Critical Vulnerability Archives • Page 3 of 7 • Daily CyberSecurity

Critical node-forge Flaw (CVE-2025-12816) Allows Signature Verification Bypass via ASN.1 Manipulation (21M Downloads/Week) node-forge Signature Bypass, ASN.1 Vulnerability

node-forge Signature Bypass, ASN.1 Vulnerability

Critical node-forge Flaw (CVE-2025-12816) Allows Signature Verification Bypass via ASN.1 Manipulation (21M Downloads/Week)

Do Son November 26, 2025

CERT/CC has issued a warning about a high-impact cryptographic vulnerability in the Forge JavaScript library — also...

CVE-2025-63207 (CVSS 9.8): Critical Broken Access Control Flaw Exposes R.V.R Elettronica TEX Devices to Full System Takeover RVR Elettronica Auth Bypass, Broadcast Hardware Flaw

RVR Elettronica Auth Bypass, Broadcast Hardware Flaw

CVE-2025-63207 (CVSS 9.8): Critical Broken Access Control Flaw Exposes R.V.R Elettronica TEX Devices to Full System Takeover

Do Son November 25, 2025

A newly disclosed vulnerability in R.V.R Elettronica’s TEX broadcast hardware has been assigned CVE-2025-63207, scoring 9.8 Critical...

vLLM Flaw (CVE-2025-62164) Risks Remote Code Execution via Malicious Prompt Embeddings vLLM Vulnerability CVE-2026-22778 vLLM Memory Corruption, AI Inference RCE CVE-2025-29783 CVE-2025-32444 vLLM vulnerability vLLM, Remote Code Execution

vLLM Vulnerability CVE-2026-22778 vLLM Memory Corruption, AI Inference RCE CVE-2025-29783 CVE-2025-32444 vLLM vulnerability vLLM, Remote Code Execution

vLLM Flaw (CVE-2025-62164) Risks Remote Code Execution via Malicious Prompt Embeddings

Do Son November 24, 2025

A newly disclosed high-severity vulnerability in vLLM—one of the fastest-growing open-source inference engines for large language models—allows...

Critical ABB Flaw (CVE-2025-10571, CVSS 9.6) Allows Unauthenticated RCE and Admin Takeover on Edgenius ABB T-MAC Plus vulnerabilities terminal system flaws ABB OPTIMAX Vulnerability CVE-2025-14510 ABB Edgenius Auth Bypass, Critical RCE ABB, ASPECT BMS CVE-2024-48841, CVE-2024-48849, and CVE-2024-48852 CVE-2024-48510

Critical ABB Flaw (CVE-2025-10571, CVSS 9.6) Allows Unauthenticated RCE and Admin Takeover on Edgenius

Do Son November 24, 2025

ABB has issued an urgent cybersecurity advisory warning customers of a critical authentication bypass vulnerability in the...

Critical Markdown to PDF Flaw (CVE-2025-65108, CVSS 10.0) Allows RCE via JS Injection in Markdown Front-Matter md-to-pdf RCE, Markdown Command Injection

md-to-pdf RCE, Markdown Command Injection

Critical Markdown to PDF Flaw (CVE-2025-65108, CVSS 10.0) Allows RCE via JS Injection in Markdown Front-Matter

Do Son November 24, 2025

A critical vulnerability (CVE-2025-65108) has been disclosed in the widely used Markdown to PDF npm package, a...

Critical CVE-2025-65015 Vulnerability in joserfc Could Let Attackers Exhaust Server Resources via Oversized JWT Tokens joserfc DoS, JWT Logging Flaw

Critical CVE-2025-65015 Vulnerability in joserfc Could Let Attackers Exhaust Server Resources via Oversized JWT Tokens

Do Son November 20, 2025

A widely used Python library implementing JOSE standards, joserfc, has disclosed a critical uncontrolled resource consumption vulnerability—tracked...

Critical Apache Causeway RCE Flaw (CVE-2025-64408) Allows Authenticated Code Execution via Java Deserialization Apache Causeway RCE, Java Deserialization

Apache Causeway RCE, Java Deserialization

Critical Apache Causeway RCE Flaw (CVE-2025-64408) Allows Authenticated Code Execution via Java Deserialization

Do Son November 20, 2025

Apache Causeway, a popular framework for rapidly developing domain-driven Java applications, has been found vulnerable to a...

Critical METZ CONNECT Flaws (CVSS 9.8) Allow Unauthenticated RCE and Admin Takeover on Industrial Controllers METZ CONNECT RCE, Unauthenticated Admin Takeover

METZ CONNECT RCE, Unauthenticated Admin Takeover

Critical METZ CONNECT Flaws (CVSS 9.8) Allow Unauthenticated RCE and Admin Takeover on Industrial Controllers

Do Son November 19, 2025

METZ CONNECT GmbH, in coordination with CERT@VDE, has issued an urgent security advisory warning of multiple critical...

Critical SolarWinds Serv-U Flaws (CVSS 9.1) Allow Authenticated Admin RCE and Path Bypass Serv-U RCE, Authenticated RCE CVE-2024-0692 Salesforce breach

Serv-U RCE, Authenticated RCE CVE-2024-0692 Salesforce breach

Critical SolarWinds Serv-U Flaws (CVSS 9.1) Allow Authenticated Admin RCE and Path Bypass

Do Son November 19, 2025

SolarWinds has released security updates addressing three critical vulnerabilities in Serv-U—its managed file transfer and FTP server...

Critical Flowise Flaw Allows Unauthenticated Remote Admin Takeover via Exposed Registration Endpoint Flowise Sandbox Escape CVE-2026-46442 Flowise RCE Flowise Auth Bypass, Unauthenticated Registration Flowise RCE, WriteFileTool FlowiseAI, account takeover CVE-2025-58434

Flowise Sandbox Escape CVE-2026-46442 Flowise RCE Flowise Auth Bypass, Unauthenticated Registration Flowise RCE, WriteFileTool FlowiseAI, account takeover CVE-2025-58434

Critical Flowise Flaw Allows Unauthenticated Remote Admin Takeover via Exposed Registration Endpoint

Do Son November 18, 2025

The team behind Flowise—a popular open-source platform for building AI agents and LLM workflows—has issued an urgent...

Critical pgAdmin Flaws (CVE-2025-12762, CVSS 9.1) Allow Remote Code Execution via PostgreSQL Dump Files CVE-2023-5002 pgAdmin RCE, LDAP Injection

Critical pgAdmin Flaws (CVE-2025-12762, CVSS 9.1) Allow Remote Code Execution via PostgreSQL Dump Files

Do Son November 17, 2025

The pgAdmin development team has issued patches addressing four newly disclosed security vulnerabilities impacting pgAdmin versions up...

Critical IBM AIX RCE (CVE-2025-36250, CVSS 10.0) Flaw Exposes NIM Private Keys and Risks Directory Traversal IBM AIX RCE, NIM Private Key Leak

Critical IBM AIX RCE (CVE-2025-36250, CVSS 10.0) Flaw Exposes NIM Private Keys and Risks Directory Traversal

Do Son November 17, 2025

IBM has released a new security bulletin addressing multiple high-severity vulnerabilities affecting AIX 7.2, AIX 7.3, and...

shell-quote command injection AI-Driven Vulnerabilities Q1 2026 Cyber Threats vm2 Sandbox Escape Node.js RCE upKeeper Privilege Escalation CVE-2026-2449 Pharos Controls Vulnerability Root Access Exploit Cybersecurity Vulnerability Roundup CVSS 10.0 Flaws Shadow Archives CVE-2026-0866 MS-Agent Prompt Injection CVE-2026-2256 basic-ftp Path Traversal CVE-2026-27699 telnetd Root Vulnerability CVE-1999-0073 Regression USR-W610 Vulnerabilities End-of-Life IoT Security IceWarp Security Update IceWarp Vulnerabilities Airleader Master Vulnerability CVE-2026-1358 ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

CISA Warns: Critical Lynx+ Gateway Flaw (CVSS 10.0) Allows Unauthenticated Remote Reset; Vendor Non-Responsive

Do Son November 17, 2025

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a new advisory detailing multiple high-severity vulnerabilities...

Weaver E-cology RCE CVE-2026-22679 CVE-2026-20127 Cisco SD-WAN Exploitation AI-Driven Cyberattack ARXON Malware React Server Components Vulnerability CVE-2025-55182 FortiWeb Auth Bypass, Unauthenticated Admin Takeover RayInitiator Bootkit, LINE VIPER CVE-2025-59689 Department of the Treasury cybersecurity - CVE-2025-0108 PoC CVE-2025-31103 Dior Data Breach SK Telecom data breach, long-term intrusion

ZERO-DAY ATTACK WARNING: Fortinet FortiWeb Exploit Grants Unauthenticated Admin Access!

Do Son November 14, 2025

Cybersecurity firms are sounding the alarm over a critical vulnerability in Fortinet FortiWeb, the company’s Web Application...

Critical Zoho Analytics Plus Flaw (CVE-2025-8324, CVSS 9.8) Allows Unauthenticated SQL Injection and Data Takeover Zoho Analytics Plus RCE, Unauthenticated SQLi

Zoho Analytics Plus RCE, Unauthenticated SQLi

Critical Zoho Analytics Plus Flaw (CVE-2025-8324, CVSS 9.8) Allows Unauthenticated SQL Injection and Data Takeover

Do Son November 14, 2025

Zoho Corporation has released an urgent security advisory addressing a critical severity SQL injection vulnerability affecting Analytics...

Critical Dell Data Lakehouse Vulnerability (CVE-2025-46608) Allows Privilege Escalation Dell ECS Security Update CVE-2026-40636 Hard-coded Credentials Dell Business Price Increase, RAM and SSD Shortage 2025 Dell Data Lakehouse, Critical Privilege Escalation Authentication Bypass Vulnerability CVE-2025-22398

Critical Dell Data Lakehouse Vulnerability (CVE-2025-46608) Allows Privilege Escalation

Do Son November 13, 2025

Dell has issued a security advisory warning customers of a critical severity vulnerability affecting Dell Data Lakehouse...

Critical Apache OFBiz Flaw (CVE-2025-59118) Allows Remote Command Execution via Unrestricted File Upload Apache OFBiz RCE, Unrestricted File Upload CVE-2024-47208 and CVE-2024-48962

Critical Apache OFBiz Flaw (CVE-2025-59118) Allows Remote Command Execution via Unrestricted File Upload

Do Son November 12, 2025

The Apache Software Foundation (ASF) has released an important security update for Apache OFBiz, its open-source enterprise...

Critical Authentication Bypass Vulnerability Found in Milvus Proxy (CVE-2025-64513, CVSS 9.3) Milvus Auth Bypass, Vector Database Flaw

Critical Authentication Bypass Vulnerability Found in Milvus Proxy (CVE-2025-64513, CVSS 9.3)

Do Son November 12, 2025

Milvus, a leading open-source vector database that powers AI and large-scale search applications, has disclosed a critical...

Critical Zimbra Flaw Fixed: Patch Addresses Multiple Stored XSS and Unauthenticated LFI in Mail Client Zimbra Critical XSS, Unauthenticated LFI

Zimbra Critical XSS, Unauthenticated LFI

Critical Zimbra Flaw Fixed: Patch Addresses Multiple Stored XSS and Unauthenticated LFI in Mail Client

Do Son November 11, 2025

Zimbra has issued a critical security patch, Zimbra Daffodil (v10.1.13), to address a host of vulnerabilities in...

SuiteCRM SQL Injection Flaws (CVE-2025-64492, CVE-2025-64493) Expose Customer Data SuiteCRM SQL Injection, GraphQL SQLi

SuiteCRM SQL Injection Flaws (CVE-2025-64492, CVE-2025-64493) Expose Customer Data

Do Son November 11, 2025

The maintainers of SuiteCRM, the popular open-source customer relationship management (CRM) platform, have released an urgent security...

Critical Alert 1 Active Exploit Detected Today