Vulnerability Report Archives • Page 13 of 87 • Daily CyberSecurity

Zabbix Flaws Allow Monitored Hosts to Hijack Admin Dashboards Zabbix XSS Vulnerabilities CVE-2026-23926 zabbix - CVE-2024-22116 Zabbix SQL Injection CVE-2026-23921

Zabbix XSS Vulnerabilities CVE-2026-23926 zabbix - CVE-2024-22116 Zabbix SQL Injection CVE-2026-23921

Zabbix Flaws Allow Monitored Hosts to Hijack Admin Dashboards

Do Son May 8, 2026

Zabbix, the ubiquitous open-source monitoring solution used by enterprises to track the health of vast IT infrastructures,...

Under Active Attack: Ivanti EPMM Zero-Day Exploited in the Wild via Harvested Admin Credentials Ivanti EPMM Zero-Day CVE-2026-6973 Exploitation CVE-2024-9379, CVE-2024-9380, CVE-2024-9381

Ivanti EPMM Zero-Day CVE-2026-6973 Exploitation CVE-2024-9379, CVE-2024-9380, CVE-2024-9381

Under Active Attack: Ivanti EPMM Zero-Day Exploited in the Wild via Harvested Admin Credentials

Do Son May 7, 2026

Ivanti has issued an urgent security advisory for its Endpoint Manager Mobile (EPMM) platform, formerly known as...

Cisco Unity Connection Flaws Enable Full System Takeover Cisco Unity Connection RCE CVE-2026-20034

Cisco Unity Connection Flaws Enable Full System Takeover

Do Son May 7, 2026

Cisco has issued a high-priority security advisory regarding multiple vulnerabilities in Cisco Unity Connection that could allow...

Cisco CNC and NSO Flaw Allows Remote Attackers to Lock Down Network Management Cisco NSO Denial of Service CVE-2026-20188

Cisco CNC and NSO Flaw Allows Remote Attackers to Lock Down Network Management

Do Son May 7, 2026

Cisco has issued a high-priority security advisory for a vulnerability in its network management and orchestration platforms...

High-Severity WatchGuard Agent Flaws Grant Full SYSTEM Privileges on Windows WatchGuard Agent Privilege Escalation CVE-2026-6787 WatchGuard Vulnerability CVE-2026-1498 WatchGuard Firebox VPN Flaws, Command Injection WatchGuard Vulnerability CVE-2024-6592 and CVE-2024-6593

High-Severity WatchGuard Agent Flaws Grant Full SYSTEM Privileges on Windows

Do Son May 7, 2026

WatchGuard has released a critical security update for its Windows-based agent software to remediate a series of...

Critical 9.0 CVSS Flaw in ArcadeDB Allows Total Cross-Database Access ArcadeDB Authorization Bypass CVE-2026-44221

Critical 9.0 CVSS Flaw in ArcadeDB Allows Total Cross-Database Access

Do Son May 7, 2026

ArcadeDB, the high-performance Multi-Model DBMS known for its “Alien Technology” engine and extreme “mechanical sympathy” optimizations, has...

Critical Spring Cloud Config Flaws Expose Arbitrary Files and GCP Secrets Spring Cloud Config Vulnerability CVE-2026-40982 Spring Boot Vulnerability CVSS 9.1 Bypass CVE-2022-31692 Spring Boot Vulnerability Authentication Bypass

Spring Cloud Config Vulnerability CVE-2026-40982 Spring Boot Vulnerability CVSS 9.1 Bypass CVE-2022-31692 Spring Boot Vulnerability Authentication Bypass

Critical Spring Cloud Config Flaws Expose Arbitrary Files and GCP Secrets

Do Son May 7, 2026

The Spring Cloud Config project, a vital component for centralizing external configuration in distributed systems, has released...

Bitcoin Core Fixes High-Severity Remote Crash Vulnerability Bitcoin Core Node Crash CVE-2024-52911 CVE-2024-35202 - Bitcoin Core

Bitcoin Core Fixes High-Severity Remote Crash Vulnerability

Do Son May 7, 2026

Bitcoin Core developers have released a critical fix for a long-standing vulnerability that could have allowed an...

State-Sponsored Actors Weaponize Critical PAN-OS Zero-Day for Root PAN-OS Root RCE CL-STA-1132 Exploitation Tianxin RCE CVE-2021-4473 React Native Supply Chain Attack AstrOOnauta Malware Gladinet Zero-Day, LFI RCE Chain WordPress Theme, Account Takeover CVE-2024-50623 - European Space Agency cyberattack

PAN-OS Root RCE CL-STA-1132 Exploitation Tianxin RCE CVE-2021-4473 React Native Supply Chain Attack AstrOOnauta Malware Gladinet Zero-Day, LFI RCE Chain WordPress Theme, Account Takeover CVE-2024-50623 - European Space Agency cyberattack

State-Sponsored Actors Weaponize Critical PAN-OS Zero-Day for Root

Do Son May 7, 2026

Palo Alto Networks has released a high-priority security advisory and a detailed intelligence report following the discovery...

Chrome’s Security Overhaul: 127 Fixes and $100k+ in Bounties Power the New Chrome 148 Stable Release Chrome 148 Security Update CVE-2026-7896

Chrome’s Security Overhaul: 127 Fixes and $100k+ in Bounties Power the New Chrome 148 Stable Release

Do Son May 7, 2026

The Google Chrome team has officially promoted Chrome 148 to the stable channel for Windows, Mac, and...

Critical Redis Patches Fix RCE and Memory Corruption Flaws Redis RCE Vulnerabilities CVE-2026-25243 CVE-2024-31449 - Redis

Critical Redis Patches Fix RCE and Memory Corruption Flaws

Do Son May 7, 2026

The popular in-memory data structure store Redis has released a series of security updates to address five...

Triple Critical Threat: Apache Wicket Patch Fixes Path Traversal, Session Hijacking, and Resource Bypass CVE-2024-36522 Apache Wicket Critical Vulnerabilities CVE-2026-43975

CVE-2024-36522 Apache Wicket Critical Vulnerabilities CVE-2026-43975

Triple Critical Threat: Apache Wicket Patch Fixes Path Traversal, Session Hijacking, and Resource Bypass

Do Son May 7, 2026

The Apache Wicket project, a popular open-source Java framework prized for its clean separation of HTML markup...

Critical OpenMRS Flaws Enable Patient Data Theft and Remote Server Takeover OpenMRS RCE Vulnerability CVE-2026-41258

Critical OpenMRS Flaws Enable Patient Data Theft and Remote Server Takeover

Do Son May 6, 2026

OpenMRS, the world’s leading open-source electronic medical record (EMR) platform used extensively in resource-constrained environments, has issued...

Critical 9.0 CVSS Flaw in Thymeleaf Enables Remote Server Injection Thymeleaf SSTI Bypass CVE-2026-41901 Thymeleaf SSTI CVE-2026-40477

Critical 9.0 CVSS Flaw in Thymeleaf Enables Remote Server Injection

Do Son May 6, 2026

The Thymeleaf project, a cornerstone for Java developers building modern server-side web applications, has issued a critical...

Decrypted and Vulnerable: Why Microsoft Edge Keeps All Your Passwords in Plaintext Memory Microsoft Edge plaintext memory

Decrypted and Vulnerable: Why Microsoft Edge Keeps All Your Passwords in Plaintext Memory

Do Son May 6, 2026

Security researcher Tom has identified a significant architectural flaw within Microsoft Edge. His investigation reveals that upon...

Nix Vulnerability Grants Root Access via NAR Parser Overflow CVE-2026-25137 Nix Daemon Privilege Escalation CVE-2026-44028

Nix Vulnerability Grants Root Access via NAR Parser Overflow

Do Son May 6, 2026

Nix, the robust package manager celebrated for bringing reliability and reproducibility to Linux and Unix systems, has...

GitOps Security Breach: Critical 9.6 CVSS Argo CD Flaw Exposes Plaintext Kubernetes Secrets Argo CD Secret Leak CVE-2026-42880 CVE-2024-28175 Argo CD DoS, Webhook Flaws

Argo CD Secret Leak CVE-2026-42880 CVE-2024-28175 Argo CD DoS, Webhook Flaws

GitOps Security Breach: Critical 9.6 CVSS Argo CD Flaw Exposes Plaintext Kubernetes Secrets

Do Son May 6, 2026

Argo CD, the leading GitOps continuous delivery tool for Kubernetes, has issued a high-priority patch for a...

Exploited in the Wild: Critical PAN-OS Buffer Overflow Grants Root Access to Palo Alto Firewalls PAN-OS Active Exploitation CVE-2026-0300 Root RCE

PAN-OS Active Exploitation CVE-2026-0300 Root RCE

Exploited in the Wild: Critical PAN-OS Buffer Overflow Grants Root Access to Palo Alto Firewalls

Do Son May 6, 2026

Palo Alto Networks has issued an urgent security advisory for a critical vulnerability in its PAN-OS software...

shell-quote command injection AI-Driven Vulnerabilities Q1 2026 Cyber Threats vm2 Sandbox Escape Node.js RCE upKeeper Privilege Escalation CVE-2026-2449 Pharos Controls Vulnerability Root Access Exploit Cybersecurity Vulnerability Roundup CVSS 10.0 Flaws Shadow Archives CVE-2026-0866 MS-Agent Prompt Injection CVE-2026-2256 basic-ftp Path Traversal CVE-2026-27699 telnetd Root Vulnerability CVE-1999-0073 Regression USR-W610 Vulnerabilities End-of-Life IoT Security IceWarp Security Update IceWarp Vulnerabilities Airleader Master Vulnerability CVE-2026-1358 ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

5.7 Million Users at Risk: Multiple 9.8 CVSS Breakthroughs Enable Remote Code Execution in vm2 Sandbox

Do Son May 6, 2026

The popular Node.js library vm2, a sandbox designed to run untrusted code with restricted access to built-in...

Critical Flaws in Apache Thrift Threaten Multi-Language Apache Thrift Vulnerabilities Cross-Language Service Security Apache Thrift Security RPC Vulnerability

Apache Thrift Vulnerabilities Cross-Language Service Security Apache Thrift Security RPC Vulnerability

Critical Flaws in Apache Thrift Threaten Multi-Language

Do Son May 6, 2026

The Apache Thrift project, a cornerstone framework for building scalable cross-language services, has released a high-priority update...

Critical Alert 1 Active Exploit Detected Today