Vulnerability Archives • Page 8 of 238 • Daily CyberSecurity

CVE-2025-2905 (CVSS 9.1): Critical XXE Vulnerability Found in WSO2 API Manager WSO2, XXE vulnerability CVE-2025-2905

CVE-2025-2905 (CVSS 9.1): Critical XXE Vulnerability Found in WSO2 API Manager

Ddos May 6, 2025

A critical security vulnerability has been identified in WSO2 API Manager 2.0.0 and earlier, posing a significant...

CVE-2025-2605 (CVSS 9.9): Critical Vulnerability Found in Honeywell MB-Secure Alarm Panels Honeywell, command injection

CVE-2025-2605 (CVSS 9.9): Critical Vulnerability Found in Honeywell MB-Secure Alarm Panels

Ddos May 6, 2025

Honeywell has issued an urgent security notice (SN 2025-05-01-01) disclosing a critical vulnerability in its MB-Secure and...

Digigram PYKO-OUT AoIP Devices Exposed to Attacks Due to Missing Default Password Digigram, default password vulnerability

Digigram PYKO-OUT AoIP Devices Exposed to Attacks Due to Missing Default Password

Ddos May 6, 2025

A security vulnerability has been identified in Digigram’s PYKO-OUT audio-over-IP (AoIP) product, raising concerns about its use...

Critical IBM Cognos Analytics Vulnerabilities Demand Urgent Patching Cognos Analytics, IBM vulnerabilities

Critical IBM Cognos Analytics Vulnerabilities Demand Urgent Patching

Ddos May 6, 2025

IBM has released security updates to address two critical vulnerabilities affecting its flagship business intelligence platform, IBM...

Android Security Bulletin May 2025: Multi Vulnerabilities Including Actively Exploited CVE-2025-27363 Android Security Bulletin CVE-2025-27363

Android Security Bulletin CVE-2025-27363

Android Security Bulletin May 2025: Multi Vulnerabilities Including Actively Exploited CVE-2025-27363

Ddos May 5, 2025

Google has released its Android Security Bulletin for May 2025, highlighting a range of high-severity vulnerabilities affecting...

Langflow Under Attack: CISA Warns of Active Exploitation of CVE-2025-3248 CVE-2025-3248 Langflow Vulnerability Remote Code Execution

Langflow Under Attack: CISA Warns of Active Exploitation of CVE-2025-3248

Ddos May 5, 2025

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially added CVE-2025-3248 to its Known Exploited Vulnerabilities...

CVE-2024-7399: Samsung MagicINFO Vulnerability Now Actively Exploited in the Wild Samsung MagicINFO, remote code execution

CVE-2024-7399: Samsung MagicINFO Vulnerability Now Actively Exploited in the Wild

Ddos May 5, 2025

A critical security vulnerability, CVE-2024-7399, is being actively exploited in the wild in Samsung MagicINFO 9 Server,...

BeyondTrust PRA Vulnerability (CVE-2025-0217) Enables Session Hijacking via Authentication Bypass BeyondTrust, authentication bypass

BeyondTrust PRA Vulnerability (CVE-2025-0217) Enables Session Hijacking via Authentication Bypass

Ddos May 5, 2025

A significant security vulnerability has been identified in BeyondTrust’s Privileged Remote Access (PRA) solution, posing a risk...

MediaTek May 2025 Security Bulletin: Chipset Vulnerabilities Disclosed MediaTek, modem vulnerabilities

MediaTek May 2025 Security Bulletin: Chipset Vulnerabilities Disclosed

Ddos May 5, 2025

The MediaTek Product Security Bulletin for May 2025 highlights multiple security vulnerabilities affecting a wide range of...

CVE-2025-46762: Apache Parquet Java Flaw Allows Potential RCE via Avro Schema CVE-2025-30065 Apache Parquet, CVE-2025-46762

CVE-2025-46762: Apache Parquet Java Flaw Allows Potential RCE via Avro Schema

Ddos May 5, 2025

A critical security flaw has been identified in Apache Parquet Java, a popular open-source columnar storage format...

Critical SQL Injection Vulnerability Found in ADOdb PHP Library – CVE-2025-46337 (CVSS 10.0) ADOdb, SQL Injection

Critical SQL Injection Vulnerability Found in ADOdb PHP Library – CVE-2025-46337 (CVSS 10.0)

Ddos May 5, 2025

A critical security flaw has been disclosed in ADOdb, the widely-used PHP database abstraction library with over...

SonicWall Exploit Chain Exposes Admin Hijack Risk via CVE-2023-44221 and CVE-2024-38475 SonicWall, exploit chain

SonicWall Exploit Chain Exposes Admin Hijack Risk via CVE-2023-44221 and CVE-2024-38475

Ddos May 5, 2025

A newly exploit chain targeting SonicWall’s Secure Mobile Access (SMA) appliances has been released. Published by watchTowr...

CVE-2025-31191: Microsoft Exposes macOS Vulnerability Allowing App Sandbox Escape CVE-2024-54527 PoC exploit Apple, App Store

CVE-2025-31191: Microsoft Exposes macOS Vulnerability Allowing App Sandbox Escape

Ddos May 5, 2025

Microsoft Threat Intelligence has disclosed a significant vulnerability in macOS that could allow attackers to bypass the...

CVE-2025-2774: Webmin Vulnerability Allows Root-Level Privilege Escalation CVE-2024-12828 CVE-2025-2774 Webmin vulnerability

CVE-2025-2774: Webmin Vulnerability Allows Root-Level Privilege Escalation

Ddos May 4, 2025

Webmin, a popular web-based system administration tool used to manage Unix-like servers and various services with approximately...

CISA Warns Critical Flaws in KUNBUS Revolution Pi Exposing Industrial Systems to Remote Attacks KUNBUS Revolution Pi, CISA vulnerabilities

CISA Warns Critical Flaws in KUNBUS Revolution Pi Exposing Industrial Systems to Remote Attacks

Ddos May 3, 2025

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a risk evaluation advisory detailing several high-severity...