rce Archives • Page 19 of 29 • Daily CyberSecurity

PoC Available: CrushFTP Zero-Day (CVE-2025-54309) Exploited in the Wild

Ddos August 28, 2025

watchTowr Labs has released a detailed analysis of CVE-2025-54309, a zero-day authentication bypass vulnerability in CrushFTP, the...

NVIDIA Warns of a High-Severity Flaw in NeMo AI Curator (CVE-2025-23307) NeMo Curator, NVIDIA vulnerability

NVIDIA Warns of a High-Severity Flaw in NeMo AI Curator (CVE-2025-23307)

Ddos August 27, 2025

NVIDIA has released an important security update addressing a high-severity vulnerability in its NeMo Curator tool. The...

Langflow Hit by Privilege Escalation Flaw: CVE-2025-57760 Langflow, Privilege escalation

Langflow Hit by Privilege Escalation Flaw: CVE-2025-57760

Ddos August 26, 2025

The Langflow project has issued an important security advisory regarding a newly discovered vulnerability that poses a...

Two RCE Vulnerabilities Found in Open-Source BI Tool DataEase DataEase, RCE vulnerability

Two RCE Vulnerabilities Found in Open-Source BI Tool DataEase

Ddos August 26, 2025

Security researchers have disclosed two critical vulnerabilities in DataEase, an open-source business intelligence (BI) tool designed for...

Four Critical Flaws in a Privileged Access Manager Exposed by Rapid7 Privileged access manager, Securden

Four Critical Flaws in a Privileged Access Manager Exposed by Rapid7

Ddos August 26, 2025

Security researchers at Rapid7 have uncovered four serious vulnerabilities in Securden Unified Privileged Access Manager (PAM), a...

CVE-2025-55746: Critical Directus Flaw Exposes Servers to Unauthenticated File Upload and RCE

Ddos August 22, 2025

The Directus project has disclosed a critical vulnerability tracked as CVE-2025-55746 (CVSS 9.3) that could allow unauthenticated...

CVE-2024-36401 Exploited in Stealthy Bandwidth-Monetization Campaign Passive monetization, GeoServer vulnerability

CVE-2024-36401 Exploited in Stealthy Bandwidth-Monetization Campaign

Ddos August 22, 2025

A new report from Palo Alto Networks’ Unit 42 has shed light on an unusual and stealthy...

Kudelski Security Exposes Critical CodeRabbit Vulnerability: RCE, Secret Leaks, and Access to 1M Repositories AI tool vulnerability, supply chain attack

AI tool vulnerability, supply chain attack

Kudelski Security Exposes Critical CodeRabbit Vulnerability: RCE, Secret Leaks, and Access to 1M Repositories

Ddos August 21, 2025

Kudelski Security has published a detailed write-up of a critical vulnerability discovered in CodeRabbit, the most installed...

CISA Flags Actively Exploited Trend Micro Apex One Vulnerability (CVE-2025-54948) n8n RCE Vulnerability CVE-2025-68613 CISA KEV WinRAR Zero-Day, Cloud Files UAF OpenPLC ScadaBR, CVE-2021-26829 CISA KEV, Gladinet LFI RCE XWiki RCE, VMware EoP CISA KEV CISA, Known Exploited Vulnerabilities CVE-2020-2883 CISA, Trend Micro

n8n RCE Vulnerability CVE-2025-68613 CISA KEV WinRAR Zero-Day, Cloud Files UAF OpenPLC ScadaBR, CVE-2021-26829 CISA KEV, Gladinet LFI RCE XWiki RCE, VMware EoP CISA KEV CISA, Known Exploited Vulnerabilities CVE-2020-2883 CISA, Trend Micro

CISA Flags Actively Exploited Trend Micro Apex One Vulnerability (CVE-2025-54948)

Ddos August 19, 2025

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Trend Micro Apex One vulnerability—CVE-2025-54948—to...

CVE-2025-48387: Critical tar-fs Vulnerability Exposes Millions to Arbitrary File Writes tar-fs, directory traversal

CVE-2025-48387: Critical tar-fs Vulnerability Exposes Millions to Arbitrary File Writes

Ddos August 18, 2025

A newly disclosed vulnerability in the widely used tar-fs NPM package has raised alarms across the software...

PostgreSQL Issues Urgent Security Fixes for High-Severity RCE Flaws in Core Utilities PostgreSQL Vulnerabilities CVE-2026-2006 PostgreSQL, security update CVE-2023-5869 - CVE-2025-1094

PostgreSQL Vulnerabilities CVE-2026-2006 PostgreSQL, security update CVE-2023-5869 - CVE-2025-1094

PostgreSQL Issues Urgent Security Fixes for High-Severity RCE Flaws in Core Utilities

Ddos August 18, 2025

The PostgreSQL Global Development Group has announced a major security update affecting all supported versions of the...

Critical RCE Flaws Found in Flowise AI Platform, Allowing Remote Code Execution Flowise vulnerabilities, RCE flaws

Critical RCE Flaws Found in Flowise AI Platform, Allowing Remote Code Execution

Ddos August 16, 2025

Security researchers at JFrog Security Research have uncovered two critical vulnerabilities in Flowise, an open-source generative AI...

Critical Cisco RCE Flaw (CVE-2025-20265, CVSS 10): Unauthenticated Attackers Can Hijack Firewalls Cisco ISE Root Escalation * Read-Only Admin Exploit Cisco Secure FMC Vulnerability CVE-2026-20131 Cisco Meeting Management Vulnerability CVE-2026-20098 Cisco vulnerability, RCE flaw CVE-2025-20265 Cisco Meraki, VPN Vulnerability Cisco Nexus Dashboard - CVE-2024-20424 CVE-2025-20115 Cisco Vulnerability CVE-2018-0171 Privilege Escalation Cisco Unified Intelligence Center

Cisco ISE Root Escalation * Read-Only Admin Exploit Cisco Secure FMC Vulnerability CVE-2026-20131 Cisco Meeting Management Vulnerability CVE-2026-20098 Cisco vulnerability, RCE flaw CVE-2025-20265 Cisco Meraki, VPN Vulnerability Cisco Nexus Dashboard - CVE-2024-20424 CVE-2025-20115 Cisco Vulnerability CVE-2018-0171 Privilege Escalation Cisco Unified Intelligence Center

Critical Cisco RCE Flaw (CVE-2025-20265, CVSS 10): Unauthenticated Attackers Can Hijack Firewalls

Ddos August 15, 2025

Cisco has disclosed a critical remote code execution vulnerability in its Secure Firewall Management Center (FMC) Software...

Critical WordPress Plugin Flaw (CVE-2025-7384, CVSS 9.8) Exposes 70,000+ Sites to RCE and Data Loss WordPress vulnerability, CVE-2025-7384

Critical WordPress Plugin Flaw (CVE-2025-7384, CVSS 9.8) Exposes 70,000+ Sites to RCE and Data Loss

Ddos August 14, 2025

A critical security vulnerability has been disclosed in the widely used Database for Contact Form 7, WPforms,...

Microsoft’s August Patch Tuesday: Zero-Day Kerberos Flaw Threatens Domain Admins Windows Kernel Zero-Day, Patch Tuesday CVE-2022-34713 Patch Tuesday, Zero-day

Windows Kernel Zero-Day, Patch Tuesday CVE-2022-34713 Patch Tuesday, Zero-day

Microsoft’s August Patch Tuesday: Zero-Day Kerberos Flaw Threatens Domain Admins

Ddos August 13, 2025

Microsoft’s August 2025 Patch Tuesday brings security updates for 119 vulnerabilities, including 13 rated Critical and 91...

Critical Erlang/OTP Flaw (CVE-2025-32433) Under Active Exploitation, Allowing Unauthenticated RCE on OT Networks Quest KACE Vulnerability CVE-2025-32975 FortiGate SSO Bypass, Active Exploitation GoAnywhere RCE, Storm-1175 Cisco VPN RCE, ASA Zero-Day TinyColor Supply Chain Attack SK Telecom, data breach Erlang/OTP RCE, OT Network Security Ivanti CSA Attacks WordPress RCE, Theme Vulnerability

Quest KACE Vulnerability CVE-2025-32975 FortiGate SSO Bypass, Active Exploitation GoAnywhere RCE, Storm-1175 Cisco VPN RCE, ASA Zero-Day TinyColor Supply Chain Attack SK Telecom, data breach Erlang/OTP RCE, OT Network Security Ivanti CSA Attacks WordPress RCE, Theme Vulnerability

Critical Erlang/OTP Flaw (CVE-2025-32433) Under Active Exploitation, Allowing Unauthenticated RCE on OT Networks

Ddos August 12, 2025

Security researchers at Unit 42 have issued an urgent warning regarding CVE-2025-32433, a CVSS 10.0-rated vulnerability in...

Record-Breaking Payout: Google Awards $250,000 for a Critical Chrome Flaw (CVE-2025-4609) Chrome Vulnerability CVE-2024-4761 - Google Sell Chrome CVE-2025-1920 Chrome Crash, Browser Issue

Chrome Vulnerability CVE-2024-4761 - Google Sell Chrome CVE-2025-1920 Chrome Crash, Browser Issue

Record-Breaking Payout: Google Awards $250,000 for a Critical Chrome Flaw (CVE-2025-4609)

Ddos August 12, 2025

A recently disclosed Chromium issue details a critical security vulnerability (CVE-2025-4609) discovered on April 23, 2025, by...

CVE-2025-55188: 7-Zip Arbitrary File Write Flaw Could Lead to Code Execution 7-Zip Vulnerability, Arbitrary File Write

CVE-2025-55188: 7-Zip Arbitrary File Write Flaw Could Lead to Code Execution

Ddos August 11, 2025

A newly disclosed vulnerability in 7-Zip, tracked as CVE-2025-55188, has been identified by security researcher Landon. The...

Urgent Xerox FreeFlow Core Patch: Critical Flaws (CVSS 9.8) Allow RCE and SSRF Xerox RCE, FreeFlow Core Vulnerabilities

Urgent Xerox FreeFlow Core Patch: Critical Flaws (CVSS 9.8) Allow RCE and SSRF

Ddos August 11, 2025

Xerox has released a security update for FreeFlow Core, addressing two high-impact vulnerabilities that could allow attackers...

WinRAR Update: Zero-Day Path Traversal Flaw (CVE-2025-8088) Actively Exploited to Deliver Malware WinRAR Zero-Day, Path Traversal CVE-2025-8088

WinRAR Update: Zero-Day Path Traversal Flaw (CVE-2025-8088) Actively Exploited to Deliver Malware

Ddos August 11, 2025

Security researchers at ESET have uncovered a zero-day path traversal vulnerability in the Windows version of WinRAR...