Vulnerability Archives • Page 7 of 190 • Daily CyberSecurity

Metasploit Module Released for Actively Exploited Microsoft SharePoint Flaw CVE-2025-53770 SharePoint RCE, Metasploit Exploit

Metasploit Module Released for Actively Exploited Microsoft SharePoint Flaw CVE-2025-53770

Do Son July 23, 2025

A newly released Metasploit module highlights the critical threat posed by an actively exploited remote code execution...

Critical Arbitrary File Upload Vulnerability in SonicWall SMA 100 Series Devices SonicWall ES RCE, Code Integrity Bypass SonicWall SMA, Arbitrary File Upload SonicWall SMA100 - CVE-2024-40764

SonicWall ES RCE, Code Integrity Bypass SonicWall SMA, Arbitrary File Upload SonicWall SMA100 - CVE-2024-40764

Critical Arbitrary File Upload Vulnerability in SonicWall SMA 100 Series Devices

Do Son July 23, 2025

SonicWall has issued a critical security advisory for a newly identified vulnerability—CVE-2025-40599—affecting its SMA 100 series appliances,...

RCEs in Schneider Electric EcoStruxure Power Operation: Actively Exploited, Public PoCs Available FortiClient EMS exploitation Cisco FIRESTARTER Backdoor Arcane Door Campaign Dell RecoverPoint Zero-Day UNC6201 Espionage Notepad++ Compromise Supply Chain Attack Magento SessionReaper CVE-2025-54236 ShadowRay 2.0, AI-Generated Malware WordPress Auth Bypass, CVE-2025-5947 Exploited EcoStruxure Vulnerabilities, Industrial Control System UNC5820 - CVE-2014-2120 - CVE-2021-44207

FortiClient EMS exploitation Cisco FIRESTARTER Backdoor Arcane Door Campaign Dell RecoverPoint Zero-Day UNC6201 Espionage Notepad++ Compromise Supply Chain Attack Magento SessionReaper CVE-2025-54236 ShadowRay 2.0, AI-Generated Malware WordPress Auth Bypass, CVE-2025-5947 Exploited EcoStruxure Vulnerabilities, Industrial Control System UNC5820 - CVE-2014-2120 - CVE-2021-44207

RCEs in Schneider Electric EcoStruxure Power Operation: Actively Exploited, Public PoCs Available

Do Son July 23, 2025

The Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with Schneider Electric, has issued a security advisory...

Critical Kubernetes Image Builder Flaw: Default Credentials Grant Root Access to Windows Nodes Ingress-Nginx Vulnerability Kubernetes RCE Vulnerability CVE-2025-9708 Kubernetes Security, Image Builder Vulnerability CVE-2024-10220 - OPA Gatekeeper Bypass

Ingress-Nginx Vulnerability Kubernetes RCE Vulnerability CVE-2025-9708 Kubernetes Security, Image Builder Vulnerability CVE-2024-10220 - OPA Gatekeeper Bypass

Critical Kubernetes Image Builder Flaw: Default Credentials Grant Root Access to Windows Nodes

Do Son July 22, 2025

The Kubernetes project has issued an important advisory addressing a critical vulnerability—CVE-2025-7342 (CVSS 8.1)—in the Kubernetes Image...

Cisco SD-WAN Vulnerability CVE-2026-20133 FortiGate Compromise Ivanti EPMM Zero-Day CVE-2026-1281 SmarterMail Vulnerability Storm-2603 WatchGuard Zero-Day, IKEv2 Out-of-Bounds Write Cisco Zero-Day, UAT-9686 Chinese APT FortiWeb RCE Exploitation CVE-2025-58034 VMware Zero-Day, Privilege Escalation Sitecore, remote code execution CVE-2025-53690 Windows CLFS, Privilege Escalation CVE-2024-47575 & CVE-2024-11120 CVE-2025-24983 vulnerability

Windows Zero-Day Actively Exploited by Ransomware Gangs – PoC Available!

Do Son July 21, 2025

In April 2025, Microsoft issued a critical security patch addressing a serious vulnerability in the Windows Common...

shell-quote command injection AI-Driven Vulnerabilities Q1 2026 Cyber Threats vm2 Sandbox Escape Node.js RCE upKeeper Privilege Escalation CVE-2026-2449 Pharos Controls Vulnerability Root Access Exploit Cybersecurity Vulnerability Roundup CVSS 10.0 Flaws Shadow Archives CVE-2026-0866 MS-Agent Prompt Injection CVE-2026-2256 basic-ftp Path Traversal CVE-2026-27699 telnetd Root Vulnerability CVE-1999-0073 Regression USR-W610 Vulnerabilities End-of-Life IoT Security IceWarp Security Update IceWarp Vulnerabilities Airleader Master Vulnerability CVE-2026-1358 ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

Critical Flaw (CVSS 9.8) in Ubiquiti UniFi Access Devices Allows RCE

Do Son July 18, 2025

Ubiquiti has issued a security advisory for a critical vulnerability affecting multiple models in its UniFi Access...

Critical Backdoors & RCE Found in Nexxt Solutions Mesh Routers: Unauthenticated Takeover Possible, PoC Published

Do Son July 17, 2025

Security researcher Vagebondcur has uncovered four vulnerabilities in the Nexxt Solutions NCM-X1800 mesh router, including unauthenticated telnet...

Critical Pre-Auth Root RCE Found in Samsung WLAN APs, PoC Published – Patch Now! Samsung RCE, WLAN AP Exploit

Critical Pre-Auth Root RCE Found in Samsung WLAN APs, PoC Published – Patch Now!

Do Son July 16, 2025

A critical vulnerability—CVE-2025-34068—has been discovered in Samsung’s WLAN AP WEA453e access points, allowing unauthenticated remote command execution...

Symantec Endpoint Management Alert: Critical Flaw Allows Unauthenticated RCE, PoC Releases Symantec Endpoint Management, Remote Code Execution

Symantec Endpoint Management, Remote Code Execution

Symantec Endpoint Management Alert: Critical Flaw Allows Unauthenticated RCE, PoC Releases

Do Son July 14, 2025

A critical remote code execution (RCE) vulnerability has been discovered in the Symantec Endpoint Management suite, also...

Linux Kernel Flaw: Root Privilege Escalation Via Use-After-Free, PoC Available! Linux Kernel, Privilege Escalation

Linux Kernel Flaw: Root Privilege Escalation Via Use-After-Free, PoC Available!

Do Son July 14, 2025

Security researcher D3vil has uncovered and weaponized a kernel-level Use-After-Free (UAF) vulnerability—CVE-2025-38001—within the Linux networking stack. The...

Juniper Security Director Alert: Critical Flaw Allows Unauthenticated Access to Sensitive Resources Junos OS Evolved CVE-2026-21902 Juniper Security Director, Critical Vulnerability Junos OS vulnerabilities - CVE-2025-21598 & CVE-2025-21599

Junos OS Evolved CVE-2026-21902 Juniper Security Director, Critical Vulnerability Junos OS vulnerabilities - CVE-2025-21598 & CVE-2025-21599

Juniper Security Director Alert: Critical Flaw Allows Unauthenticated Access to Sensitive Resources

Do Son July 11, 2025

Juniper Networks, a cornerstone in enterprise-grade network security, has issued a critical alert for a Missing Authorization...

Windows Update Flaw: SYSTEM Privilege Escalation Via Arbitrary Folder Deletion, PoC Available! Windows Update, Privilege Escalation

Windows Update Flaw: SYSTEM Privilege Escalation Via Arbitrary Folder Deletion, PoC Available!

Do Son July 10, 2025

Security researcher Filip Dragović has been credited by Microsoft for uncovering CVE-2025-48799, a local privilege escalation (LPE)...

Hardcoded Credentials & Command Injection Found in HPE Aruba Instant On Access Points HPE Aruba, Critical Vulnerability

Hardcoded Credentials & Command Injection Found in HPE Aruba Instant On Access Points

Do Son July 9, 2025

HPE Aruba Networking has issued a critical security advisory for its Instant On Access Points, urging users...

Apache Tomcat Patches Trio of Denial-of-Service Flaws CVE-2024-24549 & CVE-2024-23672 Apache Tomcat, DoS Vulnerabilities

Apache Tomcat Patches Trio of Denial-of-Service Flaws

Do Son July 9, 2025

The Apache Software Foundation has released critical updates for Apache Tomcat 9, addressing three newly disclosed denial-of-service...

MongoDB Flaws Allow Privilege Escalation & DoS MongoDB Vulnerability CVE-2026-25611 MongoDB zlib vulnerability, CVE-2025-14847 MongoDB Vulnerabilities, Data Access CVE-2024-6376 CVE-2025-0755

MongoDB Vulnerability CVE-2026-25611 MongoDB zlib vulnerability, CVE-2025-14847 MongoDB Vulnerabilities, Data Access CVE-2024-6376 CVE-2025-0755

MongoDB Flaws Allow Privilege Escalation & DoS

Do Son July 8, 2025

MongoDB Inc. has issued patches for two newly discovered vulnerabilities affecting multiple versions of its server software....

Redis Vulnerability Opens Door to Remote Code Execution, PoC Releases Redis RCE, HyperLogLog Vulnerability CVE-2024-51741 - CVE-2024-46981

Redis Vulnerability Opens Door to Remote Code Execution, PoC Releases

Do Son July 7, 2025

Redis, the beloved in-memory data store powering millions of real-time applications, has just patched a critical vulnerability...

Urgent: Linux Kernel Flaw Allows Remote Crash, PoC Available! Linux Kernel, NFS DoS NFSundown

Urgent: Linux Kernel Flaw Allows Remote Crash, PoC Available!

Do Son July 3, 2025

A newly discovered vulnerability in the Linux kernel has been assigned CVE-2025-38089, affecting systems running Network File...

Actively Exploited Google Chrome Zero-Day (CVE-2025-6554) Added to CISA’s KEV Catalog, PoC Available Chrome security update exploit in the wild Chrome Zero-Day CVE-2026-3909 Chrome Zero-Day PoC CVE-2026-2441 Chrome Zero-Day CVE-2026-2441 Chrome Zero-Day, Active Exploitation CVE-2025-10585 Chrome vulnerability, zero-day exploit CVE-2025-6558 Chrome Zero-Day, V8 Vulnerability Chrome Zero-Day, Security Update

Chrome security update exploit in the wild Chrome Zero-Day CVE-2026-3909 Chrome Zero-Day PoC CVE-2026-2441 Chrome Zero-Day CVE-2026-2441 Chrome Zero-Day, Active Exploitation CVE-2025-10585 Chrome vulnerability, zero-day exploit CVE-2025-6558 Chrome Zero-Day, V8 Vulnerability Chrome Zero-Day, Security Update

Actively Exploited Google Chrome Zero-Day (CVE-2025-6554) Added to CISA’s KEV Catalog, PoC Available

Do Son July 3, 2025

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially added a high-severity vulnerability in Google Chrome...

CVSS 9.8 RCE in Netflix Conductor Exposes Servers to Full Remote Shell – PoC Available Remote Code Execution Netflix Conductor

CVSS 9.8 RCE in Netflix Conductor Exposes Servers to Full Remote Shell – PoC Available

Do Son July 2, 2025

Netflix Conductor, the powerful microservices orchestration engine used to automate complex workflows, has been found vulnerable to...

Electron Flaws: ASAR Bypass & Buffer Overflow Threaten Desktop Apps Electron Security Sandbox Escape Electron Vulnerabilities, Desktop App Security

Electron Security Sandbox Escape Electron Vulnerabilities, Desktop App Security

Electron Flaws: ASAR Bypass & Buffer Overflow Threaten Desktop Apps

Do Son July 1, 2025

The Electron team has published a new security advisory addressing two significant vulnerabilities that could impact a...

Critical Alert 4 Active Exploits Detected Today