Vulnerability intelligence

Updated 43 minutes ago

Feeds

Trending now

CVEs trending on social media within the last 24 hours

Hypemeter

610100

Current score

Picking up steam

  1. 1

    CVE-2025-53786 Published Aug 6, 2025

    Hype score

    61

    high 8.0

    Microsoft Exchange Server

    CVE-2025-53786 is a vulnerability in Microsoft Exchange Server hybrid deployments. It allows an attacker with administrative access to an on-premises Exchange server to escalate privileges within the connected cloud environment. This can be achieved without leaving easily detectable traces. The vulnerability stems from the shared service principal used between on-premises Exchange servers and Exchange Online for authentication. By exploiting this, attackers can modify user passwords, convert cloud users to hybrid users, and impersonate hybrid users, gaining unchecked access for up to 24 hours. Microsoft recommends installing the April 2025 (or later) Hot Fix and implementing the changes in your Exchange Server and hybrid environment.

  2. 2

    CVE-2024-2887 Published Mar 26, 2024

    Hype score

    41

    high 7.7

    WebAssemblyGoogle Chrome

    CVE-2024-2887 is a type confusion vulnerability found in WebAssembly in Google Chrome versions prior to 123.0.6312.86. It can be triggered by a remote attacker who crafts a malicious HTML page. The vulnerability stems from how WebAssembly handles recursive type groups, which can lead to exceeding the maximum number of declared heap types and create opportunities for type confusion. Successful exploitation of CVE-2024-2887 allows a remote attacker to execute arbitrary code. This can lead to arbitrary read/write within the V8 memory sandbox, the ability to obtain addresses of JavaScript objects, and manipulation of object pointers. It was demonstrated at the Pwn2Own Vancouver 2024 hacking competition. Google patched this vulnerability in Chrome version 123.0.6312.86.

  3. 3

    CVE-2025-54948 Published Aug 5, 2025

    Hype score

    33

    critical 9.4

    Trend Micro Apex One

    CVE-2025-54948 is a command injection vulnerability that affects the on-premise version of Trend Micro Apex One. It exists within the Apex One management console, which listens on TCP ports 8080 and 4343 by default. The vulnerability stems from the lack of proper validation of a user-supplied string before using it to execute a system call. A pre-authenticated remote attacker could exploit this vulnerability to upload malicious code and execute commands on affected installations. This could allow an attacker to execute code in the context of IUSR. Trend Micro has observed attempts to actively exploit this vulnerability in the wild. A temporary fix is available, and a formal patch is expected in mid-August 2025.

See more

Known exploited

Sourced from CISA's Known Exploited Vulnerability (KEV) catalog.

  1. CVE-2020-25078 Published Sep 2, 2020

    high 7.5

    Exploit known

    D-Link

    An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. The unauthenticated /config/getuser endpoint allows for remote administrator password disclosure.

  2. CVE-2020-25079 Published Sep 2, 2020

    high 8.8

    Exploit known

    D-Link

    An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. cgi-bin/ddns_enc.cgi allows authenticated command injection.

  3. CVE-2022-40799 Published Nov 29, 2022

    high 8.8

    Exploit known

    D-Link

    Data Integrity Failure in 'Backup Config' in D-Link DNR-322L <= 2.60B15 allows an authenticated attacker to execute OS level commands on the device.

See more

Insights

See more

Our Security Team's most recent CVE analysis

  1. CVE-2025-54418

    critical 9.8

    Link to CVE page

    Intruder Insights

    Updated Jul 31, 2025

    For this vulnerability to be exploitable, the ImageMagick image processing library needs to be used to resize or add a text watermark to a user-uploaded file which was saved using a user-provided filename, or where the parameters for adding a watermark are user-controlled. File upload implementations that use a randomly generated filename before image resizing are not vulnerable.

    This vulnerability is simple to exploit and we expect to see active exploitation soon. However, attackers will need to locate file upload functionality within your applications first which will be difficult to fully automate at scale, so mass exploitation is unlikely.

    CodeIgniter is a PHP full-stack web framework. A command injection vulnerability present in versions prior to 4.6.2 affects applications that use the ImageMagick handler for image processing (`imagick` as the image library) and either allow file uploads with user-controlled filenames and process uploaded images using the `resize()` method or use the `text()` method with user-controlled text content or options. An attacker can upload a file with a malicious filename containing shell metacharacters that get executed when the image is processed or provide malicious text content or options that get executed when adding text to images Users should upgrade to v4.6.2 or later to receive a patch. As a workaround, switch to the GD image handler (`gd`, the default handler), which is not affected by either vulnerability. For file upload scenarios, instead of using user-provided filenames, generate random names to eliminate the attack vector with `getRandomName()` when using the `move()` method, or use the `store()` method, which automatically generates safe filenames. For text operations, if one must use ImageMagick with user-controlled text, sanitize the input to only allow safe characters and validate/restrict text options.

  2. CVE-2025-53770

    critical 9.8

    Exploit known

    Link to CVE page

    Intruder Insights

    Updated Jul 23, 2025

    This is a critical remote code execution vulnerability in Sharepoint when used on-prem - Sharepoint for Microsoft 365 is not affected. It is a variant of a previous bug which, in combination with CVE-2025-53771, allows an unauthenticated attacker to use a deserialization vulnerability to run code on the server.

    If you host a Sharepoint instance you should immediately apply the security update and review the advice on this Microsoft page. Paying particular attention to the sections describing how to rotate your Machine Key and detect if you were already compromised.

    As there was a lag time between information on this vulnerability being available to attackers and the availability of the patch, there has been active exploitation of Sharepoint instances during this period.

    We have deployed an active check (11am 22nd July) and set off an Emerging Threat Scan for all of our Enterprise customers. In addition, we are committing this to the public Nuclei templates repository so that you can check your systems via Intruder - or for free via Nuclei as soon as the request is merged.

    Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild. Microsoft is preparing and fully testing a comprehensive update to address this vulnerability. In the meantime, please make sure that the mitigation provided in this CVE documentation is in place so that you are protected from exploitation.

  3. CVE-2025-32463

    critical 9.3

    Link to CVE page

    Intruder Insights

    Updated Jul 2, 2025

    This is a serious local privilege escalation vulnerability in the sudo tool, which is present on most Unix systems. You should update this as soon as possible if your version is less than 1.9.14.

    Exploiting this vulnerability requires an attacker to have access to the machine already - so it's most serious in environments where lower-privileged users routinely have access to systems. However, all vulnerable systems should be patched.

    Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.