rce Archives • Page 12 of 30 • Daily CyberSecurity

CVE-2025-52691 (CVSS 10): Critical SmarterMail Flaw Opens Servers to Unauthenticated Attacks

shell-quote command injection AI-Driven Vulnerabilities Q1 2026 Cyber Threats vm2 Sandbox Escape Node.js RCE upKeeper Privilege Escalation CVE-2026-2449 Pharos Controls Vulnerability Root Access Exploit Cybersecurity Vulnerability Roundup CVSS 10.0 Flaws Shadow Archives CVE-2026-0866 MS-Agent Prompt Injection CVE-2026-2256 basic-ftp Path Traversal CVE-2026-27699 telnetd Root Vulnerability CVE-1999-0073 Regression USR-W610 Vulnerabilities End-of-Life IoT Security IceWarp Security Update IceWarp Vulnerabilities Airleader Master Vulnerability CVE-2026-1358 ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

CVE-2025-52691 (CVSS 10): Critical SmarterMail Flaw Opens Servers to Unauthenticated Attacks

Do Son December 30, 2025

The Cyber Security Agency of Singapore (CSA) has issued an urgent alert regarding a catastrophic vulnerability in...

The iOS 26.2 Trap: New WebKit Integer Overflow Discovered with PoC—Is Your iPhone at Risk? WebKit Integer Overflow, iOS 26.2 RCE CVE-2023-28206 PoC

The iOS 26.2 Trap: New WebKit Integer Overflow Discovered with PoC—Is Your iPhone at Risk?

Do Son December 29, 2025

Security researcher Joseph Goydish has identified a critical vulnerability within Apple’s WebKit engine, exposing a flaw that...

CVE-2025-54322 (CVSS 10): AI Agents Uncover Critical Zero-Day in Global Networking Gear Xspeeder Zero-Day CVE-2025-54322

CVE-2025-54322 (CVSS 10): AI Agents Uncover Critical Zero-Day in Global Networking Gear

Do Son December 29, 2025

A swarm of autonomous AI agents has successfully discovered a critical, unpatched vulnerability in networking gear used...

Operation PCPcat: 60,000 Next.js Servers Hijacked in Just 48 Hours Knowledge Deliver RCE vulnerability FortiClient EMS Vulnerability CVE-2026-35616 Cisco SD-WAN Vulnerability CVE-2026-20122 PCPcat, Next.js RCE Salesloft breach, Salesforce CRM WIREFIRE web shell

Knowledge Deliver RCE vulnerability FortiClient EMS Vulnerability CVE-2026-35616 Cisco SD-WAN Vulnerability CVE-2026-20122 PCPcat, Next.js RCE Salesloft breach, Salesforce CRM WIREFIRE web shell

Operation PCPcat: 60,000 Next.js Servers Hijacked in Just 48 Hours

Do Son December 24, 2025

A highly automated and ruthlessly efficient cyber-espionage campaign is tearing through the cloud infrastructure of modern web...

n8n Under Fire: Critical CVSS 10.0 RCE Vulnerability Grants Total Server Access n8n Node RCE Vulnerabilities CVE-2026-44791 Prototype Pollution n8n RCE Vulnerabilities CVE-2026-27497 CVE-2026-25053 n8n RCE Vulnerability CVE-2026-21877 n8n RCE, CVE-2025-68613 n8n Git RCE, core.hooksPath Exploit

n8n Node RCE Vulnerabilities CVE-2026-44791 Prototype Pollution n8n RCE Vulnerabilities CVE-2026-27497 CVE-2026-25053 n8n RCE Vulnerability CVE-2026-21877 n8n RCE, CVE-2025-68613 n8n Git RCE, core.hooksPath Exploit

n8n Under Fire: Critical CVSS 10.0 RCE Vulnerability Grants Total Server Access

Do Son December 22, 2025

The popular workflow automation tool n8n has issued a critical security alert after discovering a vulnerability that...

PoC Available: Unauthenticated HPE OneView RCE (CVSS 10.0) Exploits Hidden ID Pools API CVE-2025-37164, HPE OneView RCE

PoC Available: Unauthenticated HPE OneView RCE (CVSS 10.0) Exploits Hidden ID Pools API

Do Son December 20, 2025

Security researchers have detailed a maximum-severity vulnerability in Hewlett Packard Enterprise’s (HPE) OneView software, revealing how a...

FreeBSD Network Alert: Malicious IPv6 Packets Can Trigger Remote Code Execution via resolvconf (CVE-2025-14558) CVE-2024-41721 - FreeBSD FreeBSD RCE, IPv6 Router Advertisement

FreeBSD Network Alert: Malicious IPv6 Packets Can Trigger Remote Code Execution via resolvconf (CVE-2025-14558)

Do Son December 19, 2025

A high-severity vulnerability has been uncovered in the FreeBSD networking stack, allowing attackers to execute arbitrary code...

CVE-2025-37164 (CVSS 10.0): Unauthenticated HPE OneView RCE Grants Total Control Over Data Centers

Do Son December 18, 2025

Hewlett Packard Enterprise (HPE) has sounded the alarm on a catastrophic security vulnerability in its flagship infrastructure...

Zero-Day Warning: Hackers Chain SonicWall SMA1000 Flaws for Unauthenticated Root RCE SonicWall Zero-Day, SMA1000 Exploit Chain SonicWall, firewall configuration CVE-2024-29010 & CVE-2024-29011 SonicWall NetExtender VPN Vulnerability

SonicWall Zero-Day, SMA1000 Exploit Chain SonicWall, firewall configuration CVE-2024-29010 & CVE-2024-29011 SonicWall NetExtender VPN Vulnerability

Zero-Day Warning: Hackers Chain SonicWall SMA1000 Flaws for Unauthenticated Root RCE

Do Son December 18, 2025

SonicWall has issued an urgent security advisory for its high-end remote access appliances, patching a vulnerability that,...

CVE-2025-46295 (CVSS 9.8): Critical Apache Commons Text Flaw Risks Total Server Takeover Apache Commons Text RCE, FileMaker Server Patch

CVE-2025-46295 (CVSS 9.8): Critical Apache Commons Text Flaw Risks Total Server Takeover

Do Son December 18, 2025

A critical vulnerability has been fixed in Apache Commons Text, a ubiquitous Java library used for text...

Node.js Alert: systeminformation Flaw Risks Windows RCE for 16M+ Monthly Users systeminformation RCE, Node.js Command Injection

Node.js Alert: systeminformation Flaw Risks Windows RCE for 16M+ Monthly Users

Do Son December 18, 2025

A high-severity vulnerability has been uncovered in systeminformation, a massively popular Node.js library used by millions of...

NVIDIA Critical AI Patch: Isaac Lab and NeMo Framework Flaws Risk Full Code Execution NemoClaw Prompt Injection AI Sandbox Security NVIDIA Physical AI CES 2026, Jetson T4000 robotics hardware NVIDIA AI Security, Isaac Lab RCE NVIDIA Driver RCE, CVE-2025-23309 NVIDIA Triton, AI Server Vulnerabilities CVE-2023-31029 & CVE-2023-31024 - CVE‑2024-0112

NemoClaw Prompt Injection AI Sandbox Security NVIDIA Physical AI CES 2026, Jetson T4000 robotics hardware NVIDIA AI Security, Isaac Lab RCE NVIDIA Driver RCE, CVE-2025-23309 NVIDIA Triton, AI Server Vulnerabilities CVE-2023-31029 & CVE-2023-31024 - CVE‑2024-0112

NVIDIA Critical AI Patch: Isaac Lab and NeMo Framework Flaws Risk Full Code Execution

Do Son December 17, 2025

NVIDIA has rolled out a sweeping security update addressing multiple high-severity vulnerabilities across its AI and simulation...

Critical OpenShift GitOps Flaw Risks Cluster Takeover (CVE-2025-13888) via Privilege Escalation to Root WHILL Wheelchair Hijacking, CVE-2025-14346 MAS typosquatting malware, get.activate.win vs get.activated.win OpenShift GitOps RCE, Cluster Takeover Flaw Twonky Server, CVE-2025-13315 AI agents CVE-2024-52875 PoC

WHILL Wheelchair Hijacking, CVE-2025-14346 MAS typosquatting malware, get.activate.win vs get.activated.win OpenShift GitOps RCE, Cluster Takeover Flaw Twonky Server, CVE-2025-13315 AI agents CVE-2024-52875 PoC

Critical OpenShift GitOps Flaw Risks Cluster Takeover (CVE-2025-13888) via Privilege Escalation to Root

Do Son December 16, 2025

A critical vulnerability has been uncovered in Red Hat OpenShift GitOps, exposing Kubernetes clusters to a complete...

NVIDIA Merlin Flaws Risk AI Pipeline RCE via Unsafe Deserialization in NVTabular & Transformers4Rec NVIDIA DGX Cloud restructuring, Dwight Diercks engineering shift NVIDIA Isaac Launchable, Hard-coded Credentials NVIDIA Merlin Deserialization, AI Pipeline RCE Triton DoS Flaws, AI Inference Server Security NVIDIA AI programming AI Chips China 800VDC Data Center, AI Power Architecture CVE-2024-0114 NVIDIA Container Toolkit vulnerability Container escape

NVIDIA DGX Cloud restructuring, Dwight Diercks engineering shift NVIDIA Isaac Launchable, Hard-coded Credentials NVIDIA Merlin Deserialization, AI Pipeline RCE Triton DoS Flaws, AI Inference Server Security NVIDIA AI programming AI Chips China 800VDC Data Center, AI Power Architecture CVE-2024-0114 NVIDIA Container Toolkit vulnerability Container escape

NVIDIA Merlin Flaws Risk AI Pipeline RCE via Unsafe Deserialization in NVTabular & Transformers4Rec

Do Son December 15, 2025

NVIDIA has issued an important security update for its Merlin framework, patching high-severity vulnerabilities that could allow...

Critical pgAdmin RCE (CVE-2025-13780) Flaw Bypasses Fix, Allowing Server Takeover Via Malicious Database Restore pgAdmin 4 Vulnerabilities CVE-2026-7813 Authorization Bypass pgAdmin RCE, BOM Bypass Flaw

pgAdmin 4 Vulnerabilities CVE-2026-7813 Authorization Bypass pgAdmin RCE, BOM Bypass Flaw

Critical pgAdmin RCE (CVE-2025-13780) Flaw Bypasses Fix, Allowing Server Takeover Via Malicious Database Restore

Do Son December 15, 2025

A critical security vulnerability has been discovered in pgAdmin, the world’s most popular open-source management tool for...

React2Shell: Max-Score RCE (CVSS 10.0) Triggers Widespread Exploitation by Espionage Groups & Miners React2Shell RCE, Widespread Exploitation

React2Shell: Max-Score RCE (CVSS 10.0) Triggers Widespread Exploitation by Espionage Groups & Miners

Do Son December 13, 2025

The cybersecurity landscape was jolted this month by the disclosure of a catastrophic vulnerability in one of...

Gogs Zero-Day (CVE-2025-8110) Risks RCE for 700+ Servers via Symlink Path Traversal Bypass Gogs Zero-Day RCE, Symlink Path Traversal

Gogs Zero-Day (CVE-2025-8110) Risks RCE for 700+ Servers via Symlink Path Traversal Bypass

Do Son December 11, 2025

A routine malware investigation has spiraled into the discovery of a widespread “smash-and-grab” campaign targeting the developer...

Unpatched TOTOLINK AX1800 Router Flaw Allows Unauthenticated Telnet & Root RCE TOTOLINK EX200 Vulnerability CVE-2025-65606 TOTOLINK Auth Bypass, Unauthenticated Telnet

TOTOLINK EX200 Vulnerability CVE-2025-65606 TOTOLINK Auth Bypass, Unauthenticated Telnet

Unpatched TOTOLINK AX1800 Router Flaw Allows Unauthenticated Telnet & Root RCE

Do Son December 11, 2025

A critical security vulnerability has been uncovered in the popular TOTOLINK AX1800 wireless router, a device widely...

“React2Shell” Crisis: Critical Vulnerability Triggers Global Cyberattacks by State-Sponsored Groups React2Shell RCE, Flight Protocol Deserialization

React2Shell RCE, Flight Protocol Deserialization

“React2Shell” Crisis: Critical Vulnerability Triggers Global Cyberattacks by State-Sponsored Groups

Do Son December 11, 2025

A critical security flaw in the popular React web framework has ignited a wave of cyberattacks, with...

EtherRAT Malware Hijacks Ethereum Blockchain for Covert C2 After React2Shell Exploit EtherRAT C2 Blockchain, React2Shell DPRK

EtherRAT Malware Hijacks Ethereum Blockchain for Covert C2 After React2Shell Exploit

Do Son December 10, 2025

In a alarming escalation of the “React2Shell” crisis, security researchers have uncovered a sophisticated new malware strain...