Craft CMS Archives • Daily CyberSecurity

The Weekly Breach: 7 Maximum CVSS Flaws and the DarkSword Exploit Unveiled

shell-quote command injection AI-Driven Vulnerabilities Q1 2026 Cyber Threats vm2 Sandbox Escape Node.js RCE upKeeper Privilege Escalation CVE-2026-2449 Pharos Controls Vulnerability Root Access Exploit Cybersecurity Vulnerability Roundup CVSS 10.0 Flaws Shadow Archives CVE-2026-0866 MS-Agent Prompt Injection CVE-2026-2256 basic-ftp Path Traversal CVE-2026-27699 telnetd Root Vulnerability CVE-1999-0073 Regression USR-W610 Vulnerabilities End-of-Life IoT Security IceWarp Security Update IceWarp Vulnerabilities Airleader Master Vulnerability CVE-2026-1358 ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

The Weekly Breach: 7 Maximum CVSS Flaws and the DarkSword Exploit Unveiled

Do Son March 23, 2026

The past seven days have been an exceptionally busy period for cybersecurity defenders. Between March 16 and...

Active Exploits: CISA Adds Critical Craft CMS and Apple ‘DarkSword’ Flaws to KEV CISA KEV Catalog DarkSword Exploit Draytek Routers VMware vCenter RCE CVE-2024-37079

CISA KEV Catalog DarkSword Exploit Draytek Routers VMware vCenter RCE CVE-2024-37079

Active Exploits: CISA Adds Critical Craft CMS and Apple ‘DarkSword’ Flaws to KEV

Do Son March 21, 2026

The Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) Catalog, adding five...

Critical Craft CMS Flaw Grants Instant Admin Access Craft CMS Vulnerability CVE-2026-32267 CVE-2023-41892 Craft CMS CVE-2025-32432

Critical Craft CMS Flaw Grants Instant Admin Access

Do Son March 18, 2026

In the world of web development, the “Live Preview” button is a staple for content editors—a harmless...

CISA Adds 5 Actively Exploited Vulnerabilities to KEV Catalog: ASUS Routers, Craft CMS, and ConnectWise Targeted CISA KEV, Zero-Day Exploits

CISA Adds 5 Actively Exploited Vulnerabilities to KEV Catalog: ASUS Routers, Craft CMS, and ConnectWise Targeted

Do Son June 3, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has added five new vulnerabilities to its Known Exploited Vulnerabilities...

Mimo Returns: CVE-2025-32432 Exploited in Cryptomining and Proxyware Campaigns Craft CMS vulnerability Mimo threat actor

Mimo Returns: CVE-2025-32432 Exploited in Cryptomining and Proxyware Campaigns

Do Son May 28, 2025

Sekoia’s latest threat intelligence report reveals a targeted exploitation campaign of CVE-2025-32432, a critical unauthenticated remote code...

Craft CMS Zero-Day CVE-2025-32432 Exploited with Metasploit Module Now Public Craft CMS zero-day, CVE-2025-32432

Craft CMS Zero-Day CVE-2025-32432 Exploited with Metasploit Module Now Public

Do Son April 28, 2025

Security researcher Chocapikk has published a Metasploit module for a critical zero-day vulnerability impacting Craft CMS, tracked...

CVE-2025-32432 (CVSS 10): Craft CMS Hit by Critical RCE Flaw Exploited in the Wild Craft CMS Vulnerability CVE-2026-32267 CVE-2023-41892 Craft CMS CVE-2025-32432

CVE-2025-32432 (CVSS 10): Craft CMS Hit by Critical RCE Flaw Exploited in the Wild

Do Son April 25, 2025

Craft CMS, a widely used content management system for developers and agencies, has disclosed a critical vulnerability...

CVE-2024-56145 (CVSS 9.3): Remote Code Execution Vulnerability in Craft CMS, PoC Published CVE-2024-56145 PoC

CVE-2024-56145 (CVSS 9.3): Remote Code Execution Vulnerability in Craft CMS, PoC Published

Do Son December 22, 2024

Security researchers at Assetnote have disclosed a critical vulnerability (CVE-2024-56145) in Craft CMS, a widely-used PHP-based content...

Craft CMS Fixes RCE (CVE-2023-41892) Flaw Rated 10 Out of 10 on Severity Scale Craft CMS Vulnerability CVE-2026-32267 CVE-2023-41892 Craft CMS CVE-2025-32432

Craft CMS Fixes RCE (CVE-2023-41892) Flaw Rated 10 Out of 10 on Severity Scale

Do Son September 13, 2023

Craft CMS has rapidly become the tool of choice for many developers and businesses, known for its...

Critical Alert 3 Active Exploits Detected Today

Critical Alert

Craft CMS

The Weekly Breach: 7 Maximum CVSS Flaws and the DarkSword Exploit Unveiled

Active Exploits: CISA Adds Critical Craft CMS and Apple ‘DarkSword’ Flaws to KEV

Critical Craft CMS Flaw Grants Instant Admin Access

CISA Adds 5 Actively Exploited Vulnerabilities to KEV Catalog: ASUS Routers, Craft CMS, and ConnectWise Targeted

Mimo Returns: CVE-2025-32432 Exploited in Cryptomining and Proxyware Campaigns

Craft CMS Zero-Day CVE-2025-32432 Exploited with Metasploit Module Now Public

CVE-2025-32432 (CVSS 10): Craft CMS Hit by Critical RCE Flaw Exploited in the Wild

CVE-2024-56145 (CVSS 9.3): Remote Code Execution Vulnerability in Craft CMS, PoC Published

Craft CMS Fixes RCE (CVE-2023-41892) Flaw Rated 10 Out of 10 on Severity Scale