CVSS 9.8 Archives • Daily CyberSecurity

5.7 Million Users at Risk: Multiple 9.8 CVSS Breakthroughs Enable Remote Code Execution in vm2 Sandbox

AI-Driven Vulnerabilities Q1 2026 Cyber Threats vm2 Sandbox Escape Node.js RCE upKeeper Privilege Escalation CVE-2026-2449 Pharos Controls Vulnerability Root Access Exploit Cybersecurity Vulnerability Roundup CVSS 10.0 Flaws Shadow Archives CVE-2026-0866 MS-Agent Prompt Injection CVE-2026-2256 basic-ftp Path Traversal CVE-2026-27699 telnetd Root Vulnerability CVE-1999-0073 Regression USR-W610 Vulnerabilities End-of-Life IoT Security IceWarp Security Update IceWarp Vulnerabilities Airleader Master Vulnerability CVE-2026-1358 ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

5.7 Million Users at Risk: Multiple 9.8 CVSS Breakthroughs Enable Remote Code Execution in vm2 Sandbox

Ddos May 6, 2026

40,000+ Sites Exposed: Critical 9.8 CVSS Flaw Grants Total WordPress Account Takeover WordPress Account Takeover CVE-2026-7567

40,000+ Sites Exposed: Critical 9.8 CVSS Flaw Grants Total WordPress Account Takeover

Ddos May 2, 2026

44,000 IPs Hijacked: cPanel’s 9.8 CVSS Authentication Bypass Triggers Global Ransomware Surge cPanel Authentication Bypass CVE-2026-41940

44,000 IPs Hijacked: cPanel’s 9.8 CVSS Authentication Bypass Triggers Global Ransomware Surge

Ddos May 2, 2026

Over 400,000 WordPress Sites at Risk as “Breeze” Plugin Zero-Day Is Exploited in the Wild WordPress RCE Breeze Plugin Vulnerability

Over 400,000 WordPress Sites at Risk as “Breeze” Plugin Zero-Day Is Exploited in the Wild

Ddos April 23, 2026

CVE-2026-40884: Critical 9.8 Bypass Hits goshs SFTP Servers goshs Authentication Bypass CVE-2026-40884

CVE-2026-40884: Critical 9.8 Bypass Hits goshs SFTP Servers

Ddos April 16, 2026

The “Open Door” Vulnerability: Unchanged Default Passwords Put Juniper vLWC at Risk Juniper vLWC Vulnerability Default Password Exploit HPE, Juniper Networks CVE-2024-21611 & CVE-2024-21591 - CVE-2025-21589

Juniper vLWC Vulnerability Default Password Exploit HPE, Juniper Networks CVE-2024-21611 & CVE-2024-21591 - CVE-2025-21589

The “Open Door” Vulnerability: Unchanged Default Passwords Put Juniper vLWC at Risk

Ddos April 9, 2026

Security Alert: Critical Vulnerability Hits Anritsu Remote Spectrum Monitors Ollama Heap Leak CVE-2026-5757 Anritsu Vulnerability Authentication Bypass Gootloader Malware Malformed ZIP Evasion Blender Malware, StealC V2 Lectora, XSS CVE-2025-9125 HFS RCE, Template Injection Arch Linux Malware, CHAOS RAT CVE-2024-56404 - CVE-2024-39327 CVE-2025-2538

Ollama Heap Leak CVE-2026-5757 Anritsu Vulnerability Authentication Bypass Gootloader Malware Malformed ZIP Evasion Blender Malware, StealC V2 Lectora, XSS CVE-2025-9125 HFS RCE, Template Injection Arch Linux Malware, CHAOS RAT CVE-2024-56404 - CVE-2024-39327 CVE-2025-2538

Security Alert: Critical Vulnerability Hits Anritsu Remote Spectrum Monitors

Ddos April 2, 2026

Cisco Issues Urgent Patch for Critical IMC Auth Bypass: A CVSS 9.8 Wake-Up Call Cisco IMC Vulnerability CVE-2026-20093 CVE-2024-20401 Cisco IOS XE Privilege Escalation

Cisco IMC Vulnerability CVE-2026-20093 CVE-2024-20401 Cisco IOS XE Privilege Escalation

Cisco Issues Urgent Patch for Critical IMC Auth Bypass: A CVSS 9.8 Wake-Up Call

Ddos April 2, 2026

Critical 9.8 CVSS Flaw Exposes Oracle Identity Manager to Total Takeover IRGC Oracle Cloud Dubai strike Oracle global layoffs 2026 Oracle Fusion Middleware Vulnerability CVE-2026-21992 Oracle Edge Cloud Vulnerability CVE-2026-21994 Oracle Critical RCE, EBS Marketing Flaws CVE-2024-21182 PoC Exploit Oracle EBS Auth Bypass, CVE-2025-61884

IRGC Oracle Cloud Dubai strike Oracle global layoffs 2026 Oracle Fusion Middleware Vulnerability CVE-2026-21992 Oracle Edge Cloud Vulnerability CVE-2026-21994 Oracle Critical RCE, EBS Marketing Flaws CVE-2024-21182 PoC Exploit Oracle EBS Auth Bypass, CVE-2025-61884

Critical 9.8 CVSS Flaw Exposes Oracle Identity Manager to Total Takeover

Ddos March 21, 2026

Edge of Disaster: Critical 9.8 CVSS Flaw in Oracle Cloud Infrastructure Toolkit Allows Complete Takeover IRGC Oracle Cloud Dubai strike Oracle global layoffs 2026 Oracle Fusion Middleware Vulnerability CVE-2026-21992 Oracle Edge Cloud Vulnerability CVE-2026-21994 Oracle Critical RCE, EBS Marketing Flaws CVE-2024-21182 PoC Exploit Oracle EBS Auth Bypass, CVE-2025-61884

Edge of Disaster: Critical 9.8 CVSS Flaw in Oracle Cloud Infrastructure Toolkit Allows Complete Takeover

Ddos March 18, 2026

Network Hijack: Critical 9.8 CVSS Flaw in AdGuard Home Grants Hackers Full DNS Control AdGuard Home Vulnerability CVE-2026-32136

Network Hijack: Critical 9.8 CVSS Flaw in AdGuard Home Grants Hackers Full DNS Control

Ddos March 13, 2026

200k Sites Exposed: Critical CleanTalk Flaw (CVSS 9.8) Allows RCE CleanTalk Vulnerability CVE-2026-1490

200k Sites Exposed: Critical CleanTalk Flaw (CVSS 9.8) Allows RCE

Ddos February 16, 2026

4 Million Downloads at Risk: Critical Unstructured Flaw (CVSS 9.8) Allows RCE Unstructured Library Vulnerability CVE-2025-64712

4 Million Downloads at Risk: Critical Unstructured Flaw (CVSS 9.8) Allows RCE

Ddos February 6, 2026

CVSS 9.8 Sandbox Escape: Critical vm2 Flaw Exposes Millions of Apps Lockbit ransomware vm2 Vulnerability Sandbox Escape

CVSS 9.8 Sandbox Escape: Critical vm2 Flaw Exposes Millions of Apps

Ddos January 27, 2026

URGENT PATCH REQUIRED: Zenitel TCIV-3+ Intercoms Hit by Multiple Critical Flaws (CVSS 9.8) Gardyn Home Kit Vulnerabilities IoT Command Injection Vivotek Vulnerability CVE-2026-22755 Command Injection Ofuji Fishing data breach

Gardyn Home Kit Vulnerabilities IoT Command Injection Vivotek Vulnerability CVE-2026-22755 Command Injection Ofuji Fishing data breach

URGENT PATCH REQUIRED: Zenitel TCIV-3+ Intercoms Hit by Multiple Critical Flaws (CVSS 9.8)

Ddos November 26, 2025

CISA Warns: Critical Survision LPR Camera Flaw (CVE-2025-12108, CVSS 9.8) Allows Unauthenticated Takeover Survision LPR Auth Bypass, CVE-2025-12108

CISA Warns: Critical Survision LPR Camera Flaw (CVE-2025-12108, CVSS 9.8) Allows Unauthenticated Takeover

Ddos November 6, 2025

CVE-2025-11833 (CVSS 9.8): Critical Flaw Exposes 400,000 WordPress Sites to Unauthenticated Account Takeover WordPress Privilege Escalation CVE-2026-1492 Sneeit Framework RCE, Unauthenticated Code Execution Post SMTP, Account Takeover WordPress Vulnerability, Unpatched XSS WordPress Vulnerability, PHP Object Injection WordPress AI Engine, Privilege Escalation CVE-2024-43153 & CVE-2024-43234

WordPress Privilege Escalation CVE-2026-1492 Sneeit Framework RCE, Unauthenticated Code Execution Post SMTP, Account Takeover WordPress Vulnerability, Unpatched XSS WordPress Vulnerability, PHP Object Injection WordPress AI Engine, Privilege Escalation CVE-2024-43153 & CVE-2024-43234

CVE-2025-11833 (CVSS 9.8): Critical Flaw Exposes 400,000 WordPress Sites to Unauthenticated Account Takeover

Ddos November 1, 2025

Wordfence Warns of Active Exploits Targeting Critical Privilege Escalation Flaw in WP Freeio (CVE-2025-11533) Elementor Unauthenticated EoP, CVE-2025-8489 Exploitation WordPress Privilege Escalation, WP Freeio WordPress backdoor Jupiter X Core - CVE-2024-7781 & CVE-2024-7782