rce Archives • Page 25 of 30 • Daily CyberSecurity

Critical Sunshine Flaw: Remote Command Execution via App-Wide CSRF

Everon OCPP Vulnerability CVE-2026-26288 ASUSTOR ADM Vulnerability CVE-2026-24936 PrismX MX100 Vulnerability Hard-Coded Credentials Advantech Vulnerability CVE-2025-52694 Eaton UPS Companion, CVE-2025-59887 ASUS Router, Authentication Bypass ASUSTOR DLL Hijacking, Privilege Escalation OpenShift AI, Privilege Escalation GoAnywhere vulnerability CVE-2025-10035 LangChainGo, template injection DeepDiff, class pollution ToolShell Sunshine, CSRF Vulnerability KACE SMA, Critical Vulnerabilities Oracle Zero-Days - PDQ Deploy vulnerability

Critical Sunshine Flaw: Remote Command Execution via App-Wide CSRF

Do Son July 1, 2025

In the golden age of remote gaming and self-hosted services, Sunshine has emerged as a popular and...

shell-quote command injection AI-Driven Vulnerabilities Q1 2026 Cyber Threats vm2 Sandbox Escape Node.js RCE upKeeper Privilege Escalation CVE-2026-2449 Pharos Controls Vulnerability Root Access Exploit Cybersecurity Vulnerability Roundup CVSS 10.0 Flaws Shadow Archives CVE-2026-0866 MS-Agent Prompt Injection CVE-2026-2256 basic-ftp Path Traversal CVE-2026-27699 telnetd Root Vulnerability CVE-1999-0073 Regression USR-W610 Vulnerabilities End-of-Life IoT Security IceWarp Security Update IceWarp Vulnerabilities Airleader Master Vulnerability CVE-2026-1358 ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

Critical RCE in MCP Inspector Exposes AI Devs to Web-Based Exploits (CVE-2025-49596)

Do Son July 1, 2025

A critical vulnerability—CVE-2025-49596—affected the AI developer ecosystem in June 2025, when Oligo Security Research disclosed a severe...

Google Patches Actively Exploited Chrome Zero-Day: CVE-2025-6554 Chrome Zero-Day, V8 Vulnerability

Google Patches Actively Exploited Chrome Zero-Day: CVE-2025-6554

Do Son June 30, 2025

Google has urgently released an update to its Stable channel for Chrome following the discovery of a...

D-Link Router Flaw Allows Remote Code Execution, PoC Publishes, NO PATCH D-Link DIR-815, Critical Vulnerability

D-Link Router Flaw Allows Remote Code Execution, PoC Publishes, NO PATCH

Do Son June 30, 2025

D-Link Corporation has issued a security advisory urging all users of the legacy DIR-815 wireless router to...

D-Link DIR-816 Router Alert: 6 Critical Flaws (CVSS 9.8) Allow Remote Code Execution, NO PATCHES D-Link DIR-816, Critical Vulnerabilities D-Link EOL RCE, Unauthenticated Command Injection

D-Link DIR-816, Critical Vulnerabilities D-Link EOL RCE, Unauthenticated Command Injection

D-Link DIR-816 Router Alert: 6 Critical Flaws (CVSS 9.8) Allow Remote Code Execution, NO PATCHES

Do Son June 30, 2025

In a recent security advisory, D-Link confirmed the discovery of multiple critical vulnerabilities in its now End-of-Life...

CVE-2025-36038: Critical RCE Vulnerability Discovered in IBM WebSphere Application Server IBM WebSphere, Remote Code Execution

CVE-2025-36038: Critical RCE Vulnerability Discovered in IBM WebSphere Application Server

Do Son June 27, 2025

IBM has issued a security alert regarding a high-severity vulnerability—CVE-2025-36038—affecting WebSphere Application Server versions 8.5 and 9.0....

Cisco ISE/ISE-PIC Alert: Two Critical RCE Flaws (CVSS 10.0) Allow Unauthenticated Root Access Cisco ISE, Critical RCE

Cisco ISE/ISE-PIC Alert: Two Critical RCE Flaws (CVSS 10.0) Allow Unauthenticated Root Access

Do Son June 27, 2025

Cisco has disclosed two critical vulnerabilities in its Identity Services Engine (ISE) and Passive Identity Connector (ISE-PIC)...

CISA Alerts on Critical Vulnerabilities in MICROSENS NMP Web+: Attackers Could Gain Full System Access MICROSENS NMP Web+, Critical Vulnerabilities

MICROSENS NMP Web+, Critical Vulnerabilities

CISA Alerts on Critical Vulnerabilities in MICROSENS NMP Web+: Attackers Could Gain Full System Access

Do Son June 26, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a security advisory warning users of multiple high-impact...

Printer Security Alert: Rapid7 Uncovers Critical Flaws (CVSS 9.8) in Multi Brother Models MFP Vulnerabilities, Printer Security

Printer Security Alert: Rapid7 Uncovers Critical Flaws (CVSS 9.8) in Multi Brother Models

Do Son June 26, 2025

In a major coordinated disclosure, Rapid7 has unveiled a disturbing set of vulnerabilities affecting a wide range...

Quest Patches Critical KACE SMA Flaws, Including CVSS 10 Authentication Bypass

Do Son June 26, 2025

Quest Software has released urgent security hotfixes addressing four newly discovered vulnerabilities in its KACE Systems Management...

Critical Kaleris Navis N4 Flaw (CVE-2025-2566, CVSS 9.8): Supply Chain Infrastructure at Risk! Kaleris Navis N4, Terminal OS Vulnerabilities

Critical Kaleris Navis N4 Flaw (CVE-2025-2566, CVSS 9.8): Supply Chain Infrastructure at Risk!

Do Son June 25, 2025

Two newly disclosed vulnerabilities in the Kaleris Navis N4 terminal operating system could allow attackers to remotely...

Pre-Auth Command Execution in CentOS Web Panel Exposes Over 200,000 Servers, PoC Publishes CentOS Web Panel, Remote Code Execution

Pre-Auth Command Execution in CentOS Web Panel Exposes Over 200,000 Servers, PoC Publishes

Do Son June 25, 2025

A critical vulnerability discovered in CentOS Web Panel (CWP), a widely-used open-source server management platform. Tracked as...

Critical Kibana Flaws: CVE-2025-2135 (CVSS 9.9) Allows Heap Corruption & RCE; Open Redirect Also Patched Kibana Vulnerabilities, Code Execution

Critical Kibana Flaws: CVE-2025-2135 (CVSS 9.9) Allows Heap Corruption & RCE; Open Redirect Also Patched

Do Son June 25, 2025

Elastic has published a security advisory addressing two significant vulnerabilities in Kibana, the visualization and dashboarding layer...

Double Injection Risk in NVIDIA Megatron-LM: Code Execution Flaws Patched in v0.12.1 NVIDIA GPU Security CUDA-Q Vulnerability NVIDIA Apex Vulnerability AI Infrastructure Security NVIDIA Cumulus Linux CVE-2025-33179 NVIDIA Arm divestment NVIDIA DGX Spark, CVE-2025-33187 NVIDIA Isaac-GROOT, Code Injection Megatron-LM Vulnerability, AI Code Injection NVIDIA China NVIDIA GPUs, Hardware Kill Switches NVIDIA Megatron-LM, LLM Vulnerabilities NVIDIA Base Command Manager - CVE-2024-0138

NVIDIA GPU Security CUDA-Q Vulnerability NVIDIA Apex Vulnerability AI Infrastructure Security NVIDIA Cumulus Linux CVE-2025-33179 NVIDIA Arm divestment NVIDIA DGX Spark, CVE-2025-33187 NVIDIA Isaac-GROOT, Code Injection Megatron-LM Vulnerability, AI Code Injection NVIDIA China NVIDIA GPUs, Hardware Kill Switches NVIDIA Megatron-LM, LLM Vulnerabilities NVIDIA Base Command Manager - CVE-2024-0138

Double Injection Risk in NVIDIA Megatron-LM: Code Execution Flaws Patched in v0.12.1

Do Son June 25, 2025

NVIDIA has released a security bulletin addressing two newly discovered vulnerabilities—CVE-2025-23264 and CVE-2025-23265—affecting Megatron-LM, its open-source large...

Critical Flaws in ELECOM Routers: JPCERT/CC Issues Warning Over Command Injection and XSS Risks ELECOM Router, Critical Vulnerabilities

Critical Flaws in ELECOM Routers: JPCERT/CC Issues Warning Over Command Injection and XSS Risks

Do Son June 25, 2025

In its latest vulnerability disclosure, JPCERT/CC has sounded the alarm on multiple critical security flaws affecting a...

Rogue WordPress Plugin Unmasked: Stealthy Malware Skims Credit Cards & Steals Credentials WordPress Malware, Credit Card Skimming

Rogue WordPress Plugin Unmasked: Stealthy Malware Skims Credit Cards & Steals Credentials

Do Son June 25, 2025

The Wordfence Threat Intelligence Team has unveiled a powerful malware framework operating under the guise of a...

Behind the Commit: CVSS 10.0 Bug Lets Attackers Hijack Gogs Servers Gogs RCE, XSS Vulnerability

Behind the Commit: CVSS 10.0 Bug Lets Attackers Hijack Gogs Servers

Do Son June 24, 2025

The open-source Git service Gogs, known for its simplicity and ease of deployment, disclosures two severe security...

Critical Linksys Router Flaw (CVE-2025-34037, CVSS 10.0) Actively Exploited by TheMoon Worm Linksys Router, TheMoon Worm

Critical Linksys Router Flaw (CVE-2025-34037, CVSS 10.0) Actively Exploited by TheMoon Worm

Do Son June 24, 2025

A critical vulnerability in multiple Linksys E-Series routers is being actively exploited in the wild by a...

CVE-2025-6218: WinRAR Directory Traversal Bug Opens the Door to Remote Code Execution WinRAR RCE, Directory Traversal

CVE-2025-6218: WinRAR Directory Traversal Bug Opens the Door to Remote Code Execution

Do Son June 24, 2025

A newly disclosed vulnerability in RARLAB’s WinRAR, the long-standing compression utility for Windows, has exposed millions of...

Critical Convoy Flaw (CVE-2025-52562, CVSS 10.0): Unauthenticated Remote Code Execution on KVM Servers! Convoy RCE, Unauthenticated

Critical Convoy Flaw (CVE-2025-52562, CVSS 10.0): Unauthenticated Remote Code Execution on KVM Servers!

Do Son June 24, 2025

A newly disclosed vulnerability in Convoy, a modern KVM server management panel built for hosting providers, has...