Vulnerability intelligence

Updated 17 minutes ago

Feeds

Trending now

CVEs trending on social media within the last 24 hours

Hypemeter

630100

Current score

Getting lively

  1. 1

    CVE-2025-5054 Published May 30, 2025

    Hype score

    63

    medium 4.7

    CVE-2025-5054 is a race condition vulnerability found in Canonical's Apport, a core dump handler in Ubuntu. Specifically, it affects versions up to and including 2.32.0. This vulnerability allows a local attacker to potentially leak sensitive information by exploiting PID reuse, leveraging namespaces. The vulnerability arises because Apport, when handling crashes, attempts to detect if the crashing process was running inside a container *before* performing consistency checks. If an attacker can induce a crash in a privileged process and quickly replace it with another process having the same process ID within a mount and PID namespace, Apport might forward the core dump (containing sensitive information from the original process) into the container. To exploit this, an attacker needs permissions to create user, mount, and PID namespaces with full capabilities.

  2. 2

    CVE-2025-4598 Published May 30, 2025

    Hype score

    62

    medium 4.7

    CVE-2025-4598 is a race condition vulnerability found in systemd-coredump, a core dump handler present in Red Hat Enterprise Linux and Fedora. It allows a local attacker to force a SUID process to crash. The attacker can then replace it with a non-SUID binary, gaining access to the original process's privileged core dump. This access enables the attacker to read sensitive data loaded by the original process, such as contents from `/etc/shadow`, potentially exposing password hashes. The vulnerability arises because the attacker can force the Linux kernel to recycle the process ID (PID) before systemd-coredump analyzes the `/proc/pid/auxv` file, thus winning the race condition and gaining access to the core dump.

  3. 3

    CVE-2024-29269 Published Apr 10, 2024

    Hype score

    48

    high 8.8

    TLR-2005KshTelesquare

    CVE-2024-29269 is a command injection vulnerability affecting Telesquare TLR-2005Ksh devices, specifically versions 1.0.0 and 1.1.4. It allows attackers to execute arbitrary system commands remotely by exploiting the "Cmd" parameter. This vulnerability exists because the software constructs commands using external input without properly neutralizing special elements. An attacker can exploit this to gain unauthorized access and control of the affected system.

See more

Known exploited

Sourced from CISA's Known Exploited Vulnerability (KEV) catalog.

Last 7 days

0

Last 30 days

23

Dark Greg
  1. CVE-2025-4632 Published May 13, 2025

    critical 9.8

    Exploit known

    Samsung MagicINFO

    Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1052 allows attackers to write arbitrary file as system authority.

  2. CVE-2025-4427 Published May 13, 2025

    medium 5.3

    Exploit known

    Ivanti EPMM

    An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without proper credentials via the API.

  3. CVE-2025-4428 Published May 13, 2025

    high 7.2

    Exploit known

    Ivanti EPMM

    Remote Code Execution in API component in Ivanti Endpoint Manager Mobile 12.5.0.0 and prior on unspecified platforms allows authenticated attackers to execute arbitrary code via crafted API requests.

See more

Insights

See more

Our Security Team's most recent CVE analysis

  1. CVE-2025-4428

    high 7.2

    Exploit known

    Link to CVE page

    Intruder Insights

    Updated May 19, 2025

    This CVE references a Java Expression Language injection vulnerability in Ivanti EPMM, which allows a user with access to a particular API to execute arbitrary code.

    In conjunction with CVE-2025-4427 - an auth bypass vulnerability which gives access to the API in question - this can be used by an unauthenticated attacker.

    More information on exact vulnerable versions can be found here - you should patch immediately if vulnerable. Note that in the recommended deployment of EPMM, where the API is not accessible to the internet, the impact is reduced.

    Remote Code Execution in API component in Ivanti Endpoint Manager Mobile 12.5.0.0 and prior on unspecified platforms allows authenticated attackers to execute arbitrary code via crafted API requests.

  2. Link to CVE page

    Intruder Insights

    Updated Apr 28, 2025

    If caching is in use on this application, it is likely this can be used to poison the cache, causing the modified data to be shown to other users.

    There is also potential to then use this for cross-site scripting, although, this would depend on how the data is processed by the client, and will not be the case for all applications.

    In order for this application to be vulnerable, React Router must be used in Framework mode.

    React Router is a router for React. In versions on the 7.0 branch prior to version 7.5.2, it's possible to modify pre-rendered data by adding a header to the request. This allows to completely spoof its contents and modify all the values ​​of the data object passed to the HTML. This issue has been patched in version 7.5.2.

  3. CVE-2025-30406

    critical 9.0

    Exploit known

    Link to CVE page

    Intruder Insights

    Updated Apr 14, 2025

    This vulnerability is caused by the installer for the application using a hardcoded value for the validation and decryption key (sometimes known as the machine keys). These values are the same for all instances created by the vulnerable installer, and so an attacker can find these keys for your instance very easily.

    If an attacker possesses these keys, they can execute code of their choice on the server remotely using well-known methods.

    Updating to the latest version will cause the keys to be regenerated to secret values.

    Gladinet CentreStack through 16.1.10296.56315 (fixed in 16.4.10315.56368) has a deserialization vulnerability due to the CentreStack portal's hardcoded machineKey use, as exploited in the wild in March 2025. This enables threat actors (who know the machineKey) to serialize a payload for server-side deserialization to achieve remote code execution. NOTE: a CentreStack admin can manually delete the machineKey defined in portal\web.config.