Vulnerability intelligence

Updated 16 minutes ago

Feeds

Trending now

CVEs trending on social media within the last 24 hours

Hypemeter

640100

Current score

Worth a look

  1. 1

    CVE-2025-6554 Published Jun 30, 2025

    Hype score

    64

    high 8.1

    Exploit known

    Google Chrome V8

    CVE-2025-6554 is a type confusion vulnerability found in the V8 JavaScript engine, which is used in Chrome and other Chromium-based browsers. This vulnerability can be exploited by remote, unauthenticated attackers by serving crafted HTML pages to targeted users. If successful, the attacker can trick V8 into misinterpreting memory types, potentially leading to arbitrary read/write operations. In some scenarios, this could allow for full remote code execution. Google is aware that the vulnerability is being actively exploited in the wild. A security update has been released for Chrome to address this zero-day vulnerability. The vulnerability was discovered by Clément Lecigne of Google's Threat Analysis Group (TAG) on June 25, 2025.

  2. 2

    CVE-2025-32463 Published Jun 30, 2025

    Hype score

    63

    critical 9.3

    sudochwoot

    CVE-2025-32463 is a vulnerability that affects Sudo versions 1.9.14 to 1.9.17 inclusive. It allows a local user to gain root access. This is possible because the `/etc/nsswitch.conf` file from a user-controlled directory is used with the `--chroot` option. An attacker can exploit this vulnerability by using Sudo's `-R` or `--chroot` option to execute arbitrary commands as root, even if they are not listed in the `sudoers` file. The vulnerability was fixed in Sudo version 1.9.17p1.

  3. 3

    CVE-2025-47812

    Hype score

    44

    Wing FTP Server

    CVE-2025-47812 is a remote code execution vulnerability in Wing FTP Server. The vulnerability arises because the application doesn't properly handle NULL bytes in usernames. By appending a NULL byte to the username, an attacker can bypass authentication and inject Lua code into session files. Specifically, when a user authenticates with a NULL-byte injected username, the server creates a new session ID and stores the NULL byte in the session variable. This allows an attacker to inject arbitrary Lua code, leading to remote code execution with root privileges on Linux systems and SYSTEM rights on Windows systems because the wftpserver runs with elevated privileges by default.

See more

Insights

See more

Our Security Team's most recent CVE analysis

  1. CVE-2025-32463

    critical 9.3

    Link to CVE page

    Intruder Insights

    Updated Jul 2, 2025

    This is a serious local privilege escalation vulnerability in the sudo tool, which is present on most Unix systems. You should update this as soon as possible if your version is less than 1.9.14.

    Exploiting this vulnerability requires an attacker to have access to the machine already - so it's most serious in environments where lower-privileged users routinely have access to systems. However, all vulnerable systems should be patched.

    Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.

  2. CVE-2025-4428

    high 7.2

    Exploit known

    Link to CVE page

    Intruder Insights

    Updated May 19, 2025

    This CVE references a Java Expression Language injection vulnerability in Ivanti EPMM, which allows a user with access to a particular API to execute arbitrary code.

    In conjunction with CVE-2025-4427 - an auth bypass vulnerability which gives access to the API in question - this can be used by an unauthenticated attacker.

    More information on exact vulnerable versions can be found here - you should patch immediately if vulnerable. Note that in the recommended deployment of EPMM, where the API is not accessible to the internet, the impact is reduced.

    Remote Code Execution in API component in Ivanti Endpoint Manager Mobile 12.5.0.0 and prior on unspecified platforms allows authenticated attackers to execute arbitrary code via crafted API requests.

  3. Link to CVE page

    Intruder Insights

    Updated Apr 28, 2025

    If caching is in use on this application, it is likely this can be used to poison the cache, causing the modified data to be shown to other users.

    There is also potential to then use this for cross-site scripting, although, this would depend on how the data is processed by the client, and will not be the case for all applications.

    In order for this application to be vulnerable, React Router must be used in Framework mode.

    React Router is a router for React. In versions on the 7.0 branch prior to version 7.5.2, it's possible to modify pre-rendered data by adding a header to the request. This allows to completely spoof its contents and modify all the values ​​of the data object passed to the HTML. This issue has been patched in version 7.5.2.