Vulnerability

D-Link Router Flaw Allows Remote Code Execution, PoC Publishes, NO PATCH D-Link DIR-815, Critical Vulnerability

D-Link DIR-815, Critical Vulnerability

D-Link Router Flaw Allows Remote Code Execution, PoC Publishes, NO PATCH

Do Son June 30, 2025

D-Link Corporation has issued a security advisory urging all users of the legacy DIR-815 wireless router to...

MongoDB Hit by Pre-Auth Denial of Service Vulnerability MongoDB DoS, Pre-Authentication Vulnerability CVE-2024-7553 - MongoDB Server CVE-2025-3083, CVE-2025-3084, and CVE-2025-3085

MongoDB DoS, Pre-Authentication Vulnerability CVE-2024-7553 - MongoDB Server CVE-2025-3083, CVE-2025-3084, and CVE-2025-3085

MongoDB Hit by Pre-Auth Denial of Service Vulnerability

Do Son June 27, 2025

MongoDB, one of the most widely used NoSQL databases, disclosures a vulnerability—CVE-2025-6710—that allows for a pre-authentication denial-of-service...

Privilege Escalation in guix-daemon: Critical Vulnerabilities Threaten Multi-User Systems Guix Daemon, Privilege Escalation

Guix Daemon, Privilege Escalation

Privilege Escalation in guix-daemon: Critical Vulnerabilities Threaten Multi-User Systems

Do Son June 26, 2025

The Guix project has issued a critical security advisory detailing two newly discovered vulnerabilities in guix-daemon—CVE-2025-46415 and...

Pre-Auth Command Execution in CentOS Web Panel Exposes Over 200,000 Servers, PoC Publishes CentOS Web Panel, Remote Code Execution

CentOS Web Panel, Remote Code Execution

Pre-Auth Command Execution in CentOS Web Panel Exposes Over 200,000 Servers, PoC Publishes

Do Son June 25, 2025

A critical vulnerability discovered in CentOS Web Panel (CWP), a widely-used open-source server management platform. Tracked as...

Behind the Commit: CVSS 10.0 Bug Lets Attackers Hijack Gogs Servers Gogs RCE, XSS Vulnerability

Gogs RCE, XSS Vulnerability

Behind the Commit: CVSS 10.0 Bug Lets Attackers Hijack Gogs Servers

Do Son June 24, 2025

The open-source Git service Gogs, known for its simplicity and ease of deployment, disclosures two severe security...

Critical Key Derivation Flaws in pbkdf2 Affect Millions of JavaScript Projects, PoC Available pbkdf2 npm, Cryptographic Flaws

pbkdf2 npm, Cryptographic Flaws

Critical Key Derivation Flaws in pbkdf2 Affect Millions of JavaScript Projects, PoC Available

Do Son June 24, 2025

Two high-impact security advisories have been released for the pbkdf2 npm package—an essential utility in the JavaScript...

PoC Released for Notepad++ Flaw Enables Privilege Escalation to NT AUTHORITY\SYSTEM Notepad++ privilege escalation

Notepad++ privilege escalation

PoC Released for Notepad++ Flaw Enables Privilege Escalation to NT AUTHORITY\SYSTEM

Do Son June 24, 2025

A new vulnerability, tracked as CVE-2025-49144, has been discovered in Notepad++ version 8.8.1 that allows local privilege...

Critical Python Tarfile Flaw (CVE-2025-4517, CVSS 9.4): Arbitrary File Write, PoC Available Python Tarfile, Path Traversal

Python Tarfile, Path Traversal

Critical Python Tarfile Flaw (CVE-2025-4517, CVSS 9.4): Arbitrary File Write, PoC Available

Do Son June 23, 2025

A newly disclosed vulnerability in Python’s tarfile module—CVE-2025-4517—has exposed a critical security risk that allows attackers to...

Critical Pterodactyl RCE (CVSS 10.0): Unauthenticated Attackers Exploiting Flaw Now! Pterodactyl RCE, Game Server Vulnerability

Pterodactyl RCE, Game Server Vulnerability

Critical Pterodactyl RCE (CVSS 10.0): Unauthenticated Attackers Exploiting Flaw Now!

Do Son June 20, 2025

A critical security vulnerability has been uncovered in Pterodactyl, the popular open-source game server management panel. Tracked...

OpenVPN Driver Flaw: Local Users Can Crash Windows Systems via Buffer Overflow OpenVPN Driver, DoS Vulnerability

OpenVPN Driver, DoS Vulnerability

OpenVPN Driver Flaw: Local Users Can Crash Windows Systems via Buffer Overflow

Do Son June 20, 2025

A recently disclosed vulnerability, tracked as CVE-2025-50054, affects certain versions of the OpenVPN Windows kernel driver (ovpn-dco-win)...

Critical Versa Director Flaw: RCE Possible via HA Ports, PoC Available

Versa Director

Critical Versa Director Flaw: RCE Possible via HA Ports, PoC Available

Do Son June 20, 2025

A newly discovered critical vulnerability in Versa Networks’ SD-WAN orchestration platform, Versa Director, exposes enterprise networks to...

Critical Privilege Escalation Flaw in FreeIPA Threatens Linux Domain Security FreeIPA, Privilege Escalation

FreeIPA, Privilege Escalation

Critical Privilege Escalation Flaw in FreeIPA Threatens Linux Domain Security

Do Son June 20, 2025

A newly disclosed vulnerability in FreeIPA, an identity management solution used to centrally manage Linux and UNIX...

Critical Versa Director Flaw (CVSS 9.8): Hardcoded Credentials Grant Root Access, PoC Available Versa Director, Default Credentials

Versa Director, Default Credentials

Critical Versa Director Flaw (CVSS 9.8): Hardcoded Credentials Grant Root Access, PoC Available

Do Son June 19, 2025

A newly disclosed critical vulnerability in Versa Director, a centralized network and security management platform, may allow...

Apache Traffic Server Flaws Allow Access Bypass & Remote DoS Apache Traffic Server Vulnerabilities CVE-2024-56195 and CVE-2024-56196

Apache Traffic Server Vulnerabilities CVE-2024-56195 and CVE-2024-56196

Apache Traffic Server Flaws Allow Access Bypass & Remote DoS

Do Son June 19, 2025

Two newly disclosed vulnerabilities in Apache Traffic Server (ATS)—a core component of many cloud and content delivery...

Root Access Unlocked: How a pam_namespace Flaw Lets Attackers Elevate Privileges on Linux Linux PAM, Privilege Escalation

Linux PAM, Privilege Escalation

Root Access Unlocked: How a pam_namespace Flaw Lets Attackers Elevate Privileges on Linux

Do Son June 19, 2025

A security vulnerability was found in Linux PAM (Pluggable Authentication Modules). Tracked as CVE-2025-6020, the flaw affects...

Python Protobuf Flaw Allows DoS Via Nested Messages Python Protobuf, DoS Vulnerability

Python Protobuf, DoS Vulnerability

Python Protobuf Flaw Allows DoS Via Nested Messages

Do Son June 18, 2025

A high-severity vulnerability has been uncovered in the pure-Python backend of Google’s Protocol Buffers (protobuf), potentially allowing...

D-Link Router Flaws Allow Code Execution, PoC Available, No Patch D-Link DIR-816, Critical Vulnerabilities D-Link EOL RCE, Unauthenticated Command Injection

D-Link DIR-816, Critical Vulnerabilities D-Link EOL RCE, Unauthenticated Command Injection

D-Link Router Flaws Allow Code Execution, PoC Available, No Patch

Do Son June 18, 2025

D-Link has issued an official advisory warning users of its legacy DIR-632 router that two critical vulnerabilities...

Urgent Ubiquiti Alert: Critical Flaws (CVSS 9.9) Allow Privilege Escalation via XSS & SQL Injection Ubiquiti Vulnerabilities, Privilege Escalation

Ubiquiti Vulnerabilities, Privilege Escalation

Urgent Ubiquiti Alert: Critical Flaws (CVSS 9.9) Allow Privilege Escalation via XSS & SQL Injection

Do Son June 18, 2025

Two high-severity vulnerabilities have been disclosed in widely used Ubiquiti software components—UCRM Client Signup Plugin and the...

Critical Teleport Flaw (CVSS 9.8): Remote Authentication Bypass Threatens Infrastructure Access Teleport Vulnerability, Remote Authentication Bypass

Teleport Vulnerability, Remote Authentication Bypass

Critical Teleport Flaw (CVSS 9.8): Remote Authentication Bypass Threatens Infrastructure Access

Do Son June 17, 2025

Teleport, a leading platform for secure infrastructure access, has disclosed a critical remote authentication bypass vulnerability—tracked as...

Unauthenticated RCE in BeyondTrust Tools: Chat Feature Opens Door to Server Takeover BeyondTrust RCE, Server-Side Template Injection

BeyondTrust RCE, Server-Side Template Injection

Unauthenticated RCE in BeyondTrust Tools: Chat Feature Opens Door to Server Takeover

Do Son June 17, 2025

BeyondTrust has issued an urgent security advisory for a high-severity vulnerability affecting its flagship products—Remote Support (RS)...