Vulnerability Report Archives • Page 34 of 87 • Daily CyberSecurity

Rooting Out Risk: CISA Warns of Critical 9.1 Severity Flaws in Gardyn Smart Gardening Systems Gardyn Home Kit Vulnerabilities IoT Command Injection Vivotek Vulnerability CVE-2026-22755 Command Injection Ofuji Fishing data breach

Gardyn Home Kit Vulnerabilities IoT Command Injection Vivotek Vulnerability CVE-2026-22755 Command Injection Ofuji Fishing data breach

Rooting Out Risk: CISA Warns of Critical 9.1 Severity Flaws in Gardyn Smart Gardening Systems

Do Son February 25, 2026

Smart gardening systems are designed to bring the serenity of nature indoors, but a series of critical...

Total Takeover: Critical Zyxel Flaw (CVSS 9.8) Exposes Routers to Remote Command Injection CVE-2022-43389 - CVE-2024-12398 Zyxel UPnP Vulnerability CVE-2025-13942

CVE-2022-43389 - CVE-2024-12398 Zyxel UPnP Vulnerability CVE-2025-13942

Total Takeover: Critical Zyxel Flaw (CVSS 9.8) Exposes Routers to Remote Command Injection

Do Son February 25, 2026

Networking giant Zyxel has rolled out a wave of urgent security patches addressing multiple vulnerabilities across its...

Root Access Granted: Four Critical RCE Flaws Patched in SolarWinds Serv-U CVE-2024-28075 & CVE-2024-23473 SolarWinds Serv-U RCE CVE-2025-40538

Root Access Granted: Four Critical RCE Flaws Patched in SolarWinds Serv-U

Do Son February 24, 2026

File transfer servers are meant to securely move sensitive data, but a new batch of critical vulnerabilities...

Critical VMware Aria Operations Flaw Allows RCE During System Upgrades VMware Aria Operations CVE-2026-22719 VMware Fusion - CVE-2024-38811 VMware security, CVE-2025-22247

VMware Aria Operations CVE-2026-22719 VMware Fusion - CVE-2024-38811 VMware security, CVE-2025-22247

Critical VMware Aria Operations Flaw Allows RCE During System Upgrades

Do Son February 24, 2026

For enterprise IT teams, VMware Aria Operations (formerly vRealize Operations) acts as the central nervous system for...

Chrome Security Update Use After Free Chrome Security Update Critical Vulnerabilities Chrome Security Update CVE-2026-3062 Chrome Security Update V8 Engine Vulnerability Chrome Security Update CVE-2026-1862 CVE-2026-0628 Chrome 143 Update Chrome Safe Browsing UAF, CVE-2025-11756 Chrome Memory Flaws, CVE-2025-11460 Google Chrome, vulnerability CVE-2025-10200, CVE-2025-10201 Big Sleep CVE-2025-9478 Chrome Update, Security Vulnerabilities

Chrome Alert: High-Severity Flaws in Media and Tint Engine Trigger Emergency Update

Do Son February 24, 2026

Google has officially announced an important update for the Chrome Stable channel, addressing three high-severity security vulnerabilities...

shell-quote command injection AI-Driven Vulnerabilities Q1 2026 Cyber Threats vm2 Sandbox Escape Node.js RCE upKeeper Privilege Escalation CVE-2026-2449 Pharos Controls Vulnerability Root Access Exploit Cybersecurity Vulnerability Roundup CVSS 10.0 Flaws Shadow Archives CVE-2026-0866 MS-Agent Prompt Injection CVE-2026-2256 basic-ftp Path Traversal CVE-2026-27699 telnetd Root Vulnerability CVE-1999-0073 Regression USR-W610 Vulnerabilities End-of-Life IoT Security IceWarp Security Update IceWarp Vulnerabilities Airleader Master Vulnerability CVE-2026-1358 ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

No Patch for the EOL: CISA Warns of Critical 9.8 Severity Flaw in USR-W610 IoT Devices

Do Son February 24, 2026

The Cybersecurity and Infrastructure Security Agency (CISA) issues a warning regarding multiple critical vulnerabilities in widely deployed...

CVE-2026-27212: Critical Swiper Prototype Pollution Flaw (CVSS 9.4) Exposes Global Apps Swiper npm Vulnerability CVE-2026-27212

CVE-2026-27212: Critical Swiper Prototype Pollution Flaw (CVSS 9.4) Exposes Global Apps

Do Son February 24, 2026

If your web or mobile application relies on smooth, touch-friendly interfaces, there is a high probability you...

First-Ever TPM Sniffing Attack Extracts LUKS Keys from Industrial Linux Devices TPM Sniffing CVE-2026-0714

First-Ever TPM Sniffing Attack Extracts LUKS Keys from Industrial Linux Devices

Do Son February 24, 2026

While hardware hackers have long demonstrated the ability to extract BitLocker keys by eavesdropping on Windows systems,...

Critical Undertow Flaw (CVSS 9.6) Strikes HPE Telco Service Activator CVE-2024-42509 & CVE-2024-47460 HPE Aruba Fabric Composer CVE-2026-23592 Aruba AOS-CX CVE-2026-23813

CVE-2024-42509 & CVE-2024-47460 HPE Aruba Fabric Composer CVE-2026-23592 Aruba AOS-CX CVE-2026-23813

Critical Undertow Flaw (CVSS 9.6) Strikes HPE Telco Service Activator

Do Son February 23, 2026

Telecommunications providers rely on complex orchestration tools to keep the world connected, but a newly disclosed vulnerability...

Hackers Exploit Critical BeyondTrust Flaw to Deploy VShell and SparkRAT Across Multiple Sectors BeyondTrust Vulnerability CVE-2026-1731 UPBIT $369M Hack CVE-2024-55591 Ivanti VPN vulnerability, cyber espionage

BeyondTrust Vulnerability CVE-2026-1731 UPBIT $369M Hack CVE-2024-55591 Ivanti VPN vulnerability, cyber espionage

Hackers Exploit Critical BeyondTrust Flaw to Deploy VShell and SparkRAT Across Multiple Sectors

Do Son February 23, 2026

A critical security flaw in a widely used enterprise access platform is under active attack, prompting urgent...

Poisoned Pages: Critical Calibre Path Traversal Flaws Expose Readers to RCE Calibre Vulnerability CVE-2026-26065 Calibre RCE, FB2 File Flaw

Poisoned Pages: Critical Calibre Path Traversal Flaws Expose Readers to RCE

Do Son February 23, 2026

Calibre, the highly popular, cross-platform e-book manager utilized by readers worldwide to view, convert, edit, and catalog...

Sandbox Bypassed: jsPDF Flaw Exposes Millions to Object Injection

Do Son February 23, 2026

If your web application generates PDF documents on the fly, you might be carrying a critical security...

Exploited in the Wild & PoC Disclosed: Emergency Chrome Zero-Day (CVE-2026-2441) Patched Chrome security update exploit in the wild Chrome Zero-Day CVE-2026-3909 Chrome Zero-Day PoC CVE-2026-2441 Chrome Zero-Day CVE-2026-2441 Chrome Zero-Day, Active Exploitation CVE-2025-10585 Chrome vulnerability, zero-day exploit CVE-2025-6558 Chrome Zero-Day, V8 Vulnerability Chrome Zero-Day, Security Update

Chrome security update exploit in the wild Chrome Zero-Day CVE-2026-3909 Chrome Zero-Day PoC CVE-2026-2441 Chrome Zero-Day CVE-2026-2441 Chrome Zero-Day, Active Exploitation CVE-2025-10585 Chrome vulnerability, zero-day exploit CVE-2025-6558 Chrome Zero-Day, V8 Vulnerability Chrome Zero-Day, Security Update

Exploited in the Wild & PoC Disclosed: Emergency Chrome Zero-Day (CVE-2026-2441) Patched

Do Son February 20, 2026

Google has been forced to push emergency updates to billions of users following the discovery of a...

Bypassing the Bouncer: Apache Tomcat Patches SNI & Legacy Protocol Flaws Tomcat Security Update CVE-2026-24733 CVE-2023-41081 -CVE-2024-56337

Bypassing the Bouncer: Apache Tomcat Patches SNI & Legacy Protocol Flaws

Do Son February 20, 2026

The Apache Software Foundation has rolled out a trio of security updates for its ubiquitous Apache Tomcat...

The Dev Environment Trap: 128 Million Users at Risk as Top VS Code Extensions Unmask Critical Flaws VS Code extension vulnerabilities 2026

The Dev Environment Trap: 128 Million Users at Risk as Top VS Code Extensions Unmask Critical Flaws

Do Son February 20, 2026

Ubiquitous extensions for Visual Studio Code, boasting a cumulative download count exceeding 128 million, have been unmasked...

PoC Publicly Disclosed: Critical Grandstream VoIP Flaw (CVSS 9.3) Grants Stealthy Root Access Grandstream VoIP Zero-Day CVE-2026-2329 PoC

PoC Publicly Disclosed: Critical Grandstream VoIP Flaw (CVSS 9.3) Grants Stealthy Root Access

Do Son February 20, 2026

If your office desks are equipped with Grandstream GXP1600 series phones, you might want to pause the...

CVE-2025-65717: Critical Vulnerability in VS Code’s Live Server Extension Puts 72 Million Developers at Risk, No Patch

Do Son February 20, 2026

A wildly popular tool designed to make web development easier is currently harboring a massive security blind...

Splunk Windows Flaws Expose Servers to System Takeover

Do Son February 19, 2026

Splunk administrators operating in Windows environments face a double threat this week. A new security advisory reveals...

CVE-2026-26016: Critical Pterodactyl API Flaw (CVSS 9.2) Exposes Entire Server Networks Pterodactyl Vulnerability CVE-2026-26016

CVE-2026-26016: Critical Pterodactyl API Flaw (CVSS 9.2) Exposes Entire Server Networks

Do Son February 19, 2026

Pterodactyl is a highly popular free and open-source game server management panel. Designed with security in mind...

High-Severity DoS Flaw Hits 46 Million ‘fast-xml-parser’ Downloads fast-xml-parser DoS CVE-2026-26278

High-Severity DoS Flaw Hits 46 Million ‘fast-xml-parser’ Downloads

Do Son February 19, 2026

If your Node.js application parses XML, you might want to check your dependencies immediately. A critical Denial...