security advisory Archives • Daily CyberSecurity

ASUS LPE Flaw (CVE-2025-59373): High-Severity Bug Grants SYSTEM Privileges via MyASUS Component ASUS LPE Flaw CVE-2025-59373 ASUS Armoury Crate vulnerability Asus CVE Numbering Authority - CVE-2024-12912 and CVE-2024-13062 AMI BMC vulnerability, CVE-2024-54085

ASUS LPE Flaw (CVE-2025-59373): High-Severity Bug Grants SYSTEM Privileges via MyASUS Component

Ddos November 26, 2025

Critical WSUS RCE (CVE-2025-59287) Actively Exploited to Deploy ShadowPad Backdoor WSUS RCE ShadowPad CVE-2025-59287

Critical WSUS RCE (CVE-2025-59287) Actively Exploited to Deploy ShadowPad Backdoor

Ddos November 21, 2025

Grafana Patches Critical SCIM Flaw (CVE-2025-41115, CVSS 10) Allowing Privilege Escalation and User Impersonation Grafana SCIM Flaw CVE-2025-41115 Grafana Vulnerabilities, XSS Flaw Grafana security alert, XSS patch

Grafana Patches Critical SCIM Flaw (CVE-2025-41115, CVSS 10) Allowing Privilege Escalation and User Impersonation

Ddos November 20, 2025

Critical Warning: QNAP Patches Seven Zero-Days Exploited at Pwn2Own 2025 QNAP Zero-Day, Pwn2Own Exploit CVE-2024-21899 - QNAP QTS vulnerability

Critical Warning: QNAP Patches Seven Zero-Days Exploited at Pwn2Own 2025

Ddos November 8, 2025

Spring Patches Two Flaws: SpEL Injection (CVE-2025-41253) Leaks Secrets, STOMP CSRF Bypasses WebSocket Security Spring Gateway SpEL, STOMP WebSocket CSRF Spring Security, vulnerability CVE-2024-38819 CVE-2025-41243 Spring Cloud Gateway, vulnerability

Spring Gateway SpEL, STOMP WebSocket CSRF Spring Security, vulnerability CVE-2024-38819 CVE-2025-41243 Spring Cloud Gateway, vulnerability

Spring Patches Two Flaws: SpEL Injection (CVE-2025-41253) Leaks Secrets, STOMP CSRF Bypasses WebSocket Security

Ddos October 17, 2025

F5 Networks Breached by Nation-State Actor, BIG-IP Source Code and Undisclosed Vulnerabilities Stolen F5 Nation-State Breach, BIG-IP Source Code Leak

F5 Nation-State Breach, BIG-IP Source Code Leak

F5 Networks Breached by Nation-State Actor, BIG-IP Source Code and Undisclosed Vulnerabilities Stolen

Ddos October 16, 2025

Oracle Warns of Unauthenticated Vulnerability in E-Business Suite (CVE-2025-61884) Oracle Critical RCE, EBS Marketing Flaws CVE-2024-21182 PoC Exploit Oracle EBS Auth Bypass, CVE-2025-61884

Oracle Critical RCE, EBS Marketing Flaws CVE-2024-21182 PoC Exploit Oracle EBS Auth Bypass, CVE-2025-61884

Oracle Warns of Unauthenticated Vulnerability in E-Business Suite (CVE-2025-61884)

Ddos October 13, 2025

Critical Nagios Flaw CVE-2025-44823 (CVSS 9.9) Leaks Plaintext Admin API Keys, PoC Available Nagios Critical Flaw, Admin Key Leak Nagios XI Vulnerabilities

Nagios Critical Flaw, Admin Key Leak Nagios XI Vulnerabilities

Critical Nagios Flaw CVE-2025-44823 (CVSS 9.9) Leaks Plaintext Admin API Keys, PoC Available

Ddos October 8, 2025

Critical Flaw CVE-2025-59159 (CVSS 9.7) in SillyTavern Allows Full Remote Control of Local AI Instances SillyTavern DNS Rebinding, CVE-2025-59159

Critical Flaw CVE-2025-59159 (CVSS 9.7) in SillyTavern Allows Full Remote Control of Local AI Instances

Ddos October 7, 2025

QNAP Fixes High-Severity Flaws: NetBak Replicator RCE and SQL Injection in Qsync Central CVE-2024-27124 QNAP Vulnerabilities, NetBak Replicator

CVE-2024-27124 QNAP Vulnerabilities, NetBak Replicator

QNAP Fixes High-Severity Flaws: NetBak Replicator RCE and SQL Injection in Qsync Central

Ddos October 6, 2025

Apache Kylin Flaw: Authentication Bypass and SSRF Vulnerabilities Found in Big Data Platform CVE-2022-43396 Apache Kylin, Authentication Bypass

CVE-2022-43396 Apache Kylin, Authentication Bypass

Apache Kylin Flaw: Authentication Bypass and SSRF Vulnerabilities Found in Big Data Platform

Ddos October 1, 2025

OpenSSL Patches Three Flaws: Timing Side-Channel RCE Risk and Memory Corruption Affect All Versions CVE-2022-2274 OpenSSL Vulnerabilities, Timing Side-Channel

CVE-2022-2274 OpenSSL Vulnerabilities, Timing Side-Channel

OpenSSL Patches Three Flaws: Timing Side-Channel RCE Risk and Memory Corruption Affect All Versions

Ddos October 1, 2025

Cisco SNMP Flaw (CVE-2025-20352) Actively Exploited: Patch Now to Stop Root Access! Cisco Phone DoS, CVE-2025-20350 Cisco SNMP Flaw CVE-2025-20352 CVE-2024-20398 & CVE-2024-20381 CVE-2025-20206

Cisco Phone DoS, CVE-2025-20350 Cisco SNMP Flaw CVE-2025-20352 CVE-2024-20398 & CVE-2024-20381 CVE-2025-20206

Cisco SNMP Flaw (CVE-2025-20352) Actively Exploited: Patch Now to Stop Root Access!

Ddos September 25, 2025

SolarWinds Issues Advisory on Salesforce Data Breach Linked to Salesloft Drift Serv-U RCE, Authenticated RCE CVE-2024-0692 Salesforce breach

SolarWinds Issues Advisory on Salesforce Data Breach Linked to Salesloft Drift

Ddos September 18, 2025

Digiever NVR Flaws (CVE-2025-10264, CVE-2025-10265) Let Hackers Steal Credentials & Take Control Digiever NVR, critical vulnerabilities

Digiever NVR Flaws (CVE-2025-10264, CVE-2025-10265) Let Hackers Steal Credentials & Take Control

Ddos September 15, 2025

Angular SSR Flaw (CVE-2025-59052) Exposes User Data: What Developers Need to Know CVE-2025-59052 Angular security Angular XSS Bypass, SVG Injection

Angular SSR Flaw (CVE-2025-59052) Exposes User Data: What Developers Need to Know

Ddos September 11, 2025

Two New High-Severity Flaws in FreePBX Puts Admins and APIs at Risk Telenium RCE, CVE-2025-10659 Fuel station security, ICS vulnerabilities FreePBX vulnerability CVE-2024-9478 & CVE-2024-9479 SysTrack Vulnerability, Privilege Escalation