Vulnerability Report Archives • Page 72 of 86 • Daily CyberSecurity

Critical JWE Ruby Flaw (CVE-2025-54887) Bypasses AES-GCM Authentication, Exposing Encrypted Data Ruby JWE, Authentication Tag Bypass

Critical JWE Ruby Flaw (CVE-2025-54887) Bypasses AES-GCM Authentication, Exposing Encrypted Data

Do Son August 8, 2025

A severe security vulnerability has been uncovered in the Ruby implementation of JSON Web Encryption (JWE), tracked...

CVE-2025-53786: Microsoft Exchange Hybrid Deployments Expose Cloud Privilege Escalation Risk CVE-2025-53786) Exchange Hybrid Vulnerability, Privilege Escalation

CVE-2025-53786) Exchange Hybrid Vulnerability, Privilege Escalation

CVE-2025-53786: Microsoft Exchange Hybrid Deployments Expose Cloud Privilege Escalation Risk

Do Son August 7, 2025

Yesterday, Microsoft issued a critical security advisory addressing a newly identified vulnerability—CVE-2025-53786—in hybrid Microsoft Exchange environments. The...

Critical Flaw (CVE-2025-22470, CVSS 9.8) in SATO Industrial Label Printers Allow Remote Root Takeover SATO Printers, Industrial Vulnerabilities

Critical Flaw (CVE-2025-22470, CVSS 9.8) in SATO Industrial Label Printers Allow Remote Root Takeover

Do Son August 7, 2025

JPCERT/CC has issued a vulnerability note detailing two critical security flaws in SATO Corporation’s widely deployed industrial...

Everon OCPP Vulnerability CVE-2026-26288 ASUSTOR ADM Vulnerability CVE-2026-24936 PrismX MX100 Vulnerability Hard-Coded Credentials Advantech Vulnerability CVE-2025-52694 Eaton UPS Companion, CVE-2025-59887 ASUS Router, Authentication Bypass ASUSTOR DLL Hijacking, Privilege Escalation OpenShift AI, Privilege Escalation GoAnywhere vulnerability CVE-2025-10035 LangChainGo, template injection DeepDiff, class pollution ToolShell Sunshine, CSRF Vulnerability KACE SMA, Critical Vulnerabilities Oracle Zero-Days - PDQ Deploy vulnerability

CISA Warns of “ToolShell”: Critical Exploit Chain Hits SharePoint Servers, Bypasses Authentication

Do Son August 7, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has released an in-depth Malware Analysis Report warning of a...

CVE-2025-52709: Critical PHP Object Injection Flaw in Everest Forms Plugin Affects 100,000+ Sites WordPress Privilege Escalation CVE-2026-1492 Sneeit Framework RCE, Unauthenticated Code Execution Post SMTP, Account Takeover WordPress Vulnerability, Unpatched XSS WordPress Vulnerability, PHP Object Injection WordPress AI Engine, Privilege Escalation CVE-2024-43153 & CVE-2024-43234

WordPress Privilege Escalation CVE-2026-1492 Sneeit Framework RCE, Unauthenticated Code Execution Post SMTP, Account Takeover WordPress Vulnerability, Unpatched XSS WordPress Vulnerability, PHP Object Injection WordPress AI Engine, Privilege Escalation CVE-2024-43153 & CVE-2024-43234

CVE-2025-52709: Critical PHP Object Injection Flaw in Everest Forms Plugin Affects 100,000+ Sites

Do Son August 7, 2025

A critical security vulnerability has been discovered in the Everest Forms plugin, a widely used WordPress plugin...

BYOVD Attack: A New AV Killer Exploits a Legitimate Driver to Neutralize Defenses for MedusaLocker Ransomware

Do Son August 7, 2025

A recent incident response operation in Brazil has revealed a stealthy and destructive threat abusing the trusted...

CISA Alert: Critical Flaws in Tigo Energy Solar Devices Allow Remote Takeover of Solar Systems Tigo Energy, CISA Alert

CISA Alert: Critical Flaws in Tigo Energy Solar Devices Allow Remote Takeover of Solar Systems

Do Son August 7, 2025

In a critical advisory issued by the Cybersecurity and Infrastructure Security Agency (CISA), newly discovered vulnerabilities in...

CISA Adds Three D-Link Flaws to KEV Catalog: EOL IP Cameras Under Active Exploitation CISA KEV, D-Link Vulnerabilities

CISA Adds Three D-Link Flaws to KEV Catalog: EOL IP Cameras Under Active Exploitation

Do Son August 6, 2025

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning for organizations and government entities:...

Critical RCE Flaw (CVE-2025-54594) in React Native Bottom Tabs’ GitHub Actions Exposed Secrets GitHub Actions Vulnerability, React Native Bottom Tabs

GitHub Actions Vulnerability, React Native Bottom Tabs

Critical RCE Flaw (CVE-2025-54594) in React Native Bottom Tabs’ GitHub Actions Exposed Secrets

Do Son August 6, 2025

A critical vulnerability—CVE-2025-54594 (CVSS 9.1)—has been identified in the React Native Bottom Tabs project, exposing the repository...

shell-quote command injection AI-Driven Vulnerabilities Q1 2026 Cyber Threats vm2 Sandbox Escape Node.js RCE upKeeper Privilege Escalation CVE-2026-2449 Pharos Controls Vulnerability Root Access Exploit Cybersecurity Vulnerability Roundup CVSS 10.0 Flaws Shadow Archives CVE-2026-0866 MS-Agent Prompt Injection CVE-2026-2256 basic-ftp Path Traversal CVE-2026-27699 telnetd Root Vulnerability CVE-1999-0073 Regression USR-W610 Vulnerabilities End-of-Life IoT Security IceWarp Security Update IceWarp Vulnerabilities Airleader Master Vulnerability CVE-2026-1358 ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

Adobe AEM Forms Patch: Critical Flaws (CVE-2025-54253, CVSS 10.0) Allow RCE & Arbitrary File Read, Public PoCs Available

Do Son August 6, 2025

Adobe has released urgent patches for two critical vulnerabilities affecting Adobe Experience Manager (AEM) Forms on JEE,...

Critical HFS 2.x Flaw (CVE-2024-23692) Actively Exploited: Legacy File Server Becomes a Ransomware Backdoor Ollama Heap Leak CVE-2026-5757 Anritsu Vulnerability Authentication Bypass Gootloader Malware Malformed ZIP Evasion Blender Malware, StealC V2 Lectora, XSS CVE-2025-9125 HFS RCE, Template Injection Arch Linux Malware, CHAOS RAT CVE-2024-56404 - CVE-2024-39327 CVE-2025-2538

Ollama Heap Leak CVE-2026-5757 Anritsu Vulnerability Authentication Bypass Gootloader Malware Malformed ZIP Evasion Blender Malware, StealC V2 Lectora, XSS CVE-2025-9125 HFS RCE, Template Injection Arch Linux Malware, CHAOS RAT CVE-2024-56404 - CVE-2024-39327 CVE-2025-2538

Critical HFS 2.x Flaw (CVE-2024-23692) Actively Exploited: Legacy File Server Becomes a Ransomware Backdoor

Do Son August 6, 2025

The Imperva Threat Research team sounded the alarm on a coordinated exploitation campaign targeting outdated instances of...

High-Severity Flaws in Rockwell Arena Simulation Expose Industrial Systems to Memory Abuse

Do Son August 6, 2025

Rockwell Automation has issued a security advisory addressing three memory abuse vulnerabilities in its Arena Simulation software,...

Check Point VPN vulnerability exploited in the wild Check Point VPN exploit CVE-2026-50751 zero-day Checkmarx Breach Supply Chain Attack Ivanti EPMM RCE CVE-2026-1281 Modular DS Vulnerability CVE-2026-23550 D-Link RCE Vulnerability CVE-2026-0625 Christmas 2025 GreyNoise Campaign, Japan-Based Initial Access Broker React2Shell Zero-Day, APT Active Exploitation WordPress vulnerability, authentication bypass FreePBX, zero-day Trend Micro Apex One, Remote Code Execution BitoPro Hack, Crypto Theft UNC5337 - CVE-2022-47945 Safe{Wallet} hack Fortinet vulnerability, CVE-2024-21762, FortiGate attack Balloonfly, Play ransomware Ivanti EPMM CVE-2025-4427 and CVE-2025-4428

Critical Command Injection Flaws in Trend Micro Apex One Actively Exploited

Do Son August 5, 2025

Trend Micro has issued an urgent advisory for two critical command injection vulnerabilities affecting its Apex One...

iOS Update: Proton Authenticator Bug Leaked TOTP Secrets in Plaintext Logs Proton Authenticator, MFA Security Proton Authenticator, iOS Vulnerability

Proton Authenticator, MFA Security Proton Authenticator, iOS Vulnerability

iOS Update: Proton Authenticator Bug Leaked TOTP Secrets in Plaintext Logs

Do Son August 5, 2025

If you are using the iOS version of Proton Authenticator, it is imperative that you visit the...

Critical ADOdb Flaw (CVE-2025-54119, CVSS 10.0) in SQLite3 Driver Allows SQL Injection ADOdb SQL Injection, PHP Vulnerability

Critical ADOdb Flaw (CVE-2025-54119, CVSS 10.0) in SQLite3 Driver Allows SQL Injection

Do Son August 5, 2025

A critical SQL injection vulnerability has been discovered in ADOdb, a widely used PHP database abstraction library....

Android CLI Android Security Zero-Interaction DoS CVE-2026-21385 Android Security Update UK CMA Apple Google regulation Google Aluminum OS Android 16 leak, ALOS Android ChromeOS merger Android sideloading certification 2026, Google developer verification APK Android AOSP biannual release, AOSP source code latency 2026 Android Zero-Day, Critical DoS Flaw Android Universal Clipboard Cross-Device Sync Gemini Nano Block, Unlocked Bootloader Android, Calling Cards Android Security Bulletin, RCE Vulnerability Android Linux GUI, Debian VM Android System Services, Google Transparency Android 16, Pixel Update

Android Security Update: Critical RCE Flaw (CVE-2025-48530) in System Component Patched

Do Son August 5, 2025

Google has released the August 2025 Android Security Bulletin, addressing multiple critical and high-severity vulnerabilities affecting Android...

Critical Triton Flaws (CVSS 9.8) Expose AI Servers to Remote Takeover – Patch Now! NemoClaw Prompt Injection AI Sandbox Security NVIDIA Physical AI CES 2026, Jetson T4000 robotics hardware NVIDIA AI Security, Isaac Lab RCE NVIDIA Driver RCE, CVE-2025-23309 NVIDIA Triton, AI Server Vulnerabilities CVE-2023-31029 & CVE-2023-31024 - CVE‑2024-0112

NemoClaw Prompt Injection AI Sandbox Security NVIDIA Physical AI CES 2026, Jetson T4000 robotics hardware NVIDIA AI Security, Isaac Lab RCE NVIDIA Driver RCE, CVE-2025-23309 NVIDIA Triton, AI Server Vulnerabilities CVE-2023-31029 & CVE-2023-31024 - CVE‑2024-0112

Critical Triton Flaws (CVSS 9.8) Expose AI Servers to Remote Takeover – Patch Now!

Do Son August 5, 2025

NVIDIA has released urgent software updates to address a set of critical vulnerabilities discovered in its popular...

Urgent Zero-Day Warning: SonicWall VPNs Under Attack, Akira Ransomware Deployed Within Hours hackerbot-claw campaign Cisco RCE Exploit CVE-2026-20045 SonicWall VPN, Akira Ransomware Nobelium Apache Tomcat, Apache Camel

hackerbot-claw campaign Cisco RCE Exploit CVE-2026-20045 SonicWall VPN, Akira Ransomware Nobelium Apache Tomcat, Apache Camel

Urgent Zero-Day Warning: SonicWall VPNs Under Attack, Akira Ransomware Deployed Within Hours

Do Son August 4, 2025

Huntress has issued a critical alert about what appears to be a zero-day vulnerability in SonicWall Secure...

MediaTek Chipset Flaws: Out-of-Bounds Write Vulnerabilities Expose Smartphones & IoT Devices MediaTek Modem Vulnerabilities, January 2026 Security Bulletin MediaTek Vulnerabilities, Chipset Security CVE-2024-20103 & CVE-2024-20100 - CVE-2024-20154 - February 2025 Product Security Bulletin

MediaTek Chipset Flaws: Out-of-Bounds Write Vulnerabilities Expose Smartphones & IoT Devices

Do Son August 4, 2025

MediaTek, one of the world’s leading chipset manufacturers, has published its latest Product Security Bulletin, revealing several...

PyPitfall: Python’s Hidden Vulnerabilities Propagate Through 145K+ Packages Python Supply Chain, PyPI Vulnerabilities

PyPitfall: Python’s Hidden Vulnerabilities Propagate Through 145K+ Packages

Do Son August 4, 2025

A study from the New Jersey Institute of Technology has exposed a massive web of hidden vulnerabilities...

Critical Alert 3 Active Exploits Detected Today

Critical Alert

Vulnerability Report

Critical JWE Ruby Flaw (CVE-2025-54887) Bypasses AES-GCM Authentication, Exposing Encrypted Data

CVE-2025-53786: Microsoft Exchange Hybrid Deployments Expose Cloud Privilege Escalation Risk

Critical Flaw (CVE-2025-22470, CVSS 9.8) in SATO Industrial Label Printers Allow Remote Root Takeover

CISA Warns of “ToolShell”: Critical Exploit Chain Hits SharePoint Servers, Bypasses Authentication

CVE-2025-52709: Critical PHP Object Injection Flaw in Everest Forms Plugin Affects 100,000+ Sites

BYOVD Attack: A New AV Killer Exploits a Legitimate Driver to Neutralize Defenses for MedusaLocker Ransomware

CISA Alert: Critical Flaws in Tigo Energy Solar Devices Allow Remote Takeover of Solar Systems

CISA Adds Three D-Link Flaws to KEV Catalog: EOL IP Cameras Under Active Exploitation

Critical RCE Flaw (CVE-2025-54594) in React Native Bottom Tabs’ GitHub Actions Exposed Secrets

Adobe AEM Forms Patch: Critical Flaws (CVE-2025-54253, CVSS 10.0) Allow RCE & Arbitrary File Read, Public PoCs Available

Critical HFS 2.x Flaw (CVE-2024-23692) Actively Exploited: Legacy File Server Becomes a Ransomware Backdoor

High-Severity Flaws in Rockwell Arena Simulation Expose Industrial Systems to Memory Abuse

Critical Command Injection Flaws in Trend Micro Apex One Actively Exploited

iOS Update: Proton Authenticator Bug Leaked TOTP Secrets in Plaintext Logs

Critical ADOdb Flaw (CVE-2025-54119, CVSS 10.0) in SQLite3 Driver Allows SQL Injection

Android Security Update: Critical RCE Flaw (CVE-2025-48530) in System Component Patched

Critical Triton Flaws (CVSS 9.8) Expose AI Servers to Remote Takeover – Patch Now!

Urgent Zero-Day Warning: SonicWall VPNs Under Attack, Akira Ransomware Deployed Within Hours

MediaTek Chipset Flaws: Out-of-Bounds Write Vulnerabilities Expose Smartphones & IoT Devices

PyPitfall: Python’s Hidden Vulnerabilities Propagate Through 145K+ Packages