Vulnerability Report Archives • Page 14 of 87 • Daily CyberSecurity

Root RCE and Authentication Lockout Bypass: Public PoC Released for Critical OPNsense Firewall Vulnerabilities OPNsense Root RCE PoC Exploit Disclosed

Root RCE and Authentication Lockout Bypass: Public PoC Released for Critical OPNsense Firewall Vulnerabilities

Do Son May 5, 2026

OPNsense, the widely deployed FreeBSD-based firewall and routing platform, has released a critical security update to address...

The N-Day Nightmare: How SHADOW-EARTH-053 Breaches Governments Using “Old” Exploits SHADOW-EARTH-053 ShadowPad Espionage

The N-Day Nightmare: How SHADOW-EARTH-053 Breaches Governments Using “Old” Exploits

Do Son May 5, 2026

TrendAI Research has identified a persistent and methodical China-aligned threat cluster targeting government entities and critical infrastructure...

Critical 9.8 CVSS Flaws in Qualcomm Chipsets Enable Remote Takeover Qualcomm Security Bulletin CVE-2026-25254 RCE Qualcomm Diversification, Mobile Chip Competition CVE-2023-33025

Qualcomm Security Bulletin CVE-2026-25254 RCE Qualcomm Diversification, Mobile Chip Competition CVE-2023-33025

Critical 9.8 CVSS Flaws in Qualcomm Chipsets Enable Remote Takeover

Do Son May 5, 2026

Qualcomm has released its May 2026 Security Bulletin, disclosing a series of high-impact vulnerabilities across its proprietary...

Gremlin Injection Flaw in Apache Atlas Exposes Enterprise Data CVE-2024-46910 Apache Atlas Vulnerability Gremlin Code Injection

Gremlin Injection Flaw in Apache Atlas Exposes Enterprise Data

Do Son May 5, 2026

Apache Atlas, the foundational governance service that many enterprises rely on to manage compliance and data catalogs...

Millions at Risk: Apache HTTP Server Fixes Critical Remote Code Execution Flaw CVE-2024-39884 Apache HTTP Server RCE CVE-2026-23918

Millions at Risk: Apache HTTP Server Fixes Critical Remote Code Execution Flaw

Do Son May 5, 2026

The Apache HTTP Server Project, the long-standing standard for secure and extensible web services on UNIX and...

Multi Apache Polaris Flaws Granting Unauthorized Multi-Cloud Access Apache Polaris Security Iceberg Credential Bypass

Multi Apache Polaris Flaws Granting Unauthorized Multi-Cloud Access

Do Son May 5, 2026

The Apache Polaris project, a popular open-source catalog for Apache Iceberg, has released a major security update...

Critical Zero-Click Android Flaw Grants Remote Shell Access Without Interaction Android Zero-Click RCE CVE-2026-0073 Android sideloading CVE-2024-43096, CVE-2024-43770, CVE-2024-43771, CVE-2024-49747 and, CVE-2024-49748

Android Zero-Click RCE CVE-2026-0073 Android sideloading CVE-2024-43096, CVE-2024-43770, CVE-2024-43771, CVE-2024-49747 and, CVE-2024-49748

Critical Zero-Click Android Flaw Grants Remote Shell Access Without Interaction

Do Son May 5, 2026

Google has issued an urgent warning in its May 2026 Android Security Bulletin regarding a critical vulnerability...

Apache Neethi Patches Triple Threat of DoS and Redirection Flaws Apache Neethi Vulnerabilities WS-Policy Denial of Service

Apache Neethi Patches Triple Threat of DoS and Redirection Flaws

Do Son May 5, 2026

The Apache Neethi project, a cornerstone framework used by Java developers to implement WS-Policy specifications, has released...

Maximum Severity Flaw: How a Newline Character Shattered Gotenberg’s PDF Security Gotenberg PDF RCE CVE-2026-40281

Maximum Severity Flaw: How a Newline Character Shattered Gotenberg’s PDF Security

Do Son May 5, 2026

Thousands of companies rely on Gotenberg, the Docker-based API for document-to-PDF conversion, to handle production workloads. However,...

Patch Now: GnuTLS Release 3.8.13 Fixes 12 Vulnerabilities GnuTLS Security Update DTLS Heap Overwrite GnuTLS Vulnerability CVE-2026-1584

Patch Now: GnuTLS Release 3.8.13 Fixes 12 Vulnerabilities

Do Son May 4, 2026

The GnuTLS project, a vital secure communications library used extensively across the Linux ecosystem to implement SSL,...

Sentry’s 9.1 CVSS SSO Flaw Lets Attackers “Link” Their Way Into Your Account Sentry SAML SSO Bypass CVE-2026-42354

Sentry’s 9.1 CVSS SSO Flaw Lets Attackers “Link” Their Way Into Your Account

Do Son May 4, 2026

Sentry, the widely used application monitoring and error-tracking platform, has disclosed a critical vulnerability in its SAML...

Altium Enterprise Server Vulnerability CVE-2026-9129 Path Traversal Patreon OAuth Vulnerability Identity Collision DRC INSIGHT Vulnerability Exam Data Hijacking Horner Automation PLC Industrial Brute Force Honeywell IQ4x Vulnerability CVE-2026-3611 DJI Romo vacuum security flaw Python Cryptography Vulnerability CVE-2026-26007 Open5GS Vulnerability CVE-2026-0622 Vivotek IP7137 Vulnerabilities CVE-2025-66049 Forcepoint DLP Vulnerability CVE-2025-14026 Cellopoint Secure Email Gateway - CVE-2024-9043

Critical Collision Bug in Auth Library Merges All Patreon Users

Do Son May 4, 2026

A critical authentication vulnerability has been discovered in the popular auth library, a tool used by developers...

CVE-2026-29200: A 9.9 CVSS Comet Backup Flaw Granting Total Cross-Tenant Takeover Comet Backup RCE vulnerability CVE-2026-32999 patch Comet Backup IDOR Cross-Tenant Takeover

Comet Backup RCE vulnerability CVE-2026-32999 patch Comet Backup IDOR Cross-Tenant Takeover

CVE-2026-29200: A 9.9 CVSS Comet Backup Flaw Granting Total Cross-Tenant Takeover

Do Son May 4, 2026

Comet Backup, a prominent provider of secure backup software for IT professionals and global businesses, has issued...

Apache MINA Fixes Critical RCE Vulnerabilities Apache MINA flaws critical deserialization bypass Apache MINA Deserialization CVE-2026-42778 RCE Apache MINA RCE CVE-2026-41635

Apache MINA flaws critical deserialization bypass Apache MINA Deserialization CVE-2026-42778 RCE Apache MINA RCE CVE-2026-41635

Apache MINA Fixes Critical RCE Vulnerabilities

Do Son May 4, 2026

The Apache MINA project has issued a high-priority security release to address two critical vulnerabilities that were...

MOVEit Automation Alert: Critical Authentication Bypass Hits CVSS 9.8 MOVEit Automation Vulnerability CVE-2026-4670 CVE-2024-6670 & CVE-2024-6671 Progress WhatsUp Gold

MOVEit Automation Vulnerability CVE-2026-4670 CVE-2024-6670 & CVE-2024-6671 Progress WhatsUp Gold

MOVEit Automation Alert: Critical Authentication Bypass Hits CVSS 9.8

Do Son May 4, 2026

Progress Software has issued an urgent security bulletin for MOVEit Automation users, disclosing two significant vulnerabilities that...

FreeBSD DHCP Client Flaw Opens Door to Remote Code Execution as Root Privilege FreeBSD Wi-Fi RCE Vulnerability CVE-2026-45255 Patch FreeBSD dhclient Root Exploit CVE-2026-42511 FreeBSD Vulnerability - CVE-2024-7589 FreeBSD Jail Escape CVE-2025-15576

FreeBSD DHCP Client Flaw Opens Door to Remote Code Execution as Root Privilege

Do Son May 4, 2026

FreeBSD has issued an urgent security advisory regarding a critical vulnerability in its default IPv4 DHCP client,...

Active Exploitation in the Wild: Critical Qinglong Bypasses Fuel Covert Cryptomining Campaign Qinglong Vulnerability Active Exploitation GhostGrab Hybrid Malware, Monero Mining

Qinglong Vulnerability Active Exploitation GhostGrab Hybrid Malware, Monero Mining

Active Exploitation in the Wild: Critical Qinglong Bypasses Fuel Covert Cryptomining Campaign

Do Son May 4, 2026

Security researchers at Snyk have issued a warning regarding active, in-the-wild exploitation of Qinglong (青龙), a widely...

40,000+ Sites Exposed: Critical 9.8 CVSS Flaw Grants Total WordPress Account Takeover WordPress Account Takeover CVE-2026-7567

40,000+ Sites Exposed: Critical 9.8 CVSS Flaw Grants Total WordPress Account Takeover

Do Son May 2, 2026

A security vulnerability has been identified in Temporary Login, a popular WordPress plugin designed to provide secure,...

Active In-The-Wild Exploit: “Copy Fail” Grants Root Privileges on Millions of Linux Systems Copy Fail CVE-2026-31431 Linux Root Privilege Exploit

Active In-The-Wild Exploit: “Copy Fail” Grants Root Privileges on Millions of Linux Systems

Do Son May 2, 2026

The Cybersecurity and Infrastructure Security Agency (CISA) has officially added CVE-2026-31431 to its Known Exploited Vulnerabilities (KEV)...

44,000 IPs Hijacked: cPanel’s 9.8 CVSS Authentication Bypass Triggers Global Ransomware Surge cPanel Authentication Bypass CVE-2026-41940

44,000 IPs Hijacked: cPanel’s 9.8 CVSS Authentication Bypass Triggers Global Ransomware Surge

Do Son May 2, 2026

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning, adding a critical vulnerability in...

Critical Alert 1 Active Exploit Detected Today