Vulnerability Archives • Page 34 of 45 • Daily CyberSecurity

Broadcom Fixes RCE, DoS, XSS in VMware ESXi, vCenter, Workstation CVE-2023-20864 VMware RCE, virtualization security

Broadcom Fixes RCE, DoS, XSS in VMware ESXi, vCenter, Workstation

Do Son May 20, 2025

Broadcom has issued a security advisory addressing four newly discovered vulnerabilities in several VMware products, including ESXi,...

VMware Cloud Foundation Vulnerable to Unauthorized Access and Data Exposure CVE-2023-34063 VCF security, unauthorized access

VMware Cloud Foundation Vulnerable to Unauthorized Access and Data Exposure

Do Son May 20, 2025

Broadcom has released important security updates for VMware Cloud Foundation, addressing three privately reported vulnerabilities that could...

High DoS Risk: Multer Flaws Threaten Millions of Node.js Apps Multer vulnerability Node.js security

High DoS Risk: Multer Flaws Threaten Millions of Node.js Apps

Do Son May 20, 2025

With over 26.3 million monthly downloads, Multer is a go-to middleware for handling multipart/form-data in Node.js—especially for...

Critical Risk (CVSS 9.9): samlify Flaw Exposes SSO in Widely Used Library samlify vulnerability SAML Signature Wrapping

Critical Risk (CVSS 9.9): samlify Flaw Exposes SSO in Widely Used Library

Do Son May 20, 2025

A newly disclosed vulnerability, CVE-2025-47949 (CVSSv4 9.9), has put countless Single Sign-On (SSO) implementations at risk by...

SAP NetWeaver RCE: Zero-Day Allows File Uploads, Qilin Ransomware Connection SAP RCE, CVE-2025-31324

SAP NetWeaver RCE: Zero-Day Allows File Uploads, Qilin Ransomware Connection

Do Son May 20, 2025

In a recent revelation, OP Innovate has uncovered early evidence of real-world exploitation of CVE-2025-31324 (CVSS 10),...

High Risk (CVSS 9.8): Motors Theme Flaw Exposes 22,000+ WordPress Sites to Full Takeover Motors WordPress theme vulnerability CVE-2025-4322

High Risk (CVSS 9.8): Motors Theme Flaw Exposes 22,000+ WordPress Sites to Full Takeover

Do Son May 20, 2025

A critical vulnerability has been discovered in the Motors WordPress theme, a popular premium theme with over...

Spring Framework Flaw Allows Unauthorized Access via Security Bypass CVE-2024-38821 - CVE-2025-22223 and CVE-2025-22228 Spring Framework vulnerability, Spring Security

CVE-2024-38821 - CVE-2025-22223 and CVE-2025-22228 Spring Framework vulnerability, Spring Security

Spring Framework Flaw Allows Unauthorized Access via Security Bypass

Do Son May 20, 2025

Spring Framework developers have issued a security advisory addressing a vulnerability that could lead to unauthorized access...

High-Risk RAGFlow Flaw: Account Takeover Possible (No Patch, PoC Available)

Do Son May 20, 2025

RAGFlow, the open-source Retrieval-Augmented Generation (RAG) platform developed by Infiniflow, has been found vulnerable to a serious...

Can Your Firewall Be Hacked? Severe Flaws Found in pfSense pfSense hacking, network security risk

Can Your Firewall Be Hacked? Severe Flaws Found in pfSense

Do Son May 20, 2025

Security researcher Navy Titanium have released a technical deep-dive uncovering three severe vulnerabilities affecting pfSense, the popular...

Pwn2Own: Firefox Hacked with JavaScript Zero-Days – Details on the Exploits Firefox security, JavaScript exploit

Pwn2Own: Firefox Hacked with JavaScript Zero-Days – Details on the Exploits

Do Son May 19, 2025

Mozilla has moved swiftly to patch two critical zero-day vulnerabilities in Firefox, both of which were exploited...

Critical Risk (CVSS 9.1): Auth0-PHP SDK Flaw Threatens 16M+ Downloads Auth0-PHP vulnerability CVE-2025-47275

Critical Risk (CVSS 9.1): Auth0-PHP SDK Flaw Threatens 16M+ Downloads

Do Son May 19, 2025

Okta has issued a critical security advisory warning developers and enterprises using the Auth0-PHP SDK about a...

High DoS Risk: Tornado’s Default Parser Exposes Apps (CVE-2025-47287) Tornado DoS CVE-2025-47287

High DoS Risk: Tornado’s Default Parser Exposes Apps (CVE-2025-47287)

Do Son May 19, 2025

A newly disclosed vulnerability in the Tornado Python web framework, tracked as CVE-2025-47287, exposes applications to a...

XSS Vulnerability Discovered in Label Studio: Update Now! Label Studio XSS CVE-2025-47783

XSS Vulnerability Discovered in Label Studio: Update Now!

Do Son May 19, 2025

Researchers have disclosed a reflected cross-site scripting (XSS) vulnerability in Label Studio, an open-source data labeling tool...

glibc Vulnerability Puts Millions of Linux Systems at Risk of Code Execution glibc vulnerability Linux security

glibc Vulnerability Puts Millions of Linux Systems at Risk of Code Execution

Do Son May 19, 2025

A newly reported vulnerability within the GNU C Library (glibc), a fundamental component of countless Linux applications,...

Race Condition in Windows Remote Desktop Gateway Enables RCE – PoC Demonstrates Exploitability RD Gateway RCE CVE-2025-21297

Race Condition in Windows Remote Desktop Gateway Enables RCE – PoC Demonstrates Exploitability

Do Son May 19, 2025

A newly disclosed vulnerability in Microsoft’s Remote Desktop Gateway (RD Gateway) reveals a dangerous race condition that...

High-Risk Flaw in Python Web Framework Reflex Could Lead to Account Takeover Reflex security Python framework vulnerability

High-Risk Flaw in Python Web Framework Reflex Could Lead to Account Takeover

Do Son May 19, 2025

A serious security flaw has been identified in the Reflex open-source framework, a tool used to build...

9.8 CVSS Score: Rockwell Automation Impacted by High-Severity log4net Vulnerability CVE-2024-5988 and CVE-2024-5989 Rockwell Automation vulnerability CVE-2018-1285

CVE-2024-5988 and CVE-2024-5989 Rockwell Automation vulnerability CVE-2018-1285

9.8 CVSS Score: Rockwell Automation Impacted by High-Severity log4net Vulnerability

Do Son May 17, 2025

Rockwell Automation has issued a critical security advisory affecting the FactoryTalk Historian-ThingWorx Connector, due to a third-party...

Critical NAS Risk: I-O DATA Flaw with 9.8 CVSS Allows Remote Command Execution I-O DATA, NAS, command injection

Critical NAS Risk: I-O DATA Flaw with 9.8 CVSS Allows Remote Command Execution

Do Son May 16, 2025

Network Attached Storage (NAS) devices have become essential components of both home and business networks, providing centralized...

Patch Now: SonicWall SMA1000 Flaw (CVE-2025-40595) Enables Stealth SSRF Attacks SSRF, SonicWall SMA1000

Patch Now: SonicWall SMA1000 Flaw (CVE-2025-40595) Enables Stealth SSRF Attacks

Do Son May 16, 2025

A newly disclosed Server-Side Request Forgery (SSRF) vulnerability in SonicWall’s SMA1000 series appliances could allow remote attackers...

URGENT Chrome Update: High-Risk CVE-2025-4664 Flaw Actively Exploited In The Wild – Patch Immediately! Screenshot_20250515-082049

URGENT Chrome Update: High-Risk CVE-2025-4664 Flaw Actively Exploited In The Wild – Patch Immediately!

Do Son May 15, 2025

Google has released a critical Stable Channel Update for Chrome Desktop, bumping the version to 136.0.7103.113/.114 for...

Critical Alert 1 Active Exploit Detected Today