Vulnerability Archives • Page 27 of 190 • Daily CyberSecurity

CVE-2025-27095: Token Theft Flaw in JumpServer Exposes Kubernetes Clusters to Unauthorized Access

Ddos April 1, 2025

A new vulnerability in JumpServer (CVE-2025-27095) has been disclosed, exposing Kubernetes clusters to potential compromise through token...

Apple Backports Fixes for Three Actively Exploited Zero-Days Targeting Older Devices Apple Foldable, iPhone Fold WorkflowKit, CVE-2024-27821 Zero-Days

Apple Foldable, iPhone Fold WorkflowKit, CVE-2024-27821 Zero-Days

Apple Backports Fixes for Three Actively Exploited Zero-Days Targeting Older Devices

Ddos April 1, 2025

Apple has released backported security patches for older versions of iOS, iPadOS, and macOS, addressing three zero-day...

CISA Warns of Active Exploitation of Cisco Smart Licensing Utility Flaw Cisco CCX RCE and Java RMI Flaw CVE-2024-20458 - CVE-2025-20111 Cisco Smart Licensing Utility Flaw

Cisco CCX RCE and Java RMI Flaw CVE-2024-20458 - CVE-2025-20111 Cisco Smart Licensing Utility Flaw

CISA Warns of Active Exploitation of Cisco Smart Licensing Utility Flaw

Ddos April 1, 2025

In a critical update to its Known Exploited Vulnerabilities (KEV) Catalog, the Cybersecurity and Infrastructure Security Agency...

CVE-2025-1449 (CVSS 9.1): Vulnerability in Verve Asset Manager Allows Admin Shell Access Rockwell Automation ThinManager ThinServer CVE-2024-7988 CVE-2025-1449

Rockwell Automation ThinManager ThinServer CVE-2024-7988 CVE-2025-1449

CVE-2025-1449 (CVSS 9.1): Vulnerability in Verve Asset Manager Allows Admin Shell Access

Ddos April 1, 2025

Rockwell Automation has released a security advisory addressing a vulnerability in Verve Asset Manager. The advisory details...

KNIME Business Hub Hit by Critical Bugs, Including Hard-Coded Password and XSS Flaws KNIME Business Hub vulnerability

KNIME Business Hub Hit by Critical Bugs, Including Hard-Coded Password and XSS Flaws

Ddos April 1, 2025

A recent security advisory from KNIME details several vulnerabilities affecting the KNIME Business Hub, a customer-managed KNIME...

Canon Fixes Critical Printer Driver Flaw: CVE-2025-1268 Alert CVE-2024-47406 CVE-2025-1268 Canon Printer Vulnerability CVE-2025-14231

Canon Fixes Critical Printer Driver Flaw: CVE-2025-1268 Alert

Ddos March 31, 2025

Canon has issued a security notice regarding a critical vulnerability found in certain printer drivers for its...

CrushFTP Hacked: Exploit CVE-2025-2825 with PoC and Nuclei Template critical-temaple

CrushFTP Hacked: Exploit CVE-2025-2825 with PoC and Nuclei Template

Ddos March 31, 2025

ProjectDiscovery has published a technical breakdown of CVE-2025-2825, a critical authentication bypass flaw in CrushFTP—a widely used...

CVE-2025-22398: Dell Unity Hit by 9.8 CVSS Root-Level Command Injection Flaw Dell ECS Security Update CVE-2026-40636 Hard-coded Credentials Dell Business Price Increase, RAM and SSD Shortage 2025 Dell Data Lakehouse, Critical Privilege Escalation Authentication Bypass Vulnerability CVE-2025-22398

CVE-2025-22398: Dell Unity Hit by 9.8 CVSS Root-Level Command Injection Flaw

Ddos March 31, 2025

Dell has released a security update for Unity OS version 5.4 and earlier, addressing a set of...

Mitel Addresses High Severity XSS Vulnerability in MiContact Center Business CVE-2024-41714 - CVE-2025-23092

Mitel Addresses High Severity XSS Vulnerability in MiContact Center Business

Ddos March 31, 2025

Mitel has issued a security advisory regarding a reflected cross-site scripting (XSS) vulnerability, tracked as CVE-2025-23092 (CVSS...

Ubuntu Security Alert: Three Ways to Bypass User Namespace Restrictions Ubuntu 26.10 Stonking Stingray Ubuntu Security Alert: Three Ways to Bypass User Namespace Restrictions

Ubuntu Security Alert: Three Ways to Bypass User Namespace Restrictions

Ddos March 31, 2025

Qualys Threat Research Unit (TRU) has recently disclosed three security bypasses in Ubuntu’s unprivileged user namespace restrictions....

CVE-2025-2294 Targets WordPress Plugin with 90,000+ Active Installs

Ddos March 30, 2025

A severe security vulnerability has been identified in the Kubio AI Page Builder plugin for WordPress, posing...

CISA Warns of RESURGE Malware: Exploiting Ivanti Vulnerability NTLM Vulnerabilities, CVE-2024-43451 CVE-2024-37361 - RESURGE Malware

CISA Warns of RESURGE Malware: Exploiting Ivanti Vulnerability

Ddos March 29, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has released a Malware Analysis Report (MAR) detailing a newly...

Weaver E-cology RCE CVE-2026-22679 CVE-2026-20127 Cisco SD-WAN Exploitation AI-Driven Cyberattack ARXON Malware React Server Components Vulnerability CVE-2025-55182 FortiWeb Auth Bypass, Unauthenticated Admin Takeover RayInitiator Bootkit, LINE VIPER CVE-2025-59689 Department of the Treasury cybersecurity - CVE-2025-0108 PoC CVE-2025-31103 Dior Data Breach SK Telecom data breach, long-term intrusion

CVE-2025-31103: Zero-Day Vulnerability Discovered in a-blog cms, Act Now to Protect Your Web Server

Ddos March 28, 2025

A critical security vulnerability has been discovered in a-blog cms, a web content management system developed by...

Critical Vulnerability Discovered in Apache Pinot: Authentication Bypass Exposes Systems to Severe Risk CVE-2024-56325 Apache Pinot vulnerability

CVE-2024-56325 Apache Pinot vulnerability

Critical Vulnerability Discovered in Apache Pinot: Authentication Bypass Exposes Systems to Severe Risk

Ddos March 28, 2025

Apache Pinot, a high-throughput, low-latency OLAP datastore originally developed at LinkedIn, is designed to provide real-time analytics...

CVE-2025-30353: Directus Vulnerability Exposes Sensitive Data in Webhook Trigger Flows CVE-2024-27295

CVE-2025-30353: Directus Vulnerability Exposes Sensitive Data in Webhook Trigger Flows

Ddos March 28, 2025

A security vulnerability has been identified in Directus, a real-time API and App dashboard used for managing...

Ghostscript Nightmare: Critical Severity Vulnerabilities Put Users at Risk CVE-2023-36664 CVE-2025-27832, CVE-2025-27831, CVE-2025-27836, and CVE-2025-27837

CVE-2023-36664 CVE-2025-27832, CVE-2025-27831, CVE-2025-27836, and CVE-2025-27837

Ghostscript Nightmare: Critical Severity Vulnerabilities Put Users at Risk

Ddos March 28, 2025

A series of security vulnerabilities has been identified in Artifex Ghostscript, a widely used interpreter for PostScript...

CHOCO TEI WATCHER mini Devices Found Vulnerable to Critical Remote Exploits, CISA Warns CHOCO TEI WATCHER vulnerability

CHOCO TEI WATCHER mini Devices Found Vulnerable to Critical Remote Exploits, CISA Warns

Ddos March 28, 2025

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a security advisory alerting organizations to multiple...

CVE-2025-2857: New Firefox Sandbox Escape Emerges Following Active Exploitation of CVE-2025-2783 Firefox Klar Adjust

CVE-2025-2857: New Firefox Sandbox Escape Emerges Following Active Exploitation of CVE-2025-2783

Ddos March 27, 2025

Mozilla releases urgent security patch for Windows users as researchers uncover another IPC vulnerability echoing a recently...

CVE-2025-2848: Synology Mail Server Vulnerability Allows Remote Configuration Tampering Synology Chat Server vulnerabilities Synology security update Synology DSM Update NAS Security Vulnerability Synology VPN Update SSL VPN Vulnerability Synology Telnet Flaw DSM Security Update Synology DSM Telnet vulnerability BeeStation Zero-Day, Pwn2Own RCE CVE-2024-11131 & CVE-2024-10442 CVE-2025-2848 Synology, NAS

CVE-2025-2848: Synology Mail Server Vulnerability Allows Remote Configuration Tampering

Ddos March 27, 2025

A recently disclosed vulnerability in Synology Mail Server could allow remote authenticated attackers to tamper with system...

Millions at Risk: PoC Exploit Releases for Vite Arbitrary File Read Flaw (CVE-2025-30208)

Ddos March 27, 2025

Vite, the blazing-fast frontend build tool that powers millions of modern web applications, has been found vulnerable...

Critical Alert 1 Active Exploit Detected Today