rce Archives • Page 13 of 29 • Daily CyberSecurity

Synology BeeStation Flaw Chain Leads to Root RCE Via Novel “Dirty File Write” SQL Injection, PoC Available Synology BeeStation RCE, Dirty File Write Exploit

Synology BeeStation RCE, Dirty File Write Exploit

Synology BeeStation Flaw Chain Leads to Root RCE Via Novel “Dirty File Write” SQL Injection, PoC Available

Ddos December 4, 2025

In a display of vulnerability chaining, security researcher Kiddo has released a detailed write-up demonstrating how three...

High-Severity Vim for Windows Flaw (CVE-2025-66476) Risks Arbitrary Code Execution from Compromised Folders CVE-2025-27423 Vim Arbitrary Code Execution, Uncontrolled Search Path

CVE-2025-27423 Vim Arbitrary Code Execution, Uncontrolled Search Path

High-Severity Vim for Windows Flaw (CVE-2025-66476) Risks Arbitrary Code Execution from Compromised Folders

Ddos December 4, 2025

Ideally, text editors are passive tools—you open a file, edit it, and save it. But a new...

Critical ACF Extended Flaw (CVE-2025-13486, CVSS 9.8) Allows Unauthenticated RCE on 100K WordPress Sites ACF Extended RCE, Unauthenticated Code Execution

ACF Extended RCE, Unauthenticated Code Execution

Critical ACF Extended Flaw (CVE-2025-13486, CVSS 9.8) Allows Unauthenticated RCE on 100K WordPress Sites

Ddos December 3, 2025

A critical security vulnerability carrying a near-maximum severity score has been discovered in “Advanced Custom Fields: Extended,”...

CISA Warns: Critical Longwatch RCE Flaw (CVE-2025-13658, CVSS 9.8) Allows Unauthenticated SYSTEM Takeover of OT Surveillance Longwatch Unauthenticated RCE, Industrial Video & Control

Longwatch Unauthenticated RCE, Industrial Video & Control

CISA Warns: Critical Longwatch RCE Flaw (CVE-2025-13658, CVSS 9.8) Allows Unauthenticated SYSTEM Takeover of OT Surveillance

Ddos December 3, 2025

A critical security vulnerability has been identified in the Longwatch video surveillance and monitoring system developed by...

shell-quote command injection AI-Driven Vulnerabilities Q1 2026 Cyber Threats vm2 Sandbox Escape Node.js RCE upKeeper Privilege Escalation CVE-2026-2449 Pharos Controls Vulnerability Root Access Exploit Cybersecurity Vulnerability Roundup CVSS 10.0 Flaws Shadow Archives CVE-2026-0866 MS-Agent Prompt Injection CVE-2026-2256 basic-ftp Path Traversal CVE-2026-27699 telnetd Root Vulnerability CVE-1999-0073 Regression USR-W610 Vulnerabilities End-of-Life IoT Security IceWarp Security Update IceWarp Vulnerabilities Airleader Master Vulnerability CVE-2026-1358 ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

Critical Unpatched Flaw: Vivotek EOL IP Cameras Exposed to Unauthenticated RCE via Command Injection

Ddos November 25, 2025

The Akamai Security Intelligence and Response Team (SIRT) has uncovered a previously undocumented — and still widely...

vLLM Flaw (CVE-2025-62164) Risks Remote Code Execution via Malicious Prompt Embeddings vLLM Vulnerability CVE-2026-22778 vLLM Memory Corruption, AI Inference RCE CVE-2025-29783 CVE-2025-32444 vLLM vulnerability vLLM, Remote Code Execution

vLLM Vulnerability CVE-2026-22778 vLLM Memory Corruption, AI Inference RCE CVE-2025-29783 CVE-2025-32444 vLLM vulnerability vLLM, Remote Code Execution

vLLM Flaw (CVE-2025-62164) Risks Remote Code Execution via Malicious Prompt Embeddings

Ddos November 24, 2025

A newly disclosed high-severity vulnerability in vLLM—one of the fastest-growing open-source inference engines for large language models—allows...

CERT/CC Warns of Unpatched Root-Level Command Injection Flaws in Tenda 4G03 Pro and N300 Routers (CVE-2025-13207, CVE-2024-24481) Tenda Unpatched RCE, Router Command Injection

Tenda Unpatched RCE, Router Command Injection

CERT/CC Warns of Unpatched Root-Level Command Injection Flaws in Tenda 4G03 Pro and N300 Routers (CVE-2025-13207, CVE-2024-24481)

Ddos November 24, 2025

The CERT Coordination Center (CERT/CC) has issued a warning about multiple unpatched command injection vulnerabilities affecting Tenda’s...

Critical ABB Flaw (CVE-2025-10571, CVSS 9.6) Allows Unauthenticated RCE and Admin Takeover on Edgenius ABB OPTIMAX Vulnerability CVE-2025-14510 ABB Edgenius Auth Bypass, Critical RCE ABB, ASPECT BMS CVE-2024-48841, CVE-2024-48849, and CVE-2024-48852 CVE-2024-48510

Critical ABB Flaw (CVE-2025-10571, CVSS 9.6) Allows Unauthenticated RCE and Admin Takeover on Edgenius

Ddos November 24, 2025

ABB has issued an urgent cybersecurity advisory warning customers of a critical authentication bypass vulnerability in the...

Critical Markdown to PDF Flaw (CVE-2025-65108, CVSS 10.0) Allows RCE via JS Injection in Markdown Front-Matter md-to-pdf RCE, Markdown Command Injection

md-to-pdf RCE, Markdown Command Injection

Critical Markdown to PDF Flaw (CVE-2025-65108, CVSS 10.0) Allows RCE via JS Injection in Markdown Front-Matter

Ddos November 24, 2025

A critical vulnerability (CVE-2025-65108) has been disclosed in the widely used Markdown to PDF npm package, a...

SonicWall Patches Two Vulnerabilities in Email Security Appliances, Including Code Execution Flaw (CVE-2025-40604) SonicWall ES RCE, Code Integrity Bypass SonicWall SMA, Arbitrary File Upload SonicWall SMA100 - CVE-2024-40764

SonicWall ES RCE, Code Integrity Bypass SonicWall SMA, Arbitrary File Upload SonicWall SMA100 - CVE-2024-40764

SonicWall Patches Two Vulnerabilities in Email Security Appliances, Including Code Execution Flaw (CVE-2025-40604)

Ddos November 22, 2025

SonicWall has released security updates addressing two vulnerabilities in its Email Security appliances, including one that could...

Critical WSUS RCE (CVE-2025-59287) Actively Exploited to Deploy ShadowPad Backdoor Vulnerability Digest Zero-Day Exploits Seedworm APT Dindoor Backdoor RedKitten Campaign AI-Generated Malware WSUS RCE ShadowPad CVE-2025-59287

Vulnerability Digest Zero-Day Exploits Seedworm APT Dindoor Backdoor RedKitten Campaign AI-Generated Malware WSUS RCE ShadowPad CVE-2025-59287

Critical WSUS RCE (CVE-2025-59287) Actively Exploited to Deploy ShadowPad Backdoor

Ddos November 21, 2025

The AhnLab Security Intelligence Center (ASEC) has uncovered an active exploitation campaign in which threat actors weaponized...

Critical Apache Causeway RCE Flaw (CVE-2025-64408) Allows Authenticated Code Execution via Java Deserialization Apache Causeway RCE, Java Deserialization

Apache Causeway RCE, Java Deserialization

Critical Apache Causeway RCE Flaw (CVE-2025-64408) Allows Authenticated Code Execution via Java Deserialization

Ddos November 20, 2025

Apache Causeway, a popular framework for rapidly developing domain-driven Java applications, has been found vulnerable to a...

Cisco SD-WAN Vulnerability CVE-2026-20133 FortiGate Compromise Ivanti EPMM Zero-Day CVE-2026-1281 SmarterMail Vulnerability Storm-2603 WatchGuard Zero-Day, IKEv2 Out-of-Bounds Write Cisco Zero-Day, UAT-9686 Chinese APT FortiWeb RCE Exploitation CVE-2025-58034 VMware Zero-Day, Privilege Escalation Sitecore, remote code execution CVE-2025-53690 Windows CLFS, Privilege Escalation CVE-2024-47575 & CVE-2024-11120 CVE-2025-24983 vulnerability

CISA KEV Alert: FortiWeb RCE Flaw (CVE-2025-58034) Under Active Exploitation for Command Injection

Ddos November 19, 2025

Fortinet has issued an urgent advisory warning customers that a newly disclosed vulnerability in FortiWeb, tracked as...

D-Link DIR-878 Reaches EOL: 3 Unpatched RCE Flaws Allow Unauthenticated Remote Command Execution D-Link DIR-816, Critical Vulnerabilities D-Link EOL RCE, Unauthenticated Command Injection

D-Link DIR-816, Critical Vulnerabilities D-Link EOL RCE, Unauthenticated Command Injection

D-Link DIR-878 Reaches EOL: 3 Unpatched RCE Flaws Allow Unauthenticated Remote Command Execution

Ddos November 19, 2025

D-Link has issued a security advisory warning users of the DIR-878 router series that multiple newly disclosed...

Critical METZ CONNECT Flaws (CVSS 9.8) Allow Unauthenticated RCE and Admin Takeover on Industrial Controllers METZ CONNECT RCE, Unauthenticated Admin Takeover

METZ CONNECT RCE, Unauthenticated Admin Takeover

Critical METZ CONNECT Flaws (CVSS 9.8) Allow Unauthenticated RCE and Admin Takeover on Industrial Controllers

Ddos November 19, 2025

METZ CONNECT GmbH, in coordination with CERT@VDE, has issued an urgent security advisory warning of multiple critical...

Critical SolarWinds Serv-U Flaws (CVSS 9.1) Allow Authenticated Admin RCE and Path Bypass Serv-U RCE, Authenticated RCE CVE-2024-0692 Salesforce breach

Serv-U RCE, Authenticated RCE CVE-2024-0692 Salesforce breach

Critical SolarWinds Serv-U Flaws (CVSS 9.1) Allow Authenticated Admin RCE and Path Bypass

Ddos November 19, 2025

SolarWinds has released security updates addressing three critical vulnerabilities in Serv-U—its managed file transfer and FTP server...

Critical pgAdmin Flaws (CVE-2025-12762, CVSS 9.1) Allow Remote Code Execution via PostgreSQL Dump Files CVE-2023-5002 pgAdmin RCE, LDAP Injection

Critical pgAdmin Flaws (CVE-2025-12762, CVSS 9.1) Allow Remote Code Execution via PostgreSQL Dump Files

Ddos November 17, 2025

The pgAdmin development team has issued patches addressing four newly disclosed security vulnerabilities impacting pgAdmin versions up...

Critical IBM AIX RCE (CVE-2025-36250, CVSS 10.0) Flaw Exposes NIM Private Keys and Risks Directory Traversal IBM AIX RCE, NIM Private Key Leak

Critical IBM AIX RCE (CVE-2025-36250, CVSS 10.0) Flaw Exposes NIM Private Keys and Risks Directory Traversal

Ddos November 17, 2025

IBM has released a new security bulletin addressing multiple high-severity vulnerabilities affecting AIX 7.2, AIX 7.3, and...

Amazon Exposes Advanced APT Exploiting Cisco ISE (RCE) and Citrix Bleed Two as Simultaneous Zero-Days Cisco ISE Zero-Day, Citrix Bleed Two

Amazon Exposes Advanced APT Exploiting Cisco ISE (RCE) and Citrix Bleed Two as Simultaneous Zero-Days

Ddos November 14, 2025

The Amazon Threat Intelligence team has uncovered a highly sophisticated threat campaign exploiting multiple zero-day vulnerabilities in...

CVE-2025-11919: Wolfram Cloud Vulnerability Exposes Users to Privilege Escalation and Remote Code Execution Wolfram Cloud RCE, Multi-Tenant JVM

CVE-2025-11919: Wolfram Cloud Vulnerability Exposes Users to Privilege Escalation and Remote Code Execution

Ddos November 13, 2025

A newly disclosed vulnerability in Wolfram Cloud version 14.2 — tracked as CVE-2025-11919 — could allow attackers...