Vulnerability intelligence

Updated an hour ago

Feeds

Trending now

CVEs trending on social media within the last 24 hours

Hypemeter

150100

Current score

These are not the 0days you are looking for

  1. 1

    CVE-2025-59528 Published Sep 22, 2025

    Hype score

    15

    critical 10.0

    FlowiseNode.js

    CVE-2025-59528 identifies a remote code execution (RCE) vulnerability in Flowise, a drag-and-drop user interface for building large language model flows. Specifically, versions 3.0.5, and those ranging from 2.2.7-patch.1 to earlier than 3.0.6, are affected. The flaw resides within the `CustomMCP` node, which processes user-provided configuration settings for external MCP servers. The vulnerability occurs because the `convertToValidJSONString` function, used to parse the `mcpServerConfig` string, directly passes user input to JavaScript's `Function()` constructor without adequate security validation. This allows the input to be executed as JavaScript code with full Node.js runtime privileges, enabling attackers to execute arbitrary code on the server. This issue has been addressed in Flowise version 3.0.6.

  2. 2

    CVE-2023-20869 Published Apr 25, 2023

    Hype score

    9

    high 8.2

    VMware Workstation

    CVE-2023-20869 is a stack-based buffer overflow vulnerability found in VMware Workstation (17.x) and VMware Fusion (13.x). It exists in the functionality that shares host Bluetooth devices with the virtual machine. The vulnerability was reported by STAR Labs during the Pwn2Own 2023 Security Contest and publicly disclosed on April 25, 2023. An attacker with local administrative privileges on a virtual machine could exploit this vulnerability to execute code as the virtual machine's VMX process running on the host. This could lead to complete compromise of the hypervisor. The vulnerability exists within the UHCI component and stems from inadequate validation of user-supplied data length before copying it to a fixed-length stack-based buffer.

  3. 3

    CVE-2023-20870 Published Apr 25, 2023

    Hype score

    9

    medium 6.0

    VMware Workstation

    CVE-2023-20870 is an out-of-bounds read vulnerability found in VMware Workstation and Fusion. It exists in the functionality for sharing host Bluetooth devices with the virtual machine. An attacker with local administrative privileges on a virtual machine could exploit this vulnerability to read privileged information contained in hypervisor memory.

See more

Known exploited

Sourced from CISA's Known Exploited Vulnerability (KEV) catalog.

  1. CVE-2026-1340 Published Jan 29, 2026

    critical 9.8

    Exploit known

    Ivanti Endpoint Manager MobileVPNMobile device

    A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

  2. CVE-2026-35616 Published Apr 4, 2026

    critical 9.8

    Exploit known

    NetworkAPISupply chainVPNFirmwarePort (22)Fortinet FortiClientEMS

    A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests.

  3. CVE-2026-3502 Published Mar 30, 2026

    high 7.8

    Exploit known

    Supply chainTrueConf Client

    TrueConf Client downloads application update code and applies it without performing verification. An attacker who is able to influence the update delivery path can substitute a tampered update payload. If the payload is executed or installed by the updater, this may result in arbitrary code execution in the context of the updating process or user.

See more

Insights

See more

Our Security Team's most recent CVE analysis

  1. CVE-2026-1340

    critical 9.8

    Exploit known

    Link to CVE page

    Intruder Insights

    Updated Jan 30, 2026

    This and the similar vulnerability CVE-2026-1281 allow an unauthenticated attacker to execute code remotely on unpatched Ivanti EPMM instances.

    A patch is available from Ivanti here and should be installed immediately. There is a page for defenders who need to check if their instance has been compromised here, though this is a work in progress.

    Note that this is a temporary patch which will be removed with further version updates. If you update the version of your EPMM instance after patching, you must apply the patch again. A fully patched version of EPMM will be available in future which will permanently fix the vulnerability.

    This vulnerability was known to be used in the wild before being disclosed by the vendor. Proof of concept code is now available publicly, so increased attack activity is expected.

    A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

  2. CVE-2026-1281

    critical 9.8

    Exploit known

    Link to CVE page

    Intruder Insights

    Updated Jan 30, 2026

    This and the similar vulnerability CVE-2026-1340 allow an unauthenticated attacker to execute code remotely on unpatched Ivanti EPMM instances.

    A patch is available from Ivanti here and should be installed immediately. There is a page for defenders who need to check if their instance has been compromised here, though this is a work in progress.

    Note that this is a temporary patch which will be removed with further version updates. If you update the version of your EPMM instance after patching, you must apply the patch again. A fully patched version of EPMM will be available in future which will permanently fix the vulnerability.

    This vulnerability was known to be used in the wild before being disclosed by the vendor. Proof of concept code is now available publicly, so increased attack activity is expected.

    A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

  3. CVE-2025-14847

    high 8.7

    Exploit known

    Link to CVE page

    Intruder Insights

    Updated Dec 29, 2025

    This is a serious vulnerability which allows an unauthenticated remote attacker to retrieve information from MongoDB's memory. A proof-of-concept is available to the public.

    Similar to other heap disclosure vulnerabilities such as Heartbleed, the impact of exploitation will vary depending on the information an attacker is able to obtain from the heap. However, it is quite likely that the leaked memory will contain credentials or other sensitive information, especially as attackers learn more about the vulnerability and use it more effectively.

    Regardless of patch status, MongoDB should not be exposed to the internet and access should be restricted by a firewall or similar controls. You should also apply the patch as soon as possible, to avoid the vulnerability being exploited internally.

    Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client. This issue affects all MongoDB Server v7.0 prior to 7.0.28 versions, MongoDB Server v8.0 versions prior to 8.0.17, MongoDB Server v8.2 versions prior to 8.2.3, MongoDB Server v6.0 versions prior to 6.0.27, MongoDB Server v5.0 versions prior to 5.0.32, MongoDB Server v4.4 versions prior to 4.4.30, MongoDB Server v4.2 versions greater than or equal to 4.2.0, MongoDB Server v4.0 versions greater than or equal to 4.0.0, and MongoDB Server v3.6 versions greater than or equal to 3.6.0.