Vulnerabilities

F5 has shared a security warning about serious flaws in NGINX. These issues could let attackers run any code and cause denial-of-service (DoS) attacks in affected systems. The notice, published on June 17, 2026, points out important problems affecting NGINX Open Source, NGINX Plus, and related products like NGINX Gateway …

Cisco on Monday told customers about a new SD-WAN product flaw used in attacks. The flaw, called CVE-2026-20262, is a medium-severity issue that lets files be written anywhere in the Catalyst SD-WAN Manager. “This file could later be used to elevate to root,” Cisco explained, adding, “To exploit this vulnerability, …

A critical security flaw has affected the open-source security community. Recently, complete details and working exploit code were shared online. This critical Wazuh  flaw lets verified endpoints change central log systems directly. So, any company testing this new platform must take urgent action. If not, they risk major damage to …

Microsoft’s June 2026 Patch Tuesday updates fix about 200 security flaws found in the company’s products. None of the flaws fixed this month seem to have been used by anyone outside, but three issues were shared publicly before Microsoft fixed them. One of them is CVE-2026-49160, which is a denial-of-service (DoS) …

Broadcom has revealed three stored cross-site scripting (XSS) flaws that affect VMware Cloud Foundation Operations and some other products. They warn that attackers who are logged in could add harmful scripts to do admin tasks in the system. Tracked as CVE-2026-41722, CVE-2026-41723, and CVE-2026-41724, the issues were fixed in the …

Check Point Research found that CVE-2026-50751, a serious flaw in Check Point Remote Access VPN and Mobile Access, is being actively used by attackers. It can let them bypass authentication (CVSS 9.3). CVE-2026-50751 affects systems using the old IKEv1 key exchange method. A remote attacker can take advantage of a …

Trend Micro’s Deep Security Agent for Linux has a design flaw. This issue lets a local attacker, who does not have special access, create short “blind spots.” During these moments, endpoint protections are not working temporarily. The issue stems from how the agent unloads and reloads its bmhook and tmhook …

Cisco has fixed a flaw in Unified Communications Manager that allows an attacker on the network to write files to the system and then gain full access. It is known as CVE-2026-20230, and proof of concept exploit code is already available. Cisco’s PSIRT says they have not seen anyone use this …

TP-Link has revealed a serious security problem in its Archer BE450 and Archer BE7200 Wi-Fi routers. This flaw could let an attacker run commands from afar if they get admin access. The flaw, called CVE-2026-5509, has a score of 8.5 (High) in CVSS v4.0, showing how dangerous it is for …

Google has shared the June 2026 Android security updates to fix 124 flaws, including one zero-day issue used in special attacks. Local attackers can take advantage of a serious Android Framework flaw (known as CVE-2025-48595) to run code and gain higher access on devices using Android 14 or newer. “There are …