Vulnerability intelligence

Updated 36 minutes ago

Feeds

Trending now

CVEs trending on social media within the last 24 hours

Hypemeter

530100

Current score

Tepid

  1. 1

    CVE-2025-54136 Published Aug 2, 2025

    Hype score

    53

    high 7.2

    Cursor AI

    CVE-2025-54136 affects Cursor, an AI-powered code editor, specifically versions 1.2.4 and below. The vulnerability allows attackers to achieve remote code execution (RCE) by modifying a trusted Multi-Context Prompting (MCP) configuration file. This can be done either within a shared GitHub repository or locally on the target's machine. The vulnerability stems from a trust abuse issue in MCP server configuration. Once a user approves an MCP server, an attacker with write access can replace it with a malicious one without requiring re-approval. This enables the attacker to inject malicious commands, potentially leading to persistent backdoors, especially in collaborative coding environments. The issue has been addressed in Cursor version 1.3, which now prompts for re-approval whenever an mcpServer entry is modified.

  2. 2

    CVE-2025-54794 Published Aug 5, 2025

    Hype score

    47

    high 7.7

    Claude Code

    CVE-2025-54794 is a path restriction bypass vulnerability affecting Claude Code versions below 0.2.111. It stems from a flaw in path validation that uses prefix matching instead of canonical path comparison. This allows attackers to bypass directory restrictions and gain unauthorized access to files outside the intended current working directory (CWD). Exploitation requires the presence of, or the ability to create, a directory with a prefix identical to the CWD, along with the capability to introduce untrusted content into a Claude Code context window. For example, if the working directory is `/tmp/allowed_dir`, creating `/tmp/allowed_dir_malicious` would pass the validation. This vulnerability has been fixed in version 0.2.111.

  3. 3

    CVE-2024-2887 Published Mar 26, 2024

    Hype score

    36

    high 7.7

    WebAssemblyGoogle Chrome

    CVE-2024-2887 is a type confusion vulnerability found in WebAssembly in Google Chrome versions prior to 123.0.6312.86. It can be triggered by a remote attacker who crafts a malicious HTML page. The vulnerability stems from how WebAssembly handles recursive type groups, which can lead to exceeding the maximum number of declared heap types and create opportunities for type confusion. Successful exploitation of CVE-2024-2887 allows a remote attacker to execute arbitrary code. This can lead to arbitrary read/write within the V8 memory sandbox, the ability to obtain addresses of JavaScript objects, and manipulation of object pointers. It was demonstrated at the Pwn2Own Vancouver 2024 hacking competition. Google patched this vulnerability in Chrome version 123.0.6312.86.

See more

Insights

See more

Our Security Team's most recent CVE analysis

  1. CVE-2025-54418

    critical 9.8

    Link to CVE page

    Intruder Insights

    Updated Jul 31, 2025

    For this vulnerability to be exploitable, the ImageMagick image processing library needs to be used to resize or add a text watermark to a user-uploaded file which was saved using a user-provided filename, or where the parameters for adding a watermark are user-controlled. File upload implementations that use a randomly generated filename before image resizing are not vulnerable.

    This vulnerability is simple to exploit and we expect to see active exploitation soon. However, attackers will need to locate file upload functionality within your applications first which will be difficult to fully automate at scale, so mass exploitation is unlikely.

    CodeIgniter is a PHP full-stack web framework. A command injection vulnerability present in versions prior to 4.6.2 affects applications that use the ImageMagick handler for image processing (`imagick` as the image library) and either allow file uploads with user-controlled filenames and process uploaded images using the `resize()` method or use the `text()` method with user-controlled text content or options. An attacker can upload a file with a malicious filename containing shell metacharacters that get executed when the image is processed or provide malicious text content or options that get executed when adding text to images Users should upgrade to v4.6.2 or later to receive a patch. As a workaround, switch to the GD image handler (`gd`, the default handler), which is not affected by either vulnerability. For file upload scenarios, instead of using user-provided filenames, generate random names to eliminate the attack vector with `getRandomName()` when using the `move()` method, or use the `store()` method, which automatically generates safe filenames. For text operations, if one must use ImageMagick with user-controlled text, sanitize the input to only allow safe characters and validate/restrict text options.

  2. CVE-2025-53770

    critical 9.8

    Exploit known

    Link to CVE page

    Intruder Insights

    Updated Jul 23, 2025

    This is a critical remote code execution vulnerability in Sharepoint when used on-prem - Sharepoint for Microsoft 365 is not affected. It is a variant of a previous bug which, in combination with CVE-2025-53771, allows an unauthenticated attacker to use a deserialization vulnerability to run code on the server.

    If you host a Sharepoint instance you should immediately apply the security update and review the advice on this Microsoft page. Paying particular attention to the sections describing how to rotate your Machine Key and detect if you were already compromised.

    As there was a lag time between information on this vulnerability being available to attackers and the availability of the patch, there has been active exploitation of Sharepoint instances during this period.

    We have deployed an active check (11am 22nd July) and set off an Emerging Threat Scan for all of our Enterprise customers. In addition, we are committing this to the public Nuclei templates repository so that you can check your systems via Intruder - or for free via Nuclei as soon as the request is merged.

    Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild. Microsoft is preparing and fully testing a comprehensive update to address this vulnerability. In the meantime, please make sure that the mitigation provided in this CVE documentation is in place so that you are protected from exploitation.

  3. CVE-2025-32463

    critical 9.3

    Link to CVE page

    Intruder Insights

    Updated Jul 2, 2025

    This is a serious local privilege escalation vulnerability in the sudo tool, which is present on most Unix systems. You should update this as soon as possible if your version is less than 1.9.14.

    Exploiting this vulnerability requires an attacker to have access to the machine already - so it's most serious in environments where lower-privileged users routinely have access to systems. However, all vulnerable systems should be patched.

    Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.