Vulnerability Bulletins on Aretiq AI

Vulnerability Bulletin — May 25, 2026

Mon, 25 May 2026 00:00:00 +0000

4 vulnerabilities scored HIGH or above on May 25, 2026.

HIGH: 4

[HIGH] crocoblock/jetengine

CVE-2026-42774 | CVSS 9.3

Crocoblock JetEngine plugin version 3.8.8.1 and earlier contains a SQL injection vulnerability (CVE-2026-42774, CVSS 9.3) that allows attackers to execute arbitrary SQL commands. Website administrators and organizations running WordPress with JetEngine should immediately update to the latest patched version to prevent potential database compromise. Given the theoretical availability of exploitation code, this update should be treated as high priority, particularly for instances handling sensitive data.

Vulnerability Bulletin — May 24, 2026

Sun, 24 May 2026 00:00:00 +0000

1 vulnerabilities scored HIGH or above on May 24, 2026.

HIGH: 1

[HIGH] totolink/a8000ru

CVE-2026-9386 | CVSS 9.3

Totolink A8000RU router users running firmware version 7.1cu.643_b20200521 should prioritize patching a remote OS command injection vulnerability (CVE-2026-9386, CVSS 9.3) in the web management interface. An attacker can exploit the setLanguageCfg function via the lang parameter in /cgi-bin/cstecgi.cgi to execute arbitrary commands without authentication, and public exploit code is available. Organizations using these devices should immediately update to the latest firmware version or restrict network access to the management interface until a patch is deployed.

Vulnerability Bulletin — May 23, 2026

Sat, 23 May 2026 00:00:00 +0000

2 vulnerabilities scored HIGH or above on May 23, 2026.

HIGH: 2

[HIGH] dolibarr/dolibarr_erp_crm

CVE-2018-25357 | CVSS 9.3

Dolibarr ERP CRM versions 7.0.3 and earlier are vulnerable to unauthenticated remote code execution through the installation script, with a CVSS score of 9.3. Attackers can inject arbitrary PHP code via the db_name parameter in install/step1.php and execute commands through the check.php endpoint without authentication. Organizations running Dolibarr should immediately upgrade to patched versions, restrict web access to installation directories, and review access logs for exploitation attempts.

Vulnerability Bulletin — May 22, 2026

Fri, 22 May 2026 00:00:00 +0000

9 vulnerabilities scored HIGH or above on May 22, 2026.

CRITICAL: 4
HIGH: 5

[CRITICAL] linux/linux_kernel

CVE-2026-9054 | CVSS 9.2

The Linux kernel is vulnerable to a denial-of-service condition (CVE-2026-9054, CVSS 9.2 CRITICAL) where specially crafted TCP, IL, RUDP, or GRE packets with malformed headers can trigger a kernel panic. Network-facing Linux systems are at immediate risk, particularly those processing untrusted or internet-routed traffic. Administrators should apply kernel patches from the vendor advisory without delay and consider implementing network segmentation to limit exposure to potentially malicious packet sources.

Vulnerability Bulletin — May 21, 2026

Thu, 21 May 2026 00:00:00 +0000

15 vulnerabilities scored HIGH or above on May 21, 2026.

CRITICAL: 1
HIGH: 14

[CRITICAL] google/chrome

CVE-2026-9111 | CVSS 8.8

Google Chrome versions prior to 148.0.7778.179 on Linux are affected by a critical use-after-free vulnerability in WebRTC that allows remote code execution through a crafted HTML page. CVSS 8.8. Organizations running Chrome on Linux systems should immediately update to version 148.0.7778.179 or later, as exploitation is difficult but feasible. Patch deployment should prioritize systems with direct internet access, particularly development workstations and Linux-based productivity environments.