Vulnerability Report Archives • Page 33 of 87 • Daily CyberSecurity

Critical 9.8 Flaw in Langflow’s AI CSV Agent Opens a Direct Path to Root Shell Langflow Vulnerability CVE-2026-42048 Langflow RCE CVE-2026-27966 Langflow Vulnerabilities CVE-2026-33017

Langflow Vulnerability CVE-2026-42048 Langflow RCE CVE-2026-27966 Langflow Vulnerabilities CVE-2026-33017

Critical 9.8 Flaw in Langflow’s AI CSV Agent Opens a Direct Path to Root Shell

Do Son March 2, 2026

Artificial intelligence is making it easier than ever to build complex applications, but a newly discovered vulnerability...

Critical Flaws in Vikunja Expose Users to Persistent Account Takeovers Vikunja Persistent Takeover CVE-2026-28268

Critical Flaws in Vikunja Expose Users to Persistent Account Takeovers

Do Son March 2, 2026

Vikunja is a popular open-source, self-hostable to-do application designed to help users organize their tasks using list,...

CVE-2026-27728 (CVSS 10): Critical Command Injection Flaw in OneUptime Probe Enables Full Server Takeover OneUptime RCE CVE-2026-27728

CVE-2026-27728 (CVSS 10): Critical Command Injection Flaw in OneUptime Probe Enables Full Server Takeover

Do Son March 2, 2026

If your organization relies on OneUptime to keep a watchful eye on website availability, APIs, and online...

shell-quote command injection AI-Driven Vulnerabilities Q1 2026 Cyber Threats vm2 Sandbox Escape Node.js RCE upKeeper Privilege Escalation CVE-2026-2449 Pharos Controls Vulnerability Root Access Exploit Cybersecurity Vulnerability Roundup CVSS 10.0 Flaws Shadow Archives CVE-2026-0866 MS-Agent Prompt Injection CVE-2026-2256 basic-ftp Path Traversal CVE-2026-27699 telnetd Root Vulnerability CVE-1999-0073 Regression USR-W610 Vulnerabilities End-of-Life IoT Security IceWarp Security Update IceWarp Vulnerabilities Airleader Master Vulnerability CVE-2026-1358 ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

Critical Path Traversal Flaw in basic-ftp Exposes Node.js Apps to Arbitrary File Writes

Do Son March 2, 2026

With over 18 million downloads, basic-ftp is a cornerstone utility for Node.js developers, offering a robust, Promise-based...

Steering the Server: Critical 9.2 Severity SSRF Flaw in Angular SSR Allows Internal Network Probing Angular hostname hijacking vulnerability Angular SSRF Origin Hijacking Angular XSS Vulnerability CVE-2026-32635 Angular i18n XSS CVE-2026-27970 Angular SSR SSRF CVE-2026-27739 Angular Vulnerability CVE-2026-22610 CVE-2025-59052 Angular security Angular XSS Bypass, SVG Injection

Angular hostname hijacking vulnerability Angular SSRF Origin Hijacking Angular XSS Vulnerability CVE-2026-32635 Angular i18n XSS CVE-2026-27970 Angular SSR SSRF CVE-2026-27739 Angular Vulnerability CVE-2026-22610 CVE-2025-59052 Angular security Angular XSS Bypass, SVG Injection

Steering the Server: Critical 9.2 Severity SSRF Flaw in Angular SSR Allows Internal Network Probing

Do Son March 2, 2026

Developers relying on Angular’s Server-Side Rendering (SSR) capabilities need to double-check their security configurations. A highly critical...

Critical CISA Advisory Unmasks Severe Flaws in EV2GO Charging Networks EV2GO Charging Platform ICSA-26-057-04 Lazarus Group, Crypto Hacks LazyStealer

EV2GO Charging Platform ICSA-26-057-04 Lazarus Group, Crypto Hacks LazyStealer

Critical CISA Advisory Unmasks Severe Flaws in EV2GO Charging Networks

Do Son February 28, 2026

Electric vehicles are rapidly becoming the new standard on our roads, but the infrastructure powering them is...

Critical XSS Flaw in RustFS Exposes S3 Storage to Total Admin Account Takeovers RustFS XSS Vulnerability CVE-2026-27822

Critical XSS Flaw in RustFS Exposes S3 Storage to Total Admin Account Takeovers

Do Son February 27, 2026

RustFS is an open-source, high-performance distributed object storage system that is built in the Rust programming language....

Major Security Overhaul for Apache Superset: Five Vulnerabilities Patched CVE-2024-55633 Apache Superset Security CVE-2026-23984

Major Security Overhaul for Apache Superset: Five Vulnerabilities Patched

Do Son February 26, 2026

Apache Superset is a modern data exploration and data visualization platform. Superset can replace or augment proprietary...

New FreeBSD Vulnerabilities Allow Jail Escapes and Kernel Panics FreeBSD Wi-Fi RCE Vulnerability CVE-2026-45255 Patch FreeBSD dhclient Root Exploit CVE-2026-42511 FreeBSD Vulnerability - CVE-2024-7589 FreeBSD Jail Escape CVE-2025-15576

New FreeBSD Vulnerabilities Allow Jail Escapes and Kernel Panics

Do Son February 26, 2026

The FreeBSD project has released details on two significant security flaws that could allow attackers to break...

Automation at Risk: Triple 9.4 Severity RCE Flaws Threaten n8n Workflow Servers n8n Node RCE Vulnerabilities CVE-2026-44791 Prototype Pollution n8n RCE Vulnerabilities CVE-2026-27497 CVE-2026-25053 n8n RCE Vulnerability CVE-2026-21877 n8n RCE, CVE-2025-68613 n8n Git RCE, core.hooksPath Exploit

n8n Node RCE Vulnerabilities CVE-2026-44791 Prototype Pollution n8n RCE Vulnerabilities CVE-2026-27497 CVE-2026-25053 n8n RCE Vulnerability CVE-2026-21877 n8n RCE, CVE-2025-68613 n8n Git RCE, core.hooksPath Exploit

Automation at Risk: Triple 9.4 Severity RCE Flaws Threaten n8n Workflow Servers

Do Son February 26, 2026

n8n is a popular workflow automation platform that gives technical teams the flexibility of code with the...

Algorithm Confusion: Critical 9.1 Flaw in Parse Server Allows Instant Google Account Takeover CVE-2023-36475 Parse Server JWT Bypass CVE-2026-27804

CVE-2023-36475 Parse Server JWT Bypass CVE-2026-27804

Algorithm Confusion: Critical 9.1 Flaw in Parse Server Allows Instant Google Account Takeover

Do Son February 26, 2026

Parse Server, a widely used open-source backend designed to be deployed on any infrastructure running Node.js and...

Sandbox Escape: Critical 9.2 Severity RCE Flaw Unmasked in ServiceNow AI Platform ServiceNow AI Platform CVE-2026-0542 ServiceNow AI Vulnerability CVE-2025-12420 CVE-2025-0337

ServiceNow AI Platform CVE-2026-0542 ServiceNow AI Vulnerability CVE-2025-12420 CVE-2025-0337

Sandbox Escape: Critical 9.2 Severity RCE Flaw Unmasked in ServiceNow AI Platform

Do Son February 26, 2026

ServiceNow administrators and security teams need to ensure their environments are up to date following the disclosure...

Trend Micro Issues Critical Patch for Apex One: Severe RCE Flaws Addressed Trend Micro Apex One CVE-2025-71210 AI Security Trend Micro Deep Security - CVE-2024-48904 & CVE-2024-51503

Trend Micro Apex One CVE-2025-71210 AI Security Trend Micro Deep Security - CVE-2024-48904 & CVE-2024-51503

Trend Micro Issues Critical Patch for Apex One: Severe RCE Flaws Addressed

Do Son February 26, 2026

Network defenders using Trend Micro Apex One need to prioritize their patching schedules this week. TrendAl has...

NVIDIA Issues Patches for High-Severity Flaws in Cumulus Linux and NVOS NVIDIA GPU Security CUDA-Q Vulnerability NVIDIA Apex Vulnerability AI Infrastructure Security NVIDIA Cumulus Linux CVE-2025-33179 NVIDIA Arm divestment NVIDIA DGX Spark, CVE-2025-33187 NVIDIA Isaac-GROOT, Code Injection Megatron-LM Vulnerability, AI Code Injection NVIDIA China NVIDIA GPUs, Hardware Kill Switches NVIDIA Megatron-LM, LLM Vulnerabilities NVIDIA Base Command Manager - CVE-2024-0138

NVIDIA GPU Security CUDA-Q Vulnerability NVIDIA Apex Vulnerability AI Infrastructure Security NVIDIA Cumulus Linux CVE-2025-33179 NVIDIA Arm divestment NVIDIA DGX Spark, CVE-2025-33187 NVIDIA Isaac-GROOT, Code Injection Megatron-LM Vulnerability, AI Code Injection NVIDIA China NVIDIA GPUs, Hardware Kill Switches NVIDIA Megatron-LM, LLM Vulnerabilities NVIDIA Base Command Manager - CVE-2024-0138

NVIDIA Issues Patches for High-Severity Flaws in Cumulus Linux and NVOS

Do Son February 26, 2026

NVIDIA has issued an important security bulletin for February 2026, warning network administrators of three high-severity vulnerabilities...

Critical Flaw in Juniper PTX Routers: Unauthenticated Root Access Discovered Junos OS Evolved CVE-2026-21902 Juniper Security Director, Critical Vulnerability Junos OS vulnerabilities - CVE-2025-21598 & CVE-2025-21599

Junos OS Evolved CVE-2026-21902 Juniper Security Director, Critical Vulnerability Junos OS vulnerabilities - CVE-2025-21598 & CVE-2025-21599

Critical Flaw in Juniper PTX Routers: Unauthenticated Root Access Discovered

Do Son February 26, 2026

Juniper Networks has issued an urgent out-of-cycle security bulletin warning of a critical vulnerability affecting its PTX...

Weaver E-cology RCE CVE-2026-22679 CVE-2026-20127 Cisco SD-WAN Exploitation AI-Driven Cyberattack ARXON Malware React Server Components Vulnerability CVE-2025-55182 FortiWeb Auth Bypass, Unauthenticated Admin Takeover RayInitiator Bootkit, LINE VIPER CVE-2025-59689 Department of the Treasury cybersecurity - CVE-2025-0108 PoC CVE-2025-31103 Dior Data Breach SK Telecom data breach, long-term intrusion

The Three-Year Shadow: Critical CVSS 10 Cisco SD-WAN Zero-Day Exploited by UAT-8616

Do Son February 26, 2026

Cisco Talos has issued a high-alert warning regarding the active exploitation of CVE-2026-20127, a critical vulnerability affecting...

Critical SQL Injection Vulnerability Found in ‘ormar’ Python Library Python asyncio Vulnerability Windows Buffer Overflow ormar SQL Injection CVE-2026-26198 CVE-2024-49768 - Waitress WSGI server

Python asyncio Vulnerability Windows Buffer Overflow ormar SQL Injection CVE-2026-26198 CVE-2024-49768 - Waitress WSGI server

Critical SQL Injection Vulnerability Found in ‘ormar’ Python Library

Do Son February 26, 2026

A major security flaw has been unearthed in ormar, a popular asynchronous mini Object-Relational Mapper (ORM) for...

Critical 9.2 Severity Path Traversal Flaw Compromises ASUSTOR FTP Backups Labkotec LID-3300IP CVE-2026-1775 ASUSTOR ADM Vulnerability CVE-2026-3179 Russian Cyberattacks - Security Operations Center