Vulnerability Archives • Page 18 of 45 • Daily CyberSecurity

CISA Alert: Actively Exploited Zero-Days in CrushFTP, Chrome, and SysAid Added to KEV Catalog CISA KEV, Zero-Day Exploitation

CISA Alert: Actively Exploited Zero-Days in CrushFTP, Chrome, and SysAid Added to KEV Catalog

Do Son July 23, 2025

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) Catalog with four...

Critical Flaw (CVE-2025-7783, CVSS 9.4) in Form-Data Library Exposes Millions of Apps to Multipart Injection & RCE Form-Data Vulnerability, Multipart Injection

Form-Data Vulnerability, Multipart Injection

Critical Flaw (CVE-2025-7783, CVSS 9.4) in Form-Data Library Exposes Millions of Apps to Multipart Injection & RCE

Do Son July 23, 2025

A critical vulnerability has been uncovered in the widely used JavaScript library Form-Data, impacting millions of applications...

Chrome 148 lazy loading Chrome for Linux ARM64 Chrome 145 Update Chrome Security Fixes Chrome Security Update CVE-2026-1220 Chrome 144 Security Update CVE-2026-0899 Chrome Memory Safety, WebGPU UAF Chrome V8 Type Confusion, Google Updater Flaw Chrome V8 Flaw, CVE-2025-13042 Chrome V8, Type Confusion, Chrome 142 Update Chrome V8 Flaw, CVE-2025-12036 Chrome 141, WebGPU Overflow Google Chrome preloading Chrome, V8 vulnerability CVE-2025-9132 Chrome Security Update, Use-After-Free Chrome V8, Type Confusion Chrome Telemetry, Windows 10 EOL Microsoft Family Safety, Chrome Blocking Chrome Security Update, High-Severity Google Chrome, Antitrust CVE-2024-10487 and CVE-2024-10488 Google Chrome Root Program Chrome Update, CVE-2025-3619 Chrome Acquisition, Perplexity.ai

Google Patches Two High-Severity V8 Vulnerabilities (CVE-2025-8010, CVE-2025-8011) in Chrome

Do Son July 23, 2025

Google has released a new Stable Channel Update for Chrome Desktop, bringing the browser to version 138.0.7204.168/.169...

Critical Manager.io Flaw (CVE-2025-54122, CVSS 10.0) Allows Unauthenticated SSRF & Cloud Takeover Manager.io SSRF, Accounting Software Vulnerability

Manager.io SSRF, Accounting Software Vulnerability

Critical Manager.io Flaw (CVE-2025-54122, CVSS 10.0) Allows Unauthenticated SSRF & Cloud Takeover

Do Son July 23, 2025

A newly disclosed critical vulnerability in Manager.io, a free accounting software used by businesses across Australia and...

Urgent: Cisco ISE Flaws (CVSS 10.0) Actively Exploited in the Wild – Patch Immediately! Cisco ISE Exploitation

Urgent: Cisco ISE Flaws (CVSS 10.0) Actively Exploited in the Wild – Patch Immediately!

Do Son July 22, 2025

Cisco has issued an urgent update to its security advisory, revealing that three critical remote code execution...

Critical Kubernetes Image Builder Flaw: Default Credentials Grant Root Access to Windows Nodes Ingress-Nginx Vulnerability Kubernetes RCE Vulnerability CVE-2025-9708 Kubernetes Security, Image Builder Vulnerability CVE-2024-10220 - OPA Gatekeeper Bypass

Ingress-Nginx Vulnerability Kubernetes RCE Vulnerability CVE-2025-9708 Kubernetes Security, Image Builder Vulnerability CVE-2024-10220 - OPA Gatekeeper Bypass

Critical Kubernetes Image Builder Flaw: Default Credentials Grant Root Access to Windows Nodes

Do Son July 22, 2025

The Kubernetes project has issued an important advisory addressing a critical vulnerability—CVE-2025-7342 (CVSS 8.1)—in the Kubernetes Image...

Urgent Sophos Firewall Update: Two Critical RCE Flaws (CVE-2025-6704, CVE-2025-7624) Patched via Hotfixes Sophos Firewall, Remote Code Execution

Urgent Sophos Firewall Update: Two Critical RCE Flaws (CVE-2025-6704, CVE-2025-7624) Patched via Hotfixes

Do Son July 22, 2025

Sophos has issued a security advisory detailing the remediation of five vulnerabilities in Sophos Firewall, including two...

Critical Flaw (CVE-2025-24936, CVSS 9.0) in Nokia WaveSuite NOC Expose Telecom Networks to RCE Nokia WaveSuite, Command Injection

Critical Flaw (CVE-2025-24936, CVSS 9.0) in Nokia WaveSuite NOC Expose Telecom Networks to RCE

Do Son July 22, 2025

Nokia’s WaveSuite NOC (WS-NOC) platform—an integral part of network operations for telecom and enterprise environments— exists two...

Important wolfSSL Update: Critical Apple Trust Store Bypass & Predictable Randomness Flaws Patched wolfSSL Vulnerabilities, TLS/SSL Security

Important wolfSSL Update: Critical Apple Trust Store Bypass & Predictable Randomness Flaws Patched

Do Son July 22, 2025

The developers of the lightweight TLS/SSL implementation wolfSSL have issued a security advisory addressing multiple vulnerabilities in...

From MDifyLoader to Fscan: JPCERT Uncovers Deep Exploitation of Ivanti VPN Flaws in Advanced Malware Campaign Ivanti Exploitation, Multi-Malware Campaign

Ivanti Exploitation, Multi-Malware Campaign

From MDifyLoader to Fscan: JPCERT Uncovers Deep Exploitation of Ivanti VPN Flaws in Advanced Malware Campaign

Do Son July 22, 2025

JPCERT/CC has released a detailed technical report shedding light on a sustained and sophisticated malware campaign leveraging...

Apache Jena Flaws (CVE-2025-49656 and CVE-2025-50151) Expose Semantic Web Apps to File System Compromise Apache Jena, File System Vulnerabilities

Apache Jena Flaws (CVE-2025-49656 and CVE-2025-50151) Expose Semantic Web Apps to File System Compromise

Do Son July 22, 2025

Apache Jena, a widely-used Java framework for building semantic web and linked data applications, has released an...

Three High-Severity Privilege Escalation Flaws Patched in Sophos Intercept X for Windows Sophos Intercept X, Privilege Escalation

Three High-Severity Privilege Escalation Flaws Patched in Sophos Intercept X for Windows

Do Son July 21, 2025

Sophos has patched three separate high-severity local privilege escalation (LPE) vulnerabilities in its widely used Intercept X...

Critical Livewire RCE (CVE-2025-54068) Threatens Millions of Laravel Apps – Patch Immediately! Livewire RCE, Laravel Vulnerability

Critical Livewire RCE (CVE-2025-54068) Threatens Millions of Laravel Apps – Patch Immediately!

Do Son July 21, 2025

A critical remote command execution (RCE) vulnerability has been discovered in Livewire, the popular full-stack framework for...

Two Vulnerabilities in 7-Zip Could Trigger Denial of Service 7-Zip Vulnerabilities, File Archiver Security

Two Vulnerabilities in 7-Zip Could Trigger Denial of Service

Do Son July 21, 2025

Researchers have disclosed two newly identified vulnerabilities in 7-Zip, one of the world’s most widely used open-source...

ToolShell: New SharePoint RCE Zero-Day Chain Under Active Global Exploitation SharePoint RCE, ToolShell Exploit

ToolShell: New SharePoint RCE Zero-Day Chain Under Active Global Exploitation

Do Son July 21, 2025

On the evening of July 18, 2025, Eye Security identified an active, large-scale exploitation of a newly...

Lenovo Vantage Flaws Allow Local Privilege Escalation on PCs Lenovo Vantage, Privilege Escalation

Lenovo Vantage Flaws Allow Local Privilege Escalation on PCs

Do Son July 21, 2025

Lenovo has issued a security advisory disclosing three newly discovered vulnerabilities in Lenovo Vantage, a widely pre-installed...

SharePoint Server Under Active Zero-Day Attack (CVE-2025-53770, CVSS 9.8), No Patch Yet! SharePoint RCE, Zero-Day Exploitation CVE-2025-53770

SharePoint Server Under Active Zero-Day Attack (CVE-2025-53770, CVSS 9.8), No Patch Yet!

Do Son July 20, 2025

Microsoft has issued an urgent security advisory for on-premises SharePoint Server customers in response to active exploitation...

FortiWeb SQL Injection (CVE-2025-25257) Added to CISA KEV After Active Exploitation, PoC Available! CISA active exploit catalog known exploited vulnerabilities ActiveMQ RCE CVE-2026-34197 CISA KEV Catalog Actively Exploited Vulnerabilities CISA KEV Catalog CVE-2025-37164 GeoServer XXE, CISA KEV FortiWeb SQLi, CISA KEV Critical Vulnerabilities CVE-2024-20953