privilege escalation Archives • Page 7 of 15 • Daily CyberSecurity

Grafana Patches Critical SCIM Flaw (CVE-2025-41115, CVSS 10) Allowing Privilege Escalation and User Impersonation Grafana SCIM Flaw CVE-2025-41115 Grafana Vulnerabilities, XSS Flaw Grafana security alert, XSS patch

Grafana Patches Critical SCIM Flaw (CVE-2025-41115, CVSS 10) Allowing Privilege Escalation and User Impersonation

Do Son November 20, 2025

Grafana has released emergency security updates for Grafana Enterprise addressing a critical privilege-escalation flaw in its SCIM...

Cisco Warns of High-Severity Privilege Escalation Flaw (CVE-2025-20341) in Catalyst Center Virtual Appliance Cisco Catalyst EoP, CVE-2025-20341

Cisco Warns of High-Severity Privilege Escalation Flaw (CVE-2025-20341) in Catalyst Center Virtual Appliance

Do Son November 15, 2025

A newly disclosed high-severity vulnerability in the Cisco Catalyst Center Virtual Appliance could allow attackers with low-level...

NVIDIA acquisition rumors NVIDIA AI Security AI Framework Vulnerabilities Nvidia 595.76 Hotfix NVIDIA Megatron Bridge vulnerability GPU vs ASIC AI battle NVIDIA Driver Vulnerability CVE-2025-33217 NVIDIA biggest TSMC customer 2026, NVIDIA vs Apple TSMC revenue share NVIDIA CUDA Toolkit CVE-2025-33228 Groq NVIDIA licensing deal, Jonathan Ross acquihire 2025 NeMo Code Injection, AI Framework RCE NVIDIA App Privilege Escalation, CVE-2025-23358 NVIDIA Security Update, DLS Vulnerability CVE-2025-23316 NVIDIA NVDebug, vulnerabilities NVIDIA Driver Vulnerabilities, vGPU Security Nvidia Jetson, UEFI Vulnerabilities CVE-2024-0130 - CVE-2024-0136 CVE-2024-0148 NVIDIA Driver Support, Windows 10 EOL

High-Severity NVIDIA NeMo Framework Flaws Allow Code Injection and Privilege Escalation in AI Pipelines

Do Son November 14, 2025

NVIDIA has released an important security update for its NeMo Framework, addressing two high-severity vulnerabilities that expose...

PoC Exploit Releases for Windows Privilege Escalation Vulnerability WindowsAI Recall LPE, Symlink Attack

PoC Exploit Releases for Windows Privilege Escalation Vulnerability

Do Son November 13, 2025

Microsoft has patched a newly disclosed local privilege escalation (LPE) vulnerability affecting the Host Process for Windows...

Critical Dell Data Lakehouse Vulnerability (CVE-2025-46608) Allows Privilege Escalation Dell ECS Security Update CVE-2026-40636 Hard-coded Credentials Dell Business Price Increase, RAM and SSD Shortage 2025 Dell Data Lakehouse, Critical Privilege Escalation Authentication Bypass Vulnerability CVE-2025-22398

Critical Dell Data Lakehouse Vulnerability (CVE-2025-46608) Allows Privilege Escalation

Do Son November 13, 2025

Dell has issued a security advisory warning customers of a critical severity vulnerability affecting Dell Data Lakehouse...

CVE-2025-11919: Wolfram Cloud Vulnerability Exposes Users to Privilege Escalation and Remote Code Execution Wolfram Cloud RCE, Multi-Tenant JVM

CVE-2025-11919: Wolfram Cloud Vulnerability Exposes Users to Privilege Escalation and Remote Code Execution

Do Son November 13, 2025

A newly disclosed vulnerability in Wolfram Cloud version 14.2 — tracked as CVE-2025-11919 — could allow attackers...

November Patch Tuesday: Microsoft Fixes 68 Flaws, Including Kernel Zero-Day Under Active Exploitation Windows Kernel Zero-Day, Patch Tuesday CVE-2022-34713 Patch Tuesday, Zero-day

Windows Kernel Zero-Day, Patch Tuesday CVE-2022-34713 Patch Tuesday, Zero-day

November Patch Tuesday: Microsoft Fixes 68 Flaws, Including Kernel Zero-Day Under Active Exploitation

Do Son November 12, 2025

Microsoft has released its November 2025 Patch Tuesday, addressing a total of 68 vulnerabilities, including a high-priority...

Critical Devolutions Server Flaw (CVE-2025-12485, CVSS 9.4) Allows User Impersonation via Pre-MFA Cookie Hijacking Devolutions Auth Bypass, Pre-MFA Cookie Hijacking

Devolutions Auth Bypass, Pre-MFA Cookie Hijacking

Critical Devolutions Server Flaw (CVE-2025-12485, CVSS 9.4) Allows User Impersonation via Pre-MFA Cookie Hijacking

Do Son November 11, 2025

Devolutions, a leading provider of privileged access management (PAM) and remote connection solutions, has released an urgent...

High-Severity Elastic Defend Flaw (CVE-2025-37735) Allows Local Attackers to Delete Arbitrary Files as SYSTEM Elastic Security Update CVE-2026-0532 Elastic Defend Arbitrary Delete, SYSTEM Privilege Escalation ECE Readonly EoP, Improper Authorization Elastic XSS, Kibana Vulnerabilities Elastic LPE, Observability Tools Vulnerabilities

High-Severity Elastic Defend Flaw (CVE-2025-37735) Allows Local Attackers to Delete Arbitrary Files as SYSTEM

Do Son November 10, 2025

Elastic has released security updates to address a serious flaw in Elastic Defend, its endpoint protection component...

PoC Exploit Released for CVE-2025-55680 – Windows Cloud Files Mini Filter Driver Elevation of Privilege Flaw Cloud Files Driver LPE, TOCTOU Race Condition

Cloud Files Driver LPE, TOCTOU Race Condition

PoC Exploit Released for CVE-2025-55680 – Windows Cloud Files Mini Filter Driver Elevation of Privilege Flaw

Do Son November 10, 2025

Security researchers from TyphoonPWN, the Windows PE Winner team, in collaboration with SSD Secure Disclosure, have uncovered...

OCI Fixes Container Escape Vulnerabilities in runc (CVE-2025-31133, CVE-2025-52565, CVE-2025-52881) runc Container Escape, Mount Race Condition

OCI Fixes Container Escape Vulnerabilities in runc (CVE-2025-31133, CVE-2025-52565, CVE-2025-52881)

Do Son November 7, 2025

The Open Container Initiative (OCI) has released security updates to address three high-severity vulnerabilities affecting its container...

Amazon Fixes High-Severity Authentication Token Exposure in WorkSpaces Client for Linux (CVE-2025-12779) WorkSpaces Token Leak, Local Privilege Escalation CVE-2025-0500 & CVE-2025-0501

WorkSpaces Token Leak, Local Privilege Escalation CVE-2025-0500 & CVE-2025-0501

Amazon Fixes High-Severity Authentication Token Exposure in WorkSpaces Client for Linux (CVE-2025-12779)

Do Son November 7, 2025

Amazon has released a security update for the WorkSpaces client for Linux, addressing a high-severity vulnerability (CVE-2025-12779)...

Critical Dell CloudLink Flaws Allow User to Escape Shell and Gain Full System Control Dell CloudLink Privilege Escalation, Command Injection

Critical Dell CloudLink Flaws Allow User to Escape Shell and Gain Full System Control

Do Son November 6, 2025

Dell Technologies has issued a critical security advisory addressing multiple vulnerabilities in its CloudLink encryption management software,...

High-Severity NVIDIA App Flaw (CVE-2025-23358) Allows Local Privilege Escalation on Windows

Do Son November 6, 2025

NVIDIA has released an important software security update for the NVIDIA App on Windows systems, addressing a...

Critical CVE-2025-11749 Flaw in AI Engine Plugin Exposes WordPress Sites to Full Compromise AI Engine Auth Bypass, CVE-2025-11749 Exploited

Critical CVE-2025-11749 Flaw in AI Engine Plugin Exposes WordPress Sites to Full Compromise

Do Son November 5, 2025

Researchers at Wordfence have disclosed a critical vulnerability (CVE-2025-11749, CVSS 9.8) in the popular AI Engine WordPress...

Researcher Releases PoC Exploit for Windows Elevation of Privilege Vulnerability Win32K Type Confusion, DirectComposition LPE

Researcher Releases PoC Exploit for Windows Elevation of Privilege Vulnerability

Do Son November 4, 2025

Security researcher Hyeonjin Choi has detailed a serious privilege escalation vulnerability (CVE-2025-50168) in Microsoft Windows’ Win32K subsystem,...

Researcher Details Windows SMB Server Elevation of Privilege Vulnerability – CVE-2025-58726 Kerberos Reflection, Ghost SPN

Researcher Details Windows SMB Server Elevation of Privilege Vulnerability – CVE-2025-58726

Do Son November 4, 2025

A newly disclosed Windows vulnerability, CVE-2025-58726, allows attackers with low privileges to gain SYSTEM-level access remotely by...

Elastic Patches High-Severity Privilege Escalation Flaw in Elastic Cloud Enterprise (CVE-2025-37736) Elastic Security Update CVE-2026-0532 Elastic Defend Arbitrary Delete, SYSTEM Privilege Escalation ECE Readonly EoP, Improper Authorization Elastic XSS, Kibana Vulnerabilities Elastic LPE, Observability Tools Vulnerabilities

Elastic Patches High-Severity Privilege Escalation Flaw in Elastic Cloud Enterprise (CVE-2025-37736)

Do Son November 3, 2025

Elastic has issued a security advisory addressing a high-severity vulnerability (CVE-2025-37736, CVSS 8.8) in Elastic Cloud Enterprise...

Critical WordPress Plugin Flaw (CVE-2025-8489, CVSS 9.8) Allows Unauthenticated Admin Takeover CVE-2024-11972 - Hunk Companion

Critical WordPress Plugin Flaw (CVE-2025-8489, CVSS 9.8) Allows Unauthenticated Admin Takeover

Do Son November 1, 2025

A critical security vulnerability has been identified and is being actively exploited in the King Addons for...

CISA Warns of Active Exploitation in XWiki and VMware Vulnerabilities n8n RCE Vulnerability CVE-2025-68613 CISA KEV WinRAR Zero-Day, Cloud Files UAF OpenPLC ScadaBR, CVE-2021-26829 CISA KEV, Gladinet LFI RCE XWiki RCE, VMware EoP CISA KEV CISA, Known Exploited Vulnerabilities CVE-2020-2883 CISA, Trend Micro

n8n RCE Vulnerability CVE-2025-68613 CISA KEV WinRAR Zero-Day, Cloud Files UAF OpenPLC ScadaBR, CVE-2021-26829 CISA KEV, Gladinet LFI RCE XWiki RCE, VMware EoP CISA KEV CISA, Known Exploited Vulnerabilities CVE-2020-2883 CISA, Trend Micro

CISA Warns of Active Exploitation in XWiki and VMware Vulnerabilities

Do Son October 31, 2025

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two new flaws—CVE-2025-24893 in XWiki Platform and...

Critical Alert