Vulnerability Archives • Page 29 of 190 • Daily CyberSecurity

NetApp SnapCenter Users at Risk: CVSS 9.9 Privilege Escalation Alert CVE-2025-26512

NetApp SnapCenter Users at Risk: CVSS 9.9 Privilege Escalation Alert

Do Son March 26, 2025

A high-severity security vulnerability has been discovered in NetApp SnapCenter, posing a significant risk to systems utilizing...

Apache VCL Hit by SQL Injection (CVE-2024-53678) and XSS (CVE-2024-53679) Vulnerabilities CVE-2024-53678 & CVE-2024-53679

Apache VCL Hit by SQL Injection (CVE-2024-53678) and XSS (CVE-2024-53679) Vulnerabilities

Do Son March 26, 2025

Apache VCL (Virtual Computing Lab), a widely-used open-source cloud computing platform designed to deliver custom computing environments,...

CVE-2025-2783: Chrome Zero-Day Exploited in State-Sponsored Espionage Campaign CVE-2025-2783 - Operation ForumTroll

CVE-2025-2783: Chrome Zero-Day Exploited in State-Sponsored Espionage Campaign

Do Son March 25, 2025

Kaspersky Labs has uncovered a sophisticated cyber-espionage campaign—dubbed Operation ForumTroll—leveraging a previously unknown Google Chrome zero-day exploit,...

Cisco SD-WAN Vulnerability CVE-2026-20133 FortiGate Compromise Ivanti EPMM Zero-Day CVE-2026-1281 SmarterMail Vulnerability Storm-2603 WatchGuard Zero-Day, IKEv2 Out-of-Bounds Write Cisco Zero-Day, UAT-9686 Chinese APT FortiWeb RCE Exploitation CVE-2025-58034 VMware Zero-Day, Privilege Escalation Sitecore, remote code execution CVE-2025-53690 Windows CLFS, Privilege Escalation CVE-2024-47575 & CVE-2024-11120 CVE-2025-24983 vulnerability

CVE-2025-26633: Water Gamayun Exploits Windows MMC in Active Zero-Day Campaign

Do Son March 25, 2025

A zero-day vulnerability tracked as CVE-2025-26633 is being actively exploited in the wild by a sophisticated Russian-linked...

CVE-2025-1974 (CVSS 9.8): Ingress NGINX Flaws Threaten Mass Kubernetes Compromise CVE-2025-1974 IngressNightmare

CVE-2025-1974 (CVSS 9.8): Ingress NGINX Flaws Threaten Mass Kubernetes Compromise

Do Son March 25, 2025

A new cybersecurity threat has been identified by Wiz Research, dubbed “IngressNightmare,” which exposes critical vulnerabilities in...

BreachForums Claims: Millions of Oracle Cloud Records Stolen

Do Son March 25, 2025

A hacker recently posted on the BreachForums forum, claiming to have stolen customer security keys and other...

CVE-2025-0927: Public Exploit Released for Linux Kernel Privilege Escalation Bug CVE-2025-0927 PoC

CVE-2025-0927: Public Exploit Released for Linux Kernel Privilege Escalation Bug

Do Son March 25, 2025

A newly disclosed security advisory details a significant vulnerability within the Linux kernel, specifically impacting Ubuntu 22.04...

Urgent: Patch Your Next.js for Authorization Bypass (CVE-2025-29927) CVE-2024-56332 - CVE-2025-29927 Next.js, Cache Poisoning

Urgent: Patch Your Next.js for Authorization Bypass (CVE-2025-29927)

Do Son March 24, 2025

Next.js, the popular React framework empowering developers to build full-stack web applications with speed and efficiency, has...

Critical Vulnerability Discovered in Popular WordPress Security Plugin WP Ghost CVE-2025-26909

Critical Vulnerability Discovered in Popular WordPress Security Plugin WP Ghost

Do Son March 24, 2025

A high-severity security vulnerability has been identified in the popular WordPress plugin, WP Ghost. With over 200,000...

CVE-2025-29922: Critical Flaw in kcp Lets Attackers Manipulate Any Workspace

Do Son March 24, 2025

A high-severity vulnerability has been identified in the kcp project, a Kubernetes-like control plane designed for multi-tenant...

Critical Remote Code Execution Vulnerability in vLLM via Mooncake Integration vLLM Vulnerability CVE-2026-22778 vLLM Memory Corruption, AI Inference RCE CVE-2025-29783 CVE-2025-32444 vLLM vulnerability vLLM, Remote Code Execution

vLLM Vulnerability CVE-2026-22778 vLLM Memory Corruption, AI Inference RCE CVE-2025-29783 CVE-2025-32444 vLLM vulnerability vLLM, Remote Code Execution

Critical Remote Code Execution Vulnerability in vLLM via Mooncake Integration

Do Son March 24, 2025

vLLM, a popular library for Large Language Model (LLM) inference and serving, has recently addressed a critical...

Nuxt Users Beware: CVE-2025-27415 Opens the Door to Cache Poisoning Attacks

Do Son March 24, 2025

A newly discovered vulnerability in the popular Nuxt framework could allow attackers to poison CDN caches and...

CVE-2025-27888: Apache Druid Flaw Opens Door to SSRF and XSS Risks in Real-Time Analytics Platforms

Do Son March 23, 2025

Apache has disclosed a critical security vulnerability in Apache Druid, a real-time analytics database widely used for...

CVE-2025-1758: Critical Buffer Overflow in Kemp LoadMaster Opens Door to Remote Code Execution Sitefinity critical vulnerabilities Sitefinity security update CVE-2024-7763 - CVE-2024-8785 exploit CVE-2025-1758

Sitefinity critical vulnerabilities Sitefinity security update CVE-2024-7763 - CVE-2024-8785 exploit CVE-2025-1758

CVE-2025-1758: Critical Buffer Overflow in Kemp LoadMaster Opens Door to Remote Code Execution

Do Son March 23, 2025

A high-severity vulnerability has been identified in Progress Software’s Kemp LoadMaster, a popular application delivery controller (ADC)...

Telegram Bot Formatting HTML formatting, Markdown update, bot development Telegram Passkey SMS Login Replacement Telegram Zero-Click Vulnerability

Operation Zero Offers Millions for Telegram Zero-Click Exploits

Do Son March 23, 2025

The Russian vulnerability broker, Operation Zero, is a company specializing in the acquisition and sale of security...

Critical Security Flaw in ArcGIS Enterprise Exposes Admin Accounts to Remote Takeover Ollama Heap Leak CVE-2026-5757 Anritsu Vulnerability Authentication Bypass Gootloader Malware Malformed ZIP Evasion Blender Malware, StealC V2 Lectora, XSS CVE-2025-9125 HFS RCE, Template Injection Arch Linux Malware, CHAOS RAT CVE-2024-56404 - CVE-2024-39327 CVE-2025-2538

Ollama Heap Leak CVE-2026-5757 Anritsu Vulnerability Authentication Bypass Gootloader Malware Malformed ZIP Evasion Blender Malware, StealC V2 Lectora, XSS CVE-2025-9125 HFS RCE, Template Injection Arch Linux Malware, CHAOS RAT CVE-2024-56404 - CVE-2024-39327 CVE-2025-2538

Critical Security Flaw in ArcGIS Enterprise Exposes Admin Accounts to Remote Takeover

Do Son March 22, 2025

Esri has disclosed a critical vulnerability in its ArcGIS Enterprise platform that could allow attackers to hijack...

CVE-2024-10442: Synology Replication Service Vulnerability Scores Maximum CVSS Rating Synology Chat Server vulnerabilities Synology security update Synology DSM Update NAS Security Vulnerability Synology VPN Update SSL VPN Vulnerability Synology Telnet Flaw DSM Security Update Synology DSM Telnet vulnerability BeeStation Zero-Day, Pwn2Own RCE CVE-2024-11131 & CVE-2024-10442 CVE-2025-2848 Synology, NAS

CVE-2024-10442: Synology Replication Service Vulnerability Scores Maximum CVSS Rating

Do Son March 20, 2025

Synology has released updated security advisories detailing a critical vulnerability in its Replication Service. The vulnerability allows...

Spring Security Updates Address Authorization Bypass and Password Length Vulnerabilities CVE-2024-38821 - CVE-2025-22223 and CVE-2025-22228 Spring Framework vulnerability, Spring Security

CVE-2024-38821 - CVE-2025-22223 and CVE-2025-22228 Spring Framework vulnerability, Spring Security

Spring Security Updates Address Authorization Bypass and Password Length Vulnerabilities

Do Son March 20, 2025

Spring, a widely used framework for Java-based applications, has disclosed two significant security vulnerabilities that could lead...

Weaver E-cology RCE CVE-2026-22679 CVE-2026-20127 Cisco SD-WAN Exploitation AI-Driven Cyberattack ARXON Malware React Server Components Vulnerability CVE-2025-55182 FortiWeb Auth Bypass, Unauthenticated Admin Takeover RayInitiator Bootkit, LINE VIPER CVE-2025-59689 Department of the Treasury cybersecurity - CVE-2025-0108 PoC CVE-2025-31103 Dior Data Breach SK Telecom data breach, long-term intrusion

Web Shell to Ransomware: New VMware Attack Vector Exposed by Sygnia

Do Son March 20, 2025

Cybersecurity researchers at Sygnia have uncovered a new attack method that exploits recent VMware vulnerabilities (CVE-2025-22224, CVE-2025-22225,...

Critical WordPress Plugin Vulnerability Exposes Over 40,000 Websites to Code Execution Attacks

Do Son March 20, 2025

A critical security vulnerability has been discovered in the popular Age Gate plugin for WordPress, potentially exposing...