Vulnerability intelligence

Updated 8 minutes ago

Feeds

Trending now

CVEs trending on social media within the last 24 hours

Hypemeter

110100

Current score

Not much chatter

  1. 1

    CVE-2025-64328 Published Nov 7, 2025

    Hype score

    11

    high 8.6

    Exploit known

    FreePBX Endpoint Manager

    CVE-2025-64328 identifies a command injection vulnerability within the FreePBX Endpoint Manager module. Specifically, the flaw resides in the `check_ssh_connect()` function of the Filestore component. This post-authentication vulnerability allows an authenticated attacker to execute arbitrary shell commands as the `asterisk` user on the affected system. This vulnerability impacts FreePBX Endpoint Manager versions 17.0.2.36 and above, prior to version 17.0.3. Reports indicate that a financially motivated hacker group, INJ3CTOR3, has actively exploited CVE-2025-64328 since early December 2025 to deploy a persistent webshell known as "EncystPHP," enabling them to gain administrative control over compromised VoIP systems.

  2. 2

    CVE-2025-5959 Published Jun 11, 2025

    Hype score

    8

    high 8.8

    Google Chrome V8

    CVE-2025-5959 is a type confusion vulnerability affecting the V8 JavaScript engine in Google Chrome versions prior to 137.0.7151.103. This flaw can be exploited by a remote attacker who crafts a malicious HTML page. The vulnerability was reported by Seunghyun Lee as part of TyphoonPWN 2025. Successful exploitation of this vulnerability allows an attacker to execute arbitrary code within the browser's sandbox. To mitigate this vulnerability, users are advised to update their Chrome browsers to version 137.0.7151.103 or later.

  3. 3

    CVE-2025-40552 Published Jan 28, 2026

    Hype score

    4

    critical 9.8

    SolarWinds Web Help Desk

    CVE-2025-40552 is an authentication bypass vulnerability affecting SolarWinds Web Help Desk. This flaw allows a remote, unauthenticated attacker to circumvent the application's access controls. By exploiting CVE-2025-40552, an attacker can execute actions and methods within the Web Help Desk application that are typically restricted to authenticated users, potentially gaining broad control over the application.

See more

Known exploited

Sourced from CISA's Known Exploited Vulnerability (KEV) catalog.

  1. CVE-2022-20775 Published Sep 30, 2022

    high 7.8

    Exploit known

    A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges. This vulnerability is due to improper access controls on commands within the application CLI. An attacker could exploit this vulnerability by running a maliciously crafted command on the application CLI. A successful exploit could allow the attacker to execute arbitrary commands as the root user. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-priv-E6e8tEdF

  2. CVE-2026-25108 Published Feb 13, 2026

    high 8.7

    Exploit known

    FileZenSystemFirmwareServerZero-day

    FileZen contains an OS command injection vulnerability. When FileZen Antivirus Check Option is enabled, a logged-in user may send a specially crafted HTTP request to execute an arbitrary OS command.

  3. CVE-2025-68461 Published Dec 18, 2025

    high 7.2

    Exploit known

    Roundcube WebmailXSS

    CVE-2025-68461 is a Cross-Site Scripting (XSS) vulnerability affecting Roundcube Webmail versions before 1.5.12 and 1.6 before 1.6.12. The vulnerability is caused by improper neutralization of input during web page generation, specifically through the `animate` tag in SVG documents. This vulnerability allows an attacker to inject malicious JavaScript code that executes in the victim's browser when viewing crafted SVG content within the webmail interface. The vulnerability can be exploited over a network without requiring any privileges or user interaction.

See more

Insights

See more

Our Security Team's most recent CVE analysis

  1. CVE-2026-1340

    critical 9.8

    Link to CVE page

    Intruder Insights

    Updated Jan 30, 2026

    This and the similar vulnerability CVE-2026-1281 allow an unauthenticated attacker to execute code remotely on unpatched Ivanti EPMM instances.

    A patch is available from Ivanti here and should be installed immediately. There is a page for defenders who need to check if their instance has been compromised here, though this is a work in progress.

    Note that this is a temporary patch which will be removed with further version updates. If you update the version of your EPMM instance after patching, you must apply the patch again. A fully patched version of EPMM will be available in future which will permanently fix the vulnerability.

    This vulnerability was known to be used in the wild before being disclosed by the vendor. Proof of concept code is now available publicly, so increased attack activity is expected.

    A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

  2. CVE-2026-1281

    critical 9.8

    Exploit known

    Link to CVE page

    Intruder Insights

    Updated Jan 30, 2026

    This and the similar vulnerability CVE-2026-1340 allow an unauthenticated attacker to execute code remotely on unpatched Ivanti EPMM instances.

    A patch is available from Ivanti here and should be installed immediately. There is a page for defenders who need to check if their instance has been compromised here, though this is a work in progress.

    Note that this is a temporary patch which will be removed with further version updates. If you update the version of your EPMM instance after patching, you must apply the patch again. A fully patched version of EPMM will be available in future which will permanently fix the vulnerability.

    This vulnerability was known to be used in the wild before being disclosed by the vendor. Proof of concept code is now available publicly, so increased attack activity is expected.

    A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

  3. CVE-2025-14847

    high 8.7

    Exploit known

    Link to CVE page

    Intruder Insights

    Updated Dec 29, 2025

    This is a serious vulnerability which allows an unauthenticated remote attacker to retrieve information from MongoDB's memory. A proof-of-concept is available to the public.

    Similar to other heap disclosure vulnerabilities such as Heartbleed, the impact of exploitation will vary depending on the information an attacker is able to obtain from the heap. However, it is quite likely that the leaked memory will contain credentials or other sensitive information, especially as attackers learn more about the vulnerability and use it more effectively.

    Regardless of patch status, MongoDB should not be exposed to the internet and access should be restricted by a firewall or similar controls. You should also apply the patch as soon as possible, to avoid the vulnerability being exploited internally.

    Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client. This issue affects all MongoDB Server v7.0 prior to 7.0.28 versions, MongoDB Server v8.0 versions prior to 8.0.17, MongoDB Server v8.2 versions prior to 8.2.3, MongoDB Server v6.0 versions prior to 6.0.27, MongoDB Server v5.0 versions prior to 5.0.32, MongoDB Server v4.4 versions prior to 4.4.30, MongoDB Server v4.2 versions greater than or equal to 4.2.0, MongoDB Server v4.0 versions greater than or equal to 4.0.0, and MongoDB Server v3.6 versions greater than or equal to 3.6.0.