Vulnerability Archives • Page 23 of 190 • Daily CyberSecurity

MITRE Warns of CVE Program Disruption as U.S. Contract Set to Expire CVE Program, MITRE

MITRE Warns of CVE Program Disruption as U.S. Contract Set to Expire

Do Son April 16, 2025

The cybersecurity world is bracing for a potential earthquake. The MITRE Corporation, the steward of the critical...

Windows 11 Privilege Escalation Flaws Uncovered: CVE-2025-24076 and CVE-2025-24994 DLL Hijacking, CVE-2025-24076

Windows 11 Privilege Escalation Flaws Uncovered: CVE-2025-24076 and CVE-2025-24994

Do Son April 16, 2025

In a revealing security analysis, Compass Security researcher John Ostrowski has disclosed two privilege escalation vulnerabilities in...

Critical RCE Vulnerability Affects HylaFAX and AvantFAX CVE-2024-52335 HylaFAX, AvantFAX vulnerability

Critical RCE Vulnerability Affects HylaFAX and AvantFAX

Do Son April 16, 2025

A recent security advisory from iFAX Solutions has revealed a critical vulnerability affecting the HylaFAX Enterprise Web...

PyPI Swiftly Patches Privilege Escalation Flaw in Organizations Feature Project Quarantine PyPI Security Privilege Escalation

PyPI Swiftly Patches Privilege Escalation Flaw in Organizations Feature

Do Son April 15, 2025

On April 14, 2025, the Python Package Index (PyPI) team swiftly addressed a security concern involving persisting...

CrushFTP Hit by SSRF and Directory Traversal Vulnerabilities (CVE-2025-32102 & CVE-2025-32103) CVE-2024-53552 CrushFTP vulnerability, SSRF

CrushFTP Hit by SSRF and Directory Traversal Vulnerabilities (CVE-2025-32102 & CVE-2025-32103)

Do Son April 15, 2025

CrushFTP, a popular file transfer server, is facing increased scrutiny following the discovery of two significant security...

Browser Wallet Flaws Allow Silent Crypto Drains Without User Interaction browser wallet vulnerability, crypto drain

Browser Wallet Flaws Allow Silent Crypto Drains Without User Interaction

Do Son April 15, 2025

A recent report by Coinspect has revealed critical vulnerabilities in popular browser wallets, raising significant concerns about...

CVE-2025-24859 (CVSSv4 10): Apache Roller Flaw Exposes Blogs to Unauthorized Access Apache Roller vulnerability CVE-2025-24859

CVE-2025-24859 (CVSSv4 10): Apache Roller Flaw Exposes Blogs to Unauthorized Access

Do Son April 15, 2025

A security vulnerability has been identified in Apache Roller, a Java-based blog server, that could allow unauthorized...

Vulnerabilities in Solar Power Systems Threaten Power Grids Solar power systems, cybersecurity vulnerabilities

Vulnerabilities in Solar Power Systems Threaten Power Grids

Do Son April 15, 2025

A new report by Forescout reveals critical vulnerabilities in solar power systems that could be exploited to...

China-Nexus APT Exploits Ivanti Connect Secure VPN in Global Cyber Espionage Campaign BeyondTrust Vulnerability CVE-2026-1731 UPBIT $369M Hack CVE-2024-55591 Ivanti VPN vulnerability, cyber espionage

BeyondTrust Vulnerability CVE-2026-1731 UPBIT $369M Hack CVE-2024-55591 Ivanti VPN vulnerability, cyber espionage

China-Nexus APT Exploits Ivanti Connect Secure VPN in Global Cyber Espionage Campaign

Do Son April 15, 2025

A recent report by TeamT5 has uncovered a widespread cyber espionage campaign targeting Ivanti Connect Secure VPN...

Subdomain Takeovers: A Growing Supply Chain Threat Subdomain takeover, supply chain attack

Subdomain Takeovers: A Growing Supply Chain Threat

Do Son April 15, 2025

Subdomain takeovers, a type of attack where an attacker gains control of an organization’s improperly configured or...

Check Point VPN vulnerability exploited in the wild Check Point VPN exploit CVE-2026-50751 zero-day Checkmarx Breach Supply Chain Attack Ivanti EPMM RCE CVE-2026-1281 Modular DS Vulnerability CVE-2026-23550 D-Link RCE Vulnerability CVE-2026-0625 Christmas 2025 GreyNoise Campaign, Japan-Based Initial Access Broker React2Shell Zero-Day, APT Active Exploitation WordPress vulnerability, authentication bypass FreePBX, zero-day Trend Micro Apex One, Remote Code Execution BitoPro Hack, Crypto Theft UNC5337 - CVE-2022-47945 Safe{Wallet} hack Fortinet vulnerability, CVE-2024-21762, FortiGate attack Balloonfly, Play ransomware Ivanti EPMM CVE-2025-4427 and CVE-2025-4428

Fortinet Uncovers Threat Actor Persistence via Symbolic Link Exploit in FortiGate Devices

Do Son April 14, 2025

In an urgent alert to the cybersecurity community, Fortinet has detailed an active threat campaign exploiting known...

CVE-2025-32428: Jupyter Remote Desktop Proxy Exposes TigerVNC to Network Access Jupyter Remote Desktop Proxy, CVE-2025-32428

CVE-2025-32428: Jupyter Remote Desktop Proxy Exposes TigerVNC to Network Access

Do Son April 14, 2025

Researchers have uncovered a critical security flaw in Jupyter Remote Desktop Proxy, a widely used Jupyter extension...

CVE-2025-27840: How a Tiny ESP32 Chip Could Crack Open Bitcoin Wallets Worldwide ESP32 vulnerability Bitcoin security

CVE-2025-27840: How a Tiny ESP32 Chip Could Crack Open Bitcoin Wallets Worldwide

Do Son April 14, 2025

In a jaw-dropping revelation, researchers at Crypto Deep Tech have exposed a severe cryptographic vulnerability in the...

Urgent: Yii 2 Vulnerability CVE-2024-58136 Under Active Exploit

Do Son April 14, 2025

A critical security vulnerability, tracked as CVE-2024-58136 (CVSS 9.1), has been uncovered in the popular PHP web...

CVE-2024-56406: Heap Overflow Vulnerability in Perl Threatens Denial of Service and Potential Code Execution CVE-2024-56406 Perl Vulnerability

CVE-2024-56406: Heap Overflow Vulnerability in Perl Threatens Denial of Service and Potential Code Execution

Do Son April 13, 2025

Perl, a versatile programming language widely used for various tasks like system administration and web development, has...

CVE-2025-32896: Apache SeaTunnel Flaw Enables Unauthenticated File Read & RCE Screenshot_20250413-084728

CVE-2025-32896: Apache SeaTunnel Flaw Enables Unauthenticated File Read & RCE

Do Son April 13, 2025

A newly disclosed vulnerability, CVE-2025-32896, in Apache SeaTunnel—a widely used distributed data integration platform—could allow unauthenticated attackers...

CVE-2024-0132: Incomplete NVIDIA Toolkit Patch Enables Container Escape and DoS Attacks NVIDIA DGX Cloud restructuring, Dwight Diercks engineering shift NVIDIA Isaac Launchable, Hard-coded Credentials NVIDIA Merlin Deserialization, AI Pipeline RCE Triton DoS Flaws, AI Inference Server Security NVIDIA AI programming AI Chips China 800VDC Data Center, AI Power Architecture CVE-2024-0114 NVIDIA Container Toolkit vulnerability Container escape

NVIDIA DGX Cloud restructuring, Dwight Diercks engineering shift NVIDIA Isaac Launchable, Hard-coded Credentials NVIDIA Merlin Deserialization, AI Pipeline RCE Triton DoS Flaws, AI Inference Server Security NVIDIA AI programming AI Chips China 800VDC Data Center, AI Power Architecture CVE-2024-0114 NVIDIA Container Toolkit vulnerability Container escape

CVE-2024-0132: Incomplete NVIDIA Toolkit Patch Enables Container Escape and DoS Attacks

Do Son April 13, 2025

A recent report by Trend Research has uncovered that NVIDIA’s September 2024 security update for a critical...

Critical Vulnerability in Everest Forms Plugin Threatens WordPress Sites Everest Forms Vulnerability WordPress Plugin Security

Critical Vulnerability in Everest Forms Plugin Threatens WordPress Sites

Do Son April 12, 2025

A critical security vulnerability has been discovered in the Everest Forms WordPress plugin, putting over 100,000 websites...

Critical Vulnerability Exposes Langflow Servers to Full Compromise CVE-2025-3248 Langflow Vulnerability Remote Code Execution

Critical Vulnerability Exposes Langflow Servers to Full Compromise

Do Son April 11, 2025

A newly discovered vulnerability in Langflow, a popular tool for building agentic AI workflows, poses a significant...

InstaWP Connect Plugin Exposes WordPress Sites to Critical File Inclusion Vulnerability InstaWP Connect Vulnerability WordPress Plugin Security

InstaWP Connect Vulnerability WordPress Plugin Security

InstaWP Connect Plugin Exposes WordPress Sites to Critical File Inclusion Vulnerability

Do Son April 11, 2025

A severe security vulnerability has been identified in the InstaWP Connect WordPress plugin, posing a significant risk...

Critical Alert 4 Active Exploits Detected Today