Vulnerability Report Archives • Page 81 of 86 • Daily CyberSecurity

Critical Meshtastic Flaw: Key Duplication Allows Message Decryption & Node Hijacking Meshtastic, Cryptographic Flaw

Critical Meshtastic Flaw: Key Duplication Allows Message Decryption & Node Hijacking

Do Son June 23, 2025

The developers behind Meshtastic, the popular open-source LoRa mesh networking project, have issued a critical security advisory...

EKS Security Alert: Overprivileged Containers Exposing AWS Credentials via Unencrypted API

Do Son June 23, 2025

In the complex world of cloud-native applications, Kubernetes and Amazon Elastic Kubernetes Service (EKS) have become the...

Critical ANPR Camera Flaw (CVE-2025-34022, CVSS 9.3) Exposes Selea TARGA Devices, PoC Available, No Vendor Response ANPR Camera, Path Traversal

Critical ANPR Camera Flaw (CVE-2025-34022, CVSS 9.3) Exposes Selea TARGA Devices, PoC Available, No Vendor Response

Do Son June 22, 2025

Gjoko Krstic of Zero Science Lab has uncovered a critical path traversal vulnerability in Selea’s TARGA series...

Critical Mattermost Flaw (CVE-2025-4981, CVSS 9.9) Allows RCE Via Path Traversal Mattermost Vulnerability, Remote Code Execution CVE-2025-20051, CVE-2025-24490, and CVE-2025-25279

Mattermost Vulnerability, Remote Code Execution CVE-2025-20051, CVE-2025-24490, and CVE-2025-25279

Critical Mattermost Flaw (CVE-2025-4981, CVSS 9.9) Allows RCE Via Path Traversal

Do Son June 21, 2025

Open-source collaboration platform Mattermost is exposed to a severe vulnerability that threatens the integrity of its deployments...

IBM QRadar SIEM Exposed by Trio of Security Flaws, Including Critical Command Execution Bug IBM QRadar, Critical Vulnerabilities

IBM QRadar SIEM Exposed by Trio of Security Flaws, Including Critical Command Execution Bug

Do Son June 21, 2025

IBM has issued a security bulletin addressing three critical vulnerabilities in its QRadar SIEM platform, a widely...

Urgent WordPress Alert: Motors Theme Flaw (CVE-2025-4322) Actively Exploited for Site Takeover PAN-OS Root RCE CL-STA-1132 Exploitation Tianxin RCE CVE-2021-4473 React Native Supply Chain Attack AstrOOnauta Malware Gladinet Zero-Day, LFI RCE Chain WordPress Theme, Account Takeover CVE-2024-50623 - European Space Agency cyberattack

PAN-OS Root RCE CL-STA-1132 Exploitation Tianxin RCE CVE-2021-4473 React Native Supply Chain Attack AstrOOnauta Malware Gladinet Zero-Day, LFI RCE Chain WordPress Theme, Account Takeover CVE-2024-50623 - European Space Agency cyberattack

Urgent WordPress Alert: Motors Theme Flaw (CVE-2025-4322) Actively Exploited for Site Takeover

Do Son June 20, 2025

Last month, a critical vulnerability was reported to Wordfence that now threatens more than 22,000 WordPress websites...

CISA Warning: Critical Flaw (CVE-2025-5310) Exposes Fueling Station Devices Fuel Infrastructure, Critical Vulnerability

CISA Warning: Critical Flaw (CVE-2025-5310) Exposes Fueling Station Devices

Do Son June 20, 2025

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent security advisory warning fuel infrastructure...

CVE-2025-23171 & CVE-2025-23172: Versa Director Bugs Open Doors to Webshell Uploads and Command Execution Versa Director, SD-WAN Vulnerabilities

CVE-2025-23171 & CVE-2025-23172: Versa Director Bugs Open Doors to Webshell Uploads and Command Execution

Do Son June 19, 2025

Two newly disclosed vulnerabilities in the Versa Director SD-WAN orchestration platform could allow authenticated attackers to execute...

Cisco ClamAV Critical Flaws: CVE-2025-20260 (CVSS 9.8) Allows Code Execution ClamAV Vulnerability ClamAV Vulnerabilities, RCE

Cisco ClamAV Critical Flaws: CVE-2025-20260 (CVSS 9.8) Allows Code Execution

Do Son June 19, 2025

Cisco’s ClamAV, one of the most widely used open-source antivirus engines, has released versions 1.4.3 and 1.0.9...

WordPress AI Engine Flaw (CVE-2025-5071): Critical Bug Allows Subscriber-Level Account Takeover WordPress Privilege Escalation CVE-2026-1492 Sneeit Framework RCE, Unauthenticated Code Execution Post SMTP, Account Takeover WordPress Vulnerability, Unpatched XSS WordPress Vulnerability, PHP Object Injection WordPress AI Engine, Privilege Escalation CVE-2024-43153 & CVE-2024-43234

WordPress Privilege Escalation CVE-2026-1492 Sneeit Framework RCE, Unauthenticated Code Execution Post SMTP, Account Takeover WordPress Vulnerability, Unpatched XSS WordPress Vulnerability, PHP Object Injection WordPress AI Engine, Privilege Escalation CVE-2024-43153 & CVE-2024-43234

WordPress AI Engine Flaw (CVE-2025-5071): Critical Bug Allows Subscriber-Level Account Takeover

Do Son June 19, 2025

Security researchers at Wordfence have uncovered a vulnerability in the popular AI Engine plugin for WordPress, which...

CVE-2025-20271: Cisco Meraki VPN Bug Exposes MX and Z Series Devices to Remote DoS Attacks Cisco ISE Root Escalation * Read-Only Admin Exploit Cisco Secure FMC Vulnerability CVE-2026-20131 Cisco Meeting Management Vulnerability CVE-2026-20098 Cisco vulnerability, RCE flaw CVE-2025-20265 Cisco Meraki, VPN Vulnerability Cisco Nexus Dashboard - CVE-2024-20424 CVE-2025-20115 Cisco Vulnerability CVE-2018-0171 Privilege Escalation Cisco Unified Intelligence Center

Cisco ISE Root Escalation * Read-Only Admin Exploit Cisco Secure FMC Vulnerability CVE-2026-20131 Cisco Meeting Management Vulnerability CVE-2026-20098 Cisco vulnerability, RCE flaw CVE-2025-20265 Cisco Meraki, VPN Vulnerability Cisco Nexus Dashboard - CVE-2024-20424 CVE-2025-20115 Cisco Vulnerability CVE-2018-0171 Privilege Escalation Cisco Unified Intelligence Center

CVE-2025-20271: Cisco Meraki VPN Bug Exposes MX and Z Series Devices to Remote DoS Attacks

Do Son June 19, 2025

Cisco has disclosed a vulnerability in its Meraki MX and Z Series devices, affecting the Cisco AnyConnect...

SSRF Flaw (CVE-2025-6087) in OpenNext for Cloudflare Allows Unauthenticated Content Proxying SSRF, Cloudflare OpenNext

SSRF Flaw (CVE-2025-6087) in OpenNext for Cloudflare Allows Unauthenticated Content Proxying

Do Son June 19, 2025

A Server-Side Request Forgery (SSRF) vulnerability has been discovered in the @opennextjs/cloudflare package, potentially allowing unauthenticated users...

Critical Auth Bypass Vulnerability (CVE-2025-51381) Found in KAON KCM3100 Gateways KAON Wi-Fi Gateway, Authentication Bypass

Critical Auth Bypass Vulnerability (CVE-2025-51381) Found in KAON KCM3100 Gateways

Do Son June 19, 2025

A critical vulnerability has been disclosed in KAON’s KCM3100 Wi-Fi gateway devices that could allow attackers to...

Critical Linux Root Exploit Chain Discovered in PAM & UDisks, Affecting Major Distros Linux Root Privilege Escalation

Critical Linux Root Exploit Chain Discovered in PAM & UDisks, Affecting Major Distros

Do Son June 18, 2025

The Qualys Threat Research Unit (TRU) has unveiled two interconnected privilege escalation vulnerabilities—CVE-2025-6018 and CVE-2025-6019—that can allow...

Linux Kernel Flaw (CVE-2023-0386) Actively Exploited for Root Privilege Escalation, PoC Available CVE-2023-0386 PoC Linux Privilege Escalation, OverlayFS

CVE-2023-0386 PoC Linux Privilege Escalation, OverlayFS

Linux Kernel Flaw (CVE-2023-0386) Actively Exploited for Root Privilege Escalation, PoC Available

Do Son June 18, 2025

A dangerous Linux privilege escalation vulnerability, CVE-2023-0386, has officially entered the CISA Known Exploited Vulnerabilities (KEV) Catalog...

Critical NetScaler Flaws Allow Access Control Bypass & Memory Overread NetScaler Vulnerability CVE-2026-3055 Citrix VDA, Privilege Escalation NetScaler Vulnerabilities, Access Bypass CVE-2024-8534 and CVE-2024-8535

NetScaler Vulnerability CVE-2026-3055 Citrix VDA, Privilege Escalation NetScaler Vulnerabilities, Access Bypass CVE-2024-8534 and CVE-2024-8535

Critical NetScaler Flaws Allow Access Control Bypass & Memory Overread

Do Son June 18, 2025

The Cloud Software Group has issued a security bulletin addressing two critical vulnerabilities in NetScaler ADC (formerly...

Urgent Veeam Update: Critical RCE CVE-2025-23121 (CVSS 9.9) & Two Other Flaws Threaten Backup Servers Veeam Backup vulnerability remote code execution Veeam Backup vulnerability Veeam Vulnerabilities CVE-2024-42448 & CVE-2024-42449

Veeam Backup vulnerability remote code execution Veeam Backup vulnerability Veeam Vulnerabilities CVE-2024-42448 & CVE-2024-42449

Urgent Veeam Update: Critical RCE CVE-2025-23121 (CVSS 9.9) & Two Other Flaws Threaten Backup Servers

Do Son June 18, 2025

Veeam, a global leader in data protection and disaster recovery solutions, has issued a critical security update...

Chrome 148 lazy loading Chrome for Linux ARM64 Chrome 145 Update Chrome Security Fixes Chrome Security Update CVE-2026-1220 Chrome 144 Security Update CVE-2026-0899 Chrome Memory Safety, WebGPU UAF Chrome V8 Type Confusion, Google Updater Flaw Chrome V8 Flaw, CVE-2025-13042 Chrome V8, Type Confusion, Chrome 142 Update Chrome V8 Flaw, CVE-2025-12036 Chrome 141, WebGPU Overflow Google Chrome preloading Chrome, V8 vulnerability CVE-2025-9132 Chrome Security Update, Use-After-Free Chrome V8, Type Confusion Chrome Telemetry, Windows 10 EOL Microsoft Family Safety, Chrome Blocking Chrome Security Update, High-Severity Google Chrome, Antitrust CVE-2024-10487 and CVE-2024-10488 Google Chrome Root Program Chrome Update, CVE-2025-3619 Chrome Acquisition, Perplexity.ai

Chrome Update Alert: Two High-Severity Flaws (CVE-2025-6191, CVE-2025-6192) Patched

Do Son June 18, 2025

Google has rolled out an important security update for the Stable Channel of Chrome, bringing the version...

WAGO Device Manager Vulnerabilities Expose Critical Industrial Infrastructure to Remote Exploits

Do Son June 18, 2025

German industrial automation manufacturer WAGO GmbH & Co. KG has released critical security updates for its WAGO...

Windows Hello Update: Microsoft Disables Facial Recognition in the Dark Due to Security Flaw Windows Hello vulnerabilities Windows Hello, Facial Recognition

Windows Hello vulnerabilities Windows Hello, Facial Recognition

Windows Hello Update: Microsoft Disables Facial Recognition in the Dark Due to Security Flaw

Do Son June 17, 2025

Facial recognition technology is increasingly prevalent across a variety of scenarios; however, cases of identity fraud continue...

Critical Alert 3 Active Exploits Detected Today

Critical Alert

Vulnerability Report

Critical Meshtastic Flaw: Key Duplication Allows Message Decryption & Node Hijacking

Critical ANPR Camera Flaw (CVE-2025-34022, CVSS 9.3) Exposes Selea TARGA Devices, PoC Available, No Vendor Response

Critical Mattermost Flaw (CVE-2025-4981, CVSS 9.9) Allows RCE Via Path Traversal

IBM QRadar SIEM Exposed by Trio of Security Flaws, Including Critical Command Execution Bug

Urgent WordPress Alert: Motors Theme Flaw (CVE-2025-4322) Actively Exploited for Site Takeover

CISA Warning: Critical Flaw (CVE-2025-5310) Exposes Fueling Station Devices

CVE-2025-23171 & CVE-2025-23172: Versa Director Bugs Open Doors to Webshell Uploads and Command Execution

Cisco ClamAV Critical Flaws: CVE-2025-20260 (CVSS 9.8) Allows Code Execution

WordPress AI Engine Flaw (CVE-2025-5071): Critical Bug Allows Subscriber-Level Account Takeover

CVE-2025-20271: Cisco Meraki VPN Bug Exposes MX and Z Series Devices to Remote DoS Attacks

SSRF Flaw (CVE-2025-6087) in OpenNext for Cloudflare Allows Unauthenticated Content Proxying

Critical Auth Bypass Vulnerability (CVE-2025-51381) Found in KAON KCM3100 Gateways

Critical Linux Root Exploit Chain Discovered in PAM & UDisks, Affecting Major Distros

Linux Kernel Flaw (CVE-2023-0386) Actively Exploited for Root Privilege Escalation, PoC Available

Urgent Veeam Update: Critical RCE CVE-2025-23121 (CVSS 9.9) & Two Other Flaws Threaten Backup Servers

Chrome Update Alert: Two High-Severity Flaws (CVE-2025-6191, CVE-2025-6192) Patched

WAGO Device Manager Vulnerabilities Expose Critical Industrial Infrastructure to Remote Exploits

Windows Hello Update: Microsoft Disables Facial Recognition in the Dark Due to Security Flaw