Vulnerability Report Archives • Page 4 of 52 • Daily CyberSecurity

Identity at Risk: Apache Syncope Patches Critical Login XSS & XXE Flaws

Ddos February 3, 2026

ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

One Click to “God Mode”: The Critical OpenClaw Flaw That Handed Attackers Your Master Keys

Ddos February 2, 2026

Silent Intruder: “EncystPHP” Web Shell Burrows into FreePBX Systems EncystPHP Web Shell FreePBX Vulnerability

Silent Intruder: “EncystPHP” Web Shell Burrows into FreePBX Systems

Ddos February 2, 2026

“Exfil Out&Look” Flaw Lets Spies Steal Emails via OWA Undetected Exfil Out&Look Microsoft 365 Logging Gap Outlook Classic KB5074109 freeze, January 2026 POP3 PST bug Outlook Classic POP3 freeze, KB5074109 Windows 11 bug Outlook, CPU Usage Outlook lag Outlook Lite discontinued

Exfil Out&Look Microsoft 365 Logging Gap Outlook Classic KB5074109 freeze, January 2026 POP3 PST bug Outlook Classic POP3 freeze, KB5074109 Windows 11 bug Outlook, CPU Usage Outlook lag Outlook Lite discontinued

“Exfil Out&Look” Flaw Lets Spies Steal Emails via OWA Undetected

Ddos February 2, 2026

Smart Buildings at Risk: Critical Johnson Controls Flaw (CVSS 10) Allows Remote SQL Injection

Ddos January 30, 2026

Ivanti EPMM RCE CVE-2026-1281 Modular DS Vulnerability CVE-2026-23550 D-Link RCE Vulnerability CVE-2026-0625 Christmas 2025 GreyNoise Campaign, Japan-Based Initial Access Broker React2Shell Zero-Day, APT Active Exploitation WordPress vulnerability, authentication bypass FreePBX, zero-day Trend Micro Apex One, Remote Code Execution BitoPro Hack, Crypto Theft UNC5337 - CVE-2022-47945 Safe{Wallet} hack Fortinet vulnerability, CVE-2024-21762, FortiGate attack Balloonfly, Play ransomware Ivanti EPMM CVE-2025-4427 and CVE-2025-4428

Exploited in the Wild: Critical Ivanti EPMM RCE Flaws (CVSS 9.8) Under Attack

Ddos January 30, 2026

Cluster Admin for All: Critical Kyverno Flaw (CVSS 10) Shatters Isolation Kyverno Privilege Escalation CVE-2026-22039

Cluster Admin for All: Critical Kyverno Flaw (CVSS 10) Shatters Isolation

Ddos January 30, 2026

“SessionReaper” Harvests Roots: Mass Exploitation Campaign Hits Over 200 Magento Sites Notepad++ Compromise Supply Chain Attack Magento SessionReaper CVE-2025-54236 ShadowRay 2.0, AI-Generated Malware WordPress Auth Bypass, CVE-2025-5947 Exploited EcoStruxure Vulnerabilities, Industrial Control System UNC5820 - CVE-2014-2120 - CVE-2021-44207

Notepad++ Compromise Supply Chain Attack Magento SessionReaper CVE-2025-54236 ShadowRay 2.0, AI-Generated Malware WordPress Auth Bypass, CVE-2025-5947 Exploited EcoStruxure Vulnerabilities, Industrial Control System UNC5820 - CVE-2014-2120 - CVE-2021-44207

“SessionReaper” Harvests Roots: Mass Exploitation Campaign Hits Over 200 Magento Sites

Ddos January 30, 2026

GPU vs ASIC AI battle NVIDIA Driver Vulnerability CVE-2025-33217 NVIDIA biggest TSMC customer 2026, NVIDIA vs Apple TSMC revenue share NVIDIA CUDA Toolkit CVE-2025-33228 Groq NVIDIA licensing deal, Jonathan Ross acquihire 2025 NeMo Code Injection, AI Framework RCE NVIDIA App Privilege Escalation, CVE-2025-23358 NVIDIA Security Update, DLS Vulnerability CVE-2025-23316 NVIDIA NVDebug, vulnerabilities NVIDIA Driver Vulnerabilities, vGPU Security Nvidia Jetson, UEFI Vulnerabilities CVE-2024-0130 - CVE-2024-0136 CVE-2024-0148 NVIDIA Driver Support, Windows 10 EOL

Guest-to-Host Escape: NVIDIA Patches Critical vGPU & Driver Flaws

Ddos January 30, 2026

High-Severity IDOR Flaw Lets Admins Hijack TP-Link Omada Owner Accounts TP-Link Archer BE230 Vulnerability Command Injection TP-Link Omada Vulnerability CVE-2025-9520 TP-Link Archer MR600 Vulnerability CVE-2025-14756 CVE-2026-0629 TP-Link Omada RCE, CVE-2025-6542 TP-Link, Smart plug vulnerability TP-Link Archer C50, Hardcoded DES Key TP-Link NVR, Command Injection TP-Link Routers cybersecurity

High-Severity IDOR Flaw Lets Admins Hijack TP-Link Omada Owner Accounts

Ddos January 29, 2026

Safety Broken: PyTorch “Safe” Mode Bypassed by Critical RCE Flaw PyTorch vulnerability, CVE-2025-32434 CVE-2026-24747

Safety Broken: PyTorch “Safe” Mode Bypassed by Critical RCE Flaw

Ddos January 29, 2026

CVE-2026-24765: PHPUnit Vulnerability Exposes CI/CD Pipelines to RCE PHPUnit Vulnerability CVE-2026-24765

CVE-2026-24765: PHPUnit Vulnerability Exposes CI/CD Pipelines to RCE

Ddos January 29, 2026

CVE-2026-24002: Critical Sandbox Escape Turns Grist Spreadsheets into RCE Weapons

Ddos January 29, 2026

The “Zeroplayer” Arsenal: WinRAR Flaw CVE-2025-8088 Weaponized by Spies WinRAR Vulnerability CVE-2025-8088

The “Zeroplayer” Arsenal: WinRAR Flaw CVE-2025-8088 Weaponized by Spies

Ddos January 29, 2026

CVE-2026-23830: Critical SandboxJS Flaw (CVSS 10) Allows Total Sandbox Escape

Ddos January 29, 2026

CVE-2025-14988: Critical 9.8 Vulnerability hits ibaPDA Industrial Software

Ddos January 29, 2026

SolarWinds Web Help Desk Hit with Multiple RCE and Auth Bypass Vulnerabilities CVE-2024-23476 & CVE-2024-23479 SolarWinds Web Help Desk Unauthenticated RCE

CVE-2024-23476 & CVE-2024-23479 SolarWinds Web Help Desk Unauthenticated RCE

SolarWinds Web Help Desk Hit with Multiple RCE and Auth Bypass Vulnerabilities

Ddos January 28, 2026

Sandbox Shattered: Critical n8n Flaw (CVSS 9.9) Allows Remote Code Execution CVE-2026-25053 n8n RCE Vulnerability CVE-2026-21877 n8n RCE, CVE-2025-68613 n8n Git RCE, core.hooksPath Exploit