default credentials Archives • Daily CyberSecurity

Critical Apache Solr Security Flaw Exposes Clusters to Remote Takeover Apache Solr default credentials CVE-2026-44825 workaround CVE-2025-24814 & CVE-2025-24814

Critical Apache Solr Security Flaw Exposes Clusters to Remote Takeover

Do Son June 3, 2026

A high-severity Apache Solr default credentials vulnerability now threatens enterprise search infrastructure globally. Security researchers recently discovered...

Critical 9.4 CVSS Flaw Exposes Harbor Registries to Total Hijack Harbor Registry Supply Chain Attack

Critical 9.4 CVSS Flaw Exposes Harbor Registries to Total Hijack

Do Son March 25, 2026

The CERT Coordination Center (CERT/CC) has issued a critical security warning regarding GoHarbor’s Harbor, a widely used...

Altium Enterprise Server Vulnerability CVE-2026-9129 Path Traversal Patreon OAuth Vulnerability Identity Collision DRC INSIGHT Vulnerability Exam Data Hijacking Horner Automation PLC Industrial Brute Force Honeywell IQ4x Vulnerability CVE-2026-3611 DJI Romo vacuum security flaw Python Cryptography Vulnerability CVE-2026-26007 Open5GS Vulnerability CVE-2026-0622 Vivotek IP7137 Vulnerabilities CVE-2025-66049 Forcepoint DLP Vulnerability CVE-2025-14026 Cellopoint Secure Email Gateway - CVE-2024-9043

CVE-2026-0622: Hardcoded Secret Exposes Open5GS 5G Core Networks

Do Son January 22, 2026

A critical security flaw has been uncovered in Open5GS, a popular open-source implementation of 5G core network...

The Open Door: Critical 9.8 Severity Flaw in Harvester Lets Hackers Hijack New Servers Harvester HCI, CVE-2025-62877

The Open Door: Critical 9.8 Severity Flaw in Harvester Lets Hackers Hijack New Servers

Do Son January 6, 2026

Harvester, the open-source hyperconverged infrastructure (HCI) solution built on Kubernetes, has hit a critical bug. A new...

shell-quote command injection AI-Driven Vulnerabilities Q1 2026 Cyber Threats vm2 Sandbox Escape Node.js RCE upKeeper Privilege Escalation CVE-2026-2449 Pharos Controls Vulnerability Root Access Exploit Cybersecurity Vulnerability Roundup CVSS 10.0 Flaws Shadow Archives CVE-2026-0866 MS-Agent Prompt Injection CVE-2026-2256 basic-ftp Path Traversal CVE-2026-27699 telnetd Root Vulnerability CVE-1999-0073 Regression USR-W610 Vulnerabilities End-of-Life IoT Security IceWarp Security Update IceWarp Vulnerabilities Airleader Master Vulnerability CVE-2026-1358 ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

Critical WatchGuard Firebox Flaw (CVE-2025-59396, CVSS 9.8) Allows Unauthenticated Admin SSH Takeover via Default Credentials

Do Son November 11, 2025

A critical configuration flaw (CVE-2025-59396) has been discovered in WatchGuard Firebox devices, allowing remote attackers to gain...

Critical Flaws Found in Partner Software: Default Admin Passwords & XSS Allow RCE on Government Systems Partner Software, RCE Vulnerability

Critical Flaws Found in Partner Software: Default Admin Passwords & XSS Allow RCE on Government Systems

Do Son August 4, 2025

A recent vulnerability note issued by CERT/CC disclosured three critical security flaws in Partner Software’s flagship platforms—Partner...

Critical Kubernetes Image Builder Flaw: Default Credentials Grant Root Access to Windows Nodes Ingress-Nginx Vulnerability Kubernetes RCE Vulnerability CVE-2025-9708 Kubernetes Security, Image Builder Vulnerability CVE-2024-10220 - OPA Gatekeeper Bypass

Ingress-Nginx Vulnerability Kubernetes RCE Vulnerability CVE-2025-9708 Kubernetes Security, Image Builder Vulnerability CVE-2024-10220 - OPA Gatekeeper Bypass

Critical Kubernetes Image Builder Flaw: Default Credentials Grant Root Access to Windows Nodes

Do Son July 22, 2025

The Kubernetes project has issued an important advisory addressing a critical vulnerability—CVE-2025-7342 (CVSS 8.1)—in the Kubernetes Image...

Critical Versa Director Flaw (CVSS 9.8): Hardcoded Credentials Grant Root Access, PoC Available Versa Director, Default Credentials

Critical Versa Director Flaw (CVSS 9.8): Hardcoded Credentials Grant Root Access, PoC Available

Do Son June 19, 2025

A newly disclosed critical vulnerability in Versa Director, a centralized network and security management platform, may allow...

Urgent Siemens Energy Alert: Critical Flaw (CVSS 9.9) in Private 5G Core Exposes Sensitive Data! Siemens Energy, Critical Vulnerability CVE-2025-40585

Siemens Energy, Critical Vulnerability CVE-2025-40585

Urgent Siemens Energy Alert: Critical Flaw (CVSS 9.9) in Private 5G Core Exposes Sensitive Data!

Do Son June 12, 2025

Siemens has issued a critical security advisory regarding its Energy Services platform—formerly known as Managed Applications and...

Critical RCE Flaws in MICI NetFax Server Unpatched, Vendor Refuses Fix NetFax Vulnerabilities, RCE

Critical RCE Flaws in MICI NetFax Server Unpatched, Vendor Refuses Fix

Do Son June 2, 2025

Security researchers at Rapid7 have uncovered a troubling trio of vulnerabilities in MICI Network Co., Ltd.’s NetFax...

Sony Camera Hack (CVSS 9.4): Default Credential Flaw Risks Full Control (PoC) Sony camera hack, default credential exploit

Sony Camera Hack (CVSS 9.4): Default Credential Flaw Risks Full Control (PoC)

Do Son May 26, 2025

A newly disclosed critical vulnerability in Sony’s SNC-series network cameras—tracked as CVE-2025-5124 with a CVSS score of...

Digigram PYKO-OUT AoIP Devices Exposed to Attacks Due to Missing Default Password Digigram, default password vulnerability

Digigram PYKO-OUT AoIP Devices Exposed to Attacks Due to Missing Default Password

Do Son May 6, 2025

A security vulnerability has been identified in Digigram’s PYKO-OUT audio-over-IP (AoIP) product, raising concerns about its use...

Critical Alert 1 Active Exploit Detected Today