Unauthenticated-Attack

🔴 Critical | Source: The Hacker News F5 has patched two critical vulnerabilities in NGINX Open Source, both of which could allow a remote, unauthenticated attacker to execute arbitrary code on affected systems. The flaws reside in the HTTP/3 module and carry a CVSS v4 score of 9.2, indicating high exploitability with no authentication required. NGINX is one of the world’s most widely deployed web servers and reverse proxies, making the blast radius of these vulnerabilities significant. ...

🟠 High | Source: Microsoft Security Response Center CVE-2026-47646 is a cross-site scripting (XSS) vulnerability in Microsoft Dynamics 365 Customer Voice that allows an unauthenticated attacker to perform spoofing attacks over a network. The flaw stems from improper handling of user-supplied input during web page generation, meaning malicious content could be injected and rendered in a victim’s browser. Because no authentication is required to exploit this, the potential reach is broad for any organisation using Customer Voice externally. ...