unauthenticated access Archives • Daily CyberSecurity

Edge of Disaster: Critical 9.8 CVSS Flaw in Oracle Cloud Infrastructure Toolkit Allows Complete Takeover IRGC Oracle Cloud Dubai strike Oracle global layoffs 2026 Oracle Fusion Middleware Vulnerability CVE-2026-21992 Oracle Edge Cloud Vulnerability CVE-2026-21994 Oracle Critical RCE, EBS Marketing Flaws CVE-2024-21182 PoC Exploit Oracle EBS Auth Bypass, CVE-2025-61884

IRGC Oracle Cloud Dubai strike Oracle global layoffs 2026 Oracle Fusion Middleware Vulnerability CVE-2026-21992 Oracle Edge Cloud Vulnerability CVE-2026-21994 Oracle Critical RCE, EBS Marketing Flaws CVE-2024-21182 PoC Exploit Oracle EBS Auth Bypass, CVE-2025-61884

Edge of Disaster: Critical 9.8 CVSS Flaw in Oracle Cloud Infrastructure Toolkit Allows Complete Takeover

Do Son March 18, 2026

A critical vulnerability has been identified in a key component of Oracle’s open-source portfolio, potentially handing the...

Altium Enterprise Server Vulnerability CVE-2026-9129 Path Traversal Patreon OAuth Vulnerability Identity Collision DRC INSIGHT Vulnerability Exam Data Hijacking Horner Automation PLC Industrial Brute Force Honeywell IQ4x Vulnerability CVE-2026-3611 DJI Romo vacuum security flaw Python Cryptography Vulnerability CVE-2026-26007 Open5GS Vulnerability CVE-2026-0622 Vivotek IP7137 Vulnerabilities CVE-2025-66049 Forcepoint DLP Vulnerability CVE-2025-14026 Cellopoint Secure Email Gateway - CVE-2024-9043

The Default Danger: Maximum 10.0 CVSS Vulnerability Leaves Honeywell IQ4x Controllers Wide Open

Do Son March 11, 2026

A critical security flaw has been uncovered in the Honeywell IQ4x Building Management System (BMS) Controller family,...

Unauthenticated Nginx UI Flaw Leaks Decryption Keys and Server Secrets Nginx UI Vulnerability CVE-2026-27944

Unauthenticated Nginx UI Flaw Leaks Decryption Keys and Server Secrets

Do Son March 8, 2026

Security researchers have uncovered a critical vulnerabilities in Nginx UI, a popular web-based interface used to manage...

shell-quote command injection AI-Driven Vulnerabilities Q1 2026 Cyber Threats vm2 Sandbox Escape Node.js RCE upKeeper Privilege Escalation CVE-2026-2449 Pharos Controls Vulnerability Root Access Exploit Cybersecurity Vulnerability Roundup CVSS 10.0 Flaws Shadow Archives CVE-2026-0866 MS-Agent Prompt Injection CVE-2026-2256 basic-ftp Path Traversal CVE-2026-27699 telnetd Root Vulnerability CVE-1999-0073 Regression USR-W610 Vulnerabilities End-of-Life IoT Security IceWarp Security Update IceWarp Vulnerabilities Airleader Master Vulnerability CVE-2026-1358 ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

Critical Unpatched Flaw: Vivotek EOL IP Cameras Exposed to Unauthenticated RCE via Command Injection

Do Son November 25, 2025

The Akamai Security Intelligence and Response Team (SIRT) has uncovered a previously undocumented — and still widely...

D-Link DIR-878 Reaches EOL: 3 Unpatched RCE Flaws Allow Unauthenticated Remote Command Execution D-Link DIR-816, Critical Vulnerabilities D-Link EOL RCE, Unauthenticated Command Injection

D-Link DIR-816, Critical Vulnerabilities D-Link EOL RCE, Unauthenticated Command Injection

D-Link DIR-878 Reaches EOL: 3 Unpatched RCE Flaws Allow Unauthenticated Remote Command Execution

Do Son November 19, 2025

D-Link has issued a security advisory warning users of the DIR-878 router series that multiple newly disclosed...

Critical METZ CONNECT Flaws (CVSS 9.8) Allow Unauthenticated RCE and Admin Takeover on Industrial Controllers METZ CONNECT RCE, Unauthenticated Admin Takeover

METZ CONNECT RCE, Unauthenticated Admin Takeover

Critical METZ CONNECT Flaws (CVSS 9.8) Allow Unauthenticated RCE and Admin Takeover on Industrial Controllers

Do Son November 19, 2025

METZ CONNECT GmbH, in coordination with CERT@VDE, has issued an urgent security advisory warning of multiple critical...

Critical Flowise Flaw Allows Unauthenticated Remote Admin Takeover via Exposed Registration Endpoint Flowise Sandbox Escape CVE-2026-46442 Flowise RCE Flowise Auth Bypass, Unauthenticated Registration Flowise RCE, WriteFileTool FlowiseAI, account takeover CVE-2025-58434

Flowise Sandbox Escape CVE-2026-46442 Flowise RCE Flowise Auth Bypass, Unauthenticated Registration Flowise RCE, WriteFileTool FlowiseAI, account takeover CVE-2025-58434

Critical Flowise Flaw Allows Unauthenticated Remote Admin Takeover via Exposed Registration Endpoint

Do Son November 18, 2025

The team behind Flowise—a popular open-source platform for building AI agents and LLM workflows—has issued an urgent...

CISA Warns: Critical Lynx+ Gateway Flaw (CVSS 10.0) Allows Unauthenticated Remote Reset; Vendor Non-Responsive

Do Son November 17, 2025

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a new advisory detailing multiple high-severity vulnerabilities...

Critical Path Traversal Vulnerability (CVSS 9.8) Exposes Mitel MiCollab Servers to Unauthorized Access Mitel MiCollab, Critical Vulnerability

Critical Path Traversal Vulnerability (CVSS 9.8) Exposes Mitel MiCollab Servers to Unauthorized Access

Do Son June 13, 2025

Mitel has issued a critical security advisory warning of a newly discovered path traversal vulnerability affecting its...

CISA Warns of Critical Unauthenticated Access Vulnerability in Instantel Micromate Devices Instantel Micromate, Critical Vulnerability

CISA Warns of Critical Unauthenticated Access Vulnerability in Instantel Micromate Devices

Do Son June 3, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a security advisory warning users of a critical...

RADIUS Risk: Unauthenticated Remote Attacker Can Crash Cisco ISE by Default CVE-2024-20419 - Cisco Webex Vulnerability Cisco ISE DoS, CVE-2025-20152

CVE-2024-20419 - Cisco Webex Vulnerability Cisco ISE DoS, CVE-2025-20152

RADIUS Risk: Unauthenticated Remote Attacker Can Crash Cisco ISE by Default

Do Son May 22, 2025

Cisco has published a security advisory for a high-severity vulnerability impacting its Identity Services Engine (ISE) product....

Critical Misconfiguration in Bitnami Pgpool Enables Unauthenticated PostgreSQL Access (CVE-2025-22248) Pgpool, Unauthenticated Access

Critical Misconfiguration in Bitnami Pgpool Enables Unauthenticated PostgreSQL Access (CVE-2025-22248)

Do Son May 14, 2025

A critical security vulnerability has been identified in the Bitnami Pgpool-II Docker image and the bitnami/postgres-ha Kubernetes...

CVE-2025-32896: Apache SeaTunnel Flaw Enables Unauthenticated File Read & RCE Screenshot_20250413-084728

CVE-2025-32896: Apache SeaTunnel Flaw Enables Unauthenticated File Read & RCE

Do Son April 13, 2025

A newly disclosed vulnerability, CVE-2025-32896, in Apache SeaTunnel—a widely used distributed data integration platform—could allow unauthenticated attackers...

Critical Alert 1 Active Exploit Detected Today