Vulnerability intelligence

CVE-2024-3721 is a command injection vulnerability affecting TBK DVR-4104 and DVR-4216 devices up to version 20240412. The vulnerability exists in the processing of the `/device.rsp` file, where manipulation of the `mdb/mdc` argument allows for remote attackers to execute arbitrary operating system commands. The vulnerability is triggered by constructing an OS command using externally influenced input without proper neutralization of special elements. An attacker can exploit this vulnerability remotely, meaning they don't need physical access to the device.

CVE-2025-47985 is a vulnerability identified as an untrusted pointer dereference within Windows Event Tracing. This flaw allows an authorized attacker to elevate their privileges locally on an affected system. The vulnerability is rooted in CWE-822 and can be exploited by crafting malicious local procedure call (LPC) messages containing unvalidated pointers. When processed, these pointers enable arbitrary read/write operations in kernel memory space, facilitating privilege escalation from a standard user context to SYSTEM-level authority.

CVE-2025-0520 describes an unrestricted file upload vulnerability found in ShowDoc, an open-source documentation tool. This flaw stems from inadequate validation of file extensions during the upload process. The vulnerability, categorized under CWE-434 (Unrestricted Upload of File with Dangerous Type), allows an attacker to upload and execute arbitrary PHP files on the server. This can lead to remote code execution (RCE) on the affected system. ShowDoc versions prior to 2.8.7 are impacted by this issue.

CVE-2026-34197 is an improper input validation and code injection vulnerability affecting Apache ActiveMQ Classic. This flaw resides in the Jolokia JMX-HTTP bridge, exposed on the web console, which by default permits `exec` operations on ActiveMQ MBeans, including `BrokerService.addNetworkConnector(String)` and `BrokerService.addConnector(String)`. An authenticated attacker can exploit this by invoking these operations with a specially crafted discovery URI. This URI triggers the VM transport's `brokerConfig` parameter to load a remote Spring XML application context, which then instantiates singleton beans and executes arbitrary code on the broker's Java Virtual Machine (JVM) through methods like `Runtime.exec()`. While exploitation typically requires authentication, certain versions of Apache ActiveMQ Classic (6.0.0 through 6.1.1) are also affected by CVE-2024-32114, which inadvertently exposes the Jolokia API without authentication. In these specific versions, CVE-2026-34197 can be exploited without credentials, effectively becoming an unauthenticated remote code execution vulnerability. This vulnerability has been present in the codebase for approximately 13 years and affects Apache ActiveMQ Broker versions before 5.19.4 and from 6.0.0 before 6.2.3.

Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1; and Excel in Microsoft Office 2004 and 2008 for Mac allow remote attackers to execute arbitrary code via a crafted Excel document that triggers an access attempt on an invalid object, as exploited in the wild in February 2009 by Trojan.Mdropper.AC.

CVE-2026-34621 is a 'Prototype Pollution' vulnerability affecting Adobe Acrobat Reader versions 24.001.30356, 26.001.21367, and earlier, including Acrobat DC and Acrobat 2024. This flaw, categorized as an Improperly Controlled Modification of Object Prototype Attributes, could enable arbitrary code execution within the context of the current user. Successful exploitation of this vulnerability can lead to unauthorized access to sensitive data, unauthorized data modifications, and disruption of system operations. Exploitation of CVE-2026-34621 requires user interaction, specifically that a victim opens a malicious file. Reports indicate that this vulnerability has been actively exploited in the wild since at least December 2025, with some sources noting that no user interaction beyond simply opening a malicious PDF document is necessary for an attack to succeed. Adobe has released emergency updates to address this issue.