Enterprise Security Archives • Page 2 of 3 • Daily CyberSecurity

CVE-2025-14026: Forcepoint DLP Flaw Lets Attackers Unchain Restricted Python

Altium Enterprise Server Vulnerability CVE-2026-9129 Path Traversal Patreon OAuth Vulnerability Identity Collision DRC INSIGHT Vulnerability Exam Data Hijacking Horner Automation PLC Industrial Brute Force Honeywell IQ4x Vulnerability CVE-2026-3611 DJI Romo vacuum security flaw Python Cryptography Vulnerability CVE-2026-26007 Open5GS Vulnerability CVE-2026-0622 Vivotek IP7137 Vulnerabilities CVE-2025-66049 Forcepoint DLP Vulnerability CVE-2025-14026 Cellopoint Secure Email Gateway - CVE-2024-9043

CVE-2025-14026: Forcepoint DLP Flaw Lets Attackers Unchain Restricted Python

Do Son January 7, 2026

A high-severity vulnerability in the Forcepoint One DLP Client has been disclosed, revealing a method for attackers...

shell-quote command injection AI-Driven Vulnerabilities Q1 2026 Cyber Threats vm2 Sandbox Escape Node.js RCE upKeeper Privilege Escalation CVE-2026-2449 Pharos Controls Vulnerability Root Access Exploit Cybersecurity Vulnerability Roundup CVSS 10.0 Flaws Shadow Archives CVE-2026-0866 MS-Agent Prompt Injection CVE-2026-2256 basic-ftp Path Traversal CVE-2026-27699 telnetd Root Vulnerability CVE-1999-0073 Regression USR-W610 Vulnerabilities End-of-Life IoT Security IceWarp Security Update IceWarp Vulnerabilities Airleader Master Vulnerability CVE-2026-1358 ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

CVE-2025-52691 (CVSS 10): Critical SmarterMail Flaw Opens Servers to Unauthenticated Attacks

Do Son December 30, 2025

The Cyber Security Agency of Singapore (CSA) has issued an urgent alert regarding a catastrophic vulnerability in...

CVE-2025-13915: Critical 9.8 Flaw in IBM API Connect Lets Attackers Bypass Login IBM API Connect, CVE-2025-13915 IBM Privilege Escalation, CVE-2025-36356 IBM Power Systems - CVE-2024-45656 CVE-2024-49814 and CVE-2024-51450 CVE-2024-56346 and CVE-2024-56347 CVE-2025-1302

IBM API Connect, CVE-2025-13915 IBM Privilege Escalation, CVE-2025-36356 IBM Power Systems - CVE-2024-45656 CVE-2024-49814 and CVE-2024-51450 CVE-2024-56346 and CVE-2024-56347 CVE-2025-1302

CVE-2025-13915: Critical 9.8 Flaw in IBM API Connect Lets Attackers Bypass Login

Do Son December 30, 2025

IBM has issued an urgent security alert for users of its API Connect platform after internal testing...

Critical IBM AIX RCE (CVE-2025-36250, CVSS 10.0) Flaw Exposes NIM Private Keys and Risks Directory Traversal IBM AIX RCE, NIM Private Key Leak

Critical IBM AIX RCE (CVE-2025-36250, CVSS 10.0) Flaw Exposes NIM Private Keys and Risks Directory Traversal

Do Son November 17, 2025

IBM has released a new security bulletin addressing multiple high-severity vulnerabilities affecting AIX 7.2, AIX 7.3, and...

GitLab Patches Two High-Severity Flaws in GraphQL API Affecting Both CE and EE Editions GitLab security updates Duo AI flaw fixed GitLab Runner Hijack, DoS Fix GitLab GraphQL Flaws, CVE-2025-11340 CVE-2024-9693 GitLab vulnerability, XSS

GitLab security updates Duo AI flaw fixed GitLab Runner Hijack, DoS Fix GitLab GraphQL Flaws, CVE-2025-11340 CVE-2024-9693 GitLab vulnerability, XSS

GitLab Patches Two High-Severity Flaws in GraphQL API Affecting Both CE and EE Editions

Do Son October 9, 2025

GitLab has released important updates addressing two high-severity vulnerabilities that impact both its Community Edition (CE) and...

Morte Botnet Unveiled: A Rapidly Growing Loader-as-a-Service Campaign Exploiting Routers and Enterprise Apps

Do Son September 29, 2025

Researchers at CloudSEK Threat Intelligence (TRIAD) have exposed a sophisticated botnet operation that systematically compromises SOHO routers,...

URGENT: NetScaler Zero-Day CVE-2025-7775 Under Active Attack NetScaler, CVE-2025-7775

URGENT: NetScaler Zero-Day CVE-2025-7775 Under Active Attack

Do Son August 26, 2025

The Cloud Software Group (CSG) has released urgent security updates to address three high-severity vulnerabilities affecting NetScaler...

CISA Adds Citrix and Git Flaws to Known Exploited Vulnerabilities Catalog n8n RCE Vulnerability CVE-2025-68613 CISA KEV WinRAR Zero-Day, Cloud Files UAF OpenPLC ScadaBR, CVE-2021-26829 CISA KEV, Gladinet LFI RCE XWiki RCE, VMware EoP CISA KEV CISA, Known Exploited Vulnerabilities CVE-2020-2883 CISA, Trend Micro

n8n RCE Vulnerability CVE-2025-68613 CISA KEV WinRAR Zero-Day, Cloud Files UAF OpenPLC ScadaBR, CVE-2021-26829 CISA KEV, Gladinet LFI RCE XWiki RCE, VMware EoP CISA KEV CISA, Known Exploited Vulnerabilities CVE-2020-2883 CISA, Trend Micro

CISA Adds Citrix and Git Flaws to Known Exploited Vulnerabilities Catalog

Do Son August 26, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has added three new vulnerabilities to its Known Exploited Vulnerabilities...

Four Critical Flaws in a Privileged Access Manager Exposed by Rapid7 Privileged access manager, Securden

Four Critical Flaws in a Privileged Access Manager Exposed by Rapid7

Do Son August 26, 2025

Security researchers at Rapid7 have uncovered four serious vulnerabilities in Securden Unified Privileged Access Manager (PAM), a...

CVE-2025-26496 (CVSS 9.6): Critical Flaw in Tableau Server Expose Enterprises to Code Execution Risks Tableau Vulnerability CVE-2025-26496

CVE-2025-26496 (CVSS 9.6): Critical Flaw in Tableau Server Expose Enterprises to Code Execution Risks

Do Son August 25, 2025

Salesforce Security has announced the resolution of multiple vulnerabilities in Tableau Server, identified during a proactive security...

IBM Issues Critical Patch for Jazz Team Server Vulnerability (CVE-2025-36157) IBM Vulnerability CVE-2025-36157

IBM Issues Critical Patch for Jazz Team Server Vulnerability (CVE-2025-36157)

Do Son August 25, 2025

IBM has released a security bulletin addressing a severe vulnerability in its Jazz Team Server, a Java-based...

CVE-2025-36038: Critical RCE Vulnerability Discovered in IBM WebSphere Application Server IBM WebSphere, Remote Code Execution

CVE-2025-36038: Critical RCE Vulnerability Discovered in IBM WebSphere Application Server

Do Son June 27, 2025

IBM has issued a security alert regarding a high-severity vulnerability—CVE-2025-36038—affecting WebSphere Application Server versions 8.5 and 9.0....

Critical Versa Director Flaw: RCE Possible via HA Ports, PoC Available

Do Son June 20, 2025

A newly discovered critical vulnerability in Versa Networks’ SD-WAN orchestration platform, Versa Director, exposes enterprise networks to...

HPE Aruba Networking Patches Sensitive Data Exposure Vulnerability in Private 5G Core Platform HPE Aruba, 5G Security

HPE Aruba Networking Patches Sensitive Data Exposure Vulnerability in Private 5G Core Platform

Do Son June 11, 2025

HPE Aruba Networking has released a security update addressing a high-severity vulnerability in its Private 5G Core...

Ivanti Patches High-Severity Credential Decryption Flaws in Workspace Control Ivanti Workspace Control

Ivanti Patches High-Severity Credential Decryption Flaws in Workspace Control

Do Son June 11, 2025

Ivanti has released critical security updates addressing three high-severity vulnerabilities in Ivanti Workspace Control (IWC)—a widely-used tool...

Critical 9.6 CVSS RCE: ManageEngine Exchange Reporter Plus Vulnerability Discovered! CVE-2025-3835, Exchange Reporter Plus

Critical 9.6 CVSS RCE: ManageEngine Exchange Reporter Plus Vulnerability Discovered!

Do Son June 9, 2025

ManageEngine’s Exchange Reporter Plus, a widely-used web-based monitoring and reporting tool for Microsoft Exchange, has been found...

CVSS 9.8 Alert: Critical Flaws in HPE Insight Remote Support Enable RCE & File Access HPE Security, Insight RS Vulnerabilities

CVSS 9.8 Alert: Critical Flaws in HPE Insight Remote Support Enable RCE & File Access

Do Son June 5, 2025

Hewlett Packard Enterprise (HPE) has issued a security advisory addressing multiple high-impact vulnerabilities in its Insight Remote...

Critical RCE Flaws in MICI NetFax Server Unpatched, Vendor Refuses Fix NetFax Vulnerabilities, RCE

Critical RCE Flaws in MICI NetFax Server Unpatched, Vendor Refuses Fix

Do Son June 2, 2025

Security researchers at Rapid7 have uncovered a troubling trio of vulnerabilities in MICI Network Co., Ltd.’s NetFax...

Print Security Warning: Canon Printers Exposed to Data Theft Printer security, Canon update

Print Security Warning: Canon Printers Exposed to Data Theft

Do Son May 23, 2025

Canon has issued a security advisory warning customers about two high-severity vulnerabilities—CVE-2025-3078 and CVE-2025-3079—that affect a range...

Critical Vulnerabilities Uncovered in Mitel SIP Phones: Command Injection and File Upload Risks Mitel vulnerabilities, SIP phone security

Critical Vulnerabilities Uncovered in Mitel SIP Phones: Command Injection and File Upload Risks

Do Son May 11, 2025

In a newly published security advisory, Mitel has disclosed two critical vulnerabilities affecting several of its SIP...

Critical Alert 3 Active Exploits Detected Today

Critical Alert

Enterprise Security

CVE-2025-14026: Forcepoint DLP Flaw Lets Attackers Unchain Restricted Python

CVE-2025-52691 (CVSS 10): Critical SmarterMail Flaw Opens Servers to Unauthenticated Attacks

CVE-2025-13915: Critical 9.8 Flaw in IBM API Connect Lets Attackers Bypass Login

Critical IBM AIX RCE (CVE-2025-36250, CVSS 10.0) Flaw Exposes NIM Private Keys and Risks Directory Traversal

GitLab Patches Two High-Severity Flaws in GraphQL API Affecting Both CE and EE Editions

Morte Botnet Unveiled: A Rapidly Growing Loader-as-a-Service Campaign Exploiting Routers and Enterprise Apps

URGENT: NetScaler Zero-Day CVE-2025-7775 Under Active Attack

CISA Adds Citrix and Git Flaws to Known Exploited Vulnerabilities Catalog

Four Critical Flaws in a Privileged Access Manager Exposed by Rapid7

CVE-2025-26496 (CVSS 9.6): Critical Flaw in Tableau Server Expose Enterprises to Code Execution Risks

IBM Issues Critical Patch for Jazz Team Server Vulnerability (CVE-2025-36157)

CVE-2025-36038: Critical RCE Vulnerability Discovered in IBM WebSphere Application Server

Critical Versa Director Flaw: RCE Possible via HA Ports, PoC Available

HPE Aruba Networking Patches Sensitive Data Exposure Vulnerability in Private 5G Core Platform

Ivanti Patches High-Severity Credential Decryption Flaws in Workspace Control

Critical 9.6 CVSS RCE: ManageEngine Exchange Reporter Plus Vulnerability Discovered!

CVSS 9.8 Alert: Critical Flaws in HPE Insight Remote Support Enable RCE & File Access

Critical RCE Flaws in MICI NetFax Server Unpatched, Vendor Refuses Fix

Print Security Warning: Canon Printers Exposed to Data Theft

Critical Vulnerabilities Uncovered in Mitel SIP Phones: Command Injection and File Upload Risks