ScanForge Security Digest 2624-02

June 13, 2026200 items

39 critical52 high10 news

This week's security digest includes 0 actively exploited vulnerabilities (CISA KEV), 39 critical CVEs, and 52 high-severity CVEs. Review the details below and prioritize patching for any affected systems.

Critical

10.0 Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier are affected by an Incorrect Auth CVE-2026-48303

10.0 An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versi CVE-2026-10520

9.9 Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of CVE-2026-50566

9.9 An Authentication Bypass vulnerability (CWE-288) in Ivanti Sentry before the R10.5.2, R10.6.2 and R1 CVE-2026-10523

9.8 Improper neutralization of special elements used in an expression language statement ('expression la CVE-2026-11561

9.8 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Upda CVE-2026-35273

9.8 Stack-based buffer overflow in Windows DHCP Client allows an unauthorized attacker to execute code o CVE-2026-44815

9.8 Improper neutralization of special elements used in an SQL c 3 CVEs

CVE-2026-8025, CVE-2026-42647, CVE-2026-39494

9.8 A improper neutralization of special elements used in an os command ('os command injection') vulnera CVE-2026-25089

9.8 DBI versions before 1.648 for Perl saved errors in a limited-sized buffer. Error messages that were CVE-2026-9698

9.8 YesWiki is a wiki system written in PHP. Prior to version 4.6.6, an unsafe execution vulnerability e CVE-2026-52778

9.8 Buffer Underwrite vulnerability in Apache HTTP Server on crafted regular expressions in the configur CVE-2026-44631

High Severity

8.8 Use after free in Views in Google Chrome on Windows prior to 149.0.7827.115 allo CVE-2026-12035

8.8 Use after free in Autofill in Google Chrome on Mac prior to 149.0.7827.115 allow CVE-2026-12020

8.8 Inappropriate implementation in Mojo in Google Chrome on Windows prior to 149.0. CVE-2026-12018

8.8 Use after free in Media in Google Chrome on Windows prior to 149.0.7827.115 allo CVE-2026-12013

8.8 Use after free in Core in Google Chrome on Windows prior to 149.0.7827.115 allow CVE-2026-12007

8.8 This issue was addressed with improved checks to prevent unauthorized actions. T CVE-2025-24284

8.8 Improper Control of Generation of Code ('Code Injection') vulnerability in Apach CVE-2026-50223

8.8 A privilege escalation vulnerability in Apache OFBiz allows a low-privileged aut CVE-2026-47342

8.8 In Jenkins 2.567 and earlier, LTS 2.555.2 and earlier, it is possible for attack CVE-2026-53435

8.8 Heap-based buffer overflow in Remote Desktop Client 2 CVEs CVE-2026-47653, CVE-2026-47289

+32 more products affected

Security News

Friday Squid Blogging: Squid-Inspired Fluid Pump Schneier on Security

This fluid pump was inspired by the way squids propel themselves through the water. As usual, you can also use this squi

ShinyHunters Uses Oracle Zero-Day to Rampage Higher Ed Dark Reading

A major bug in Oracle's ERP software disproportionately affected American universities, and hackers have capitalized by

Maine disables data breach notification portal after fake disclosures Bleeping Computer

Maine has taken its public data breach reporting portal offline after fraudulent breach disclosures were published on th

Over 400 Arch Linux AUR Packages Hijacked to Deploy Infostealer and eBPF Rootkit The Hacker News

Attackers took over more than 400 packages in the Arch User Repository (AUR) this week and rewrote their build scripts t

Google Sues Chinese Smishing Network Accused of Using Gemini AI in Phishing The Hacker News

Google on Friday said it's pursuing legal action against a Chinese cybercrime network, accusing it of using its Gemini a

phpBB forum fixes auth bypass bug lurking for a decade Bleeping Computer

A 10-year-old authentication bypass vulnerability discovered in the phpBB forum software allows an attacker to log in as

China-Linked Hackers Backdoored Linux Login Software to Hide for Nearly a Decade The Hacker News

Instead of hiding on the laptops and servers defenders watch most closely, a China-nexus group spent close to a decade h

Ukrainian national pleads guilty to role in Conti ransomware operation Bleeping Computer

A Ukrainian national extradited from Ireland to the United States last year has pleaded guilty to conspiracy charges tie