Vulnerability intelligence

CVE-2025-20741 describes a vulnerability found in the WLAN AP driver, attributed to MediaTek, Inc. This flaw is characterized as a possible out-of-bounds write, stemming from an incorrect bounds check within the driver's code. Exploitation of this vulnerability could potentially lead to a local escalation of privilege. This scenario would occur if a malicious actor has already obtained System privilege on the affected system. User interaction is not required for the exploitation of this issue.

CVE-2025-55182 is a critical unauthenticated remote code execution (RCE) vulnerability found in React Server Components (RSC) versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0. This vulnerability affects packages including `react-server-dom-parcel`, `react-server-dom-turbopack`, and `react-server-dom-webpack`. The flaw stems from insecure deserialization in the RSC payload handling logic, allowing attacker-controlled data to influence server-side execution. Exploitation requires only a crafted HTTP request. Patches are available for React and Next.js. It is recommended to upgrade to patched React versions such as 19.0.1, 19.1.2, or 19.2.1, and to update frameworks like Next.js to their corresponding patched versions.

CVE-2026-28289 is a Remote Code Execution (RCE) vulnerability impacting FreeScout, a help desk and shared inbox application built with the Laravel framework. This flaw, also known as "Mail2Shell," is a patch bypass for a previously identified vulnerability (CVE-2026-27636). It allows an attacker to execute arbitrary code on the server by exploiting a filename sanitization bypass during file uploads. The vulnerability specifically involves the upload of malicious `.htaccess` files. FreeScout's sanitization logic, intended to prevent dangerous file uploads, can be circumvented by prepending a zero-width Unicode character to the filename. This bypasses validation checks, allowing the `.htaccess` file to be saved and subsequently used to execute arbitrary commands, potentially through a PHP webshell. In some scenarios, this can be triggered without authentication or user interaction by sending a specially crafted email to a FreeScout mailbox.

TrueConf Client downloads application update code and applies it without performing verification. An attacker who is able to influence the update delivery path can substitute a tampered update payload. If the payload is executed or installed by the updater, this may result in arbitrary code execution in the context of the updating process or user.

Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP leading to memory overread