Vulnerability Report Archives • Page 16 of 87 • Daily CyberSecurity

Patching the CVSS 10 RCE Hole in Gemini CLI Gemini CLI Security Update Headless RCE Patch

Patching the CVSS 10 RCE Hole in Gemini CLI

Do Son April 28, 2026

A critical update has been issued for Gemini CLI (@google/gemini-cli) and the run-gemini-cli GitHub Action to address...

Injection Flaws (CVE-2026-40967 & 40978) Hit Spring AI Vector Stores Spring AI Vulnerability LLM Memory Poisoning Spring AI Vulnerability Vector Store Injection

Spring AI Vulnerability LLM Memory Poisoning Spring AI Vulnerability Vector Store Injection

Injection Flaws (CVE-2026-40967 & 40978) Hit Spring AI Vector Stores

Do Son April 28, 2026

Two significant vulnerabilities have been disclosed in Spring AI that could allow attackers to manipulate database queries...

Critical LiteLLM SQL Injection (CVE-2026-42208) Exploited in the Wild LiteLLM SQL Injection CVE-2026-42208 LiteLLM Vulnerability AI Infrastructure Security

LiteLLM SQL Injection CVE-2026-42208 LiteLLM Vulnerability AI Infrastructure Security

Critical LiteLLM SQL Injection (CVE-2026-42208) Exploited in the Wild

Do Son April 28, 2026

Security researchers have sounded the alarm on a critical vulnerability in LiteLLM, a massively popular open-source gateway...

Apache MINA Hit by Twin Critical RCE Flaws Apache MINA flaws critical deserialization bypass Apache MINA Deserialization CVE-2026-42778 RCE Apache MINA RCE CVE-2026-41635

Apache MINA flaws critical deserialization bypass Apache MINA Deserialization CVE-2026-42778 RCE Apache MINA RCE CVE-2026-41635

Apache MINA Hit by Twin Critical RCE Flaws

Do Son April 28, 2026

Apache MINA is widely recognized as a foundational network application framework, designed to help users easily develop...

The Zero-Click Vulnerability: Akamai Uncovers Incomplete Patch for APT28 Exploit Zero-Click Exploitation LNK Authentication Coercion

The Zero-Click Vulnerability: Akamai Uncovers Incomplete Patch for APT28 Exploit

Do Son April 27, 2026

Researchers at Akamai have discovered that a previous fix for a high-profile exploit used by the Russian-linked...

The CVE Watchtower: Weekly Threat Intelligence Briefing (April 20 – April 26, 2026) Vulnerability Digest AI Infrastructure Security

The CVE Watchtower: Weekly Threat Intelligence Briefing (April 20 – April 26, 2026)

Do Son April 27, 2026

Welcome to your Monday morning vulnerability digest. As we close out the final full week of April,...

The Unpatched Pivot: New RPC Flaw Opens Doors for Windows Privilege Escalation PhantomRPC Windows Privilege Escalation

The Unpatched Pivot: New RPC Flaw Opens Doors for Windows Privilege Escalation

Do Son April 27, 2026

A new research report from Kaspersky Security Services has pulled back the curtain on a fundamental architectural...

Critical 9.8 CVSS RCE Hijacks Pipecat Voice Agents Pipecat RCE CVE-2025-62373

Critical 9.8 CVSS RCE Hijacks Pipecat Voice Agents

Do Son April 27, 2026

A critical vulnerability has been disclosed in Pipecat, the popular open-source Python framework used to build voice...

Carlson VASCO-B GNSS Receivers Left Open to Remote Hijack GNSS Hijacking Carlson Software

Carlson VASCO-B GNSS Receivers Left Open to Remote Hijack

Do Son April 27, 2026

In an era where precision timing and positioning are the invisible pillars of our global infrastructure, a...

Critical 9.8 CVSS Flaw Exposes Intrado 911 Emergency Gateways Intrado 911 Gateway Vulnerability CVE-2026-6074

Critical 9.8 CVSS Flaw Exposes Intrado 911 Emergency Gateways

Do Son April 27, 2026

A critical security flaw has been discovered in the Intrado 911 Emergency Gateway (EGW). The vulnerability, designated...

Altium Enterprise Server Vulnerability CVE-2026-9129 Path Traversal Patreon OAuth Vulnerability Identity Collision DRC INSIGHT Vulnerability Exam Data Hijacking Horner Automation PLC Industrial Brute Force Honeywell IQ4x Vulnerability CVE-2026-3611 DJI Romo vacuum security flaw Python Cryptography Vulnerability CVE-2026-26007 Open5GS Vulnerability CVE-2026-0622 Vivotek IP7137 Vulnerabilities CVE-2025-66049 Forcepoint DLP Vulnerability CVE-2025-14026 Cellopoint Secure Email Gateway - CVE-2024-9043

Academic Exposure: The Unpatched Flaw Siphoning Student Data from DRC INSIGHT

Do Son April 24, 2026

A security vulnerability has been unearthed in the DRC INSIGHT software—a platform widely used for proctoring academic...

The 9.1 CVSS Flaw: Why Millions of Spring Boot Apps May Be Exposed Spring Cloud Config Vulnerability CVE-2026-40982 Spring Boot Vulnerability CVSS 9.1 Bypass CVE-2022-31692 Spring Boot Vulnerability Authentication Bypass

Spring Cloud Config Vulnerability CVE-2026-40982 Spring Boot Vulnerability CVSS 9.1 Bypass CVE-2022-31692 Spring Boot Vulnerability Authentication Bypass

The 9.1 CVSS Flaw: Why Millions of Spring Boot Apps May Be Exposed

Do Son April 24, 2026

In a major update for the Java ecosystem, several critical vulnerabilities have been disclosed in Spring Boot,...

Triple Threat: Apache ActiveMQ Vulnerabilities Expose Enterprises to RCE and XSS ActiveMQ security flaws Jolokia web console exploit ActiveMQ RCE Jolokia Spring Vulnerability ActiveMQ MQTT Vulnerability CVE-2025-66168 Apache Artemis Vulnerability CVE-2026-27446

ActiveMQ security flaws Jolokia web console exploit ActiveMQ RCE Jolokia Spring Vulnerability ActiveMQ MQTT Vulnerability CVE-2025-66168 Apache Artemis Vulnerability CVE-2026-27446

Triple Threat: Apache ActiveMQ Vulnerabilities Expose Enterprises to RCE and XSS

Do Son April 24, 2026

Apache ActiveMQ, the world’s most popular open-source message broker, is currently facing a series of “Important” security...

Workflow Warning: The n8n CVSS 10.0 Prototype Pollution Crisis n8n RCE Automation Security n8n Vulnerability Prototype Pollution RCE

Workflow Warning: The n8n CVSS 10.0 Prototype Pollution Crisis

Do Son April 24, 2026

In the world of rapid development, n8n has become a favorite for technical teams looking to merge...

The Notification Trap: How Apple’s New iOS Patch Blocks Forensic Recovery of “Deleted” Signal Messages iOS 26.4.2 CVE-2026-28950 CVE-2024-27842, Wang Tielei has also released a PoC exploit for CVE-2023-40404

iOS 26.4.2 CVE-2026-28950 CVE-2024-27842, Wang Tielei has also released a PoC exploit for CVE-2023-40404

The Notification Trap: How Apple’s New iOS Patch Blocks Forensic Recovery of “Deleted” Signal Messages

Do Son April 24, 2026

Apple recently disseminated the iOS 26.4.2 update for compatible devices, primarily to remediate the vulnerability designated as...

Unpatched and Exposed: Public PoC Released for Critical 9.8 CVSS Xiongmai IP Camera Flaw KMW CCTV vulnerability unauthenticated password reset Xiongmai IP Camera Vulnerability CVE-2025-65856 CVE-2024-8956 (CVSS 9.1): PTZOptics Cameras

KMW CCTV vulnerability unauthenticated password reset Xiongmai IP Camera Vulnerability CVE-2025-65856 CVE-2024-8956 (CVSS 9.1): PTZOptics Cameras

Unpatched and Exposed: Public PoC Released for Critical 9.8 CVSS Xiongmai IP Camera Flaw

Do Son April 24, 2026

In a disturbing development for IoT security, a critical unpatch vulnerability has been found in Hangzhou Xiongmai...

Arcane Door Reopened: The Cisco Firepower Backdoor That Only a Hard Reboot Can Kill FortiClient EMS exploitation Cisco FIRESTARTER Backdoor Arcane Door Campaign Dell RecoverPoint Zero-Day UNC6201 Espionage Notepad++ Compromise Supply Chain Attack Magento SessionReaper CVE-2025-54236 ShadowRay 2.0, AI-Generated Malware WordPress Auth Bypass, CVE-2025-5947 Exploited EcoStruxure Vulnerabilities, Industrial Control System UNC5820 - CVE-2014-2120 - CVE-2021-44207

FortiClient EMS exploitation Cisco FIRESTARTER Backdoor Arcane Door Campaign Dell RecoverPoint Zero-Day UNC6201 Espionage Notepad++ Compromise Supply Chain Attack Magento SessionReaper CVE-2025-54236 ShadowRay 2.0, AI-Generated Malware WordPress Auth Bypass, CVE-2025-5947 Exploited EcoStruxure Vulnerabilities, Industrial Control System UNC5820 - CVE-2014-2120 - CVE-2021-44207

Arcane Door Reopened: The Cisco Firepower Backdoor That Only a Hard Reboot Can Kill

Do Son April 24, 2026

Cisco Talos has released a critical update on the threat actor known as UAT-4356 (also associated with...

Windows Python Users Warned of High-Severity “asyncio” Memory Flaw Python asyncio Vulnerability Windows Buffer Overflow ormar SQL Injection CVE-2026-26198 CVE-2024-49768 - Waitress WSGI server

Python asyncio Vulnerability Windows Buffer Overflow ormar SQL Injection CVE-2026-26198 CVE-2024-49768 - Waitress WSGI server

Windows Python Users Warned of High-Severity “asyncio” Memory Flaw

Do Son April 23, 2026

Python developers and system administrators on Windows are being urged to update their environments following the discovery...

Mailcow Critical Alert: Unauthenticated XSS Threatens Admin Takeover mailcow XSS CVE-2026-40872

Mailcow Critical Alert: Unauthenticated XSS Threatens Admin Takeover

Do Son April 23, 2026

The popular open-source groupware suite mailcow: dockerized is facing a high-stakes security challenge. A critical Stored Cross-Site...

Unpatch Ollama Flaw: Malicious Model Uploads Can Leak Server Heap Memory Ollama Heap Leak CVE-2026-5757 Anritsu Vulnerability Authentication Bypass Gootloader Malware Malformed ZIP Evasion Blender Malware, StealC V2 Lectora, XSS CVE-2025-9125 HFS RCE, Template Injection Arch Linux Malware, CHAOS RAT CVE-2024-56404 - CVE-2024-39327 CVE-2025-2538

Ollama Heap Leak CVE-2026-5757 Anritsu Vulnerability Authentication Bypass Gootloader Malware Malformed ZIP Evasion Blender Malware, StealC V2 Lectora, XSS CVE-2025-9125 HFS RCE, Template Injection Arch Linux Malware, CHAOS RAT CVE-2024-56404 - CVE-2024-39327 CVE-2025-2538

Unpatch Ollama Flaw: Malicious Model Uploads Can Leak Server Heap Memory

Do Son April 23, 2026

A critical unauthenticated remote information disclosure vulnerability has been uncovered in Ollama, the popular open-source tool used...

Critical Alert 1 Active Exploit Detected Today