unauthenticated Archives • Daily CyberSecurity

High-Severity GeoServer Flaw (CVE-2025-58360) Allows Unauthenticated XXE for File Theft and SSRF CVE-2023-25157 GeoServer XXE, Unauthenticated File Exfiltration

CVE-2023-25157 GeoServer XXE, Unauthenticated File Exfiltration

High-Severity GeoServer Flaw (CVE-2025-58360) Allows Unauthenticated XXE for File Theft and SSRF

Do Son December 1, 2025

The maintainers of GeoServer have issued an important security advisory regarding a high-severity vulnerability that could allow...

PoC Available: FlowiseAI Flaw (CVE-2025-58434) Allows Full Account Takeover (CVSS 9.8) Flowise Sandbox Escape CVE-2026-46442 Flowise RCE Flowise Auth Bypass, Unauthenticated Registration Flowise RCE, WriteFileTool FlowiseAI, account takeover CVE-2025-58434

Flowise Sandbox Escape CVE-2026-46442 Flowise RCE Flowise Auth Bypass, Unauthenticated Registration Flowise RCE, WriteFileTool FlowiseAI, account takeover CVE-2025-58434

PoC Available: FlowiseAI Flaw (CVE-2025-58434) Allows Full Account Takeover (CVSS 9.8)

Do Son September 15, 2025

The open-source generative AI development platform FlowiseAI, widely used for building AI agents and LLM workflows, has...

CVE-2025-56752: Remote Attackers Can Gain Full Administrative Access to Affected Ruijie Networks Devices Without Authentication

Do Son September 5, 2025

Ruijie Networks has released a security advisory addressing a critical vulnerability in its Reyee RG-ES series switches...

A CVSS 9.6 Remote Flaw Allows Unauthenticated Attackers to Bypass Dell ThinOS Dell ThinOS, remote access

A CVSS 9.6 Remote Flaw Allows Unauthenticated Attackers to Bypass Dell ThinOS

Do Son August 28, 2025

Dell Technologies has issued a security advisory addressing several high-severity vulnerabilities in its ThinOS 10 platform, widely...

CVE-2025-25257 (CVSS 9.6): Pre-Auth SQLi in Fortinet FortiWeb Opens Door to RCE, PoC Published CVE-2025-25257 PoC FortiWeb, SQL Injection

CVE-2025-25257 (CVSS 9.6): Pre-Auth SQLi in Fortinet FortiWeb Opens Door to RCE, PoC Published

Do Son July 14, 2025

A critical security flaw in Fortinet’s FortiWeb web application firewall has been publicly weaponized, with proof-of-concept (PoC)...

Fortinet Fixes Critical SQL Injection Flaw in FortiWeb (CVE-2025-25257, CVSS 9.6) FortiWeb, SQL Injection

Fortinet Fixes Critical SQL Injection Flaw in FortiWeb (CVE-2025-25257, CVSS 9.6)

Do Son July 9, 2025

Fortinet has released a critical patch to address a serious vulnerability in its FortiWeb product — a...

CVE-2025-20309 (CVSS 10): Cisco Patches Critical Static SSH Root Credential Flaw in Unified CM Cisco UC, Critical RCE

CVE-2025-20309 (CVSS 10): Cisco Patches Critical Static SSH Root Credential Flaw in Unified CM

Do Son July 3, 2025

Cisco has disclosed a critical vulnerability in its Unified Communications Manager (Unified CM) and Session Management Edition...

CVSS 10 RCE in Wing FTP Server (CVE-2025-47812) Allows Full Server Takeover, PoC Releases Wing FTP Server, Remote Code Execution

CVSS 10 RCE in Wing FTP Server (CVE-2025-47812) Allows Full Server Takeover, PoC Releases

Do Son July 2, 2025

A critical remote code execution (RCE) vulnerability has been discovered in Wing FTP Server, a popular cross-platform...

CVE-2025-6561 (CVSS 9.8): Hunt Electronic DVR Vulnerability Exposes Admin Credentials in Plaintext F5 BIG-IP Hunt Electronic DVR, Critical Vulnerability

F5 BIG-IP Hunt Electronic DVR, Critical Vulnerability

CVE-2025-6561 (CVSS 9.8): Hunt Electronic DVR Vulnerability Exposes Admin Credentials in Plaintext

Do Son June 27, 2025

Security researchers have uncovered a critical vulnerability—CVE-2025-6561, carrying a CVSS score of 9.8—that affects certain hybrid DVR...

Cisco ISE/ISE-PIC Alert: Two Critical RCE Flaws (CVSS 10.0) Allow Unauthenticated Root Access Cisco ISE, Critical RCE

Cisco ISE/ISE-PIC Alert: Two Critical RCE Flaws (CVSS 10.0) Allow Unauthenticated Root Access

Do Son June 27, 2025

Cisco has disclosed two critical vulnerabilities in its Identity Services Engine (ISE) and Passive Identity Connector (ISE-PIC)...

Pre-Auth Command Execution in CentOS Web Panel Exposes Over 200,000 Servers, PoC Publishes CentOS Web Panel, Remote Code Execution

Pre-Auth Command Execution in CentOS Web Panel Exposes Over 200,000 Servers, PoC Publishes

Do Son June 25, 2025

A critical vulnerability discovered in CentOS Web Panel (CWP), a widely-used open-source server management platform. Tracked as...

Critical Flaws in ELECOM Routers: JPCERT/CC Issues Warning Over Command Injection and XSS Risks ELECOM Router, Critical Vulnerabilities

Critical Flaws in ELECOM Routers: JPCERT/CC Issues Warning Over Command Injection and XSS Risks

Do Son June 25, 2025

In its latest vulnerability disclosure, JPCERT/CC has sounded the alarm on multiple critical security flaws affecting a...

Critical Linksys Router Flaw (CVE-2025-34037, CVSS 10.0) Actively Exploited by TheMoon Worm Linksys Router, TheMoon Worm

Critical Linksys Router Flaw (CVE-2025-34037, CVSS 10.0) Actively Exploited by TheMoon Worm

Do Son June 24, 2025

A critical vulnerability in multiple Linksys E-Series routers is being actively exploited in the wild by a...

Critical Convoy Flaw (CVE-2025-52562, CVSS 10.0): Unauthenticated Remote Code Execution on KVM Servers! Convoy RCE, Unauthenticated

Critical Convoy Flaw (CVE-2025-52562, CVSS 10.0): Unauthenticated Remote Code Execution on KVM Servers!

Do Son June 24, 2025

A newly disclosed vulnerability in Convoy, a modern KVM server management panel built for hosting providers, has...

Critical ANPR Camera Flaw (CVE-2025-34022, CVSS 9.3) Exposes Selea TARGA Devices, PoC Available, No Vendor Response ANPR Camera, Path Traversal

Critical ANPR Camera Flaw (CVE-2025-34022, CVSS 9.3) Exposes Selea TARGA Devices, PoC Available, No Vendor Response

Do Son June 22, 2025

Gjoko Krstic of Zero Science Lab has uncovered a critical path traversal vulnerability in Selea’s TARGA series...

Critical Pterodactyl RCE (CVSS 10.0): Unauthenticated Attackers Exploiting Flaw Now! Pterodactyl RCE, Game Server Vulnerability

Critical Pterodactyl RCE (CVSS 10.0): Unauthenticated Attackers Exploiting Flaw Now!

Do Son June 20, 2025

A critical security vulnerability has been uncovered in Pterodactyl, the popular open-source game server management panel. Tracked...

Unauthenticated RCE in Mitel SIP Phones (CVSS 9.8) Detailed with PoC Exploit

Do Son June 16, 2025

In a recent disclosure, InfoGuard Labs researcher Marc Bollhalder has detailed a critical unauthenticated remote command injection...

Horizon3 Details Critical File Upload Vulnerability in Cisco IOS XE WLC (CVE-2025-20188, CVSS 10) Cisco IOS XE vulnerability Remote code execution

Cisco IOS XE vulnerability Remote code execution

Horizon3 Details Critical File Upload Vulnerability in Cisco IOS XE WLC (CVE-2025-20188, CVSS 10)

Do Son May 30, 2025

A critical vulnerability—CVE-2025-20188—has been disclosed in Cisco IOS XE Wireless LAN Controller (WLC) software, allowing unauthenticated attackers...

Tenda Router Flaw (CVSS 9.8): Unauthenticated RCE Flaw (PoC, No Patch) CVE-2023-4498