Vulnerability Report Archives • Page 54 of 86 • Daily CyberSecurity

Elastic Patches Two Kibana Flaws — SSRF (CVE-2025-37734) and XSS (CVE-2025-59840) Flaws Affect Multiple Versions CVE-2024-37288 and CVE-2024-37285 Kibana XSS SSRF, Vega Vulnerability

CVE-2024-37288 and CVE-2024-37285 Kibana XSS SSRF, Vega Vulnerability

Elastic Patches Two Kibana Flaws — SSRF (CVE-2025-37734) and XSS (CVE-2025-59840) Flaws Affect Multiple Versions

Do Son November 13, 2025

Elastic has issued two security advisories addressing two vulnerabilities in Kibana, the visualization and analytics dashboard component...

CVE-2025-11919: Wolfram Cloud Vulnerability Exposes Users to Privilege Escalation and Remote Code Execution Wolfram Cloud RCE, Multi-Tenant JVM

CVE-2025-11919: Wolfram Cloud Vulnerability Exposes Users to Privilege Escalation and Remote Code Execution

Do Son November 13, 2025

A newly disclosed vulnerability in Wolfram Cloud version 14.2 — tracked as CVE-2025-11919 — could allow attackers...

Open WebUI XSS Flaw (CVE-2025-64495) Risks Admin RCE via Malicious Prompts Open WebUI XSS RCE, Prompt Injection

Open WebUI XSS Flaw (CVE-2025-64495) Risks Admin RCE via Malicious Prompts

Do Son November 13, 2025

The developers behind Open WebUI, an open-source and self-hosted AI interface framework, have issued a security advisory...

CERT/CC Warns of Code Execution Flaws in Lite XL Text Editor (CVE-2025-12120, CVE-2025-12121) Lite XL RCE, Lua Autoloading

CERT/CC Warns of Code Execution Flaws in Lite XL Text Editor (CVE-2025-12120, CVE-2025-12121)

Do Son November 13, 2025

The CERT Coordination Center (CERT/CC) has issued a vulnerability note highlighting two severe security flaws in Lite...

Chrome 148 lazy loading Chrome for Linux ARM64 Chrome 145 Update Chrome Security Fixes Chrome Security Update CVE-2026-1220 Chrome 144 Security Update CVE-2026-0899 Chrome Memory Safety, WebGPU UAF Chrome V8 Type Confusion, Google Updater Flaw Chrome V8 Flaw, CVE-2025-13042 Chrome V8, Type Confusion, Chrome 142 Update Chrome V8 Flaw, CVE-2025-12036 Chrome 141, WebGPU Overflow Google Chrome preloading Chrome, V8 vulnerability CVE-2025-9132 Chrome Security Update, Use-After-Free Chrome V8, Type Confusion Chrome Telemetry, Windows 10 EOL Microsoft Family Safety, Chrome Blocking Chrome Security Update, High-Severity Google Chrome, Antitrust CVE-2024-10487 and CVE-2024-10488 Google Chrome Root Program Chrome Update, CVE-2025-3619 Chrome Acquisition, Perplexity.ai

Chrome Emergency Fix: High-Severity V8 Flaw (CVE-2025-13042) Risks Remote Code Execution

Do Son November 12, 2025

Google has released an important security update for Chrome Stable Channel, addressing a high-severity vulnerability in the...

Apache OpenOffice Fixes 7 Flaws: Memory Corruption and Unprompted Remote Content Loading CVE-2022-47502 OpenOffice Auth Bypass, Memory Corruption

CVE-2022-47502 OpenOffice Auth Bypass, Memory Corruption

Apache OpenOffice Fixes 7 Flaws: Memory Corruption and Unprompted Remote Content Loading

Do Son November 12, 2025

Apache OpenOffice has released a crucial security patch, version 4.1.16, to address a flurry of security vulnerabilities...

Critical Apache OFBiz Flaw (CVE-2025-59118) Allows Remote Command Execution via Unrestricted File Upload Apache OFBiz RCE, Unrestricted File Upload CVE-2024-47208 and CVE-2024-48962

Critical Apache OFBiz Flaw (CVE-2025-59118) Allows Remote Command Execution via Unrestricted File Upload

Do Son November 12, 2025

The Apache Software Foundation (ASF) has released an important security update for Apache OFBiz, its open-source enterprise...

November Patch Tuesday: Microsoft Fixes 68 Flaws, Including Kernel Zero-Day Under Active Exploitation Windows Kernel Zero-Day, Patch Tuesday CVE-2022-34713 Patch Tuesday, Zero-day

Windows Kernel Zero-Day, Patch Tuesday CVE-2022-34713 Patch Tuesday, Zero-day

November Patch Tuesday: Microsoft Fixes 68 Flaws, Including Kernel Zero-Day Under Active Exploitation

Do Son November 12, 2025

Microsoft has released its November 2025 Patch Tuesday, addressing a total of 68 vulnerabilities, including a high-priority...

Critical Authentication Bypass Vulnerability Found in Milvus Proxy (CVE-2025-64513, CVSS 9.3) Milvus Auth Bypass, Vector Database Flaw

Critical Authentication Bypass Vulnerability Found in Milvus Proxy (CVE-2025-64513, CVSS 9.3)

Do Son November 12, 2025

Milvus, a leading open-source vector database that powers AI and large-scale search applications, has disclosed a critical...

Rockwell Automation Fixes Critical Privilege Escalation Flaw in Verve Asset Manager (CVE-2025-11862, CVSS 9.9)

Do Son November 12, 2025

Rockwell Automation has released a critical security advisory addressing a severe privilege escalation vulnerability (CVE-2025-11862, CVSS 9.9)...

SAP November 2025 Patch Day Fixes 3 Critical Flaws (CVSS 10) — Including Code Injection and Insecure Key Management CVE-2024-33006 - CVE-2025-0064 SAP Critical Patch, RMI-P4 RCE

CVE-2024-33006 - CVE-2025-0064 SAP Critical Patch, RMI-P4 RCE

SAP November 2025 Patch Day Fixes 3 Critical Flaws (CVSS 10) — Including Code Injection and Insecure Key Management

Do Son November 11, 2025

Today, SAP released its latest batch of Security Patch Day updates, delivering 18 new security notes and...

Critical Synology BeeStation Zero-Day (CVE-2025-12686) Found at Pwn2Own Allows Remote Code Execution Synology Chat Server vulnerabilities Synology security update Synology DSM Update NAS Security Vulnerability Synology VPN Update SSL VPN Vulnerability Synology Telnet Flaw DSM Security Update Synology DSM Telnet vulnerability BeeStation Zero-Day, Pwn2Own RCE CVE-2024-11131 & CVE-2024-10442 CVE-2025-2848 Synology, NAS

Critical Synology BeeStation Zero-Day (CVE-2025-12686) Found at Pwn2Own Allows Remote Code Execution

Do Son November 11, 2025

Synology has released an urgent security update for its BeeStation OS, patching a zero-day vulnerability (CVE-2025-12686) that...

Critical Triofox Zero-Day (CVE-2025-12480) Under Active Exploit: Host Header Bypass Allows Unauthenticated Admin Takeover Triofox Zero-Day, Host Header Bypass

Critical Triofox Zero-Day (CVE-2025-12480) Under Active Exploit: Host Header Bypass Allows Unauthenticated Admin Takeover

Do Son November 11, 2025

Researchers at Mandiant Threat Defense, part of Google Cloud Security Operations, have revealed that a critical unauthenticated...

SuiteCRM SQL Injection Flaws (CVE-2025-64492, CVE-2025-64493) Expose Customer Data SuiteCRM SQL Injection, GraphQL SQLi

SuiteCRM SQL Injection Flaws (CVE-2025-64492, CVE-2025-64493) Expose Customer Data

Do Son November 11, 2025

The maintainers of SuiteCRM, the popular open-source customer relationship management (CRM) platform, have released an urgent security...

Critical Devolutions Server Flaw (CVE-2025-12485, CVSS 9.4) Allows User Impersonation via Pre-MFA Cookie Hijacking Devolutions Auth Bypass, Pre-MFA Cookie Hijacking

Devolutions Auth Bypass, Pre-MFA Cookie Hijacking

Critical Devolutions Server Flaw (CVE-2025-12485, CVSS 9.4) Allows User Impersonation via Pre-MFA Cookie Hijacking

Do Son November 11, 2025

Devolutions, a leading provider of privileged access management (PAM) and remote connection solutions, has released an urgent...

shell-quote command injection AI-Driven Vulnerabilities Q1 2026 Cyber Threats vm2 Sandbox Escape Node.js RCE upKeeper Privilege Escalation CVE-2026-2449 Pharos Controls Vulnerability Root Access Exploit Cybersecurity Vulnerability Roundup CVSS 10.0 Flaws Shadow Archives CVE-2026-0866 MS-Agent Prompt Injection CVE-2026-2256 basic-ftp Path Traversal CVE-2026-27699 telnetd Root Vulnerability CVE-1999-0073 Regression USR-W610 Vulnerabilities End-of-Life IoT Security IceWarp Security Update IceWarp Vulnerabilities Airleader Master Vulnerability CVE-2026-1358 ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

Critical WatchGuard Firebox Flaw (CVE-2025-59396, CVSS 9.8) Allows Unauthenticated Admin SSH Takeover via Default Credentials

Do Son November 11, 2025

A critical configuration flaw (CVE-2025-59396) has been discovered in WatchGuard Firebox devices, allowing remote attackers to gain...

Critical GE Vernova ICS Flaw (CVE-2025-3222, CVSS 9.3) Allows Authentication Bypass in Smallworld Master File Server Smallworld Auth Bypass, GE Vernova ICS Flaw

Smallworld Auth Bypass, GE Vernova ICS Flaw

Critical GE Vernova ICS Flaw (CVE-2025-3222, CVSS 9.3) Allows Authentication Bypass in Smallworld Master File Server

Do Son November 11, 2025

GE Vernova’s Electrification Software division has released a critical security advisory addressing a high-severity authentication vulnerability (CVE-2025-3222)...

Critical Calibre Flaw (CVE-2025-64486, CVSS 9.3) Allows RCE via Malicious FB2 E-book Calibre Vulnerability CVE-2026-26065 Calibre RCE, FB2 File Flaw

Critical Calibre Flaw (CVE-2025-64486, CVSS 9.3) Allows RCE via Malicious FB2 E-book

Do Son November 11, 2025

A critical vulnerability in Calibre, the popular cross-platform e-book manager, allows arbitrary code execution when an attacker...

Whisper Leak: Attack Infers Encrypted AI Chat Topics with 98%+ Accuracy Whisper Leak Encrypted AI Chat

Whisper Leak: Attack Infers Encrypted AI Chat Topics with 98%+ Accuracy

Do Son November 10, 2025

Microsoft’s Threat Intelligence team has disclosed a novel side-channel attack on remote language models, demonstrating that a...

Zero-Click Samsung Zero-Day (CVE-2025-21042) Delivered LANDFALL Spyware Via Malicious DNG Images Samsung Zero-Click Spyware, LANDFALL

Zero-Click Samsung Zero-Day (CVE-2025-21042) Delivered LANDFALL Spyware Via Malicious DNG Images

Do Son November 10, 2025

Researchers from Unit 42, the threat intelligence team at Palo Alto Networks, have discovered a previously unknown...

Critical Alert