CERT/CC Archives • Daily CyberSecurity

Multiple Memory Flaws in Dnsmasq Threaten Millions of Connected Devices dnsmasq Vulnerabilities DNS Cache Poisoning

Multiple Memory Flaws in Dnsmasq Threaten Millions of Connected Devices

Ddos May 13, 2026

In the foundational architecture of small-to-medium networks and home routing devices, dnsmasq is the open-source networking tool...

Critical Casdoor Vulnerability CVE-2026-44213 Allows Arbitrary File Overwrites Casdoor Arbitrary File Write CVE-2026-44213 Path Traversal

Critical Casdoor Vulnerability CVE-2026-44213 Allows Arbitrary File Overwrites

Ddos May 13, 2026

In the complex world of Identity and Access Management (IAM), the security of the gateway is paramount....

The Unpatched Kyverno SSRF Flaw That Turns Policies Into Cluster-Wide Backdoors Kyverno SSRF Kubernetes Policy Engine Kyverno Privilege Escalation CVE-2026-22039

Kyverno SSRF Kubernetes Policy Engine Kyverno Privilege Escalation CVE-2026-22039

The Unpatched Kyverno SSRF Flaw That Turns Policies Into Cluster-Wide Backdoors

Ddos March 31, 2026

A critical security boundary in Kubernetes environments has been compromised. A new vulnerability note from CERT/CC has...

Critical CrewAI Vulnerabilities Allow RCE and Sandbox Escapes via Prompt Injection CrewAI Vulnerabilities AI Agent Security

Critical CrewAI Vulnerabilities Allow RCE and Sandbox Escapes via Prompt Injection

Ddos March 31, 2026

The rapidly growing field of multi-agent AI systems has hit a significant security speed bump. A new...

Bluetooth “Heartbleed” and DoS Flaws Found in Xiaomi Redmi Buds, No Patch Xiaomi Redmi Buds Vulnerability CVE-2025-13834

Bluetooth “Heartbleed” and DoS Flaws Found in Xiaomi Redmi Buds, No Patch

Ddos January 19, 2026

A pair of critical vulnerabilities has been discovered in Xiaomi’s popular Redmi Buds series, exposing users to...

Altium Enterprise Server Vulnerability CVE-2026-9129 Path Traversal Patreon OAuth Vulnerability Identity Collision DRC INSIGHT Vulnerability Exam Data Hijacking Horner Automation PLC Industrial Brute Force Honeywell IQ4x Vulnerability CVE-2026-3611 DJI Romo vacuum security flaw Python Cryptography Vulnerability CVE-2026-26007 Open5GS Vulnerability CVE-2026-0622 Vivotek IP7137 Vulnerabilities CVE-2025-66049 Forcepoint DLP Vulnerability CVE-2025-14026 Cellopoint Secure Email Gateway - CVE-2024-9043

CVE-2025-14026: Forcepoint DLP Flaw Lets Attackers Unchain Restricted Python

Ddos January 7, 2026

A high-severity vulnerability in the Forcepoint One DLP Client has been disclosed, revealing a method for attackers...

Critical PCIe 6.0 Flaws Risk Secure Data Integrity via Stale Data Injection in IDE Mechanism PCIe IDE Vulnerability, Stale Data Injection

Critical PCIe 6.0 Flaws Risk Secure Data Integrity via Stale Data Injection in IDE Mechanism

Ddos December 11, 2025

The secure foundations of high-speed data transfer have developed a crack. The CERT Coordination Center (CERT/CC) has...

CERT/CC Warns of Unpatched Root-Level Command Injection Flaws in Tenda 4G03 Pro and N300 Routers (CVE-2025-13207, CVE-2024-24481) Tenda Unpatched RCE, Router Command Injection

Tenda Unpatched RCE, Router Command Injection

CERT/CC Warns of Unpatched Root-Level Command Injection Flaws in Tenda 4G03 Pro and N300 Routers (CVE-2025-13207, CVE-2024-24481)

Ddos November 24, 2025

The CERT Coordination Center (CERT/CC) has issued a warning about multiple unpatched command injection vulnerabilities affecting Tenda’s...

RCE Flaw CVE-2025-10547 in DrayTek Vigor Routers Allows Unauthenticated Root Access DrayTek Vigor RCE, CVE-2025-10547 Router security, TheMoon malware

DrayTek Vigor RCE, CVE-2025-10547 Router security, TheMoon malware

RCE Flaw CVE-2025-10547 in DrayTek Vigor Routers Allows Unauthenticated Root Access

Ddos October 6, 2025

A newly disclosed vulnerability in DrayTek’s Vigor routers, tracked as CVE-2025-10547, could allow remote attackers to execute...

CVE-2025-9125: Cross-Site Scripting Flaw in Lectora Courses Puts E-Learning Platforms at Risk Ollama Heap Leak CVE-2026-5757 Anritsu Vulnerability Authentication Bypass Gootloader Malware Malformed ZIP Evasion Blender Malware, StealC V2 Lectora, XSS CVE-2025-9125 HFS RCE, Template Injection Arch Linux Malware, CHAOS RAT CVE-2024-56404 - CVE-2024-39327 CVE-2025-2538

Ollama Heap Leak CVE-2026-5757 Anritsu Vulnerability Authentication Bypass Gootloader Malware Malformed ZIP Evasion Blender Malware, StealC V2 Lectora, XSS CVE-2025-9125 HFS RCE, Template Injection Arch Linux Malware, CHAOS RAT CVE-2024-56404 - CVE-2024-39327 CVE-2025-2538

CVE-2025-9125: Cross-Site Scripting Flaw in Lectora Courses Puts E-Learning Platforms at Risk

Ddos September 23, 2025

The CERT Coordination Center (CERT/CC) has issued a vulnerability note warning of a cross-site scripting (XSS) flaw...

High-Severity Flaws in Sunshine for Windows Allow Privilege Escalation Sunshine for Windows, vulnerability

High-Severity Flaws in Sunshine for Windows Allow Privilege Escalation

Ddos September 11, 2025

The CERT Coordination Center (CERT/CC) has issued a vulnerability note warning of two critical local security flaws...

Critical Flaws in Hiawatha Web Server Could Allow Authentication Bypass and RCE Hiawatha vulnerability

Critical Flaws in Hiawatha Web Server Could Allow Authentication Bypass and RCE

Ddos September 10, 2025

The CERT Coordination Center (CERT/CC) has issued a vulnerability note highlighting three serious flaws in the Hiawatha...

CERT/CC Warns of Critical Flaws in Workhorse Municipal Accounting Software Municipal software, Vulnerability

CERT/CC Warns of Critical Flaws in Workhorse Municipal Accounting Software

Ddos August 20, 2025

The CERT Coordination Center (CERT/CC) has issued a vulnerability note warning of serious security flaws in Workhorse...

New Firmware Flaw in AMI Aptio UEFI Threatens Persistent System Compromise UEFI firmware, SMM vulnerability

New Firmware Flaw in AMI Aptio UEFI Threatens Persistent System Compromise

Ddos August 18, 2025

A new security vulnerability disclosed by CERT/CC highlights serious risks in AMI Aptio UEFI firmware, which powers...

MadeYouReset: New HTTP/2 Flaw Threatens to Cripple Servers with DDoS Attacks MadeYouReset, HTTP/2 vulnerability FSF, AI Scraping Attacks OracleIV botnet

MadeYouReset, HTTP/2 vulnerability FSF, AI Scraping Attacks OracleIV botnet

MadeYouReset: New HTTP/2 Flaw Threatens to Cripple Servers with DDoS Attacks

Ddos August 15, 2025

CERT/CC has issued a vulnerability note warning about a newly discovered flaw in multiple HTTP/2 implementations that...

Critical Flaws Found in Partner Software: Default Admin Passwords & XSS Allow RCE on Government Systems Partner Software, RCE Vulnerability

Critical Flaws Found in Partner Software: Default Admin Passwords & XSS Allow RCE on Government Systems

Ddos August 4, 2025

A recent vulnerability note issued by CERT/CC disclosured three critical security flaws in Partner Software’s flagship platforms—Partner...

CERT Warns of Privilege Escalation Vulnerability in Lakeside SysTrack (CVE-2025-6241) WD Discovery Vulnerability CVE-2025-30248 binary-parser Vulnerability CVE-2026-1245 H3C RCE Vulnerability CVE-2025-60262 Telenium RCE, CVE-2025-10659 Fuel station security, ICS vulnerabilities FreePBX vulnerability CVE-2024-9478 & CVE-2024-9479 SysTrack Vulnerability, Privilege Escalation

WD Discovery Vulnerability CVE-2025-30248 binary-parser Vulnerability CVE-2026-1245 H3C RCE Vulnerability CVE-2025-60262 Telenium RCE, CVE-2025-10659 Fuel station security, ICS vulnerabilities FreePBX vulnerability CVE-2024-9478 & CVE-2024-9479 SysTrack Vulnerability, Privilege Escalation

CERT Warns of Privilege Escalation Vulnerability in Lakeside SysTrack (CVE-2025-6241)

Ddos July 28, 2025

The CERT Coordination Center (CERT/CC) has issued a Vulnerability Note detailing a critical privilege escalation flaw affecting...

TPM 2.0 Flaw (CVE-2025-2884) Exposes Sensitive Data & Disrupts Trusted Computing! TPM 2.0, Security Vulnerability

TPM 2.0 Flaw (CVE-2025-2884) Exposes Sensitive Data & Disrupts Trusted Computing!

Ddos June 12, 2025

A vulnerability in the Trusted Platform Module (TPM) 2.0 reference implementation has been disclosed, potentially allowing attackers...

Insyde UEFI Flaw (CVE-2025-4275): Secure Boot Bypass Allows Rootkits & Undetectable Malware Insyde UEFI, Secure Boot Bypass CVE-2025-4275

Insyde UEFI Flaw (CVE-2025-4275): Secure Boot Bypass Allows Rootkits & Undetectable Malware

Ddos June 11, 2025

A newly disclosed vulnerability in Insyde H2O UEFI firmware, tracked as CVE-2025-4275, allows attackers to bypass Secure...

Digigram PYKO-OUT AoIP Devices Exposed to Attacks Due to Missing Default Password Digigram, default password vulnerability

Digigram PYKO-OUT AoIP Devices Exposed to Attacks Due to Missing Default Password

Ddos May 6, 2025

A security vulnerability has been identified in Digigram’s PYKO-OUT audio-over-IP (AoIP) product, raising concerns about its use...