Vulnerability Report Archives • Page 60 of 86 • Daily CyberSecurity

Critical Cherry Studio Flaw CVE-2025-61929 (CVSS 9.7) Allows One-Click RCE via Custom URL Protocol

Cherry Studio RCE, Custom Protocol Exploit

Critical Cherry Studio Flaw CVE-2025-61929 (CVSS 9.7) Allows One-Click RCE via Custom URL Protocol

Do Son October 13, 2025

A critical security flaw has been discovered in Cherry Studio, a cross-platform desktop client that supports multiple...

Critical Auth Bypass (CVE-2025-61928) in Better Auth Allows Hackers to Steal User API Keys Better Auth Bypass, rou3 Path Normalization Better Auth Bypass, CVE-2025-61928 Better Auth vulnerability

Better Auth Bypass, rou3 Path Normalization Better Auth Bypass, CVE-2025-61928 Better Auth vulnerability

Critical Auth Bypass (CVE-2025-61928) in Better Auth Allows Hackers to Steal User API Keys

Do Son October 13, 2025

A critical authentication bypass vulnerability has been discovered in Better Auth, a popular framework-agnostic authentication and authorization...

CVE-2025-61927 (CVSS 9.4): Critical RCE Flaw Discovered in Happy DOM, Over 2.7 Million Weekly Downloads Impacted

Do Son October 13, 2025

A critical-severity vulnerability has been disclosed in Happy DOM, a popular JavaScript package used to emulate web...

Two 7-Zip Flaws Allow Code Execution via Malicious ZIP Files (CVE-2025-11001 & CVE-2025-11002) 7-Zip RCE, ZIP Directory Traversal

Two 7-Zip Flaws Allow Code Execution via Malicious ZIP Files (CVE-2025-11001 & CVE-2025-11002)

Do Son October 11, 2025

The Zero Day Initiative (ZDI) has published details of two critical vulnerabilities in the popular open-source compression...

Weaver E-cology RCE CVE-2026-22679 CVE-2026-20127 Cisco SD-WAN Exploitation AI-Driven Cyberattack ARXON Malware React Server Components Vulnerability CVE-2025-55182 FortiWeb Auth Bypass, Unauthenticated Admin Takeover RayInitiator Bootkit, LINE VIPER CVE-2025-59689 Department of the Treasury cybersecurity - CVE-2025-0108 PoC CVE-2025-31103 Dior Data Breach SK Telecom data breach, long-term intrusion

CL0P Extortion: Google/Mandiant Expose Zero-Day RCE in Oracle E-Business Suite (CVE-2025-61882)

Do Son October 10, 2025

Google Threat Intelligence Group (GTIG) and Mandiant have jointly disclosed an extensive data theft and extortion campaign...

Exploited Zero-Day: Gladinet/Triofox Flaw CVE-2025-11371 Allows RCE via LFI PAN-OS Root RCE CL-STA-1132 Exploitation Tianxin RCE CVE-2021-4473 React Native Supply Chain Attack AstrOOnauta Malware Gladinet Zero-Day, LFI RCE Chain WordPress Theme, Account Takeover CVE-2024-50623 - European Space Agency cyberattack

PAN-OS Root RCE CL-STA-1132 Exploitation Tianxin RCE CVE-2021-4473 React Native Supply Chain Attack AstrOOnauta Malware Gladinet Zero-Day, LFI RCE Chain WordPress Theme, Account Takeover CVE-2024-50623 - European Space Agency cyberattack

Exploited Zero-Day: Gladinet/Triofox Flaw CVE-2025-11371 Allows RCE via LFI

Do Son October 10, 2025

Huntress has sounded the alarm over active exploitation of a newly discovered Local File Inclusion (LFI) vulnerability...

NVIDIA GPU Driver Patches Multiple High-Severity Flaws Risking RCE and Privilege Escalation NemoClaw Prompt Injection AI Sandbox Security NVIDIA Physical AI CES 2026, Jetson T4000 robotics hardware NVIDIA AI Security, Isaac Lab RCE NVIDIA Driver RCE, CVE-2025-23309 NVIDIA Triton, AI Server Vulnerabilities CVE-2023-31029 & CVE-2023-31024 - CVE‑2024-0112

NemoClaw Prompt Injection AI Sandbox Security NVIDIA Physical AI CES 2026, Jetson T4000 robotics hardware NVIDIA AI Security, Isaac Lab RCE NVIDIA Driver RCE, CVE-2025-23309 NVIDIA Triton, AI Server Vulnerabilities CVE-2023-31029 & CVE-2023-31024 - CVE‑2024-0112

NVIDIA GPU Driver Patches Multiple High-Severity Flaws Risking RCE and Privilege Escalation

Do Son October 10, 2025

NVIDIA has released an important software security update for its GPU Display Driver, addressing multiple vulnerabilities that...

MediaTek Issues October 2025 Security Bulletin Addressing Multiple High-Severity Vulnerabilities Across Wi-Fi and GNSS Chipsets MediaTek Chipset Flaws, WLAN Buffer Overflow MediaTek Vulnerabilities, Chipset Security

MediaTek Chipset Flaws, WLAN Buffer Overflow MediaTek Vulnerabilities, Chipset Security

MediaTek Issues October 2025 Security Bulletin Addressing Multiple High-Severity Vulnerabilities Across Wi-Fi and GNSS Chipsets

Do Son October 10, 2025

MediaTek has released its October 2025 Product Security Bulletin, disclosing a set of high- and medium-severity vulnerabilities...

TP-Link Router Flaw CVE-2023-28760 Allows Root RCE via LAN, PoC Available TP-Link RCE, MiniDLNA Overflow

TP-Link Router Flaw CVE-2023-28760 Allows Root RCE via LAN, PoC Available

Do Son October 10, 2025

Security researcher Rocco Calvi detailed a critical flaw in the TP-Link AX1800 WiFi 6 Router (Archer AX21/AX20)...

Critical Flowise RCE Flaw: CVE-2025-61913 (CVSS 10.0) Allows Arbitrary File Write Flowise Sandbox Escape CVE-2026-46442 Flowise RCE Flowise Auth Bypass, Unauthenticated Registration Flowise RCE, WriteFileTool FlowiseAI, account takeover CVE-2025-58434

Flowise Sandbox Escape CVE-2026-46442 Flowise RCE Flowise Auth Bypass, Unauthenticated Registration Flowise RCE, WriteFileTool FlowiseAI, account takeover CVE-2025-58434

Critical Flowise RCE Flaw: CVE-2025-61913 (CVSS 10.0) Allows Arbitrary File Write

Do Son October 9, 2025

The maintainers of Flowise, an open-source generative AI development platform for building AI agents and LLM workflows,...

GitLab Patches Two High-Severity Flaws in GraphQL API Affecting Both CE and EE Editions GitLab security updates Duo AI flaw fixed GitLab Runner Hijack, DoS Fix GitLab GraphQL Flaws, CVE-2025-11340 CVE-2024-9693 GitLab vulnerability, XSS

GitLab security updates Duo AI flaw fixed GitLab Runner Hijack, DoS Fix GitLab GraphQL Flaws, CVE-2025-11340 CVE-2024-9693 GitLab vulnerability, XSS

GitLab Patches Two High-Severity Flaws in GraphQL API Affecting Both CE and EE Editions

Do Son October 9, 2025

GitLab has released important updates addressing two high-severity vulnerabilities that impact both its Community Edition (CE) and...

CrowdStrike Releases Fixes for Two Falcon Sensor for Windows Vulnerabilities (CVE-2025-42701 & CVE-2025-42706) LogScale Vulnerability Path Traversal Falcon Sensor File Deletion, CVE-2025-42701 CrowdStrike update crashes - CVE 2025-1146

CrowdStrike Releases Fixes for Two Falcon Sensor for Windows Vulnerabilities (CVE-2025-42701 & CVE-2025-42706)

Do Son October 9, 2025

CrowdStrike has released security updates to address two vulnerabilities in its Falcon Sensor for Windows, identified as...

High-Severity Deno Flaw CVE-2025-61787 Allows Command Injection on Windows CVE-2023-28445 Deno Command Injection, CVE-2025-61787

High-Severity Deno Flaw CVE-2025-61787 Allows Command Injection on Windows

Do Son October 9, 2025

The Deno project has issued a new security advisory warning of a command injection vulnerability on Windows...

Critical Akka.NET Flaw CVE-2025-61778 (CVSS 9.3) Allows Untrusted Nodes to Join Secure Clusters Akka Remote Authentication Bypass, CVE-2025-61778

Critical Akka.NET Flaw CVE-2025-61778 (CVSS 9.3) Allows Untrusted Nodes to Join Secure Clusters

Do Son October 9, 2025

The Akka.NET team has issued a critical security advisory for a severe vulnerability in its Akka.Remote module...

Motorola Smart Feed redirect Anthropic Amazon 5GW partnership Amazon Perplexity lawsuit AWS-LC Vulnerabilities Cryptographic Bypass AWS Middle East drone strikes Amazon layoffs 2026, Amazon AI restructuring Amazon Kindle DRM Policy, Publisher Control EPUB AWS Nova Forge AI Model Customization AWS Trainium3 EC2 Trn3 UltraServer Route 53 Accelerated Recovery AWS DNS Resilience AI Browser War, Amazon Comet Amazon layoffs, cost reduction AWS outage, DynamoDB DNS AWS outage, cloud dependency AWS VPN Client, Root Privilege Escalation WSA shutdown, Amazon Appstore Amazon Wondery, Podcast Restructuring Amazon Q2 2025 Generative AI AWS Client VPN, Privilege Escalation Amazon AI, Wearable AI

Critical AWS VPN Client Flaw CVE-2025-11462 (CVSS 9.3) Allows Root Privilege Escalation on macOS

Do Son October 8, 2025

Amazon Web Services (AWS) has released an important security bulletin warning users of a critical local privilege...

Critical Nagios Flaw CVE-2025-44823 (CVSS 9.9) Leaks Plaintext Admin API Keys, PoC Available Nagios Critical Flaw, Admin Key Leak Nagios XI Vulnerabilities

Nagios Critical Flaw, Admin Key Leak Nagios XI Vulnerabilities

Critical Nagios Flaw CVE-2025-44823 (CVSS 9.9) Leaks Plaintext Admin API Keys, PoC Available

Do Son October 8, 2025

Security researchers have identified two critical vulnerabilities in Nagios Log Server, the enterprise log management solution widely...

Zimbra XSS Zero-Day (CVE-2025-27915) Actively Exploited; CISA Adds to KEV Catalog State-Sponsored Exploitation CISA KEV Catalog F5 BIG-IP RCE CISA KEV Catalog SolarWinds WHD Exploit CVE-2025-40551 Zimbra XSS Zero-Day CVE-2025-27915 Exploited Windows Security Vulnerabilities

State-Sponsored Exploitation CISA KEV Catalog F5 BIG-IP RCE CISA KEV Catalog SolarWinds WHD Exploit CVE-2025-40551 Zimbra XSS Zero-Day CVE-2025-27915 Exploited Windows Security Vulnerabilities

Zimbra XSS Zero-Day (CVE-2025-27915) Actively Exploited; CISA Adds to KEV Catalog

Do Son October 8, 2025

A cross-site scripting (XSS) vulnerability in Synacor Zimbra Collaboration Suite (ZCS) — tracked as CVE-2025-27915 — has...

OpenSSH Flaw (CVE-2025-61984) Allows Remote Code Execution via Usernames CVE-2023-48795 - Terrapin Attack OpenSSH RCE, ProxyCommand Injection

OpenSSH Flaw (CVE-2025-61984) Allows Remote Code Execution via Usernames

Do Son October 8, 2025

Security researcher David Leadbeater has disclosed a vulnerability in OpenSSH, identified as CVE-2025-61984, which highlights how even...

Chrome Security Update Use After Free Chrome Security Update Critical Vulnerabilities Chrome Security Update CVE-2026-3062 Chrome Security Update V8 Engine Vulnerability Chrome Security Update CVE-2026-1862 CVE-2026-0628 Chrome 143 Update Chrome Safe Browsing UAF, CVE-2025-11756 Chrome Memory Flaws, CVE-2025-11460 Google Chrome, vulnerability CVE-2025-10200, CVE-2025-10201 Big Sleep CVE-2025-9478 Chrome Update, Security Vulnerabilities

Chrome 141 Stable Fixes Two High-Severity Flaws: Heap Overflow in Sync and UAF in Storage

Do Son October 8, 2025

Google has released a new Stable Channel update for Chrome 141.0.7390.65/.66 on Windows and macOS and 141.0.7390.65...

Actively Exploited: Critical Flaw CVE-2025-5947 (CVSS 9.8) Allows Unauthenticated Admin Takeover in WordPress Plugin FortiClient EMS exploitation Cisco FIRESTARTER Backdoor Arcane Door Campaign Dell RecoverPoint Zero-Day UNC6201 Espionage Notepad++ Compromise Supply Chain Attack Magento SessionReaper CVE-2025-54236 ShadowRay 2.0, AI-Generated Malware WordPress Auth Bypass, CVE-2025-5947 Exploited EcoStruxure Vulnerabilities, Industrial Control System UNC5820 - CVE-2014-2120 - CVE-2021-44207

FortiClient EMS exploitation Cisco FIRESTARTER Backdoor Arcane Door Campaign Dell RecoverPoint Zero-Day UNC6201 Espionage Notepad++ Compromise Supply Chain Attack Magento SessionReaper CVE-2025-54236 ShadowRay 2.0, AI-Generated Malware WordPress Auth Bypass, CVE-2025-5947 Exploited EcoStruxure Vulnerabilities, Industrial Control System UNC5820 - CVE-2014-2120 - CVE-2021-44207

Actively Exploited: Critical Flaw CVE-2025-5947 (CVSS 9.8) Allows Unauthenticated Admin Takeover in WordPress Plugin

Do Son October 8, 2025

Security researchers at Wordfence have issued an urgent warning about an actively exploited authentication bypass vulnerability in...

Critical Alert