Last known exploited

  1. CVE-2025-4632

    Samsung

    MagicINFO 9 Server

    7d

    CVE-2025-4632

  2. CVE-2025-4428

    Ivanti

    Endpoint Manager Mobile (EPMM)

    10d

    CVE-2025-4428

  3. CVE-2025-4427

    Ivanti

    Endpoint Manager Mobile (EPMM)

    10d

    CVE-2025-4427

  4. CVE-2025-27920

    Srimax

    Output Messenger

    10d

    CVE-2025-27920

  5. CVE-2024-27443

    Synacor

    Zimbra Collaboration Suite (ZCS)

    10d

    CVE-2024-27443

  6. CVE-2024-11182

    MDaemon

    Email Server

    10d

    CVE-2024-11182

  7. CVE-2023-38950

    ZKTeco

    BioTime

    10d

    CVE-2023-38950

  8. CVE-2025-4664

    Google

    Chromium

    14d

    CVE-2025-4664

  9. CVE-2025-42999

    SAP

    NetWeaver

    14d

    CVE-2025-42999

  10. CVE-2024-12987

    DrayTek

    Vigor Routers

    14d

    CVE-2024-12987
  11. Dark Greg

Vulnerability intelligence

Updated an hour ago

Feeds

Trending now

CVEs trending on social media within the last 24 hours

Hypemeter

590100

Current score

Soft-boiled

  1. 1

    CVE-2025-2760 Published Apr 23, 2025

    Hype score

    59

    high 7.8

    GIMP

    CVE-2025-2760 is a remote code execution vulnerability affecting GIMP (GNU Image Manipulation Program) software, specifically within the parsing of XWD files. The vulnerability arises from insufficient validation of user-supplied data, which can lead to an integer overflow during buffer allocation. To exploit this vulnerability, a user must interact with a malicious webpage or open a specially crafted XWD file. Successful exploitation allows an attacker to execute arbitrary code within the context of the current process. GIMP version 3.0.0 addresses this vulnerability.

  2. 2

    CVE-2025-2761 Published Apr 23, 2025

    Hype score

    59

    high 7.8

    GIMP

    CVE-2025-2761 is a remote code execution vulnerability that affects the GIMP software, specifically during the parsing of FLI files. The vulnerability arises due to insufficient validation of user-supplied data, which can lead to an out-of-bounds write. To exploit this vulnerability, an attacker needs to trick a user into opening a malicious FLI file or visiting a malicious page. Successful exploitation of CVE-2025-2761 allows an attacker to execute arbitrary code within the context of the current process. GIMP versions prior to 3.0.0 are affected. Users are advised to upgrade to version 3.0.0 or later, where the vulnerability has been addressed.

  3. 3

    CVE-2025-5138 Published May 25, 2025

    Hype score

    59

    medium 5.1

    Bitwarden

    CVE-2025-5138 is a vulnerability found in Bitwarden versions up to 2.25.1. It affects the PDF File Handler component, where manipulation leads to a cross-site scripting (XSS) vulnerability. The attack can be launched remotely, and the exploit has been publicly disclosed. The vendor was notified about the vulnerability but reportedly did not respond.

See more

Insights

See more

Our Security Team's most recent CVE analysis

  1. CVE-2025-4428

    high 7.2

    Exploit known

    Link to CVE page

    Intruder Insights

    Updated May 19, 2025

    This CVE references a Java Expression Language injection vulnerability in Ivanti EPMM, which allows a user with access to a particular API to execute arbitrary code.

    In conjunction with CVE-2025-4427 - an auth bypass vulnerability which gives access to the API in question - this can be used by an unauthenticated attacker.

    More information on exact vulnerable versions can be found here - you should patch immediately if vulnerable. Note that in the recommended deployment of EPMM, where the API is not accessible to the internet, the impact is reduced.

    [ { "lang": "en", "value": "Remote Code Execution in API component in Ivanti Endpoint Manager Mobile 12.5.0.0 and prior on unspecified platforms allows authenticated attackers to execute arbitrary code via crafted API requests." }, { "lang": "es", "value": "La ejecución remota de código en el componente API de Ivanti Endpoint Manager Mobile 12.5.0.0 y anteriores en plataformas no especificadas permite a atacantes autenticados ejecutar código arbitrario a través de solicitudes API manipuladas." } ]

  2. Link to CVE page

    Intruder Insights

    Updated Apr 28, 2025

    If caching is in use on this application, it is likely this can be used to poison the cache, causing the modified data to be shown to other users.

    There is also potential to then use this for cross-site scripting, although, this would depend on how the data is processed by the client, and will not be the case for all applications.

    In order for this application to be vulnerable, React Router must be used in Framework mode.

    [ { "lang": "en", "value": "React Router is a router for React. In versions on the 7.0 branch prior to version 7.5.2, it's possible to modify pre-rendered data by adding a header to the request. This allows to completely spoof its contents and modify all the values ​​of the data object passed to the HTML. This issue has been patched in version 7.5.2." }, { "lang": "es", "value": "React Router es un enrutador para React. En versiones de la rama 7.0 anteriores a la 7.5.2, es posible modificar datos pre-renderizados añadiendo un encabezado a la solicitud. Esto permite falsificar completamente su contenido y modificar todos los valores del objeto de datos pasado al HTML. Este problema se ha corregido en la versión 7.5.2." } ]

  3. CVE-2025-30406

    critical 9.0

    Exploit known

    Link to CVE page

    Intruder Insights

    Updated Apr 14, 2025

    This vulnerability is caused by the installer for the application using a hardcoded value for the validation and decryption key (sometimes known as the machine keys). These values are the same for all instances created by the vulnerable installer, and so an attacker can find these keys for your instance very easily.

    If an attacker possesses these keys, they can execute code of their choice on the server remotely using well-known methods.

    Updating to the latest version will cause the keys to be regenerated to secret values.

    [ { "lang": "en", "value": "Gladinet CentreStack through 16.1.10296.56315 (fixed in 16.4.10315.56368) has a deserialization vulnerability due to the CentreStack portal's hardcoded machineKey use, as exploited in the wild in March 2025. This enables threat actors (who know the machineKey) to serialize a payload for server-side deserialization to achieve remote code execution. NOTE: a CentreStack admin can manually delete the machineKey defined in portal\\web.config." }, { "lang": "es", "value": "Gladinet CentreStack hasta la versión 16.1.10296.56315 (solucionada en la versión 16.4.10315.56368) presenta una vulnerabilidad de deserialización debido al uso de la clave de máquina (machineKey) codificada de forma rígida en el portal de CentreStack, explotada in situ en marzo de 2025. Esto permite a los actores de amenazas (que conocen la clave de máquina) serializar un payload para la deserialización del servidor y lograr la ejecución remota de código. NOTA: Un administrador de CentreStack puede eliminar manualmente la clave de máquina definida en portal\\web.config." } ]