ScanForge Security Digest 2623-01

June 4, 2026200 items

42 critical0 high10 news

This week's security digest includes 0 actively exploited vulnerabilities (CISA KEV), 42 critical CVEs, and 0 high-severity CVEs. Review the details below and prioritize patching for any affected systems.

Critical

10.0 Improper Neutralization of Special Elements used in an SQL C 26 CVEs

CVE-2024-13152, CVE-2024-1100, CVE-2024-0851, CVE-2024-8950, CVE-2024-13150 +21 more

10.0 Improper Limitation of a Pathname to a Restricted Directory 2 CVEs

CVE-2024-6445, CVE-2024-8262

10.0 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerabi CVE-2024-6917

10.0 Omron CX-One CX-Programmer before 9.6, CJ2M PLC devices before 2.1, and CJ2H PLC devices before 1.5 CVE-2015-0987

9.9 Sonicverse is a Self-hosted Docker Compose stack for live radio streaming. The Sonicverse Radio Audi CVE-2026-40089

9.9 Authentication Bypass Using an Alternate Path or Channel vulnerability in GST Electronics inohom Nov CVE-2024-6684

9.9 Incorrect Permission Assignment for Critical Resource vulnerability in PruvaSoft Informatics Apinize CVE-2024-5618

9.8 A Deserialization of Untrusted Data vulnerability affecting Teamwork Cloud from No Magic Release 202 CVE-2026-7858

9.8 In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: add bounds checks in CVE-2026-23112

9.8 CWE - 89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vuln CVE-2024-13151

9.8 Plaintext Storage of a Password vulnerability in Eliz Software Panel allows : Use of Known Domain Cr CVE-2024-5960

9.8 Authorization Bypass Through User-Controlled Key vulnerability in Talya Informatics Travel APPS allo CVE-2024-1107

Security News

Coralogix Raises $200M at $1.6B Valuation to Scale AI Observability Platform SecurityWeek

Coralogix offers a full-stack observability platform that unifies logs, metrics, traces, security, and AI observability.

CISA warns of active attacks exploiting Android, Linux bugs Bleeping Computer

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning that hackers are exploiting vulnerabilities

What 345 Days of Untested Exposure Looks Like at a Bank Bleeping Computer

A two-week penetration test can leave roughly 345 days of real-world exposure unvalidated. Sprocket Security explores wh

Kirki, Burst Statistics WordPress Plugin Flaws in Attackers’ Crosshairs SecurityWeek

Threat actors are exploiting vulnerable Kirki and Burst Statistics deployments to elevate privileges and take over websi

Security of 100 AI Agents Tested and Ranked – What You Need to Know SecurityWeek

The AI Risk Quadrant evaluates AI agents based on three factors: how vulnerable they are to compromise, the potential im

One-Click GitHub Dev Attack Lets Attackers Steal Full GitHub OAuth Tokens The Hacker News

Cybersecurity researchers have disclosed a one-click attack via Microsoft Visual Studio Code (VS Code) that makes it pos

Hackers Target Global Stock Exchange in Espionage Operation SecurityWeek

The attackers had access to a senior executive’s email account for 150 days and exfiltrated data for months. The post Ha

IMA Diligence Services Data Breach Impacts 525,000 People SecurityWeek

The affected individuals’ personal information was stolen from a legacy server managed by a third party. The post IMA Di

Exploits & Threats

[webapps] WordPress OrderConvo 14 - Path Traversal

[webapps] Drupal Core 10.5.5 - Error-Based SQL Injection