Vulnerability Archives • Page 4 of 190 • Daily CyberSecurity

macOS Privilege Escalation Flaw Bypasses Patch for Root Access, Poc Releases! macOS Privilege Escalation, .zprofile Exploit

macOS Privilege Escalation Flaw Bypasses Patch for Root Access, Poc Releases!

Ddos December 9, 2025

Security researcher Morris Richman has disclosed a new privilege escalation vulnerability, CVE-2025-43472, which could allow an attacker...

PoC Available: Bluetooth Flaw Risks DoS Crash on Smart Cars and Wear OS BlueShrimp, Android Automotive UAF

PoC Available: Bluetooth Flaw Risks DoS Crash on Smart Cars and Wear OS

Ddos December 8, 2025

While most Android users can breathe a sigh of relief, a newly analyzed Bluetooth vulnerability presents a...

Critical cPanel Flaw (CVSS 9.3) Allows Directory Traversal LPE for Full Server Takeover cPanel WHM Vulnerabilities 2026 CVE-2026-29205 Arbitrary File Read cPanel Security Vulnerability Perl Injection Exploit cPanel Authentication WHM Security cPanel Privilege Escalation, Directory Traversal LPE

Critical cPanel Flaw (CVSS 9.3) Allows Directory Traversal LPE for Full Server Takeover

Ddos December 3, 2025

cPanel, the industry-standard control panel software that powers a vast portion of the web hosting market, has...

Secure Boot certificate renewal 2026, Windows 11 UEFI update Community-First AI Infrastructure, Microsoft self-funding energy mandate aka.ms/aoh online portal CVE-2025-55681, Windows DWM Elevation Windows Administrator Protection, CVE-2025-60718 Microsoft AI Compute, IREN Infrastructure Microsoft Japan PPA, Renewable Energy Microsoft AI Investment, Cloud Expansion Microsoft Azure, Startup Credits Infinite Workday, AI in Work Microsoft Russia, Bankruptcy AI code generation, Microsoft AI Microsoft Layoffs, Restructuring

PoC Exploit Releases for CVE-2025-60718 – Windows Administrator Protection Elevation of Privilege Vulnerability

Ddos December 1, 2025

A significant crack has been discovered in the armor of Windows Administrator Protection, potentially allowing low-privileged attackers...

CVE-2025-54918: Windows NTLM Elevation of Privilege Vulnerability Smart App Control blocking Armoury Crate, ROG Ally Defender false positive 2026 Microsoft Zero-Day, Cloud Files UAF Microsoft Access end of life CVE-2025-21298 Azure Vulnerabilities

Smart App Control blocking Armoury Crate, ROG Ally Defender false positive 2026 Microsoft Zero-Day, Cloud Files UAF Microsoft Access end of life CVE-2025-21298 Azure Vulnerabilities

CVE-2025-54918: Windows NTLM Elevation of Privilege Vulnerability

Ddos November 26, 2025

Just when administrators thought NTLM relay attacks were becoming a thing of the past, a dangerous new...

Critical Flowise Flaw Allows Unauthenticated Remote Admin Takeover via Exposed Registration Endpoint Flowise Sandbox Escape CVE-2026-46442 Flowise RCE Flowise Auth Bypass, Unauthenticated Registration Flowise RCE, WriteFileTool FlowiseAI, account takeover CVE-2025-58434

Flowise Sandbox Escape CVE-2026-46442 Flowise RCE Flowise Auth Bypass, Unauthenticated Registration Flowise RCE, WriteFileTool FlowiseAI, account takeover CVE-2025-58434

Critical Flowise Flaw Allows Unauthenticated Remote Admin Takeover via Exposed Registration Endpoint

Ddos November 18, 2025

The team behind Flowise—a popular open-source platform for building AI agents and LLM workflows—has issued an urgent...

PoC Exploit Releases for Windows Privilege Escalation Vulnerability WindowsAI Recall LPE, Symlink Attack

PoC Exploit Releases for Windows Privilege Escalation Vulnerability

Ddos November 13, 2025

Microsoft has patched a newly disclosed local privilege escalation (LPE) vulnerability affecting the Host Process for Windows...

Critical Zimbra Flaw Fixed: Patch Addresses Multiple Stored XSS and Unauthenticated LFI in Mail Client Zimbra Critical XSS, Unauthenticated LFI

Zimbra Critical XSS, Unauthenticated LFI

Critical Zimbra Flaw Fixed: Patch Addresses Multiple Stored XSS and Unauthenticated LFI in Mail Client

Ddos November 11, 2025

Zimbra has issued a critical security patch, Zimbra Daffodil (v10.1.13), to address a host of vulnerabilities in...

Critical Dell CloudLink Flaws Allow User to Escape Shell and Gain Full System Control Dell CloudLink Privilege Escalation, Command Injection

Critical Dell CloudLink Flaws Allow User to Escape Shell and Gain Full System Control

Ddos November 6, 2025

Dell Technologies has issued a critical security advisory addressing multiple vulnerabilities in its CloudLink encryption management software,...

Researcher Releases PoC Exploit for Windows Elevation of Privilege Vulnerability Win32K Type Confusion, DirectComposition LPE

Researcher Releases PoC Exploit for Windows Elevation of Privilege Vulnerability

Ddos November 4, 2025

Security researcher Hyeonjin Choi has detailed a serious privilege escalation vulnerability (CVE-2025-50168) in Microsoft Windows’ Win32K subsystem,...

Critical strongSwan Heap Overflow in EAP-MSCHAPv2 Plugin Allows Remote Code Execution CVE-2025-62291 strongSwan Heap Overflow

Critical strongSwan Heap Overflow in EAP-MSCHAPv2 Plugin Allows Remote Code Execution

Ddos October 29, 2025

The strongSwan Team has disclosed a critical heap-based buffer overflow vulnerability (CVE-2025-62291) in the EAP-MSCHAPv2 plugin used...

Ubiquiti Patches Critical CVSS 10 Flaw in UniFi Access That Exposed Management API Without Authentication UniFi Access Bypass, CVE-2025-52665

Ubiquiti Patches Critical CVSS 10 Flaw in UniFi Access That Exposed Management API Without Authentication

Ddos October 27, 2025

Ubiquiti has released a security update to address a critical authentication bypass vulnerability (CVE-2025-52665) in its UniFi...

Researcher Demonstrates Local Privilege Escalation in Legacy Windows Modem Driver Exploited in the Wild CVE-2025-24990 Agere Modem Driver, Arbitrary Kernel R/W

CVE-2025-24990 Agere Modem Driver, Arbitrary Kernel R/W

Researcher Demonstrates Local Privilege Escalation in Legacy Windows Modem Driver Exploited in the Wild

Ddos October 22, 2025

Security researcher Jordan Jay has published an extensive technical breakdown of CVE-2025-24990, a high-severity Elevation of Privilege...

Researcher Details Zero-Click RCE in Dolby Audio Decoder Affecting Android, iOS, and macOS Dolby Zero-Click RCE, Audio Decoder Overflow

Researcher Details Zero-Click RCE in Dolby Audio Decoder Affecting Android, iOS, and macOS

Ddos October 20, 2025

Researchers Ivan Fratric and Natalie Silvanovich from Google Project Zero have disclosed a critical 0-click vulnerability (CVE-2025-54957,...

Zero-Click NTLM Leak Returns: New LNK Bypass (PoC Available) Bypasses Patch, Exposing Credentials Zero-Click NTLM Credential Leak, LNK Bypass

Zero-Click NTLM Leak Returns: New LNK Bypass (PoC Available) Bypasses Patch, Exposing Credentials

Ddos October 17, 2025

A cybersecurity researcher at Cymulate Research Labs, Ruben Enkaoua, has discovered yet another zero-click NTLM credential leakage...

Linux Kernel TLS UAF Flaw Allows Local RCE via Async Decrypt – PoC Available Linux TLS UAF, CVE-2024-26582

Linux Kernel TLS UAF Flaw Allows Local RCE via Async Decrypt – PoC Available

Ddos October 10, 2025

Security researcher Chino Kafuu details a flaw buried deep within the Transport Layer Security (TLS) subsystem of...

shell-quote command injection AI-Driven Vulnerabilities Q1 2026 Cyber Threats vm2 Sandbox Escape Node.js RCE upKeeper Privilege Escalation CVE-2026-2449 Pharos Controls Vulnerability Root Access Exploit Cybersecurity Vulnerability Roundup CVSS 10.0 Flaws Shadow Archives CVE-2026-0866 MS-Agent Prompt Injection CVE-2026-2256 basic-ftp Path Traversal CVE-2026-27699 telnetd Root Vulnerability CVE-1999-0073 Regression USR-W610 Vulnerabilities End-of-Life IoT Security IceWarp Security Update IceWarp Vulnerabilities Airleader Master Vulnerability CVE-2026-1358 ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

Critical CVSS 10.0 SQL Injection Vulnerability Patched in Esri ArcGIS Server

Ddos October 9, 2025

Esri has released a critical security patch addressing a SQL injection vulnerability (CVE-2025-57870) in ArcGIS Server, a...

PoC Released for Linux Kernel Escalates Privileges Flaw Linux kernel exploit - SLUBStick - Cross-Cache Attacks

PoC Released for Linux Kernel Escalates Privileges Flaw

Ddos October 7, 2025

A detailed exploit analysis of CVE-2023-4921 (CVSS 7.8) reveals how a subtle use-after-free flaw in the Linux...

Critical Denial-of-Service Vulnerability Discovered in HAProxy

Ddos October 6, 2025

A newly discovered vulnerability in HAProxy, the widely used open-source reverse proxy and load balancer, could allow...

PoC Released: Linux Kernel Flaw Allows User to Gain Root Privileges CrackArmor AppArmor Vulnerabilities Linux Kernel UAF, Privilege Escalation PoC CVE-2024-27397 PoC

CrackArmor AppArmor Vulnerabilities Linux Kernel UAF, Privilege Escalation PoC CVE-2024-27397 PoC

PoC Released: Linux Kernel Flaw Allows User to Gain Root Privileges

Ddos October 2, 2025

Security researcher Huyinhao has published a deep-dive analysis of CVE-2025-21701, a newly disclosed Linux kernel vulnerability rated...

Critical Alert 1 Active Exploit Detected Today