Vulnerability Archives • Page 12 of 190 • Daily CyberSecurity

Fundamental Web Security Broken: New Attacks Bypass Same-Origin Policy via HTTP/2 & SXG Same-Origin Policy bypass HTTP/2 exploit

Fundamental Web Security Broken: New Attacks Bypass Same-Origin Policy via HTTP/2 & SXG

Do Son May 27, 2025

In a revelation for web security, researchers from Tsinghua University have exposed two novel, off-path attacks —...

Mesh Wi-Fi Hack (CVSS 9.1): Design Flaw Enables Frame Injection (PoC Available) Mesh Wi-Fi vulnerability A-MSDU spoofing

Mesh Wi-Fi Hack (CVSS 9.1): Design Flaw Enables Frame Injection (PoC Available)

Do Son May 27, 2025

Researchers from KU Leuven’s DistriNet group have unveiled a new high-severity design flaw in mesh Wi-Fi networks....

GIMP Vulnerabilities: Malicious Images Can Lead to Code Execution GIMP vulnerability Image file exploit

GIMP Vulnerabilities: Malicious Images Can Lead to Code Execution

Do Son May 27, 2025

The open-source graphics editor GIMP—a trusted tool in the digital art and photography community—has been found vulnerable...

Unauthenticated Attack: Siemens SiPass Vulnerability Risks DoS Siemens SiPass vulnerability, access control DoS

Unauthenticated Attack: Siemens SiPass Vulnerability Risks DoS

Do Son May 27, 2025

Siemens has issued a security advisory to address an out-of-bounds read vulnerability in its SiPass integrated access...

Apache NuttX Vulnerable: Remote Code Execution via Bluetooth Stack Flaw Affects Embedded Systems Apache NuttX security, embedded system vulnerability

Apache NuttX security, embedded system vulnerability

Apache NuttX Vulnerable: Remote Code Execution via Bluetooth Stack Flaw Affects Embedded Systems

Do Son May 26, 2025

A critical security flaw in Apache NuttX RTOS has been uncovered in the Bluetooth HCI and UART...

Critical (CVSS 9.8): Canon Printers Vulnerable to Arbitrary Code Execution CVE-2023-6229 & CVE-2024-0244 Canon printer vulnerability, CVE-2025-2146

Critical (CVSS 9.8): Canon Printers Vulnerable to Arbitrary Code Execution

Do Son May 26, 2025

Canon has updated its January 2025 security advisory to include a newly identified critical vulnerability — CVE-2025-2146...

Critical Pre-Auth RCE: vBulletin Flaw Allows Full Server Compromise (PoC Available) vBulletin RCE, pre-auth RCE

Critical Pre-Auth RCE: vBulletin Flaw Allows Full Server Compromise (PoC Available)

Do Son May 26, 2025

A newly disclosed vulnerability in vBulletin, one of the most widely used commercial forum platforms on the...

Critical WSO2 Flaw: Unauthenticated Account Takeover Risk (CVSS 9.8) WSO2 vulnerability, account takeover

Critical WSO2 Flaw: Unauthenticated Account Takeover Risk (CVSS 9.8)

Do Son May 26, 2025

A recently disclosed vulnerability in WSO2 products, identified as CVE-2024-6914, poses a severe security threat to organizations...

Sony Camera Hack (CVSS 9.4): Default Credential Flaw Risks Full Control (PoC) Sony camera hack, default credential exploit

Sony Camera Hack (CVSS 9.4): Default Credential Flaw Risks Full Control (PoC)

Do Son May 26, 2025

A newly disclosed critical vulnerability in Sony’s SNC-series network cameras—tracked as CVE-2025-5124 with a CVSS score of...

Persistent DoS: Unauthenticated Attacker Crashes GNOME RDP (Even After Systemd) Linux desktop security, GNOME RDP

Persistent DoS: Unauthenticated Attacker Crashes GNOME RDP (Even After Systemd)

Do Son May 26, 2025

A newly disclosed flaw in GNOME’s remote desktop component, tracked as CVE-2025-5024 (CVSS 7.4), could allow unauthenticated...

Ghostscript Flaw Leaks Plaintext Passwords in Encrypted PDFs Ghostscript vulnerability, PDF password leak

Ghostscript Flaw Leaks Plaintext Passwords in Encrypted PDFs

Do Son May 25, 2025

A vulnerability in Artifex Ghostscript, a widely used PDF and PostScript processor, is putting user data at...

ABB ASPECT BMS Critical Flaws: RCE and Privilege Escalation Risks ABB ASPECT vulnerabilities, BMS security

ABB ASPECT BMS Critical Flaws: RCE and Privilege Escalation Risks

Do Son May 24, 2025

ABB has issued a comprehensive cybersecurity advisory revealing 32 security vulnerabilities impacting its ASPECT Building Management System...

Critical NETGEAR Router Flaw Enables Full Admin Access via Hidden Backdoor (PoC Included) NETGEAR, Authentication Bypass

Critical NETGEAR Router Flaw Enables Full Admin Access via Hidden Backdoor (PoC Included)

Do Son May 23, 2025

A newly disclosed and highly critical vulnerability, tracked as CVE-2025-4978 with a CVSSv4 score of 9.3, has...

Print Security Warning: Canon Printers Exposed to Data Theft Printer security, Canon update

Print Security Warning: Canon Printers Exposed to Data Theft

Do Son May 23, 2025

Canon has issued a security advisory warning customers about two high-severity vulnerabilities—CVE-2025-3078 and CVE-2025-3079—that affect a range...

ModSecurity DoS Flaw: PoC Available for Apache Vulnerability (No Workaround, Patch Pending) libmodsecurity3 Denial of Service WAF Security Vulnerability CVE-2025-27110 ModSecurity vulnerability, JSON DoS

libmodsecurity3 Denial of Service WAF Security Vulnerability CVE-2025-27110 ModSecurity vulnerability, JSON DoS

ModSecurity DoS Flaw: PoC Available for Apache Vulnerability (No Workaround, Patch Pending)

Do Son May 23, 2025

A newly disclosed vulnerability in ModSecurity’s Apache module, tracked as CVE-2025-47947, exposes web servers to a potentially...

Ivanti EPMM Under Attack: Zero-Day RCE Exploited by China-Linked Group UNC5221 Ivanti EPMM RCE, China-nexus threat

Ivanti EPMM Under Attack: Zero-Day RCE Exploited by China-Linked Group UNC5221

Do Son May 23, 2025

A newly discovered zero-day vulnerability in Ivanti Endpoint Manager Mobile (EPMM) — CVE-2025-4428 — is being actively...

Privilege Escalation Flaws in Cisco Unified Intelligence Center Threaten User Data Integrity Cisco ISE Root Escalation * Read-Only Admin Exploit Cisco Secure FMC Vulnerability CVE-2026-20131 Cisco Meeting Management Vulnerability CVE-2026-20098 Cisco vulnerability, RCE flaw CVE-2025-20265 Cisco Meraki, VPN Vulnerability Cisco Nexus Dashboard - CVE-2024-20424 CVE-2025-20115 Cisco Vulnerability CVE-2018-0171 Privilege Escalation Cisco Unified Intelligence Center

Cisco ISE Root Escalation * Read-Only Admin Exploit Cisco Secure FMC Vulnerability CVE-2026-20131 Cisco Meeting Management Vulnerability CVE-2026-20098 Cisco vulnerability, RCE flaw CVE-2025-20265 Cisco Meraki, VPN Vulnerability Cisco Nexus Dashboard - CVE-2024-20424 CVE-2025-20115 Cisco Vulnerability CVE-2018-0171 Privilege Escalation Cisco Unified Intelligence Center

Privilege Escalation Flaws in Cisco Unified Intelligence Center Threaten User Data Integrity

Do Son May 22, 2025

Cisco has released security updates addressing two privilege escalation vulnerabilities—CVE-2025-20113 and CVE-2025-20114—in its Unified Intelligence Center (UIC)...

Unauthenticated Attacker Can Read Sensitive Files in Mitel OpenScape Xpressions MiContact Center Business Vulnerabilities Mitel vulnerability, OpenScape Xpressions

MiContact Center Business Vulnerabilities Mitel vulnerability, OpenScape Xpressions

Unauthenticated Attacker Can Read Sensitive Files in Mitel OpenScape Xpressions

Do Son May 22, 2025

Mitel has issued a security advisory warning of a high-severity path traversal vulnerability (CVE-2025-48026) in its OpenScape...

Google Chrome Update: 8 Security Fixes Including High-Severity Flaw Chrome security update, browser vulnerabilities

Google Chrome Update: 8 Security Fixes Including High-Severity Flaw

Do Son May 22, 2025

Google has released a Stable Channel update to version 137.0.7151.40/.41 for Windows and Mac as part of...

Unpatched 0-Days (CVSS 10): Versa Concerto Flaws Threaten Enterprise Networks Versa Concerto exploit, SD-WAN security

Unpatched 0-Days (CVSS 10): Versa Concerto Flaws Threaten Enterprise Networks

Do Son May 22, 2025

Versa Concerto, a popular SD-WAN and network orchestration platform used by large enterprises and governments, is under...

Critical Alert 4 Active Exploits Detected Today