Vulnerability Report Archives • Page 61 of 86 • Daily CyberSecurity

Qt Fixes Dual Critical Vulnerabilities (CVE-2025-10728 & CVE-2025-10729) in SVG Module Qt SVG RCE, CVE-2025-10729 CVE-2024-33861

Qt Fixes Dual Critical Vulnerabilities (CVE-2025-10728 & CVE-2025-10729) in SVG Module

Do Son October 7, 2025

The Qt Group has released a critical security advisory addressing two severe vulnerabilities in the Qt SVG...

Elastic Fixes Multiple High-Severity Vulnerabilities in Kibana and Elasticsearch Elastic Security Update CVE-2026-0532 Elastic Defend Arbitrary Delete, SYSTEM Privilege Escalation ECE Readonly EoP, Improper Authorization Elastic XSS, Kibana Vulnerabilities Elastic LPE, Observability Tools Vulnerabilities

Elastic Fixes Multiple High-Severity Vulnerabilities in Kibana and Elasticsearch

Do Son October 7, 2025

Elastic has issued five security advisories addressing five vulnerabilities affecting its Kibana and Elasticsearch components, including three...

Oracle EBS Zero-Day (CVE-2025-61882) Under Active RCE Exploitation by GRACEFUL SPIDER Oracle EBS Zero-Day, GRACEFUL SPIDER Cracked Software, Supply Chain Attack Black Basta - NOVA stealer

Oracle EBS Zero-Day, GRACEFUL SPIDER Cracked Software, Supply Chain Attack Black Basta - NOVA stealer

Oracle EBS Zero-Day (CVE-2025-61882) Under Active RCE Exploitation by GRACEFUL SPIDER

Do Son October 7, 2025

CrowdStrike has sounded the alarm on an ongoing mass exploitation campaign targeting Oracle E-Business Suite (EBS) applications...

Critical Flaw CVE-2025-59159 (CVSS 9.7) in SillyTavern Allows Full Remote Control of Local AI Instances SillyTavern DNS Rebinding, CVE-2025-59159

Critical Flaw CVE-2025-59159 (CVSS 9.7) in SillyTavern Allows Full Remote Control of Local AI Instances

Do Son October 7, 2025

The developers of SillyTavern, a popular locally hosted interface for large language models (LLMs) and AI tools,...

Critical RCE (CVE-2025-10035) in GoAnywhere MFT Used by Medusa Ransomware Group Quest KACE Vulnerability CVE-2025-32975 FortiGate SSO Bypass, Active Exploitation GoAnywhere RCE, Storm-1175 Cisco VPN RCE, ASA Zero-Day TinyColor Supply Chain Attack SK Telecom, data breach Erlang/OTP RCE, OT Network Security Ivanti CSA Attacks WordPress RCE, Theme Vulnerability

Quest KACE Vulnerability CVE-2025-32975 FortiGate SSO Bypass, Active Exploitation GoAnywhere RCE, Storm-1175 Cisco VPN RCE, ASA Zero-Day TinyColor Supply Chain Attack SK Telecom, data breach Erlang/OTP RCE, OT Network Security Ivanti CSA Attacks WordPress RCE, Theme Vulnerability

Critical RCE (CVE-2025-10035) in GoAnywhere MFT Used by Medusa Ransomware Group

Do Son October 7, 2025

Microsoft Threat Intelligence has issued a warning following the discovery of active exploitation of a newly disclosed...

Critical Flaw CVE-2025-36356 (CVSS 9.3) in IBM Security Verify Access Allows Root Privilege Escalation IBM API Connect, CVE-2025-13915 IBM Privilege Escalation, CVE-2025-36356 IBM Power Systems - CVE-2024-45656 CVE-2024-49814 and CVE-2024-51450 CVE-2024-56346 and CVE-2024-56347 CVE-2025-1302

IBM API Connect, CVE-2025-13915 IBM Privilege Escalation, CVE-2025-36356 IBM Power Systems - CVE-2024-45656 CVE-2024-49814 and CVE-2024-51450 CVE-2024-56346 and CVE-2024-56347 CVE-2025-1302

Critical Flaw CVE-2025-36356 (CVSS 9.3) in IBM Security Verify Access Allows Root Privilege Escalation

Do Son October 7, 2025

IBM has released fixes for three security vulnerabilities affecting its IBM Security Verify Access and IBM Verify...

Weaver E-cology RCE CVE-2026-22679 CVE-2026-20127 Cisco SD-WAN Exploitation AI-Driven Cyberattack ARXON Malware React Server Components Vulnerability CVE-2025-55182 FortiWeb Auth Bypass, Unauthenticated Admin Takeover RayInitiator Bootkit, LINE VIPER CVE-2025-59689 Department of the Treasury cybersecurity - CVE-2025-0108 PoC CVE-2025-31103 Dior Data Breach SK Telecom data breach, long-term intrusion

Rapid7 Details Cisco ASA Zero-Day Exploit Chain (CVE-2025-20362 & CVE-2025-20333)

Do Son October 7, 2025

Security researchers at Rapid7 have published a detailed technical analysis uncovering how a pair of zero-day vulnerabilities...

Snipe-IT Flaw Chained: XSS (CVE-2025-59712) to RCE (CVE-2025-59713) Achieves Full Server Compromise, PoC Released Snipe-IT RCE Chain, Deserialization

Snipe-IT Flaw Chained: XSS (CVE-2025-59712) to RCE (CVE-2025-59713) Achieves Full Server Compromise, PoC Released

Do Son October 7, 2025

Cybersecurity researchers at Synacktiv have uncovered two critical vulnerabilities in Snipe-IT, an open-source IT asset management system,...

Unity Flaw CVE-2025-59489 Allows Local Code Execution in Millions of Games Unity RCE, CVE-2025-59489

Unity Flaw CVE-2025-59489 Allows Local Code Execution in Millions of Games

Do Son October 6, 2025

A serious vulnerability in the Unity Runtime, tracked as CVE-2025-59489 (CVSS 8.4), has been discovered by security...

CVE-2025-27237: Zabbix Agent Flaw Allows Local Privilege Escalation via OpenSSL DLL Injection CVE-2024-22120 Zabbix DLL Injection, CVE-2025-27237

CVE-2024-22120 Zabbix DLL Injection, CVE-2025-27237

CVE-2025-27237: Zabbix Agent Flaw Allows Local Privilege Escalation via OpenSSL DLL Injection

Do Son October 6, 2025

A newly disclosed vulnerability in the Zabbix Agent and Agent 2 for Windows could allow local attackers...

RCE Flaw CVE-2025-10547 in DrayTek Vigor Routers Allows Unauthenticated Root Access DrayTek Vigor RCE, CVE-2025-10547 Router security, TheMoon malware

DrayTek Vigor RCE, CVE-2025-10547 Router security, TheMoon malware

RCE Flaw CVE-2025-10547 in DrayTek Vigor Routers Allows Unauthenticated Root Access

Do Son October 6, 2025

A newly disclosed vulnerability in DrayTek’s Vigor routers, tracked as CVE-2025-10547, could allow remote attackers to execute...

CVE-2025-61882 (CVSS 9.8): Critical RCE Flaw in Oracle E-Business Suite CVE-2025-21535 Oracle EBS RCE, CVE-2025-61882

CVE-2025-61882 (CVSS 9.8): Critical RCE Flaw in Oracle E-Business Suite

Do Son October 6, 2025

Oracle has issued an emergency Security Alert addressing a critical vulnerability (CVE-2025-61882) in Oracle E-Business Suite, warning...

QNAP Fixes High-Severity Flaws: NetBak Replicator RCE and SQL Injection in Qsync Central CVE-2024-27124 QNAP Vulnerabilities, NetBak Replicator

CVE-2024-27124 QNAP Vulnerabilities, NetBak Replicator

QNAP Fixes High-Severity Flaws: NetBak Replicator RCE and SQL Injection in Qsync Central

Do Son October 6, 2025

QNAP has issued a new security advisory addressing multiple vulnerabilities in two of its widely used utilities—NetBak...

Critical Flaw CVE-2025-49844 (CVSS 10.0) Allows Remote Code Execution in Redis Redis XACKDEL RCE, Google Big Sleep CVE-2023-41056 Redis licensing, AGPL Redis RCE, Lua Use-After-Free CVE-2025-49844

Redis XACKDEL RCE, Google Big Sleep CVE-2023-41056 Redis licensing, AGPL Redis RCE, Lua Use-After-Free CVE-2025-49844

Critical Flaw CVE-2025-49844 (CVSS 10.0) Allows Remote Code Execution in Redis

Do Son October 6, 2025

Redis, the popular open-source in-memory data store widely used for real-time analytics, caching, and message brokering, has...

Actively Exploited: Critical Flaw CVE-2025-6388 (CVSS 9.8) Allows Authentication Bypass in WordPress Plugin WordPress Auth Bypass, CVE-2025-6388 Exploited

WordPress Auth Bypass, CVE-2025-6388 Exploited

Actively Exploited: Critical Flaw CVE-2025-6388 (CVSS 9.8) Allows Authentication Bypass in WordPress Plugin

Do Son October 3, 2025

A newly disclosed vulnerability in the Spirit Framework plugin for WordPress has put thousands of websites at...

Yoast SEO Premium Flaw: Stored XSS Bug (CVE-2025-11241) Exposes Millions of WordPress Sites Yoast XSS, CVE-2025-11241

Yoast SEO Premium Flaw: Stored XSS Bug (CVE-2025-11241) Exposes Millions of WordPress Sites

Do Son October 3, 2025

A new vulnerability has been disclosed in the widely used Yoast SEO Premium plugin for WordPress, potentially...

GreyNoise Detects Coordinated Surge Exploiting Grafana Path Traversal Flaw (CVE-2021-43798) Grafana Exploitation, Coordinated Scanning Arcserve UDP Vulnerabilities

Grafana Exploitation, Coordinated Scanning Arcserve UDP Vulnerabilities

GreyNoise Detects Coordinated Surge Exploiting Grafana Path Traversal Flaw (CVE-2021-43798)

Do Son October 3, 2025

Recently, GreyNoise observed a sudden and highly coordinated wave of exploitation attempts targeting CVE-2021-43798, a Grafana path...

Researcher Details Zero-Day Linux/Android Kernel Flaw (CVE-2025-38352) Linux Timer TOCTOU, CVE-2025-38352

Researcher Details Zero-Day Linux/Android Kernel Flaw (CVE-2025-38352)

Do Son October 3, 2025

Security researcher StreyPaws has published an in-depth analysis of CVE-2025-38352, a Time-of-Check to Time-of-Use (TOCTOU) race condition...

Critical Flaw in Termix Docker Image (CVE-2025-59951) Leaks SSH Credentials Without Authentication

Do Son October 2, 2025

The Termix project has disclosed a critical authentication bypass vulnerability in its official Docker image, exposing sensitive...

Chrome 148 lazy loading Chrome for Linux ARM64 Chrome 145 Update Chrome Security Fixes Chrome Security Update CVE-2026-1220 Chrome 144 Security Update CVE-2026-0899 Chrome Memory Safety, WebGPU UAF Chrome V8 Type Confusion, Google Updater Flaw Chrome V8 Flaw, CVE-2025-13042 Chrome V8, Type Confusion, Chrome 142 Update Chrome V8 Flaw, CVE-2025-12036 Chrome 141, WebGPU Overflow Google Chrome preloading Chrome, V8 vulnerability CVE-2025-9132 Chrome Security Update, Use-After-Free Chrome V8, Type Confusion Chrome Telemetry, Windows 10 EOL Microsoft Family Safety, Chrome Blocking Chrome Security Update, High-Severity Google Chrome, Antitrust CVE-2024-10487 and CVE-2024-10488 Google Chrome Root Program Chrome Update, CVE-2025-3619 Chrome Acquisition, Perplexity.ai

Chrome 141 Stable Channel Update Patches High-Severity Vulnerabilities (CVE-2025-11205 & CVE-2025-11206)

Do Son October 2, 2025

The Chrome security team has announced the promotion of Chrome 141 to the Stable Channel for Windows,...

Critical Alert