ScanForge Security Digest 2624-01

June 10, 2026200 items

44 critical73 high10 news

This week's security digest includes 0 actively exploited vulnerabilities (CISA KEV), 44 critical CVEs, and 73 high-severity CVEs. Review the details below and prioritize patching for any affected systems.

Critical

10.0 A path traversal vulnerability exists in the Git Service component shared by Altium Enterprise Serve CVE-2026-11429

10.0 The upload.cgi binary, responsible for processing device backups, contains a hardcoded AES encryptio CVE-2026-49201

10.0 The acer_cgi.log file in the device firmware is accessible without authentication via the web interf CVE-2026-49200

10.0 Web endpoints intended for the Acer Connect app improperly validate the HTTP Authorization header, f CVE-2026-49197

9.8 Termix 3 CVEs

CVE-2026-45748, CVE-2026-45750, CVE-2026-45746

9.8 GNCC GP5 v7.1.76 was discovered to utilize a weak hashing algorithm to protect the root password, po CVE-2026-36182

9.8 T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03, and T7281 v1.0.03 were discovered to conta CVE-2026-35905

9.8 Incorrect access control in the web management interface of T3 Technology CPE models T625Pro v1.0.07 CVE-2026-35904

9.8 An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in CVE-2026-24858

9.8 An improper verification of cryptographic signature vulnerability in Fortinet FortiWeb 8.0.0, FortiW CVE-2025-59719

9.8 A improper verification of cryptographic signature vulnerability in Fortinet FortiOS 7.6.0 through 7 CVE-2025-59718

9.8 http4k is a functional toolkit for Kotlin HTTP applications. Prior to version 6.50.0.0, there is a p CVE-2024-55875

High Severity

8.8 The Admin Columns plugin for WordPress is vulnerable to PHP Object Injection lea CVE-2026-7654

8.8 7-Zip is a file archiver with a high compression ratio. Versions 26.00 and prior CVE-2026-48095

8.8 Insufficient validation of untrusted input in Reading List in Google Chrome on i CVE-2026-11272

8.8 Insufficient policy enforcement in Compositing in Google Chrome prior to 149.0.7 CVE-2026-11235

8.8 Out of bounds memory access in ANGLE in Google Chrome prior to 149.0.7827.53 all CVE-2026-11191

8.8 Inappropriate implementation in ORB in Google Chrome prior to 149.0.7827.53 allo CVE-2026-11179

8.8 Use after free in Omnibox in Google Chrome prior to 149.0.7827.53 allowed a remo CVE-2026-11177

8.8 Incorrect security UI in Messages in Google Chrome on Android prior to 149.0.782 CVE-2026-11175

8.8 Incorrect security UI in Contact Picker in Google Chrome on Android prior to 149 CVE-2026-11172

8.8 Integer overflow in Skia in Google Chrome prior to 149.0.7827.53 allowed a remot CVE-2026-11124

+52 more products affected

Security News

Microsoft Exchange Flaw Lets Attackers Spoof Any Email Address Dark Reading

"Ghost-Sender" uses Exchange Online or on-premises in hybrid mode with a third-party mail server or spam filter to achie

SAP fixes critical flaws in NetWeaver and Commerce Cloud Bleeping Computer

SAP has released fixes for 15 vulnerabilities as part of its June 2026 Security Patch package, including four critical-s

Miasma Supply Chain Worm Burrows Into 73 Microsoft Repositories Dark Reading

The attacks stemmed from a GitHub account that was also compromised in a previous Miasmi attack on Microsoft last month.

Microsoft Patches 200 Vulnerabilities SecurityWeek

Three of the vulnerabilities fixed with the latest Patch Tuesday updates were publicly disclosed before Microsoft addres

Microsoft releases Windows 10 KB5094127 extended security update Bleeping Computer

Microsoft has released the Windows 10 KB5094127 extended security update, which fixes the June 2026 Patch Tuesday vulner

Adobe Patches 123 Vulnerabilities SecurityWeek

Nearly half of the security holes, most allowing arbitrary code execution, have been fixed in Adobe’s Experience Manager

Microsoft June 2026 Patch Tuesday fixes 3 zero-day, 200 flaws Bleeping Computer

Today is Microsoft's June 2026 Patch Tuesday, with security updates for 200 flaws and three publicly disclosed zero-day

Windows 11 KB5094126 & KB5093998 cumulative updates released Bleeping Computer

Microsoft has released Windows 11 KB5094126 and KB5093998 cumulative updates for versions 25H2/24H2 and 23H2 to fix secu

Exploits & Threats

[webapps] OpenEMR 7.0.2 - Arbitrary File Read