Vulnerability intelligence

Updated 22 minutes ago

Feeds

Trending now

CVEs trending on social media within the last 24 hours

Hypemeter

380100

Current score

Room temperature

  1. 1

    CVE-2025-55315 Published Oct 14, 2025

    Hype score

    38

    critical 9.9

    ASP.NET Core

    CVE-2025-55315 is a security vulnerability affecting ASP.NET Core, specifically the Kestrel web server. It stems from an inconsistent interpretation of HTTP requests, leading to HTTP request smuggling. This vulnerability allows an unauthenticated attacker to smuggle HTTP requests. Successful exploitation of CVE-2025-55315 could allow attackers to bypass security controls, potentially exposing sensitive information like user credentials, modifying files on the server, or even causing a server crash. The vulnerability can be exploited to perform actions such as user spoofing, server-side request forgery, bypassing cross-site request forgery (CSRF) protections, and injection attacks. To mitigate this vulnerability, Microsoft has released security updates for various versions of ASP.NET Core.

  2. 2

    CVE-2025-33073 Published Jun 10, 2025

    Hype score

    33

    high 8.8

    Exploit known

    Windows SMB Client

    CVE-2025-33073 is an elevation of privilege vulnerability affecting the Windows Server Message Block (SMB) client. It stems from improper access control within Windows SMB, potentially allowing an authorized attacker to elevate privileges over a network. To exploit this vulnerability, an attacker could execute a specially crafted script. This script would coerce the victim machine to connect back to the attacker's system using SMB and authenticate, potentially resulting in the attacker gaining SYSTEM privileges.

  3. 3

    CVE-2025-55680 Published Oct 14, 2025

    Hype score

    28

    high 7.8

    Windows Cloud Files

    CVE-2025-55680 is an Elevation of Privilege vulnerability affecting the Windows Cloud Files Mini Filter Driver. It stems from a time-of-check time-of-use (TOCTOU) race condition within the driver. An authenticated, local attacker can exploit this vulnerability to elevate their privileges to SYSTEM level. The vulnerability exists in the `HsmpOpCreatePlaceholders()` function when processing requests to create placeholder files under synchronized directories. Attackers can modify the filename in memory between the time the filename is validated and the time the file is created. By exploiting this race condition, an attacker can bypass security checks and create files anywhere on the system, leading to privilege escalation.

See more

Known exploited

Sourced from CISA's Known Exploited Vulnerability (KEV) catalog.

  1. CVE-2025-61932 Published Oct 20, 2025

    critical 9.3

    Lanscope Endpoint Manager (On-Premises) (Client program (MR) and Detection agent (DA)) improperly verifies the origin of incoming requests, allowing an attacker to execute arbitrary code by sending specially crafted packets.

  2. CVE-2025-61884 Published Oct 12, 2025

    Hype score

    21

    high 7.5

    Exploit known

    Oracle Configurator

    CVE-2025-61884 is a vulnerability affecting the Oracle Configurator component's Runtime UI within the Oracle E-Business Suite (EBS). The vulnerability impacts versions 12.2.3 through 12.2.14. It can be exploited by an unauthenticated attacker with network access via HTTP. Successful exploitation of CVE-2025-61884 can lead to unauthorized access to critical data or complete access to all Oracle Configurator accessible data. Oracle has released a security patch to address this vulnerability and strongly recommends that customers apply the provided updates promptly.

  3. CVE-2025-33073 Published Jun 10, 2025

    Hype score

    33

    high 8.8

    Exploit known

    Windows SMB Client

    CVE-2025-33073 is an elevation of privilege vulnerability affecting the Windows Server Message Block (SMB) client. It stems from improper access control within Windows SMB, potentially allowing an authorized attacker to elevate privileges over a network. To exploit this vulnerability, an attacker could execute a specially crafted script. This script would coerce the victim machine to connect back to the attacker's system using SMB and authenticate, potentially resulting in the attacker gaining SYSTEM privileges.

See more

Insights

See more

Our Security Team's most recent CVE analysis

  1. CVE-2025-61882

    critical 9.8

    Exploit known

    Link to CVE page

    Intruder Insights

    Updated Oct 14, 2025

    While this vulnerability is significant, Oracle EBS should not be exposed to the internet due to the nature of the service and the sensitivity of the data housed within it.

    Oracle have made articles in the past to describe deployments that are internet facing and relying upon Oracle WAF for protection, which is not best practice. This is directly contradicted by the official deployment documentation. The documentation acknowledges that this should not be exposed to the internet, and if it needs to be a bastion host should be used to access the instance (scenario 3).

    Disappointingly, the UK's NCSC also mistakenly links to the poor quality article over the deployment documentation.

    Our recommendation remains the same, Oracle EBS should not be exposed to the internet. Intruder's scanners report an attack surface risk as an issue if this panel is exposed.

    Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component: BI Publisher Integration). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Concurrent Processing. Successful attacks of this vulnerability can result in takeover of Oracle Concurrent Processing. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

  2. CVE-2025-11371

    medium 6.2

    Link to CVE page

    Intruder Insights

    Updated Oct 13, 2025

    Note that the public CVSS score for this vulnerability is too low - it has been scored as if it was a local vulnerability, when it can be exploited remotely.

    This vulnerability is essentially a remote code execution vulnerability, as an attacker can use the LFI to obtain the Machine Key for the installation and then leverage this in the same way as a previous vulnerability discovered earlier in the year.

    Attackers have knowledge of how to exploit this and there is no patch currently available. If you have an exposed instance, you must apply the mitigation discussed by Huntress in their post and consider that the server may be compromised.

    In the default installation and configuration of Gladinet CentreStack and TrioFox, there is an unauthenticated Local File Inclusion Flaw that allows unintended disclosure of system files. Exploitation of this vulnerability has been observed in the wild.  This issue impacts Gladinet CentreStack and Triofox: All versions prior to and including 16.7.10368.56560

  3. CVE-2025-49844

    critical 9.9

    Link to CVE page

    Intruder Insights

    Updated Oct 7, 2025

    Authenticated access and the ability to run Lua scripts is required to exploit this vulnerability. However, all affected instances without authentication configured are vulnerable. Further details from the Redis team can be found here.

    Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate the garbage collector, trigger a use-after-free and potentially lead to remote code execution. The problem exists in all versions of Redis with Lua scripting. This issue is fixed in version 8.2.2. To workaround this issue without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands.