Vulnerability Archives • Page 16 of 45 • Daily CyberSecurity

Prompt Injection to Code Execution: Cursor Code Editor Hit by Critical MCP Vulnerabilities (CVE-2025-54135 & CVE-2025-54136) Cursor Vulnerability, MCP Security

Prompt Injection to Code Execution: Cursor Code Editor Hit by Critical MCP Vulnerabilities (CVE-2025-54135 & CVE-2025-54136)

Do Son August 4, 2025

Cursor, an AI-powered code editor that promises to “understand your codebase and help you code faster,” has...

Critical Squid Vulnerability (CVE-2025-54574) Allows Remote Code Execution & Data Leakage CVE-2024-45802 Squid Vulnerability, Remote Code Execution CVE-2025-54574

CVE-2024-45802 Squid Vulnerability, Remote Code Execution CVE-2025-54574

Critical Squid Vulnerability (CVE-2025-54574) Allows Remote Code Execution & Data Leakage

Do Son August 4, 2025

The Squid Project has issued an urgent advisory for CVE-2025-54574 (CVSS 9.3), a heap buffer overflow bug...

Critical HashiCorp Vault Flaw (CVE-2025-6000) Allows Code Execution for Privileged Users CVE-2025-6000 CVE-2024-2048 HashiCorp Vault, RCE Vulnerability

CVE-2025-6000 CVE-2024-2048 HashiCorp Vault, RCE Vulnerability

Critical HashiCorp Vault Flaw (CVE-2025-6000) Allows Code Execution for Privileged Users

Do Son August 4, 2025

In a recently disclosed advisory, HashiCorp has patched a critical vulnerability—CVE-2025-6000—in Vault, its industry-standard secrets management solution....

CISA Alert: Critical Flaw (CVE-2025-8286) in Güralp FMUS Seismic Devices Allows Unauthenticated Takeover, No Patch!

Do Son August 1, 2025

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent advisory about a critical vulnerability—CVE-2025-8286—impacting...

Critical Rtpengine Flaws (CVE-2025-53399) Allow Audio Interception and Injection in VoIP Calls, PoC Publishes Rtpengine Vulnerabilities, VoIP Security

Rtpengine Vulnerabilities, VoIP Security

Critical Rtpengine Flaws (CVE-2025-53399) Allow Audio Interception and Injection in VoIP Calls, PoC Publishes

Do Son July 31, 2025

Enable Security has disclosed critical vulnerabilities in Rtpengine, a popular media relay component used in Voice over...

Critical SUSE Manager Flaw (CVSS 9.8) Allows Unauthenticated Root RCE on All Clients – PoC Available! SUSE Manager, Remote Code Execution

Critical SUSE Manager Flaw (CVSS 9.8) Allows Unauthenticated Root RCE on All Clients – PoC Available!

Do Son July 31, 2025

SUSE has issued a high-severity security advisory for CVE-2025-46811, a critical vulnerability in SUSE Manager that allows...

Critical OAuth2-Proxy Flaw (CVE-2025-54576, CVSS 9.1) Allows Authentication Bypass via Query Parameters OAuth2 Proxy Auth Bypass CVE-2026-34457 OAuth2-Proxy, Authentication Bypass

OAuth2 Proxy Auth Bypass CVE-2026-34457 OAuth2-Proxy, Authentication Bypass

Critical OAuth2-Proxy Flaw (CVE-2025-54576, CVSS 9.1) Allows Authentication Bypass via Query Parameters

Do Son July 31, 2025

A critical vulnerability in the popular OAuth2-Proxy open-source authentication tool has been discovered, allowing attackers to bypass...

Elastic APM Server & Beats Have Local Privilege Escalation Flaws Elastic Security Update CVE-2026-0532 Elastic Defend Arbitrary Delete, SYSTEM Privilege Escalation ECE Readonly EoP, Improper Authorization Elastic XSS, Kibana Vulnerabilities Elastic LPE, Observability Tools Vulnerabilities

Elastic APM Server & Beats Have Local Privilege Escalation Flaws

Do Son July 30, 2025

Elastic has issued patches for two local privilege escalation (LPE) vulnerabilities affecting its popular observability tools—APM Server...

Critical BentoML SSRF (CVSS 9.9) Exposes AI Applications to Unauthenticated Network Recon & Cloud Credential Theft BentoML SSRF, AI Application Security

Critical BentoML SSRF (CVSS 9.9) Exposes AI Applications to Unauthenticated Network Recon & Cloud Credential Theft

Do Son July 30, 2025

A severe server-side request forgery (SSRF) vulnerability has been disclosed in BentoML, a widely used Python framework...

Critical Flaw in Wix’s New AI Platform Base44 Allowed Unauthorized Access to Private Enterprise Apps Wix Base44, AI Platform Vulnerability

Critical Flaw in Wix’s New AI Platform Base44 Allowed Unauthorized Access to Private Enterprise Apps

Do Son July 30, 2025

In a significant finding that highlights the risks associated with emerging AI development platforms, Wiz Research has...

Critical RCE Flaw (CVE-2025-5394) in “Alone” WordPress Theme Actively Exploited, Allowing Full Site Takeover Quest KACE Vulnerability CVE-2025-32975 FortiGate SSO Bypass, Active Exploitation GoAnywhere RCE, Storm-1175 Cisco VPN RCE, ASA Zero-Day TinyColor Supply Chain Attack SK Telecom, data breach Erlang/OTP RCE, OT Network Security Ivanti CSA Attacks WordPress RCE, Theme Vulnerability

Quest KACE Vulnerability CVE-2025-32975 FortiGate SSO Bypass, Active Exploitation GoAnywhere RCE, Storm-1175 Cisco VPN RCE, ASA Zero-Day TinyColor Supply Chain Attack SK Telecom, data breach Erlang/OTP RCE, OT Network Security Ivanti CSA Attacks WordPress RCE, Theme Vulnerability

Critical RCE Flaw (CVE-2025-5394) in “Alone” WordPress Theme Actively Exploited, Allowing Full Site Takeover

Do Son July 30, 2025

A critical-severity vulnerability in the popular Alone – Charity Multipurpose Non-profit WordPress Theme has left thousands of...

TP-Link Archer C50 (EOL) Exposed: Hardcoded DES Key Allows Sensitive Config Decryption (CVE-2025-6982)

Do Son July 30, 2025

The CERT Coordination Center (CERT/CC) has issued a vulnerability note concerning a flaw in the TP-Link Archer...

BeyondTrust Privilege Management for Windows: Two High-Severity Flaws Allow Local Privilege Escalation BeyondTrust Vulnerability CVE-2026-1731 CVE-2024-12356 - CVE-2025-0889 BeyondTrust Privilege Escalation, Windows Security

BeyondTrust Privilege Management for Windows: Two High-Severity Flaws Allow Local Privilege Escalation

Do Son July 30, 2025

BeyondTrust, a global leader in intelligent identity and access security, has issued two advisories addressing two local...

SonicWall Alert: Critical SSL VPN Flaw (CVE-2025-40600) Allows Remote DoS Attack on Firewalls CVE-2024-40766 exploited SonicOS Vulnerability, DoS Attack

CVE-2024-40766 exploited SonicOS Vulnerability, DoS Attack

SonicWall Alert: Critical SSL VPN Flaw (CVE-2025-40600) Allows Remote DoS Attack on Firewalls

Do Son July 30, 2025

SonicWall, a prominent provider of cybersecurity solutions, has disclosed a critical vulnerability—CVE-2025-40600—affecting the SSL VPN interface of...

Chrome 148 lazy loading Chrome for Linux ARM64 Chrome 145 Update Chrome Security Fixes Chrome Security Update CVE-2026-1220 Chrome 144 Security Update CVE-2026-0899 Chrome Memory Safety, WebGPU UAF Chrome V8 Type Confusion, Google Updater Flaw Chrome V8 Flaw, CVE-2025-13042 Chrome V8, Type Confusion, Chrome 142 Update Chrome V8 Flaw, CVE-2025-12036 Chrome 141, WebGPU Overflow Google Chrome preloading Chrome, V8 vulnerability CVE-2025-9132 Chrome Security Update, Use-After-Free Chrome V8, Type Confusion Chrome Telemetry, Windows 10 EOL Microsoft Family Safety, Chrome Blocking Chrome Security Update, High-Severity Google Chrome, Antitrust CVE-2024-10487 and CVE-2024-10488 Google Chrome Root Program Chrome Update, CVE-2025-3619 Chrome Acquisition, Perplexity.ai

Chrome Update: Google Patches High-Severity Use-After-Free in Media Stream (CVE-2025-8292)

Do Son July 30, 2025

Google has announced a Stable Channel update for Chrome Desktop, pushing version 138.0.7204.183/.184 to users on Windows...

Microsoft Uncovers “Sploitlight”: macOS Flaw (CVE-2025-31199) Bypasses TCC, Leaking Apple Intelligence Data macOS Vulnerability, TCC Bypass

Microsoft Uncovers “Sploitlight”: macOS Flaw (CVE-2025-31199) Bypasses TCC, Leaking Apple Intelligence Data

Do Son July 29, 2025

Microsoft Threat Intelligence has unveiled a critical macOS vulnerability that exploits Spotlight plugins to bypass the system’s...

Sensitive Key Storage Flaws in ASUS’ MyASUS App Threaten Token Security ASUS MyASUS, Token Theft

Sensitive Key Storage Flaws in ASUS’ MyASUS App Threaten Token Security

Do Son July 29, 2025

ASUS has issued security updates to patch two vulnerabilities in its MyASUS software, a pre-installed utility application...

Python Tarfile Vulnerability (CVE-2025-8194) Allows DoS via Malicious Archives Python Vulnerability, Tarfile DoS

Python Tarfile Vulnerability (CVE-2025-8194) Allows DoS via Malicious Archives

Do Son July 29, 2025

A newly discovered vulnerability in Python’s tarfile module, identified as CVE-2025-8194, threatens to hang applications that process...

Critical Node-SAML Flaw (CVE-2025-54419, CVSS 10.0) Allows Authentication Bypass in SAML 2.0 Web Apps Node-SAML Vulnerability, Authentication Bypass

Node-SAML Vulnerability, Authentication Bypass

Critical Node-SAML Flaw (CVE-2025-54419, CVSS 10.0) Allows Authentication Bypass in SAML 2.0 Web Apps

Do Son July 29, 2025

A newly disclosed critical vulnerability in Node-SAML, a widely used SAML 2.0 authentication provider for Node.js, could...

Critical CodeIgniter Flaw (CVSS 9.8) Allows Remote Code Execution, Over 2.9 Million Downloads at Risk CodeIgniter vulnerability, arbitrary code execution, CVE-2026-48062, CVE-2024-47823 CVE-2023-32692 CodeIgniter RCE, ImageMagick Vulnerability

CodeIgniter vulnerability, arbitrary code execution, CVE-2026-48062, CVE-2024-47823 CVE-2023-32692 CodeIgniter RCE, ImageMagick Vulnerability

Critical CodeIgniter Flaw (CVSS 9.8) Allows Remote Code Execution, Over 2.9 Million Downloads at Risk

Do Son July 29, 2025

Developers relying on CodeIgniter, one of the most widely adopted PHP full-stack web frameworks with over 2.9...

Critical Alert 1 Active Exploit Detected Today