rce Archives • Page 20 of 29 • Daily CyberSecurity

Critical Flaw (CVSS 9.8) in Ubiquiti UniFi Connect EV Stations Allows Remote Code Execution

shell-quote command injection AI-Driven Vulnerabilities Q1 2026 Cyber Threats vm2 Sandbox Escape Node.js RCE upKeeper Privilege Escalation CVE-2026-2449 Pharos Controls Vulnerability Root Access Exploit Cybersecurity Vulnerability Roundup CVSS 10.0 Flaws Shadow Archives CVE-2026-0866 MS-Agent Prompt Injection CVE-2026-2256 basic-ftp Path Traversal CVE-2026-27699 telnetd Root Vulnerability CVE-1999-0073 Regression USR-W610 Vulnerabilities End-of-Life IoT Security IceWarp Security Update IceWarp Vulnerabilities Airleader Master Vulnerability CVE-2026-1358 ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

Critical Flaw (CVSS 9.8) in Ubiquiti UniFi Connect EV Stations Allows Remote Code Execution

Ddos August 7, 2025

Ubiquiti has issued a comprehensive security advisory addressing multiple vulnerabilities in its UniFi Connect product line, affecting...

Critical Flaw (CVE-2025-22470, CVSS 9.8) in SATO Industrial Label Printers Allow Remote Root Takeover SATO Printers, Industrial Vulnerabilities

Critical Flaw (CVE-2025-22470, CVSS 9.8) in SATO Industrial Label Printers Allow Remote Root Takeover

Ddos August 7, 2025

JPCERT/CC has issued a vulnerability note detailing two critical security flaws in SATO Corporation’s widely deployed industrial...

Everon OCPP Vulnerability CVE-2026-26288 ASUSTOR ADM Vulnerability CVE-2026-24936 PrismX MX100 Vulnerability Hard-Coded Credentials Advantech Vulnerability CVE-2025-52694 Eaton UPS Companion, CVE-2025-59887 ASUS Router, Authentication Bypass ASUSTOR DLL Hijacking, Privilege Escalation OpenShift AI, Privilege Escalation GoAnywhere vulnerability CVE-2025-10035 LangChainGo, template injection DeepDiff, class pollution ToolShell Sunshine, CSRF Vulnerability KACE SMA, Critical Vulnerabilities Oracle Zero-Days - PDQ Deploy vulnerability

CISA Warns of “ToolShell”: Critical Exploit Chain Hits SharePoint Servers, Bypasses Authentication

Ddos August 7, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has released an in-depth Malware Analysis Report warning of a...

CVE-2025-52709: Critical PHP Object Injection Flaw in Everest Forms Plugin Affects 100,000+ Sites WordPress Privilege Escalation CVE-2026-1492 Sneeit Framework RCE, Unauthenticated Code Execution Post SMTP, Account Takeover WordPress Vulnerability, Unpatched XSS WordPress Vulnerability, PHP Object Injection WordPress AI Engine, Privilege Escalation CVE-2024-43153 & CVE-2024-43234

WordPress Privilege Escalation CVE-2026-1492 Sneeit Framework RCE, Unauthenticated Code Execution Post SMTP, Account Takeover WordPress Vulnerability, Unpatched XSS WordPress Vulnerability, PHP Object Injection WordPress AI Engine, Privilege Escalation CVE-2024-43153 & CVE-2024-43234

CVE-2025-52709: Critical PHP Object Injection Flaw in Everest Forms Plugin Affects 100,000+ Sites

Ddos August 7, 2025

A critical security vulnerability has been discovered in the Everest Forms plugin, a widely used WordPress plugin...

VirtualBox VM Escape: Integer Overflow Flaw Allows Full Host Takeover, PoC Published VirtualBox Escape, Integer Overflow

VirtualBox VM Escape: Integer Overflow Flaw Allows Full Host Takeover, PoC Published

Ddos August 6, 2025

Security researcher Juan Jose Lopez Jaimez published the technical details and proof-of-concept exploit code for a vulnerability...

Critical RCE Flaw (CVE-2025-54594) in React Native Bottom Tabs’ GitHub Actions Exposed Secrets GitHub Actions Vulnerability, React Native Bottom Tabs

GitHub Actions Vulnerability, React Native Bottom Tabs

Critical RCE Flaw (CVE-2025-54594) in React Native Bottom Tabs’ GitHub Actions Exposed Secrets

Ddos August 6, 2025

A critical vulnerability—CVE-2025-54594 (CVSS 9.1)—has been identified in the React Native Bottom Tabs project, exposing the repository...

Adobe AEM Forms Patch: Critical Flaws (CVE-2025-54253, CVSS 10.0) Allow RCE & Arbitrary File Read, Public PoCs Available

Ddos August 6, 2025

Adobe has released urgent patches for two critical vulnerabilities affecting Adobe Experience Manager (AEM) Forms on JEE,...

Critical HFS 2.x Flaw (CVE-2024-23692) Actively Exploited: Legacy File Server Becomes a Ransomware Backdoor Ollama Heap Leak CVE-2026-5757 Anritsu Vulnerability Authentication Bypass Gootloader Malware Malformed ZIP Evasion Blender Malware, StealC V2 Lectora, XSS CVE-2025-9125 HFS RCE, Template Injection Arch Linux Malware, CHAOS RAT CVE-2024-56404 - CVE-2024-39327 CVE-2025-2538

Ollama Heap Leak CVE-2026-5757 Anritsu Vulnerability Authentication Bypass Gootloader Malware Malformed ZIP Evasion Blender Malware, StealC V2 Lectora, XSS CVE-2025-9125 HFS RCE, Template Injection Arch Linux Malware, CHAOS RAT CVE-2024-56404 - CVE-2024-39327 CVE-2025-2538

Critical HFS 2.x Flaw (CVE-2024-23692) Actively Exploited: Legacy File Server Becomes a Ransomware Backdoor

Ddos August 6, 2025

The Imperva Threat Research team sounded the alarm on a coordinated exploitation campaign targeting outdated instances of...

High-Severity Flaws in Rockwell Arena Simulation Expose Industrial Systems to Memory Abuse

Ddos August 6, 2025

Rockwell Automation has issued a security advisory addressing three memory abuse vulnerabilities in its Arena Simulation software,...

Checkmarx Breach Supply Chain Attack Ivanti EPMM RCE CVE-2026-1281 Modular DS Vulnerability CVE-2026-23550 D-Link RCE Vulnerability CVE-2026-0625 Christmas 2025 GreyNoise Campaign, Japan-Based Initial Access Broker React2Shell Zero-Day, APT Active Exploitation WordPress vulnerability, authentication bypass FreePBX, zero-day Trend Micro Apex One, Remote Code Execution BitoPro Hack, Crypto Theft UNC5337 - CVE-2022-47945 Safe{Wallet} hack Fortinet vulnerability, CVE-2024-21762, FortiGate attack Balloonfly, Play ransomware Ivanti EPMM CVE-2025-4427 and CVE-2025-4428

Critical Command Injection Flaws in Trend Micro Apex One Actively Exploited

Ddos August 5, 2025

Trend Micro has issued an urgent advisory for two critical command injection vulnerabilities affecting its Apex One...

Android CLI Android Security Zero-Interaction DoS CVE-2026-21385 Android Security Update UK CMA Apple Google regulation Google Aluminum OS Android 16 leak, ALOS Android ChromeOS merger Android sideloading certification 2026, Google developer verification APK Android AOSP biannual release, AOSP source code latency 2026 Android Zero-Day, Critical DoS Flaw Android Universal Clipboard Cross-Device Sync Gemini Nano Block, Unlocked Bootloader Android, Calling Cards Android Security Bulletin, RCE Vulnerability Android Linux GUI, Debian VM Android System Services, Google Transparency Android 16, Pixel Update

Android Security Update: Critical RCE Flaw (CVE-2025-48530) in System Component Patched

Ddos August 5, 2025

Google has released the August 2025 Android Security Bulletin, addressing multiple critical and high-severity vulnerabilities affecting Android...

Critical Triton Flaws (CVSS 9.8) Expose AI Servers to Remote Takeover – Patch Now! NemoClaw Prompt Injection AI Sandbox Security NVIDIA Physical AI CES 2026, Jetson T4000 robotics hardware NVIDIA AI Security, Isaac Lab RCE NVIDIA Driver RCE, CVE-2025-23309 NVIDIA Triton, AI Server Vulnerabilities CVE-2023-31029 & CVE-2023-31024 - CVE‑2024-0112

NemoClaw Prompt Injection AI Sandbox Security NVIDIA Physical AI CES 2026, Jetson T4000 robotics hardware NVIDIA AI Security, Isaac Lab RCE NVIDIA Driver RCE, CVE-2025-23309 NVIDIA Triton, AI Server Vulnerabilities CVE-2023-31029 & CVE-2023-31024 - CVE‑2024-0112

Critical Triton Flaws (CVSS 9.8) Expose AI Servers to Remote Takeover – Patch Now!

Ddos August 5, 2025

NVIDIA has released urgent software updates to address a set of critical vulnerabilities discovered in its popular...

Critical Flaws Found in Partner Software: Default Admin Passwords & XSS Allow RCE on Government Systems Partner Software, RCE Vulnerability

Critical Flaws Found in Partner Software: Default Admin Passwords & XSS Allow RCE on Government Systems

Ddos August 4, 2025

A recent vulnerability note issued by CERT/CC disclosured three critical security flaws in Partner Software’s flagship platforms—Partner...

Critical RCE Flaw (CVE-2025-54782) in NestJS DevTools Allows Remote Code Execution NestJS Vulnerability, Remote Code Execution

Critical RCE Flaw (CVE-2025-54782) in NestJS DevTools Allows Remote Code Execution

Ddos August 4, 2025

A critical vulnerability has been uncovered in the @nestjs/devtools-integration package—a component of the popular NestJS framework for...

Prompt Injection to Code Execution: Cursor Code Editor Hit by Critical MCP Vulnerabilities (CVE-2025-54135 & CVE-2025-54136) Cursor Vulnerability, MCP Security

Prompt Injection to Code Execution: Cursor Code Editor Hit by Critical MCP Vulnerabilities (CVE-2025-54135 & CVE-2025-54136)

Ddos August 4, 2025

Cursor, an AI-powered code editor that promises to “understand your codebase and help you code faster,” has...

Critical Squid Vulnerability (CVE-2025-54574) Allows Remote Code Execution & Data Leakage CVE-2024-45802 Squid Vulnerability, Remote Code Execution CVE-2025-54574

CVE-2024-45802 Squid Vulnerability, Remote Code Execution CVE-2025-54574

Critical Squid Vulnerability (CVE-2025-54574) Allows Remote Code Execution & Data Leakage

Ddos August 4, 2025

The Squid Project has issued an urgent advisory for CVE-2025-54574 (CVSS 9.3), a heap buffer overflow bug...

Critical HashiCorp Vault Flaw (CVE-2025-6000) Allows Code Execution for Privileged Users CVE-2025-6000 CVE-2024-2048 HashiCorp Vault, RCE Vulnerability

CVE-2025-6000 CVE-2024-2048 HashiCorp Vault, RCE Vulnerability

Critical HashiCorp Vault Flaw (CVE-2025-6000) Allows Code Execution for Privileged Users

Ddos August 4, 2025

In a recently disclosed advisory, HashiCorp has patched a critical vulnerability—CVE-2025-6000—in Vault, its industry-standard secrets management solution....

Critical SUSE Manager Flaw (CVSS 9.8) Allows Unauthenticated Root RCE on All Clients – PoC Available! SUSE Manager, Remote Code Execution

Critical SUSE Manager Flaw (CVSS 9.8) Allows Unauthenticated Root RCE on All Clients – PoC Available!

Ddos July 31, 2025

SUSE has issued a high-severity security advisory for CVE-2025-46811, a critical vulnerability in SUSE Manager that allows...

Critical RCE Flaw (CVE-2025-5394) in “Alone” WordPress Theme Actively Exploited, Allowing Full Site Takeover Quest KACE Vulnerability CVE-2025-32975 FortiGate SSO Bypass, Active Exploitation GoAnywhere RCE, Storm-1175 Cisco VPN RCE, ASA Zero-Day TinyColor Supply Chain Attack SK Telecom, data breach Erlang/OTP RCE, OT Network Security Ivanti CSA Attacks WordPress RCE, Theme Vulnerability