Trending now

CVE-2025-49704 is a code injection vulnerability in Microsoft Office SharePoint. An authorized attacker could exploit this vulnerability to execute code over a network. To exploit this vulnerability, the attacker needs to be authenticated with at least Site Owner privileges. Successful exploitation of CVE-2025-49704 allows an attacker to write arbitrary code into a vulnerable SharePoint server to gain remote code execution. The attack complexity is low and can be exploited remotely from the internet, potentially leading to complete compromise of affected SharePoint servers.

CVE-2025-49706 is a vulnerability affecting Microsoft Office SharePoint. It stems from improper authentication within the software. This vulnerability could allow an authorized attacker to perform spoofing attacks over a network, potentially compromising the integrity of SharePoint services. Microsoft has released a security update (KB5002751) to address this vulnerability.

CVE-2025-25257 is a critical SQL injection vulnerability found in Fortinet's FortiWeb web application firewall. This vulnerability, classified as CWE-89, stems from improper neutralization of special elements used in SQL commands. The vulnerability allows unauthenticated attackers to execute unauthorized SQL code or commands by sending crafted HTTP or HTTPS requests to the FortiWeb management interface. Successful exploitation could lead to attackers accessing sensitive data, altering database contents, or compromising backend systems.

CVE-2024-50379 is a Time-of-check Time-of-use (TOCTOU) race condition vulnerability found in Apache Tomcat. It affects versions 11.0.0-M1 through 11.0.1, 10.1.0-M1 through 10.1.33, and 9.0.0.M1 through 9.0.97. The vulnerability can lead to Remote Code Execution (RCE) on case-insensitive file systems when the default servlet is enabled for write access, a configuration that is not enabled by default. An attacker could exploit this flaw to upload malicious code and trigger its execution, potentially compromising the server.

CVE-2025-7503 affects an OEM IP camera manufactured by Shenzhen Liandian Communication Technology LTD. The camera exposes a Telnet service on port 23 with undocumented, default credentials. The Telnet service is enabled by default and is not disclosed or configurable via the device's web interface or user manual. An attacker with network access can authenticate using default credentials and gain root-level shell access to the device. The affected firmware version is AppFHE1_V1.0.6.0 (Kernel: KerFHE1_PTZ_WIFI_V3.1.1, Hardware: HwFHE1_WF6_PTZ_WIFI_20201218). As of July 11, 2025, no official fix or firmware update is available, and the vendor could not be contacted.

CVE-2025-22224 is a critical vulnerability affecting VMware ESXi and Workstation products. It's a time-of-check to time-of-use (TOCTOU) race condition flaw that can lead to an out-of-bounds write within the VMCI (Virtual Machine Communication Interface). An attacker with local administrator privileges on a virtual machine can exploit this vulnerability to execute code as the virtual machine's VMX process running on the host. This vulnerability allows attackers to escalate privileges from a compromised virtual machine to the underlying host system. Successful exploitation could grant the attacker control over the entire ESXi host, potentially impacting other virtual machines running on the same server. This vulnerability is known to be actively exploited in the wild.

CVE-2025-6218 is a directory traversal remote code execution vulnerability that affects RARLAB WinRAR. It allows remote attackers to execute arbitrary code on affected installations. Exploitation of this vulnerability requires user interaction, as the target must visit a malicious page or open a malicious file. The vulnerability lies in how WinRAR handles file paths within archive files, where a specially crafted file path can cause the process to traverse to unintended directories. By leveraging this vulnerability, an attacker can execute code within the security context of the current user.

CVE-2023-45866 is an improper authentication vulnerability in the Bluetooth protocol, specifically impacting Bluetooth HID (Human Interface Device) hosts. This vulnerability allows an unauthenticated peripheral HID device, such as a keyboard or mouse, to establish an encrypted connection and potentially inject HID messages without user interaction. Affected systems include those running BlueZ, a Linux Bluetooth stack, notably impacting Ubuntu 22.04LTS with the bluez 5.64-0ubuntu1 package. The vulnerability also affects Android, iOS, macOS, and Linux-based smart TVs with Bluetooth interfaces. Exploitation of this vulnerability could allow attackers to inject keystrokes, potentially leading to data theft or execution of malicious actions on the targeted device. Fixes for this vulnerability have been released in various software updates, including iOS 17.2, iPadOS 17.2, and macOS Sonoma 14.2. It's crucial to keep software updated to mitigate the risk posed by CVE-2023-45866. The vulnerability highlights the importance of secure Bluetooth implementations and the need for regular updates to address emerging security flaws.

CVE-2024-27348 is a Remote Command Execution (RCE) vulnerability affecting Apache HugeGraph-Server versions 1.0.0 to before 1.3.0, in both Java 8 and Java 11 environments. The vulnerability lies in how Apache HugeGraph-Server handles user inputs in Gremlin queries. This flaw allows attackers to send specially crafted Gremlin queries that exploit the GremlinGroovyScriptEngine class to execute arbitrary OS commands. Successful exploitation could lead to unauthorized access, data manipulation, and complete system compromise.

CVE-2025-47812 is a remote code execution vulnerability in Wing FTP Server. The vulnerability arises because the application doesn't properly handle NULL bytes in usernames. By appending a NULL byte to the username, an attacker can bypass authentication and inject Lua code into session files. Specifically, when a user authenticates with a NULL-byte injected username, the server creates a new session ID and stores the NULL byte in the session variable. This allows an attacker to inject arbitrary Lua code, leading to remote code execution with root privileges on Linux systems and SYSTEM rights on Windows systems because the wftpserver runs with elevated privileges by default.