Vulnerability Archives • Page 5 of 190 • Daily CyberSecurity

Zero-Day PoC Published: Privilege Escalation Flaw in VMware Tools Used by Chinese APT

Cisco SD-WAN Vulnerability CVE-2026-20133 FortiGate Compromise Ivanti EPMM Zero-Day CVE-2026-1281 SmarterMail Vulnerability Storm-2603 WatchGuard Zero-Day, IKEv2 Out-of-Bounds Write Cisco Zero-Day, UAT-9686 Chinese APT FortiWeb RCE Exploitation CVE-2025-58034 VMware Zero-Day, Privilege Escalation Sitecore, remote code execution CVE-2025-53690 Windows CLFS, Privilege Escalation CVE-2024-47575 & CVE-2024-11120 CVE-2025-24983 vulnerability

Zero-Day PoC Published: Privilege Escalation Flaw in VMware Tools Used by Chinese APT

Ddos September 30, 2025

A newly disclosed local privilege escalation vulnerability, CVE-2025-41244, has been exploited as a zero-day in the wild,...

Under the Hood of a Kernel Crash: PoC Exposes Race Condition in Qualcomm’s Driver Qualcomm Samsung 2nm foundry deal, Snapdragon 8 Elite 2nm refresh Qualcomm Ventana Acquisition, RISC-V Strategy Qualcomm Autotalks, China Antitrust Qualcomm Antitrust, Which? Lawsuit Qualcomm GPU driver, CVE-2024-38399 Qualcomm's March 2025 Security Bulletin

Qualcomm Samsung 2nm foundry deal, Snapdragon 8 Elite 2nm refresh Qualcomm Ventana Acquisition, RISC-V Strategy Qualcomm Autotalks, China Antitrust Qualcomm Antitrust, Which? Lawsuit Qualcomm GPU driver, CVE-2024-38399 Qualcomm's March 2025 Security Bulletin

Under the Hood of a Kernel Crash: PoC Exposes Race Condition in Qualcomm’s Driver

Ddos September 30, 2025

Independent researcher Strey Paws has published an in-depth analysis of CVE-2024-38399, a race condition in Qualcomm’s KGSL...

PoC Exploit Details for Actively Exploited iOS Zero-Day Flaw Now Public Coruna Exploit Kit iOS Security Update Apple Zero-Day CVE-2026-20700 Apple Data Privacy Day 2026, iPhone privacy features guide iOS Privilege Escalation, CVE-2025-24085 PoC Apple Manufacturing Academy, US Investment CVE-2024-44258 - symlink vulnerability

Coruna Exploit Kit iOS Security Update Apple Zero-Day CVE-2026-20700 Apple Data Privacy Day 2026, iPhone privacy features guide iOS Privilege Escalation, CVE-2025-24085 PoC Apple Manufacturing Academy, US Investment CVE-2024-44258 - symlink vulnerability

PoC Exploit Details for Actively Exploited iOS Zero-Day Flaw Now Public

Ddos September 29, 2025

Proof-of-concept exploit code is now publicly available online for a zero-day flaw in iOS/iPadOS, macOS, tvOS, watchOS,...

Two Linux Kernel Vulnerabilities Expose HID Subsystem to Exploitation, PoC Published Linux HID PoC, USB Memory Leak

Two Linux Kernel Vulnerabilities Expose HID Subsystem to Exploitation, PoC Published

Ddos September 26, 2025

The Linux community is patching two new vulnerabilities in the HID (Human Interface Device) core subsystem, tracked...

PoC Released for CVE-2025-41243 – A Spring Cloud Gateway Flaw with CVSS 10.0

Ddos September 22, 2025

Security researcher Ezzer17 published a clear, methodical write-up that walks through the root cause, the partial fixes,...

Stack-Based Buffer Overflow in Squid Could Let Hackers Execute Arbitrary Code CVE-2024-25617 CVE-2025-59362 Squid Proxy ICP Vulnerability

Stack-Based Buffer Overflow in Squid Could Let Hackers Execute Arbitrary Code

Ddos September 15, 2025

Squid, the widely deployed caching proxy supporting HTTP, HTTPS, FTP, and more, has patched a critical security...

PoC Released: Django SQL Injection Flaw with Technical Details poc-avai

PoC Released: Django SQL Injection Flaw with Technical Details

Ddos September 10, 2025

The Django Software Foundation has patched a high-severity SQL injection vulnerability in Django’s FilteredRelation feature. Tracked as...

CVSS 9.8 Flaw in macOS Allows Apps to Access Protected User Data, PoC Available macOS vulnerability, file copy APIs

CVSS 9.8 Flaw in macOS Allows Apps to Access Protected User Data, PoC Available

Ddos September 9, 2025

Security researcher Mickey Jin (@patch1t) has uncovered a critical vulnerability in Apple’s file copy APIs that could...

PgAdmin Flaw Exposes Accounts to OAuth Hijacking Attacks CVE-2024-2044 pgAdmin, OAuth vulnerability

PgAdmin Flaw Exposes Accounts to OAuth Hijacking Attacks

Ddos September 8, 2025

The developers of pgAdmin, the most widely used open-source administration and development platform for PostgreSQL, have patched...

PoC Available: macOS Sequoia Flaw Allows Keychain Dump and TCC Bypass (CVSS 9.8) macOS Sequoia, gcore vulnerability

PoC Available: macOS Sequoia Flaw Allows Keychain Dump and TCC Bypass (CVSS 9.8)

Ddos September 5, 2025

Apple has patched a critical security vulnerability in macOS Sequoia, tracked as CVE-2025-24204 (CVSS 9.8), that could...

Everon OCPP Vulnerability CVE-2026-26288 ASUSTOR ADM Vulnerability CVE-2026-24936 PrismX MX100 Vulnerability Hard-Coded Credentials Advantech Vulnerability CVE-2025-52694 Eaton UPS Companion, CVE-2025-59887 ASUS Router, Authentication Bypass ASUSTOR DLL Hijacking, Privilege Escalation OpenShift AI, Privilege Escalation GoAnywhere vulnerability CVE-2025-10035 LangChainGo, template injection DeepDiff, class pollution ToolShell Sunshine, CSRF Vulnerability KACE SMA, Critical Vulnerabilities Oracle Zero-Days - PDQ Deploy vulnerability

CVSS 10.0 RCE in Popular Python Library (36M+ Monthly Downloads), PoC Available

Ddos September 4, 2025

The widely used Python library DeepDiff, downloaded over 36 million times per month, has been found vulnerable...

GNU Guix Issues Advisory for a Critical Privilege Escalation Flaw GNU Guix, privilege escalation guix-daemon vulnerability

GNU Guix Issues Advisory for a Critical Privilege Escalation Flaw

Ddos September 4, 2025

The GNU Guix team has issued a critical security advisory warning users to immediately update their systems...

PoC Published for Remote Code Execution Flaw in Microsoft IIS Web Deploy Remote code execution, IIS Web Deploy

PoC Published for Remote Code Execution Flaw in Microsoft IIS Web Deploy

Ddos September 3, 2025

Security researcher Batuhan Er of HawkTrace has been credited by Microsoft for uncovering CVE-2025-53772, a critical remote...

Linux Kernel 7.1 i486 support Linux 7.0 HIPPI support removal, legacy networking protocol retirement Linus Torvalds AI slop Linux kernel, Lorenzo Stoakes AI tool debate Linux Kernel Rust CVE-2025-68260, Android Binder Rust Race Condition TSEM Security Module Controversy, Linus Torvalds LSM Dispute Kernel Panic, PoC released Linux Kernel 6.16, File System Fixes CVE-2023-42753 - Linux Kernel Developers

Linux Kernel Panic Triggered by Race Condition, PoC Released

Ddos September 2, 2025

A new Linux kernel vulnerability, tracked as CVE-2025-38617, has been analyzed by security researcher Pumpkin (@u1f383) from...

PoC Exploit Released for Nagios XI RCE Flaw Allows Attackers to Hijack Servers Nagios XI, remote code execution

PoC Exploit Released for Nagios XI RCE Flaw Allows Attackers to Hijack Servers

Ddos September 1, 2025

Nagios XI, one of the most widely used IT infrastructure monitoring solutions, has been found vulnerable to...

PoC Published: A Format String Bug in ImageMagick Could Allow Remote Code Execution ImageMagick, remote code execution

PoC Published: A Format String Bug in ImageMagick Could Allow Remote Code Execution

Ddos August 29, 2025

The developers of ImageMagick, one of the most widely used open-source image processing libraries, have disclosed a...

PoC Published: Critical Unauthenticated Command Injection Flaw in D-Link Routers (CVSS 9.8), No Patch! D-Link, command injection

PoC Published: Critical Unauthenticated Command Injection Flaw in D-Link Routers (CVSS 9.8), No Patch!

Ddos August 29, 2025

D-Link has issued a Security Announcement regarding multiple critical vulnerabilities discovered in its legacy DIR-series routers. These...

A CVSS 9.6 Remote Flaw Allows Unauthenticated Attackers to Bypass Dell ThinOS Dell ThinOS, remote access

A CVSS 9.6 Remote Flaw Allows Unauthenticated Attackers to Bypass Dell ThinOS

Ddos August 28, 2025

Dell Technologies has issued a security advisory addressing several high-severity vulnerabilities in its ThinOS 10 platform, widely...

PoC Available: D-Link Router Flaw with CVSS 9.8 and No Patch D-Link EOL RCE, Unauthenticated Command Injection D-Link Command Injection CVE-2025-57105