Vulnerability intelligence

Updated 41 minutes ago

Feeds

Trending now

CVEs trending on social media within the last 24 hours

Hypemeter

120100

Current score

These are not the 0days you are looking for

  1. 1

    CVE-2025-53521 Published Oct 15, 2025

    Hype score

    12

    critical 9.3

    Exploit known

    BIG-IP APMOTBIG-IP

    CVE-2025-53521 is a vulnerability affecting F5 BIG-IP Access Policy Manager (APM) systems when an access policy is configured on a virtual server. The flaw, categorized as CWE-770 (Allocation of Resources Without Limits or Throttling), allows undisclosed or specially crafted traffic to cause the Traffic Management Microkernel (TMM) process to terminate. This termination of the TMM process results in a disruption of all traffic handled by the BIG-IP device until the process restarts. The vulnerability can be exploited remotely by an unauthenticated attacker, leading to a denial-of-service condition on the BIG-IP APM system.

  2. 2

    CVE-2025-55182 Published Dec 3, 2025

    Hype score

    8

    critical 10.0

    Exploit known

    Business logicCloudnpmReactreact2shellSupply chain

    CVE-2025-55182 is a critical unauthenticated remote code execution (RCE) vulnerability found in React Server Components (RSC) versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0. This vulnerability affects packages including `react-server-dom-parcel`, `react-server-dom-turbopack`, and `react-server-dom-webpack`. The flaw stems from insecure deserialization in the RSC payload handling logic, allowing attacker-controlled data to influence server-side execution. Exploitation requires only a crafted HTTP request. Patches are available for React and Next.js. It is recommended to upgrade to patched React versions such as 19.0.1, 19.1.2, or 19.2.1, and to update frameworks like Next.js to their corresponding patched versions.

  3. 3

    CVE-2025-15379 Published Mar 30, 2026

    Hype score

    4

    critical 10.0

    CVE-2025-15379 describes a command injection vulnerability found within the model serving container initialization code of MLflow. Specifically, the flaw resides in the `_install_model_dependencies_to_env()` function. When a model is deployed with `env_manager=LOCAL`, MLflow processes dependency specifications from the `python_env.yaml` file within the model artifact. The vulnerability arises because these specifications are directly incorporated into a shell command without proper sanitization, enabling an attacker to provide a malicious model artifact and execute arbitrary commands on systems deploying the model. This issue impacts MLflow versions 3.8.0 and has been addressed in version 3.8.2.

See more

Known exploited

Sourced from CISA's Known Exploited Vulnerability (KEV) catalog.

  1. CVE-2026-5281 Published Apr 1, 2026

    high 8.8

    Exploit known

    Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

  2. CVE-2026-3055 Published Mar 23, 2026

    critical 9.3

    Exploit known

    ServerNetworkUbuntu

    Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP leading to memory overread

  3. CVE-2025-53521 Published Oct 15, 2025

    Hype score

    12

    critical 9.3

    Exploit known

    BIG-IP APMBIG-IPOT

    CVE-2025-53521 is a vulnerability affecting F5 BIG-IP Access Policy Manager (APM) systems when an access policy is configured on a virtual server. The flaw, categorized as CWE-770 (Allocation of Resources Without Limits or Throttling), allows undisclosed or specially crafted traffic to cause the Traffic Management Microkernel (TMM) process to terminate. This termination of the TMM process results in a disruption of all traffic handled by the BIG-IP device until the process restarts. The vulnerability can be exploited remotely by an unauthenticated attacker, leading to a denial-of-service condition on the BIG-IP APM system.

See more

Insights

See more

Our Security Team's most recent CVE analysis

  1. CVE-2026-1340

    critical 9.8

    Link to CVE page

    Intruder Insights

    Updated Jan 30, 2026

    This and the similar vulnerability CVE-2026-1281 allow an unauthenticated attacker to execute code remotely on unpatched Ivanti EPMM instances.

    A patch is available from Ivanti here and should be installed immediately. There is a page for defenders who need to check if their instance has been compromised here, though this is a work in progress.

    Note that this is a temporary patch which will be removed with further version updates. If you update the version of your EPMM instance after patching, you must apply the patch again. A fully patched version of EPMM will be available in future which will permanently fix the vulnerability.

    This vulnerability was known to be used in the wild before being disclosed by the vendor. Proof of concept code is now available publicly, so increased attack activity is expected.

    A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

  2. CVE-2026-1281

    critical 9.8

    Exploit known

    Link to CVE page

    Intruder Insights

    Updated Jan 30, 2026

    This and the similar vulnerability CVE-2026-1340 allow an unauthenticated attacker to execute code remotely on unpatched Ivanti EPMM instances.

    A patch is available from Ivanti here and should be installed immediately. There is a page for defenders who need to check if their instance has been compromised here, though this is a work in progress.

    Note that this is a temporary patch which will be removed with further version updates. If you update the version of your EPMM instance after patching, you must apply the patch again. A fully patched version of EPMM will be available in future which will permanently fix the vulnerability.

    This vulnerability was known to be used in the wild before being disclosed by the vendor. Proof of concept code is now available publicly, so increased attack activity is expected.

    A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

  3. CVE-2025-14847

    high 8.7

    Exploit known

    Link to CVE page

    Intruder Insights

    Updated Dec 29, 2025

    This is a serious vulnerability which allows an unauthenticated remote attacker to retrieve information from MongoDB's memory. A proof-of-concept is available to the public.

    Similar to other heap disclosure vulnerabilities such as Heartbleed, the impact of exploitation will vary depending on the information an attacker is able to obtain from the heap. However, it is quite likely that the leaked memory will contain credentials or other sensitive information, especially as attackers learn more about the vulnerability and use it more effectively.

    Regardless of patch status, MongoDB should not be exposed to the internet and access should be restricted by a firewall or similar controls. You should also apply the patch as soon as possible, to avoid the vulnerability being exploited internally.

    Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client. This issue affects all MongoDB Server v7.0 prior to 7.0.28 versions, MongoDB Server v8.0 versions prior to 8.0.17, MongoDB Server v8.2 versions prior to 8.2.3, MongoDB Server v6.0 versions prior to 6.0.27, MongoDB Server v5.0 versions prior to 5.0.32, MongoDB Server v4.4 versions prior to 4.4.30, MongoDB Server v4.2 versions greater than or equal to 4.2.0, MongoDB Server v4.0 versions greater than or equal to 4.0.0, and MongoDB Server v3.6 versions greater than or equal to 3.6.0.