Vulnerability intelligence

CVE-2025-43300 is an out-of-bounds write vulnerability that exists within Apple's Image I/O framework. The vulnerability can be triggered when a device processes a maliciously crafted image file, which can lead to memory corruption. Successful exploitation of this vulnerability can occur when a program writes data outside of an allocated memory buffer. This can result in the program crashing, data corruption, or potentially remote code execution. Apple has addressed this issue with improved bounds checking in multiple operating systems, including iOS 18.6.2, iPadOS 18.6.2, iPadOS 17.7.10, macOS Sequoia 15.6.1, macOS Sonoma 14.7.8, and macOS Ventura 13.7.8.

CVE-2025-26399 is a remote code execution vulnerability that affects SolarWinds Web Help Desk (WHD). The vulnerability stems from unsafe deserialization handling in the AjaxProxy component. Successful exploitation allows an unauthenticated attacker to run arbitrary commands on the host machine. The vulnerability is a patch bypass of CVE-2024-28988, which was itself a bypass of CVE-2024-28986. SolarWinds has released a hotfix to address the vulnerability.

CVE-2024-23225 is a memory corruption vulnerability found within the kernel of multiple Apple operating systems, including iOS, iPadOS, macOS, tvOS, visionOS, and watchOS. This flaw, stemming from insufficient validation, could allow an attacker with arbitrary kernel read and write capabilities to bypass existing kernel memory protections. Apple has acknowledged reports indicating that this issue may have been actively exploited in the wild, leading to its inclusion in CISA's Known Exploited Vulnerabilities Catalog. The vulnerability has been addressed through improved validation in updates such as iOS 16.7.6, iPadOS 16.7.6, iOS 17.4, and iPadOS 17.4, among others.

CVE-2025-68613 is a Remote Code Execution (RCE) vulnerability found in n8n, an open-source workflow automation platform. The vulnerability exists in versions starting with 0.211.0 and prior to 1.120.4, 1.121.1, and 1.122.0. It stems from the workflow expression evaluation system, where expressions supplied by authenticated users during workflow configuration might be evaluated in an execution context lacking sufficient isolation from the underlying runtime. An authenticated attacker could exploit this vulnerability to execute arbitrary code with the privileges of the n8n process. Successful exploitation could lead to full compromise of the affected instance, including unauthorized access to sensitive data, modification of workflows, and execution of system-level operations. The issue has been fixed in versions 1.120.4, 1.121.1, and 1.122.0.

CVE-2026-1603 is an authentication bypass vulnerability found in Ivanti Endpoint Manager (EPM) that allows a remote, unauthenticated attacker to extract specific stored credential data. This flaw arises from improper authentication mechanisms within the software, specifically through an alternate path or channel that fails to adequately enforce authentication requirements. Attackers can exploit this vulnerability to bypass standard authentication controls and gain unauthorized access to sensitive credential information stored within the Ivanti Endpoint Manager system. The vulnerability affects Ivanti Endpoint Manager versions prior to 2024 SU5.

CVE-2021-22054 is a Server-Side Request Forgery (SSRF) vulnerability found in various versions of the VMware Workspace ONE UEM console. This flaw allows a malicious actor with network access to the UEM console to send unauthenticated requests. Exploitation of this vulnerability could enable an attacker to gain access to sensitive information. Affected versions include VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37.