Trending now

CVE-2025-64155 is an OS Command Injection vulnerability affecting Fortinet FortiSIEM's Super and Worker nodes. This flaw allows an unauthenticated attacker to execute unauthorized code or commands by sending specially crafted TCP requests. The vulnerability resides within the phMonitor service, which operates on TCP port 7900 and is responsible for inter-node communication and data exchange within FortiSIEM deployments. Exploitation of CVE-2025-64155 stems from improper neutralization of user-supplied input to an unauthenticated API endpoint exposed by the phMonitor service. This can lead to arbitrary file writes and, subsequently, privilege escalation to gain full administrative control and root access on the affected appliance. Fortinet has released patches to address this issue, and a recommended workaround involves limiting access to the phMonitor port (7900).

CVE-2025-48631 is a denial-of-service vulnerability found in the `onHeaderDecoded` method of `LocalImageResolver.java` within the Android framework. This flaw can lead to a persistent denial of service due to resource exhaustion. The vulnerability allows for a remote denial-of-service attack without requiring additional execution privileges or user interaction. It impacts Android devices running versions 13.0, 14.0, 15.0, and 16.0.

CVE-2025-55182 is a critical unauthenticated remote code execution (RCE) vulnerability found in React Server Components (RSC) versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0. This vulnerability affects packages including `react-server-dom-parcel`, `react-server-dom-turbopack`, and `react-server-dom-webpack`. The flaw stems from insecure deserialization in the RSC payload handling logic, allowing attacker-controlled data to influence server-side execution. Exploitation requires only a crafted HTTP request. Patches are available for React and Next.js. It is recommended to upgrade to patched React versions such as 19.0.1, 19.1.2, or 19.2.1, and to update frameworks like Next.js to their corresponding patched versions.

CVE-2025-59536 identifies a code injection vulnerability present in versions of Anthropic's Claude Code prior to 1.0.111. Claude Code is described as an agentic coding tool. The vulnerability stems from a flaw in the implementation of the startup trust dialog, which could allow the tool to execute code embedded within a project before a user explicitly accepts the trust dialog. Exploitation of this vulnerability typically requires a user to initiate Claude Code within an untrusted directory. Malicious project configurations, such as those leveraging "Hooks" or Model Context Protocol (MCP) servers, could be used to execute arbitrary shell commands or exfiltrate API keys when a developer opens untrusted repositories. The issue was addressed in version 1.0.111 of Claude Code.

CVE-2026-21852 is an information disclosure vulnerability identified in Claude Code, an agentic coding tool. This flaw allows malicious repositories to exfiltrate sensitive data, including Anthropic API keys, before users have confirmed their trust in the repository. The vulnerability arises because an attacker-controlled repository can include a settings file that sets the `ANTHROPIC_BASE_URL` to an endpoint controlled by the attacker. When such a repository is opened, Claude Code reads this configuration and immediately issues API requests, potentially leaking the user's API keys to the attacker's server before any trust prompt is displayed. This vulnerability is characterized as a configuration injection flaw (CWE-522: Insufficiently Protected Credentials) within Claude Code's initialization sequence. The core issue lies in the timing of configuration file parsing relative to user trust verification, allowing API requests with authentication credentials to be sent to an attacker-specified endpoint before user consent. This enables attackers to steal Anthropic API keys by convincing developers to clone and open malicious repositories. Versions of Claude Code prior to 2.0.65 are affected.

CVE-2025-68670 is identified as an unauthenticated stack-based buffer overflow vulnerability affecting xrdp, an open-source Remote Desktop Protocol (RDP) server. This flaw is present in xrdp versions prior to v0.10.5. The vulnerability arises from inadequate bounds checking when the xrdp server processes user domain information during the initial RDP connection sequence. This improper handling allows remote attackers to potentially overwrite stack buffers and return addresses, which could lead to the execution of arbitrary code on affected systems without requiring any authentication. A patch for this issue is available in xrdp version 0.10.5 and later.

CVE-2025-14179 describes a vulnerability within the PDO Firebird driver in specific versions of PHP. This flaw affects PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6. The vulnerability arises from the improper handling of NUL bytes during the preparation of SQL queries. When a string token containing a NUL byte is copied via `strncat()`, the function stops at the NUL byte, which can cause the closing quote of the string to be dropped. This leads to subsequent SQL tokens being misinterpreted as part of the string, ultimately allowing for SQL injection when attacker-controlled values are quoted using `PDO::quote()` and embedded in SQL statements.

CVE-2025-15634 describes a missing authorization vulnerability found within HCL BigFix WebUI. This flaw allows an authenticated user, even one without the necessary permissions, to access sensitive environmental information. This access is achieved by directly navigating to unauthorized pages through their specific URLs. The vulnerability impacts all versions of HCL BigFix WebUI. As of the current information, there is no official patch or remediation provided by the vendor, and no exploits are publicly reported in the wild.

CVE-2025-68463 describes an XML External Entity (XXE) vulnerability present in the `Bio.Entrez` module of the `python-biopython` library. This flaw affects Biopython versions up to and including 186. The vulnerability allows a remote attacker to exploit the system by processing untrusted XML data. This could potentially lead to sensitive information disclosure from the system or a denial of service by consuming system resources.

CVE-2025-71302 is a vulnerability identified within the Linux kernel, specifically affecting the `drm/panthor` component. The issue stems from a race condition that can arise when the `drm_sched_fence_get_timeline_name` function attempts to access data concurrently with `group_free_queue`, leading to a violation of the established `dma-fence` safe access rules. Exploitation of this vulnerability does not require any authentication or user interaction, and its impact is localized to the affected component. While the vulnerability has been resolved in the Linux kernel, some sources indicate that there may not yet be a vendor-supplied patch available for certain Linux distributions. The vulnerability does not compromise confidentiality, integrity, or availability.