Vulnerability Archives • Page 21 of 190 • Daily CyberSecurity

Stored XSS Flaw in TP-Link WR841N Routers Could Expose Admin Credentials (CVE-2025-25427) TP-Link XSS WR841N vulnerability

Stored XSS Flaw in TP-Link WR841N Routers Could Expose Admin Credentials (CVE-2025-25427)

Ddos April 23, 2025

A security vulnerability has been identified in TP-Link WR841N routers, posing a risk to users. The vulnerability...

Two Critical RCE Flaws Expose Yi IOT Smart Cameras to Full Device Takeover Yi IOT vulnerabilities, remote command execution

Two Critical RCE Flaws Expose Yi IOT Smart Cameras to Full Device Takeover

Ddos April 23, 2025

Security researcher Yassine Damiri has uncovered two critical vulnerabilities in the Yi IOT XY-3820 smart camera, posing...

Zyxel Patches High-Severity Security Flaws in USG FLEX H Firewalls Zyxel Vulnerability Firewall Security

Zyxel Patches High-Severity Security Flaws in USG FLEX H Firewalls

Ddos April 23, 2025

Zyxel has released patches to address security vulnerabilities in its USG FLEX H series firewalls, urging users...

“ConfusedComposer”: GCP Composer Vulnerability Allows Privilege Escalation GCP Composer Privilege Escalation

“ConfusedComposer”: GCP Composer Vulnerability Allows Privilege Escalation

Ddos April 23, 2025

Tenable Research has identified a now-patched privilege-escalation vulnerability in Google Cloud Platform (GCP) dubbed “Confused Composer”. The...

CVE-2025-21204: SYSTEM-Level Privilege Escalation in Windows Update Stack Exposed, PoC Released CVE-2025-21204, Windows Update Stack

CVE-2025-21204: SYSTEM-Level Privilege Escalation in Windows Update Stack Exposed, PoC Released

Ddos April 22, 2025

Security researcher Elli Shlomo published the technical details and a proof-of-concept exploit code for CVE-2025-21204, a severe...

CVE-2025-33028: WinZip Flaw Exposes Users to Silent Code Execution via MotW Bypass, No Patch WinZip vulnerability MotW bypass CVE-2025-33028

CVE-2025-33028: WinZip Flaw Exposes Users to Silent Code Execution via MotW Bypass, No Patch

Ddos April 22, 2025

A security flaw has been unearthed in WinZip, the popular file compression utility, placing millions of users...

Critical CVE-2025-1976 Vulnerability in Brocade Fabric OS Actively Exploited Brocade Fabric OS, CVE-2025-1976

Critical CVE-2025-1976 Vulnerability in Brocade Fabric OS Actively Exploited

Ddos April 22, 2025

A critical security vulnerability has been identified in Brocade Fabric OS, posing a significant risk to affected...

RustoBot Botnet Exploits Router Flaws in Sophisticated Attacks RustoBot, Router Vulnerability

RustoBot Botnet Exploits Router Flaws in Sophisticated Attacks

Ddos April 22, 2025

FortiGuard Labs recently discovered RustoBot, written in Rust, a memory-safe language known for its performance and security,...

Over 50k WordPress Sites at Takeover Risk Via Vulnerable Plugin Greenshift plugin WordPress vulnerability

Over 50k WordPress Sites at Takeover Risk Via Vulnerable Plugin

Ddos April 21, 2025

A critical vulnerability affecting the popular WordPress plugin Greenshift – animation and page builder blocks has come...

Cellebrite Android Zero-Day Exploit PoC Released: CVE-2024-53104 Cellebrite exploit, Android zero-day

Cellebrite Android Zero-Day Exploit PoC Released: CVE-2024-53104

Ddos April 21, 2025

A security researcher published a proof-of-concept exploit code for an Android zero-day exploit chain developed by Cellebrite...

Critical PyTorch Vulnerability CVE-2025-32434 Allows Remote Code Execution PyTorch vulnerability, CVE-2025-32434 CVE-2026-24747

Critical PyTorch Vulnerability CVE-2025-32434 Allows Remote Code Execution

Ddos April 21, 2025

A critical vulnerability has been unearthed in PyTorch, one of the most beloved deep learning frameworks out...

Yokogawa Recorders Vulnerable to Attack Due to Insecure Default Settings Yokogawa vulnerability Insecure default settings

Yokogawa Recorders Vulnerable to Attack Due to Insecure Default Settings

Ddos April 21, 2025

Yokogawa Electric Corporation has issued a security advisory warning of a critical vulnerability affecting several of its...

CVE-2025-2492: Critical ASUS Router Vulnerability Requires Immediate Firmware Update ASUS router vulnerability CVE-2025-2492

CVE-2025-2492: Critical ASUS Router Vulnerability Requires Immediate Firmware Update

Ddos April 21, 2025

ASUS has released a firmware update addressing a critical-severity vulnerability—CVE-2025-2492—with a CVSSv4 score of 9.2. The flaw...

CVE-2025-42599: Critical Buffer Overflow in Active! mail Exploited in the Wild Active! mail vulnerability, CVE-2025-42599

CVE-2025-42599: Critical Buffer Overflow in Active! mail Exploited in the Wild

Ddos April 21, 2025

A severe security vulnerability has been identified in Active! mail, a product of QUALITIA CO., LTD., posing...

Critical Meshtastic RCE Vulnerability (CVE-2025-24797) Requires Urgent Update

Ddos April 21, 2025

A critical security vulnerability has been disclosed in Meshtastic, the open-source LoRa mesh networking platform known for...

GitHub Enterprise Server Vulnerabilities Expose Risk of Code Execution and Data Leaks GitHub Enterprise, CVE-2025-3509

GitHub Enterprise Server Vulnerabilities Expose Risk of Code Execution and Data Leaks

Ddos April 19, 2025

GitHub has released security updates to address several vulnerabilities in GitHub Enterprise Server, including a high-severity flaw...

GCVE: Decentralizing Vulnerability Identification for Greater Agility GCVE, vulnerability identification

GCVE: Decentralizing Vulnerability Identification for Greater Agility

Ddos April 18, 2025

A new initiative, the Global CVE (GCVE) Allocation System, is introducing a decentralized approach to the crucial...

Urgent Security Alert: CISA Warns of Actively Exploited Apple and Microsoft Vulnerabilities Apple vulnerabilities, NTLM hash spoofing

Urgent Security Alert: CISA Warns of Actively Exploited Apple and Microsoft Vulnerabilities

Ddos April 18, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning, adding three new vulnerabilities to its...

Critical Bubble.io Vulnerability Exposes Apps to Data Theft via Elasticsearch, No Patch Bubble.io vulnerability, Elasticsearch exploit

Critical Bubble.io Vulnerability Exposes Apps to Data Theft via Elasticsearch, No Patch

Ddos April 18, 2025

Bubble.io, the increasingly popular no-code development platform, has been found to harbor a significant security vulnerability that...

Critical CVE-2025-32433 PoC Released: Erlang/OTP SSH Vulnerability Enables RCE Erlang SSH, CVE-2025-32433

Critical CVE-2025-32433 PoC Released: Erlang/OTP SSH Vulnerability Enables RCE

Ddos April 18, 2025

An anonymous security researcher has published proof-of-concept code for CVE-2025-32433, a critical vulnerability in the Erlang/OTP SSH...

Critical Alert 1 Active Exploit Detected Today