Vulnerability intelligence

Updated an hour ago

Feeds

Trending now

CVEs trending on social media within the last 24 hours

Hypemeter

160100

Current score

Colder than a datacentre floor

  1. 1

    CVE-2025-40538 Published Feb 24, 2026

    Hype score

    16

    critical 9.1

    Serv-U

    CVE-2025-40538 is a broken access control vulnerability identified in SolarWinds Serv-U, a file transfer software. This flaw allows an attacker to create a system administrator user and subsequently execute arbitrary code with elevated privileges. Specifically, this can lead to root-level access on Linux systems or administrative privileges on Windows deployments. Exploitation of this vulnerability requires the attacker to already possess administrative privileges on the targeted server. Once exploited, the attacker can leverage domain or group admin privileges to achieve their objectives.

  2. 2

    CVE-2023-20869 Published Apr 25, 2023

    Hype score

    13

    high 8.2

    VMware Workstation

    CVE-2023-20869 is a stack-based buffer overflow vulnerability found in VMware Workstation (17.x) and VMware Fusion (13.x). It exists in the functionality that shares host Bluetooth devices with the virtual machine. The vulnerability was reported by STAR Labs during the Pwn2Own 2023 Security Contest and publicly disclosed on April 25, 2023. An attacker with local administrative privileges on a virtual machine could exploit this vulnerability to execute code as the virtual machine's VMX process running on the host. This could lead to complete compromise of the hypervisor. The vulnerability exists within the UHCI component and stems from inadequate validation of user-supplied data length before copying it to a fixed-length stack-based buffer.

  3. 3

    CVE-2023-34044 Published Oct 20, 2023

    Hype score

    13

    medium 6.0

    VMware Workstation

    CVE-2023-34044 is an out-of-bounds read vulnerability found in VMware Workstation (versions 17.x prior to 17.5) and Fusion (versions 13.x prior to 13.5). It exists in the functionality that shares host Bluetooth devices with the virtual machine. A malicious actor with local administrative privileges on a virtual machine could exploit this vulnerability to read privileged information contained in hypervisor memory from a virtual machine. The vulnerability is due to improper initialization of memory prior to accessing it within the UHCI component.

See more

Known exploited

Sourced from CISA's Known Exploited Vulnerability (KEV) catalog.

  1. CVE-2022-20775 Published Sep 30, 2022

    high 7.8

    Exploit known

    Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges. These vulnerabilities are due to improper access controls on commands within the application CLI. An attacker could exploit these vulnerabilities by running a malicious command on the application CLI. A successful exploit could allow the attacker to execute arbitrary commands as the root user.

  2. CVE-2026-25108 Published Feb 13, 2026

    high 8.7

    Exploit known

    FileZenSystemFirmwareServerZero-day

    FileZen contains an OS command injection vulnerability. When FileZen Antivirus Check Option is enabled, a logged-in user may send a specially crafted HTTP request to execute an arbitrary OS command.

  3. CVE-2025-68461 Published Dec 18, 2025

    high 7.2

    Exploit known

    Roundcube WebmailXSS

    CVE-2025-68461 is a Cross-Site Scripting (XSS) vulnerability affecting Roundcube Webmail versions before 1.5.12 and 1.6 before 1.6.12. The vulnerability is caused by improper neutralization of input during web page generation, specifically through the `animate` tag in SVG documents. This vulnerability allows an attacker to inject malicious JavaScript code that executes in the victim's browser when viewing crafted SVG content within the webmail interface. The vulnerability can be exploited over a network without requiring any privileges or user interaction.

See more

Insights

See more

Our Security Team's most recent CVE analysis

  1. CVE-2026-1340

    critical 9.8

    Link to CVE page

    Intruder Insights

    Updated Jan 30, 2026

    This and the similar vulnerability CVE-2026-1281 allow an unauthenticated attacker to execute code remotely on unpatched Ivanti EPMM instances.

    A patch is available from Ivanti here and should be installed immediately. There is a page for defenders who need to check if their instance has been compromised here, though this is a work in progress.

    Note that this is a temporary patch which will be removed with further version updates. If you update the version of your EPMM instance after patching, you must apply the patch again. A fully patched version of EPMM will be available in future which will permanently fix the vulnerability.

    This vulnerability was known to be used in the wild before being disclosed by the vendor. Proof of concept code is now available publicly, so increased attack activity is expected.

    A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

  2. CVE-2026-1281

    critical 9.8

    Exploit known

    Link to CVE page

    Intruder Insights

    Updated Jan 30, 2026

    This and the similar vulnerability CVE-2026-1340 allow an unauthenticated attacker to execute code remotely on unpatched Ivanti EPMM instances.

    A patch is available from Ivanti here and should be installed immediately. There is a page for defenders who need to check if their instance has been compromised here, though this is a work in progress.

    Note that this is a temporary patch which will be removed with further version updates. If you update the version of your EPMM instance after patching, you must apply the patch again. A fully patched version of EPMM will be available in future which will permanently fix the vulnerability.

    This vulnerability was known to be used in the wild before being disclosed by the vendor. Proof of concept code is now available publicly, so increased attack activity is expected.

    A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

  3. CVE-2025-14847

    high 8.7

    Exploit known

    Link to CVE page

    Intruder Insights

    Updated Dec 29, 2025

    This is a serious vulnerability which allows an unauthenticated remote attacker to retrieve information from MongoDB's memory. A proof-of-concept is available to the public.

    Similar to other heap disclosure vulnerabilities such as Heartbleed, the impact of exploitation will vary depending on the information an attacker is able to obtain from the heap. However, it is quite likely that the leaked memory will contain credentials or other sensitive information, especially as attackers learn more about the vulnerability and use it more effectively.

    Regardless of patch status, MongoDB should not be exposed to the internet and access should be restricted by a firewall or similar controls. You should also apply the patch as soon as possible, to avoid the vulnerability being exploited internally.

    Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client. This issue affects all MongoDB Server v7.0 prior to 7.0.28 versions, MongoDB Server v8.0 versions prior to 8.0.17, MongoDB Server v8.2 versions prior to 8.2.3, MongoDB Server v6.0 versions prior to 6.0.27, MongoDB Server v5.0 versions prior to 5.0.32, MongoDB Server v4.4 versions prior to 4.4.30, MongoDB Server v4.2 versions greater than or equal to 4.2.0, MongoDB Server v4.0 versions greater than or equal to 4.0.0, and MongoDB Server v3.6 versions greater than or equal to 3.6.0.