Activity

Hype increased to 30

CVE-2025-11953 is a vulnerability in the `@react-native-community/cli` NPM package, specifically affecting versions 4.8.0 through 20.0.0-alpha.2. This flaw stems from the Metro development server, used by React Native, binding to external interfaces by default and exposing an "/open-url" endpoint susceptible to OS command injection. The vulnerability allows unauthenticated network attackers to send a POST request to the server, running arbitrary executables. On Windows, attackers can execute arbitrary shell commands with fully controlled arguments. While macOS and Linux systems have slightly more restricted exploitation paths, researchers believe arbitrary command execution is achievable. The package has been patched in version 20.0.0.

Hype increased to 30

CVE-2025-21479 is an incorrect authorization vulnerability found in the Graphics component of Qualcomm's Adreno GPU driver. This flaw can lead to memory corruption due to unauthorized command execution in the GPU microcode when a specific sequence of commands is processed. Successful exploitation of CVE-2025-21479 could allow attackers to execute unauthorized commands, potentially corrupting system memory. Qualcomm has released patches for this vulnerability and recommends that OEMs deploy the updates to affected devices as soon as possible. There are indications that this vulnerability may be under limited, targeted exploitation.

Hype increased to 32

CVE-2025-62626 affects AMD Zen 5 processors and involves a flaw in the RDSEED instruction, which is used for generating cryptographically secure random numbers. The vulnerability stems from improper handling of insufficient entropy, causing the RDSEED instruction to sometimes return a zero value while incorrectly signaling success. This can lead software to believe it has received a valid random number when it has actually obtained a predictable zero value. The issue impacts the 16-bit and 32-bit forms of the RDSEED instruction. This can result in weak encryption keys, predictable authentication tokens, or compromised security protocols because applications may consume insufficiently random values. A local attacker could potentially influence the values returned by RDSEED, further degrading randomness quality. AMD plans to release microcode patches to address this vulnerability.

Hype increased to 30

CVE-2025-9491 is a vulnerability affecting Microsoft Windows, specifically how it handles .LNK (shortcut) files. This flaw, classified as a User Interface Misrepresentation of Critical Information, allows crafted .LNK files to hide hazardous content from users inspecting the file through the Windows UI. An attacker can exploit this by making malicious elements invisible or misleading. To exploit this vulnerability, a remote attacker needs a user to either visit a malicious page or open a malicious file. Successful exploitation allows the attacker to execute arbitrary code within the context of the current user. This has been leveraged in attacks involving spear-phishing emails containing URLs that lead to malicious LNK files. These files can then execute PowerShell commands to deploy malware, such as the PlugX remote access trojan.

Vulnerability name

CWP Control Web Panel OS Command Injection Vulnerability

Product

CWP Control Web Panel

CVE-2025-48703 is a Remote Code Execution (RCE) vulnerability found in the `filemanager` module of a web hosting control panel, such as cPanel. The vulnerability stems from improper input sanitization in the `acc=changePerm` function, which allows attackers to inject and execute arbitrary system commands using the `t_total` parameter. This vulnerability allows attackers to execute arbitrary commands on the target server. Successful exploitation could lead to establishing a reverse shell for persistent access and potentially escalating privileges or moving laterally within the system. It was reported to affect CentOS Web Panel (CWP) versions 0.9.8.1204 and 0.9.8.1188.

Vulnerability name

Gladinet CentreStack and Triofox Files or Directories Accessible to External Parties Vulnerability

Product

Gladinet CentreStack and Triofox

CVE-2025-11371 is an unauthenticated local file inclusion vulnerability found in Gladinet CentreStack and TrioFox. It exists in the default installation and configuration of these applications. The vulnerability allows attackers to read sensitive system files without authentication. Exploitation of this vulnerability has been observed in the wild. The vulnerability impacts all versions of Gladinet CentreStack and TrioFox up to and including 16.7.10368.56560. By exploiting this flaw, a threat actor can retrieve the machine key from the application's Web.config file. This key can then be used to perform remote code execution via a ViewState deserialization vulnerability.

Hype increased to 30

CVE-2023-20198 is a vulnerability found in the web UI feature of Cisco IOS XE Software. It involves improper path validation, which allows attackers to bypass Nginx filtering and access the webui_wsma_http web endpoint without authentication. This access enables execution of arbitrary Cisco IOS commands or configuration changes with Privilege 15. Exploitation of this vulnerability typically involves targeting two specific XML SOAP endpoints: cisco:wsma-exec for command execution and configuration changes, and cisco:wsma-config for tasks like adding new user accounts. Attackers were observed exploiting CVE-2023-20198 to gain initial access, create a local user account, and then leverage another vulnerability (CVE-2023-20273) to escalate privileges to root and install malware. Cisco IOS XE Software runs on various Cisco networking devices, including routers, switches, and wireless controllers.

Hype increased to 31

CVE-2025-52665 is a Remote Code Execution (RCE) vulnerability that exists in the UniFi Access Application. A malicious actor with access to the management network could exploit a misconfiguration in UniFi's door access application, UniFi Access, that exposed a management API without proper authentication. The vulnerability affects UniFi Access Application versions 3.3.22 through 3.4.31. To mitigate this vulnerability, it is recommended to update your UniFi Access Application to version 4.0.21 or later.

Hype increased to 30

CVE-2023-20198 is a vulnerability found in the web UI feature of Cisco IOS XE Software. It involves improper path validation, which allows attackers to bypass Nginx filtering and access the webui_wsma_http web endpoint without authentication. This access enables execution of arbitrary Cisco IOS commands or configuration changes with Privilege 15. Exploitation of this vulnerability typically involves targeting two specific XML SOAP endpoints: cisco:wsma-exec for command execution and configuration changes, and cisco:wsma-config for tasks like adding new user accounts. Attackers were observed exploiting CVE-2023-20198 to gain initial access, create a local user account, and then leverage another vulnerability (CVE-2023-20273) to escalate privileges to root and install malware. Cisco IOS XE Software runs on various Cisco networking devices, including routers, switches, and wireless controllers.

Hype increased to 30

CVE-2025-40778 is a vulnerability in BIND 9 that stems from the software being too lenient when accepting records from answers. This allows an attacker to inject forged data into the cache. The vulnerability affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1. Exploitation of this vulnerability can result in forged records being injected into the cache during a query, which can potentially affect the resolution of future queries.

Hype increased to 30

CVE-2025-41244 is a local privilege escalation vulnerability affecting VMware Tools and VMware Aria Operations. It stems from overly broad regular expression patterns in the `get-versions.sh` component used by both VMware Tools and Aria Operations' Service Discovery Management Pack (SDMP). The `get_version()` function in this script scans for listening sockets and then executes matched binaries to retrieve version information. However, the use of the non-whitespace shorthand `\S` unintentionally includes user-writable directories such as `/tmp/httpd`. Attackers can exploit this by staging malicious binaries in these user-writable locations. The privileged VMware context then executes these binaries, leading to a local privilege escalation. By mimicking system binaries in writable paths, CVE-2025-41244 violates CWE-426: Untrusted Search Path, offering trivial local privilege escalation opportunities.

Hype increased to 30

CVE-2025-58726 is a privilege escalation vulnerability affecting Windows SMB servers. It stems from improper access control in the Windows SMB Server, allowing an attacker to elevate privileges over a network. The vulnerability can be exploited by combining misconfigured Service Principal Names (SPNs) with Kerberos reflection attacks to gain SYSTEM-level access on domain-joined machines. The attack involves capturing authentication requests from victim machines and reflecting them back to the same service. This tricks domain-joined machines into authenticating to attacker-controlled endpoints. By creating a DNS entry for a Ghost SPN pointing to their controlled IP address, attackers redirect authentication attempts, ultimately gaining remote code execution with SYSTEM privileges. Microsoft released patches for this vulnerability in October 2025.

Hype increased to 31

CVE-2025-59287 is a remote code execution vulnerability affecting the Windows Server Update Service (WSUS). The vulnerability stems from the deserialization of untrusted data within WSUS. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted event that triggers unsafe object deserialization within a legacy serialization mechanism. Successful exploitation allows the attacker to execute arbitrary code on the target system.

Vulnerability name

Broadcom VMware Aria Operations and VMware Tools Privilege Defined with Unsafe Actions Vulnerability

Product

Broadcom VMware Aria Operations and VMware Tools

CVE-2025-41244 is a local privilege escalation vulnerability affecting VMware Tools and VMware Aria Operations. It stems from overly broad regular expression patterns in the `get-versions.sh` component used by both VMware Tools and Aria Operations' Service Discovery Management Pack (SDMP). The `get_version()` function in this script scans for listening sockets and then executes matched binaries to retrieve version information. However, the use of the non-whitespace shorthand `\S` unintentionally includes user-writable directories such as `/tmp/httpd`. Attackers can exploit this by staging malicious binaries in these user-writable locations. The privileged VMware context then executes these binaries, leading to a local privilege escalation. By mimicking system binaries in writable paths, CVE-2025-41244 violates CWE-426: Untrusted Search Path, offering trivial local privilege escalation opportunities.

Vulnerability name

XWiki Platform Eval Injection Vulnerability

Product

XWiki Platform

CVE-2025-24893 is a critical remote code execution (RCE) vulnerability found in the XWiki Platform. It exists within the SolrSearch macro due to insufficient input sanitization. The vulnerability allows unauthenticated attackers to execute arbitrary Groovy code on affected servers. This can be achieved by sending a crafted HTTP request with a malicious payload to the vulnerable XWiki instance. The vulnerability stems from the way the SolrSearch macro evaluates search parameters, specifically when processing RSS feed requests, without proper sanitization of scripting language special characters. By injecting Groovy expressions into the search query, attackers can cause the system to evaluate arbitrary code within the context of the XWiki server process. This vulnerability affects XWiki Platform versions from 5.3-milestone-2 up to but not including 15.10.11, and from 16.0.0-rc-1 to 16.4.1.