Vulnerability Report Archives • Page 22 of 87 • Daily CyberSecurity

SonicWall Issues Critical Patch for SMA 1000 Series to Stop SQL Injection and MFA Bypasses SonicWall SMA 1000 MFA Bypass SonicWall SSLVPN Flaw CVE-2025-40601 SonicOS vulnerability - CVE-2024-53704

SonicWall SMA 1000 MFA Bypass SonicWall SSLVPN Flaw CVE-2025-40601 SonicOS vulnerability - CVE-2024-53704

SonicWall Issues Critical Patch for SMA 1000 Series to Stop SQL Injection and MFA Bypasses

Do Son April 9, 2026

SonicWall has released a series of patches for its SMA 1000 series appliances to address four distinct...

The $86,000 Patch: Chrome 147 Crushes “Critical” WebML Memory Flaws Chrome 147 Security WebML Vulnerabilities

The $86,000 Patch: Chrome 147 Crushes “Critical” WebML Memory Flaws

Do Son April 9, 2026

The Google Chrome team has officially promoted Chrome 147 to the stable channel for Windows, Mac, and...

CISA Warning: Critical Ivanti EPMM Code Injection Vulnerability Under Active Attack Ivanti EPMM Vulnerability CVE-2026-1340 CISA KEV Catalog CVE-2026-21385 CISA KEV Update CVE-2008-0015 CISA KEV, Array Networks Command Injection CVE-2025-0111 & CVE-2025-23209 CISA, Known Exploited Vulnerabilities

Ivanti EPMM Vulnerability CVE-2026-1340 CISA KEV Catalog CVE-2026-21385 CISA KEV Update CVE-2008-0015 CISA KEV, Array Networks Command Injection CVE-2025-0111 & CVE-2025-23209 CISA, Known Exploited Vulnerabilities

CISA Warning: Critical Ivanti EPMM Code Injection Vulnerability Under Active Attack

Do Son April 9, 2026

The Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical code injection vulnerability in Ivanti...

High-Severity Patches: NVIDIA Secures DALI and Triton Inference Server NVIDIA AI Security Deserialization Exploit

High-Severity Patches: NVIDIA Secures DALI and Triton Inference Server

Do Son April 8, 2026

NVIDIA has released two significant security updates addressing high-severity vulnerabilities across its DALI and Triton Inference Server...

Firecracker Security Alert: Virtio-PCI Vulnerability Could Lead to Out-of-Bounds Memory Access Firecracker Vulnerability Virtio-PCI OOB Write

Firecracker Vulnerability Virtio-PCI OOB Write

Firecracker Security Alert: Virtio-PCI Vulnerability Could Lead to Out-of-Bounds Memory Access

Do Son April 8, 2026

AWS has issued a high-severity security advisory for Firecracker, the open-source virtualization technology purpose-built for high-scale, multi-tenant...

CVE-2026-34208 (CVSS 10): Critical Sandbox Escape Uncovered in SandboxJS SandboxJS Escape Host Object Poisoning SandboxJS Vulnerability CVE-2026-26954

SandboxJS Escape Host Object Poisoning SandboxJS Vulnerability CVE-2026-26954

CVE-2026-34208 (CVSS 10): Critical Sandbox Escape Uncovered in SandboxJS

Do Son April 8, 2026

In the world of secure software development, sandboxing is the ultimate safety net—a controlled environment designed to...

Apache ActiveMQ Patches RCE and Path Traversal Flaws ActiveMQ RCE Jolokia Exploit ActiveMQ CVE-2025-27533 ActiveMQ Deserialization RCE, CVE-2025-54539

ActiveMQ RCE Jolokia Exploit ActiveMQ CVE-2025-27533 ActiveMQ Deserialization RCE, CVE-2025-54539

Apache ActiveMQ Patches RCE and Path Traversal Flaws

Do Son April 8, 2026

Apache ActiveMQ, the widely used open-source message broker, has released critical security updates to address two vulnerabilities...

Weaver E-cology RCE CVE-2026-22679 CVE-2026-20127 Cisco SD-WAN Exploitation AI-Driven Cyberattack ARXON Malware React Server Components Vulnerability CVE-2025-55182 FortiWeb Auth Bypass, Unauthenticated Admin Takeover RayInitiator Bootkit, LINE VIPER CVE-2025-59689 Department of the Treasury cybersecurity - CVE-2025-0108 PoC CVE-2025-31103 Dior Data Breach SK Telecom data breach, long-term intrusion

Critical Zero-Day: Unauthenticated RCE Exploited in Weaver E-cology 10.0

Do Son April 8, 2026

A critical security vulnerability, tracked as CVE-2026-22679, has been identified in Weaver (Fanwei) E-cology 10.0, one of...

Exploited in the Wild: Critical 9.3 CVSS Flaw Turns Tianxin Systems into Hacker Gateways PAN-OS Root RCE CL-STA-1132 Exploitation Tianxin RCE CVE-2021-4473 React Native Supply Chain Attack AstrOOnauta Malware Gladinet Zero-Day, LFI RCE Chain WordPress Theme, Account Takeover CVE-2024-50623 - European Space Agency cyberattack

PAN-OS Root RCE CL-STA-1132 Exploitation Tianxin RCE CVE-2021-4473 React Native Supply Chain Attack AstrOOnauta Malware Gladinet Zero-Day, LFI RCE Chain WordPress Theme, Account Takeover CVE-2024-50623 - European Space Agency cyberattack

Exploited in the Wild: Critical 9.3 CVSS Flaw Turns Tianxin Systems into Hacker Gateways

Do Son April 8, 2026

A critical security vulnerability, tracked as CVE-2021-4473, has been identified in the Tianxin Internet Behavior Management System....

Zero-Day Alert: Sophisticated PDF Exploit Targets Adobe Reader for Massive Data Theft Adobe Reader Zero-Day PDF Exploit

Zero-Day Alert: Sophisticated PDF Exploit Targets Adobe Reader for Massive Data Theft

Do Son April 8, 2026

A highly-sophisticated zero-day exploit has been discovered targeting Adobe Reader users, allowing attackers to steal local files...

Critical Security Update: IBM Patches Multiple Vulnerabilities in Verify Identity and Access IBM Verify Root Escalation

Critical Security Update: IBM Patches Multiple Vulnerabilities in Verify Identity and Access

Do Son April 8, 2026

IBM has released a comprehensive bulletin addressing a series of vulnerabilities within its Verify Identity Access and...

OpenSSL Issues Major Security Advisory: RSA and Memory Vulnerabilities Fixed OpenSSL Vulnerability RSA Memory Leak OpenSSL Vulnerability CVE-2025-15467 CVE-2022-2274 OpenSSL Vulnerabilities, Timing Side-Channel

OpenSSL Vulnerability RSA Memory Leak OpenSSL Vulnerability CVE-2025-15467 CVE-2022-2274 OpenSSL Vulnerabilities, Timing Side-Channel

OpenSSL Issues Major Security Advisory: RSA and Memory Vulnerabilities Fixed

Do Son April 8, 2026

OpenSSL has released a comprehensive security advisory detailing seven vulnerabilities ranging from Moderate to Low severity. The...

Budibase Patches Critical RCE and SSRF Vulnerabilities Budibase RCE SSRF Vulnerability Budibase Vulnerabilities Authentication Bypass

Budibase Patches Critical RCE and SSRF Vulnerabilities

Do Son April 7, 2026

Budibase, the popular open-source low-code platform used by engineers to rapidly build internal tools, has released urgent...

10.0 CVSS Flaw in Kestra Grants Full Server Control Kestra RCE SQL Injection Vulnerability

10.0 CVSS Flaw in Kestra Grants Full Server Control

Do Son April 7, 2026

A critical security vulnerability has been unmasked in Kestra, the popular open-source, event-driven orchestration platform. The flaw,...

Critical JWT Bypass in Convoy Panel Allows Full Account Takeover Convoy Vulnerability JWT Authentication Bypass

Critical JWT Bypass in Convoy Panel Allows Full Account Takeover

Do Son April 7, 2026

A critical security vulnerability has been unmasked in Convoy, the modern KVM server management panel used by...

Breaking the App Shell: Five New Electron Vulnerabilities Shatter Context Isolation Electron Security Sandbox Escape Electron Vulnerabilities, Desktop App Security

Electron Security Sandbox Escape Electron Vulnerabilities, Desktop App Security

Breaking the App Shell: Five New Electron Vulnerabilities Shatter Context Isolation

Do Son April 7, 2026

The Electron framework—the powerhouse behind heavyweights like Visual Studio Code and countless other cross-platform desktop applications —has...

BlueHammer: Researcher Drops Functional 0-Day Exploit Targeting Windows Defender BlueHammer Exploit Windows Defender 0-day

BlueHammer: Researcher Drops Functional 0-Day Exploit Targeting Windows Defender

Do Son April 7, 2026

A researcher has publicly disclosed a functional zero-day exploit targeting the internal signature update mechanism of Windows...

GPUBreach Rowhammer Hijacks GPUs for Full System Root GPUBreach GPU Rowhammer

GPUBreach Rowhammer Hijacks GPUs for Full System Root

Do Son April 7, 2026

Researchers from the University of Toronto have demonstrated that Rowhammer attacks on GPUs can move far beyond...

Android CLI Android Security Zero-Interaction DoS CVE-2026-21385 Android Security Update UK CMA Apple Google regulation Google Aluminum OS Android 16 leak, ALOS Android ChromeOS merger Android sideloading certification 2026, Google developer verification APK Android AOSP biannual release, AOSP source code latency 2026 Android Zero-Day, Critical DoS Flaw Android Universal Clipboard Cross-Device Sync Gemini Nano Block, Unlocked Bootloader Android, Calling Cards Android Security Bulletin, RCE Vulnerability Android Linux GUI, Debian VM Android System Services, Google Transparency Android 16, Pixel Update

Android Security Bulletin April 2026: Critical Framework Patch Targets “Zero-Interaction” DoS Vulnerability

Do Son April 7, 2026

Google has released its Android Security Bulletin for April 2026, delivering a suite of critical security fixes...

The 24-Hour Blitz: Storm-1175 Weaponizes Zero-Days for High-Velocity Ransomware Storm-1175 Medusa Ransomware

The 24-Hour Blitz: Storm-1175 Weaponizes Zero-Days for High-Velocity Ransomware

Do Son April 6, 2026

A new report from Microsoft Threat Intelligence has exposured on Storm-1175, a financially motivated threat actor that...