A3
20 Microsoft Edge: Multiple Vulnerabilities
BSI warns of multiple vulnerabilities in Microsoft Edge enabling active security bypass and code execution; specific CVE numbers and patch status are not detailed in the source.
High
What has changed?
Comparing 13 June 2026 with the previous day 6 June 2026.
Newly added
1Newly KEV-listed
0No changes in this category.
Score moved
0No changes in this category.
No longer in report
19 NEW C3
80 Miasma Worm Hits 73 Microsoft GitHub Repositories in Major Supply Chain Attack
The Miasma worm campaign demonstrates active exploitation of Microsoft development infrastructure, suggesting targeted attacks on software suppliers that could directly affect manufacturing organisations dependent on Microsoft technologies.
Critical
B2
68 ZDI-26-222: (Pwn2Own) Canon imageCLASS MF654Cdw BJNP Memory Corruption Remote Code Execution Vulnerability
Pwn2Own-winning vulnerability in Canon imageCLASS MF654Cdw enables unauthenticated remote code execution via BJNP protocol with critical network accessibility.
High
CVSS
9.8
EPSS
0%
B2
68 ZDI-26-208: (Pwn2Own) Canon imageCLASS MF654Cdw TTF Parsing Integer Overflow Remote Code Execution Vulnerability
An integer overflow vulnerability in Canon printers discovered at Pwn2Own enables unauthenticated network-adjacent remote code execution with high severity (CVSS 8.8).
High
CVSS
9.8
EPSS
0%
B2
68 ZDI-26-207: (Pwn2Own) Canon imageCLASS MF654Cdw dtdc_addr_importSub Stack-based Buffer Overflow Remote Code Execution Vulnerability
An unauthenticated stack-based buffer overflow in Canon printers enables direct remote code execution with high CVSS (8.8), requiring no user interaction.
High
CVSS
9.8
EPSS
0%
B2
68 ZDI-26-205: (Pwn2Own) Canon imageCLASS MF654Cdw PJCC Request Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
Unauthenticated remote code execution on Canon MFP devices is possible; devices are typically network-accessible and could serve as a lateral-movement vector.
High
CVSS
9.8
EPSS
0%
B2
68 ZDI-26-203: (Pwn2Own) Canon imageCLASS MF654Cdw XML SOAP Request Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
Heap-based buffer overflow in SOAP/XML parsing enables unauthenticated remote code execution on Canon imageCLASS printers from network-adjacent attacker positions , not Internet-wide exploitable.
High
CVSS
9.8
EPSS
0%
B2
56 ZDI-26-276: Microsoft Windows Secure Kernel Double Free Local Privilege Escalation Vulnerability
Local privilege escalation in Windows Secure Kernel requires prior code-execution capability; relevant for internal threat models involving compromised local accounts.
Medium
CVSS
7.8
EPSS
0%
B2
56 ZDI-26-184: Microsoft Windows NDIS Driver Use-After-Free Local Privilege Escalation Vulnerability
A use-after-free vulnerability in the Windows NDIS driver allows local attackers to escalate privileges, but requires prior ability to execute low-privileged code on the target system.
Medium
CVSS
7.8
EPSS
0%
B2
56 ZDI-26-186: Fortinet FortiClient Link Following Local Privilege Escalation Vulnerability
A local privilege escalation flaw in FortiClient allows elevation with high CVSS score; attackers must first obtain low-privilege code execution.
Medium
CVSS
7.8
EPSS
0%
B2
53 ZDI-26-266: Fortinet FortiWeb cat_cgi_paths Out-Of-Bounds Write Remote Code Execution Vulnerability
An authentication-required RCE vulnerability in FortiWeb with a critical CVSS score requires patch prioritisation.
Medium
CVSS
7.2
EPSS
0%
B2
51 ZDI-26-277: Microsoft Windows afd.sys Race Condition Local Privilege Escalation Vulnerability
Local privilege escalation in Windows afd.sys driver via race condition; CVSS 7.8 requires pre-existing code execution context.
Medium
CVSS
7.0
EPSS
0%
B2
51 ZDI-26-278: Microsoft Windows win32kfull Improper Locking Local Privilege Escalation Vulnerability
Local privilege escalation in win32kfull (CVSS 7.8) requires prior code execution on the target system but presents a critical escalation path for attackers who have already compromised the system.
Medium
CVSS
7.0
EPSS
0%
B2
51 ZDI-26-182: Microsoft Windows win32full Improper Release Local Privilege Escalation Vulnerability
A local privilege escalation vulnerability in Windows requires prior low-privileged code execution on the target system as a prerequisite for exploitation.
Medium
CVSS
7.0
EPSS
0%
B2
51 ZDI-26-181: Microsoft Windows win32full Improper Release Local Privilege Escalation Vulnerability
Local privilege escalation in Windows core component with CVSS 7.8 requires prior code execution with low privileges.
Medium
CVSS
7.0
EPSS
0%
B2
51 ZDI-26-179: Microsoft Windows win32kfull Improper Locking Local Privilege Escalation Vulnerability
A local privilege escalation vulnerability in the Windows win32kfull component with CVSS 8.8 requires an attacker to first execute low-privileged code to escalate to higher privilege levels.
Medium
CVSS
7.0
EPSS
0%
NEW C3
20 Microsoft Fixes One-Click GitHub Dev Attack That Let Attackers Steal OAuth Tokens
A one-click vulnerability in VS Code/GitHub.dev allows attackers to steal GitHub OAuth tokens that grant read and write access to private repositories.
High
NEW UNC3753 C3
20 Google warns: Attackers impersonate IT technicians and enter offices
The group UNC3753 exploits social engineering and physical access (posing as fake IT technicians) for direct data exfiltration via USB drives, a high-risk attack pattern against organizations with weak physical access controls.
High
NEW C3
17 AI Agent Uncovers 21 Zero-Days in FFmpeg; Chrome Patches Record 429 Bugs
Autonomous AI agents significantly accelerate zero-day discovery; this creates pressure on patch cycles and requires robust dependency-management processes.
High
C3
17 Microsoft Issues Out-of-Band SharePoint Patch
The out-of-band patch prioritization underscores that Microsoft considers the vulnerability time-critical; despite the absence of public exploits and in-the-wild exploitation, rapid deployment is recommended given SharePoint's history as a high-value target.
High