Vulnerability Report Archives • Page 55 of 86 • Daily CyberSecurity

High-Severity Elastic Defend Flaw (CVE-2025-37735) Allows Local Attackers to Delete Arbitrary Files as SYSTEM Elastic Security Update CVE-2026-0532 Elastic Defend Arbitrary Delete, SYSTEM Privilege Escalation ECE Readonly EoP, Improper Authorization Elastic XSS, Kibana Vulnerabilities Elastic LPE, Observability Tools Vulnerabilities

High-Severity Elastic Defend Flaw (CVE-2025-37735) Allows Local Attackers to Delete Arbitrary Files as SYSTEM

Do Son November 10, 2025

Elastic has released security updates to address a serious flaw in Elastic Defend, its endpoint protection component...

PoC Exploit Released for CVE-2025-55680 – Windows Cloud Files Mini Filter Driver Elevation of Privilege Flaw Cloud Files Driver LPE, TOCTOU Race Condition

Cloud Files Driver LPE, TOCTOU Race Condition

PoC Exploit Released for CVE-2025-55680 – Windows Cloud Files Mini Filter Driver Elevation of Privilege Flaw

Do Son November 10, 2025

Security researchers from TyphoonPWN, the Windows PE Winner team, in collaboration with SSD Secure Disclosure, have uncovered...

Critical Warning: QNAP Patches Seven Zero-Days Exploited at Pwn2Own 2025 QNAP Zero-Day, Pwn2Own Exploit CVE-2024-21899 - QNAP QTS vulnerability

Critical Warning: QNAP Patches Seven Zero-Days Exploited at Pwn2Own 2025

Do Son November 8, 2025

QNAP has issued an urgent security advisory and released patches for seven zero-day vulnerabilities that were successfully...

OCI Fixes Container Escape Vulnerabilities in runc (CVE-2025-31133, CVE-2025-52565, CVE-2025-52881) runc Container Escape, Mount Race Condition

OCI Fixes Container Escape Vulnerabilities in runc (CVE-2025-31133, CVE-2025-52565, CVE-2025-52881)

Do Son November 7, 2025

The Open Container Initiative (OCI) has released security updates to address three high-severity vulnerabilities affecting its container...

High-Severity Cisco ISE Flaw (CVE-2025-20343) Allows Unauthenticated DoS via Crafted RADIUS Requests Cisco ISE RADIUS DoS, CVE-2025-20343

High-Severity Cisco ISE Flaw (CVE-2025-20343) Allows Unauthenticated DoS via Crafted RADIUS Requests

Do Son November 7, 2025

Cisco has released a security update to address a high-severity vulnerability (CVE-2025-20343, CVSS 8.6) affecting its Identity...

Amazon Fixes High-Severity Authentication Token Exposure in WorkSpaces Client for Linux (CVE-2025-12779) WorkSpaces Token Leak, Local Privilege Escalation CVE-2025-0500 & CVE-2025-0501

WorkSpaces Token Leak, Local Privilege Escalation CVE-2025-0500 & CVE-2025-0501

Amazon Fixes High-Severity Authentication Token Exposure in WorkSpaces Client for Linux (CVE-2025-12779)

Do Son November 7, 2025

Amazon has released a security update for the WorkSpaces client for Linux, addressing a high-severity vulnerability (CVE-2025-12779)...

Critical Cisco CCX RCE Flaws (CVSS 9.8) Allow Unauthenticated Root Access via Java RMI and CCX Editor Cisco CCX RCE and Java RMI Flaw CVE-2024-20458 - CVE-2025-20111 Cisco Smart Licensing Utility Flaw

Cisco CCX RCE and Java RMI Flaw CVE-2024-20458 - CVE-2025-20111 Cisco Smart Licensing Utility Flaw

Critical Cisco CCX RCE Flaws (CVSS 9.8) Allow Unauthenticated Root Access via Java RMI and CCX Editor

Do Son November 6, 2025

Cisco has released urgent security updates to address two critical vulnerabilities in its Unified Contact Center Express...

Django Team Patches High-Severity SQL Injection Flaw (CVE-2025-64459) and DoS Bug (CVE-2025-64458) in Latest Security Update Django SQL Injection, CVE-2025-64459

Django Team Patches High-Severity SQL Injection Flaw (CVE-2025-64459) and DoS Bug (CVE-2025-64458) in Latest Security Update

Do Son November 6, 2025

The Django Software Foundation (DSF) has released new security updates for multiple branches of the Django web...

Chrome Emergency Fix: Three High-Severity Flaws in WebGPU and V8 Engine Risk RCE Chrome Security Update CVE-2026-1504 Chrome WebGPU Overflow, V8 RCE

Chrome Security Update CVE-2026-1504 Chrome WebGPU Overflow, V8 RCE

Chrome Emergency Fix: Three High-Severity Flaws in WebGPU and V8 Engine Risk RCE

Do Son November 6, 2025

Google has released a Stable Channel Update for Chrome Desktop (version 142.0.7444.134/.135) for Windows, macOS, and Linux...

CISA Warns: Critical VizAir Flaws (CVSS 10.0) Expose Airport Weather Systems to Unauthenticated Manipulation VizAir RCE, Airport Weather Manipulation

VizAir RCE, Airport Weather Manipulation

CISA Warns: Critical VizAir Flaws (CVSS 10.0) Expose Airport Weather Systems to Unauthenticated Manipulation

Do Son November 6, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical advisory detailing three vulnerabilities in the...

NVIDIA acquisition rumors NVIDIA AI Security AI Framework Vulnerabilities Nvidia 595.76 Hotfix NVIDIA Megatron Bridge vulnerability GPU vs ASIC AI battle NVIDIA Driver Vulnerability CVE-2025-33217 NVIDIA biggest TSMC customer 2026, NVIDIA vs Apple TSMC revenue share NVIDIA CUDA Toolkit CVE-2025-33228 Groq NVIDIA licensing deal, Jonathan Ross acquihire 2025 NeMo Code Injection, AI Framework RCE NVIDIA App Privilege Escalation, CVE-2025-23358 NVIDIA Security Update, DLS Vulnerability CVE-2025-23316 NVIDIA NVDebug, vulnerabilities NVIDIA Driver Vulnerabilities, vGPU Security Nvidia Jetson, UEFI Vulnerabilities CVE-2024-0130 - CVE-2024-0136 CVE-2024-0148 NVIDIA Driver Support, Windows 10 EOL

High-Severity NVIDIA App Flaw (CVE-2025-23358) Allows Local Privilege Escalation on Windows

Do Son November 6, 2025

NVIDIA has released an important software security update for the NVIDIA App on Windows systems, addressing a...

CISA Warns: Critical Survision LPR Camera Flaw (CVE-2025-12108, CVSS 9.8) Allows Unauthenticated Takeover Survision LPR Auth Bypass, CVE-2025-12108

CISA Warns: Critical Survision LPR Camera Flaw (CVE-2025-12108, CVSS 9.8) Allows Unauthenticated Takeover

Do Son November 6, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory warning about a critical vulnerability affecting...

Critical CVE-2025-11749 Flaw in AI Engine Plugin Exposes WordPress Sites to Full Compromise AI Engine Auth Bypass, CVE-2025-11749 Exploited

Critical CVE-2025-11749 Flaw in AI Engine Plugin Exposes WordPress Sites to Full Compromise

Do Son November 5, 2025

Researchers at Wordfence have disclosed a critical vulnerability (CVE-2025-11749, CVSS 9.8) in the popular AI Engine WordPress...

Microsoft Teams Flaws Exposed: Attackers Could Impersonate Executives and Forge Caller Identity Teams Identity Spoofing, Message Manipulation

Teams Identity Spoofing, Message Manipulation

Microsoft Teams Flaws Exposed: Attackers Could Impersonate Executives and Forge Caller Identity

Do Son November 5, 2025

Researchers at Check Point Research (CPR) have disclosed four critical vulnerabilities in Microsoft Teams that could have...

Coordinated Cryptojacking Blitz: Hackers Exploit ThinkPHP and PHP RCE Flaws to Maximize Mining Profit PHP Cryptojacking, Coordinated Exploitation

PHP Cryptojacking, Coordinated Exploitation

Coordinated Cryptojacking Blitz: Hackers Exploit ThinkPHP and PHP RCE Flaws to Maximize Mining Profit

Do Son November 5, 2025

Analysts at GreyNoise Intelligence have reported a sharp, coordinated surge in attacks exploiting vulnerabilities across PHP and...

CISA KEV Alert: Two Critical Flaws Under Active Exploitation, Including Gladinet LFI/RCE and CWP Admin Takeover n8n RCE Vulnerability CVE-2025-68613 CISA KEV WinRAR Zero-Day, Cloud Files UAF OpenPLC ScadaBR, CVE-2021-26829 CISA KEV, Gladinet LFI RCE XWiki RCE, VMware EoP CISA KEV CISA, Known Exploited Vulnerabilities CVE-2020-2883 CISA, Trend Micro

n8n RCE Vulnerability CVE-2025-68613 CISA KEV WinRAR Zero-Day, Cloud Files UAF OpenPLC ScadaBR, CVE-2021-26829 CISA KEV, Gladinet LFI RCE XWiki RCE, VMware EoP CISA KEV CISA, Known Exploited Vulnerabilities CVE-2020-2883 CISA, Trend Micro

CISA KEV Alert: Two Critical Flaws Under Active Exploitation, Including Gladinet LFI/RCE and CWP Admin Takeover

Do Son November 5, 2025

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two new vulnerabilities—CVE-2025-11371 in Gladinet CentreStack and...

Global Spies Use ZipperDown and Android Zero-Days for 1-Click Email Client RCE and Account Takeover Android Zero-Day Espionage, ZipperDown Exploitation

Android Zero-Day Espionage, ZipperDown Exploitation

Global Spies Use ZipperDown and Android Zero-Days for 1-Click Email Client RCE and Account Takeover

Do Son November 5, 2025

The RedDrip team at QiAnXin Threat Intelligence Center has released a new report detailing a multi-year series...

Critical React Native CLI Flaw (CVE-2025-11953, CVSS 9.8) Allows Unauthenticated RCE via Exposed Metro Server React Native RCE, Metro Server Flaw

Critical React Native CLI Flaw (CVE-2025-11953, CVSS 9.8) Allows Unauthenticated RCE via Exposed Metro Server

Do Son November 5, 2025

A newly disclosed critical vulnerability (CVE-2025-11953, CVSS 9.8) in the React Native Community CLI exposes developers to...

Critical WooCommerce Plugin Flaw (CVE-2025-12493, CVSS 9.8) Allows Unauthenticated RCE, 100,000+ Sites Affect ShopLentor LFI RCE, WooCommerce Plugin Flaw

ShopLentor LFI RCE, WooCommerce Plugin Flaw

Critical WooCommerce Plugin Flaw (CVE-2025-12493, CVSS 9.8) Allows Unauthenticated RCE, 100,000+ Sites Affect

Do Son November 5, 2025

A critical-severity Local File Inclusion (LFI) flaw in the popular WordPress plugin ShopLentor – WooCommerce Builder for...

Android Zero-Click RCE (CVE-2025-48593) in System Component Requires Immediate Patch for Versions 13-16 Android Zero-Click RCE, CVE-2025-48593

Android Zero-Click RCE (CVE-2025-48593) in System Component Requires Immediate Patch for Versions 13-16

Do Son November 4, 2025

Google’s November 2025 Android Security Bulletin has addressed multiple vulnerabilities across the platform, including a critical remote...

Critical Alert