Activity

Vulnerability name

Dell RecoverPoint for Virtual Machines (RP4VMs) Use of Hard-coded Credentials Vulnerability

Product

Dell RecoverPoint for Virtual Machines (RP4VMs)

Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credential vulnerability. This is considered critical as an unauthenticated remote attacker with knowledge of the hardcoded credential could potentially exploit this vulnerability leading to unauthorized access to the underlying operating system and root-level persistence. Dell recommends that customers upgrade or apply one of the remediations as soon as possible.

Vulnerability name

GitLab Server-Side Request Forgery (SSRF) Vulnerability

Product

GitLab GitLab

When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is disabled

Vulnerability name

Google Chromium CSS Use-After-Free Vulnerability

Product

Google Chromium

Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Vulnerability name

TeamT5 ThreatSonar Anti-Ransomware Unrestricted Upload of File with Dangerous Type Vulnerability

Product

TeamT5 ThreatSonar Anti-Ransomware

CVE-2024-7694 describes a file upload vulnerability found in TeamT5's ThreatSonar Anti-Ransomware. The core of this vulnerability lies in the product's insufficient validation of uploaded file content. This flaw enables remote attackers who possess administrator privileges on the product platform to upload malicious files. Once a malicious file is uploaded, it can be leveraged to execute arbitrary system commands on the affected server. This vulnerability has been added to the CISA Known Exploited Vulnerabilities (KEV) Catalog, indicating that it has been actively exploited in real-world scenarios.

Vulnerability name

Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery Vulnerability

Product

Synacor Zimbra Collaboration Suite

CVE-2020-7796 is a Server-Side Request Forgery (SSRF) vulnerability identified in Zimbra Collaboration Suite (ZCS) versions prior to 8.8.15 Patch 7. This flaw specifically arises when the WebEx zimlet is installed and the zimlet JSP is enabled within the ZCS environment. Exploitation of this vulnerability allows an attacker to send unauthorized requests to a server. This can potentially enable access to sensitive information or resources that would typically be protected by firewalls or other security measures.

Vulnerability name

Microsoft Windows Video ActiveX Control Remote Code Execution Vulnerability

Product

Microsoft Windows

Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library (ATL), as used in the MPEG2TuneRequest ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted web page, as exploited in the wild in July 2009, aka "Microsoft Video ActiveX Control Vulnerability."

Vulnerability name

BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) OS Command Injection Vulnerability

Product

BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)

CVE-2026-1731 is identified as a pre-authentication remote code execution vulnerability impacting BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) products. This flaw, categorized as an operating system command injection, allows an unauthenticated remote attacker to execute operating system commands in the context of the site user. The vulnerability can be exploited by sending specially crafted requests, and successful exploitation does not require any user interaction or prior authentication. BeyondTrust has released updates to address this issue, with patches available for Remote Support versions 25.3.2 and later, and Privileged Remote Access versions 25.1.1 and later.

Vulnerability name

SolarWinds Web Help Desk Security Control Bypass Vulnerability

Product

SolarWinds Web Help Desk

CVE-2025-40536 is a security control bypass vulnerability affecting SolarWinds Web Help Desk (WHD) software. This flaw enables an unauthenticated attacker to circumvent security measures and access functionalities that are typically restricted to authenticated users. Specifically, the vulnerability allows for the bypass of Cross-Site Request Forgery (CSRF) protections by injecting a particular URI parameter, which then grants access to restricted WebObjects components. This bypass can be a component in a chain of vulnerabilities, potentially leading to more significant compromises, such as unauthenticated remote code execution, when combined with other identified flaws in the software.

Vulnerability name

Apple Multiple Buffer Overflow Vulnerability

Product

Apple Multiple Products

CVE-2026-20700 is a memory corruption vulnerability found within Apple's `dyld` component, which is the Dynamic Link Editor responsible for loading dynamic libraries into memory and bridging application code with system frameworks. This flaw could enable an attacker with memory write capabilities to execute arbitrary code on affected devices. Apple addressed this issue through improved state management in updates for watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, visionOS 26.3, iOS 26.3, and iPadOS 26.3. Reports indicate that this vulnerability may have been exploited in "extremely sophisticated attacks" targeting specific individuals on versions of iOS preceding iOS 26. Google's Threat Analysis Group is credited with discovering and reporting the vulnerability.

Vulnerability name

Notepad++ Download of Code Without Integrity Check Vulnerability

Product

Notepad++ Notepad++

CVE-2025-15556 describes an update integrity verification vulnerability present in Notepad++ versions prior to 8.8.9. This flaw specifically affects the WinGUp updater component, which fails to cryptographically verify downloaded update metadata and installers. An attacker capable of intercepting or redirecting update traffic can exploit this vulnerability. By doing so, they can cause the WinGUp updater to download and execute a malicious, attacker-controlled installer. This ultimately results in arbitrary code execution with the privileges of the user.

Vulnerability name

Microsoft Configuration Manager SQL Injection Vulnerability

Product

Microsoft Configuration Manager

CVE-2024-43468 is a SQL injection vulnerability affecting Microsoft Configuration Manager (SCCM). It allows an unauthenticated attacker with network access to a Management Point to execute arbitrary SQL queries on the site database. The vulnerability stems from the lack of proper sanitization of externally influenced input when constructing SQL commands. Successful exploitation grants the attacker unauthorized access to the SQL server database with the same privileges as the SCCM process, potentially leading to remote code execution, malware deployment, credential theft, and lateral movement within the network.

Vulnerability name

SmarterTools SmarterMail Missing Authentication for Critical Function Vulnerability

Product

SmarterTools SmarterMail

CVE-2026-24423 is an unauthenticated remote code execution vulnerability found in SmarterTools SmarterMail versions prior to build 9511. The flaw resides within the `ConnectToHub` API method, which lacks proper authentication controls. An attacker can exploit this vulnerability by directing the vulnerable SmarterMail instance to connect to a malicious HTTP server. This malicious server then delivers operating system commands, which are subsequently executed by the SmarterMail application. This vulnerability has been added to CISA's Known Exploited Vulnerabilities Catalog and is reportedly being exploited in the wild, including in ransomware campaigns.

Vulnerability name

React Native Community CLI OS Command Injection Vulnerability

Product

React Native Community CLI

CVE-2025-11953 is a vulnerability in the `@react-native-community/cli` NPM package, specifically affecting versions 4.8.0 through 20.0.0-alpha.2. This flaw stems from the Metro development server, used by React Native, binding to external interfaces by default and exposing an "/open-url" endpoint susceptible to OS command injection. The vulnerability allows unauthenticated network attackers to send a POST request to the server, running arbitrary executables. On Windows, attackers can execute arbitrary shell commands with fully controlled arguments. While macOS and Linux systems have slightly more restricted exploitation paths, researchers believe arbitrary command execution is achievable. The package has been patched in version 20.0.0.

Vulnerability name

SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability

Product

SolarWinds Web Help Desk

CVE-2025-40551 is a remote code execution (RCE) vulnerability identified in SolarWinds Web Help Desk (WHD) software. This flaw originates from an untrusted data deserialization weakness, which allows an attacker to execute commands on the host machine. Exploitation of CVE-2025-40551 can occur without requiring authentication. This vulnerability is often discussed alongside other related issues in SolarWinds WHD, forming potential attack chains.

Vulnerability name

Sangoma FreePBX OS Command Injection Vulnerability

Product

Sangoma FreePBX

CVE-2025-64328 identifies a command injection vulnerability within the FreePBX Endpoint Manager module. Specifically, the flaw resides in the `check_ssh_connect()` function of the Filestore component. This post-authentication vulnerability allows an authenticated attacker to execute arbitrary shell commands as the `asterisk` user on the affected system. This vulnerability impacts FreePBX Endpoint Manager versions 17.0.2.36 and above, prior to version 17.0.3. Reports indicate that a financially motivated hacker group, INJ3CTOR3, has actively exploited CVE-2025-64328 since early December 2025 to deploy a persistent webshell known as "EncystPHP," enabling them to gain administrative control over compromised VoIP systems.

Vulnerability name

GitLab Community and Enterprise Editions Server-Side Request Forgery (SSRF) Vulnerability

Product

GitLab Community and Enterprise Editions

An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.5 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Unauthorized external users could perform Server Side Requests via the CI Lint API

Vulnerability name

Sangoma FreePBX Improper Authentication Vulnerability

Product

Sangoma FreePBX

CVE-2019-19006 is an improper authentication vulnerability found in Sangoma FreePBX versions 115.0.16.26 and below, 14.0.13.11 and below, and 13.0.197.13 and below. This flaw allows a remote attacker to bypass the login mechanism and gain full administrative access to the FreePBX system without valid credentials. Exploiting this vulnerability enables an unauthenticated user to effectively take control of the PBX web interface, allowing them to change configurations, access call logs, and manage users. The vulnerability is categorized as an incorrect access control issue.

Vulnerability name

Fortinet Multiple Products Authentication Bypass Using an Alternate Path or Channel Vulnerability

Product

Fortinet Multiple Products

An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.5, FortiAnalyzer 7.4.0 through 7.4.9, FortiAnalyzer 7.2.0 through 7.2.11, FortiAnalyzer 7.0.0 through 7.0.15, FortiManager 7.6.0 through 7.6.5, FortiManager 7.4.0 through 7.4.9, FortiManager 7.2.0 through 7.2.11, FortiManager 7.0.0 through 7.0.15, FortiOS 7.6.0 through 7.6.5, FortiOS 7.4.0 through 7.4.10, FortiOS 7.2.0 through 7.2.12, FortiOS 7.0.0 through 7.0.18, FortiProxy 7.6.0 through 7.6.4, FortiProxy 7.4.0 through 7.4.12, FortiProxy 7.2.0 through 7.2.15, FortiProxy 7.0.0 through 7.0.22, FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11 may allow an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices.

Vulnerability name

Microsoft Office Security Feature Bypass Vulnerability

Product

Microsoft Office

Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally.

Vulnerability name

GNU InetUtils Argument Injection Vulnerability

Product

GNU InetUtils

telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment variable.

Vulnerability name

SmarterTools SmarterMail Authentication Bypass Using an Alternate Path or Channel Vulnerability

Product

SmarterTools SmarterMail

CVE-2026-23760 is an authentication bypass vulnerability found in SmarterTools SmarterMail versions prior to build 9511. This flaw exists within the product's password reset API, specifically the `force-reset-password` endpoint, which permits anonymous requests. An unauthenticated attacker can exploit this vulnerability by supplying a target administrator's username and a new password. This action allows them to reset the administrator's account without prior authentication or verification of the existing password or a reset token, leading to a complete administrative compromise of the SmarterMail instance. The administrative access gained through this bypass can further enable the execution of operating system commands via SmarterMail's built-in management functionalities. This vulnerability has been actively exploited in the wild.

Vulnerability name

SmarterTools SmarterMail Unrestricted Upload of File with Dangerous Type Vulnerability

Product

SmarterTools SmarterMail

CVE-2025-52691 is a vulnerability in SmarterMail versions Build 9406 and earlier. It allows an unauthenticated attacker to upload arbitrary files to any location on the mail server. This vulnerability can lead to remote code execution, potentially giving attackers complete control over compromised systems. Exploitation could result in unauthorized access to sensitive email communications, malware deployment, data exfiltration, and lateral movement within corporate networks.

Vulnerability name

Linux Kernel Integer Overflow Vulnerability

Product

Linux Kernal

An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerable.

Vulnerability name

Broadcom VMware vCenter Server Out-of-bounds Write Vulnerability

Product

Broadcom VMware vCenter Server

CVE-2024-37079 is a heap-overflow vulnerability found within the DCERPC protocol implementation of VMware vCenter Server. This flaw allows a malicious actor with network access to the vCenter Server to send specially crafted network packets. Successful exploitation of this vulnerability can lead to remote code execution on the affected server. This vulnerability has been observed to be actively exploited in the wild.

Vulnerability name

Synacor Zimbra Collaboration Suite (ZCS) PHP Remote File Inclusion Vulnerability

Product

Synacor Zimbra Collaboration Suite (ZCS)

CVE-2025-68645 is a Local File Inclusion (LFI) vulnerability found in the Webmail Classic UI of Zimbra Collaboration (ZCS) versions 10.0 and 10.1. This vulnerability stems from the improper handling of user-supplied request parameters in the RestFilter servlet. An unauthenticated remote attacker can exploit this vulnerability by crafting requests to the `/h/rest` endpoint. This allows the attacker to influence internal request dispatching, leading to the inclusion of arbitrary files from the WebRoot directory.

Vulnerability name

Prettier eslint-config-prettier Embedded Malicious Code Vulnerability

Product

Prettier eslint-config-prettier

eslint-config-prettier 8.10.1, 9.1.1, 10.1.6, and 10.1.7 has embedded malicious code for a supply chain compromise. Installing an affected package executes an install.js file that launches the node-gyp.dll malware on Windows.

Vulnerability name

Versa Concerto Improper Authentication Vulnerability

Product

Versa Concerto

CVE-2025-34026 describes an authentication bypass vulnerability found within the Versa Concerto SD-WAN orchestration platform. This flaw stems from a misconfiguration in the Traefik reverse proxy, or an improper reliance on the X-Real-Ip header, which allows an attacker to circumvent authentication mechanisms. Successful exploitation of this vulnerability grants unauthorized access to administrative endpoints. Furthermore, attackers can leverage internal Actuator endpoints to retrieve sensitive data such as heap dumps and trace logs, which may contain credentials, session tokens, and other critical system information. The issue is known to affect Versa Concerto versions 12.1.2 through 12.2.0, and potentially other versions.

Vulnerability name

Vite Vitejs Improper Access Control Vulnerability

Product

Vite Vitejs

CVE-2025-31125 is an arbitrary file read vulnerability that affects Vite, a frontend tooling framework for JavaScript. The vulnerability exists because Vite exposes the content of non-allowed files when using `?inline&import` or `?raw?import`. Exploitation is possible if the Vite development server is exposed to the network using the `--host` or `server.host` configuration options. An unauthenticated attacker can exploit this vulnerability by crafting malicious HTTP requests to read arbitrary files on the server, potentially leading to sensitive information leakage. Users can mitigate this vulnerability by updating to versions 6.2.4, 6.1.3, 6.0.13, 5.4.16, or 4.5.11. If upgrading is not immediately feasible, restricting access to the Vite development server can provide temporary relief.

Vulnerability name

Cisco Unified Communications Products Code Injection Vulnerability

Product

Cisco Unified Communications Manager

A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unity Connection, and Cisco Webex Calling Dedicated Instance could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device.  This vulnerability is due to improper validation of user-supplied input in HTTP requests. An attacker could exploit this vulnerability by sending a sequence of crafted HTTP requests to the web-based management interface of an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root.  Note: Cisco has assigned this security advisory a Security Impact Rating (SIR) of Critical rather than High as the score indicates. The reason is that exploitation of this vulnerability could result in an attacker elevating privileges to root.