Vulnerability Report Archives • Page 9 of 87 • Daily CyberSecurity

Unpatched CVSS 10 Alert: ChromaDB Python Server Grants Pre-Auth RCE via Malicious Hugging Face Models ChromaDB Pre-Auth RCE CVE-2026-45829

Unpatched CVSS 10 Alert: ChromaDB Python Server Grants Pre-Auth RCE via Malicious Hugging Face Models

Do Son May 21, 2026

ChromaDB, one of the most widely adopted open-source vector databases engineered to enable semantic matching, retrieval-augmented generation...

Double Critical Threat: Google Chrome Rushes Out Urgent Fixes for WebRTC and UI Sandbox Flaws Google Chrome Security Update CVE-2026-9111 Critical Patch

Google Chrome Security Update CVE-2026-9111 Critical Patch

Double Critical Threat: Google Chrome Rushes Out Urgent Fixes for WebRTC and UI Sandbox Flaws

Do Son May 21, 2026

Google has officially released a security update for the Google Chrome Stable channel on Desktop, addressing 16...

Exploited in the Wild: Critical Drupal SQL Injection (CVE-2026-9082) Grants Attacker Root Access CVE-2022-39261 Drupal SQL Injection Vulnerability CVE-2026-9082 PostgreSQL Flaw

CVE-2022-39261 Drupal SQL Injection Vulnerability CVE-2026-9082 PostgreSQL Flaw

Exploited in the Wild: Critical Drupal SQL Injection (CVE-2026-9082) Grants Attacker Root Access

Do Son May 21, 2026

The Drupal Security Team has released an urgent advisory detailing a highly critical vulnerability lurking within the...

Unpatched SGLang Vulnerabilities (CVE-2026-7301) Expose AI Inference Pipelines to RCE SGLang RCE Vulnerability CVE-2026-7301 Zero-Day SGLang RCE AI Infrastructure Vulnerability

SGLang RCE Vulnerability CVE-2026-7301 Zero-Day SGLang RCE AI Infrastructure Vulnerability

Unpatched SGLang Vulnerabilities (CVE-2026-7301) Expose AI Inference Pipelines to RCE

Do Son May 21, 2026

The rapid adoption of large language models (LLMs) and multimodal artificial intelligence has created a brand-new frontier...

Critical RCE Exploits Exposed: Apache OFBiz Patches Severe Authentication Bypass Flaws CVE-2022-25371 - CVE-2025-26865 Apache OFBiz RCE Vulnerability CVE-2026-45434 Authentication Bypass

CVE-2022-25371 - CVE-2025-26865 Apache OFBiz RCE Vulnerability CVE-2026-45434 Authentication Bypass

Critical RCE Exploits Exposed: Apache OFBiz Patches Severe Authentication Bypass Flaws

Do Son May 21, 2026

The Apache OFBiz project has released a critical security update to patch several important vulnerabilities affecting its...

Critical 9.2 CVSS: NGINX JavaScript Module Flaw (CVE-2026-8711) Triggers Heap Buffer Overflows NGINX JavaScript Module Vulnerability CVE-2026-8711 NGINX 1.30.1 Security Update CVE-2026-42945 RCE NGINX Vulnerability CVE-2026-1642 NGINX Github - CVE-2025-23419

NGINX JavaScript Module Vulnerability CVE-2026-8711 NGINX 1.30.1 Security Update CVE-2026-42945 RCE NGINX Vulnerability CVE-2026-1642 NGINX Github - CVE-2025-23419

Critical 9.2 CVSS: NGINX JavaScript Module Flaw (CVE-2026-8711) Triggers Heap Buffer Overflows

Do Son May 20, 2026

F5 has issued a critical security advisory warning administrators about a severe vulnerability lurking within the NGINX...

Critical ZKTeco CCTV Flaw (CVE-2026-8598) Leaks Admin Credentials Without Authentication ZKTeco CCTV Vulnerability CVE-2026-8598 Patch

Critical ZKTeco CCTV Flaw (CVE-2026-8598) Leaks Admin Credentials Without Authentication

Do Son May 20, 2026

A newly disclosed, critical vulnerability in ZKTeco CCTV cameras is serving as a reminder that the devices...

Keys to the Kingdom: Critical 9.9 CVSS Budibase Flaw Allows Total Tenant Takeover

Do Son May 20, 2026

Budibase, the popular open-source operations platform known for saving engineers hundreds of hours building secure Agents, Apps,...

Critical 9.8 CVSS: NVIDIA Triton Inference Server Authentication Bypass Threatens AI Workloads NVIDIA DALI vulnerabilities NVIDIA Driver Security Update CVE-2026-24187 Linux

NVIDIA DALI vulnerabilities NVIDIA Driver Security Update CVE-2026-24187 Linux

Critical 9.8 CVSS: NVIDIA Triton Inference Server Authentication Bypass Threatens AI Workloads

Do Son May 20, 2026

NVIDIA has released a software update for the NVIDIA Triton Inference Server to address a wave of...

VoIP Backbone Exposed: Critical FreePBX Flaw (CVE-2026-46376) Allows Unauthenticated Access to User Portals FreePBX UCP Vulnerability CVE-2026-46376 Hard-Coded Credentials

FreePBX UCP Vulnerability CVE-2026-46376 Hard-Coded Credentials

VoIP Backbone Exposed: Critical FreePBX Flaw (CVE-2026-46376) Allows Unauthenticated Access to User Portals

Do Son May 20, 2026

FreePBX, widely recognized as the world’s most popular open-source IP PBX platform for building customized phone systems,...

Critical 9.9 CVSS Flaw in Arcane Exposes GitOps Secrets to Basic Users Arcane Docker Vulnerability CVE-2026-45625

Critical 9.9 CVSS Flaw in Arcane Exposes GitOps Secrets to Basic Users

Do Son May 20, 2026

Arcane, the popular tool billed as “Modern Docker Management, Designed for Everyone”, has disclosed a severe security...

PoC Exploit Code Publicly Released: New “PinTheft” Linux Flaw Overwrites Page Cache for Instant Root PinTheft Linux Exploit Linux LPE PoC Disclosed

PinTheft Linux Exploit Linux LPE PoC Disclosed

PoC Exploit Code Publicly Released: New “PinTheft” Linux Flaw Overwrites Page Cache for Instant Root

Do Son May 20, 2026

A newly detailed vulnerability known as “PinTheft” is giving Linux system administrators serious pause. Discovered by Aaron...

GPU Security Alert: NVIDIA Drivers Hit with Critical 8.8 CVSS Flaw and Enterprise vGPU Bugs NVIDIA DALI vulnerabilities NVIDIA Driver Security Update CVE-2026-24187 Linux

GPU Security Alert: NVIDIA Drivers Hit with Critical 8.8 CVSS Flaw and Enterprise vGPU Bugs

Do Son May 19, 2026

NVIDIA has officially rolled out a comprehensive software security update for its GPU Display Driver to address...

NGINX Rift: Critical 18-Year-Old Flaw CVE-2026-42945 Actively Exploited to Crash Servers NGINX Rift CVE-2026-42945

NGINX Rift: Critical 18-Year-Old Flaw CVE-2026-42945 Actively Exploited to Crash Servers

Do Son May 19, 2026

The renowned open-source reverse proxy server, NGINX, has disclosed a critical security vulnerability designated as CVE-2026-42945, garnering...

Browser Choice Alliance letter Microsoft Edge cleartext credentials memory dump Microsoft Edge auto-startup Microsoft Edge Collections sunset, export Edge Collections CSV Edge IE Mode Zero-Day, Chakra Exploit Windows Search, Microsoft Edge AI video translation, Edge browser Microsoft Editor, Edge Edge Developer tools Windows 10 ESU, Microsoft Edge Microsoft Edge, FCP Optimization CVE-2023-36735 Edge, AI Search

By Design No More: Microsoft Edge Vv148.0 to Block Plaintext Password Scrapes from Process Memory

Do Son May 19, 2026

Security researcher recently disclosed that Microsoft Edge inherently loads all cached user credentials into active memory processes...

Mass Exploitation Alert: Hardcoded Credentials in Four-Faith Industrial Routers (CVE-2024-9643) Hijacked for Botnets Four-Faith F3x36 Mass Exploitation CVE-2024-9643 Hardcoded Credentials

Four-Faith F3x36 Mass Exploitation CVE-2024-9643 Hardcoded Credentials

Mass Exploitation Alert: Hardcoded Credentials in Four-Faith Industrial Routers (CVE-2024-9643) Hijacked for Botnets

Do Son May 19, 2026

A critical authentication bypass flaw in industrial cellular routers has transitioned into a full-blown mass exploitation campaign,...

Massive PostgreSQL Update: 11 Vulnerabilities Patched as Version 14 Hits End-of-Life Warning PostgreSQL Security Update 2026 PostgreSQL CVE-2026-6637 Patch CVE-2024-10979 PostgreSQL vulnerability

PostgreSQL Security Update 2026 PostgreSQL CVE-2026-6637 Patch CVE-2024-10979 PostgreSQL vulnerability

Massive PostgreSQL Update: 11 Vulnerabilities Patched as Version 14 Hits End-of-Life Warning

Do Son May 19, 2026

The PostgreSQL Global Development Group has issued a synchronized security update across all actively supported branches, eliminating...

PoC Exploit Publicly Disclosed: 20-Year-Old PostgreSQL pgcrypto Flaw (CVE-2026-2005) Grants Full Superuser RCE PostgreSQL pgcrypto PoC Exploit CVE-2026-2005 Public Disclosure

PostgreSQL pgcrypto PoC Exploit CVE-2026-2005 Public Disclosure

PoC Exploit Publicly Disclosed: 20-Year-Old PostgreSQL pgcrypto Flaw (CVE-2026-2005) Grants Full Superuser RCE

Do Son May 19, 2026

A critical heap buffer overflow vulnerability lurking in PostgreSQL’s core cryptographic extension for over two decades has...

Breaking the AI Sandbox: Critical Flowise Flaw (CVE-2026-46442) Grants Host-Level RCE Flowise Sandbox Escape CVE-2026-46442 Flowise RCE Flowise Auth Bypass, Unauthenticated Registration Flowise RCE, WriteFileTool FlowiseAI, account takeover CVE-2025-58434