Vulnerability intelligence

Updated an hour ago

Feeds

Trending now

CVEs trending on social media within the last 24 hours

Hypemeter

640100

Current score

Picking up steam

  1. 1

    CVE-2025-53786 Published Aug 6, 2025

    Hype score

    64

    high 8.0

    Microsoft Exchange Server

    CVE-2025-53786 is a vulnerability in Microsoft Exchange Server hybrid deployments. It allows an attacker with administrative access to an on-premises Exchange server to escalate privileges within the connected cloud environment. This can be achieved without leaving easily detectable traces. The vulnerability stems from the shared service principal used between on-premises Exchange servers and Exchange Online for authentication. By exploiting this, attackers can modify user passwords, convert cloud users to hybrid users, and impersonate hybrid users, gaining unchecked access for up to 24 hours. Microsoft recommends installing the April 2025 (or later) Hot Fix and implementing the changes in your Exchange Server and hybrid environment.

  2. 2

    CVE-2025-6514 Published Jul 9, 2025

    Hype score

    40

    critical 9.6

    mcp-remoteMCP

    CVE-2025-6514 is a vulnerability in mcp-remote that can lead to arbitrary OS command execution when Model Context Protocol (MCP) clients connect to an untrusted MCP server. This is due to crafted input from the authorization\_endpoint response URL. The vulnerability affects mcp-remote versions 0.0.5 to 0.1.15 and has been fixed in version 0.1.16. The mcp-remote tool is used by applications like Claude Desktop, Cursor, and Windsurf to connect with remote MCP servers via HTTP transport by serving as a proxy. When a user configures their LLM host to connect to a remote MCP server, mcp-remote initiates communication with the MCP server and may be asked to authenticate. The server responds with its authorization\_endpoint URL, which, if crafted maliciously, can cause a command injection, allowing an attacker to execute arbitrary OS commands.

  3. 3

    CVE-2025-47907 Published Aug 7, 2025

    Hype score

    29

    high 7.0

    Golang

    CVE-2025-47907 refers to a security vulnerability found in Go versions 1.24.6 and 1.23.12. This vulnerability is located in the `database/sql` package. Specifically, if a query is cancelled (e.g., by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows, it can lead to unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the expected results with those of another query, causing the call to Scan to return either unexpected results from the other query or an error.

See more

Known exploited

Sourced from CISA's Known Exploited Vulnerability (KEV) catalog.

  1. CVE-2020-25078 Published Sep 2, 2020

    high 7.5

    Exploit known

    D-Link

    An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. The unauthenticated /config/getuser endpoint allows for remote administrator password disclosure.

  2. CVE-2020-25079 Published Sep 2, 2020

    high 8.8

    Exploit known

    D-Link

    An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. cgi-bin/ddns_enc.cgi allows authenticated command injection.

  3. CVE-2022-40799 Published Nov 29, 2022

    high 8.8

    Exploit known

    D-Link

    Data Integrity Failure in 'Backup Config' in D-Link DNR-322L <= 2.60B15 allows an authenticated attacker to execute OS level commands on the device.

See more

Insights

See more

Our Security Team's most recent CVE analysis

  1. CVE-2025-54418

    critical 9.8

    Link to CVE page

    Intruder Insights

    Updated Jul 31, 2025

    For this vulnerability to be exploitable, the ImageMagick image processing library needs to be used to resize or add a text watermark to a user-uploaded file which was saved using a user-provided filename, or where the parameters for adding a watermark are user-controlled. File upload implementations that use a randomly generated filename before image resizing are not vulnerable.

    This vulnerability is simple to exploit and we expect to see active exploitation soon. However, attackers will need to locate file upload functionality within your applications first which will be difficult to fully automate at scale, so mass exploitation is unlikely.

    CodeIgniter is a PHP full-stack web framework. A command injection vulnerability present in versions prior to 4.6.2 affects applications that use the ImageMagick handler for image processing (`imagick` as the image library) and either allow file uploads with user-controlled filenames and process uploaded images using the `resize()` method or use the `text()` method with user-controlled text content or options. An attacker can upload a file with a malicious filename containing shell metacharacters that get executed when the image is processed or provide malicious text content or options that get executed when adding text to images Users should upgrade to v4.6.2 or later to receive a patch. As a workaround, switch to the GD image handler (`gd`, the default handler), which is not affected by either vulnerability. For file upload scenarios, instead of using user-provided filenames, generate random names to eliminate the attack vector with `getRandomName()` when using the `move()` method, or use the `store()` method, which automatically generates safe filenames. For text operations, if one must use ImageMagick with user-controlled text, sanitize the input to only allow safe characters and validate/restrict text options.

  2. CVE-2025-53770

    critical 9.8

    Exploit known

    Link to CVE page

    Intruder Insights

    Updated Jul 23, 2025

    This is a critical remote code execution vulnerability in Sharepoint when used on-prem - Sharepoint for Microsoft 365 is not affected. It is a variant of a previous bug which, in combination with CVE-2025-53771, allows an unauthenticated attacker to use a deserialization vulnerability to run code on the server.

    If you host a Sharepoint instance you should immediately apply the security update and review the advice on this Microsoft page. Paying particular attention to the sections describing how to rotate your Machine Key and detect if you were already compromised.

    As there was a lag time between information on this vulnerability being available to attackers and the availability of the patch, there has been active exploitation of Sharepoint instances during this period.

    We have deployed an active check (11am 22nd July) and set off an Emerging Threat Scan for all of our Enterprise customers. In addition, we are committing this to the public Nuclei templates repository so that you can check your systems via Intruder - or for free via Nuclei as soon as the request is merged.

    Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild. Microsoft is preparing and fully testing a comprehensive update to address this vulnerability. In the meantime, please make sure that the mitigation provided in this CVE documentation is in place so that you are protected from exploitation.

  3. CVE-2025-32463

    critical 9.3

    Link to CVE page

    Intruder Insights

    Updated Jul 2, 2025

    This is a serious local privilege escalation vulnerability in the sudo tool, which is present on most Unix systems. You should update this as soon as possible if your version is less than 1.9.14.

    Exploiting this vulnerability requires an attacker to have access to the machine already - so it's most serious in environments where lower-privileged users routinely have access to systems. However, all vulnerable systems should be patched.

    Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.