Exploit Archives • Daily CyberSecurity

New 7-Zip Heap Buffer Overflow Disclosed with Public PoC 7-Zip heap buffer overflow CVE-2025-0411 7-Zip path traversal

New 7-Zip Heap Buffer Overflow Disclosed with Public PoC

Ddos May 26, 2026

Security researchers have uncovered a critical security flaw in the popular file archiver 7-Zip. Specifically, this 7-Zip...

Zero-Click Shell: Public Exploit and PoC Disclosed for Android’s Critical ADB Auth Bypass (CVE-2026-0073) Android ADB Auth Bypass CVE-2026-0073 PoC

Zero-Click Shell: Public Exploit and PoC Disclosed for Android’s Critical ADB Auth Bypass (CVE-2026-0073)

Ddos May 11, 2026

A critical vulnerability existing within the core of Android’s developer tools has been exposed, revealing a zero-click...

Label Leak: Hardcoded Credentials in Snap One WattBox Devices Open Door to Root Access WattBox Vulnerability Root Access Exploit

Label Leak: Hardcoded Credentials in Snap One WattBox Devices Open Door to Root Access

Ddos April 29, 2026

A critical vulnerability has been identified in the Snap One WattBox 800 and 820 series power controllers....

Critical LiteLLM SQL Injection (CVE-2026-42208) Exploited in the Wild LiteLLM SQL Injection CVE-2026-42208 LiteLLM Vulnerability AI Infrastructure Security

LiteLLM SQL Injection CVE-2026-42208 LiteLLM Vulnerability AI Infrastructure Security

Critical LiteLLM SQL Injection (CVE-2026-42208) Exploited in the Wild

Ddos April 28, 2026

Security researchers have sounded the alarm on a critical vulnerability in LiteLLM, a massively popular open-source gateway...

Fragged Files: Critical Zero-Day Hits Quake III Arena Engines via Directory Traversal Quake III Arena, Zero-Day Vulnerability

Fragged Files: Critical Zero-Day Hits Quake III Arena Engines via Directory Traversal

Ddos January 5, 2026

The Quake III Arena engine, a cornerstone of FPS history open-sourced by id Software, has been hit...

CVE-2025-54918: Windows NTLM Elevation of Privilege Vulnerability Smart App Control blocking Armoury Crate, ROG Ally Defender false positive 2026 Microsoft Zero-Day, Cloud Files UAF Microsoft Access end of life CVE-2025-21298 Azure Vulnerabilities

Smart App Control blocking Armoury Crate, ROG Ally Defender false positive 2026 Microsoft Zero-Day, Cloud Files UAF Microsoft Access end of life CVE-2025-21298 Azure Vulnerabilities

CVE-2025-54918: Windows NTLM Elevation of Privilege Vulnerability

Ddos November 26, 2025

Just when administrators thought NTLM relay attacks were becoming a thing of the past, a dangerous new...

PoC Published: Linux Kernel 0-Click RCE Vulnerability Found in ksmbd Linux kernel, SMB vulnerability

PoC Published: Linux Kernel 0-Click RCE Vulnerability Found in ksmbd

Ddos September 16, 2025

In a recent deep-dive analysis, security researcher BitsByWill examined two critical Linux kernel vulnerabilities—CVE-2023-52440 and CVE-2023-4130—both impacting...

URGENT: Sangoma FreePBX Warns of Exploit, Urges Immediate Administrator Lockdown FreePBX, security advisory

URGENT: Sangoma FreePBX Warns of Exploit, Urges Immediate Administrator Lockdown

Ddos August 28, 2025

The Sangoma FreePBX Security Team has issued an urgent security advisory after discovering a potential exploit targeting...

ImageMagick Patches Multiple Flaws: High-Severity Memory Bugs Fixed ImageMagick Vulnerability CVE-2026-23876 ImageMagick TIM Overflow, Memory Disclosure Flaw ImageMagick vulnerabilities, memory corruption CVE-2023-34152

ImageMagick Patches Multiple Flaws: High-Severity Memory Bugs Fixed

Ddos August 15, 2025

The maintainers of ImageMagick have patched four security vulnerabilities that could impact applications using the popular image...

FortiSIEM CVE-2025-25256 (CVSS 9.8): Remote Unauthenticated Command Injection with Exploit in the Wild FortiSIEM, Command Injection CVE-2025-25256

FortiSIEM, Command Injection CVE-2025-25256

FortiSIEM CVE-2025-25256 (CVSS 9.8): Remote Unauthenticated Command Injection with Exploit in the Wild

Ddos August 13, 2025

Fortinet has issued an urgent security advisory for a critical remote unauthenticated command injection vulnerability affecting multiple...

Linux Kernel Flaw (CVE-2025-38236): Privilege Escalation Risk, PoC Code Available Linux Kernel Exploit, Privilege Escalation

Linux Kernel Flaw (CVE-2025-38236): Privilege Escalation Risk, PoC Code Available

Ddos August 11, 2025

Security researcher Jann Horn from Google Project Zero disclosed the technical details and proof-of-concept exploit code for...

Cisco SD-WAN Vulnerability CVE-2026-20133 FortiGate Compromise Ivanti EPMM Zero-Day CVE-2026-1281 SmarterMail Vulnerability Storm-2603 WatchGuard Zero-Day, IKEv2 Out-of-Bounds Write Cisco Zero-Day, UAT-9686 Chinese APT FortiWeb RCE Exploitation CVE-2025-58034 VMware Zero-Day, Privilege Escalation Sitecore, remote code execution CVE-2025-53690 Windows CLFS, Privilege Escalation CVE-2024-47575 & CVE-2024-11120 CVE-2025-24983 vulnerability

Windows Zero-Day Actively Exploited by Ransomware Gangs – PoC Available!

Ddos July 21, 2025

In April 2025, Microsoft issued a critical security patch addressing a serious vulnerability in the Windows Common...

FortiWeb SQL Injection (CVE-2025-25257) Added to CISA KEV After Active Exploitation, PoC Available! ActiveMQ RCE CVE-2026-34197 CISA KEV Catalog Actively Exploited Vulnerabilities CISA KEV Catalog CVE-2025-37164 GeoServer XXE, CISA KEV FortiWeb SQLi, CISA KEV Critical Vulnerabilities CVE-2024-20953

ActiveMQ RCE CVE-2026-34197 CISA KEV Catalog Actively Exploited Vulnerabilities CISA KEV Catalog CVE-2025-37164 GeoServer XXE, CISA KEV FortiWeb SQLi, CISA KEV Critical Vulnerabilities CVE-2024-20953

FortiWeb SQL Injection (CVE-2025-25257) Added to CISA KEV After Active Exploitation, PoC Available!

Ddos July 19, 2025

A critical SQL injection vulnerability in Fortinet FortiWeb, tracked as CVE-2025-25257, has been added to the CISA...

Linux Kernel Flaw (CVE-2023-0386) Actively Exploited for Root Privilege Escalation, PoC Available CVE-2023-0386 PoC Linux Privilege Escalation, OverlayFS

CVE-2023-0386 PoC Linux Privilege Escalation, OverlayFS

Linux Kernel Flaw (CVE-2023-0386) Actively Exploited for Root Privilege Escalation, PoC Available

Ddos June 18, 2025

A dangerous Linux privilege escalation vulnerability, CVE-2023-0386, has officially entered the CISA Known Exploited Vulnerabilities (KEV) Catalog...

Windows Kernel Flaws Revealed: SYSTEM-Level Privilege Escalation & PoC Exploits Available Now! Windows Kernel, Privilege Escalation

Windows Kernel Flaws Revealed: SYSTEM-Level Privilege Escalation & PoC Exploits Available Now!

Ddos June 11, 2025

Security researcher Jael Koh of PixiePoint Security has unveiled the technical details and working proof-of-concept exploits for...

CISA Flags Active Exploits in Erlang/OTP SSH and Roundcube Webmail: Critical RCE and XSS Flaws Under Attack ActiveMQ RCE CVE-2026-34197 CISA KEV Catalog Actively Exploited Vulnerabilities CISA KEV Catalog CVE-2025-37164 GeoServer XXE, CISA KEV FortiWeb SQLi, CISA KEV Critical Vulnerabilities CVE-2024-20953

CISA Flags Active Exploits in Erlang/OTP SSH and Roundcube Webmail: Critical RCE and XSS Flaws Under Attack

Ddos June 10, 2025

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two new vulnerabilities to its Known Exploited...

Microsoft BFS Flaws Expose Windows to Privilege Escalation – PoC Code Released Race Condition Exploit

Microsoft BFS Flaws Expose Windows to Privilege Escalation – PoC Code Released

Ddos June 9, 2025

Security researchers at ht3labs published the technical details and proof-of-concept exploit code for a trio of critical...

FormBook Returns: Exploiting CVE-2017-0199 via Malicious Excel Attachments in New Phishing Campaign Demo for CVE-2017-0199

FormBook Returns: Exploiting CVE-2017-0199 via Malicious Excel Attachments in New Phishing Campaign

Ddos June 9, 2025

FortiGuard Labs has uncovered a renewed phishing campaign that leverages the eight-year-old CVE-2017-0199 vulnerability to deploy FormBook,...

Legacy vBulletin 4.x Patch Backfires: RCE via Signed Base64 Payloads and a Full PoC vBulletin RCE

Legacy vBulletin 4.x Patch Backfires: RCE via Signed Base64 Payloads and a Full PoC

Ddos June 7, 2025

Security researcher Egidio Romano (EgiX) uncovers a fascinating PHP Object Injection (POI) vulnerability in legacy versions of...

Nintendo Switch 2 Hacked? Early Exploit Uncovered! Nintendo tariff lawsuit 2026 Nintendo Switch 2, MIG Tool Nintendo Switch 2, USB-C Restrictions Nintendo Switch 2, Vulnerability

Nintendo tariff lawsuit 2026 Nintendo Switch 2, MIG Tool Nintendo Switch 2, USB-C Restrictions Nintendo Switch 2, Vulnerability

Nintendo Switch 2 Hacked? Early Exploit Uncovered!

Ddos June 7, 2025

Nintendo’s recently launched Switch 2 console has already had a vulnerability discovered by enthusiasts. Security researcher David...