Vulnerability Archives • Page 13 of 45 • Daily CyberSecurity

Warlock Ransomware: How a New Group Is Weaponizing Unpatched SharePoint Servers

Do Son August 21, 2025

A newly detailed report from Trend Micro has revealed how the Warlock ransomware group is weaponizing vulnerable...

Kudelski Security Exposes Critical CodeRabbit Vulnerability: RCE, Secret Leaks, and Access to 1M Repositories AI tool vulnerability, supply chain attack

AI tool vulnerability, supply chain attack

Kudelski Security Exposes Critical CodeRabbit Vulnerability: RCE, Secret Leaks, and Access to 1M Repositories

Do Son August 21, 2025

Kudelski Security has published a detailed write-up of a critical vulnerability discovered in CodeRabbit, the most installed...

How Attackers Exploit and Then Patch a Vulnerability to Hide in Linux Systems Apache ActiveMQ, self-patching malware

How Attackers Exploit and Then Patch a Vulnerability to Hide in Linux Systems

Do Son August 21, 2025

Red Canary has revealed a sophisticated attack campaign targeting cloud-based Linux systems through a critical remote code...

CVE-2025-54988: Critical XXE Vulnerability in Apache Tika PDF Parser Exposes Sensitive Data Apache Tika XXE, Malicious PDF Exploit Apache Tika, XXE vulnerability CVE-2025-54988

CVE-2025-54988: Critical XXE Vulnerability in Apache Tika PDF Parser Exposes Sensitive Data

Do Son August 21, 2025

The widely used Apache Tika toolkit, a powerful library for detecting and extracting metadata and text from...

Beyond the Inbox: How a Cyber-Espionage Group Is Exploiting Two WinRAR Vulnerabilities WinRAR Zero-day

Beyond the Inbox: How a Cyber-Espionage Group Is Exploiting Two WinRAR Vulnerabilities

Do Son August 21, 2025

BI.ZONE Threat Intelligence uncovered a series of targeted cyber-espionage campaigns conducted by the Paper Werewolf (GOFFEE) cluster,...

Critical Docker Desktop Vulnerability Exposes Host Systems to Container Abuse Docker Malware Campaign Docker Vulnerability CVE-2025-9074

Critical Docker Desktop Vulnerability Exposes Host Systems to Container Abuse

Do Son August 20, 2025

A critical vulnerability in Docker Desktop has been disclosed, tracked as CVE-2025-9074 with a CVSSv4 severity score...

Apple Issues Urgent Patch for Zero-Day Vulnerability CVE-2025-43300 Exploited in the Wild Apple Bounty $5M, Zero-Click Exploit Zero-day, Apple security CVE-2025-43300

Apple Bounty $5M, Zero-Click Exploit Zero-day, Apple security CVE-2025-43300

Apple Issues Urgent Patch for Zero-Day Vulnerability CVE-2025-43300 Exploited in the Wild

Do Son August 20, 2025

Apple has released urgent security updates to patch a zero-day vulnerability actively exploited in the wild, warning...

CVE-2025-54336 (CVSS 9.8): Critical Flaw in Plesk Obsidian Exposes Servers to Full Compromise CVE-2025-54336 Plesk Vulnerability

CVE-2025-54336 (CVSS 9.8): Critical Flaw in Plesk Obsidian Exposes Servers to Full Compromise

Do Son August 20, 2025

A newly disclosed security vulnerability in Plesk Obsidian, a widely used web hosting control panel, has been...

CERT/CC Warns of Critical Flaws in Workhorse Municipal Accounting Software Municipal software, Vulnerability

CERT/CC Warns of Critical Flaws in Workhorse Municipal Accounting Software

Do Son August 20, 2025

The CERT Coordination Center (CERT/CC) has issued a vulnerability note warning of serious security flaws in Workhorse...

Chrome 148 lazy loading Chrome for Linux ARM64 Chrome 145 Update Chrome Security Fixes Chrome Security Update CVE-2026-1220 Chrome 144 Security Update CVE-2026-0899 Chrome Memory Safety, WebGPU UAF Chrome V8 Type Confusion, Google Updater Flaw Chrome V8 Flaw, CVE-2025-13042 Chrome V8, Type Confusion, Chrome 142 Update Chrome V8 Flaw, CVE-2025-12036 Chrome 141, WebGPU Overflow Google Chrome preloading Chrome, V8 vulnerability CVE-2025-9132 Chrome Security Update, Use-After-Free Chrome V8, Type Confusion Chrome Telemetry, Windows 10 EOL Microsoft Family Safety, Chrome Blocking Chrome Security Update, High-Severity Google Chrome, Antitrust CVE-2024-10487 and CVE-2024-10488 Google Chrome Root Program Chrome Update, CVE-2025-3619 Chrome Acquisition, Perplexity.ai

Google Chrome Issues High-Severity Fix for V8 Engine Vulnerability (CVE-2025-9132)

Do Son August 20, 2025

Google has released a Stable Channel Update for its Chrome browser, addressing a critical security issue in...

Researcher Details CVE-2025-29824 – A Windows CLFS 0-Day Exploited by Ransomware Gang Windows vulnerability, Ransomware

Researcher Details CVE-2025-29824 – A Windows CLFS 0-Day Exploited by Ransomware Gang

Do Son August 20, 2025

In April, Microsoft has patched a high-severity, zero-day vulnerability (CVE-2025-29824) in the Windows Common Log File System...

CVE-2025-55205: Critical Flaw in Capsule Kubernetes Exposes Clusters to Cross-Tenant Attacks Kubernetes security, multi-tenancy vulnerability CVE-2025-55205

Kubernetes security, multi-tenancy vulnerability CVE-2025-55205

CVE-2025-55205: Critical Flaw in Capsule Kubernetes Exposes Clusters to Cross-Tenant Attacks

Do Son August 19, 2025

A newly disclosed vulnerability in the Capsule Kubernetes multi-tenancy framework exposes organizations to privilege escalation and cross-tenant...

CISA Flags Actively Exploited Trend Micro Apex One Vulnerability (CVE-2025-54948) n8n RCE Vulnerability CVE-2025-68613 CISA KEV WinRAR Zero-Day, Cloud Files UAF OpenPLC ScadaBR, CVE-2021-26829 CISA KEV, Gladinet LFI RCE XWiki RCE, VMware EoP CISA KEV CISA, Known Exploited Vulnerabilities CVE-2020-2883 CISA, Trend Micro

n8n RCE Vulnerability CVE-2025-68613 CISA KEV WinRAR Zero-Day, Cloud Files UAF OpenPLC ScadaBR, CVE-2021-26829 CISA KEV, Gladinet LFI RCE XWiki RCE, VMware EoP CISA KEV CISA, Known Exploited Vulnerabilities CVE-2020-2883 CISA, Trend Micro

CISA Flags Actively Exploited Trend Micro Apex One Vulnerability (CVE-2025-54948)

Do Son August 19, 2025

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Trend Micro Apex One vulnerability—CVE-2025-54948—to...

New Firmware Flaw in AMI Aptio UEFI Threatens Persistent System Compromise UEFI firmware, SMM vulnerability

New Firmware Flaw in AMI Aptio UEFI Threatens Persistent System Compromise

Do Son August 18, 2025

A new security vulnerability disclosed by CERT/CC highlights serious risks in AMI Aptio UEFI firmware, which powers...

CVE-2025-48387: Critical tar-fs Vulnerability Exposes Millions to Arbitrary File Writes tar-fs, directory traversal

CVE-2025-48387: Critical tar-fs Vulnerability Exposes Millions to Arbitrary File Writes

Do Son August 18, 2025

A newly disclosed vulnerability in the widely used tar-fs NPM package has raised alarms across the software...

PostgreSQL Issues Urgent Security Fixes for High-Severity RCE Flaws in Core Utilities PostgreSQL Vulnerabilities CVE-2026-2006 PostgreSQL, security update CVE-2023-5869 - CVE-2025-1094

PostgreSQL Vulnerabilities CVE-2026-2006 PostgreSQL, security update CVE-2023-5869 - CVE-2025-1094

PostgreSQL Issues Urgent Security Fixes for High-Severity RCE Flaws in Core Utilities

Do Son August 18, 2025

The PostgreSQL Global Development Group has announced a major security update affecting all supported versions of the...

Critical RCE Flaws Found in Flowise AI Platform, Allowing Remote Code Execution Flowise vulnerabilities, RCE flaws

Critical RCE Flaws Found in Flowise AI Platform, Allowing Remote Code Execution

Do Son August 16, 2025

Security researchers at JFrog Security Research have uncovered two critical vulnerabilities in Flowise, an open-source generative AI...

CVE-2025-7972: Rockwell Automation Patches Critical Security Bypass in FactoryTalk Linx

Do Son August 15, 2025

Rockwell Automation has released a security advisory addressing a critical security bypass vulnerability in its FactoryTalk Linx...

ImageMagick Patches Multiple Flaws: High-Severity Memory Bugs Fixed ImageMagick Vulnerability CVE-2026-23876 ImageMagick TIM Overflow, Memory Disclosure Flaw ImageMagick vulnerabilities, memory corruption CVE-2023-34152

ImageMagick Patches Multiple Flaws: High-Severity Memory Bugs Fixed

Do Son August 15, 2025

The maintainers of ImageMagick have patched four security vulnerabilities that could impact applications using the popular image...

Critical Cisco RCE Flaw (CVE-2025-20265, CVSS 10): Unauthenticated Attackers Can Hijack Firewalls Cisco ISE Root Escalation * Read-Only Admin Exploit Cisco Secure FMC Vulnerability CVE-2026-20131 Cisco Meeting Management Vulnerability CVE-2026-20098 Cisco vulnerability, RCE flaw CVE-2025-20265 Cisco Meraki, VPN Vulnerability Cisco Nexus Dashboard - CVE-2024-20424 CVE-2025-20115 Cisco Vulnerability CVE-2018-0171 Privilege Escalation Cisco Unified Intelligence Center

Cisco ISE Root Escalation * Read-Only Admin Exploit Cisco Secure FMC Vulnerability CVE-2026-20131 Cisco Meeting Management Vulnerability CVE-2026-20098 Cisco vulnerability, RCE flaw CVE-2025-20265 Cisco Meraki, VPN Vulnerability Cisco Nexus Dashboard - CVE-2024-20424 CVE-2025-20115 Cisco Vulnerability CVE-2018-0171 Privilege Escalation Cisco Unified Intelligence Center

Critical Cisco RCE Flaw (CVE-2025-20265, CVSS 10): Unauthenticated Attackers Can Hijack Firewalls

Do Son August 15, 2025

Cisco has disclosed a critical remote code execution vulnerability in its Secure Firewall Management Center (FMC) Software...

Critical Alert 1 Active Exploit Detected Today