Vulnerability Report Archives • Page 63 of 86 • Daily CyberSecurity

Cisco Zero-Day CVE-2025-20362 Under Attack: VPN Flaw in ASA/FTD Exposes Restricted Resources Cisco VPN Zero-Day, ASA Vulnerability Ivanti Vulnerabilities Wing FTP Server, RCE Exploit CVE-2024-9474 Exploited: LITTLELAMB.WOOLTEA Backdoor

Cisco VPN Zero-Day, ASA Vulnerability Ivanti Vulnerabilities Wing FTP Server, RCE Exploit CVE-2024-9474 Exploited: LITTLELAMB.WOOLTEA Backdoor

Cisco Zero-Day CVE-2025-20362 Under Attack: VPN Flaw in ASA/FTD Exposes Restricted Resources

Do Son September 26, 2025

Cisco has released software updates addressing a zero-day vulnerability in the VPN web server of its Secure...

CVE-2025-54831: Apache Airflow Bug Exposes Sensitive Connection Passwords to Read-Only Users Airflow Credential Leak, UI Redaction Failure CVE-2024-39877 & CVE-2024-45784 Airflow Connection Leak, CVE-2025-54831

Airflow Credential Leak, UI Redaction Failure CVE-2024-39877 & CVE-2024-45784 Airflow Connection Leak, CVE-2025-54831

CVE-2025-54831: Apache Airflow Bug Exposes Sensitive Connection Passwords to Read-Only Users

Do Son September 26, 2025

The Apache Software Foundation has released a fix for Apache Airflow, a popular open-source platform for authoring,...

GitLab Fixes High-Severity DoS Flaws: Unauthenticated Attackers Could Crash Instances GitLab Security Update May 2026 GitLab XSS and DoS Vulnerabilities GitLab Security Session Hijacking GitLab Security Update, CI/CD Vulnerability GitLab DoS, Security Update bypassing SAML - CVE-2024-8312 and CVE-2024-6826

GitLab Security Update May 2026 GitLab XSS and DoS Vulnerabilities GitLab Security Session Hijacking GitLab Security Update, CI/CD Vulnerability GitLab DoS, Security Update bypassing SAML - CVE-2024-8312 and CVE-2024-6826

GitLab Fixes High-Severity DoS Flaws: Unauthenticated Attackers Could Crash Instances

Do Son September 26, 2025

GitLab has released security updates for versions 18.4.1, 18.3.3, and 18.2.7 of its Community Edition (CE) and...

NVIDIA Patches High-Severity Code Injection Flaws in Megatron-LM AI Framework NVIDIA GPU Security CUDA-Q Vulnerability NVIDIA Apex Vulnerability AI Infrastructure Security NVIDIA Cumulus Linux CVE-2025-33179 NVIDIA Arm divestment NVIDIA DGX Spark, CVE-2025-33187 NVIDIA Isaac-GROOT, Code Injection Megatron-LM Vulnerability, AI Code Injection NVIDIA China NVIDIA GPUs, Hardware Kill Switches NVIDIA Megatron-LM, LLM Vulnerabilities NVIDIA Base Command Manager - CVE-2024-0138

NVIDIA GPU Security CUDA-Q Vulnerability NVIDIA Apex Vulnerability AI Infrastructure Security NVIDIA Cumulus Linux CVE-2025-33179 NVIDIA Arm divestment NVIDIA DGX Spark, CVE-2025-33187 NVIDIA Isaac-GROOT, Code Injection Megatron-LM Vulnerability, AI Code Injection NVIDIA China NVIDIA GPUs, Hardware Kill Switches NVIDIA Megatron-LM, LLM Vulnerabilities NVIDIA Base Command Manager - CVE-2024-0138

NVIDIA Patches High-Severity Code Injection Flaws in Megatron-LM AI Framework

Do Son September 26, 2025

Nvidia has issued an important security update addressing multiple high-severity vulnerabilities in its open-source Megatron-LM project, a...

Two WordPress Core Vulnerabilities Disclosed Without Patch: Sensitive Data Exposure and Stored XSS WordPress Privilege Escalation CVE-2026-1492 Sneeit Framework RCE, Unauthenticated Code Execution Post SMTP, Account Takeover WordPress Vulnerability, Unpatched XSS WordPress Vulnerability, PHP Object Injection WordPress AI Engine, Privilege Escalation CVE-2024-43153 & CVE-2024-43234

WordPress Privilege Escalation CVE-2026-1492 Sneeit Framework RCE, Unauthenticated Code Execution Post SMTP, Account Takeover WordPress Vulnerability, Unpatched XSS WordPress Vulnerability, PHP Object Injection WordPress AI Engine, Privilege Escalation CVE-2024-43153 & CVE-2024-43234

Two WordPress Core Vulnerabilities Disclosed Without Patch: Sensitive Data Exposure and Stored XSS

Do Son September 25, 2025

Two vulnerabilities were found in WordPress Core, affecting all versions up to and including 6.8.2. Both flaws...

Cisco SNMP Flaw (CVE-2025-20352) Actively Exploited: Patch Now to Stop Root Access! Cisco Phone DoS, CVE-2025-20350 Cisco SNMP Flaw CVE-2025-20352 CVE-2024-20398 & CVE-2024-20381 CVE-2025-20206

Cisco Phone DoS, CVE-2025-20350 Cisco SNMP Flaw CVE-2025-20352 CVE-2024-20398 & CVE-2024-20381 CVE-2025-20206

Cisco SNMP Flaw (CVE-2025-20352) Actively Exploited: Patch Now to Stop Root Access!

Do Son September 25, 2025

Cisco has issued a security advisory warning of a critical flaw in its IOS and IOS XE...

CVE-2025-41715 (CVSS 9.8): Unauthenticated Flaw Exposes WAGO Industrial Databases WAGO, vulnerability, industrial automation BlockBlasters, Steam malware Baxter Life2000 Ventilation System - CVE-2024-48966

WAGO, vulnerability, industrial automation BlockBlasters, Steam malware Baxter Life2000 Ventilation System - CVE-2024-48966

CVE-2025-41715 (CVSS 9.8): Unauthenticated Flaw Exposes WAGO Industrial Databases

Do Son September 25, 2025

VDE CERT has issued a security advisory disclosing two vulnerabilities in WAGO Device Sphere and WAGO Solution...

Chrome Security Update Use After Free Chrome Security Update Critical Vulnerabilities Chrome Security Update CVE-2026-3062 Chrome Security Update V8 Engine Vulnerability Chrome Security Update CVE-2026-1862 CVE-2026-0628 Chrome 143 Update Chrome Safe Browsing UAF, CVE-2025-11756 Chrome Memory Flaws, CVE-2025-11460 Google Chrome, vulnerability CVE-2025-10200, CVE-2025-10201 Big Sleep CVE-2025-9478 Chrome Update, Security Vulnerabilities

CISA adds Chrome zero-day CVE-2025-10585 to KEV after public exploit appears

Do Son September 24, 2025

CISA this week added CVE-2025-10585, a high-severity type-confusion flaw in Google’s V8 JavaScript engine, to its Known...

CVE-2025-9844: Salesforce CLI Installer Vulnerability Could Lead to SYSTEM-Level Compromise Salesforce vulnerability CVE-2025-9844 Salt Typhoon cyberattack

Salesforce vulnerability CVE-2025-9844 Salt Typhoon cyberattack

CVE-2025-9844: Salesforce CLI Installer Vulnerability Could Lead to SYSTEM-Level Compromise

Do Son September 24, 2025

Salesforce has published a security advisory detailing a high-severity flaw in its Salesforce-CLI installer (sf-x64.exe). The vulnerability,...

CVE-2025-10184: Unpatched OnePlus Flaw Exposes SMS Data & Breaks MFA, PoC Available OnePlus, US Investigation OnePlus vulnerability CVE-2025-10184

OnePlus, US Investigation OnePlus vulnerability CVE-2025-10184

CVE-2025-10184: Unpatched OnePlus Flaw Exposes SMS Data & Breaks MFA, PoC Available

Do Son September 24, 2025

Researchers at Rapid7 have disclosed a critical permission bypass vulnerability in OnePlus OxygenOS, tracked as CVE-2025-10184. The...

CVE-2025-59545: Critical XSS Flaw in DNN Software Puts 750,000 Websites at Risk CVE-2025-64095 Site Takeover DNN Software, XSS, vulnerability

CVE-2025-59545: Critical XSS Flaw in DNN Software Puts 750,000 Websites at Risk

Do Son September 24, 2025

DNN Software has issued a security advisory warning of a critical stored cross-site scripting (XSS) vulnerability in...

Chrome 148 lazy loading Chrome for Linux ARM64 Chrome 145 Update Chrome Security Fixes Chrome Security Update CVE-2026-1220 Chrome 144 Security Update CVE-2026-0899 Chrome Memory Safety, WebGPU UAF Chrome V8 Type Confusion, Google Updater Flaw Chrome V8 Flaw, CVE-2025-13042 Chrome V8, Type Confusion, Chrome 142 Update Chrome V8 Flaw, CVE-2025-12036 Chrome 141, WebGPU Overflow Google Chrome preloading Chrome, V8 vulnerability CVE-2025-9132 Chrome Security Update, Use-After-Free Chrome V8, Type Confusion Chrome Telemetry, Windows 10 EOL Microsoft Family Safety, Chrome Blocking Chrome Security Update, High-Severity Google Chrome, Antitrust CVE-2024-10487 and CVE-2024-10488 Google Chrome Root Program Chrome Update, CVE-2025-3619 Chrome Acquisition, Perplexity.ai

Google Chrome Patches Three High-Severity Flaws in V8 Engine

Do Son September 24, 2025

Google has released a Stable Channel Update for Desktop with builds 140.0.7339.207/.208 for Windows and Mac and...

CVE-2025-26399 (CVSS 9.8): SolarWinds Web Help Desk Hit by Critical RCE Vulnerability CVE-2024-28991 & CVE-2024-28990 SolarWinds RCE vulnerability CVE-2025-26399

CVE-2024-28991 & CVE-2024-28990 SolarWinds RCE vulnerability CVE-2025-26399

CVE-2025-26399 (CVSS 9.8): SolarWinds Web Help Desk Hit by Critical RCE Vulnerability

Do Son September 23, 2025

SolarWinds has released a hotfix for its Web Help Desk (WHD) software after the discovery of a...

CVE-2025-9125: Cross-Site Scripting Flaw in Lectora Courses Puts E-Learning Platforms at Risk Ollama Heap Leak CVE-2026-5757 Anritsu Vulnerability Authentication Bypass Gootloader Malware Malformed ZIP Evasion Blender Malware, StealC V2 Lectora, XSS CVE-2025-9125 HFS RCE, Template Injection Arch Linux Malware, CHAOS RAT CVE-2024-56404 - CVE-2024-39327 CVE-2025-2538

Ollama Heap Leak CVE-2026-5757 Anritsu Vulnerability Authentication Bypass Gootloader Malware Malformed ZIP Evasion Blender Malware, StealC V2 Lectora, XSS CVE-2025-9125 HFS RCE, Template Injection Arch Linux Malware, CHAOS RAT CVE-2024-56404 - CVE-2024-39327 CVE-2025-2538

CVE-2025-9125: Cross-Site Scripting Flaw in Lectora Courses Puts E-Learning Platforms at Risk

Do Son September 23, 2025

The CERT Coordination Center (CERT/CC) has issued a vulnerability note warning of a cross-site scripting (XSS) flaw...

Weaver E-cology RCE CVE-2026-22679 CVE-2026-20127 Cisco SD-WAN Exploitation AI-Driven Cyberattack ARXON Malware React Server Components Vulnerability CVE-2025-55182 FortiWeb Auth Bypass, Unauthenticated Admin Takeover RayInitiator Bootkit, LINE VIPER CVE-2025-59689 Department of the Treasury cybersecurity - CVE-2025-0108 PoC CVE-2025-31103 Dior Data Breach SK Telecom data breach, long-term intrusion

CVE-2025-59689: Libraesva ESG Command Injection Flaw Exploited in the Wild

Do Son September 23, 2025

Libraesva has released an urgent security advisory addressing a command injection vulnerability (CVE-2025-59689) in its Email Security...

CVE-2025-55241: Microsoft Entra ID Flaw with CVSS 10.0 Could Have Compromised Every Tenant Worldwide Microsoft Entra ID vulnerability CVE-2025-55241

Microsoft Entra ID vulnerability CVE-2025-55241

CVE-2025-55241: Microsoft Entra ID Flaw with CVSS 10.0 Could Have Compromised Every Tenant Worldwide

Do Son September 22, 2025

In one of the most significant discoveries of 2025, security researcher Dirk-jan Mollema revealed a vulnerability in...

BiDi Swap: A Decade-Old Unicode Flaw Still Enables URL Spoofing BiDi Swap, phishing attacks Cybersecurity Threats

BiDi Swap: A Decade-Old Unicode Flaw Still Enables URL Spoofing

Do Son September 22, 2025

The Varonis Threat Labs team has published an eye-opening report about a persistent vulnerability in how modern...

CVE-2025-9961: TP-Link Router Flaw Could Be Exploited for RCE, PoC Released TP-Link CWMP CVE-2025-9961

CVE-2025-9961: TP-Link Router Flaw Could Be Exploited for RCE, PoC Released

Do Son September 22, 2025

Security researchers at ByteRay have published a detailed exploitation write-up of CVE-2025-9961, a vulnerability in TP-Link’s CWMP...

CISA Warns of Critical Vulnerabilities in Dover Fueling Solutions’ ProGauge MagLink LX WD Discovery Vulnerability CVE-2025-30248 binary-parser Vulnerability CVE-2026-1245 H3C RCE Vulnerability CVE-2025-60262 Telenium RCE, CVE-2025-10659 Fuel station security, ICS vulnerabilities FreePBX vulnerability CVE-2024-9478 & CVE-2024-9479 SysTrack Vulnerability, Privilege Escalation