ScanForge Security Digest 2625-01

200 items
41 critical91 high10 news

This week's security digest includes 0 actively exploited vulnerabilities (CISA KEV), 41 critical CVEs, and 91 high-severity CVEs. Review the details below and prioritize patching for any affected systems.

Critical

41
10.0 vm2 4 CVEs
9.9 Nezha Monitoring 2 CVEs
9.9 A malicious actor with access to the network and low privile 3 CVEs
9.8 In the Linux kernel, the following vulnerability 3 CVEs

High Severity

91
8.9 Covert timing channel vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA CVE-2026-5598
8.8 Improper neutralization of formula elements in a CSV file vulnerability in MIA T CVE-2026-5242
8.8 Incorrect Privilege Assignment vulnerability in ThemeGrill Masteriyo - LMS allow CVE-2026-49111
8.8 Authentication Bypass Using an Alternate Path or Channel vulnerability in WP Eng CVE-2026-49062
8.8 Answer My Question 1.3 plugin for WordPress contains an SQL injection vulnerabil CVE-2016-20073
8.8 BBS e-Franchise 1.1.1 plugin for WordPress contains an SQL injection vulnerabili CVE-2016-20072
8.8 The 404 Redirection Manager plugin version 1.0 for WordPress contains an unauthe CVE-2016-20071
8.8 WordPress Booking Calendar Contact Form 1.0.23 contains an unauthenticated blind CVE-2016-20069
8.8 WordPress Booking Calendar Contact Form version 1.0.23 contains an unauthenticat CVE-2016-20068
8.8 All V1 collection-level endpoints in ChromaDB's Python project pass None for the CVE-2026-45832

+55 more products affected

Security News

10
DOJ seizes CFAKE, SOCFAKE deepfake nude sites under TAKE IT DOWN Act Bleeping Computer

The U.S. Department of Justice announced Friday that it has seized the CFAKE.com and SOCFAKE.com websites, which alleged

SimpleHelp bug lets hackers create rogue remote support accounts Bleeping Computer

A vulnerability in the SimpleHelp remote management software allows unauthenticated attackers to create privileged techn

Chinese Hackers Abused Google Workspace Rules to Steal Research and Defense Emails The Hacker News

A China-linked espionage group hid inside North American medical, academic, and military research networks for more than

North Korean Hackers Are Turning Developer Tools Into Malware Delivery Channels The Hacker News

Cybersecurity researchers have flagged two malicious cyber campaigns that exhibit similarities with a persistent North K

Copilot 'SearchLeak' Attack Allows 1-Click Data Theft Dark Reading

The critical, three-stage attack is now patched, but it's part of a new group of AI prompt-injection issues that use hid

OptinMonster WordPress plugin hacked in CDN supply-chain attack Bleeping Computer

WordPress plugins OptinMonster, TrustPulse, and PushEngage have been compromised in a supply-chain attack impacting Awes

Cisco fixes SD-WAN vManage flaw exploited in zero-day attacks Bleeping Computer

Cisco has released security updates to address a vulnerability in the Catalyst SD-WAN Manager, tracked as CVE-2026-20262

China-Nexus Actor Spy on US Researchers Undetected for a Year Dark Reading

Google discovered and disrupted the sprawling campaign, which stole RedCAP credentials to target numerous institutions a

Content aggregated from NIST/NVD, CISA, CERT/CC, and public security news sources. External articles are linked to their original source.