Plain-English vulnerability intelligence for small organisations, charities and community groups. We only publish when a vulnerability is actively exploited, widely reported, or relevant to common small-business technology.
Current vulnerability briefs appear here during the month. At the start of the next month, they are moved into the monthly archive.
05 June 2026
CVE-2026-20245
A serious security flaw has been found in Cisco's SD-WAN Manager software that could allow attackers with certain access to take full control of the system. This matters because it could lead to unauthorised changes and disruptions in your network.
Read brief05 June 2026
CVE-2026-3300
A serious security weakness has been found in the Everest Forms Pro plugin for WordPress, allowing attackers to run harmful code on your website without needing to log in. This affects all versions up to 1.9.12 and could let hackers take control of your site if you use the plugin's calculation features.
Read brief04 June 2026
CVE-2026-23479
A serious security flaw has been found in Redis, a common software used to manage data quickly. This flaw could allow attackers to take control of affected systems remotely. A fix is available, so it is important to update to the latest version to stay safe.
Read brief04 June 2026
CVE-2026-20230
A serious security flaw has been found in Cisco's Unified Communications Manager, a system used to manage business phone calls. This flaw could let attackers remotely take control of the system if a specific feature is enabled. It is important to check if your organisation uses this system and take steps to protect it.
Read brief04 June 2026
A recent report highlights a serious security weakness that could allow hackers to take control of systems through common technologies like Windows, VPNs, and firewalls. This shows why small organisations should carefully select managed detection and response (MDR) providers to protect against such threats.
Read brief03 June 2026
CVE-2026-45247
A critical security vulnerability has been found in the Mirasvit Full Page Cache Warmer plugin for Magento 2. This flaw allows attackers to run harmful code on your website without needing to log in, potentially compromising your business data and website operations.
Read brief03 June 2026
CVE-2026-8206
A serious security flaw has been found in the Kirki plugin for WordPress that could allow attackers to reset passwords and take control of user accounts, including admin accounts. This matters because it could let someone hijack your website without needing to log in first.
Read brief02 June 2026
CVE-2025-48595
A serious security flaw in the Android operating system's core framework has been found and is already being exploited by attackers. This flaw allows hackers to run harmful code on affected devices without needing the user to do anything, potentially giving them full control over the device.
Read brief02 June 2026
CVE-2022-0492
A serious security weakness has been found in the Linux operating system kernel that could allow attackers to gain higher access rights than they should have. This flaw is actively being exploited and affects many systems using Linux, which is common in small business servers and cloud services.
Read brief02 June 2026
CVE-2025-8088
A serious security flaw in the Windows version of WinRAR has been found and actively exploited by attackers. This flaw allows hackers to run harmful software by tricking users into opening specially crafted archive files. Since many small businesses use Windows and WinRAR, this vulnerability could put your organisation at risk.
Read brief01 June 2026
CVE-2024-21182
A serious security flaw has been found in Oracle WebLogic Server that could allow attackers to access sensitive data without needing a password. This vulnerability is actively being exploited and affects certain versions of the software commonly used in business environments.
Read brief01 June 2026
CVE-2026-0826
A serious security weakness has been found in certain Poly Voice products running on Linux. This flaw could allow attackers to run harmful software remotely, potentially compromising your phone system and business communications.
Read brief01 June 2026
CVE-2026-8732
A serious security weakness has been found in the WP Maps Pro plugin for WordPress that could allow attackers to create an administrator account without permission. This means hackers could gain full control of your website, potentially leading to data loss or damage.
Read brief31 May 2026
CVE-2026-43284
A serious security flaw has been found and fixed in the Linux operating system's handling of certain encrypted network data packets. This could allow attackers to run harmful code remotely, potentially taking control of affected systems. Small businesses using Linux servers or devices should ensure their systems are updated to stay protected.
Read brief31 May 2026
CVE-2026-43500
A serious security issue has been found and fixed in the Linux operating system kernel that could allow attackers to run harmful code remotely or gain higher access privileges. This matters because many small businesses use Linux-based systems, and if not updated, they could be at risk.
Read brief31 May 2026
CVE-2026-35616
A serious security weakness has been found in Fortinet FortiClient EMS versions 7.4.5 and 7.4.6. This flaw could let hackers run harmful commands without needing to log in, potentially leading to stolen information or other damage. Small businesses using this software should act quickly to protect themselves.
Read brief30 May 2026
CVE-2022-28368
A serious security weakness has been found in Dompdf, a tool used to convert web pages into PDF files. This flaw could allow hackers to run harmful code on your website, potentially leading to full control of your systems. Small businesses using Dompdf, especially within platforms like WordPress or Linux servers, should act quickly to protect themselves.
Read brief30 May 2026
CVE-2026-3055
A serious security weakness has been discovered in Citrix NetScaler devices used for secure remote access. This flaw could allow attackers to access sensitive information or take control of the system, posing a significant risk to organisations relying on these devices.
Read brief30 May 2026
CVE-2026-4257
A serious security weakness has been found in the Contact Form by Supsystic plugin for WordPress. This flaw could allow attackers to take control of your website without needing to log in, potentially leading to data theft or damage. Small organisations using this plugin should act quickly to protect their sites.
Read brief29 May 2026
CVE-2026-0257
A security weakness has been found in the VPN software used by Palo Alto Networks, which could allow attackers to connect without proper login. This matters because it could let unauthorised people access your organisation’s network remotely.
Read brief29 May 2026
CVE-2026-26194
A serious security flaw has been found in Gogs, a popular tool for managing code projects. This flaw could let attackers run harmful commands on your system if you use an older version of Gogs. It’s important to update to the latest version to keep your data and systems safe.
Read brief29 May 2026
CVE-2026-39987
A serious security weakness has been found in Marimo, a Python notebook tool used for interactive coding. This flaw lets attackers run commands on your system without logging in, potentially taking full control. The issue affects versions before 0.23.0 and has been fixed in the latest update.
Read brief28 May 2026
CVE-2024-39930
A serious security weakness has been found in Gogs, a software tool used for managing code repositories. This flaw could allow someone with access to the system to run harmful commands remotely, potentially taking control of the affected computer. This matters because it could lead to data loss or disruption if exploited.
Read brief28 May 2026
CVE-2024-39932
A serious security weakness has been found in Gogs, a tool some businesses use to manage software code. This flaw could let attackers run harmful commands on your system if they have access, potentially leading to data loss or system damage.
Read brief28 May 2026
CVE-2024-39933
A security weakness has been reported in Gogs, a tool some small organisations use to manage software projects. This flaw could allow someone with access to the system to run harmful commands remotely. It is important to check if you use this software and take steps to protect your organisation.
Read brief27 May 2026
CVE-2026-45321
A serious security problem was found in many TanStack software packages used in web development. Attackers managed to publish harmful versions of these packages that can steal credentials, posing a risk to organisations using them. This issue is actively being exploited, so urgent action is needed.
Read brief27 May 2026
CVE-2026-8398
A serious security problem has been found in certain versions of Daemon Tools Lite for Windows. Between early April and early May 2026, the official installation files were tampered with to include harmful software. This means users who installed or updated the program during that time may have unknowingly put their computers at risk.
Read brief27 May 2026
CVE-2026-48027
A critical security problem was found in a popular software tool called Nx Console, used by developers. A malicious version was briefly available, potentially exposing users to harm. Immediate action is recommended to protect your organisation.
Read brief26 May 2026
CVE-2026-45659
A serious security flaw has been found in Microsoft Office SharePoint that could let attackers run harmful software remotely. This matters because SharePoint is commonly used by many small organisations to manage documents and collaborate, so the risk of data loss or disruption is real if the flaw is not fixed.
Read brief26 May 2026
A serious security flaw in Drupal, a popular website platform, is being actively exploited by attackers. This vulnerability allows hackers to run harmful commands on affected websites, potentially leading to data theft or website damage. Immediate action is recommended to protect your site.
Read brief25 May 2026
CVE-2026-26980
A serious security weakness has been found in Ghost, a popular website management tool used by many small businesses. This flaw allows attackers to access sensitive information without needing to log in. It has already been used to attack hundreds of sites, so updating the software is essential.
Read brief25 May 2026
Recent reports reveal serious security weaknesses in Linux systems and common routers that hackers can exploit immediately. These flaws could allow attackers to take control of devices or create botnets, posing risks to small businesses relying on these technologies.
Read brief24 May 2026
CVE-2023-7101
A serious security flaw has been found in a common tool used to read Excel files in some software. This flaw could allow attackers to run harmful code on your computer if you open a malicious Excel file. It’s important for small organisations to be aware and take steps to protect themselves.
Read brief24 May 2026
CVE-2026-31431
A serious security flaw has been found and fixed in the Linux kernel's encryption system. This flaw could allow attackers to run harmful code remotely, putting your systems at risk. It is important for organisations using Linux-based systems to ensure they have applied the latest updates to stay protected.
Read brief24 May 2026
CVE-2026-48172
A serious security weakness has been found in the LiteSpeed User-End cPanel Plugin that could allow attackers to gain full control of affected servers. This flaw is actively being exploited, meaning hackers are already using it to run harmful commands as the highest-level user.
Read brief23 May 2026
CVE-2026-9082
A security flaw has been found in Drupal, a popular website platform, that could allow attackers to access or control your website's data. This vulnerability is actively being exploited, so it is important for organisations using Drupal to take action quickly.
Read brief23 May 2026
CVE-2023-7102
A serious security weakness has been found in certain Barracuda Email Security Gateway (ESG) appliances that could allow attackers to take control remotely. This matters because many small organisations use these devices to protect their email, and if not fixed, it could lead to data breaches or disruption.
Read brief23 May 2026
CVE-2026-24479
A serious security weakness has been found in HUSTOF, an open-source system used for programming contests and training. This flaw could allow attackers to run harmful code on the server by uploading specially crafted files. It is important to check if your organisation uses this software and update it promptly to avoid risks.
Read brief22 May 2026
CVE-2025-34291
A serious security weakness has been found in Langflow, an AI-related software used by some businesses. This flaw lets attackers hijack user accounts and run harmful code remotely, potentially taking full control of affected systems. It is actively being exploited, so urgent action is needed.
Read brief22 May 2026
CVE-2026-34926
A serious security flaw has been found and actively exploited in Trend Micro Apex One, a popular security product used by many organisations. This means attackers can potentially access sensitive parts of your system if the software is not updated or protected properly.
Read brief22 May 2026
CVE-2026-45498
A new vulnerability in Microsoft Defender has been identified that could allow attackers to cause the software to stop working properly. This issue is actively being exploited, meaning attackers are using it in the wild. It is important for small businesses using Microsoft Defender to take action to reduce the risk.
Read brief21 May 2026
CVE-2008-4250
A serious security flaw in older Microsoft Windows systems has been confirmed as actively exploited by attackers. This vulnerability allows remote hackers to run harmful code on affected computers, posing a significant risk to organisations still using these versions.
Read brief21 May 2026
CVE-2009-1537
A serious security weakness in Microsoft DirectX, a common Windows component, is being actively exploited by attackers. This vulnerability allows harmful files to run dangerous code on affected computers, posing a risk to organisations using older Windows systems.
Read brief21 May 2026
CVE-2010-0806
A serious security weakness has been confirmed in older versions of Microsoft Internet Explorer, which hackers are actively exploiting. This flaw could allow attackers to take control of affected computers remotely, making it important for organisations still using these browsers to act quickly.
Read brief20 May 2026
CVE-2010-0249
A serious security flaw affecting older versions of Microsoft Internet Explorer has been officially recognised as actively exploited by attackers. This vulnerability could allow hackers to take control of affected computers remotely, posing a significant risk to organisations still using these outdated browsers.
Read brief20 May 2026
CVE-2009-3459
A serious security flaw in older versions of Adobe Acrobat and Reader has been confirmed as actively exploited by attackers. This vulnerability allows hackers to run harmful code on your computer through a malicious PDF file. It is important for organisations using these products to take immediate action to protect their systems.
Read brief20 May 2026
CVE-2026-41091
A serious security flaw has been found in Microsoft Defender that could allow attackers with some access to your computer to increase their control. This vulnerability is actively being exploited, so it is important for organisations using Microsoft Defender to act quickly.
Read brief19 May 2026
CVE-2026-31635
A serious security flaw has been found and fixed in the Linux operating system kernel, which could allow attackers to gain higher access rights than they should have. This matters because many small businesses use Linux servers or devices, and if unpatched, this vulnerability could be exploited to take control of systems.
Read brief19 May 2026
A new security flaw has been found in Windows that can let attackers gain full control of a computer, even if it is fully updated. This is serious because it allows hackers to do almost anything on the affected system.
Read brief19 May 2026
A new security flaw called DirtyDecrypt has been found in Linux systems that could allow hackers to gain full control of affected computers. This matters because Linux is commonly used in many small business systems and AI applications, and an exploit is already available.
Read brief18 May 2026
CVE-2026-8043
A serious security weakness has been found in Ivanti Xtraction software versions before 2026.2. This flaw could let attackers access sensitive files and add harmful web content, potentially exposing your organisation to data leaks and attacks on users.
Read brief18 May 2026
CVE-2026-42945
A serious security flaw has been found in NGINX web server software that can cause website crashes and potentially allow attackers to run harmful code. This matters because many small businesses use NGINX to manage their websites, and if not fixed, it could disrupt services or lead to data breaches.
Read brief18 May 2026
CVE-2023-30253
A serious security weakness has been found in Dolibarr, a popular business management software. This flaw could let someone with access to the system run harmful code, potentially causing damage or stealing information. Small organisations using Dolibarr should take steps to protect themselves.
Read brief17 May 2026
CVE-2024-48760
A serious security weakness has been found in GestioIP version 3.5.7, a tool used for managing IP addresses. This flaw allows attackers to upload harmful files that can take control of the system remotely. It is important because it could let hackers run commands on your system without permission.
Read brief17 May 2026
CVE-2025-6793
A serious security weakness has been found in Marvell QConvergeConsole software that could let attackers remotely delete important files and access sensitive information without needing to log in. This matters because it can disrupt your systems and expose private data.
Read brief17 May 2026
CVE-2026-0265
A serious security weakness has been found in Palo Alto Networks firewall software that could allow attackers to bypass login controls if a specific cloud authentication feature is enabled. This matters because it could let unauthorised users access your network management settings, potentially compromising your security.
Read brief16 May 2026
CVE-2026-20182
A serious security flaw has been found and fixed in Cisco's Catalyst SD-WAN Controller that could let attackers bypass login controls and gain high-level access to network settings. This is important because it affects how securely your network is managed and could allow attackers to change your network without permission.
Read brief16 May 2026
CVE-2026-42897
A serious security flaw in Microsoft Exchange Server has been found and is currently being exploited by attackers. This vulnerability allows hackers to trick users and potentially gain access to your network through crafted emails. It is important for organisations using Exchange Server to act quickly to protect themselves.
Read brief16 May 2026
CVE-2026-20127
A serious security weakness has been found in Cisco SD-WAN Controllers that could allow attackers to bypass login controls and gain high-level access to your network management system. This matters because it could let attackers change your network settings without permission, potentially disrupting your business or exposing sensitive information.
Read brief14 May 2026
CVE-2026-46300
A new security flaw has been found in the Linux operating system used by many small business devices like network storage (NAS) and AI systems. This flaw could allow attackers to gain full control of affected devices, which is serious but can be managed with proper updates and checks.
Read brief14 May 2026
CVE-2020-13949
A serious security weakness has been found in Apache Thrift software used in some business applications. This flaw could allow attackers to overload systems, causing them to crash and stop working. It is important to check if your systems use this software and apply updates to prevent disruption.
Read brief14 May 2026
CVE-2025-14179
A serious security flaw has been found in certain versions of PHP software that could allow attackers to access or change your business data without permission. This matters because many websites and applications use PHP, and if not fixed, it could lead to data theft or disruption.
Read brief13 May 2026
CVE-2026-31705
A critical security flaw has been found and fixed in the Linux kernel's file sharing component, which could allow attackers to overwrite memory and potentially take control of affected systems. This matters because many small organisations use Linux-based servers or devices for file sharing and could be at risk if not updated.
Read brief13 May 2026
CVE-2026-31718
A serious security flaw has been fixed in the Linux kernel's file sharing system that could allow attackers to cause crashes or run harmful code remotely. This matters because many small organisations use Linux servers for file sharing, and unpatched systems could be at risk.
Read brief13 May 2026
CVE-2026-33117
A serious security weakness has been found in Microsoft Azure software that could allow hackers to bypass important security checks remotely. This could put small businesses using Microsoft cloud services or related software at risk if not addressed quickly.
Read brief12 May 2026
CVE-2026-41940
A serious security weakness has been found in cPanel, a popular tool used to manage websites and hosting. This flaw lets attackers bypass login security and access the control panel without permission, potentially putting your website and data at risk.
Read briefMonthly archives are created automatically at the start of each month. Archives older than six months are removed automatically.
