CVE publication activity was elevated over the past 24 hours, with a heavy concentration of high/critical issues across web applications and platforms. A notable theme is authorization/authentication failure leading to account takeovers, privilege escalation, or cross-tenant access, alongside widespread injection and scripting flaws (SQLi/XSS/command injection) and repeated patterns of file read/write and path traversal. Networking and infrastructure components also featured prominently, especially Netty-related denial-of-service and resource-exhaustion variants, plus critical memory-safety style vulnerabilities in multiple ecosystems. Several vendors were repeatedly represented in the data, including security@wordfence.com, security-advisories@github.com, secalert@redhat.com, and security@apache.org, suggesting continued batch releases that teams should prioritize for patch validation.Friday, June 12, 2026
Top 10 by CVSS 4.0 score, with vector details and affected-product breadth.
| CVE ID | Product | Severity | CVSS 4.0 score | CVSS 4.0 vector | Official CPEs | Remediation type |
|---|---|---|---|---|---|---|
| CVE-2026-47131 | vm2 | Critical | 10.0 | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H | 1 | upgrade |
| CVE-2026-47140 | vm2 | Critical | 10.0 | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H | 1 | upgrade |
| CVE-2026-45172 | CyberArk Idira Privileged Session Manager | Critical | 10.0 | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H | 0 | upgrade |
| CVE-2026-47137 | vm2 | Critical | 9.5 | CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H | 1 | upgrade |
| CVE-2026-47208 | vm2 | Critical | 9.5 | CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H | 1 | upgrade |
| CVE-2026-47210 | vm2 | Critical | 9.5 | CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H | 1 | upgrade |
| CVE-2026-53787 | Amasty Order Attributes | Critical | 9.5 | CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H | 1 | upgrade |
| CVE-2026-48546 | KanaDojo | Critical | 9.5 | CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H | 0 | upgrade |
| CVE-2026-47367 | UID Enterprise Agent | Critical | 9.4 | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H | 0 | none |
| CVE-2026-42846 | ClipBucket | Critical | 9.4 | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H | 2 | upgrade |
| CNA | New CVEs |
|---|---|
| security-advisories@github.com | 101 |
| chrome-cve-admin@google.com | 28 |
| disclosure@vulncheck.com | 21 |
| product-security@apple.com | 12 |
| security@apache.org | 11 |
| 44488dab-36db-4358-99f9-bc116477f914 | 10 |
| psirt@paloaltonetworks.com | 10 |
| support@hackerone.com | 10 |
| twcert@cert.org.tw | 8 |
| secalert@redhat.com | 7 |
| Title | New CVEs | Remediation types |
|---|---|---|
| Google Chrome | 28 | upgrade |
| Netty | 14 | upgrade |
| Apache CXF | 11 | upgrade |
| Axios | 9 | upgrade |
| vm2 | 9 | upgrade |
| Apple macOS Sequoia | 7 | upgrade |
| Nuxt | 7 | upgrade |
| ClipBucket | 5 | upgrade |
| Frappe | 5 | upgrade |
| Vim | 5 | upgrade |
Use of this data is subject to our Terms. Scraping, bulk extraction, redistribution, and AI/ML training are prohibited.
