Vulnerability Archives • Page 27 of 190 • Daily CyberSecurity

CVE-2025-30223 (CVSS 9.3): Critical XSS Vulnerability Discovered in Beego Framework

Do Son April 2, 2025

A Cross-Site Scripting (XSS) vulnerability has been identified in the Beego framework, a popular Go framework for...

8 Zero-Day Vulnerabilities Uncovered in Netgear WNR854T Router Netgear WNR854T vulnerability Vulnerabilities

8 Zero-Day Vulnerabilities Uncovered in Netgear WNR854T Router

Do Son April 2, 2025

Security researcher Dylan has disclosed a set of eight previously unknown zero-day vulnerabilities affecting the Netgear WNR854T,...

CVE-2025-30065 (CVSS 10): Critical Vulnerability Discovered in Apache Parquet Java CVE-2025-30065 Apache Parquet, CVE-2025-46762

CVE-2025-30065 (CVSS 10): Critical Vulnerability Discovered in Apache Parquet Java

Do Son April 2, 2025

Apache Parquet, a widely used open-source, column-oriented data file format, has been found to contain a critical...

Critical Vulnerabilities Threaten IBM App Connect Enterprise IBM API Connect, CVE-2025-13915 IBM Privilege Escalation, CVE-2025-36356 IBM Power Systems - CVE-2024-45656 CVE-2024-49814 and CVE-2024-51450 CVE-2024-56346 and CVE-2024-56347 CVE-2025-1302

IBM API Connect, CVE-2025-13915 IBM Privilege Escalation, CVE-2025-36356 IBM Power Systems - CVE-2024-45656 CVE-2024-49814 and CVE-2024-51450 CVE-2024-56346 and CVE-2024-56347 CVE-2025-1302

Critical Vulnerabilities Threaten IBM App Connect Enterprise

Do Son April 2, 2025

IBM has issued a critical security bulletin warning that multiple versions of its App Connect Enterprise (ACE)...

Google Patches ImageRunner: Fixing Critical Cloud Run Container Access Flaw Railway app Google Cloud suspension Google Cloud CDN Interconnect pricing 2026, GCP data transfer cost increase Google Cloud Disrupted ImageRunner Alphabet earnings, Google AI

Railway app Google Cloud suspension Google Cloud CDN Interconnect pricing 2026, GCP data transfer cost increase Google Cloud Disrupted ImageRunner Alphabet earnings, Google AI

Google Patches ImageRunner: Fixing Critical Cloud Run Container Access Flaw

Do Son April 1, 2025

In the complex tapestry of cloud infrastructure, seemingly minor permission oversights can sometimes unravel into significant security...

VMware Addresses Local Privilege Escalation Vulnerability (CVE-2025-22231) VMware Fusion and Workstation Now Free CVE-2025-22231

VMware Addresses Local Privilege Escalation Vulnerability (CVE-2025-22231)

Do Son April 1, 2025

VMware has recently released patches to address a local privilege escalation vulnerability (CVE-2025-22231) affecting several of its...

CVE-2025-27095: Token Theft Flaw in JumpServer Exposes Kubernetes Clusters to Unauthorized Access

Do Son April 1, 2025

A new vulnerability in JumpServer (CVE-2025-27095) has been disclosed, exposing Kubernetes clusters to potential compromise through token...

Apple Backports Fixes for Three Actively Exploited Zero-Days Targeting Older Devices Apple Foldable, iPhone Fold WorkflowKit, CVE-2024-27821 Zero-Days

Apple Foldable, iPhone Fold WorkflowKit, CVE-2024-27821 Zero-Days

Apple Backports Fixes for Three Actively Exploited Zero-Days Targeting Older Devices

Do Son April 1, 2025

Apple has released backported security patches for older versions of iOS, iPadOS, and macOS, addressing three zero-day...

CISA Warns of Active Exploitation of Cisco Smart Licensing Utility Flaw Cisco CCX RCE and Java RMI Flaw CVE-2024-20458 - CVE-2025-20111 Cisco Smart Licensing Utility Flaw

Cisco CCX RCE and Java RMI Flaw CVE-2024-20458 - CVE-2025-20111 Cisco Smart Licensing Utility Flaw

CISA Warns of Active Exploitation of Cisco Smart Licensing Utility Flaw

Do Son April 1, 2025

In a critical update to its Known Exploited Vulnerabilities (KEV) Catalog, the Cybersecurity and Infrastructure Security Agency...

CVE-2025-1449 (CVSS 9.1): Vulnerability in Verve Asset Manager Allows Admin Shell Access Rockwell Automation ThinManager ThinServer CVE-2024-7988 CVE-2025-1449

Rockwell Automation ThinManager ThinServer CVE-2024-7988 CVE-2025-1449

CVE-2025-1449 (CVSS 9.1): Vulnerability in Verve Asset Manager Allows Admin Shell Access

Do Son April 1, 2025

Rockwell Automation has released a security advisory addressing a vulnerability in Verve Asset Manager. The advisory details...

KNIME Business Hub Hit by Critical Bugs, Including Hard-Coded Password and XSS Flaws KNIME Business Hub vulnerability

KNIME Business Hub Hit by Critical Bugs, Including Hard-Coded Password and XSS Flaws

Do Son April 1, 2025

A recent security advisory from KNIME details several vulnerabilities affecting the KNIME Business Hub, a customer-managed KNIME...

Canon Fixes Critical Printer Driver Flaw: CVE-2025-1268 Alert CVE-2024-47406 CVE-2025-1268 Canon Printer Vulnerability CVE-2025-14231

Canon Fixes Critical Printer Driver Flaw: CVE-2025-1268 Alert

Do Son March 31, 2025

Canon has issued a security notice regarding a critical vulnerability found in certain printer drivers for its...

CrushFTP Hacked: Exploit CVE-2025-2825 with PoC and Nuclei Template critical-temaple

CrushFTP Hacked: Exploit CVE-2025-2825 with PoC and Nuclei Template

Do Son March 31, 2025

ProjectDiscovery has published a technical breakdown of CVE-2025-2825, a critical authentication bypass flaw in CrushFTP—a widely used...

CVE-2025-22398: Dell Unity Hit by 9.8 CVSS Root-Level Command Injection Flaw Dell ECS Security Update CVE-2026-40636 Hard-coded Credentials Dell Business Price Increase, RAM and SSD Shortage 2025 Dell Data Lakehouse, Critical Privilege Escalation Authentication Bypass Vulnerability CVE-2025-22398

CVE-2025-22398: Dell Unity Hit by 9.8 CVSS Root-Level Command Injection Flaw

Do Son March 31, 2025

Dell has released a security update for Unity OS version 5.4 and earlier, addressing a set of...

Mitel Addresses High Severity XSS Vulnerability in MiContact Center Business CVE-2024-41714 - CVE-2025-23092

Mitel Addresses High Severity XSS Vulnerability in MiContact Center Business

Do Son March 31, 2025

Mitel has issued a security advisory regarding a reflected cross-site scripting (XSS) vulnerability, tracked as CVE-2025-23092 (CVSS...

Ubuntu Security Alert: Three Ways to Bypass User Namespace Restrictions Ubuntu 26.10 Stonking Stingray Ubuntu Security Alert: Three Ways to Bypass User Namespace Restrictions

Ubuntu Security Alert: Three Ways to Bypass User Namespace Restrictions

Do Son March 31, 2025

Qualys Threat Research Unit (TRU) has recently disclosed three security bypasses in Ubuntu’s unprivileged user namespace restrictions....

CVE-2025-2294 Targets WordPress Plugin with 90,000+ Active Installs

Do Son March 30, 2025

A severe security vulnerability has been identified in the Kubio AI Page Builder plugin for WordPress, posing...

CISA Warns of RESURGE Malware: Exploiting Ivanti Vulnerability NTLM Vulnerabilities, CVE-2024-43451 CVE-2024-37361 - RESURGE Malware

CISA Warns of RESURGE Malware: Exploiting Ivanti Vulnerability

Do Son March 29, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has released a Malware Analysis Report (MAR) detailing a newly...

Weaver E-cology RCE CVE-2026-22679 CVE-2026-20127 Cisco SD-WAN Exploitation AI-Driven Cyberattack ARXON Malware React Server Components Vulnerability CVE-2025-55182 FortiWeb Auth Bypass, Unauthenticated Admin Takeover RayInitiator Bootkit, LINE VIPER CVE-2025-59689 Department of the Treasury cybersecurity - CVE-2025-0108 PoC CVE-2025-31103 Dior Data Breach SK Telecom data breach, long-term intrusion

CVE-2025-31103: Zero-Day Vulnerability Discovered in a-blog cms, Act Now to Protect Your Web Server

Do Son March 28, 2025

A critical security vulnerability has been discovered in a-blog cms, a web content management system developed by...

Critical Vulnerability Discovered in Apache Pinot: Authentication Bypass Exposes Systems to Severe Risk CVE-2024-56325 Apache Pinot vulnerability

CVE-2024-56325 Apache Pinot vulnerability

Critical Vulnerability Discovered in Apache Pinot: Authentication Bypass Exposes Systems to Severe Risk

Do Son March 28, 2025

Apache Pinot, a high-throughput, low-latency OLAP datastore originally developed at LinkedIn, is designed to provide real-time analytics...