Activity

Vulnerability name

SolarWinds Serv-U Uncontrolled Resource Consumption Vulnerability

Product

SolarWinds Serv-U

SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service without authentication using Content-Encoding: deflate. Mitigation steps are provided to secure customer environments in the SolarWinds Trust Center if you are unable to deploy the update

Vulnerability name

Mirasvit Full Page Cache Warmer Deserialization of Untrusted Data Vulnerability

Product

Mirasvit Mirasvit Full Page Cache Warmer

Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a PHP object injection vulnerability that allows unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in the CacheWarmer cookie. Attackers can exploit the unrestricted call to PHP's native unserialize() function combined with gadget chains available in Magento and its dependencies to execute arbitrary code on the server.

Vulnerability name

Microsoft Internet Explorer Use-After-Free Vulnerability

Product

Microsoft Internet Explorer

Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4; Windows XP SP2 and SP3; Windows Server 2003 SP2; Windows Vista Gold, SP1, and SP2; Windows Server 2008 Gold, SP2, and R2; and Windows 7 allows remote attackers to execute arbitrary code by accessing a pointer associated with a deleted object, related to incorrectly initialized memory and improper handling of objects in memory, as exploited in the wild in December 2009 and January 2010 during Operation Aurora, aka "HTML Object Memory Corruption Vulnerability."

Vulnerability name

Android Framework Integer Overflow Vulnerability

Product

Android Framework

CVE-2025-48595 is an elevation of privilege vulnerability affecting the Android platform. This flaw allows an attacker to gain elevated access without requiring any additional execution privileges or user interaction for successful exploitation. Google has noted that there are indications of limited, targeted exploitation of CVE-2025-48595, making the June 2026 security patch, which addresses this vulnerability, particularly important.

Vulnerability name

Linux Kernel Improper Authentication Vulnerability

Product

Linux Kernel

CVE-2022-0492 is a privilege escalation vulnerability found in the Linux kernel, specifically within the `cgroup_release_agent_write` function in the cgroups v1 implementation. This flaw allows an attacker to bypass namespace isolation and escalate privileges. The core issue stems from a missing authorization or capability check, enabling users who should not have such permissions to interact with a critical system file. The vulnerability exploits the `release_agent` feature of cgroups v1. This feature is designed to execute a specified program as the root user when a control group becomes empty. Under normal circumstances, only privileged users should be able to modify the `release_agent` file. However, CVE-2022-0492 allowed unprivileged users to manipulate this file, leading to the execution of arbitrary code with root privileges on the host system, thereby facilitating container escape.