Activity

Hype increased to 30

CVE-2025-9961 is a remote code execution (RCE) vulnerability found in TP-Link routers, specifically affecting the CWMP (CPE WAN Management Protocol) binary. An authenticated attacker can exploit this flaw to remotely execute arbitrary code on the affected devices. The vulnerability can be triggered by sending malformed SOAP requests. The vulnerability is a stack-based buffer overflow within the cwmp process. Security researchers bypassed Address Space Layout Randomization (ASLR) by brute-forcing the base address of the standard C library. Successful exploitation allows an attacker to gain full control of the router, potentially intercepting traffic, launching attacks on the local network, or adding the device to a botnet. The exploit often involves using a return-to-libc (ret2libc) technique to call the system() function with a command to download and execute a malicious binary from an attacker-controlled server.

Vulnerability name

Samsung Mobile Devices Out-of-Bounds Write Vulnerability

Product

Samsung Mobile Devices

CVE-2025-21042 is an out-of-bounds write vulnerability found in Samsung's libimagecodec.quram.so library. This library is responsible for handling image parsing and decoding on Samsung Galaxy devices. The vulnerability is triggered when processing a specially crafted image file, leading to a write operation outside the allocated memory boundaries. Successful exploitation of this vulnerability allows remote attackers to execute arbitrary code on affected devices. This can be achieved through various channels such as email attachments, messaging apps, or web browsing, where the device processes an attacker-supplied image. A patch has been released in the SMR Apr-2025 Release 1 security update to address this vulnerability.

Hype increased to 31

CVE-2025-21042 is an out-of-bounds write vulnerability found in Samsung's libimagecodec.quram.so library. This library is responsible for handling image parsing and decoding on Samsung Galaxy devices. The vulnerability is triggered when processing a specially crafted image file, leading to a write operation outside the allocated memory boundaries. Successful exploitation of this vulnerability allows remote attackers to execute arbitrary code on affected devices. This can be achieved through various channels such as email attachments, messaging apps, or web browsing, where the device processes an attacker-supplied image. A patch has been released in the SMR Apr-2025 Release 1 security update to address this vulnerability.

Hype increased to 30

CVE-2025-20333 is a vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software. It stems from improper validation of user-supplied input in HTTP(S) requests. An authenticated, remote attacker with valid VPN user credentials could exploit this vulnerability by sending crafted HTTP requests to an affected device. Successful exploitation could allow the attacker to execute arbitrary code as root, potentially leading to complete compromise of the device. Cisco has released software updates to address this vulnerability.

Hype increased to 30

CVE-2025-64459 is an SQL injection vulnerability affecting Django, a widely-used Python web framework. The vulnerability resides in the `QuerySet` methods (`filter()`, `exclude()`, `get()`) and the `Q()` class. It occurs when a crafted dictionary with dictionary expansion is used as the `_connector` argument. Attackers can exploit this vulnerability by injecting malicious SQL commands through manipulating the `_connector` argument in `QuerySet` methods. This can lead to unauthorized database access, data manipulation, or exposure of sensitive information. Django versions 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8 are affected. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) might also be affected.

Hype increased to 30

CVE-2025-11953 is a vulnerability in the `@react-native-community/cli` NPM package, specifically affecting versions 4.8.0 through 20.0.0-alpha.2. This flaw stems from the Metro development server, used by React Native, binding to external interfaces by default and exposing an "/open-url" endpoint susceptible to OS command injection. The vulnerability allows unauthenticated network attackers to send a POST request to the server, running arbitrary executables. On Windows, attackers can execute arbitrary shell commands with fully controlled arguments. While macOS and Linux systems have slightly more restricted exploitation paths, researchers believe arbitrary command execution is achievable. The package has been patched in version 20.0.0.

Hype increased to 30

CVE-2025-21479 is an incorrect authorization vulnerability found in the Graphics component of Qualcomm's Adreno GPU driver. This flaw can lead to memory corruption due to unauthorized command execution in the GPU microcode when a specific sequence of commands is processed. Successful exploitation of CVE-2025-21479 could allow attackers to execute unauthorized commands, potentially corrupting system memory. Qualcomm has released patches for this vulnerability and recommends that OEMs deploy the updates to affected devices as soon as possible. There are indications that this vulnerability may be under limited, targeted exploitation.

Hype increased to 32

CVE-2025-62626 affects AMD Zen 5 processors and involves a flaw in the RDSEED instruction, which is used for generating cryptographically secure random numbers. The vulnerability stems from improper handling of insufficient entropy, causing the RDSEED instruction to sometimes return a zero value while incorrectly signaling success. This can lead software to believe it has received a valid random number when it has actually obtained a predictable zero value. The issue impacts the 16-bit and 32-bit forms of the RDSEED instruction. This can result in weak encryption keys, predictable authentication tokens, or compromised security protocols because applications may consume insufficiently random values. A local attacker could potentially influence the values returned by RDSEED, further degrading randomness quality. AMD plans to release microcode patches to address this vulnerability.

Hype increased to 30

CVE-2025-9491 is a vulnerability affecting Microsoft Windows, specifically how it handles .LNK (shortcut) files. This flaw, classified as a User Interface Misrepresentation of Critical Information, allows crafted .LNK files to hide hazardous content from users inspecting the file through the Windows UI. An attacker can exploit this by making malicious elements invisible or misleading. To exploit this vulnerability, a remote attacker needs a user to either visit a malicious page or open a malicious file. Successful exploitation allows the attacker to execute arbitrary code within the context of the current user. This has been leveraged in attacks involving spear-phishing emails containing URLs that lead to malicious LNK files. These files can then execute PowerShell commands to deploy malware, such as the PlugX remote access trojan.

Vulnerability name

CWP Control Web Panel OS Command Injection Vulnerability

Product

CWP Control Web Panel

CVE-2025-48703 is a Remote Code Execution (RCE) vulnerability found in the `filemanager` module of a web hosting control panel, such as cPanel. The vulnerability stems from improper input sanitization in the `acc=changePerm` function, which allows attackers to inject and execute arbitrary system commands using the `t_total` parameter. This vulnerability allows attackers to execute arbitrary commands on the target server. Successful exploitation could lead to establishing a reverse shell for persistent access and potentially escalating privileges or moving laterally within the system. It was reported to affect CentOS Web Panel (CWP) versions 0.9.8.1204 and 0.9.8.1188.

Vulnerability name

Gladinet CentreStack and Triofox Files or Directories Accessible to External Parties Vulnerability

Product

Gladinet CentreStack and Triofox

CVE-2025-11371 is an unauthenticated local file inclusion vulnerability found in Gladinet CentreStack and TrioFox. It exists in the default installation and configuration of these applications. The vulnerability allows attackers to read sensitive system files without authentication. Exploitation of this vulnerability has been observed in the wild. The vulnerability impacts all versions of Gladinet CentreStack and TrioFox up to and including 16.7.10368.56560. By exploiting this flaw, a threat actor can retrieve the machine key from the application's Web.config file. This key can then be used to perform remote code execution via a ViewState deserialization vulnerability.

Hype increased to 30

CVE-2023-20198 is a vulnerability found in the web UI feature of Cisco IOS XE Software. It involves improper path validation, which allows attackers to bypass Nginx filtering and access the webui_wsma_http web endpoint without authentication. This access enables execution of arbitrary Cisco IOS commands or configuration changes with Privilege 15. Exploitation of this vulnerability typically involves targeting two specific XML SOAP endpoints: cisco:wsma-exec for command execution and configuration changes, and cisco:wsma-config for tasks like adding new user accounts. Attackers were observed exploiting CVE-2023-20198 to gain initial access, create a local user account, and then leverage another vulnerability (CVE-2023-20273) to escalate privileges to root and install malware. Cisco IOS XE Software runs on various Cisco networking devices, including routers, switches, and wireless controllers.

Hype increased to 31

CVE-2025-52665 is a Remote Code Execution (RCE) vulnerability that exists in the UniFi Access Application. A malicious actor with access to the management network could exploit a misconfiguration in UniFi's door access application, UniFi Access, that exposed a management API without proper authentication. The vulnerability affects UniFi Access Application versions 3.3.22 through 3.4.31. To mitigate this vulnerability, it is recommended to update your UniFi Access Application to version 4.0.21 or later.