Vulnerability intelligence

Updated 39 minutes ago

Feeds

Trending now

CVEs trending on social media within the last 24 hours

Hypemeter

580100

Current score

Soft-boiled

  1. 1

    CVE-2025-26633 Published Mar 11, 2025

    Hype score

    58

    high 7.0

    Exploit known

    MicrosoftMMC

    CVE-2025-26633 is a security feature bypass vulnerability in the Microsoft Management Console (MMC). It stems from improper neutralization within the MMC, allowing an unauthorized attacker to bypass security restrictions locally. The vulnerability is being actively exploited in the wild by a threat actor known as Water Gamayun (also known as EncryptHub and Larva-208) in a campaign called "MSC EvilTwin". This technique involves the execution of malicious .msc files through a legitimate one by manipulating the Multilingual User Interface Path (MUIPath) to load and execute a malicious file instead of the original one.

  2. 2

    CVE-2025-8088 Published Aug 8, 2025

    Hype score

    51

    high 8.4

    Exploit known

    WinRAR

    CVE-2025-8088 is a path traversal vulnerability affecting the Windows version of WinRAR. It allows attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild. It was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET. The vulnerability was exploited in phishing attacks to deliver RomCom malware. The attackers can trick the program into saving a file in a different location than the user intended, such as the computer's Startup folder. This allows the attackers to execute their own code. WinRAR patched the vulnerability in version 7.13.

  3. 3

    CVE-2024-40725 Published Jul 18, 2024

    Hype score

    24

    medium 5.3

    CVE-2024-40725 is a vulnerability affecting Apache HTTP Server versions 2.4.0 to 2.4.61. It involves the `mod_proxy` module, where enabling the `ProxyPass` directive with specific URL rewrite rules can lead to HTTP Request Smuggling attacks. This can occur when the proxy and backend servers parse HTTP requests inconsistently. The vulnerability can result in unauthorized access, data exposure, and session hijacking, potentially leading to data theft or manipulation. In some cases, "AddType" configurations may result in source code disclosure of local content, such as PHP scripts being served instead of interpreted. Users are recommended to upgrade to version 2.4.62 to address this issue.

See more

Known exploited

Sourced from CISA's Known Exploited Vulnerability (KEV) catalog.

  1. CVE-2007-0671 Published Feb 3, 2007

    high 8.8

    Exploit known

    MicrosoftExcel

    Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks.

  2. CVE-2013-3893 Published Sep 18, 2013

    high 8.8

    Exploit known

    MicrosoftInternet Explorer

    Use-after-free vulnerability in the SetMouseCapture implementation in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code via crafted JavaScript strings, as demonstrated by use of an ms-help: URL that triggers loading of hxds.dll.

  3. CVE-2025-8088 Published Aug 8, 2025

    Hype score

    51

    high 8.4

    Exploit known

    WinRAR

    CVE-2025-8088 is a path traversal vulnerability affecting the Windows version of WinRAR. It allows attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild. It was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET. The vulnerability was exploited in phishing attacks to deliver RomCom malware. The attackers can trick the program into saving a file in a different location than the user intended, such as the computer's Startup folder. This allows the attackers to execute their own code. WinRAR patched the vulnerability in version 7.13.

See more

Insights

See more

Our Security Team's most recent CVE analysis

  1. CVE-2025-54418

    critical 9.8

    Link to CVE page

    Intruder Insights

    Updated Jul 31, 2025

    For this vulnerability to be exploitable, the ImageMagick image processing library needs to be used to resize or add a text watermark to a user-uploaded file which was saved using a user-provided filename, or where the parameters for adding a watermark are user-controlled. File upload implementations that use a randomly generated filename before image resizing are not vulnerable.

    This vulnerability is simple to exploit and we expect to see active exploitation soon. However, attackers will need to locate file upload functionality within your applications first which will be difficult to fully automate at scale, so mass exploitation is unlikely.

    CodeIgniter is a PHP full-stack web framework. A command injection vulnerability present in versions prior to 4.6.2 affects applications that use the ImageMagick handler for image processing (`imagick` as the image library) and either allow file uploads with user-controlled filenames and process uploaded images using the `resize()` method or use the `text()` method with user-controlled text content or options. An attacker can upload a file with a malicious filename containing shell metacharacters that get executed when the image is processed or provide malicious text content or options that get executed when adding text to images Users should upgrade to v4.6.2 or later to receive a patch. As a workaround, switch to the GD image handler (`gd`, the default handler), which is not affected by either vulnerability. For file upload scenarios, instead of using user-provided filenames, generate random names to eliminate the attack vector with `getRandomName()` when using the `move()` method, or use the `store()` method, which automatically generates safe filenames. For text operations, if one must use ImageMagick with user-controlled text, sanitize the input to only allow safe characters and validate/restrict text options.

  2. CVE-2025-53770

    critical 9.8

    Exploit known

    Link to CVE page

    Intruder Insights

    Updated Jul 23, 2025

    This is a critical remote code execution vulnerability in Sharepoint when used on-prem - Sharepoint for Microsoft 365 is not affected. It is a variant of a previous bug which, in combination with CVE-2025-53771, allows an unauthenticated attacker to use a deserialization vulnerability to run code on the server.

    If you host a Sharepoint instance you should immediately apply the security update and review the advice on this Microsoft page. Paying particular attention to the sections describing how to rotate your Machine Key and detect if you were already compromised.

    As there was a lag time between information on this vulnerability being available to attackers and the availability of the patch, there has been active exploitation of Sharepoint instances during this period.

    We have deployed an active check (11am 22nd July) and set off an Emerging Threat Scan for all of our Enterprise customers. In addition, we are committing this to the public Nuclei templates repository so that you can check your systems via Intruder - or for free via Nuclei as soon as the request is merged.

    Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild. Microsoft is preparing and fully testing a comprehensive update to address this vulnerability. In the meantime, please make sure that the mitigation provided in this CVE documentation is in place so that you are protected from exploitation.

  3. CVE-2025-32463

    critical 9.3

    Link to CVE page

    Intruder Insights

    Updated Jul 2, 2025

    This is a serious local privilege escalation vulnerability in the sudo tool, which is present on most Unix systems. You should update this as soon as possible if your version is less than 1.9.14.

    Exploiting this vulnerability requires an attacker to have access to the machine already - so it's most serious in environments where lower-privileged users routinely have access to systems. However, all vulnerable systems should be patched.

    Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.