Vulnerability Archives • Page 17 of 190 • Daily CyberSecurity

Critical Vulnerabilities Uncovered in Mitel SIP Phones: Command Injection and File Upload Risks Mitel vulnerabilities, SIP phone security

Critical Vulnerabilities Uncovered in Mitel SIP Phones: Command Injection and File Upload Risks

Do Son May 11, 2025

In a newly published security advisory, Mitel has disclosed two critical vulnerabilities affecting several of its SIP...

From Web Shell to Full Control: APT-Style Exploits Surge Against SAP NetWeaver Quest KACE Vulnerability CVE-2025-32975 FortiGate SSO Bypass, Active Exploitation GoAnywhere RCE, Storm-1175 Cisco VPN RCE, ASA Zero-Day TinyColor Supply Chain Attack SK Telecom, data breach Erlang/OTP RCE, OT Network Security Ivanti CSA Attacks WordPress RCE, Theme Vulnerability

Quest KACE Vulnerability CVE-2025-32975 FortiGate SSO Bypass, Active Exploitation GoAnywhere RCE, Storm-1175 Cisco VPN RCE, ASA Zero-Day TinyColor Supply Chain Attack SK Telecom, data breach Erlang/OTP RCE, OT Network Security Ivanti CSA Attacks WordPress RCE, Theme Vulnerability

From Web Shell to Full Control: APT-Style Exploits Surge Against SAP NetWeaver

Do Son May 11, 2025

In a report issued by Unit 42, researchers disclosed that the vulnerability CVE-2025-31324, affecting SAP NetWeaver’s Visual...

Arista Patches Critical Vulnerability in CloudVision ZTP With CVSS 10 Score CloudVision ZTP, CVE-2025-0505

Arista Patches Critical Vulnerability in CloudVision ZTP With CVSS 10 Score

Do Son May 10, 2025

Arista Networks has issued a critical security advisory for a newly discovered vulnerability – CVE-2025-0505—rated with a...

Arista Fixes Critical CloudVision Portal Vulnerability with CVSS 10 Score Arista CloudVision, CVE-2024-11186

Arista Fixes Critical CloudVision Portal Vulnerability with CVSS 10 Score

Do Son May 9, 2025

Arista Networks has released a critical security advisory detailing a severe vulnerability in its CloudVision Portal (CVP)...

Microsoft Patches Four Critical Azure and Power Apps Vulnerabilities, Including CVSS 10 Privilege Escalation Smart App Control blocking Armoury Crate, ROG Ally Defender false positive 2026 Microsoft Zero-Day, Cloud Files UAF Microsoft Access end of life CVE-2025-21298 Azure Vulnerabilities

Smart App Control blocking Armoury Crate, ROG Ally Defender false positive 2026 Microsoft Zero-Day, Cloud Files UAF Microsoft Access end of life CVE-2025-21298 Azure Vulnerabilities

Microsoft Patches Four Critical Azure and Power Apps Vulnerabilities, Including CVSS 10 Privilege Escalation

Do Son May 9, 2025

Microsoft has addressed a cluster of critical vulnerabilities affecting several of its core cloud services—including Azure Automation,...

Cisco SD-WAN Vulnerabilities: PoC Exists for XSS and Filter Bypass Cisco SD-WAN, vulnerabilities

Cisco SD-WAN Vulnerabilities: PoC Exists for XSS and Filter Bypass

Do Son May 9, 2025

Cisco has issued two separate advisories addressing vulnerabilities in its SD-WAN software suite, warning users of potential...

Radware Cloud WAF Vulnerable to Filter Bypass via Crafted Requests Radware WAF, WAF bypass OWASP CRS Vulnerability CVE-2026-21876

Radware Cloud WAF Vulnerable to Filter Bypass via Crafted Requests

Do Son May 9, 2025

A newly disclosed vulnerability note by CERT/CC reveals two security flaws (CVE-2024-56523, CVE-2024-56524) in the Radware Cloud...

Critical CVE-2025-20188 (CVSS 10) Flaw in Cisco IOS XE WLCs Allows Remote Root Access CVE-2025-20188 IOS XE vulnerability Cisco

Critical CVE-2025-20188 (CVSS 10) Flaw in Cisco IOS XE WLCs Allows Remote Root Access

Do Son May 8, 2025

Cisco has released a security advisory addressing a critical vulnerability in its IOS XE Software for Wireless...

Multi Vulnerabilities Found in SonicWall SMA 100 Series Prompt Urgent Security Update SonicWall Security Advisory SonicOS Patch 2026 CVE-2025-23006 SonicWall, SMA 100 Vulnerabilities

Multi Vulnerabilities Found in SonicWall SMA 100 Series Prompt Urgent Security Update

Do Son May 8, 2025

SonicWall has released a security advisory detailing multiple vulnerabilities affecting its Secure Mobile Access (SMA) 100 series...

CVE-2025-23123 (CVSS 10): Critical UniFi Protect Cameras Flaw Demands Immediate Updates UniFi Protect Cameras, Security Advisory

CVE-2025-23123 (CVSS 10): Critical UniFi Protect Cameras Flaw Demands Immediate Updates

Do Son May 8, 2025

Ubiquiti has released a critical security advisory addressing two vulnerabilities in its UniFi Protect ecosystem, including a...

CVE-2025-27533: Apache ActiveMQ Memory Allocation Bug Could Lead to Denial of Service ActiveMQ RCE Jolokia Exploit ActiveMQ CVE-2025-27533 ActiveMQ Deserialization RCE, CVE-2025-54539

ActiveMQ RCE Jolokia Exploit ActiveMQ CVE-2025-27533 ActiveMQ Deserialization RCE, CVE-2025-54539

CVE-2025-27533: Apache ActiveMQ Memory Allocation Bug Could Lead to Denial of Service

Do Son May 8, 2025

Apache ActiveMQ, the widely used open-source message broker known for its robust support of multiple protocols and...

Critical Privilege Escalation Flaw in IGEL OS Exposes Systems to Root Access Risks IGEL OS, Privilege Escalation

Critical Privilege Escalation Flaw in IGEL OS Exposes Systems to Root Access Risks

Do Son May 8, 2025

IGEL Technology has issued a critical security advisory for its Linux-based operating system, IGEL OS, warning users...

Check Point VPN vulnerability exploited in the wild Check Point VPN exploit CVE-2026-50751 zero-day Checkmarx Breach Supply Chain Attack Ivanti EPMM RCE CVE-2026-1281 Modular DS Vulnerability CVE-2026-23550 D-Link RCE Vulnerability CVE-2026-0625 Christmas 2025 GreyNoise Campaign, Japan-Based Initial Access Broker React2Shell Zero-Day, APT Active Exploitation WordPress vulnerability, authentication bypass FreePBX, zero-day Trend Micro Apex One, Remote Code Execution BitoPro Hack, Crypto Theft UNC5337 - CVE-2022-47945 Safe{Wallet} hack Fortinet vulnerability, CVE-2024-21762, FortiGate attack Balloonfly, Play ransomware Ivanti EPMM CVE-2025-4427 and CVE-2025-4428

Zero-Day CLFS Vulnerability (CVE-2025-29824) Exploited in Ransomware Attacks

Do Son May 7, 2025

Symantec’s Threat Hunter Team has uncovered a sophisticated attack involving a zero-day privilege escalation vulnerability in Microsoft’s...

CVE-2025-25014 (CVSS 9.1): Prototype Pollution in Kibana Opens Door to Code Execution CVE-2024-43707 Kibana vulnerability Prototype pollution CVE-2025-25014

CVE-2024-43707 Kibana vulnerability Prototype pollution CVE-2025-25014

CVE-2025-25014 (CVSS 9.1): Prototype Pollution in Kibana Opens Door to Code Execution

Do Son May 7, 2025

Elastic has issued a critical security advisory for Kibana, warning users of a vulnerability tracked as CVE-2025-25014....

Botnet Exploits Old GeoVision IoT Devices via CVE-2024-6047 & CVE-2024-11120 GeoVision, Mirai

Botnet Exploits Old GeoVision IoT Devices via CVE-2024-6047 & CVE-2024-11120

Do Son May 7, 2025

The Akamai Security Intelligence and Response Team (SIRT) has identified active exploitation of two command injection vulnerabilities...

CVE-2025-46728: cpp-httplib Vulnerability Exposes Servers to Denial of Service cpp-httplib, memory exhaustion

CVE-2025-46728: cpp-httplib Vulnerability Exposes Servers to Denial of Service

Do Son May 7, 2025

The cpp-httplib, a C++11 single-file header-only cross-platform HTTP/HTTPS library known for its ease of setup, is facing...

CVE-2025-47241: Critical Whitelist Bypass in Browser Use Exposes Internal Services Browser Use, whitelist bypass

CVE-2025-47241: Critical Whitelist Bypass in Browser Use Exposes Internal Services

Do Son May 7, 2025

Security researchers from ARIMLABS.AI have disclosed a serious vulnerability in the Browser Use project—a tool that provides...

CVE-2025-24977: Critical RCE Flaw in OpenCTI Platform Exposes Infrastructure to Root-Level Attacks OpenCTI, security vulnerability

CVE-2025-24977: Critical RCE Flaw in OpenCTI Platform Exposes Infrastructure to Root-Level Attacks

Do Son May 7, 2025

A critical security vulnerability has been identified in the OpenCTI Platform, an open-source solution used by organizations...

Critical AWS Amplify Studio Flaw Allows Code Execution – Update Now! AWS Amplify, security vulnerability

Critical AWS Amplify Studio Flaw Allows Code Execution – Update Now!

Do Son May 7, 2025

A critical-severity security flaw has been identified in AWS Amplify Studio, specifically within the amplify-codegen-ui package. This...

CVE-2025-27007: Critical OttoKit WordPress Plugin Flaw Exploited After Disclosure, 100K+ Sites at Risk OttoKit exploit, WordPress security

CVE-2025-27007: Critical OttoKit WordPress Plugin Flaw Exploited After Disclosure, 100K+ Sites at Risk

Do Son May 6, 2025

A newly disclosed critical vulnerability in the popular OttoKit WordPress plugin—with over 100,000 active installations—has placed countless...

Critical Alert 4 Active Exploits Detected Today