Vulnerability Report Archives • Page 56 of 86 • Daily CyberSecurity

AI-Discovered Flaw: Redis Flaw (CVE-2025-62507) Allows Remote Code Execution via Stack Buffer Overflow Redis XACKDEL RCE, Google Big Sleep CVE-2023-41056 Redis licensing, AGPL Redis RCE, Lua Use-After-Free CVE-2025-49844

Redis XACKDEL RCE, Google Big Sleep CVE-2023-41056 Redis licensing, AGPL Redis RCE, Lua Use-After-Free CVE-2025-49844

AI-Discovered Flaw: Redis Flaw (CVE-2025-62507) Allows Remote Code Execution via Stack Buffer Overflow

Do Son November 4, 2025

Redis, the world’s leading in-memory data platform, has issued an urgent patch addressing a high-severity vulnerability (CVE-2025-62507,...

Researcher Details Windows SMB Server Elevation of Privilege Vulnerability – CVE-2025-58726 Kerberos Reflection, Ghost SPN

Researcher Details Windows SMB Server Elevation of Privilege Vulnerability – CVE-2025-58726

Do Son November 4, 2025

A newly disclosed Windows vulnerability, CVE-2025-58726, allows attackers with low privileges to gain SYSTEM-level access remotely by...

High-Severity Bug: AMD Zen 5 RDSEED Flaw Risks Randomness Integrity; Microcode Fix Coming AMD RDSEED, Zen 5 Bug, Microcode Fix CVE-2021-26316

High-Severity Bug: AMD Zen 5 RDSEED Flaw Risks Randomness Integrity; Microcode Fix Coming

Do Son November 3, 2025

In mid-October 2025, engineers discovered an architectural flaw in the AMD Zen 5 series processors related to...

Chinese APT UNC6384 Pivots to Europe, Exploits Windows LNK Flaw to Deploy PlugX via Canon DLL Sideloading UNC6384 PlugX, LNK Exploit

Chinese APT UNC6384 Pivots to Europe, Exploits Windows LNK Flaw to Deploy PlugX via Canon DLL Sideloading

Do Son November 3, 2025

Researchers at Arctic Wolf Labs have uncovered an extensive cyber espionage campaign by UNC6384, a Chinese-affiliated threat...

Kinsing Cryptominer Exploits Apache ActiveMQ RCE (CVE-2023-46604), Adds Sharpire Backdoor for Multi-Stage Intrusion Kinsing ActiveMQ RCE, Sharpire Backdoor

Kinsing Cryptominer Exploits Apache ActiveMQ RCE (CVE-2023-46604), Adds Sharpire Backdoor for Multi-Stage Intrusion

Do Son November 3, 2025

The AhnLab Security Intelligence Center (ASEC) has confirmed that the Kinsing threat actor — also known as...

Elastic Patches High-Severity Privilege Escalation Flaw in Elastic Cloud Enterprise (CVE-2025-37736) Elastic Security Update CVE-2026-0532 Elastic Defend Arbitrary Delete, SYSTEM Privilege Escalation ECE Readonly EoP, Improper Authorization Elastic XSS, Kibana Vulnerabilities Elastic LPE, Observability Tools Vulnerabilities

Elastic Patches High-Severity Privilege Escalation Flaw in Elastic Cloud Enterprise (CVE-2025-37736)

Do Son November 3, 2025

Elastic has issued a security advisory addressing a high-severity vulnerability (CVE-2025-37736, CVSS 8.8) in Elastic Cloud Enterprise...

Critical WordPress Theme Flaw (CVE-2025-5397, CVSS 9.8) Under Active Exploitation Allows Unauthenticated Admin Takeover PAN-OS Root RCE CL-STA-1132 Exploitation Tianxin RCE CVE-2021-4473 React Native Supply Chain Attack AstrOOnauta Malware Gladinet Zero-Day, LFI RCE Chain WordPress Theme, Account Takeover CVE-2024-50623 - European Space Agency cyberattack

PAN-OS Root RCE CL-STA-1132 Exploitation Tianxin RCE CVE-2021-4473 React Native Supply Chain Attack AstrOOnauta Malware Gladinet Zero-Day, LFI RCE Chain WordPress Theme, Account Takeover CVE-2024-50623 - European Space Agency cyberattack

Critical WordPress Theme Flaw (CVE-2025-5397, CVSS 9.8) Under Active Exploitation Allows Unauthenticated Admin Takeover

Do Son November 1, 2025

An extremely severe security vulnerability has been discovered and is being actively exploited in the Jobmonster –...

Critical WordPress Plugin Flaw (CVE-2025-8489, CVSS 9.8) Allows Unauthenticated Admin Takeover CVE-2024-11972 - Hunk Companion

Critical WordPress Plugin Flaw (CVE-2025-8489, CVSS 9.8) Allows Unauthenticated Admin Takeover

Do Son November 1, 2025

A critical security vulnerability has been identified and is being actively exploited in the King Addons for...

CVE-2025-11833 (CVSS 9.8): Critical Flaw Exposes 400,000 WordPress Sites to Unauthenticated Account Takeover WordPress Privilege Escalation CVE-2026-1492 Sneeit Framework RCE, Unauthenticated Code Execution Post SMTP, Account Takeover WordPress Vulnerability, Unpatched XSS WordPress Vulnerability, PHP Object Injection WordPress AI Engine, Privilege Escalation CVE-2024-43153 & CVE-2024-43234

WordPress Privilege Escalation CVE-2026-1492 Sneeit Framework RCE, Unauthenticated Code Execution Post SMTP, Account Takeover WordPress Vulnerability, Unpatched XSS WordPress Vulnerability, PHP Object Injection WordPress AI Engine, Privilege Escalation CVE-2024-43153 & CVE-2024-43234

CVE-2025-11833 (CVSS 9.8): Critical Flaw Exposes 400,000 WordPress Sites to Unauthenticated Account Takeover

Do Son November 1, 2025

The Post SMTP plugin, used by over 400,000 WordPress sites to ensure reliable email delivery, has been...

Chinese APT BRONZE BUTLER Exploits LANSCOPE Zero-Day for SYSTEM Control BRONZE BUTLER, Zero-Day

Chinese APT BRONZE BUTLER Exploits LANSCOPE Zero-Day for SYSTEM Control

Do Son October 31, 2025

A sophisticated campaign executed by the Chinese state-sponsored threat group BRONZE BUTLER (also known as Tick) has...

CISA Warns of Active Exploitation in XWiki and VMware Vulnerabilities n8n RCE Vulnerability CVE-2025-68613 CISA KEV WinRAR Zero-Day, Cloud Files UAF OpenPLC ScadaBR, CVE-2021-26829 CISA KEV, Gladinet LFI RCE XWiki RCE, VMware EoP CISA KEV CISA, Known Exploited Vulnerabilities CVE-2020-2883 CISA, Trend Micro

n8n RCE Vulnerability CVE-2025-68613 CISA KEV WinRAR Zero-Day, Cloud Files UAF OpenPLC ScadaBR, CVE-2021-26829 CISA KEV, Gladinet LFI RCE XWiki RCE, VMware EoP CISA KEV CISA, Known Exploited Vulnerabilities CVE-2020-2883 CISA, Trend Micro

CISA Warns of Active Exploitation in XWiki and VMware Vulnerabilities

Do Son October 31, 2025

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two new flaws—CVE-2025-24893 in XWiki Platform and...

Brash Attack: Critical Chromium Flaw Allows DoS via Simple Code Injection Chrome 14-day update cycle Chromium JPEG-XL Image Format Debate Chromium DoS, document.title Browser Muting, iframe Media Supporters of Chromium-based Browsers

Chrome 14-day update cycle Chromium JPEG-XL Image Format Debate Chromium DoS, document.title Browser Muting, iframe Media Supporters of Chromium-based Browsers

Brash Attack: Critical Chromium Flaw Allows DoS via Simple Code Injection

Do Son October 31, 2025

Google’s Chromium, developed by Google, forms the foundation of many modern browsers — yet researchers have uncovered...

CVE-2025-64095: Critical CVSS 10.0 Flaw in DNN Platform Allows Unauthenticated Website Overwrite CVE-2025-64095 Site Takeover DNN Software, XSS, vulnerability

CVE-2025-64095 Site Takeover DNN Software, XSS, vulnerability

CVE-2025-64095: Critical CVSS 10.0 Flaw in DNN Platform Allows Unauthenticated Website Overwrite

Do Son October 31, 2025

The DNN Platform, a leading open-source Content Management System (CMS) in the Microsoft ecosystem, is urging its...

Progress Patches High-Severity Vulnerability in MOVEit Transfer AS2 Module (CVE-2025-10932) CVE-2023-42659 & CVE-2024-8015 MOVEit AS2 DoS, Uncontrolled Resource Consumption

CVE-2023-42659 & CVE-2024-8015 MOVEit AS2 DoS, Uncontrolled Resource Consumption

Progress Patches High-Severity Vulnerability in MOVEit Transfer AS2 Module (CVE-2025-10932)

Do Son October 31, 2025

Progress Software Corporation has issued a security advisory warning of a high-severity vulnerability in its MOVEit Transfer...

Jenkins Faces Wave of Plugin Flaws, Including SAML Authentication Bypass (CVE-2025-64131) Jenkins Plugin RCE CI/CD Security Advisory Jenkins Vulnerability CVE-2026-33001 Jenkins CLI DoS, Coverage Plugin XSS Jenkins SAML Hijacking, Plaintext Secrets CVE-2023-43495 - Jenkins Vulnerability

Jenkins Plugin RCE CI/CD Security Advisory Jenkins Vulnerability CVE-2026-33001 Jenkins CLI DoS, Coverage Plugin XSS Jenkins SAML Hijacking, Plaintext Secrets CVE-2023-43495 - Jenkins Vulnerability

Jenkins Faces Wave of Plugin Flaws, Including SAML Authentication Bypass (CVE-2025-64131)

Do Son October 30, 2025

The Jenkins project has issued a major security advisory addressing a wave of vulnerabilities, including high-severity flaws...

ISC Patches High-Severity Kea DHCPv4 DoS (CVE-2025-11232) Flaw, Allows Crash via Malformed Hostname Kea DHCPv4 DoS, Hostname Validation CVE-2024-11187 and CVE-2024-12705

ISC Patches High-Severity Kea DHCPv4 DoS (CVE-2025-11232) Flaw, Allows Crash via Malformed Hostname

Do Son October 30, 2025

The Internet Systems Consortium (ISC) has issued a security advisory warning users of a denial-of-service (DoS) vulnerability...

Wordfence Warns of Active Exploits Targeting Critical Privilege Escalation Flaw in WP Freeio (CVE-2025-11533) Elementor Unauthenticated EoP, CVE-2025-8489 Exploitation WordPress Privilege Escalation, WP Freeio WordPress backdoor Jupiter X Core - CVE-2024-7781 & CVE-2024-7782