Vulnerability intelligence

Updated 34 minutes ago

Feeds

Trending now

CVEs trending on social media within the last 24 hours

Hypemeter

290100

Current score

Not much to see here

  1. 1

    CVE-2024-37079 Published Jun 18, 2024

    Hype score

    29

    critical 9.8

    CVE-2024-37079 is a heap-overflow vulnerability found within the DCERPC protocol implementation of VMware vCenter Server. This flaw allows a malicious actor with network access to the vCenter Server to send specially crafted network packets. Successful exploitation of this vulnerability can lead to remote code execution on the affected server. This vulnerability has been observed to be actively exploited in the wild.

  2. 2

    CVE-2025-59718 Published Dec 9, 2025

    Hype score

    21

    critical 9.8

    Exploit known

    Fortinet FortiOS

    CVE-2025-59718 is a vulnerability affecting Fortinet's FortiOS, FortiProxy, and FortiSwitchManager. It stems from an improper verification of cryptographic signatures, which could allow an unauthenticated attacker to bypass FortiCloud Single Sign-On (SSO) login authentication. This bypass is possible through a crafted Security Assertion Markup Language (SAML) message, but only if the FortiCloud SSO login feature is enabled on the device. The FortiCloud SSO login feature is not enabled by default in factory settings. However, it becomes enabled when an administrator registers the device with FortiCare via the GUI, unless the administrator specifically disables the "Allow administrative login using FortiCloud SSO" option during registration.

  3. 3

    CVE-2025-34165 Published Aug 30, 2025

    Hype score

    17

    high 8.8

    CVE-2025-34165 describes a stack-based buffer overflow vulnerability found in NetSupport Manager versions prior to 14.12.0000. This flaw allows a remote and unauthenticated attacker to trigger a denial of service (DoS) condition. Additionally, the vulnerability could potentially lead to the leakage of a limited amount of memory from the affected system.

See more

Known exploited

Sourced from CISA's Known Exploited Vulnerability (KEV) catalog.

  1. CVE-2024-37079 Published Jun 18, 2024

    Hype score

    29

    critical 9.8

    CVE-2024-37079 is a heap-overflow vulnerability found within the DCERPC protocol implementation of VMware vCenter Server. This flaw allows a malicious actor with network access to the vCenter Server to send specially crafted network packets. Successful exploitation of this vulnerability can lead to remote code execution on the affected server. This vulnerability has been observed to be actively exploited in the wild.

  2. CVE-2025-68645 Published Dec 22, 2025

    high 8.8

    Exploit known

    Zimbra ZCS

    CVE-2025-68645 is a Local File Inclusion (LFI) vulnerability found in the Webmail Classic UI of Zimbra Collaboration (ZCS) versions 10.0 and 10.1. This vulnerability stems from the improper handling of user-supplied request parameters in the RestFilter servlet. An unauthenticated remote attacker can exploit this vulnerability by crafting requests to the `/h/rest` endpoint. This allows the attacker to influence internal request dispatching, leading to the inclusion of arbitrary files from the WebRoot directory.

  3. CVE-2025-54313 Published Jul 19, 2025

    high 7.5

    Exploit known

    eslint-config-prettier

    eslint-config-prettier 8.10.1, 9.1.1, 10.1.6, and 10.1.7 has embedded malicious code for a supply chain compromise. Installing an affected package executes an install.js file that launches the node-gyp.dll malware on Windows.

See more

Insights

See more

Our Security Team's most recent CVE analysis

  1. CVE-2025-14847

    high 8.7

    Exploit known

    Link to CVE page

    Intruder Insights

    Updated Dec 29, 2025

    This is a serious vulnerability which allows an unauthenticated remote attacker to retrieve information from MongoDB's memory. A proof-of-concept is available to the public.

    Similar to other heap disclosure vulnerabilities such as Heartbleed, the impact of exploitation will vary depending on the information an attacker is able to obtain from the heap. However, it is quite likely that the leaked memory will contain credentials or other sensitive information, especially as attackers learn more about the vulnerability and use it more effectively.

    Regardless of patch status, MongoDB should not be exposed to the internet and access should be restricted by a firewall or similar controls. You should also apply the patch as soon as possible, to avoid the vulnerability being exploited internally.

    Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client. This issue affects all MongoDB Server v7.0 prior to 7.0.28 versions, MongoDB Server v8.0 versions prior to 8.0.17, MongoDB Server v8.2 versions prior to 8.2.3, MongoDB Server v6.0 versions prior to 6.0.27, MongoDB Server v5.0 versions prior to 5.0.32, MongoDB Server v4.4 versions prior to 4.4.30, MongoDB Server v4.2 versions greater than or equal to 4.2.0, MongoDB Server v4.0 versions greater than or equal to 4.0.0, and MongoDB Server v3.6 versions greater than or equal to 3.6.0.

  2. Link to CVE page

    Intruder Insights

    Updated Dec 9, 2025

    This vulnerability allows for code execution via a deserialisation vulnerability within the react-server-dom packages. This will affect React, NextJS and downstream projects who utilise these frameworks.

    AssetNote released a technical research post and detection technique which is effective at identifying unpatches instances, where as full RCE chains may fail due to WAF's fingerprinting those payloads and bypasses heavily. Vercel's CEO released a simple breakdown of the issue and how it works.

    We have witnessed widespread exploitation activity for this vulnerability, especially exploiting this to deploy an in-memory webshell. There has been some community efforts to detect exploitation activity, however exploiting this vulnerability usually leaves little to no trace which is difficult for defenders.

    Patching immediately is the only effective strategy for dealing with this vulnerability.

    Rejected reason: This CVE is a duplicate of CVE-2025-55182.

  3. CVE-2025-55182

    critical 10.0

    Exploit known

    Link to CVE page

    Intruder Insights

    Updated Dec 9, 2025

    This vulnerability allows for code execution via a deserialisation vulnerability within the react-server-dom packages. This will affect React, NextJS and downstream projects who utilise these frameworks.

    AssetNote released a technical research post and detection technique which is effective at identifying unpatches instances, where as full RCE chains may fail due to WAF's fingerprinting those payloads and bypasses heavily. Vercel's CEO released a simple breakdown of the issue and how it works.

    We have witnessed widespread exploitation activity for this vulnerability, especially exploiting this to deploy an in-memory webshell. There has been some community efforts to detect exploitation activity, however exploiting this vulnerability usually leaves little to no trace which is difficult for defenders.

    Patching immediately is the only effective strategy for dealing with this vulnerability.

    A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.