Vulnerability Report Archives • Page 50 of 87 • Daily CyberSecurity

Critical Cal.com Flaw (CVE-2025-66489, CVSS 9.9) Allows Authentication Bypass by Submitting Fake TOTP Codes Cal.com Vulnerability CVE-2026-23478 Cal.com Auth Bypass, TOTP Logic Flaw

Cal.com Vulnerability CVE-2026-23478 Cal.com Auth Bypass, TOTP Logic Flaw

Critical Cal.com Flaw (CVE-2025-66489, CVSS 9.9) Allows Authentication Bypass by Submitting Fake TOTP Codes

Do Son December 8, 2025

A severe security vulnerability has been uncovered in Cal.com, the popular open-source scheduling platform positioned as the...

High-Severity WatchGuard Flaws Risk VPN DoS and RCE via IKEv2 Memory Corruption WatchGuard Agent Privilege Escalation CVE-2026-6787 WatchGuard Vulnerability CVE-2026-1498 WatchGuard Firebox VPN Flaws, Command Injection WatchGuard Vulnerability CVE-2024-6592 and CVE-2024-6593

High-Severity WatchGuard Flaws Risk VPN DoS and RCE via IKEv2 Memory Corruption

Do Son December 8, 2025

WatchGuard Technologies has released a critical series of security advisories addressing five high-severity vulnerabilities across its Firebox...

Spyware Vendor Intellexa Used 15 Zero-Days Since 2021, Deploying Predator via “smack” iOS Exploit Chain Intellexa Zero-Days, Predator Spyware

Spyware Vendor Intellexa Used 15 Zero-Days Since 2021, Deploying Predator via “smack” iOS Exploit Chain

Do Son December 8, 2025

The mercenary spyware industry remains a persistent and adaptable threat, with the notorious vendor Intellexa continuing to...

urllib3 Flaws Risk Client DoS via Unbounded Decompression and Streaming Resource Exhaustion urllib3 DoS, Decompression Bomb

urllib3 Flaws Risk Client DoS via Unbounded Decompression and Streaming Resource Exhaustion

Do Son December 8, 2025

The maintainers of urllib3, the ubiquitous HTTP client for Python, have issued a security advisory detailing two...

Critical Step CA Flaw (CVE-2025-44005, CVSS 10.0) Allows Unauthenticated Bypass to Issue Fraudulent Certificates Step CA Auth Bypass, Critical ACME Flaw

Critical Step CA Flaw (CVE-2025-44005, CVSS 10.0) Allows Unauthenticated Bypass to Issue Fraudulent Certificates

Do Son December 6, 2025

A critical security vulnerability has been identified in Step CA, a popular online Certificate Authority tool used...

Apache HTTP Server 2.4.66 Fixes SSRF Flaw (CVE-2025-59775) Exposing NTLM Hashes on Windows and suexec Bypass CVE-2024-40725 & CVE-2024-40898 Apache SSRF NTLM Leak, suexec Bypass

CVE-2024-40725 & CVE-2024-40898 Apache SSRF NTLM Leak, suexec Bypass

Apache HTTP Server 2.4.66 Fixes SSRF Flaw (CVE-2025-59775) Exposing NTLM Hashes on Windows and suexec Bypass

Do Son December 5, 2025

The Apache Software Foundation has rolled out a crucial update for the ubiquitous Apache HTTP Server, addressing...

The PDF Trap: Critical Vulnerability (CVE-2025-66516, CVSS 10.0) Hits Apache Tika Core Apache Tika XXE, Malicious PDF Exploit Apache Tika, XXE vulnerability CVE-2025-54988

The PDF Trap: Critical Vulnerability (CVE-2025-66516, CVSS 10.0) Hits Apache Tika Core

Do Son December 5, 2025

The Apache Tika toolkit, the industry standard for detecting and extracting metadata from over a thousand file...

Check Point VPN vulnerability exploited in the wild Check Point VPN exploit CVE-2026-50751 zero-day Checkmarx Breach Supply Chain Attack Ivanti EPMM RCE CVE-2026-1281 Modular DS Vulnerability CVE-2026-23550 D-Link RCE Vulnerability CVE-2026-0625 Christmas 2025 GreyNoise Campaign, Japan-Based Initial Access Broker React2Shell Zero-Day, APT Active Exploitation WordPress vulnerability, authentication bypass FreePBX, zero-day Trend Micro Apex One, Remote Code Execution BitoPro Hack, Crypto Theft UNC5337 - CVE-2022-47945 Safe{Wallet} hack Fortinet vulnerability, CVE-2024-21762, FortiGate attack Balloonfly, Play ransomware Ivanti EPMM CVE-2025-4427 and CVE-2025-4428

“React2Shell” Storm: China-Nexus Groups Weaponize Critical React Flaw Hours After Disclosure

Do Son December 5, 2025

Only hours after the public disclosure of a critical vulnerability in the React ecosystem, state-sponsored cyber espionage...

High-Severity Splunk Flaw Allows Local Privilege Escalation via Incorrect File Permissions on Windows Splunk Enterprise Vulnerabilities CVE-2026-20240 Splunk RCE CVE-2026-20204 Splunk RCE Vulnerability CVE-2026-20163 Splunk Enterprise Vulnerabilities CVE-2026-20140 Splunk Permission Flaw, Local Privilege Escalation Splunk Vulnerabilities CVE-2024-53247 - Splunk Secure Gateway App CVE-2025-20229 & CVE-2025-20231

High-Severity Splunk Flaw Allows Local Privilege Escalation via Incorrect File Permissions on Windows

Do Son December 5, 2025

Splunk administrators managing Windows environments are being urged to patch immediately following the discovery of two high-severity...

High-Severity Cacti Flaw (CVE-2025-66399) Risks Remote Code Execution via SNMP Community String Injection CVE-2024-25641 Cacti SNMP RCE, Command Injection

CVE-2024-25641 Cacti SNMP RCE, Command Injection

High-Severity Cacti Flaw (CVE-2025-66399) Risks Remote Code Execution via SNMP Community String Injection

Do Son December 5, 2025

A high-severity security flaw has been uncovered in Cacti, the popular open-source network graphing solution. The vulnerability,...

NVIDIA Triton Server Patches Two High-Severity DoS Flaws, Risking Critical AI Inference Disruption NVIDIA DGX Cloud restructuring, Dwight Diercks engineering shift NVIDIA Isaac Launchable, Hard-coded Credentials NVIDIA Merlin Deserialization, AI Pipeline RCE Triton DoS Flaws, AI Inference Server Security NVIDIA AI programming AI Chips China 800VDC Data Center, AI Power Architecture CVE-2024-0114 NVIDIA Container Toolkit vulnerability Container escape

NVIDIA DGX Cloud restructuring, Dwight Diercks engineering shift NVIDIA Isaac Launchable, Hard-coded Credentials NVIDIA Merlin Deserialization, AI Pipeline RCE Triton DoS Flaws, AI Inference Server Security NVIDIA AI programming AI Chips China 800VDC Data Center, AI Power Architecture CVE-2024-0114 NVIDIA Container Toolkit vulnerability Container escape

NVIDIA Triton Server Patches Two High-Severity DoS Flaws, Risking Critical AI Inference Disruption

Do Son December 5, 2025

NVIDIA has issued a security bulletin regarding its Triton Inference Server, a cornerstone tool used by MLOps...

Maximum Severity Alert: Critical RCE Flaw Hits Next.js (CVE-2025-66478, CVSS 10.0)

Do Son December 4, 2025

Developers using the modern stack of Next.js and React are facing a “red alert” situation today. A...

Critical WordPress Flaw (CVE-2025-6389) Under Active Exploitation Allows Unauthenticated RCE WordPress Privilege Escalation CVE-2026-1492 Sneeit Framework RCE, Unauthenticated Code Execution Post SMTP, Account Takeover WordPress Vulnerability, Unpatched XSS WordPress Vulnerability, PHP Object Injection WordPress AI Engine, Privilege Escalation CVE-2024-43153 & CVE-2024-43234

WordPress Privilege Escalation CVE-2026-1492 Sneeit Framework RCE, Unauthenticated Code Execution Post SMTP, Account Takeover WordPress Vulnerability, Unpatched XSS WordPress Vulnerability, PHP Object Injection WordPress AI Engine, Privilege Escalation CVE-2024-43153 & CVE-2024-43234

Critical WordPress Flaw (CVE-2025-6389) Under Active Exploitation Allows Unauthenticated RCE

Do Son December 4, 2025

A critical Remote Code Execution (RCE) vulnerability has been discovered in the Sneeit Framework, a core plugin...

Catastrophic React Flaw (CVE-2025-55182, CVSS 10.0) Allows Unauthenticated RCE on Next.js and Server Components React Server Components Vulnerability CVE-2026-23870 React Server Components Server-Side DoS React DoS Vulnerability CVE-2026-23864 React Server Components DoS, Source Code Disclosure React RCE, Server Components Deserialization CVE-2025-55182

React Server Components Vulnerability CVE-2026-23870 React Server Components Server-Side DoS React DoS Vulnerability CVE-2026-23864 React Server Components DoS, Source Code Disclosure React RCE, Server Components Deserialization CVE-2025-55182

Catastrophic React Flaw (CVE-2025-55182, CVSS 10.0) Allows Unauthenticated RCE on Next.js and Server Components

Do Son December 4, 2025

The React Team has issued an emergency security advisory following the discovery of a catastrophic vulnerability affecting...

Synology BeeStation Flaw Chain Leads to Root RCE Via Novel “Dirty File Write” SQL Injection, PoC Available Synology BeeStation RCE, Dirty File Write Exploit

Synology BeeStation RCE, Dirty File Write Exploit

Synology BeeStation Flaw Chain Leads to Root RCE Via Novel “Dirty File Write” SQL Injection, PoC Available

Do Son December 4, 2025

In a display of vulnerability chaining, security researcher Kiddo has released a detailed write-up demonstrating how three...

High-Severity Vim for Windows Flaw (CVE-2025-66476) Risks Arbitrary Code Execution from Compromised Folders CVE-2025-27423 Vim Arbitrary Code Execution, Uncontrolled Search Path

CVE-2025-27423 Vim Arbitrary Code Execution, Uncontrolled Search Path

High-Severity Vim for Windows Flaw (CVE-2025-66476) Risks Arbitrary Code Execution from Compromised Folders

Do Son December 4, 2025

Ideally, text editors are passive tools—you open a file, edit it, and save it. But a new...

Critical ACF Extended Flaw (CVE-2025-13486, CVSS 9.8) Allows Unauthenticated RCE on 100K WordPress Sites ACF Extended RCE, Unauthenticated Code Execution

ACF Extended RCE, Unauthenticated Code Execution

Critical ACF Extended Flaw (CVE-2025-13486, CVSS 9.8) Allows Unauthenticated RCE on 100K WordPress Sites

Do Son December 3, 2025

A critical security vulnerability carrying a near-maximum severity score has been discovered in “Advanced Custom Fields: Extended,”...

CISA Warns: Critical Longwatch RCE Flaw (CVE-2025-13658, CVSS 9.8) Allows Unauthenticated SYSTEM Takeover of OT Surveillance Longwatch Unauthenticated RCE, Industrial Video & Control

Longwatch Unauthenticated RCE, Industrial Video & Control

CISA Warns: Critical Longwatch RCE Flaw (CVE-2025-13658, CVSS 9.8) Allows Unauthenticated SYSTEM Takeover of OT Surveillance

Do Son December 3, 2025

A critical security vulnerability has been identified in the Longwatch video surveillance and monitoring system developed by...

Chrome 148 lazy loading Chrome for Linux ARM64 Chrome 145 Update Chrome Security Fixes Chrome Security Update CVE-2026-1220 Chrome 144 Security Update CVE-2026-0899 Chrome Memory Safety, WebGPU UAF Chrome V8 Type Confusion, Google Updater Flaw Chrome V8 Flaw, CVE-2025-13042 Chrome V8, Type Confusion, Chrome 142 Update Chrome V8 Flaw, CVE-2025-12036 Chrome 141, WebGPU Overflow Google Chrome preloading Chrome, V8 vulnerability CVE-2025-9132 Chrome Security Update, Use-After-Free Chrome V8, Type Confusion Chrome Telemetry, Windows 10 EOL Microsoft Family Safety, Chrome Blocking Chrome Security Update, High-Severity Google Chrome, Antitrust CVE-2024-10487 and CVE-2024-10488 Google Chrome Root Program Chrome Update, CVE-2025-3619 Chrome Acquisition, Perplexity.ai

Chrome 143 Stable Fixes 13 Flaws: High-Severity V8 Type Confusion Earns $11,000 Bounty

Do Son December 3, 2025

Google has officially promoted Chrome 143 to the stable channel for Windows, macOS, and Linux, rolling out...

Django Flaw (CVE-2025-13372) Allows SQL Injection in PostgreSQL FilteredRelation Django Security Update CVE-2026-25673 Django Security Update SQL Injection Vulnerability Django SQL Injection, PostgreSQL Flaw CVE-2022-34265 PoC Django, SQL injection

Django Security Update CVE-2026-25673 Django Security Update SQL Injection Vulnerability Django SQL Injection, PostgreSQL Flaw CVE-2022-34265 PoC Django, SQL injection

Django Flaw (CVE-2025-13372) Allows SQL Injection in PostgreSQL FilteredRelation

Do Son December 3, 2025

The maintainers of Django, the high-level Python web framework that powers some of the internet’s largest sites,...

Critical Alert