Vulnerability Report Archives • Page 42 of 87 • Daily CyberSecurity

Critical Flaw in “Advanced Custom Fields: Extended” Exposes 100K WordPress Sites to Takeover ACF Extended Vulnerability CVE-2025-14533

Critical Flaw in “Advanced Custom Fields: Extended” Exposes 100K WordPress Sites to Takeover

Do Son January 20, 2026

A critical security vulnerability has been discovered in Advanced Custom Fields: Extended, a popular WordPress plugin with...

shell-quote command injection AI-Driven Vulnerabilities Q1 2026 Cyber Threats vm2 Sandbox Escape Node.js RCE upKeeper Privilege Escalation CVE-2026-2449 Pharos Controls Vulnerability Root Access Exploit Cybersecurity Vulnerability Roundup CVSS 10.0 Flaws Shadow Archives CVE-2026-0866 MS-Agent Prompt Injection CVE-2026-2256 basic-ftp Path Traversal CVE-2026-27699 telnetd Root Vulnerability CVE-1999-0073 Regression USR-W610 Vulnerabilities End-of-Life IoT Security IceWarp Security Update IceWarp Vulnerabilities Airleader Master Vulnerability CVE-2026-1358 ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

Industrial Alert: Critical RCE in AVEVA Software Rated CVSS 10

Do Son January 20, 2026

AVEVA, a global leader in industrial software, has issued a critical security bulletin regarding its flagship Process...

WhisperPair: Critical Fast Pair Flaw Exposes Headphones to Hijacking WhisperPair Vulnerability Google Fast Pair Flaw

WhisperPair: Critical Fast Pair Flaw Exposes Headphones to Hijacking

Do Son January 20, 2026

Your high-end Bluetooth headphones might be listening to more than just your music. A new report from...

The Pixel 9 Zero-Click Exploit Chain That Breaks the Kernel Android zero day flaw June 2026 security bulletin RuTaxi Trojan Android Banking Malware Pixel 9 zero-click exploit, Dolby UDC vulnerability CVE-2025-54957 NexusRoute Android RAT, India E-Challan Phishing ClayRat Self-Defense, Android Accessibility Abuse Android Trojan, AntiDot Android Malware "BadPack"

Android zero day flaw June 2026 security bulletin RuTaxi Trojan Android Banking Malware Pixel 9 zero-click exploit, Dolby UDC vulnerability CVE-2025-54957 NexusRoute Android RAT, India E-Challan Phishing ClayRat Self-Defense, Android Accessibility Abuse Android Trojan, AntiDot Android Malware "BadPack"

The Pixel 9 Zero-Click Exploit Chain That Breaks the Kernel

Do Son January 19, 2026

One need not even open a missive or engage the “play” interface for a device to commence...

CVE-2026-0695: High-Severity XSS Flaw Patched in ConnectWise PSA 2026.1

Do Son January 19, 2026

ConnectWise has released a crucial security update for its Professional Services Automation (PSA) platform, addressing two significant...

Unpatched RCE: Livewire Filemanager Upload Flaw (CVE-2025-14894) Exposes Laravel Apps Livewire Filemanager RCE CVE-2025-14894

Unpatched RCE: Livewire Filemanager Upload Flaw (CVE-2025-14894) Exposes Laravel Apps

Do Son January 19, 2026

A critical new security flaw has been unearthed in Livewire Filemanager, a popular tool used within the...

Bluetooth “Heartbleed” and DoS Flaws Found in Xiaomi Redmi Buds, No Patch Xiaomi Redmi Buds Vulnerability CVE-2025-13834

Bluetooth “Heartbleed” and DoS Flaws Found in Xiaomi Redmi Buds, No Patch

Do Son January 19, 2026

A pair of critical vulnerabilities has been discovered in Xiaomi’s popular Redmi Buds series, exposing users to...

Critical Deno Flaws Risk Secrets (CVE-2026-22863) & Execution (CVE-2026-22864) Deno Vulnerability CVE-2026-22863

Critical Deno Flaws Risk Secrets (CVE-2026-22863) & Execution (CVE-2026-22864)

Do Son January 19, 2026

Deno, the modern JavaScript and TypeScript runtime famous for its “secure by default” architecture, has hit a...

Critical ABB Alert: OPTIMAX Flaw Allows Full System Takeover ABB T-MAC Plus vulnerabilities terminal system flaws ABB OPTIMAX Vulnerability CVE-2025-14510 ABB Edgenius Auth Bypass, Critical RCE ABB, ASPECT BMS CVE-2024-48841, CVE-2024-48849, and CVE-2024-48852 CVE-2024-48510

Critical ABB Alert: OPTIMAX Flaw Allows Full System Takeover

Do Son January 19, 2026

Industrial automation giant ABB has released a critical security advisory warning of a severe vulnerability in its...

Decades-Old Flaw & New Heap Corruption: Critical glibc Bugs Revealed glibc Security Legacy DNS Flaws glibc Vulnerabilities Linux Security Alert glibc Vulnerability CVE-2026-0861

glibc Security Legacy DNS Flaws glibc Vulnerabilities Linux Security Alert glibc Vulnerability CVE-2026-0861

Decades-Old Flaw & New Heap Corruption: Critical glibc Bugs Revealed

Do Son January 19, 2026

The maintainers of the GNU C Library (glibc), the core library that underpins the vast majority of...

CodeBreach: Missing Regex Anchors Exposed AWS Console to Takeover CodeBreach Vulnerability AWS Supply Chain Attack

CodeBreach: Missing Regex Anchors Exposed AWS Console to Takeover

Do Son January 17, 2026

A seemingly minor misconfiguration in a regular expression could have allowed attackers to seize control of critical...

CVE-2025-60021: Apache bRPC Flaw Opens Door to Remote Command Injection Apache bRPC Vulnerability CVE-2025-60021 Apache bRPC, CVE-2025-59789 Apache bRPC, Redis Vulnerability

Apache bRPC Vulnerability CVE-2025-60021 Apache bRPC, CVE-2025-59789 Apache bRPC, Redis Vulnerability

CVE-2025-60021: Apache bRPC Flaw Opens Door to Remote Command Injection

Do Son January 17, 2026

Apache has issued an important fix for bRPC, its industrial-grade C++ RPC framework used to power some...

Canon Critical Alert: 7 New Flaws Expose Printers to Remote Hackers CVE-2024-47406 CVE-2025-1268 Canon Printer Vulnerability CVE-2025-14231

Canon Critical Alert: 7 New Flaws Expose Printers to Remote Hackers

Do Son January 16, 2026

Canon has issued a security advisory for its small office and laser printer lineups, warning of seven...

One Click to Compromise: Microsoft Copilot’s “Reprompt” Flaw Exposed Microsoft Strategic Market Status investigation Dell CES 2026 AI PC marketing, Microsoft Copilot+ PC consumer apathy Microsoft AI Sales Quota Enterprise AI Demand Edge Copilot, AI browsing

Microsoft Strategic Market Status investigation Dell CES 2026 AI PC marketing, Microsoft Copilot+ PC consumer apathy Microsoft AI Sales Quota Enterprise AI Demand Edge Copilot, AI browsing

One Click to Compromise: Microsoft Copilot’s “Reprompt” Flaw Exposed

Do Son January 16, 2026

A new research report from Varonis Threat Labs has unveiled a vulnerability in Microsoft Copilot Personal that...

OpenStack Admin Forgery: CVE-2026-22797 Lets Users ‘Ask’ for Root CVE-2022-38065 OpenStack Vulnerability CVE-2026-22797

OpenStack Admin Forgery: CVE-2026-22797 Lets Users ‘Ask’ for Root

Do Son January 16, 2026

A significant security flaw has been closed in the OpenStack cloud infrastructure project, specifically within its identity...

Check Point VPN vulnerability exploited in the wild Check Point VPN exploit CVE-2026-50751 zero-day Checkmarx Breach Supply Chain Attack Ivanti EPMM RCE CVE-2026-1281 Modular DS Vulnerability CVE-2026-23550 D-Link RCE Vulnerability CVE-2026-0625 Christmas 2025 GreyNoise Campaign, Japan-Based Initial Access Broker React2Shell Zero-Day, APT Active Exploitation WordPress vulnerability, authentication bypass FreePBX, zero-day Trend Micro Apex One, Remote Code Execution BitoPro Hack, Crypto Theft UNC5337 - CVE-2022-47945 Safe{Wallet} hack Fortinet vulnerability, CVE-2024-21762, FortiGate attack Balloonfly, Play ransomware Ivanti EPMM CVE-2025-4427 and CVE-2025-4428

Exploited in the Wild: Critical Modular DS Flaw CVE-2026-23550 (CVSS 10) Allows Instant Admin Takeover

Do Son January 15, 2026

A critical privilege escalation vulnerability, tracked as CVE-2026-23550 (CVSS 10), has been discovered in the Modular DS...

CVE-2025-33206: High-Severity Flaw Patched in NVIDIA Nsight Graphics for Linux NVIDIA Nsight Vulnerability CVE-2025-33206 NVIDIA ConnectX Firmware - CVE-2024-0105

NVIDIA Nsight Vulnerability CVE-2025-33206 NVIDIA ConnectX Firmware - CVE-2024-0105

CVE-2025-33206: High-Severity Flaw Patched in NVIDIA Nsight Graphics for Linux

Do Son January 15, 2026

NVIDIA has released a critical software update for its Nsight Graphics tool on Linux, patching a high-severity...

Palo Alto Networks Firewalls Hit by Unauthenticated GlobalProtect DoS Flaw PAN-OS IKEv2 Buffer Overflow CVE-2026-0263 Palo Alto Cortex XDR Privilege Escalation Palo Alto Networks Vulnerability CVE-2026-0229 PAN-OS Vulnerability CVE-2026-0227 CVE-2024-5914 - Palo Alto Networks - CVE-2025-0108 & CVE-2025-0110

Palo Alto Networks Firewalls Hit by Unauthenticated GlobalProtect DoS Flaw

Do Son January 15, 2026

Palo Alto Networks has issued a warning to network administrators worldwide after discovering a high-severity vulnerability in...

HPE Aruba Patches High-Severity DoS and Data Leak Flaws in Instant On Devices HPE Aruba Private 5G Vulnerability CVE-2026-23595 HPE Instant On Vulnerability CVE-2025-37166 CVE-2024-31466 & CVE-2024-31467 HPE Aruba Networking, vulnerability