Vulnerability Report Archives • Page 77 of 86 • Daily CyberSecurity

CitrixBleed 2: CVE-2025-5777 Joins CISA’s KEV Catalog Amid Active Exploitation Storm, PoC Available CitrixBleed 2, Session Hijacking

CitrixBleed 2: CVE-2025-5777 Joins CISA’s KEV Catalog Amid Active Exploitation Storm, PoC Available

Do Son July 11, 2025

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially added CVE-2025-5777 to its Known Exploited Vulnerabilities...

Apache HTTP Server 2.4.64 Released: Patches 8 Vulnerabilities, Including HTTP Splitting, SSRF & DoS CVE-2024-38472 Apache HTTP Server, Security Patches

Apache HTTP Server 2.4.64 Released: Patches 8 Vulnerabilities, Including HTTP Splitting, SSRF & DoS

Do Son July 11, 2025

The Apache Software Foundation has issued a new release—Apache HTTP Server version 2.4.64—patching eight security vulnerabilities that...

Critical Wing FTP Server RCE (CVE-2025-47812) Actively Exploited In The Wild Wing FTP Server, RCE Exploit

Critical Wing FTP Server RCE (CVE-2025-47812) Actively Exploited In The Wild

Do Son July 11, 2025

On July 1, 2025—just a day after its public disclosure—Huntress witnessed the active exploitation of a critical...

Laravel Flaw: Leaked APP_KEY Turns Into Remote Code Execution Laravel APP_KEY, Deserialization Attack

Laravel Flaw: Leaked APP_KEY Turns Into Remote Code Execution

Do Son July 11, 2025

A recent technical deep-dive by Synacktiv has exposed a serious yet often overlooked risk in Laravel—the popular...

Helm Flaw (CVE-2025-53547): Local Code Execution via Malicious Chart.yaml & Symlinks Helm, Local Code Execution

Helm Flaw (CVE-2025-53547): Local Code Execution via Malicious Chart.yaml & Symlinks

Do Son July 11, 2025

The Helm project—the popular Kubernetes package manager—has released a critical security advisory for CVE-2025-53547, a high-severity vulnerability...

SureForms WordPress Plugin Flaw (CVE-2025-6691): Unauthenticated Arbitrary File Deletion Leads to Site Takeover, 200K Sites at Risks WordPress Plugin, Arbitrary File Deletion

WordPress Plugin, Arbitrary File Deletion

SureForms WordPress Plugin Flaw (CVE-2025-6691): Unauthenticated Arbitrary File Deletion Leads to Site Takeover, 200K Sites at Risks

Do Son July 10, 2025

A critical vulnerability in the SureForms WordPress plugin—which has over 200,000 active installations—has exposed websites to a...

GitLab Releases Security Updates: XSS and Authorization Bypass Flaws Patched GitLab Security Code Integrity GitLab sale GitLab, Security GitLab Stored XSS, Kubernetes Proxy Flaw

GitLab Security Code Integrity GitLab sale GitLab, Security GitLab Stored XSS, Kubernetes Proxy Flaw

GitLab Releases Security Updates: XSS and Authorization Bypass Flaws Patched

Do Son July 10, 2025

GitLab has released security updates for its Community Edition (CE) and Enterprise Edition (EE), addressing multiple vulnerabilities...

Critical D-Link DIR-825 Router Flaw (CVE-2025-7206, CVSS 9.8): Remote Crash Via Buffer Overflow D-Link DIR-825, Critical Vulnerability

Critical D-Link DIR-825 Router Flaw (CVE-2025-7206, CVSS 9.8): Remote Crash Via Buffer Overflow

Do Son July 10, 2025

A newly discovered critical vulnerability (CVE-2025-7206) in the D-Link DIR-825 router running firmware version 2.10 poses a...

Ruckus Wireless Exposed: 9 Critical Vulnerabilities Leave Wi-Fi Management Systems Wide Open, No Patch! Ruckus vRIoT Vulnerability CVE-2025-69425 Ruckus Wireless, Critical Vulnerabilities

Ruckus vRIoT Vulnerability CVE-2025-69425 Ruckus Wireless, Critical Vulnerabilities

Ruckus Wireless Exposed: 9 Critical Vulnerabilities Leave Wi-Fi Management Systems Wide Open, No Patch!

Do Son July 10, 2025

Multiple critical vulnerabilities have been discovered in Ruckus Wireless’ Virtual SmartZone (vSZ) and Network Director (RND), posing...

Opossum Attack: New Vulnerability Compromises Encrypted TLS Connections, Allowing MitM & Data Injection Opossum Attack, TLS Desynchronization

Opossum Attack: New Vulnerability Compromises Encrypted TLS Connections, Allowing MitM & Data Injection

Do Son July 10, 2025

Researchers have unveiled the Opossum Attack, a novel class of desynchronization vulnerabilities that exploits the coexistence of...

Critical Vulnerabilities Found in Schneider Electric’s EcoStruxure IT Data Center Expert CVE-2024-8884 & CVE-2024-11737 Schneider Electric, Critical Vulnerabilities

CVE-2024-8884 & CVE-2024-11737 Schneider Electric, Critical Vulnerabilities

Critical Vulnerabilities Found in Schneider Electric’s EcoStruxure IT Data Center Expert

Do Son July 10, 2025

Schneider Electric has issued a high-severity security advisory disclosing multiple vulnerabilities affecting its flagship infrastructure management platform,...

Ongoing Attacks Exploit GeoServer RCE Flaw (CVE-2024-36401) to Install NetCat and XMRig CoinMiner GeoServer RCE, XMRig CoinMiner

Ongoing Attacks Exploit GeoServer RCE Flaw (CVE-2024-36401) to Install NetCat and XMRig CoinMiner

Do Son July 10, 2025

The AhnLab Security Intelligence Center (ASEC) has issued a fresh warning on the ongoing exploitation of a...

CISA Warns of Critical Flaws in Emerson ValveLink Software: Exploits Could Lead to Code Execution and Data Exposure Emerson ValveLink, Critical Vulnerabilities

Emerson ValveLink, Critical Vulnerabilities

CISA Warns of Critical Flaws in Emerson ValveLink Software: Exploits Could Lead to Code Execution and Data Exposure

Do Son July 10, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent security advisory highlighting multiple critical vulnerabilities...

Zoom Patches 6 Flaws: DoS, Info Disclosure & XSS Across All Platforms Zoom Security, Vulnerabilities CVE-2023-34120 Zoom outage, domain error

Zoom Patches 6 Flaws: DoS, Info Disclosure & XSS Across All Platforms

Do Son July 9, 2025

Zoom has rolled out a security update patching six newly disclosed vulnerabilities affecting its Workplace, Rooms, and...

Git Project Patches 3 Flaws: RCE, Arbitrary File Writes & Buffer Overflow Git Vulnerabilities, Remote Code Execution

Git Project Patches 3 Flaws: RCE, Arbitrary File Writes & Buffer Overflow

Do Son July 9, 2025

The Git Project has released updates addressing three significant vulnerabilities impacting Git versions up to v2.50.0, including...

Critical Flaws Found in Siemens SINEC NMS: Privilege Escalation and Remote Code Execution Risks Siemens SIVaaS CVE-2025-40804 CVE-2022-43400 & CVE-2024-41798 Siemens SINEC NMS, Critical Vulnerabilities

Siemens SIVaaS CVE-2025-40804 CVE-2022-43400 & CVE-2024-41798 Siemens SINEC NMS, Critical Vulnerabilities

Critical Flaws Found in Siemens SINEC NMS: Privilege Escalation and Remote Code Execution Risks

Do Son July 9, 2025

iemens has released a critical security advisory detailing multiple high-severity vulnerabilities affecting SINEC NMS, its flagship network...

Citrix Warns of Privilege Escalation Vulnerability in Windows Virtual Delivery Agent (CVE-2025-6759) NetScaler Vulnerability CVE-2026-3055 Citrix VDA, Privilege Escalation NetScaler Vulnerabilities, Access Bypass CVE-2024-8534 and CVE-2024-8535

NetScaler Vulnerability CVE-2026-3055 Citrix VDA, Privilege Escalation NetScaler Vulnerabilities, Access Bypass CVE-2024-8534 and CVE-2024-8535

Citrix Warns of Privilege Escalation Vulnerability in Windows Virtual Delivery Agent (CVE-2025-6759)

Do Son July 9, 2025

Citrix has issued a security advisory concerning a newly identified local privilege escalation vulnerability affecting its Windows...

Microsoft’s July 2025 Patch Tuesday: 140 Flaws Fixed, Including Zero-Day, RCEs & AMD CPU Threats Patch Tuesday, Microsoft Security

Microsoft’s July 2025 Patch Tuesday: 140 Flaws Fixed, Including Zero-Day, RCEs & AMD CPU Threats

Do Son July 9, 2025

Microsoft’s July 2025 Patch Tuesday arrives with a hefty load: a total of 140 vulnerabilities patched, including...

Fortinet Fixes Critical SQL Injection Flaw in FortiWeb (CVE-2025-25257, CVSS 9.6) FortiWeb, SQL Injection

Fortinet Fixes Critical SQL Injection Flaw in FortiWeb (CVE-2025-25257, CVSS 9.6)

Do Son July 9, 2025

Fortinet has released a critical patch to address a serious vulnerability in its FortiWeb product — a...

Critical Flaws in Phoenix Contact EV Charging Controllers Expose Infrastructure to Remote Code Execution and Unauthorized Access Phoenix Contact, Critical Vulnerabilities

Phoenix Contact, Critical Vulnerabilities

Critical Flaws in Phoenix Contact EV Charging Controllers Expose Infrastructure to Remote Code Execution and Unauthorized Access

Do Son July 9, 2025

In a coordinated disclosure with CERT@VDE, Phoenix Contact GmbH & Co. KG has issued an urgent advisory...

Critical Alert 3 Active Exploits Detected Today

Critical Alert

Vulnerability Report

CitrixBleed 2: CVE-2025-5777 Joins CISA’s KEV Catalog Amid Active Exploitation Storm, PoC Available

Apache HTTP Server 2.4.64 Released: Patches 8 Vulnerabilities, Including HTTP Splitting, SSRF & DoS

Critical Wing FTP Server RCE (CVE-2025-47812) Actively Exploited In The Wild

Laravel Flaw: Leaked APP_KEY Turns Into Remote Code Execution

Helm Flaw (CVE-2025-53547): Local Code Execution via Malicious Chart.yaml & Symlinks

SureForms WordPress Plugin Flaw (CVE-2025-6691): Unauthenticated Arbitrary File Deletion Leads to Site Takeover, 200K Sites at Risks

GitLab Releases Security Updates: XSS and Authorization Bypass Flaws Patched

Critical D-Link DIR-825 Router Flaw (CVE-2025-7206, CVSS 9.8): Remote Crash Via Buffer Overflow

Ruckus Wireless Exposed: 9 Critical Vulnerabilities Leave Wi-Fi Management Systems Wide Open, No Patch!

Opossum Attack: New Vulnerability Compromises Encrypted TLS Connections, Allowing MitM & Data Injection

Critical Vulnerabilities Found in Schneider Electric’s EcoStruxure IT Data Center Expert

Ongoing Attacks Exploit GeoServer RCE Flaw (CVE-2024-36401) to Install NetCat and XMRig CoinMiner

CISA Warns of Critical Flaws in Emerson ValveLink Software: Exploits Could Lead to Code Execution and Data Exposure

Zoom Patches 6 Flaws: DoS, Info Disclosure & XSS Across All Platforms

Git Project Patches 3 Flaws: RCE, Arbitrary File Writes & Buffer Overflow

Critical Flaws Found in Siemens SINEC NMS: Privilege Escalation and Remote Code Execution Risks

Citrix Warns of Privilege Escalation Vulnerability in Windows Virtual Delivery Agent (CVE-2025-6759)

Microsoft’s July 2025 Patch Tuesday: 140 Flaws Fixed, Including Zero-Day, RCEs & AMD CPU Threats

Fortinet Fixes Critical SQL Injection Flaw in FortiWeb (CVE-2025-25257, CVSS 9.6)

Critical Flaws in Phoenix Contact EV Charging Controllers Expose Infrastructure to Remote Code Execution and Unauthorized Access