Vulnerability Report Archives • Page 48 of 87 • Daily CyberSecurity

Node.js Alert: systeminformation Flaw Risks Windows RCE for 16M+ Monthly Users systeminformation RCE, Node.js Command Injection

Node.js Alert: systeminformation Flaw Risks Windows RCE for 16M+ Monthly Users

Do Son December 18, 2025

A high-severity vulnerability has been uncovered in systeminformation, a massively popular Node.js library used by millions of...

NVIDIA Critical AI Patch: Isaac Lab and NeMo Framework Flaws Risk Full Code Execution NemoClaw Prompt Injection AI Sandbox Security NVIDIA Physical AI CES 2026, Jetson T4000 robotics hardware NVIDIA AI Security, Isaac Lab RCE NVIDIA Driver RCE, CVE-2025-23309 NVIDIA Triton, AI Server Vulnerabilities CVE-2023-31029 & CVE-2023-31024 - CVE‑2024-0112

NemoClaw Prompt Injection AI Sandbox Security NVIDIA Physical AI CES 2026, Jetson T4000 robotics hardware NVIDIA AI Security, Isaac Lab RCE NVIDIA Driver RCE, CVE-2025-23309 NVIDIA Triton, AI Server Vulnerabilities CVE-2023-31029 & CVE-2023-31024 - CVE‑2024-0112

NVIDIA Critical AI Patch: Isaac Lab and NeMo Framework Flaws Risk Full Code Execution

Do Son December 17, 2025

NVIDIA has rolled out a sweeping security update addressing multiple high-severity vulnerabilities across its AI and simulation...

Chrome 148 lazy loading Chrome for Linux ARM64 Chrome 145 Update Chrome Security Fixes Chrome Security Update CVE-2026-1220 Chrome 144 Security Update CVE-2026-0899 Chrome Memory Safety, WebGPU UAF Chrome V8 Type Confusion, Google Updater Flaw Chrome V8 Flaw, CVE-2025-13042 Chrome V8, Type Confusion, Chrome 142 Update Chrome V8 Flaw, CVE-2025-12036 Chrome 141, WebGPU Overflow Google Chrome preloading Chrome, V8 vulnerability CVE-2025-9132 Chrome Security Update, Use-After-Free Chrome V8, Type Confusion Chrome Telemetry, Windows 10 EOL Microsoft Family Safety, Chrome Blocking Chrome Security Update, High-Severity Google Chrome, Antitrust CVE-2024-10487 and CVE-2024-10488 Google Chrome Root Program Chrome Update, CVE-2025-3619 Chrome Acquisition, Perplexity.ai

Google Chrome Emergency Update: High-Severity Memory Corruption Flaws Fixed in WebGPU and V8

Do Son December 17, 2025

Google has rolled out an important security update for the Stable desktop channel, patching two high-severity vulnerabilities...

shell-quote command injection AI-Driven Vulnerabilities Q1 2026 Cyber Threats vm2 Sandbox Escape Node.js RCE upKeeper Privilege Escalation CVE-2026-2449 Pharos Controls Vulnerability Root Access Exploit Cybersecurity Vulnerability Roundup CVSS 10.0 Flaws Shadow Archives CVE-2026-0866 MS-Agent Prompt Injection CVE-2026-2256 basic-ftp Path Traversal CVE-2026-27699 telnetd Root Vulnerability CVE-1999-0073 Regression USR-W610 Vulnerabilities End-of-Life IoT Security IceWarp Security Update IceWarp Vulnerabilities Airleader Master Vulnerability CVE-2026-1358 ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

Critical FreePBX Flaw (CVE-2025-66039) Risks PBX Takeover via Authentication Bypass in ‘webserver’ Auth Mode

Do Son December 17, 2025

A critical security vulnerability has been discovered in FreePBX, the world’s most popular open-source PBX platform, potentially...

Windows Admin Center Flaw (CVE-2025-64669): How a Simple Folder Permission Opened the Door to SYSTEM Access

Do Son December 17, 2025

A high-severity security oversight in Microsoft’s Windows Admin Center (WAC) has been unearthed, revealing how a basic...

Critical OpenShift GitOps Flaw Risks Cluster Takeover (CVE-2025-13888) via Privilege Escalation to Root WHILL Wheelchair Hijacking, CVE-2025-14346 MAS typosquatting malware, get.activate.win vs get.activated.win OpenShift GitOps RCE, Cluster Takeover Flaw Twonky Server, CVE-2025-13315 AI agents CVE-2024-52875 PoC

WHILL Wheelchair Hijacking, CVE-2025-14346 MAS typosquatting malware, get.activate.win vs get.activated.win OpenShift GitOps RCE, Cluster Takeover Flaw Twonky Server, CVE-2025-13315 AI agents CVE-2024-52875 PoC

Critical OpenShift GitOps Flaw Risks Cluster Takeover (CVE-2025-13888) via Privilege Escalation to Root

Do Son December 16, 2025

A critical vulnerability has been uncovered in Red Hat OpenShift GitOps, exposing Kubernetes clusters to a complete...

Critical ScreenConnect Flaw (CVE-2025-14265) Risks Config Exposure & Untrusted Extension Installation

Do Son December 16, 2025

ConnectWise has issued an important security update for its widely used remote support software, ScreenConnect, addressing a...

Critical FortiGate SSO Flaw Under Active Exploitation: Attackers Bypass Auth and Exfiltrate Configs Quest KACE Vulnerability CVE-2025-32975 FortiGate SSO Bypass, Active Exploitation GoAnywhere RCE, Storm-1175 Cisco VPN RCE, ASA Zero-Day TinyColor Supply Chain Attack SK Telecom, data breach Erlang/OTP RCE, OT Network Security Ivanti CSA Attacks WordPress RCE, Theme Vulnerability

Quest KACE Vulnerability CVE-2025-32975 FortiGate SSO Bypass, Active Exploitation GoAnywhere RCE, Storm-1175 Cisco VPN RCE, ASA Zero-Day TinyColor Supply Chain Attack SK Telecom, data breach Erlang/OTP RCE, OT Network Security Ivanti CSA Attacks WordPress RCE, Theme Vulnerability

Critical FortiGate SSO Flaw Under Active Exploitation: Attackers Bypass Auth and Exfiltrate Configs

Do Son December 16, 2025

A critical security crisis is unfolding for Fortinet administrators this week. Just days after the vendor disclosed...

macOS LPE Flaw Resurfaces: .localized Directory Exploited to Hijack Installers and Gain Root Access macOS Installer Hijack, .localized LPE

macOS LPE Flaw Resurfaces: .localized Directory Exploited to Hijack Installers and Gain Root Access

Do Son December 16, 2025

A stubborn vulnerability in macOS third-party installers has resurfaced, allowing attackers to hijack privileged processes and gain...

NVIDIA Merlin Flaws Risk AI Pipeline RCE via Unsafe Deserialization in NVTabular & Transformers4Rec NVIDIA DGX Cloud restructuring, Dwight Diercks engineering shift NVIDIA Isaac Launchable, Hard-coded Credentials NVIDIA Merlin Deserialization, AI Pipeline RCE Triton DoS Flaws, AI Inference Server Security NVIDIA AI programming AI Chips China 800VDC Data Center, AI Power Architecture CVE-2024-0114 NVIDIA Container Toolkit vulnerability Container escape

NVIDIA DGX Cloud restructuring, Dwight Diercks engineering shift NVIDIA Isaac Launchable, Hard-coded Credentials NVIDIA Merlin Deserialization, AI Pipeline RCE Triton DoS Flaws, AI Inference Server Security NVIDIA AI programming AI Chips China 800VDC Data Center, AI Power Architecture CVE-2024-0114 NVIDIA Container Toolkit vulnerability Container escape

NVIDIA Merlin Flaws Risk AI Pipeline RCE via Unsafe Deserialization in NVTabular & Transformers4Rec

Do Son December 15, 2025

NVIDIA has issued an important security update for its Merlin framework, patching high-severity vulnerabilities that could allow...

Unpatched Windows RasMan Flaw Allows Unprivileged Crash, Enabling Local System Privilege Escalation Exploit Microsoft Patch Tuesday CVE-2026-20805 RasMan Crash Flaw, 0patch Micropatch ASP.NET Core, HTTP smuggling Windows kernel Rust ActiveX, Microsoft 365

Microsoft Patch Tuesday CVE-2026-20805 RasMan Crash Flaw, 0patch Micropatch ASP.NET Core, HTTP smuggling Windows kernel Rust ActiveX, Microsoft 365

Unpatched Windows RasMan Flaw Allows Unprivileged Crash, Enabling Local System Privilege Escalation Exploit

Do Son December 15, 2025

Recently, researchers at 0patch have discovered an unpatched vulnerability in the Windows Remote Access Connection Manager (RasMan)...

Critical pgAdmin RCE (CVE-2025-13780) Flaw Bypasses Fix, Allowing Server Takeover Via Malicious Database Restore pgAdmin 4 Vulnerabilities CVE-2026-7813 Authorization Bypass pgAdmin RCE, BOM Bypass Flaw

pgAdmin 4 Vulnerabilities CVE-2026-7813 Authorization Bypass pgAdmin RCE, BOM Bypass Flaw

Critical pgAdmin RCE (CVE-2025-13780) Flaw Bypasses Fix, Allowing Server Takeover Via Malicious Database Restore

Do Son December 15, 2025

A critical security vulnerability has been discovered in pgAdmin, the world’s most popular open-source management tool for...

Critical Plesk Flaw (CVE-2025-66430) Risks Full Server Takeover via LPE and Apache Config Injection Plesk privilege escalation flaw CVE-2026-44962 patch Plesk LPE, Root Command Execution

Plesk privilege escalation flaw CVE-2026-44962 patch Plesk LPE, Root Command Execution

Critical Plesk Flaw (CVE-2025-66430) Risks Full Server Takeover via LPE and Apache Config Injection

Do Son December 15, 2025

A critical security vulnerability has been discovered in Plesk, a leading web hosting and data center automation...

Apache StreamPark Flaw Risks Data Decryption & Token Forgery via Hard-Coded Key and AES ECB Mode Apache StreamPark Crypto, Hard-Coded Key Flaw

Apache StreamPark Flaw Risks Data Decryption & Token Forgery via Hard-Coded Key and AES ECB Mode

Do Son December 15, 2025

The maintainers of Apache StreamPark, a popular framework for developing streaming applications, have issued a critical security...

ImageMagick Flaw Risks Arbitrary Memory Disclosure via PSX TIM File Integer Overflow on 32-bit Systems ImageMagick Vulnerability CVE-2026-23876 ImageMagick TIM Overflow, Memory Disclosure Flaw ImageMagick vulnerabilities, memory corruption CVE-2023-34152

ImageMagick Flaw Risks Arbitrary Memory Disclosure via PSX TIM File Integer Overflow on 32-bit Systems

Do Son December 15, 2025

A high-severity vulnerability has been uncovered in ImageMagick, the ubiquitous open-source image processing suite used by millions...

React2Shell: Max-Score RCE (CVSS 10.0) Triggers Widespread Exploitation by Espionage Groups & Miners React2Shell RCE, Widespread Exploitation

React2Shell: Max-Score RCE (CVSS 10.0) Triggers Widespread Exploitation by Espionage Groups & Miners

Do Son December 13, 2025

The cybersecurity landscape was jolted this month by the disclosure of a catastrophic vulnerability in one of...

Apache Airflow Flaws Leak Sensitive Credentials in UI via DAG Tracebacks & Template Rendering Airflow Credential Leak, UI Redaction Failure CVE-2024-39877 & CVE-2024-45784 Airflow Connection Leak, CVE-2025-54831

Airflow Credential Leak, UI Redaction Failure CVE-2024-39877 & CVE-2024-45784 Airflow Connection Leak, CVE-2025-54831

Apache Airflow Flaws Leak Sensitive Credentials in UI via DAG Tracebacks & Template Rendering

Do Son December 13, 2025

The maintainers of Apache Airflow, the industry-standard platform for programmatic workflow authoring, have released a crucial security...

Urgent: Apple Patches Two Critical WebKit Zero-Days Under Active Exploitation Against High-Risk Targets Apple Zero-Day CVE-2025-43529 WebKit Zero-Day, Targeted iOS Spyware Apple spyware alerts, zero-click attacks Apple, trademark lawsuit CVE-2024-54527 PoC exploit Apple, App Store

Apple Zero-Day CVE-2025-43529 WebKit Zero-Day, Targeted iOS Spyware Apple spyware alerts, zero-click attacks Apple, trademark lawsuit CVE-2024-54527 PoC exploit Apple, App Store

Urgent: Apple Patches Two Critical WebKit Zero-Days Under Active Exploitation Against High-Risk Targets

Do Son December 13, 2025

Apple has issued an urgent security intervention for iPhone and iPad users, releasing patches for two critical...

React Patches Two New Flaws Risking Server-Crashing DoS and Source Code Disclosure React Server Components Vulnerability CVE-2026-23870 React Server Components Server-Side DoS React DoS Vulnerability CVE-2026-23864 React Server Components DoS, Source Code Disclosure React RCE, Server Components Deserialization CVE-2025-55182