Vulnerability Archives • Page 6 of 45 • Daily CyberSecurity

High-Severity Memos Flaw (CVE-2024-21635) Allows Hackers to Stay Logged In After Password Change Memos Session Flaw, Token Invalidation

High-Severity Memos Flaw (CVE-2024-21635) Allows Hackers to Stay Logged In After Password Change

Do Son November 17, 2025

The team behind Memos, the privacy-first, self-hosted knowledge base platform, has issued a security advisory for CVE-2024-21635,...

7-Zip Flaw (CVE-2025-11001) with Public Exploit Code Threatens Unpatched Systems 7-Zip heap buffer overflow CVE-2025-0411 7-Zip path traversal

7-Zip Flaw (CVE-2025-11001) with Public Exploit Code Threatens Unpatched Systems

Do Son October 21, 2025

Researchers recently disclosed a path-traversal vulnerability (CVE-2025-11001) in the open-source archiver 7-Zip that allows attackers to craft...

SAP Patches Critical 10.0 Flaw in NetWeaver: Unauthenticated RCE Risk SAP Security Patch Day CVE-2025-42944, CVE-2025-42937

SAP Patches Critical 10.0 Flaw in NetWeaver: Unauthenticated RCE Risk

Do Son October 14, 2025

SAP has released its October 2025 Security Patch Day, addressing 13 new security notes and 3 updates...

Splunk Fixes Six Flaws, Including Unauthenticated SSRF and XSS Vulnerabilities in Enterprise Platform

Do Son October 2, 2025

Splunk has released a series of security advisories addressing six vulnerabilities in Splunk Enterprise and Splunk Cloud...

NVIDIA Patches High-Severity Code Injection Flaws in Megatron-LM AI Framework NVIDIA GPU Security CUDA-Q Vulnerability NVIDIA Apex Vulnerability AI Infrastructure Security NVIDIA Cumulus Linux CVE-2025-33179 NVIDIA Arm divestment NVIDIA DGX Spark, CVE-2025-33187 NVIDIA Isaac-GROOT, Code Injection Megatron-LM Vulnerability, AI Code Injection NVIDIA China NVIDIA GPUs, Hardware Kill Switches NVIDIA Megatron-LM, LLM Vulnerabilities NVIDIA Base Command Manager - CVE-2024-0138

NVIDIA GPU Security CUDA-Q Vulnerability NVIDIA Apex Vulnerability AI Infrastructure Security NVIDIA Cumulus Linux CVE-2025-33179 NVIDIA Arm divestment NVIDIA DGX Spark, CVE-2025-33187 NVIDIA Isaac-GROOT, Code Injection Megatron-LM Vulnerability, AI Code Injection NVIDIA China NVIDIA GPUs, Hardware Kill Switches NVIDIA Megatron-LM, LLM Vulnerabilities NVIDIA Base Command Manager - CVE-2024-0138

NVIDIA Patches High-Severity Code Injection Flaws in Megatron-LM AI Framework

Do Son September 26, 2025

Nvidia has issued an important security update addressing multiple high-severity vulnerabilities in its open-source Megatron-LM project, a...

Two WordPress Core Vulnerabilities Disclosed Without Patch: Sensitive Data Exposure and Stored XSS WordPress Privilege Escalation CVE-2026-1492 Sneeit Framework RCE, Unauthenticated Code Execution Post SMTP, Account Takeover WordPress Vulnerability, Unpatched XSS WordPress Vulnerability, PHP Object Injection WordPress AI Engine, Privilege Escalation CVE-2024-43153 & CVE-2024-43234

WordPress Privilege Escalation CVE-2026-1492 Sneeit Framework RCE, Unauthenticated Code Execution Post SMTP, Account Takeover WordPress Vulnerability, Unpatched XSS WordPress Vulnerability, PHP Object Injection WordPress AI Engine, Privilege Escalation CVE-2024-43153 & CVE-2024-43234

Two WordPress Core Vulnerabilities Disclosed Without Patch: Sensitive Data Exposure and Stored XSS

Do Son September 25, 2025

Two vulnerabilities were found in WordPress Core, affecting all versions up to and including 6.8.2. Both flaws...

CVE-2025-41715 (CVSS 9.8): Unauthenticated Flaw Exposes WAGO Industrial Databases WAGO, vulnerability, industrial automation BlockBlasters, Steam malware Baxter Life2000 Ventilation System - CVE-2024-48966

WAGO, vulnerability, industrial automation BlockBlasters, Steam malware Baxter Life2000 Ventilation System - CVE-2024-48966

CVE-2025-41715 (CVSS 9.8): Unauthenticated Flaw Exposes WAGO Industrial Databases

Do Son September 25, 2025

VDE CERT has issued a security advisory disclosing two vulnerabilities in WAGO Device Sphere and WAGO Solution...

Chrome Security Update Use After Free Chrome Security Update Critical Vulnerabilities Chrome Security Update CVE-2026-3062 Chrome Security Update V8 Engine Vulnerability Chrome Security Update CVE-2026-1862 CVE-2026-0628 Chrome 143 Update Chrome Safe Browsing UAF, CVE-2025-11756 Chrome Memory Flaws, CVE-2025-11460 Google Chrome, vulnerability CVE-2025-10200, CVE-2025-10201 Big Sleep CVE-2025-9478 Chrome Update, Security Vulnerabilities

CISA adds Chrome zero-day CVE-2025-10585 to KEV after public exploit appears

Do Son September 24, 2025

CISA this week added CVE-2025-10585, a high-severity type-confusion flaw in Google’s V8 JavaScript engine, to its Known...

CVE-2025-9844: Salesforce CLI Installer Vulnerability Could Lead to SYSTEM-Level Compromise Salesforce vulnerability CVE-2025-9844 Salt Typhoon cyberattack

Salesforce vulnerability CVE-2025-9844 Salt Typhoon cyberattack

CVE-2025-9844: Salesforce CLI Installer Vulnerability Could Lead to SYSTEM-Level Compromise

Do Son September 24, 2025

Salesforce has published a security advisory detailing a high-severity flaw in its Salesforce-CLI installer (sf-x64.exe). The vulnerability,...

CVE-2025-10184: Unpatched OnePlus Flaw Exposes SMS Data & Breaks MFA, PoC Available OnePlus, US Investigation OnePlus vulnerability CVE-2025-10184

OnePlus, US Investigation OnePlus vulnerability CVE-2025-10184

CVE-2025-10184: Unpatched OnePlus Flaw Exposes SMS Data & Breaks MFA, PoC Available

Do Son September 24, 2025

Researchers at Rapid7 have disclosed a critical permission bypass vulnerability in OnePlus OxygenOS, tracked as CVE-2025-10184. The...

CVE-2025-59545: Critical XSS Flaw in DNN Software Puts 750,000 Websites at Risk CVE-2025-64095 Site Takeover DNN Software, XSS, vulnerability

CVE-2025-59545: Critical XSS Flaw in DNN Software Puts 750,000 Websites at Risk

Do Son September 24, 2025

DNN Software has issued a security advisory warning of a critical stored cross-site scripting (XSS) vulnerability in...

Chrome 148 lazy loading Chrome for Linux ARM64 Chrome 145 Update Chrome Security Fixes Chrome Security Update CVE-2026-1220 Chrome 144 Security Update CVE-2026-0899 Chrome Memory Safety, WebGPU UAF Chrome V8 Type Confusion, Google Updater Flaw Chrome V8 Flaw, CVE-2025-13042 Chrome V8, Type Confusion, Chrome 142 Update Chrome V8 Flaw, CVE-2025-12036 Chrome 141, WebGPU Overflow Google Chrome preloading Chrome, V8 vulnerability CVE-2025-9132 Chrome Security Update, Use-After-Free Chrome V8, Type Confusion Chrome Telemetry, Windows 10 EOL Microsoft Family Safety, Chrome Blocking Chrome Security Update, High-Severity Google Chrome, Antitrust CVE-2024-10487 and CVE-2024-10488 Google Chrome Root Program Chrome Update, CVE-2025-3619 Chrome Acquisition, Perplexity.ai

Google Chrome Patches Three High-Severity Flaws in V8 Engine

Do Son September 24, 2025

Google has released a Stable Channel Update for Desktop with builds 140.0.7339.207/.208 for Windows and Mac and...

CVE-2025-26399 (CVSS 9.8): SolarWinds Web Help Desk Hit by Critical RCE Vulnerability CVE-2024-28991 & CVE-2024-28990 SolarWinds RCE vulnerability CVE-2025-26399

CVE-2024-28991 & CVE-2024-28990 SolarWinds RCE vulnerability CVE-2025-26399

CVE-2025-26399 (CVSS 9.8): SolarWinds Web Help Desk Hit by Critical RCE Vulnerability

Do Son September 23, 2025

SolarWinds has released a hotfix for its Web Help Desk (WHD) software after the discovery of a...

CVE-2025-9125: Cross-Site Scripting Flaw in Lectora Courses Puts E-Learning Platforms at Risk Ollama Heap Leak CVE-2026-5757 Anritsu Vulnerability Authentication Bypass Gootloader Malware Malformed ZIP Evasion Blender Malware, StealC V2 Lectora, XSS CVE-2025-9125 HFS RCE, Template Injection Arch Linux Malware, CHAOS RAT CVE-2024-56404 - CVE-2024-39327 CVE-2025-2538

Ollama Heap Leak CVE-2026-5757 Anritsu Vulnerability Authentication Bypass Gootloader Malware Malformed ZIP Evasion Blender Malware, StealC V2 Lectora, XSS CVE-2025-9125 HFS RCE, Template Injection Arch Linux Malware, CHAOS RAT CVE-2024-56404 - CVE-2024-39327 CVE-2025-2538

CVE-2025-9125: Cross-Site Scripting Flaw in Lectora Courses Puts E-Learning Platforms at Risk

Do Son September 23, 2025

The CERT Coordination Center (CERT/CC) has issued a vulnerability note warning of a cross-site scripting (XSS) flaw...

Weaver E-cology RCE CVE-2026-22679 CVE-2026-20127 Cisco SD-WAN Exploitation AI-Driven Cyberattack ARXON Malware React Server Components Vulnerability CVE-2025-55182 FortiWeb Auth Bypass, Unauthenticated Admin Takeover RayInitiator Bootkit, LINE VIPER CVE-2025-59689 Department of the Treasury cybersecurity - CVE-2025-0108 PoC CVE-2025-31103 Dior Data Breach SK Telecom data breach, long-term intrusion

CVE-2025-59689: Libraesva ESG Command Injection Flaw Exploited in the Wild

Do Son September 23, 2025

Libraesva has released an urgent security advisory addressing a command injection vulnerability (CVE-2025-59689) in its Email Security...

EDR-Freeze: How a Researcher Turned Windows Error Reporting Into a Weapon Against Antivirus EDR evasion, Windows Defender

EDR-Freeze: How a Researcher Turned Windows Error Reporting Into a Weapon Against Antivirus

Do Son September 22, 2025

A new study from a ZeroSalarium security researcher sheds light on a new technique to bypass endpoint...

PoC Released for CVE-2025-41243 – A Spring Cloud Gateway Flaw with CVSS 10.0

Do Son September 22, 2025

Security researcher Ezzer17 published a clear, methodical write-up that walks through the root cause, the partial fixes,...

CVE-2025-55241: Microsoft Entra ID Flaw with CVSS 10.0 Could Have Compromised Every Tenant Worldwide Microsoft Entra ID vulnerability CVE-2025-55241

Microsoft Entra ID vulnerability CVE-2025-55241

CVE-2025-55241: Microsoft Entra ID Flaw with CVSS 10.0 Could Have Compromised Every Tenant Worldwide

Do Son September 22, 2025

In one of the most significant discoveries of 2025, security researcher Dirk-jan Mollema revealed a vulnerability in...

CVE-2025-9961: TP-Link Router Flaw Could Be Exploited for RCE, PoC Released TP-Link CWMP CVE-2025-9961

CVE-2025-9961: TP-Link Router Flaw Could Be Exploited for RCE, PoC Released

Do Son September 22, 2025

Security researchers at ByteRay have published a detailed exploitation write-up of CVE-2025-9961, a vulnerability in TP-Link’s CWMP...

Nokia Patches Critical Flaws in CloudBand and NCS: CVE-2023-49564 and CVE-2023-49565 Nokia vulnerability CVE-2023-49564, CVE-2023-49565

Nokia Patches Critical Flaws in CloudBand and NCS: CVE-2023-49564 and CVE-2023-49565

Do Son September 19, 2025

Nokia has published a security advisory warning customers of two high-severity vulnerabilities affecting its CloudBand Infrastructure Software...

Critical Alert 1 Active Exploit Detected Today