Vulnerability Archives • Page 36 of 190 • Daily CyberSecurity

CVE-2025-0475 & CVE-2025-0555: GitLab’s High-Risk Patch Now CVE-2024-4835 CVE-2025-0475 & CVE-2025-0555

CVE-2025-0475 & CVE-2025-0555: GitLab’s High-Risk Patch Now

Do Son February 26, 2025

GitLab has issued a security advisory, urging all self-managed GitLab installations to upgrade immediately to versions 17.9.1,...

Outdated and Unblocked: Legacy Driver Vulnerability Exploited in Widespread Attack

Do Son February 26, 2025

A large-scale cyberattack campaign leveraging legacy drivers to disable endpoint security solutions has been uncovered by Check...

CVE-2024-12084 & CVE-2024-12085: Rsync Flaws Allow Hackers to Take Over Servers, PoC Published Rsync Vulnerability Use-After-Free CVE-2022-29154 & CVE-2024-12084 CVE-2024-120845 PoC

Rsync Vulnerability Use-After-Free CVE-2022-29154 & CVE-2024-12084 CVE-2024-120845 PoC

CVE-2024-12084 & CVE-2024-12085: Rsync Flaws Allow Hackers to Take Over Servers, PoC Published

Do Son February 25, 2025

A set of high-risk vulnerabilities has been disclosed in Rsync, the widely used file synchronization and data...

CISA Flags Actively Exploited Zimbra (CVE-2023-34192) and Microsoft (CVE-2024-49035) Vulnerabilities CISA KEV Catalog Active Exploitation CVE-2023-33063 - CVE-2023-34192 and CVE-2024-49035

CISA KEV Catalog Active Exploitation CVE-2023-33063 - CVE-2023-34192 and CVE-2024-49035

CISA Flags Actively Exploited Zimbra (CVE-2023-34192) and Microsoft (CVE-2024-49035) Vulnerabilities

Do Son February 25, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning, adding two critical vulnerabilities to its...

CVE-2025-24752: Massive WordPress Plugin Vulnerability Exposes Millions to XSS Attacks

Do Son February 25, 2025

A high-severity security flaw has been discovered in the widely used WordPress plugin, Essential Addons for Elementor,...

OpenH264 Codec Vulnerability (CVE-2025-27091): Remote Code Execution Possible

Do Son February 25, 2025

Cisco has released a security advisory concerning a high-severity vulnerability in the OpenH264 codec library. Tracked as...

GRUB2 Bootloader Vulnerabilities Expose Millions of Systems to Attacks GRUB 2.14 release Y2038 fix, Linux bootloader Argon2 TPM2 GRUB2 Bootloader Vulnerabilities - CVE-2025-0624

GRUB 2.14 release Y2038 fix, Linux bootloader Argon2 TPM2 GRUB2 Bootloader Vulnerabilities - CVE-2025-0624

GRUB2 Bootloader Vulnerabilities Expose Millions of Systems to Attacks

Do Son February 25, 2025

A series of critical vulnerabilities have been discovered in GRUB2, the popular boot loader used by many...

PolarEdge Botnet: 2,000+ IoT Devices Infected PolarEdge IoT botnet

PolarEdge Botnet: 2,000+ IoT Devices Infected

Do Son February 25, 2025

The PolarEdge botnet, a sophisticated IoT-based malware campaign, has been discovered by Sekoia’s Threat Detection & Research...

CVE-2025-27364 (CVSS 10): Remote Code Execution Flaw Found in MITRE Caldera, PoC Releases

Do Son February 24, 2025

A newly discovered vulnerability in MITRE Caldera, tracked as CVE-2025-27364, has been assigned a critical CVSS score...

PoC Released: CVE-2024-13159 (CVSS 9.8) in Ivanti EPM Poses Severe Security Threat CVE-2024-13159 PoC exploit

PoC Released: CVE-2024-13159 (CVSS 9.8) in Ivanti EPM Poses Severe Security Threat

Do Son February 24, 2025

Security researcher Zach Hanley (@hacks_zach) of Horizon3.ai published the technical details and a proof-of-concept (PoC) exploit code...

CVE-2025-1128: Everest Forms Plugin Exposes 100,000+ WordPress Sites to Complete Takeover

Do Son February 24, 2025

A severe security vulnerability, tracked as CVE-2025-1128, has been uncovered in the popular WordPress plugin, Everest Forms,...

Critical Mattermost Flaws (CVE-2025-20051, CVE-2025-24490, CVE-2025-25279) Expose Systems to File Read and SQL Injection Attacks Mattermost Vulnerability, Remote Code Execution CVE-2025-20051, CVE-2025-24490, and CVE-2025-25279

Mattermost Vulnerability, Remote Code Execution CVE-2025-20051, CVE-2025-24490, and CVE-2025-25279

Critical Mattermost Flaws (CVE-2025-20051, CVE-2025-24490, CVE-2025-25279) Expose Systems to File Read and SQL Injection Attacks

Do Son February 24, 2025

Mattermost, an open-source platform for team communication and collaboration, has addressed three critical security vulnerabilities affecting its...

CISA Flags Actively Exploited Security Vulnerabilities in Adobe ColdFusion and Oracle Agile PLM CISA active exploit catalog known exploited vulnerabilities ActiveMQ RCE CVE-2026-34197 CISA KEV Catalog Actively Exploited Vulnerabilities CISA KEV Catalog CVE-2025-37164 GeoServer XXE, CISA KEV FortiWeb SQLi, CISA KEV Critical Vulnerabilities CVE-2024-20953

CISA active exploit catalog known exploited vulnerabilities ActiveMQ RCE CVE-2026-34197 CISA KEV Catalog Actively Exploited Vulnerabilities CISA KEV Catalog CVE-2025-37164 GeoServer XXE, CISA KEV FortiWeb SQLi, CISA KEV Critical Vulnerabilities CVE-2024-20953

CISA Flags Actively Exploited Security Vulnerabilities in Adobe ColdFusion and Oracle Agile PLM

Do Son February 24, 2025

Cybersecurity and Infrastructure Security Agency (CISA) has added two critical security vulnerabilities to its Known Exploited Vulnerabilities...

From Confluence Vulnerability (CVE-2023-22527) to LockBit Encryption: A Rapid Attack Chain

Do Son February 24, 2025

Security researchers at The DFIR Report have uncovered a highly coordinated attack that leveraged a critical remote...

0-Day in Parallels Desktop Allows Root Privilege Escalation, PoC Released Parallels Desktop 0-Day

0-Day in Parallels Desktop Allows Root Privilege Escalation, PoC Released

Do Son February 23, 2025

A newly disclosed 0-day vulnerability in Parallels Desktop has exposed a root privilege escalation flaw, bypassing the...

CVE-2024-56171 & CVE-2025-24928: Libxml2 Flaws Could Lead to Code Execution CVE-2024-56171, CVE-2025-24928, and CVE-2025-27113

CVE-2024-56171 & CVE-2025-24928: Libxml2 Flaws Could Lead to Code Execution

Do Son February 23, 2025

Libxml2,a widely used XML parsing library developed for the GNOME project but also utilized across various platforms,...

Moxa PT Switches Vulnerable to CVE-2024-9404 Denial-of-Service Attack Moxa Hard-Coded Credentials, Critical JWT Bypass CVE-2024-9137 and CVE-2024-9139 - CVE-2024-12297 CVE-2024-7695 CVE-2024-9404 CVE-2024-12297 CVE-2025-0415

Moxa Hard-Coded Credentials, Critical JWT Bypass CVE-2024-9137 and CVE-2024-9139 - CVE-2024-12297 CVE-2024-7695 CVE-2024-9404 CVE-2024-12297 CVE-2025-0415

Moxa PT Switches Vulnerable to CVE-2024-9404 Denial-of-Service Attack

Do Son February 23, 2025

Moxa, a leading provider of industrial networking solutions, has issued a security advisory regarding a critical denial-of-service...

Exim Mail Transfer Agent Vulnerable to Remote SQL Injection (CVE-2025-26794), PoC Published CVE-2025-26794 Exim SQL Injection, Heap Buffer Overflow

CVE-2025-26794 Exim SQL Injection, Heap Buffer Overflow

Exim Mail Transfer Agent Vulnerable to Remote SQL Injection (CVE-2025-26794), PoC Published

Do Son February 23, 2025

A new vulnerability has been discovered in Exim, a widely used mail transfer agent (MTA) for Unix-like...

CVE-2024-37361 (CVSS 9.9): Critical Vulnerability in Pentaho Business Analytics Server NTLM Vulnerabilities, CVE-2024-43451 CVE-2024-37361 - RESURGE Malware

NTLM Vulnerabilities, CVE-2024-43451 CVE-2024-37361 - RESURGE Malware

CVE-2024-37361 (CVSS 9.9): Critical Vulnerability in Pentaho Business Analytics Server

Do Son February 22, 2025

Hitachi Vantara has issued a security advisory addressing a vulnerability, designated as CVE-2024-37361, in its Pentaho Business...

CVE-2024-56000 (CVSS 9.8): Account Takeover Flaw in KLEO WordPress Theme

Do Son February 21, 2025

A critical vulnerability has been discovered in the KLEO WordPress theme, potentially allowing attackers to take over...