Information Disclosure Archives • Daily CyberSecurity

Cisco SD-WAN Manager XXE Flaw Grants Unauthenticated Access to Private Files Cisco SD-WAN Manager Vulnerability CVE-2026-20224 XXE

Cisco SD-WAN Manager XXE Flaw Grants Unauthenticated Access to Private Files

Do Son May 15, 2026

Cisco has detailed the curtain on a fresh set of vulnerabilities haunting its Catalyst SD-WAN Manager (formerly...

Urgent Update: Composer Vulnerability Leaks GitHub Secrets in Plaintext Logs (CVE-2026-45793) CVE-2026-40176, CVE-2026-40261 Composer GitHub Token Leak CVE-2026-45793

CVE-2026-40176, CVE-2026-40261 Composer GitHub Token Leak CVE-2026-45793

Urgent Update: Composer Vulnerability Leaks GitHub Secrets in Plaintext Logs (CVE-2026-45793)

Do Son May 14, 2026

In a critical security alert for the PHP community, Nils Adermann, Co-Creator of Composer, has issued an...

Unpatch Ollama Flaw: Malicious Model Uploads Can Leak Server Heap Memory Ollama Heap Leak CVE-2026-5757 Anritsu Vulnerability Authentication Bypass Gootloader Malware Malformed ZIP Evasion Blender Malware, StealC V2 Lectora, XSS CVE-2025-9125 HFS RCE, Template Injection Arch Linux Malware, CHAOS RAT CVE-2024-56404 - CVE-2024-39327 CVE-2025-2538

Ollama Heap Leak CVE-2026-5757 Anritsu Vulnerability Authentication Bypass Gootloader Malware Malformed ZIP Evasion Blender Malware, StealC V2 Lectora, XSS CVE-2025-9125 HFS RCE, Template Injection Arch Linux Malware, CHAOS RAT CVE-2024-56404 - CVE-2024-39327 CVE-2025-2538

Unpatch Ollama Flaw: Malicious Model Uploads Can Leak Server Heap Memory

Do Son April 23, 2026

A critical unauthenticated remote information disclosure vulnerability has been uncovered in Ollama, the popular open-source tool used...

Cisco SD-WAN Vulnerability CVE-2026-20133 FortiGate Compromise Ivanti EPMM Zero-Day CVE-2026-1281 SmarterMail Vulnerability Storm-2603 WatchGuard Zero-Day, IKEv2 Out-of-Bounds Write Cisco Zero-Day, UAT-9686 Chinese APT FortiWeb RCE Exploitation CVE-2025-58034 VMware Zero-Day, Privilege Escalation Sitecore, remote code execution CVE-2025-53690 Windows CLFS, Privilege Escalation CVE-2024-47575 & CVE-2024-11120 CVE-2025-24983 vulnerability

In the Wild: Information Disclosure (CVE-2026-20133) Exploited in Cisco SD-WAN Manager

Do Son April 23, 2026

The networking giant Cisco has issued an urgent warning to enterprise administrators. In April 2026, the Cisco...

Critical—9 Vulnerabilities in Orthanc DICOM Servers Threaten Medical Data Integrity CVE-2025-2263 Orthanc Security DICOM Vulnerabilities

Critical—9 Vulnerabilities in Orthanc DICOM Servers Threaten Medical Data Integrity

Do Son April 14, 2026

A series of critical security flaws has been uncovered in Orthanc, the popular open-source “lightweight Digital Imaging...

Squid Caching Proxy Alert: Critical ICP Protocol Flaws Threaten Web Infrastructure CVE-2024-25617 CVE-2025-59362 Squid Proxy ICP Vulnerability

CVE-2024-25617 CVE-2025-59362 Squid Proxy ICP Vulnerability

Squid Caching Proxy Alert: Critical ICP Protocol Flaws Threaten Web Infrastructure

Do Son March 25, 2026

Squid, the widely deployed open-source caching proxy, has been hit with a trio of significant security vulnerabilities...

CI/CD at Risk: High-Severity Jenkins XSS Flaw Exposes Build Environments Jenkins Security Update CVE-2026-27099 Jenkins security - CVE-2023-35141 Jenkins plugins, CVE-2025-47884

Jenkins Security Update CVE-2026-27099 Jenkins security - CVE-2023-35141 Jenkins plugins, CVE-2025-47884

CI/CD at Risk: High-Severity Jenkins XSS Flaw Exposes Build Environments

Do Son February 19, 2026

Maintainers of Jenkins, the world’s leading open-source automation server, have issued critical security updates to address two...

CVE-2025-67732: Dify Patch Fixes High-Severity Plaintext API Key Exposure Dify API Key Exposure, LLM Security Dify Information Disclosure, LLM Security

Dify API Key Exposure, LLM Security Dify Information Disclosure, LLM Security

CVE-2025-67732: Dify Patch Fixes High-Severity Plaintext API Key Exposure

Do Son January 7, 2026

Dify, the popular open-source platform used by developers to build Large Language Model (LLM) applications and RAG...

CVE-2025-68428: Critical Flaw in jsPDF Library Allows Server-Side File Theft

Do Son January 6, 2026

A critical vulnerability has been discovered in jsPDF, one of the most popular JavaScript libraries for generating...

Apache SIS Patch Blocks XML Attack That Leaks Server Files Apache SIS, CVE-2025-68280

Apache SIS Patch Blocks XML Attack That Leaks Server Files

Do Son January 6, 2026

The Apache Software Foundation has issued a security advisory for the Apache Spatial Information System (SIS), a...

CVE-2025-66518: High-Severity Flaw in Apache Kyuubi Exposes Local Server Files Apache Kyuubi, CVE-2025-66518

CVE-2025-66518: High-Severity Flaw in Apache Kyuubi Exposes Local Server Files

Do Son January 6, 2026

Apache Kyuubi, the distributed gateway designed to provide secure, serverless SQL access to massive data lakes, has...

CISA Alert: MongoBleed Added to KEV Catalog as 80,000+ Servers Face Active Exploitation Knowledge Deliver RCE vulnerability FortiClient EMS Vulnerability CVE-2026-35616 Cisco SD-WAN Vulnerability CVE-2026-20122 PCPcat, Next.js RCE Salesloft breach, Salesforce CRM WIREFIRE web shell

Knowledge Deliver RCE vulnerability FortiClient EMS Vulnerability CVE-2026-35616 Cisco SD-WAN Vulnerability CVE-2026-20122 PCPcat, Next.js RCE Salesloft breach, Salesforce CRM WIREFIRE web shell

CISA Alert: MongoBleed Added to KEV Catalog as 80,000+ Servers Face Active Exploitation

Do Son December 30, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has officially sounded the alarm on a critical vulnerability in...

PoC Released: MongoBleed Exploit Allows Unauthenticated Attackers to Drain MongoDB Memory MongoBleed, CVE-2025-14847

PoC Released: MongoBleed Exploit Allows Unauthenticated Attackers to Drain MongoDB Memory

Do Son December 29, 2025

Database administrators are facing a critical security emergency after the disclosure of a high-severity vulnerability in MongoDB,...

The “lc” Leak: Critical 9.3 Severity LangChain Flaw Turns Prompt Injections into Secret Theft LangChain Serialization Injection, CVE-2025-68664

The “lc” Leak: Critical 9.3 Severity LangChain Flaw Turns Prompt Injections into Secret Theft

Do Son December 25, 2025

A critical vulnerability was found in LangChain, the popular open-source framework used to power Large Language Model...

Critical Unauthenticated MongoDB Flaw Leaks Sensitive Data via zlib Compression MongoDB Vulnerability CVE-2026-25611 MongoDB zlib vulnerability, CVE-2025-14847 MongoDB Vulnerabilities, Data Access CVE-2024-6376 CVE-2025-0755

MongoDB Vulnerability CVE-2026-25611 MongoDB zlib vulnerability, CVE-2025-14847 MongoDB Vulnerabilities, Data Access CVE-2024-6376 CVE-2025-0755

Critical Unauthenticated MongoDB Flaw Leaks Sensitive Data via zlib Compression

Do Son December 23, 2025

A critical vulnerability was disclosed in MongoDB, one of the world’s most popular NoSQL database platforms. The...

Identity Theft in M-Files: High-Severity Flaw Lets Insiders Hijack User Accounts and Access Sensitive Data

Do Son December 23, 2025

M-Files, the intelligent information management platform used by enterprises to organize their documents, has issued a security...

AI’s Exposed Side Door: Dify Flaw (CVE-2025-63387) Leaks System Configs to Anonymous Users Dify API Key Exposure, LLM Security Dify Information Disclosure, LLM Security

AI’s Exposed Side Door: Dify Flaw (CVE-2025-63387) Leaks System Configs to Anonymous Users

Do Son December 22, 2025

As the race to build the next generation of AI applications accelerates, a significant security gap has...

Roundcube Alert: High-Severity SVG XSS and CSS Sanitizer Flaws Threaten Webmail Privacy Roundcube SVG XSS, HTML Style Sanitizer Roundcube Phishing Roundcube webmail vulnerability

Roundcube SVG XSS, HTML Style Sanitizer Roundcube Phishing Roundcube webmail vulnerability

Roundcube Alert: High-Severity SVG XSS and CSS Sanitizer Flaws Threaten Webmail Privacy

Do Son December 19, 2025

The maintainers of Roundcube Webmail, one of the world’s most widely used open-source email solutions, have issued...

High-Severity Zoom Rooms Flaw Risks Privilege Escalation via Downgrade Protection Bypass Zoom Rooms LPE, Downgrade Protection Bypass Zoom High-Risk Flaws Zoom security updates

Zoom Rooms LPE, Downgrade Protection Bypass Zoom High-Risk Flaws Zoom security updates

High-Severity Zoom Rooms Flaw Risks Privilege Escalation via Downgrade Protection Bypass

Do Son December 11, 2025

Zoom Video Communications has released a critical security update for its Zoom Rooms software, addressing vulnerabilities that...

High-Severity GitLab XSS Flaw (CVE-2025-12716) Risks Session Hijack via Malicious Wiki Pages CVE-2024-9164 - CVE-2025-0376 GitLab Wiki XSS, Session Hijack Flaw

CVE-2024-9164 - CVE-2025-0376 GitLab Wiki XSS, Session Hijack Flaw

High-Severity GitLab XSS Flaw (CVE-2025-12716) Risks Session Hijack via Malicious Wiki Pages

Do Son December 11, 2025

In a critical mid-week security sprint, GitLab has rolled out a series of important updates for its...

Critical Alert 3 Active Exploits Detected Today

Critical Alert

Information Disclosure

Cisco SD-WAN Manager XXE Flaw Grants Unauthenticated Access to Private Files

Urgent Update: Composer Vulnerability Leaks GitHub Secrets in Plaintext Logs (CVE-2026-45793)

Unpatch Ollama Flaw: Malicious Model Uploads Can Leak Server Heap Memory

In the Wild: Information Disclosure (CVE-2026-20133) Exploited in Cisco SD-WAN Manager

Critical—9 Vulnerabilities in Orthanc DICOM Servers Threaten Medical Data Integrity

Squid Caching Proxy Alert: Critical ICP Protocol Flaws Threaten Web Infrastructure

CI/CD at Risk: High-Severity Jenkins XSS Flaw Exposes Build Environments

CVE-2025-67732: Dify Patch Fixes High-Severity Plaintext API Key Exposure

CVE-2025-68428: Critical Flaw in jsPDF Library Allows Server-Side File Theft

Apache SIS Patch Blocks XML Attack That Leaks Server Files

CVE-2025-66518: High-Severity Flaw in Apache Kyuubi Exposes Local Server Files

CISA Alert: MongoBleed Added to KEV Catalog as 80,000+ Servers Face Active Exploitation

PoC Released: MongoBleed Exploit Allows Unauthenticated Attackers to Drain MongoDB Memory

The “lc” Leak: Critical 9.3 Severity LangChain Flaw Turns Prompt Injections into Secret Theft

Critical Unauthenticated MongoDB Flaw Leaks Sensitive Data via zlib Compression

Identity Theft in M-Files: High-Severity Flaw Lets Insiders Hijack User Accounts and Access Sensitive Data

AI’s Exposed Side Door: Dify Flaw (CVE-2025-63387) Leaks System Configs to Anonymous Users

Roundcube Alert: High-Severity SVG XSS and CSS Sanitizer Flaws Threaten Webmail Privacy

High-Severity Zoom Rooms Flaw Risks Privilege Escalation via Downgrade Protection Bypass

High-Severity GitLab XSS Flaw (CVE-2025-12716) Risks Session Hijack via Malicious Wiki Pages