Vulnerability intelligence

Updated 43 minutes ago

Feeds

Trending now

CVEs trending on social media within the last 24 hours

Hypemeter

530100

Current score

Soft-boiled

  1. 1

    CVE-2025-54135

    Hype score

    53

    CVE-2025-54135 is a security vulnerability in the Cursor AI code editor that could lead to remote code execution. This vulnerability, dubbed "CurXecute" by Aim Labs, arises from the way Cursor interacts with Model Control Protocol (MCP) servers to access external tools. By feeding malicious prompts to the AI agent, an attacker can trigger the execution of attacker-controlled commands. The vulnerability involves a prompt injection that silently rewrites the "~/.cursor/mcp.json" file. This file is used to configure custom MCP servers in Cursor, and the vulnerability allows the execution of any new entry without requiring confirmation. An attacker can inject a malicious command through a single line of prompting, influencing Cursor's actions and gaining remote code execution under the user's privileges.

  2. 2

    CVE-2025-5394 Published Jul 15, 2025

    Hype score

    30

    critical 9.8

    CVE-2025-5394 is a vulnerability affecting the Alone – Charity Multipurpose Non-profit WordPress Theme for WordPress. It exists due to a missing capability check in the `alone_import_pack_install_plugin()` function in versions up to and including 7.8.3. This allows unauthenticated attackers to upload arbitrary files, including zip files containing webshells disguised as plugins, from remote locations. Successful exploitation of this vulnerability can lead to remote code execution, potentially giving attackers complete control over the affected website. It has been observed that attackers are exploiting this vulnerability to upload ZIP archives containing PHP-based backdoors, enabling them to execute remote commands, upload additional files, and create rogue administrator accounts.

  3. 3

    CVE-2025-53558 Published Jul 31, 2025

    Hype score

    29

    high 8.7

    ZTE

    CVE-2025-53558 affects ZTE ZXHN-F660T and ZXHN-F660A devices provided by ZTE Japan K.K. These devices use a common credential for all installations. An attacker with knowledge of this credential can log in to the affected devices. To mitigate this vulnerability, it is recommended to update the firmware to the latest version or change the default credentials to unique, strong passwords.

See more

Known exploited

Sourced from CISA's Known Exploited Vulnerability (KEV) catalog.

  1. CVE-2023-2533 Published Jun 20, 2023

    high 8.4

    Exploit known

    PaperCut

    CVE-2023-2533 is a Cross-Site Request Forgery (CSRF) vulnerability affecting PaperCut NG/MF print management solutions. It stems from a security flaw that could allow attackers to manipulate system configurations and potentially gain unauthorized access to organizational networks. Under specific conditions, this vulnerability could enable an attacker to alter security settings or execute arbitrary code. Exploitation typically involves deceiving an administrator with an active login session into clicking a specially crafted, malicious link, potentially leading to unauthorized changes. CISA has added this vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, indicating that it is being actively exploited in the wild.

  2. CVE-2025-20281 Published Jun 25, 2025

    critical 10.0

    Exploit known

    Cisco ISECisco ISE-PIC

    CVE-2025-20281 is a vulnerability in a specific API of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC). It allows an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker doesn't need any valid credentials to exploit this vulnerability. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit it by submitting a crafted API request. Cisco has released software updates to address this vulnerability, and there are no known workarounds. This affects Cisco ISE and ISE-PIC releases 3.3 and later, but not 3.2 or earlier.

  3. CVE-2025-20337 Published Jul 16, 2025

    critical 10.0

    Exploit known

    Cisco ISECisco ISE-PIC

    CVE-2025-20337 is a vulnerability in a specific API of Cisco ISE (Identity Services Engine) and Cisco ISE-PIC (ISE Passive Identity Connector). It could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker doesn't need any valid credentials to exploit this vulnerability. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit it by submitting a crafted API request. Successful exploitation could allow the attacker to obtain root privileges on an affected device. This affects Cisco ISE and ISE-PIC releases 3.3 and 3.4, regardless of device configuration.

See more

Insights

See more

Our Security Team's most recent CVE analysis

  1. CVE-2025-54418

    critical 9.8

    Link to CVE page

    Intruder Insights

    Updated Jul 31, 2025

    For this vulnerability to be exploitable, the ImageMagick image processing library needs to be used to resize or add a text watermark to a user-uploaded file which was saved using a user-provided filename, or where the parameters for adding a watermark are user-controlled. File upload implementations that use a randomly generated filename before image resizing are not vulnerable.

    This vulnerability is simple to exploit and we expect to see active exploitation soon. However, attackers will need to locate file upload functionality within your applications first which will be difficult to fully automate at scale, so mass exploitation is unlikely.

    CodeIgniter is a PHP full-stack web framework. A command injection vulnerability present in versions prior to 4.6.2 affects applications that use the ImageMagick handler for image processing (`imagick` as the image library) and either allow file uploads with user-controlled filenames and process uploaded images using the `resize()` method or use the `text()` method with user-controlled text content or options. An attacker can upload a file with a malicious filename containing shell metacharacters that get executed when the image is processed or provide malicious text content or options that get executed when adding text to images Users should upgrade to v4.6.2 or later to receive a patch. As a workaround, switch to the GD image handler (`gd`, the default handler), which is not affected by either vulnerability. For file upload scenarios, instead of using user-provided filenames, generate random names to eliminate the attack vector with `getRandomName()` when using the `move()` method, or use the `store()` method, which automatically generates safe filenames. For text operations, if one must use ImageMagick with user-controlled text, sanitize the input to only allow safe characters and validate/restrict text options.

  2. CVE-2025-53770

    critical 9.8

    Exploit known

    Link to CVE page

    Intruder Insights

    Updated Jul 23, 2025

    This is a critical remote code execution vulnerability in Sharepoint when used on-prem - Sharepoint for Microsoft 365 is not affected. It is a variant of a previous bug which, in combination with CVE-2025-53771, allows an unauthenticated attacker to use a deserialization vulnerability to run code on the server.

    If you host a Sharepoint instance you should immediately apply the security update and review the advice on this Microsoft page. Paying particular attention to the sections describing how to rotate your Machine Key and detect if you were already compromised.

    As there was a lag time between information on this vulnerability being available to attackers and the availability of the patch, there has been active exploitation of Sharepoint instances during this period.

    We have deployed an active check (11am 22nd July) and set off an Emerging Threat Scan for all of our Enterprise customers. In addition, we are committing this to the public Nuclei templates repository so that you can check your systems via Intruder - or for free via Nuclei as soon as the request is merged.

    Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild. Microsoft is preparing and fully testing a comprehensive update to address this vulnerability. In the meantime, please make sure that the mitigation provided in this CVE documentation is in place so that you are protected from exploitation.

  3. CVE-2025-32463

    critical 9.3

    Link to CVE page

    Intruder Insights

    Updated Jul 2, 2025

    This is a serious local privilege escalation vulnerability in the sudo tool, which is present on most Unix systems. You should update this as soon as possible if your version is less than 1.9.14.

    Exploiting this vulnerability requires an attacker to have access to the machine already - so it's most serious in environments where lower-privileged users routinely have access to systems. However, all vulnerable systems should be patched.

    Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.