Vulnerability intelligence

Updated 44 minutes ago

Feeds

Trending now

CVEs trending on social media within the last 24 hours

Hypemeter

130100

Current score

Pretty quiet out there

  1. 1

    CVE-2024-23225 Published Mar 5, 2024

    Hype score

    13

    high 7.8

    Exploit known

    Mobile device

    CVE-2024-23225 is a memory corruption vulnerability found within the kernel of multiple Apple operating systems, including iOS, iPadOS, macOS, tvOS, visionOS, and watchOS. This flaw, stemming from insufficient validation, could allow an attacker with arbitrary kernel read and write capabilities to bypass existing kernel memory protections. Apple has acknowledged reports indicating that this issue may have been actively exploited in the wild, leading to its inclusion in CISA's Known Exploited Vulnerabilities Catalog. The vulnerability has been addressed through improved validation in updates such as iOS 16.7.6, iPadOS 16.7.6, iOS 17.4, and iPadOS 17.4, among others.

  2. 2

    CVE-2024-23296 Published Mar 5, 2024

    Hype score

    13

    high 7.8

    Exploit known

    Mobile device

    CVE-2024-23296 is a memory corruption vulnerability found within Apple's RTKit real-time operating system component. This flaw, categorized as an Out-of-Bounds Write (CWE-787), arises from inadequate validation during memory operations. An attacker who has already achieved arbitrary kernel read and write capabilities could exploit this vulnerability to bypass existing kernel memory protections. Apple has acknowledged that this issue has been actively exploited in the wild, and it has been addressed in updates such as iOS 17.4 and iPadOS 17.4.

  3. 3

    CVE-2025-26399 Published Sep 23, 2025

    Hype score

    12

    critical 9.8

    Supply chainSolarWinds Web Help Desk

    CVE-2025-26399 is a remote code execution vulnerability that affects SolarWinds Web Help Desk (WHD). The vulnerability stems from unsafe deserialization handling in the AjaxProxy component. Successful exploitation allows an unauthenticated attacker to run arbitrary commands on the host machine. The vulnerability is a patch bypass of CVE-2024-28988, which was itself a bypass of CVE-2024-28986. SolarWinds has released a hotfix to address the vulnerability.

See more

Known exploited

Sourced from CISA's Known Exploited Vulnerability (KEV) catalog.

  1. CVE-2026-1603 Published Feb 10, 2026

    Hype score

    12

    high 8.6

    CVE-2026-1603 is an authentication bypass vulnerability found in Ivanti Endpoint Manager (EPM) that allows a remote, unauthenticated attacker to extract specific stored credential data. This flaw arises from improper authentication mechanisms within the software, specifically through an alternate path or channel that fails to adequately enforce authentication requirements. Attackers can exploit this vulnerability to bypass standard authentication controls and gain unauthorized access to sensitive credential information stored within the Ivanti Endpoint Manager system. The vulnerability affects Ivanti Endpoint Manager versions prior to 2024 SU5.

  2. CVE-2021-22054 Published Dec 17, 2021

    Hype score

    12

    high 7.5

    CVE-2021-22054 is a Server-Side Request Forgery (SSRF) vulnerability found in various versions of the VMware Workspace ONE UEM console. This flaw allows a malicious actor with network access to the UEM console to send unauthenticated requests. Exploitation of this vulnerability could enable an attacker to gain access to sensitive information. Affected versions include VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37.

  3. CVE-2025-26399 Published Sep 23, 2025

    Hype score

    12

    critical 9.8

    SolarWinds Web Help DeskSupply chain

    CVE-2025-26399 is a remote code execution vulnerability that affects SolarWinds Web Help Desk (WHD). The vulnerability stems from unsafe deserialization handling in the AjaxProxy component. Successful exploitation allows an unauthenticated attacker to run arbitrary commands on the host machine. The vulnerability is a patch bypass of CVE-2024-28988, which was itself a bypass of CVE-2024-28986. SolarWinds has released a hotfix to address the vulnerability.

See more

Insights

See more

Our Security Team's most recent CVE analysis

  1. CVE-2026-1340

    critical 9.8

    Link to CVE page

    Intruder Insights

    Updated Jan 30, 2026

    This and the similar vulnerability CVE-2026-1281 allow an unauthenticated attacker to execute code remotely on unpatched Ivanti EPMM instances.

    A patch is available from Ivanti here and should be installed immediately. There is a page for defenders who need to check if their instance has been compromised here, though this is a work in progress.

    Note that this is a temporary patch which will be removed with further version updates. If you update the version of your EPMM instance after patching, you must apply the patch again. A fully patched version of EPMM will be available in future which will permanently fix the vulnerability.

    This vulnerability was known to be used in the wild before being disclosed by the vendor. Proof of concept code is now available publicly, so increased attack activity is expected.

    A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

  2. CVE-2026-1281

    critical 9.8

    Exploit known

    Link to CVE page

    Intruder Insights

    Updated Jan 30, 2026

    This and the similar vulnerability CVE-2026-1340 allow an unauthenticated attacker to execute code remotely on unpatched Ivanti EPMM instances.

    A patch is available from Ivanti here and should be installed immediately. There is a page for defenders who need to check if their instance has been compromised here, though this is a work in progress.

    Note that this is a temporary patch which will be removed with further version updates. If you update the version of your EPMM instance after patching, you must apply the patch again. A fully patched version of EPMM will be available in future which will permanently fix the vulnerability.

    This vulnerability was known to be used in the wild before being disclosed by the vendor. Proof of concept code is now available publicly, so increased attack activity is expected.

    A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

  3. CVE-2025-14847

    high 8.7

    Exploit known

    Link to CVE page

    Intruder Insights

    Updated Dec 29, 2025

    This is a serious vulnerability which allows an unauthenticated remote attacker to retrieve information from MongoDB's memory. A proof-of-concept is available to the public.

    Similar to other heap disclosure vulnerabilities such as Heartbleed, the impact of exploitation will vary depending on the information an attacker is able to obtain from the heap. However, it is quite likely that the leaked memory will contain credentials or other sensitive information, especially as attackers learn more about the vulnerability and use it more effectively.

    Regardless of patch status, MongoDB should not be exposed to the internet and access should be restricted by a firewall or similar controls. You should also apply the patch as soon as possible, to avoid the vulnerability being exploited internally.

    Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client. This issue affects all MongoDB Server v7.0 prior to 7.0.28 versions, MongoDB Server v8.0 versions prior to 8.0.17, MongoDB Server v8.2 versions prior to 8.2.3, MongoDB Server v6.0 versions prior to 6.0.27, MongoDB Server v5.0 versions prior to 5.0.32, MongoDB Server v4.4 versions prior to 4.4.30, MongoDB Server v4.2 versions greater than or equal to 4.2.0, MongoDB Server v4.0 versions greater than or equal to 4.0.0, and MongoDB Server v3.6 versions greater than or equal to 3.6.0.