Trending now

CVE-2025-68613 is a Remote Code Execution (RCE) vulnerability found in n8n, an open-source workflow automation platform. The vulnerability exists in versions starting with 0.211.0 and prior to 1.120.4, 1.121.1, and 1.122.0. It stems from the workflow expression evaluation system, where expressions supplied by authenticated users during workflow configuration might be evaluated in an execution context lacking sufficient isolation from the underlying runtime. An authenticated attacker could exploit this vulnerability to execute arbitrary code with the privileges of the n8n process. Successful exploitation could lead to full compromise of the affected instance, including unauthorized access to sensitive data, modification of workflows, and execution of system-level operations. The issue has been fixed in versions 1.120.4, 1.121.1, and 1.122.0.

CVE-2025-14847 is a vulnerability affecting MongoDB Server. It stems from improper handling of length parameter inconsistencies within the Zlib compressed protocol headers. Mismatched length fields in these headers can allow an unauthenticated client to read uninitialized heap memory. By sending a specially crafted request, a malicious client can trick the server into responding with data chunks from its internal memory. This vulnerability is present in a wide range of MongoDB Server versions, specifically all versions from 3.6 up to, but not including, the patched versions 7.0.28, 8.0.17, 8.2.3, 6.0.27, 5.0.32, and 4.4.30. This means an attacker doesn't need a username or password but needs network access to the database port to potentially harvest sensitive data residing in the server's RAM.

CVE-2025-54068 is a remote command execution (RCE) vulnerability found in Livewire, a full-stack framework for Laravel. Specifically, it affects Livewire v3 versions up to and including v3.6.3. The vulnerability stems from how certain component property updates are handled during hydration, which could allow unauthenticated attackers to execute arbitrary code. Exploitation requires a component to be mounted and configured in a particular way but does not require authentication or user interaction. The vulnerability lies in the `hydrateForUpdate` method within the `Livewire\Mechanisms\HandleComponents\HandleComponents` class. A specially crafted update payload can bypass validation and sanitization during the hydration process, causing the framework to interpret untrusted input as executable code. This issue has been patched in Livewire v3.6.4, and users are strongly encouraged to upgrade to this version or later as soon as possible. There are no known workarounds.

CVE-2025-31200 is a memory corruption vulnerability that exists in Apple's CoreAudio framework. This vulnerability can be triggered when processing an audio stream within a maliciously crafted media file. Successful exploitation of this vulnerability could allow for arbitrary code execution on the affected device. Apple has addressed this issue with improved bounds checking in tvOS 18.4.1, visionOS 2.4.1, iOS and iPadOS 18.4.1, and macOS Sequoia 15.4.1. It was reported that this vulnerability may have been exploited in targeted attacks against specific individuals.

CVE-2025-31201 is a vulnerability in RPAC (Return Pointer Authentication Code), a security feature designed to prevent return-oriented programming attacks. The vulnerability allows an attacker with arbitrary read and write capabilities to bypass Pointer Authentication. Apple addressed this issue by removing the vulnerable code in tvOS 18.4.1, visionOS 2.4.1, iOS 18.4.1 and iPadOS 18.4.1, and macOS Sequoia 15.4.1. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS.

CVE-2025-66224 is an input-neutralization flaw found in OrangeHRM versions 5.0 to 5.7. The vulnerability lies within the application's mail configuration and delivery workflow. User-controlled values are not sanitized before being incorporated into the system's sendmail command. This flaw makes it possible for the application to write files on the server during mail handling. If these files end up in web-accessible locations, it can lead to the execution of attacker-controlled content. The vulnerability has been patched in version 5.8.

CVE-2025-14282 refers to a vulnerability in the Dropbear SSH server that can lead to privilege escalation. The vulnerability stems from incorrect permission handling within Dropbear. Specifically, when processing TCP or Unix domain socket forwardings requested by an authenticated SSH client, Dropbear executes the forwarding operations as root, and only switches to the logged-in user's UID/GID after establishing the session shell. A security update has been issued by Debian to address this vulnerability in its stable distribution (trixie). The issue is fixed in Dropbear version 2025.89-1~deb13u1. It was discovered by Turistu.

CVE-2025-38352 is a vulnerability that exists in the Linux kernel, specifically within the handling of POSIX CPU timers. The vulnerability stems from a race condition between `handle_posix_cpu_timers()` and `posix_cpu_timer_del()`. This race condition can occur when a non-autoreaping task that is exiting has already passed `exit_notify()` and calls `handle_posix_cpu_timers()` from an interrupt request (IRQ). If a concurrent `posix_cpu_timer_del()` runs at the same time, it might not detect that `timer->it.cpu.firing != 0`, which can cause `cpu_timer_task_rcu()` and/or `lock_task_sighand()` to fail. This vulnerability can be exploited to gain elevated privileges on Android devices.

CVE-2025-6514 is a vulnerability in mcp-remote that can lead to arbitrary OS command execution when Model Context Protocol (MCP) clients connect to an untrusted MCP server. This is due to crafted input from the authorization\_endpoint response URL. The vulnerability affects mcp-remote versions 0.0.5 to 0.1.15 and has been fixed in version 0.1.16. The mcp-remote tool is used by applications like Claude Desktop, Cursor, and Windsurf to connect with remote MCP servers via HTTP transport by serving as a proxy. When a user configures their LLM host to connect to a remote MCP server, mcp-remote initiates communication with the MCP server and may be asked to authenticate. The server responds with its authorization\_endpoint URL, which, if crafted maliciously, can cause a command injection, allowing an attacker to execute arbitrary OS commands.

CVE-2025-14733 is a zero-day vulnerability affecting WatchGuard Firebox firewall appliances. It is an out-of-bounds write flaw in the `iked` process, which handles IKEv2 VPN negotiations. This vulnerability allows remote, unauthenticated attackers to execute arbitrary code and seize control of affected devices. The vulnerability impacts Firebox appliances configured for Mobile User VPNs using IKEv2 or Branch Office VPNs using IKEv2 with a dynamic gateway peer. By sending a specially crafted request to the firewall, an attacker can trigger a memory corruption error, leading to arbitrary code execution. Even if a vulnerable VPN configuration was previously deleted, the device may still be at risk if a static branch office VPN remains configured.