Activity

Vulnerability name

Wing FTP Server Improper Neutralization of Null Byte or NUL Character Vulnerability

Product

Wing FTP Server Wing FTP Server

CVE-2025-47812 is a remote code execution vulnerability in Wing FTP Server. The vulnerability arises because the application doesn't properly handle NULL bytes in usernames. By appending a NULL byte to the username, an attacker can bypass authentication and inject Lua code into session files. Specifically, when a user authenticates with a NULL-byte injected username, the server creates a new session ID and stores the NULL byte in the session variable. This allows an attacker to inject arbitrary Lua code, leading to remote code execution with root privileges on Linux systems and SYSTEM rights on Windows systems because the wftpserver runs with elevated privileges by default.

Vulnerability name

Citrix NetScaler ADC and Gateway Out-of-Bounds Read Vulnerability

Product

Citrix NetScaler ADC and Gateway

CVE-2025-5777 is a vulnerability affecting NetScaler ADC and NetScaler Gateway. It is caused by insufficient input validation, which leads to a memory overread. The vulnerability can be exploited on devices configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or an AAA virtual server. An unauthorized attacker could potentially grab valid session tokens from the memory of internet-facing NetScaler devices by sending a malformed request. Successful exploitation could allow the attacker to gain access to the appliances.

Vulnerability name

Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery (SSRF) Vulnerability

Product

Synacor Zimbra Collaboration Suite (ZCS)

CVE-2019-9621 is a Server-Side Request Forgery (SSRF) vulnerability affecting Zimbra Collaboration Suite (ZCS) versions before 8.6 patch 13, 8.7.x before 8.7.11 patch 10, and 8.8.x before 8.8.10 patch 7 or 8.8.x before 8.8.11 patch 3. It exists in the ProxyServlet component. The vulnerability allows a remote, unauthenticated attacker to send a crafted HTTP request to trick the Zimbra server into making unauthorized requests to internal or external systems. This can bypass network restrictions and potentially reach sensitive internal services, possibly exposing sensitive data.

Vulnerability name

PHPMailer Command Injection Vulnerability

Product

PHP PHPMailer

CVE-2016-10033 is a remote code execution vulnerability that exists in PHPMailer, a widely used PHP library for sending emails. The vulnerability is located in the `mailSend` function of the isMail transport method. It occurs because the `Sender` property is not properly sanitized. By injecting a backslash followed by a double quote (\") in a crafted `Sender` property, a remote attacker can pass extra parameters to the mail command. This can lead to the execution of arbitrary code on the affected server. The vulnerability was patched in PHPMailer version 5.2.18.

Vulnerability name

Rails Ruby on Rails Path Traversal Vulnerability

Product

Rails Ruby on Rails

CVE-2019-5418 is a file content disclosure vulnerability that exists in Action View versions less than 5.2.2.1, 5.1.6.2, 5.0.7.2, 4.2.11.1, and v3. It occurs when specially crafted accept headers, combined with calls to `render file`, can cause arbitrary files on the target server to be rendered, leading to the disclosure of their contents. An attacker can exploit this vulnerability by sending a request with a manipulated "Accept" header. This can allow the attacker to access sensitive files on the server's filesystem.

Vulnerability name

Multi-Router Looking Glass (MRLG) Buffer Overflow Vulnerability

Product

Looking Glass Multi-Router Looking Glass (MRLG)

CVE-2014-3931 is a vulnerability found in fastping.c in MRLG (Multi-Router Looking Glass) versions before 5.5.0. It involves a buffer overflow, where the software performs operations on a memory buffer but reads or writes to a memory location outside the intended boundary of that buffer. This vulnerability allows remote attackers to cause an arbitrary memory write and memory corruption. This could potentially allow an attacker to execute arbitrary code, alter the intended control flow, read sensitive information, or cause the system to crash.

Vulnerability name

Google Chromium V8 Type Confusion Vulnerability

Product

Google Chromium V8

CVE-2025-6554 is a type confusion vulnerability found in the V8 JavaScript engine, which is used in Chrome and other Chromium-based browsers. This vulnerability can be exploited by remote, unauthenticated attackers by serving crafted HTML pages to targeted users. If successful, the attacker can trick V8 into misinterpreting memory types, potentially leading to arbitrary read/write operations. In some scenarios, this could allow for full remote code execution. Google is aware that the vulnerability is being actively exploited in the wild. A security update has been released for Chrome to address this zero-day vulnerability. The vulnerability was discovered by Clément Lecigne of Google's Threat Analysis Group (TAG) on June 25, 2025.

Vulnerability name

TeleMessage TM SGNL Exposure of Core Dump File to an Unauthorized Control Sphere Vulnerability

Product

TeleMessage TM SGNL

CVE-2025-48928 affects TeleMessage TM SGNL and involves the exposure of a core dump file to an unauthorized control sphere. The vulnerability stems from a JSP application where the heap content is similar to a "core dump," potentially including passwords transmitted over HTTP. If the heap dump is not properly secured, unauthorized parties could retrieve this sensitive data. This vulnerability, categorized as CWE-528, can allow attackers to extract credentials or confidential messages from exposed dump files, threatening both data privacy and system integrity. It has been added to CISA's Known Exploited Vulnerabilities (KEV) Catalog, indicating active exploitation in the wild.

Vulnerability name

TeleMessage TM SGNL Initialization of a Resource with an Insecure Default Vulnerability

Product

TeleMessage TM SGNL

CVE-2025-48927 is a vulnerability found in the TeleMessage TM SGNL platform. It is due to an insecure default configuration of the Spring Boot Actuator, which exposes the `/heapdump` endpoint. This flaw is categorized as an Initialization of a Resource with an Insecure Default (CWE-1188). Attackers can exploit this exposed endpoint to access sensitive memory dumps. This could lead to unauthorized data access or privilege escalation. CISA has added this vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog and has issued an urgent advisory, setting a remediation deadline of July 22, 2025, for federal agencies.

Vulnerability name

Citrix NetScaler ADC and Gateway Buffer Overflow Vulnerability

Product

Citrix NetScaler ADC and Gateway

CVE-2025-6543 is a memory overflow vulnerability found in Citrix NetScaler ADC and NetScaler Gateway. It affects appliances configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server. The vulnerability stems from improper restriction of operations within the bounds of a memory buffer. Successful exploitation of CVE-2025-6543 could lead to unintended control flow and a denial-of-service (DoS) condition. Exploits targeting this vulnerability have been observed in the wild, prompting Citrix to release security updates.

Vulnerability name

AMI MegaRAC SPx Authentication Bypass by Spoofing Vulnerability

Product

AMI MegaRAC SPx

CVE-2024-54085 is a vulnerability found in AMI's SPx Baseboard Management Controller (BMC) software. It allows a remote attacker to bypass authentication through the Redfish Host Interface. Successful exploitation of this vulnerability could lead to a complete compromise of the affected system, including loss of confidentiality, integrity, and availability. AMI has released updates to address this vulnerability in SPx versions SPx_12.7+ and SPx_13.5.

Vulnerability name

D-Link DIR-859 Router Path Traversal Vulnerability

Product

D-Link DIR-859 Router

CVE-2024-0769 is a path traversal vulnerability affecting D-Link DIR-859 routers. It resides in the `/hedwig.cgi` component's HTTP POST request handler. By manipulating the `service` argument, remote attackers can bypass security restrictions and access sensitive files. The vulnerability allows unauthorized access to system files, potentially leading to complete system compromise and data theft. While the affected product is end-of-life, the public availability of the exploit makes it a threat if the device is still in operation.

Vulnerability name

Fortinet FortiOS Use of Hard-Coded Credentials Vulnerability

Product

Fortinet FortiOS

CVE-2019-6693 involves the use of a hard-coded cryptographic key within Fortinet's FortiOS, FortiManager, and FortiAnalyzer. This key is used to encrypt sensitive data in CLI configurations and backup files. An attacker with access to these configurations or backup files can decrypt the data, including user passwords (excluding the administrator's password), private keys' passphrases, and High Availability passwords, by using the hard-coded key. The vulnerability affects FortiOS versions up to 6.2.0, 6.0.0 to 6.0.6, and 5.6.10, as well as specific versions of FortiManager and FortiAnalyzer. Fortinet has released updates that allow administrators to enable a setting that prompts for a user-defined cryptographic key, which is then used to encrypt sensitive data, mitigating the risk.

Vulnerability name

Linux Kernel Improper Ownership Management Vulnerability

Product

Linux Kernel

CVE-2023-0386 is a flaw found in the Linux kernel's OverlayFS subsystem. It involves unauthorized access to the execution of a setuid file with capabilities. Specifically, the vulnerability lies in how a user copies a capable file from a nosuid mount into another mount. This "uid mapping bug" allows a local user to escalate their privileges on the system. The kernel fails to check if the user/group owning a file copied from the overlay file system to the 'upper' directory is mapped in the current user namespace. This can be exploited to create a SUID binary owned by root, allowing an unprivileged user to gain elevated privileges.