Vulnerability intelligence

CVE-2025-8088 is a path traversal vulnerability affecting the Windows version of WinRAR. It allows attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild. It was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET. The vulnerability was exploited in phishing attacks to deliver RomCom malware. The attackers can trick the program into saving a file in a different location than the user intended, such as the computer's Startup folder. This allows the attackers to execute their own code. WinRAR patched the vulnerability in version 7.13.

CVE-2025-14174 is an out-of-bounds memory access vulnerability found in ANGLE, a component of Google Chrome. The vulnerability could allow a remote attacker to perform out-of-bounds memory access via a crafted HTML page. Google is aware that an exploit for this vulnerability exists in the wild. Apple also addressed CVE-2025-14174, describing it as a memory corruption flaw in WebKit that could lead to memory corruption. Apple indicated that this vulnerability may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26.

CVE-2026-20700 is a memory corruption vulnerability found within Apple's `dyld` component, which is the Dynamic Link Editor responsible for loading dynamic libraries into memory and bridging application code with system frameworks. This flaw could enable an attacker with memory write capabilities to execute arbitrary code on affected devices. Apple addressed this issue through improved state management in updates for watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, visionOS 26.3, iOS 26.3, and iPadOS 26.3. Reports indicate that this vulnerability may have been exploited in "extremely sophisticated attacks" targeting specific individuals on versions of iOS preceding iOS 26. Google's Threat Analysis Group is credited with discovering and reporting the vulnerability.

SimpleHelp versions 5.5.15 and prior and 6.0 pre-release versions contain an authentication bypass vulnerability in the OIDC authentication flow. When OIDC authentication is configured, identity tokens submitted during login are accepted without verifying their cryptographic signature. In a vulnerable configuration, a remote, unauthenticated attacker can submit a forged token containing arbitrary identity claims to obtain a fully authenticated technician session. In some configurations, this may also allow bypass of multi-factor authentication. No user interaction is required.

CVE-2026-20230 is an unauthenticated Server-Side Request Forgery (SSRF) vulnerability found in the WebDialer component of Cisco Unified Communications Manager (Unified CM) and Unified CM Session Management Edition. This flaw stems from improper input validation of specific HTTP requests, allowing a remote, unauthenticated attacker to send crafted requests. Successful exploitation of this vulnerability enables an attacker to write arbitrary files to the underlying operating system. These files can subsequently be used to escalate privileges to root on the affected system. While proof-of-concept exploit code is publicly available, Cisco has not observed active exploitation of this vulnerability. The affected WebDialer service is disabled by default, meaning only deployments where it has been explicitly enabled are susceptible.

CVE-2026-12569 is a remote code execution (RCE) vulnerability found in PTC Windchill PDMlink and PTC FlexPLM. This flaw arises from improper input validation and the deserialization of untrusted data. An unauthenticated, remote attacker can exploit this vulnerability by sending specially crafted requests to the affected systems, enabling them to execute arbitrary code. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2026-12569 to its Known Exploited Vulnerabilities (KEV) catalog, indicating that it is being actively exploited in the wild. Attackers have been observed deploying persistent JSP webshells to facilitate remote command execution and data exfiltration.