Vulnerability Archives • Page 54 of 190 • Daily CyberSecurity

CVE-2024-38819: Spring Framework Path Traversal PoC Exploit Released CVE-2024-38819 PoC

CVE-2024-38819: Spring Framework Path Traversal PoC Exploit Released

Do Son December 15, 2024

A critical vulnerability in the Spring Framework, tracked as CVE-2024-38819 (CVSS score 7.5), has been publicly disclosed,...

Open Sesame Attack: Ruijie Networks Devices Vulnerable to Remote Takeover Open Sesame attack - CVE-2024-52324

Open Sesame Attack: Ruijie Networks Devices Vulnerable to Remote Takeover

Do Son December 15, 2024

In a critical revelation highlighting the vulnerabilities of IoT ecosystems, Team82 has published a report detailing 10...

CVE-2024-45337: Golang Crypto Library Flawed, Risks Authorization Bypass

Do Son December 15, 2024

A critical security vulnerability, tracked as CVE-2024-45337 (CVSS 9.1), has been discovered in the Golang cryptography library....

CVE-2024-55884 (CVSS 9.0): Critical Vulnerability Found in Mullvad VPN

Do Son December 15, 2024

X41 D-Sec GmbH, a leading cybersecurity firm, has completed a white-box penetration test of the Mullvad VPN...

336,000 Prometheus Servers at Risk: Urgent Security Alert Screenshot 2024-12-15 135137

336,000 Prometheus Servers at Risk: Urgent Security Alert

Do Son December 15, 2024

In a recent investigation, Aqua Nautilus uncovered alarming security vulnerabilities within the Prometheus ecosystem. Their research highlights...

Multiple Critical Vulnerabilities Expose GLPI to Widespread Attacks GLPI - CVE-2024-50339

Multiple Critical Vulnerabilities Expose GLPI to Widespread Attacks

Do Son December 15, 2024

A series of critical security vulnerabilities have been discovered in GLPI (Gestionnaire Libre de Parc Informatique), a...

CVE-2024-11053: Curl Vulnerability Exposes User Credentials in Redirects

Do Son December 14, 2024

A recently discovered vulnerability in the popular curl command line tool and library, tracked as CVE-2024-11053 and...

Critical Microsoft Azure MFA Bypass Exposed: What You Need to Know Microsoft Azure MFA Bypass KMS38 Broken Windows KMS Change

Critical Microsoft Azure MFA Bypass Exposed: What You Need to Know

Do Son December 14, 2024

Oasis Security’s research team has unveiled a critical vulnerability in Microsoft Azure’s Multi-Factor Authentication (MFA) system, exposing...

DCOM Upload & Execute: A New Backdoor Technique Unveiled DCOM Lateral movement

DCOM Upload & Execute: A New Backdoor Technique Unveiled

Do Son December 13, 2024

Deep Instinct Security Researcher Eliran Nissan has uncovered a new and potent lateral movement technique, “DCOM Upload...

Over 15,000 Sites at Risk: Woffice WordPress Theme Vulnerabilities Could Lead to Full Site Takeovers WordPress Privilege Escalation CVE-2026-1492 Sneeit Framework RCE, Unauthenticated Code Execution Post SMTP, Account Takeover WordPress Vulnerability, Unpatched XSS WordPress Vulnerability, PHP Object Injection WordPress AI Engine, Privilege Escalation CVE-2024-43153 & CVE-2024-43234

WordPress Privilege Escalation CVE-2026-1492 Sneeit Framework RCE, Unauthenticated Code Execution Post SMTP, Account Takeover WordPress Vulnerability, Unpatched XSS WordPress Vulnerability, PHP Object Injection WordPress AI Engine, Privilege Escalation CVE-2024-43153 & CVE-2024-43234

Over 15,000 Sites at Risk: Woffice WordPress Theme Vulnerabilities Could Lead to Full Site Takeovers

Do Son December 13, 2024

Patchstack has disclosed two critical vulnerabilities in the widely used Woffice WordPress theme, a premium intranet/extranet solution...

Abusing Microsoft’s UI Automation Framework: The New Evasion Technique Bypassing EDR DPRK IT Workers, APT38 Crypto Forfeiture

Abusing Microsoft’s UI Automation Framework: The New Evasion Technique Bypassing EDR

Do Son December 13, 2024

Akamai security researcher Tomer Peled has unveiled a novel attack technique exploiting Microsoft’s legacy UI Automation framework,...

Dell Warns of Critical Flaws in Enterprise Products, Including CVE-2024-37143 (CVSS 10) CVE-2024-37143 & CVE-2024-37144 Dell PowerScale OneFS vulnerability

Dell Warns of Critical Flaws in Enterprise Products, Including CVE-2024-37143 (CVSS 10)

Do Son December 12, 2024

Dell has released a critical security update to address multiple vulnerabilities impacting several of its enterprise products,...

Everon OCPP Vulnerability CVE-2026-26288 ASUSTOR ADM Vulnerability CVE-2026-24936 PrismX MX100 Vulnerability Hard-Coded Credentials Advantech Vulnerability CVE-2025-52694 Eaton UPS Companion, CVE-2025-59887 ASUS Router, Authentication Bypass ASUSTOR DLL Hijacking, Privilege Escalation OpenShift AI, Privilege Escalation GoAnywhere vulnerability CVE-2025-10035 LangChainGo, template injection DeepDiff, class pollution ToolShell Sunshine, CSRF Vulnerability KACE SMA, Critical Vulnerabilities Oracle Zero-Days - PDQ Deploy vulnerability

PDQ Deploy Vulnerability Exposes Admin Credentials: CERT/CC Issues Advisory

Do Son December 12, 2024

A critical vulnerability in PDQ Deploy, a software deployment service used by system administrators, has been highlighted...

Citrix NetScaler Under Siege: Significant Increase in Brute Force Attacks Observed Citrix NetScaler attack

Citrix NetScaler Under Siege: Significant Increase in Brute Force Attacks Observed

Do Son December 12, 2024

A significant increase in brute-force attacks targeting outdated and misconfigured Citrix NetScaler devices has been observed in...

CVE-2024-55633: Apache Superset Vulnerability Exposes Sensitive Data to Unauthorized Modification CVE-2024-55633 Apache Superset Security CVE-2026-23984

CVE-2024-55633 Apache Superset Security CVE-2026-23984

CVE-2024-55633: Apache Superset Vulnerability Exposes Sensitive Data to Unauthorized Modification

Do Son December 12, 2024

A newly discovered vulnerability in Apache Superset, a popular open-source business intelligence platform, could allow attackers to...

Active Exploitation Observed for CVE-2024-11972 (CVSS 9.8): WordPress Plugin Flaw Exposes 10,000+ Sites to Backdoor Attacks CVE-2024-11972 - Hunk Companion

Active Exploitation Observed for CVE-2024-11972 (CVSS 9.8): WordPress Plugin Flaw Exposes 10,000+ Sites to Backdoor Attacks

Do Son December 12, 2024

A serious vulnerability in the Hunk Companion plugin for WordPress, tracked as CVE-2024-11972 (CVSS 9.8), has been...

Modular Java Backdoor Emerges in Cleo Exploitation Campaign (CVE-2024-50623) TEMPEST attacks

Modular Java Backdoor Emerges in Cleo Exploitation Campaign (CVE-2024-50623)

Do Son December 12, 2024

Rapid7 Labs and its Managed Detection and Response (MDR) team uncovered a sophisticated modular Java-based Remote Access...

CVE-2024-53677 (CVSS 9.5): Critical Vulnerability in Apache Struts Allows Remote Code Execution CVE-2024-53677 Apache Struts 2 DoS, File Leak Vulnerability

CVE-2024-53677 Apache Struts 2 DoS, File Leak Vulnerability

CVE-2024-53677 (CVSS 9.5): Critical Vulnerability in Apache Struts Allows Remote Code Execution

Do Son December 11, 2024

Developers using the popular Apache Struts framework are urged to update their systems immediately following the discovery...

PoC Exploit Code Releases Cleo Zero-Day Vulnerability (CVE-2024-50623) FortiClient EMS exploitation Cisco FIRESTARTER Backdoor Arcane Door Campaign Dell RecoverPoint Zero-Day UNC6201 Espionage Notepad++ Compromise Supply Chain Attack Magento SessionReaper CVE-2025-54236 ShadowRay 2.0, AI-Generated Malware WordPress Auth Bypass, CVE-2025-5947 Exploited EcoStruxure Vulnerabilities, Industrial Control System UNC5820 - CVE-2014-2120 - CVE-2021-44207