Vulnerability Report Archives • Page 64 of 86 • Daily CyberSecurity

CVE-2025-59340: Critical HubSpot’s Jinjava Engine Flaw Exposes Thousands of Websites to RCE Jinjava Vulnerability CVE-2026-25526 CVE-2025-59340 HubSpot RCE

Jinjava Vulnerability CVE-2026-25526 CVE-2025-59340 HubSpot RCE

CVE-2025-59340: Critical HubSpot’s Jinjava Engine Flaw Exposes Thousands of Websites to RCE

Do Son September 19, 2025

HubSpot has issued a security advisory regarding a critical flaw in its Jinjava template engine, which powers...

Everon OCPP Vulnerability CVE-2026-26288 ASUSTOR ADM Vulnerability CVE-2026-24936 PrismX MX100 Vulnerability Hard-Coded Credentials Advantech Vulnerability CVE-2025-52694 Eaton UPS Companion, CVE-2025-59887 ASUS Router, Authentication Bypass ASUSTOR DLL Hijacking, Privilege Escalation OpenShift AI, Privilege Escalation GoAnywhere vulnerability CVE-2025-10035 LangChainGo, template injection DeepDiff, class pollution ToolShell Sunshine, CSRF Vulnerability KACE SMA, Critical Vulnerabilities Oracle Zero-Days - PDQ Deploy vulnerability

CVE-2025-10035 (CVSS 10): Critical Deserialization Flaw in GoAnywhere MFT Exposes Enterprises to Remote Exploitation

Do Son September 19, 2025

A newly disclosed vulnerability in Fortra’s GoAnywhere Managed File Transfer (MFT) platform has been assigned CVE-2025-10035, carrying...

shell-quote command injection AI-Driven Vulnerabilities Q1 2026 Cyber Threats vm2 Sandbox Escape Node.js RCE upKeeper Privilege Escalation CVE-2026-2449 Pharos Controls Vulnerability Root Access Exploit Cybersecurity Vulnerability Roundup CVSS 10.0 Flaws Shadow Archives CVE-2026-0866 MS-Agent Prompt Injection CVE-2026-2256 basic-ftp Path Traversal CVE-2026-27699 telnetd Root Vulnerability CVE-1999-0073 Regression USR-W610 Vulnerabilities End-of-Life IoT Security IceWarp Security Update IceWarp Vulnerabilities Airleader Master Vulnerability CVE-2026-1358 ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

CISA Warns of Critical Flaw in Delta DIALink: CVE-2025-58321 (CVSS 10.0)

Do Son September 19, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a new security advisory warning about two serious...

Jenkins Patches High-Severity Vulnerabilities, Including a DoS Flaw Jenkins Plugin RCE CI/CD Security Advisory Jenkins Vulnerability CVE-2026-33001 Jenkins CLI DoS, Coverage Plugin XSS Jenkins SAML Hijacking, Plaintext Secrets CVE-2023-43495 - Jenkins Vulnerability

Jenkins Plugin RCE CI/CD Security Advisory Jenkins Vulnerability CVE-2026-33001 Jenkins CLI DoS, Coverage Plugin XSS Jenkins SAML Hijacking, Plaintext Secrets CVE-2023-43495 - Jenkins Vulnerability

Jenkins Patches High-Severity Vulnerabilities, Including a DoS Flaw

Do Son September 18, 2025

Jenkins, one of the most widely used open-source automation servers, has released a new security advisory addressing...

Chrome Emergency Update: Zero-Day (CVE-2025-10585) in V8 Exploited in the Wild Chrome security update exploit in the wild Chrome Zero-Day CVE-2026-3909 Chrome Zero-Day PoC CVE-2026-2441 Chrome Zero-Day CVE-2026-2441 Chrome Zero-Day, Active Exploitation CVE-2025-10585 Chrome vulnerability, zero-day exploit CVE-2025-6558 Chrome Zero-Day, V8 Vulnerability Chrome Zero-Day, Security Update

Chrome security update exploit in the wild Chrome Zero-Day CVE-2026-3909 Chrome Zero-Day PoC CVE-2026-2441 Chrome Zero-Day CVE-2026-2441 Chrome Zero-Day, Active Exploitation CVE-2025-10585 Chrome vulnerability, zero-day exploit CVE-2025-6558 Chrome Zero-Day, V8 Vulnerability Chrome Zero-Day, Security Update

Chrome Emergency Update: Zero-Day (CVE-2025-10585) in V8 Exploited in the Wild

Do Son September 18, 2025

Google has released a Stable Channel update to version 140.0.7339.185/.186 for Windows and Mac, and 140.0.7339.185 for...

Critical Vulnerabilities Discovered in Planet Technology Industrial Cellular Gateways CVE-2025-9971 CVE-2025-9972 PLANET Technology - CVE-2024-8456

CVE-2025-9971 CVE-2025-9972 PLANET Technology - CVE-2024-8456

Critical Vulnerabilities Discovered in Planet Technology Industrial Cellular Gateways

Do Son September 18, 2025

The Taiwan Computer Emergency Response Team / Coordination Center (TWCERT/CC) has issued a security advisory warning of...

Phoenix (CVE-2025-6202): A New Rowhammer Attack Bypasses DDR5 Protections

Do Son September 18, 2025

Researchers from ETH Zurich have unveiled Phoenix, a new Rowhammer attack that successfully bypasses in-DRAM mitigations in...

From Simple Bug to RCE: A Flaw (CVE-2025-21692) in the Linux Kernel, PoC Published Linux Kernel vulnerability CVE-2025-21692

From Simple Bug to RCE: A Flaw (CVE-2025-21692) in the Linux Kernel, PoC Published

Do Son September 18, 2025

Security researcher Volticks has published a deep technical writeup on CVE-2025-21692, a vulnerability in the Linux kernel’s...

CVE-2025-9242: Critical WatchGuard Flaw Allows Remote Code Execution WatchGuard Agent Privilege Escalation CVE-2026-6787 WatchGuard Vulnerability CVE-2026-1498 WatchGuard Firebox VPN Flaws, Command Injection WatchGuard Vulnerability CVE-2024-6592 and CVE-2024-6593

CVE-2025-9242: Critical WatchGuard Flaw Allows Remote Code Execution

Do Son September 17, 2025

WatchGuard has issued a security advisory addressing a critical vulnerability in its Fireware OS, tracked as CVE-2025-9242...

NVIDIA acquisition rumors NVIDIA AI Security AI Framework Vulnerabilities Nvidia 595.76 Hotfix NVIDIA Megatron Bridge vulnerability GPU vs ASIC AI battle NVIDIA Driver Vulnerability CVE-2025-33217 NVIDIA biggest TSMC customer 2026, NVIDIA vs Apple TSMC revenue share NVIDIA CUDA Toolkit CVE-2025-33228 Groq NVIDIA licensing deal, Jonathan Ross acquihire 2025 NeMo Code Injection, AI Framework RCE NVIDIA App Privilege Escalation, CVE-2025-23358 NVIDIA Security Update, DLS Vulnerability CVE-2025-23316 NVIDIA NVDebug, vulnerabilities NVIDIA Driver Vulnerabilities, vGPU Security Nvidia Jetson, UEFI Vulnerabilities CVE-2024-0130 - CVE-2024-0136 CVE-2024-0148 NVIDIA Driver Support, Windows 10 EOL

NVIDIA Patches Critical RCE Flaw (CVE-2025-23316, CVSS 9.8) in Triton Inference Server

Do Son September 17, 2025

NVIDIA has released a software update addressing multiple high- and critical-severity vulnerabilities in its Triton Inference Server,...

Multiple High-Severity Vulnerabilities Found in HPE Aruba Networking EdgeConnect SD-WAN Gateways HPE Aruba Private 5G Vulnerability CVE-2026-23595 HPE Instant On Vulnerability CVE-2025-37166 CVE-2024-31466 & CVE-2024-31467 HPE Aruba Networking, vulnerability

HPE Aruba Private 5G Vulnerability CVE-2026-23595 HPE Instant On Vulnerability CVE-2025-37166 CVE-2024-31466 & CVE-2024-31467 HPE Aruba Networking, vulnerability

Multiple High-Severity Vulnerabilities Found in HPE Aruba Networking EdgeConnect SD-WAN Gateways

Do Son September 17, 2025

HPE Aruba Networking has released patches addressing multiple high- and medium-severity vulnerabilities in its EdgeConnect SD-WAN Gateways,...

Kubernetes C# Client Flaw Exposes API to MITM Attacks (CVE-2025-9708) Ingress-Nginx Vulnerability Kubernetes RCE Vulnerability CVE-2025-9708 Kubernetes Security, Image Builder Vulnerability CVE-2024-10220 - OPA Gatekeeper Bypass

Ingress-Nginx Vulnerability Kubernetes RCE Vulnerability CVE-2025-9708 Kubernetes Security, Image Builder Vulnerability CVE-2024-10220 - OPA Gatekeeper Bypass

Kubernetes C# Client Flaw Exposes API to MITM Attacks (CVE-2025-9708)

Do Son September 17, 2025

A newly disclosed vulnerability in the Kubernetes C# client has been assigned CVE-2025-9708 with a CVSS score...

KSMBDrain (CVE-2025-38501): Linux Kernel Flaw Allows Remote DoS Attacks, PoC Available Linux DoS CVE-2025-38501

KSMBDrain (CVE-2025-38501): Linux Kernel Flaw Allows Remote DoS Attacks, PoC Available

Do Son September 17, 2025

A newly disclosed vulnerability in the Linux kernel’s KSMBD subsystem has been assigned CVE-2025-38501, allowing remote attackers...

Check Point VPN vulnerability exploited in the wild Check Point VPN exploit CVE-2026-50751 zero-day Checkmarx Breach Supply Chain Attack Ivanti EPMM RCE CVE-2026-1281 Modular DS Vulnerability CVE-2026-23550 D-Link RCE Vulnerability CVE-2026-0625 Christmas 2025 GreyNoise Campaign, Japan-Based Initial Access Broker React2Shell Zero-Day, APT Active Exploitation WordPress vulnerability, authentication bypass FreePBX, zero-day Trend Micro Apex One, Remote Code Execution BitoPro Hack, Crypto Theft UNC5337 - CVE-2022-47945 Safe{Wallet} hack Fortinet vulnerability, CVE-2024-21762, FortiGate attack Balloonfly, Play ransomware Ivanti EPMM CVE-2025-4427 and CVE-2025-4428

CVE-2025-5821: Critical Authentication Bypass in WordPress Case Theme User Plugin Exploited in the Wild

Do Son September 16, 2025

Hackers are exploiting a critical authentication bypass vulnerability in the Case Theme User plugin, a WordPress plugin...

Spring Framework and Spring Security Vulnerabilities Expose Authorization Bypass Risks (CVE-2025-41248 & CVE-2025-41249) Spring Cloud Config CVE-2026-22739 Spring Gateway SpEL, STOMP WebSocket CSRF Spring Security, vulnerability CVE-2024-38819 CVE-2025-41243 Spring Cloud Gateway, vulnerability

Spring Cloud Config CVE-2026-22739 Spring Gateway SpEL, STOMP WebSocket CSRF Spring Security, vulnerability CVE-2024-38819 CVE-2025-41243 Spring Cloud Gateway, vulnerability

Spring Framework and Spring Security Vulnerabilities Expose Authorization Bypass Risks (CVE-2025-41248 & CVE-2025-41249)

Do Son September 16, 2025

The Spring team has disclosed two related vulnerabilities—CVE-2025-41248 and CVE-2025-41249—that affect Spring Security and the Spring Framework....

PoC Published: Linux Kernel 0-Click RCE Vulnerability Found in ksmbd Linux kernel, SMB vulnerability

PoC Published: Linux Kernel 0-Click RCE Vulnerability Found in ksmbd

Do Son September 16, 2025

In a recent deep-dive analysis, security researcher BitsByWill examined two critical Linux kernel vulnerabilities—CVE-2023-52440 and CVE-2023-4130—both impacting...

Samsung Zero-Day Exploit CVE-2025-21043 Patched After Active Attacks on Android Devices Samsung zero-day Samsung Galaxy S25 Edge, Sales Performance Samsung Account, Inactive Accounts One UI 7 Samsung Update

Samsung zero-day Samsung Galaxy S25 Edge, Sales Performance Samsung Account, Inactive Accounts One UI 7 Samsung Update

Samsung Zero-Day Exploit CVE-2025-21043 Patched After Active Attacks on Android Devices

Do Son September 15, 2025

Samsung has released security updates to patch a critical zero-day vulnerability actively exploited against Android devices. Tracked...

PoC Available: FlowiseAI Flaw (CVE-2025-58434) Allows Full Account Takeover (CVSS 9.8) Flowise Sandbox Escape CVE-2026-46442 Flowise RCE Flowise Auth Bypass, Unauthenticated Registration Flowise RCE, WriteFileTool FlowiseAI, account takeover CVE-2025-58434