S/MIME signed messages using OpenSSL's PKC

NVD published: June 9, 2026

A critical stack-based buffer overflow vulnerability in the Windows DHCP Client enables unauthorized network attackers to execute code. This could compromise affected systems, impacting data confidentiality, integrity, and availability. Understanding this threat is vital for assessing environmental risks.

NVD published: June 9, 2026

A critical command execution vulnerability exists in DedeCMS's file management functionality, potentially allowing unauthenticated network access to execute arbitrary commands on affected systems. This could lead to a complete system compromise, impacting data integrity and availability, making it crucial to identify a

NVD published: June 9, 2026

A vulnerability in cryptographic message processing may allow attackers to bypass integrity checks or gain key-equivalent functionality. This issue affects how authenticated enveloped data containers are validated, potentially enabling unauthorized access to encryption keys or modification of messages. The FIPS modules

NVD published: June 9, 2026

A critical vulnerability in Nuance PowerScribe allows unauthorized remote code execution over a network due to untrusted data deserialization. If reachable, this could compromise system integrity and data. Understanding if your organization uses this technology and its network exposure is crucial.

NVD published: June 9, 2026

A critical SQL injection vulnerability exists in CBS Platform. Attackers can manipulate database commands, potentially leading to unauthorized access or data modification. This issue is particularly concerning as the platform is no longer supported by the vendor, implying a lack of security updates. The primary concern

NVD published: June 9, 2026

An OS command injection vulnerability in Fortinet FortiSandbox may allow an unauthenticated attacker to execute unauthorized commands. This could impact the functionality and security of network security devices if reachable via specially crafted HTTP requests.

NVD published: June 9, 2026

An authentication bypass vulnerability in Ivanti Sentry could allow an unauthenticated remote attacker to create arbitrary administrative accounts and gain full administrative access. This issue is relevant if Ivanti Sentry is used and accessible.

NVD published: June 9, 2026

A use-after-free vulnerability exists in Google Chrome's printing component, potentially allowing a remote attacker to escape the browser's sandbox through a crafted HTML page. This critical flaw requires user interaction to exploit, raising concerns about relevance and exposure.

NVD published: June 9, 2026