rce Archives • Page 25 of 29 • Daily CyberSecurity

CISA Alerts on Critical Vulnerabilities in MICROSENS NMP Web+: Attackers Could Gain Full System Access MICROSENS NMP Web+, Critical Vulnerabilities

MICROSENS NMP Web+, Critical Vulnerabilities

CISA Alerts on Critical Vulnerabilities in MICROSENS NMP Web+: Attackers Could Gain Full System Access

Ddos June 26, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a security advisory warning users of multiple high-impact...

Printer Security Alert: Rapid7 Uncovers Critical Flaws (CVSS 9.8) in Multi Brother Models MFP Vulnerabilities, Printer Security

Printer Security Alert: Rapid7 Uncovers Critical Flaws (CVSS 9.8) in Multi Brother Models

Ddos June 26, 2025

In a major coordinated disclosure, Rapid7 has unveiled a disturbing set of vulnerabilities affecting a wide range...

Everon OCPP Vulnerability CVE-2026-26288 ASUSTOR ADM Vulnerability CVE-2026-24936 PrismX MX100 Vulnerability Hard-Coded Credentials Advantech Vulnerability CVE-2025-52694 Eaton UPS Companion, CVE-2025-59887 ASUS Router, Authentication Bypass ASUSTOR DLL Hijacking, Privilege Escalation OpenShift AI, Privilege Escalation GoAnywhere vulnerability CVE-2025-10035 LangChainGo, template injection DeepDiff, class pollution ToolShell Sunshine, CSRF Vulnerability KACE SMA, Critical Vulnerabilities Oracle Zero-Days - PDQ Deploy vulnerability

Quest Patches Critical KACE SMA Flaws, Including CVSS 10 Authentication Bypass

Ddos June 26, 2025

Quest Software has released urgent security hotfixes addressing four newly discovered vulnerabilities in its KACE Systems Management...

Critical Kaleris Navis N4 Flaw (CVE-2025-2566, CVSS 9.8): Supply Chain Infrastructure at Risk! Kaleris Navis N4, Terminal OS Vulnerabilities

Critical Kaleris Navis N4 Flaw (CVE-2025-2566, CVSS 9.8): Supply Chain Infrastructure at Risk!

Ddos June 25, 2025

Two newly disclosed vulnerabilities in the Kaleris Navis N4 terminal operating system could allow attackers to remotely...

Pre-Auth Command Execution in CentOS Web Panel Exposes Over 200,000 Servers, PoC Publishes CentOS Web Panel, Remote Code Execution

Pre-Auth Command Execution in CentOS Web Panel Exposes Over 200,000 Servers, PoC Publishes

Ddos June 25, 2025

A critical vulnerability discovered in CentOS Web Panel (CWP), a widely-used open-source server management platform. Tracked as...

Critical Kibana Flaws: CVE-2025-2135 (CVSS 9.9) Allows Heap Corruption & RCE; Open Redirect Also Patched Kibana Vulnerabilities, Code Execution

Critical Kibana Flaws: CVE-2025-2135 (CVSS 9.9) Allows Heap Corruption & RCE; Open Redirect Also Patched

Ddos June 25, 2025

Elastic has published a security advisory addressing two significant vulnerabilities in Kibana, the visualization and dashboarding layer...

Double Injection Risk in NVIDIA Megatron-LM: Code Execution Flaws Patched in v0.12.1 NVIDIA GPU Security CUDA-Q Vulnerability NVIDIA Apex Vulnerability AI Infrastructure Security NVIDIA Cumulus Linux CVE-2025-33179 NVIDIA Arm divestment NVIDIA DGX Spark, CVE-2025-33187 NVIDIA Isaac-GROOT, Code Injection Megatron-LM Vulnerability, AI Code Injection NVIDIA China NVIDIA GPUs, Hardware Kill Switches NVIDIA Megatron-LM, LLM Vulnerabilities NVIDIA Base Command Manager - CVE-2024-0138

NVIDIA GPU Security CUDA-Q Vulnerability NVIDIA Apex Vulnerability AI Infrastructure Security NVIDIA Cumulus Linux CVE-2025-33179 NVIDIA Arm divestment NVIDIA DGX Spark, CVE-2025-33187 NVIDIA Isaac-GROOT, Code Injection Megatron-LM Vulnerability, AI Code Injection NVIDIA China NVIDIA GPUs, Hardware Kill Switches NVIDIA Megatron-LM, LLM Vulnerabilities NVIDIA Base Command Manager - CVE-2024-0138

Double Injection Risk in NVIDIA Megatron-LM: Code Execution Flaws Patched in v0.12.1

Ddos June 25, 2025

NVIDIA has released a security bulletin addressing two newly discovered vulnerabilities—CVE-2025-23264 and CVE-2025-23265—affecting Megatron-LM, its open-source large...

Critical Flaws in ELECOM Routers: JPCERT/CC Issues Warning Over Command Injection and XSS Risks ELECOM Router, Critical Vulnerabilities

Critical Flaws in ELECOM Routers: JPCERT/CC Issues Warning Over Command Injection and XSS Risks

Ddos June 25, 2025

In its latest vulnerability disclosure, JPCERT/CC has sounded the alarm on multiple critical security flaws affecting a...

Rogue WordPress Plugin Unmasked: Stealthy Malware Skims Credit Cards & Steals Credentials WordPress Malware, Credit Card Skimming

Rogue WordPress Plugin Unmasked: Stealthy Malware Skims Credit Cards & Steals Credentials

Ddos June 25, 2025

The Wordfence Threat Intelligence Team has unveiled a powerful malware framework operating under the guise of a...

Behind the Commit: CVSS 10.0 Bug Lets Attackers Hijack Gogs Servers Gogs RCE, XSS Vulnerability

Behind the Commit: CVSS 10.0 Bug Lets Attackers Hijack Gogs Servers

Ddos June 24, 2025

The open-source Git service Gogs, known for its simplicity and ease of deployment, disclosures two severe security...

Critical Linksys Router Flaw (CVE-2025-34037, CVSS 10.0) Actively Exploited by TheMoon Worm Linksys Router, TheMoon Worm

Critical Linksys Router Flaw (CVE-2025-34037, CVSS 10.0) Actively Exploited by TheMoon Worm

Ddos June 24, 2025

A critical vulnerability in multiple Linksys E-Series routers is being actively exploited in the wild by a...

CVE-2025-6218: WinRAR Directory Traversal Bug Opens the Door to Remote Code Execution WinRAR RCE, Directory Traversal

CVE-2025-6218: WinRAR Directory Traversal Bug Opens the Door to Remote Code Execution

Ddos June 24, 2025

A newly disclosed vulnerability in RARLAB’s WinRAR, the long-standing compression utility for Windows, has exposed millions of...

Critical Convoy Flaw (CVE-2025-52562, CVSS 10.0): Unauthenticated Remote Code Execution on KVM Servers! Convoy RCE, Unauthenticated

Critical Convoy Flaw (CVE-2025-52562, CVSS 10.0): Unauthenticated Remote Code Execution on KVM Servers!

Ddos June 24, 2025

A newly disclosed vulnerability in Convoy, a modern KVM server management panel built for hosting providers, has...

Critical Mattermost Flaw (CVE-2025-4981, CVSS 9.9) Allows RCE Via Path Traversal Mattermost Vulnerability, Remote Code Execution CVE-2025-20051, CVE-2025-24490, and CVE-2025-25279

Mattermost Vulnerability, Remote Code Execution CVE-2025-20051, CVE-2025-24490, and CVE-2025-25279

Critical Mattermost Flaw (CVE-2025-4981, CVSS 9.9) Allows RCE Via Path Traversal

Ddos June 21, 2025

Open-source collaboration platform Mattermost is exposed to a severe vulnerability that threatens the integrity of its deployments...

IBM QRadar SIEM Exposed by Trio of Security Flaws, Including Critical Command Execution Bug IBM QRadar, Critical Vulnerabilities

IBM QRadar SIEM Exposed by Trio of Security Flaws, Including Critical Command Execution Bug

Ddos June 21, 2025

IBM has issued a security bulletin addressing three critical vulnerabilities in its QRadar SIEM platform, a widely...

Critical Pterodactyl RCE (CVSS 10.0): Unauthenticated Attackers Exploiting Flaw Now! Pterodactyl RCE, Game Server Vulnerability

Critical Pterodactyl RCE (CVSS 10.0): Unauthenticated Attackers Exploiting Flaw Now!

Ddos June 20, 2025

A critical security vulnerability has been uncovered in Pterodactyl, the popular open-source game server management panel. Tracked...

Critical Versa Director Flaw: RCE Possible via HA Ports, PoC Available

Ddos June 20, 2025

A newly discovered critical vulnerability in Versa Networks’ SD-WAN orchestration platform, Versa Director, exposes enterprise networks to...

CVE-2025-23171 & CVE-2025-23172: Versa Director Bugs Open Doors to Webshell Uploads and Command Execution Versa Director, SD-WAN Vulnerabilities

CVE-2025-23171 & CVE-2025-23172: Versa Director Bugs Open Doors to Webshell Uploads and Command Execution

Ddos June 19, 2025

Two newly disclosed vulnerabilities in the Versa Director SD-WAN orchestration platform could allow authenticated attackers to execute...

Cisco ClamAV Critical Flaws: CVE-2025-20260 (CVSS 9.8) Allows Code Execution ClamAV Vulnerability ClamAV Vulnerabilities, RCE

Cisco ClamAV Critical Flaws: CVE-2025-20260 (CVSS 9.8) Allows Code Execution

Ddos June 19, 2025

Cisco’s ClamAV, one of the most widely used open-source antivirus engines, has released versions 1.4.3 and 1.0.9...

D-Link Router Flaws Allow Code Execution, PoC Available, No Patch D-Link DIR-816, Critical Vulnerabilities D-Link EOL RCE, Unauthenticated Command Injection

D-Link DIR-816, Critical Vulnerabilities D-Link EOL RCE, Unauthenticated Command Injection

D-Link Router Flaws Allow Code Execution, PoC Available, No Patch

Ddos June 18, 2025

D-Link has issued an official advisory warning users of its legacy DIR-632 router that two critical vulnerabilities...