Vulnerability Archives • Page 15 of 190 • Daily CyberSecurity

CVE-2025-47539: Critical Privilege Escalation Flaw Hits 10K+ WordPress Eventin Sites Privilege Escalation, WordPress Plugin

CVE-2025-47539: Critical Privilege Escalation Flaw Hits 10K+ WordPress Eventin Sites

Do Son May 16, 2025

A high-severity vulnerability in a popular WordPress event management plugin has been disclosed and patched, raising alarms...

iOS Kernel Vulnerability Exposed in Public PoC – Potential Jailbreak and Privilege Escalation Risk iOS Kernel Vulnerability, Privilege Escalation

iOS Kernel Vulnerability, Privilege Escalation

iOS Kernel Vulnerability Exposed in Public PoC – Potential Jailbreak and Privilege Escalation Risk

Do Son May 16, 2025

A newly surfaced proof of concept (PoC) has reignited attention around a critical iOS kernel vulnerability—CVE-2023-41992—that Apple...

CISA Flags Actively Exploited Vulnerabilities in Chrome, SAP, and DrayTek Routers Exploited Vulnerabilities CISA Alert

CISA Flags Actively Exploited Vulnerabilities in Chrome, SAP, and DrayTek Routers

Do Son May 16, 2025

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added three new security vulnerabilities to its Known...

Popular Selenium Library WebDriverManager Hit by Critical XXE Bug (CVE-2025-4641, CVSS 9.3) WebDriverManager, CVE-2025-4641

Popular Selenium Library WebDriverManager Hit by Critical XXE Bug (CVE-2025-4641, CVSS 9.3)

Do Son May 16, 2025

A critical XML External Entity (XXE) injection vulnerability has been identified in WebDriverManager, an essential Java library...

Pgpool-II Hit by Critical CVE-2025-46801: CVSS 9.8 Risk Lets Attackers Bypass Authentication Pgpool-II, authentication bypass

Pgpool-II Hit by Critical CVE-2025-46801: CVSS 9.8 Risk Lets Attackers Bypass Authentication

Do Son May 16, 2025

The PgPool Global Development Group has issued a high-severity security advisory for Pgpool-II, a widely used middleware...

Jenkins Plugin Flaws Expose Critical Risks: CVE-2025-47889 Hits 9.8 CVSS with Auth Bypass Jenkins Security Update CVE-2026-27099 Jenkins security - CVE-2023-35141 Jenkins plugins, CVE-2025-47884

Jenkins Security Update CVE-2026-27099 Jenkins security - CVE-2023-35141 Jenkins plugins, CVE-2025-47884

Jenkins Plugin Flaws Expose Critical Risks: CVE-2025-47889 Hits 9.8 CVSS with Auth Bypass

Do Son May 16, 2025

Jenkins, a popular open-source automation server, is a crucial tool for many development and operations teams. A...

Critical NAS Risk: I-O DATA Flaw with 9.8 CVSS Allows Remote Command Execution I-O DATA, NAS, command injection

Critical NAS Risk: I-O DATA Flaw with 9.8 CVSS Allows Remote Command Execution

Do Son May 16, 2025

Network Attached Storage (NAS) devices have become essential components of both home and business networks, providing centralized...

Operation RoundPress: Sednit Weaponizes XSS to Breach Global Webmail Servers Sednit Cyberespionage, APT28

Operation RoundPress: Sednit Weaponizes XSS to Breach Global Webmail Servers

Do Son May 16, 2025

ESET researchers have exposed a covert cyberespionage campaign, dubbed Operation RoundPress, believed to be orchestrated by the...

Patch Now: SonicWall SMA1000 Flaw (CVE-2025-40595) Enables Stealth SSRF Attacks SSRF, SonicWall SMA1000

Patch Now: SonicWall SMA1000 Flaw (CVE-2025-40595) Enables Stealth SSRF Attacks

Do Son May 16, 2025

A newly disclosed Server-Side Request Forgery (SSRF) vulnerability in SonicWall’s SMA1000 series appliances could allow remote attackers...

High-Risk Flaws in a-blog cms: CVE-2025-36560 Scores Critical 9.2 on CVSS Scale a-blog cms, CVE-2025-36560

High-Risk Flaws in a-blog cms: CVE-2025-36560 Scores Critical 9.2 on CVSS Scale

Do Son May 15, 2025

JPCERT/CC has issued a vulnerability note disclosing multiple security flaws in a-blog cms, a popular content management...

URGENT Chrome Update: High-Risk CVE-2025-4664 Flaw Actively Exploited In The Wild – Patch Immediately! Screenshot_20250515-082049

URGENT Chrome Update: High-Risk CVE-2025-4664 Flaw Actively Exploited In The Wild – Patch Immediately!

Do Son May 15, 2025

Google has released a critical Stable Channel Update for Chrome Desktop, bumping the version to 136.0.7103.113/.114 for...

Node.js Alerts: High-Severity Flaw (CVE-2025-23166) Risks Remote System Crashes! Update Immediately! CVE-2025-23083 - Node.js EOL

Node.js Alerts: High-Severity Flaw (CVE-2025-23166) Risks Remote System Crashes! Update Immediately!

Do Son May 15, 2025

In an important security announcement released recently, the Node.js team has rolled out vital updates for its...

BitLocker Encryption Bypassed in Minutes via Bitpixie (CVE-2023-21563) – PoC Reveals High-Risk Attack Path BitLocker bypass, Bitpixie PoC

BitLocker Encryption Bypassed in Minutes via Bitpixie (CVE-2023-21563) – PoC Reveals High-Risk Attack Path

Do Son May 15, 2025

Security researchers have demonstrated a powerful software-only technique to bypass Microsoft BitLocker encryption—without needing a screwdriver, soldering...

Three Vulnerabilities Expose Apache IoTDB to Attacks Apache IoTDB JEXL injection Apache IoTDB, Security Vulnerabilities

Three Vulnerabilities Expose Apache IoTDB to Attacks

Do Son May 15, 2025

Apache IoTDB, a system designed for managing industrial IoT time-series data, faces a series of security vulnerabilities...

Fortinet Patches Critical TACACS+ Authentication Bypass (CVE-2025-22252) in FortiOS and FortiProxy Fortinet Authentication Bypass CVE-2025-22252

Fortinet Authentication Bypass CVE-2025-22252

Fortinet Patches Critical TACACS+ Authentication Bypass (CVE-2025-22252) in FortiOS and FortiProxy

Do Son May 15, 2025

Fortinet has released patches for a critical vulnerability (CVE-2025-22252, CVSS 9.0) affecting multiple products, including FortiOS, FortiProxy,...

Branch Privilege Injection (CVE-2024-45332): New Spectre-Class Attack Bypasses Intel Mitigations with Live PoC Branch Privilege Injection, speculative execution

Branch Privilege Injection, speculative execution

Branch Privilege Injection (CVE-2024-45332): New Spectre-Class Attack Bypasses Intel Mitigations with Live PoC

Do Son May 15, 2025

Security researchers at ETH Zürich have unveiled a novel speculative execution attack—Branch Privilege Injection (CVE-2024-45332)—that subverts Intel’s...

Critical Authentication Bypass in OpenPubkey and OPKSSH Exposes Systems to Remote Access Risks OpenPubkey, authentication bypass

Critical Authentication Bypass in OpenPubkey and OPKSSH Exposes Systems to Remote Access Risks

Do Son May 15, 2025

A pair of critical-severity vulnerabilities in the OpenPubkey authentication protocol and its companion tool, OPKSSH, could allow...

Xerox Patches Dozens of Vulnerabilities in FreeFlow Print Server with April 2025 Security Update Xerox security FreeFlow Print Server

Xerox Patches Dozens of Vulnerabilities in FreeFlow Print Server with April 2025 Security Update

Do Son May 15, 2025

On May 12, 2025, Xerox published Security Bulletin XRX25-009, announcing the release of its April 2025 Security...

CVSS 10.0 Flaws in Siemens OZW Web Servers Enable Unauthenticated RCE and Admin Access CVE-2024-37998 and CVE-2024-39601 CVEs 2025-26389 and 2025-26390 Siemens OZW

CVE-2024-37998 and CVE-2024-39601 CVEs 2025-26389 and 2025-26390 Siemens OZW

CVSS 10.0 Flaws in Siemens OZW Web Servers Enable Unauthenticated RCE and Admin Access

Do Son May 14, 2025

Siemens has released a critical security advisory (SSA-047424) addressing two severe vulnerabilities—CVE-2025-26389 and CVE-2025-26390—affecting its OZW672 and...

Ivanti Neurons for ITSM Hit by CVSS 9.8 Authentication Bypass Flaw Enabling Full Admin Access Ivanti EPM Vulnerability CVE-2026-1603 Ivanti EPM Critical XSS, Unauthenticated File Write CVE-2024-29847 & CVE-2024-8190 Ivanti ITSM, Authentication Bypass

Ivanti EPM Vulnerability CVE-2026-1603 Ivanti EPM Critical XSS, Unauthenticated File Write CVE-2024-29847 & CVE-2024-8190 Ivanti ITSM, Authentication Bypass

Ivanti Neurons for ITSM Hit by CVSS 9.8 Authentication Bypass Flaw Enabling Full Admin Access

Do Son May 14, 2025

Ivanti has released a critical security patch for its on-premises Neurons for ITSM platform, addressing a severe...

Critical Alert 4 Active Exploits Detected Today