Latest Security Vulnerabilities
Wednesday June 10, 2026
QNAP Qts
CVE-2026-24717 QNAP QTS/QuTS Hero path traversal CVE-2026-24717 before 5.2.9.3492CVE-2026-24716 QNAP QTS DoS via NULL ptr in 5.2.9.3492+
CVE-2026-22893 CmdInject in QNAP QTS/QuTS before 5.2.9.3410
CVE-2026-24719 Cmd Injection in QTS 5.2.9 (pre-20260507) & QuTS hero (pre-20260514)
CVE-2025-66273 QTS/QuTS Hero cmd injection CVE202566273 before 5.2.9.3410
CVE-2025-66279 Command Injection in QNAP QTS/QuTS Hero (5.2.9.3410, 5.3.4.3500)
CVE-2025-66280 QNAP QTS/QuTS Integer Overflow (Admin) CVE-2025-66280 Fixed v5.2.9.3410+
CVE-2025-66281 QNAP QTS Null Ptr Deref DoS (pre 5.2.9.3410, fixed in 5.2.9.3410)
CVE-2025-59382 QNAP CVE-2025-59382 Fix Implemented
QNAP
CVE-2025-58468 CSRF in QNAP Notification Center <1.10.0.3291CVE-2025-62851 License Center PT (pre1.9.56) fixed in 1.9.56
QNAP File Station
CVE-2026-24724 QNAP File Station <=5.5.6.5243 Auth Bypass via Wrong AuthorizationCVE-2026-24720 QNAP File Station 6 Unbounded Resource Allocation DoS
CVE-2026-26239 File Station 5 Buffer Overflow via Remote User Fixed in 5.5.6.5208
CVE-2026-22899 File Station 6 NULL PTR DoS (fixed 5.5.6.5208+)
Espressif Esp Idf
CVE-2026-45329 ESP-IDF 5.5.4/6.0 Pointer Validation Flaw in Secure Service WrappersCVE-2026-46532 Espressif IoT Framework 5.x-6.x OOB Read in AVRCP Parser
CVE-2026-45328 Espressif ESP-IDF esp_tee RCE via insecure wrappers 5.5.4/6.0 (fixed 5.5.5/6.0.1)
CVE-2026-45541 NULL-pointer Deref esp_http_server WebSocket (ESF-IDF 6.0)
CVE-2026-45542 ESP-IDF 5.2-6.0 Heap Buffer Overflow in protocomm SRP6a
CVE-2026-45160 ESP-IDF lwIP DHCP OOB Read v5.2.7-6.0.1 Patched in 5.2.8+
Tuesday June 9, 2026
MongoDB
CVE-2026-9751 Plain Text Password Logging via ldapQueryPassword in MongoDBCVE-2026-9752 MongoDB 2dsphere Crash via GeometryCollection NPE in GeoJSON
CVE-2026-9748 MongoDB $facet Crash via PauseExecution misuse in aggregation pipeline
CVE-2026-9741 MongoDB QE $vectorSearch Stage Plaintext Leak
CVE-2026-9754 MongoDB filemd5 LE: Authenticated Read Role Stack Memory Leak
CVE-2026-9743 MongoDB 8.0 Aggregation Null _subPipeline Causing DoS
CVE-2026-9735 MongoDB Server Exposes Auth Credentials in Logs During SASL Auth
OpenSSL
CVE-2026-7383 OpenSSL <=3.1: Signed Int Overflow in ASN1_mbstring_ncopy() Heap BOVCVE-2026-34181 OpenSSL PKCS#12 PBMAC1 forging CVE-2026-34181
CVE-2026-45446 OpenSSL EVP Provider: AESSIV/AESGCMSIV Auth Forger via Empty AAD/Ciphertext (<3.2)
CVE-2026-35188 OpenSSL TLS OCSP Stapling doublefree via crafted stapled response
CVE-2026-42771 OpenSSL X509_VERIFY_PARAM_set1_email OOB Read Causing S/MIME DoS
CVE-2026-42770 OpenSSL FIPS 3.0-4.0 DHX X9.42 subgroup check flaw
CVE-2026-42768 OpenSSL <3.2 CMS PKCS7 Bleichenbacher Oracle
CVE-2026-42767 OpenSSL CMP Client Null Deref DoS (pre-3.5) via crafted EncryptedValue OID
CVE-2026-42766 OpenSSL CMS NULL Deref (before 4.0) - DoS
And others...
Linux Kernel
CVE-2026-46317 Linux KVM ARM64 nested_mmus UAF under mmu_lockCVE-2026-46319 Linux Kernel act_ct RCU UAF Vulnerability (CVE-2026-46319)
CVE-2026-46323 Linux Kernel GRO Zero-Copy Skb Merge Causing UAF
CVE-2026-46324 Linux Kernel nf_tables: RCU list deletion race in netlink hook unregistration
CVE-2026-46326 Linux Kernel MPRLS0025PA spi_transfer Struct Zeroing Fix
CVE-2026-46327 Linux Kernel DM: Race via dm_suspended_md unlocked test
CVE-2026-46330 Linux Kernel: TCP ULP SMC Feature Violation (CVE-2026-46330)
CVE-2026-52904 Linux Kernel: Nouveau Driver Leak via Aperture Remove Failure
CVE-2026-52906 Linux kernel 9P 9p: Access Mode Flag OR bug allows privilege escalation
And others...
Spring
CVE-2026-41730 Spring Data REST 3.7.05.0.5 exception cause chain leakageCVE-2026-41843 Spring Framework 5.3.x-7.0.x Static Resource Path Traversal
CVE-2026-41846 Spring Framework 7.0.7 XSS via cssClass/cssErrorClass/cssStyle in JSP Form Tag
CVE-2026-41852 Spring Framework SpEL Zero-Arg Exec LPE 5.3-7.0.7
CVE-2026-47838 Spring Security X.509 CN Mismatch: SubjectDnX509PrincipalExtractor (5.7-6.5)
CVE-2026-41727 Spring Kafka 2.8-4.0.5 retry_topic header validation flaw
CVE-2026-41837 SPRING DATA REST 3.x5.0.x Querydsl Path Traversal via ARB PROP Keys
CVE-2026-41847 Spring WebFlux Kotlin Router DSL Security Bypass (5.3.0-5.3.48)
CVE-2026-41848 Spring Framework ReDoS in AntPathMatcher <=7.0.7 (match methods)
And others...
VMware Spring Framework
CVE-2026-41844 Spring MVC/WebFlux /** Mapping 302 Redirect EIP (5.3-7.0)CVE-2026-41697 Spring Data Relational QBE StringMatcher SQLi (4.0.x-3.0.x)
CVE-2026-41711 Spring Data Commons DoS via StackOverflowException (Sort) v2.74.0.5
CVE-2026-41716 Heap Exhaustion via Cache Key Leak in Spring Data Commons (2.7.0-4.0.5)
CVE-2026-41719 Spring Data KeyValue/Redis SpEL Injection via Sort (4.0.5)
CVE-2026-41838 Spring Framework WebSocket Session ID Predictability 5.3.x-7.0.x
CVE-2026-41839 Spring Framework WebFlux Session ID Escalation 5.348, 6.127, 6.218, 7.07.0.7
CVE-2026-41840 Spring WebFlux DoS via Multipart 5.37.0.7
CVE-2026-41842 Spring MVC/WebFlux Static Resource DoS 5.37.0.7
And others...
Adobe Acrobat
CVE-2026-47913 Adobe Acrobat Reader UAF Before 26.001.21651CVE-2026-47914 Use-After-Free in Adobe Acrobat Reader <26.001.21651
CVE-2026-47916 Acrobat Reader UAF before 26.001.21651: AAExec via malicious file
CVE-2026-47923 Acrobat Reader OOB Read v24-26 Disclosed
CVE-2026-47924 Acrobat Reader UEFAF Vulnerability <26.001.21651
CVE-2026-47911 Acrobat Reader OOB Write CVE-2026-47911 Before 26.001.21651
CVE-2026-47912 Acrobat Reader UAF in CVE-2026-47912, before 27 code exec
CVE-2026-47918 Use-After-Free (UAF) in Adobe Acrobat Reader <=26.001.21651
CVE-2026-47919 Adobe Acrobat Reader Use-After-Free in PDF Parser 24.x/26.x
And others...
Netgear
CVE-2026-0416 Netgear Router Functionality Modification via Admin Interface (CVE-2026-0416)CVE-2026-0414 NETGEAR Router Input Validation Flaw Allows Admin RCE (CVE-2026-0414)
CVE-2026-0410 Netgear Router Admin Auth Escalation via Local Net
CVE-2026-9212 NETGEAR Router Local Network Auth Bypass & Command Exec
CVE-2026-9210 NETGEAR Router Firmware: Authenticated Admin Input Validation Exploit
Adobe Experience Manager
CVE-2026-47993 Adobe Experience Manager 6.5.24 & earlier DOM XSS via crafted pageCVE-2026-47954 Adobe Experience Manager <6.5.25 XSS in Form Fields (CVE-2026-47954)
CVE-2026-47972 Adobe Experience Manager 6.5 <= 6.5.24 LTS SP1 - Stored XSS in form fields
CVE-2026-48256 Adobe Experience Manager <6.5.24 DOM XSS
CVE-2026-48258 Adobe Experience Manager <=6.5.24 LTS SP1 & 2026.04 DOMXSS
CVE-2026-48301 Stored XSS in Adobe Experience Manager 6.5.24 and earlier via form fields
CVE-2026-34692 Adobe Experience Manager < 6.5.24 DOM-based XSS
Adobe InDesign
CVE-2026-34700 CVE-2026-34700: InDesign Desktop <21.3 OOB Write, Arbitrary Code ExecutionCVE-2026-34699 Adobe InDesign Desktop Heap Buffer Overflow (v21.3, <20.5.3)
CVE-2026-34695 Stack-based Buffer Overflow in Adobe InDesign Desktop 21.3/20.5.3
CVE-2026-48293 InDesign Desktop OOB Write (v21.3, v20.5.3) Arbitrary Code Exec
CVE-2026-34701 Adobe InDesign Desktop Heap Overflow in 21.3/20.5.3 Arbitrary Code Exec
CVE-2026-34698 Heap Overflow in Adobe InDesign Desktop <21.3 (Arbitrary Exec)
SAP NetWeaver
CVE-2026-27671 SAP NetWeaver ABAP: Kernel RFC Memory Corruption VulnerabilityCVE-2026-44751 SAP ABAP Report Auth Bypass => Priv Escalation
CVE-2026-44746 XSS in SAP NetWeaver Java JDBC Test Servlet
Huawei Harmonyos
CVE-2026-41977 Denial of Service in Huawei Log ServiceCVE-2026-41982 Huawei IPC module race condition impacting availability
Microsoft Windows 10
CVE-2026-41108 Jun 2026: Windows DNS Client Elevation of Privilege VulnerabilityCVE-2026-40409 Jun 2026: Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerabili
CVE-2026-48563 Jun 2026: Remote Desktop Client Remote Code Execution Vulnerability
CVE-2026-48568 Jun 2026: Secure Boot Security Feature Bypass Vulnerability
CVE-2026-48570 Jun 2026: Secure Boot Security Feature Bypass Vulnerability
CVE-2026-48573 Jun 2026: Secure Boot Security Feature Bypass Vulnerability
CVE-2026-48574 Jun 2026: Windows Media Remote Code Execution Vulnerability
CVE-2026-48575 Jun 2026: Secure Boot Security Feature Bypass Vulnerability
CVE-2026-48576 Jun 2026: Secure Boot Security Feature Bypass Vulnerability
And others...
Microsoft Windows Server 2022
CVE-2026-40404 Jun 2026: Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege VulnerabiliCVE-2026-50508 Jun 2026: Windows NTLM Spoofing Vulnerability
CVE-2026-42904 Jun 2026: Windows TCP/IP Elevation of Privilege Vulnerability
CVE-2026-42906 Jun 2026: Windows Shell Information Disclosure Vulnerability
CVE-2026-42915 Jun 2026: Windows TCP/IP Denial of Service Vulnerability
