Vulnerability Archives • Page 4 of 190 • Daily CyberSecurity

Fragged Files: Critical Zero-Day Hits Quake III Arena Engines via Directory Traversal Quake III Arena, Zero-Day Vulnerability

Fragged Files: Critical Zero-Day Hits Quake III Arena Engines via Directory Traversal

Do Son January 5, 2026

The Quake III Arena engine, a cornerstone of FPS history open-sourced by id Software, has been hit...

Zero-Click Hijack: The PrestaShop Checkout Flaw That Turns Emails Into Full Account Access, PoC Publishes CVE-2023-39526 PrestaShop

Zero-Click Hijack: The PrestaShop Checkout Flaw That Turns Emails Into Full Account Access, PoC Publishes

Do Son January 5, 2026

A critical vulnerability in the widely used PrestaShop e-commerce platform has been analyzed by vulnerability researcher Ananda...

HTTP.sys RCE vulnerability, Windows HTTP stack exploit, CVE-2026-47291 Netlogon RCE vulnerability Exploited in the wild Secure Boot certificate renewal 2026, Windows 11 UEFI update Community-First AI Infrastructure, Microsoft self-funding energy mandate aka.ms/aoh online portal CVE-2025-55681, Windows DWM Elevation Windows Administrator Protection, CVE-2025-60718 Microsoft AI Compute, IREN Infrastructure Microsoft Japan PPA, Renewable Energy Microsoft AI Investment, Cloud Expansion Microsoft Azure, Startup Credits Infinite Workday, AI in Work Microsoft Russia, Bankruptcy AI code generation, Microsoft AI Microsoft Layoffs, Restructuring

Windows DWM Flaw Lets Local Users Paint Their Way to SYSTEM Privileges, PoC Publishes

Do Son December 23, 2025

A newly discovered vulnerability in the heart of the Windows visual experience has been patched by Microsoft,...

Dropbear SSH Flaw Risks Root Access on Embedded Linux via Unix Stream Forwarding Dropbear SSH LPE, Unix Stream Forwarding

Dropbear SSH Flaw Risks Root Access on Embedded Linux via Unix Stream Forwarding

Do Son December 17, 2025

A critical privilege escalation vulnerability has been discovered in Dropbear, a lightweight SSH server widely used in...

Linux Kernel io_uring UAF Flaw Used to Cheat BPF Verifier and Achieve Container Escape, PoC Releases Linux io_uring UAF, Kernel Exploit Primitive

Linux Kernel io_uring UAF Flaw Used to Cheat BPF Verifier and Achieve Container Escape, PoC Releases

Do Son December 13, 2025

Two security researchers, known by the handles st424204 and d4em0n, have published a deep-dive analysis of a...

macOS Privilege Escalation Flaw Bypasses Patch for Root Access, Poc Releases! macOS Privilege Escalation, .zprofile Exploit

macOS Privilege Escalation Flaw Bypasses Patch for Root Access, Poc Releases!

Do Son December 9, 2025

Security researcher Morris Richman has disclosed a new privilege escalation vulnerability, CVE-2025-43472, which could allow an attacker...

PoC Available: Bluetooth Flaw Risks DoS Crash on Smart Cars and Wear OS BlueShrimp, Android Automotive UAF

PoC Available: Bluetooth Flaw Risks DoS Crash on Smart Cars and Wear OS

Do Son December 8, 2025

While most Android users can breathe a sigh of relief, a newly analyzed Bluetooth vulnerability presents a...

Critical cPanel Flaw (CVSS 9.3) Allows Directory Traversal LPE for Full Server Takeover cPanel WHM Vulnerabilities 2026 CVE-2026-29205 Arbitrary File Read cPanel Security Vulnerability Perl Injection Exploit cPanel Authentication WHM Security cPanel Privilege Escalation, Directory Traversal LPE

Critical cPanel Flaw (CVSS 9.3) Allows Directory Traversal LPE for Full Server Takeover

Do Son December 3, 2025

cPanel, the industry-standard control panel software that powers a vast portion of the web hosting market, has...

PoC Exploit Releases for CVE-2025-60718 – Windows Administrator Protection Elevation of Privilege Vulnerability

Do Son December 1, 2025

A significant crack has been discovered in the armor of Windows Administrator Protection, potentially allowing low-privileged attackers...

CVE-2025-54918: Windows NTLM Elevation of Privilege Vulnerability Smart App Control blocking Armoury Crate, ROG Ally Defender false positive 2026 Microsoft Zero-Day, Cloud Files UAF Microsoft Access end of life CVE-2025-21298 Azure Vulnerabilities

Smart App Control blocking Armoury Crate, ROG Ally Defender false positive 2026 Microsoft Zero-Day, Cloud Files UAF Microsoft Access end of life CVE-2025-21298 Azure Vulnerabilities

CVE-2025-54918: Windows NTLM Elevation of Privilege Vulnerability

Do Son November 26, 2025

Just when administrators thought NTLM relay attacks were becoming a thing of the past, a dangerous new...

Critical Flowise Flaw Allows Unauthenticated Remote Admin Takeover via Exposed Registration Endpoint Flowise Sandbox Escape CVE-2026-46442 Flowise RCE Flowise Auth Bypass, Unauthenticated Registration Flowise RCE, WriteFileTool FlowiseAI, account takeover CVE-2025-58434

Flowise Sandbox Escape CVE-2026-46442 Flowise RCE Flowise Auth Bypass, Unauthenticated Registration Flowise RCE, WriteFileTool FlowiseAI, account takeover CVE-2025-58434

Critical Flowise Flaw Allows Unauthenticated Remote Admin Takeover via Exposed Registration Endpoint

Do Son November 18, 2025

The team behind Flowise—a popular open-source platform for building AI agents and LLM workflows—has issued an urgent...

PoC Exploit Releases for Windows Privilege Escalation Vulnerability WindowsAI Recall LPE, Symlink Attack

PoC Exploit Releases for Windows Privilege Escalation Vulnerability

Do Son November 13, 2025

Microsoft has patched a newly disclosed local privilege escalation (LPE) vulnerability affecting the Host Process for Windows...

Critical Zimbra Flaw Fixed: Patch Addresses Multiple Stored XSS and Unauthenticated LFI in Mail Client Zimbra Critical XSS, Unauthenticated LFI

Zimbra Critical XSS, Unauthenticated LFI

Critical Zimbra Flaw Fixed: Patch Addresses Multiple Stored XSS and Unauthenticated LFI in Mail Client

Do Son November 11, 2025

Zimbra has issued a critical security patch, Zimbra Daffodil (v10.1.13), to address a host of vulnerabilities in...

Critical Dell CloudLink Flaws Allow User to Escape Shell and Gain Full System Control Dell CloudLink Privilege Escalation, Command Injection

Critical Dell CloudLink Flaws Allow User to Escape Shell and Gain Full System Control

Do Son November 6, 2025

Dell Technologies has issued a critical security advisory addressing multiple vulnerabilities in its CloudLink encryption management software,...

Researcher Releases PoC Exploit for Windows Elevation of Privilege Vulnerability Win32K Type Confusion, DirectComposition LPE

Researcher Releases PoC Exploit for Windows Elevation of Privilege Vulnerability

Do Son November 4, 2025

Security researcher Hyeonjin Choi has detailed a serious privilege escalation vulnerability (CVE-2025-50168) in Microsoft Windows’ Win32K subsystem,...

Critical strongSwan Heap Overflow in EAP-MSCHAPv2 Plugin Allows Remote Code Execution CVE-2025-62291 strongSwan Heap Overflow

Critical strongSwan Heap Overflow in EAP-MSCHAPv2 Plugin Allows Remote Code Execution

Do Son October 29, 2025

The strongSwan Team has disclosed a critical heap-based buffer overflow vulnerability (CVE-2025-62291) in the EAP-MSCHAPv2 plugin used...

Ubiquiti Patches Critical CVSS 10 Flaw in UniFi Access That Exposed Management API Without Authentication UniFi Access Bypass, CVE-2025-52665

Ubiquiti Patches Critical CVSS 10 Flaw in UniFi Access That Exposed Management API Without Authentication

Do Son October 27, 2025

Ubiquiti has released a security update to address a critical authentication bypass vulnerability (CVE-2025-52665) in its UniFi...

Researcher Demonstrates Local Privilege Escalation in Legacy Windows Modem Driver Exploited in the Wild CVE-2025-24990 Agere Modem Driver, Arbitrary Kernel R/W

CVE-2025-24990 Agere Modem Driver, Arbitrary Kernel R/W

Researcher Demonstrates Local Privilege Escalation in Legacy Windows Modem Driver Exploited in the Wild

Do Son October 22, 2025

Security researcher Jordan Jay has published an extensive technical breakdown of CVE-2025-24990, a high-severity Elevation of Privilege...

Researcher Details Zero-Click RCE in Dolby Audio Decoder Affecting Android, iOS, and macOS Dolby Zero-Click RCE, Audio Decoder Overflow

Researcher Details Zero-Click RCE in Dolby Audio Decoder Affecting Android, iOS, and macOS

Do Son October 20, 2025

Researchers Ivan Fratric and Natalie Silvanovich from Google Project Zero have disclosed a critical 0-click vulnerability (CVE-2025-54957,...

Zero-Click NTLM Leak Returns: New LNK Bypass (PoC Available) Bypasses Patch, Exposing Credentials Zero-Click NTLM Credential Leak, LNK Bypass

Zero-Click NTLM Leak Returns: New LNK Bypass (PoC Available) Bypasses Patch, Exposing Credentials

Do Son October 17, 2025

A cybersecurity researcher at Cymulate Research Labs, Ruben Enkaoua, has discovered yet another zero-click NTLM credential leakage...

Critical Alert 4 Active Exploits Detected Today