security patch Archives • Page 2 of 3 • Daily CyberSecurity

High-Severity GitLab XSS Flaw (CVE-2025-11224) Risks Kubernetes Proxy Session Hijacking GitLab Security Code Integrity GitLab sale GitLab, Security GitLab Stored XSS, Kubernetes Proxy Flaw

GitLab Security Code Integrity GitLab sale GitLab, Security GitLab Stored XSS, Kubernetes Proxy Flaw

High-Severity GitLab XSS Flaw (CVE-2025-11224) Risks Kubernetes Proxy Session Hijacking

Do Son November 13, 2025

GitLab has released a new round of security updates for both Community Edition (CE) and Enterprise Edition...

Elastic Patches Two Kibana Flaws — SSRF (CVE-2025-37734) and XSS (CVE-2025-59840) Flaws Affect Multiple Versions CVE-2024-37288 and CVE-2024-37285 Kibana XSS SSRF, Vega Vulnerability

CVE-2024-37288 and CVE-2024-37285 Kibana XSS SSRF, Vega Vulnerability

Elastic Patches Two Kibana Flaws — SSRF (CVE-2025-37734) and XSS (CVE-2025-59840) Flaws Affect Multiple Versions

Do Son November 13, 2025

Elastic has issued two security advisories addressing two vulnerabilities in Kibana, the visualization and analytics dashboard component...

Apache OpenOffice Fixes 7 Flaws: Memory Corruption and Unprompted Remote Content Loading CVE-2022-47502 OpenOffice Auth Bypass, Memory Corruption

CVE-2022-47502 OpenOffice Auth Bypass, Memory Corruption

Apache OpenOffice Fixes 7 Flaws: Memory Corruption and Unprompted Remote Content Loading

Do Son November 12, 2025

Apache OpenOffice has released a crucial security patch, version 4.1.16, to address a flurry of security vulnerabilities...

GitLab Patches High Runner Hijacking Flaw (CVE-2025-11702) and Multiple DoS Vulnerabilities GitLab security updates Duo AI flaw fixed GitLab Runner Hijack, DoS Fix GitLab GraphQL Flaws, CVE-2025-11340 CVE-2024-9693 GitLab vulnerability, XSS

GitLab security updates Duo AI flaw fixed GitLab Runner Hijack, DoS Fix GitLab GraphQL Flaws, CVE-2025-11340 CVE-2024-9693 GitLab vulnerability, XSS

GitLab Patches High Runner Hijacking Flaw (CVE-2025-11702) and Multiple DoS Vulnerabilities

Do Son October 22, 2025

GitLab has released versions 18.5.1, 18.4.3, and 18.3.5 for both Community Edition (CE) and Enterprise Edition (EE)...

shell-quote command injection AI-Driven Vulnerabilities Q1 2026 Cyber Threats vm2 Sandbox Escape Node.js RCE upKeeper Privilege Escalation CVE-2026-2449 Pharos Controls Vulnerability Root Access Exploit Cybersecurity Vulnerability Roundup CVSS 10.0 Flaws Shadow Archives CVE-2026-0866 MS-Agent Prompt Injection CVE-2026-2256 basic-ftp Path Traversal CVE-2026-27699 telnetd Root Vulnerability CVE-1999-0073 Regression USR-W610 Vulnerabilities End-of-Life IoT Security IceWarp Security Update IceWarp Vulnerabilities Airleader Master Vulnerability CVE-2026-1358 ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

Critical CVSS 10.0 SQL Injection Vulnerability Patched in Esri ArcGIS Server

Do Son October 9, 2025

Esri has released a critical security patch addressing a SQL injection vulnerability (CVE-2025-57870) in ArcGIS Server, a...

Stack-Based Buffer Overflow in Squid Could Let Hackers Execute Arbitrary Code CVE-2024-25617 CVE-2025-59362 Squid Proxy ICP Vulnerability

Stack-Based Buffer Overflow in Squid Could Let Hackers Execute Arbitrary Code

Do Son September 15, 2025

Squid, the widely deployed caching proxy supporting HTTP, HTTPS, FTP, and more, has patched a critical security...

Apache HTTP Server 2.4.64 Released: Patches 8 Vulnerabilities, Including HTTP Splitting, SSRF & DoS CVE-2024-38472 Apache HTTP Server, Security Patches

Apache HTTP Server 2.4.64 Released: Patches 8 Vulnerabilities, Including HTTP Splitting, SSRF & DoS

Do Son July 11, 2025

The Apache Software Foundation has issued a new release—Apache HTTP Server version 2.4.64—patching eight security vulnerabilities that...

SAP’s July 2025 Patch Day Brings 27 New Notes, Multiple Critical RCE & Deserialization Flaws (CVSS 10.0) SAP security patch day critical security vulnerabilities SAP SQL Injection April 2026 Patch Day SAP Security, Critical Vulnerabilities Security Patch Day CVE-2025-42944

SAP security patch day critical security vulnerabilities SAP SQL Injection April 2026 Patch Day SAP Security, Critical Vulnerabilities Security Patch Day CVE-2025-42944

SAP’s July 2025 Patch Day Brings 27 New Notes, Multiple Critical RCE & Deserialization Flaws (CVSS 10.0)

Do Son July 8, 2025

SAP’s July 2025 Security Patch Day delivered a total of 27 new security notes and 3 updates...

Check Point VPN vulnerability exploited in the wild Check Point VPN exploit CVE-2026-50751 zero-day Checkmarx Breach Supply Chain Attack Ivanti EPMM RCE CVE-2026-1281 Modular DS Vulnerability CVE-2026-23550 D-Link RCE Vulnerability CVE-2026-0625 Christmas 2025 GreyNoise Campaign, Japan-Based Initial Access Broker React2Shell Zero-Day, APT Active Exploitation WordPress vulnerability, authentication bypass FreePBX, zero-day Trend Micro Apex One, Remote Code Execution BitoPro Hack, Crypto Theft UNC5337 - CVE-2022-47945 Safe{Wallet} hack Fortinet vulnerability, CVE-2024-21762, FortiGate attack Balloonfly, Play ransomware Ivanti EPMM CVE-2025-4427 and CVE-2025-4428

Urgent Citrix NetScaler Alert: Critical Memory Overflow Flaw (CVE-2025-6543, CVSS 9.2) Actively Exploited on 2,100+ Unpatched Appliances

Do Son July 1, 2025

A critical security flaw tracked as CVE-2025-6543 is being actively exploited in the wild, prompting urgent warnings...

Urgent Citrix NetScaler Alert: Critical Memory Overflow Flaw (CVE-2025-6543, CVSS 9.2) Actively Exploited Citrix NetScaler, Critical Vulnerability

Citrix NetScaler, Critical Vulnerability

Urgent Citrix NetScaler Alert: Critical Memory Overflow Flaw (CVE-2025-6543, CVSS 9.2) Actively Exploited

Do Son June 27, 2025

Citrix has issued a critical advisory for CVE-2025-6543, a memory overflow vulnerability that impacts NetScaler ADC (formerly...

TeamViewer Remote Management Bug (CVE-2025-36537) Enables Privilege Escalation TeamViewer Vulnerability, Privilege Escalation

TeamViewer Remote Management Bug (CVE-2025-36537) Enables Privilege Escalation

Do Son June 25, 2025

TeamViewer, a widely used remote access and management platform, has disclosed a new vulnerability that impacts its...

Behind the Commit: CVSS 10.0 Bug Lets Attackers Hijack Gogs Servers Gogs RCE, XSS Vulnerability

Behind the Commit: CVSS 10.0 Bug Lets Attackers Hijack Gogs Servers

Do Son June 24, 2025

The open-source Git service Gogs, known for its simplicity and ease of deployment, disclosures two severe security...

CVE-2025-6218: WinRAR Directory Traversal Bug Opens the Door to Remote Code Execution WinRAR RCE, Directory Traversal

CVE-2025-6218: WinRAR Directory Traversal Bug Opens the Door to Remote Code Execution

Do Son June 24, 2025

A newly disclosed vulnerability in RARLAB’s WinRAR, the long-standing compression utility for Windows, has exposed millions of...

Grafana Alert: Medium-Severity Flaw (CVE-2025-3415) Exposes DingDing API Keys Grafana Vulnerability, DingDing CVE-2023-3128

Grafana Alert: Medium-Severity Flaw (CVE-2025-3415) Exposes DingDing API Keys

Do Son June 14, 2025

Grafana Labs has released a round of security patches to address CVE-2025-3415, a medium-severity vulnerability (CVSS 4.3)...

High-Severity Flaw in HashiCorp Nomad (CVE-2025-4922) Allows Privilege Escalation HashiCorp Nomad, Privilege Escalation

High-Severity Flaw in HashiCorp Nomad (CVE-2025-4922) Allows Privilege Escalation

Do Son June 13, 2025

HashiCorp has disclosed a high-severity vulnerability in its workload orchestration tool, Nomad, which could allow attackers to...

Critical Trend Micro Apex Central Flaws: Pre-Auth RCE (CVSS 9.8) Threatens Your Security Trend Micro, RCE Vulnerability

Critical Trend Micro Apex Central Flaws: Pre-Auth RCE (CVSS 9.8) Threatens Your Security

Do Son June 12, 2025

Trend Micro has issued an urgent Critical Patch (CP B7007) for its Apex Central platform, addressing two...

Critical Apache CloudStack Flaws Expose Kubernetes & Admin Accounts! CVE-2024-50386 Apache CloudStack, Critical Vulnerabilities

Critical Apache CloudStack Flaws Expose Kubernetes & Admin Accounts!

Do Son June 11, 2025

The Apache CloudStack project has released new Long-Term Support (LTS) versions—4.19.3.0 and 4.20.1.0—to address five security vulnerabilities,...

High-Severity Flaw in Kibana: Unauthorized Access Possible in Synthetic Monitoring! Kibana Vulnerability, Elastic Security

High-Severity Flaw in Kibana: Unauthorized Access Possible in Synthetic Monitoring!

Do Son June 11, 2025

Elastic has disclosed a high-severity vulnerability (CVE-2024-43706) affecting its Kibana observability platform, specifically in the Synthetic Monitoring...

PoC Reveals Apple Audio Zero-Day Enabling Remote Code Execution via Malicious Media Files CoreAudio Vulnerability, Apple Zero-Day

PoC Reveals Apple Audio Zero-Day Enabling Remote Code Execution via Malicious Media Files

Do Son June 2, 2025

Apple has patched a high-severity zero-day vulnerability in CoreAudio, the framework responsible for audio playback and processing...

ZITADEL Flaw: Host Header Injection Risks Account Takeover (Password Reset) ZITADEL vulnerability Account takeover

ZITADEL Flaw: Host Header Injection Risks Account Takeover (Password Reset)

Do Son May 30, 2025

ZITADEL, a modern identity and access management platform, has patched a critical vulnerability in its password reset...

Critical Alert 3 Active Exploits Detected Today

Critical Alert

security patch

High-Severity GitLab XSS Flaw (CVE-2025-11224) Risks Kubernetes Proxy Session Hijacking

Elastic Patches Two Kibana Flaws — SSRF (CVE-2025-37734) and XSS (CVE-2025-59840) Flaws Affect Multiple Versions

Apache OpenOffice Fixes 7 Flaws: Memory Corruption and Unprompted Remote Content Loading

GitLab Patches High Runner Hijacking Flaw (CVE-2025-11702) and Multiple DoS Vulnerabilities

Critical CVSS 10.0 SQL Injection Vulnerability Patched in Esri ArcGIS Server

Stack-Based Buffer Overflow in Squid Could Let Hackers Execute Arbitrary Code

Apache HTTP Server 2.4.64 Released: Patches 8 Vulnerabilities, Including HTTP Splitting, SSRF & DoS

SAP’s July 2025 Patch Day Brings 27 New Notes, Multiple Critical RCE & Deserialization Flaws (CVSS 10.0)

Urgent Citrix NetScaler Alert: Critical Memory Overflow Flaw (CVE-2025-6543, CVSS 9.2) Actively Exploited on 2,100+ Unpatched Appliances

Urgent Citrix NetScaler Alert: Critical Memory Overflow Flaw (CVE-2025-6543, CVSS 9.2) Actively Exploited

TeamViewer Remote Management Bug (CVE-2025-36537) Enables Privilege Escalation

Behind the Commit: CVSS 10.0 Bug Lets Attackers Hijack Gogs Servers

CVE-2025-6218: WinRAR Directory Traversal Bug Opens the Door to Remote Code Execution

Grafana Alert: Medium-Severity Flaw (CVE-2025-3415) Exposes DingDing API Keys

High-Severity Flaw in HashiCorp Nomad (CVE-2025-4922) Allows Privilege Escalation

Critical Trend Micro Apex Central Flaws: Pre-Auth RCE (CVSS 9.8) Threatens Your Security

PoC Reveals Apple Audio Zero-Day Enabling Remote Code Execution via Malicious Media Files

ZITADEL Flaw: Host Header Injection Risks Account Takeover (Password Reset)