Trending now

CVE-2025-68613 is a Remote Code Execution (RCE) vulnerability found in n8n, an open-source workflow automation platform. The vulnerability exists in versions starting with 0.211.0 and prior to 1.120.4, 1.121.1, and 1.122.0. It stems from the workflow expression evaluation system, where expressions supplied by authenticated users during workflow configuration might be evaluated in an execution context lacking sufficient isolation from the underlying runtime. An authenticated attacker could exploit this vulnerability to execute arbitrary code with the privileges of the n8n process. Successful exploitation could lead to full compromise of the affected instance, including unauthorized access to sensitive data, modification of workflows, and execution of system-level operations. The issue has been fixed in versions 1.120.4, 1.121.1, and 1.122.0.

CVE-2025-14847 is a vulnerability affecting MongoDB Server. It stems from improper handling of length parameter inconsistencies within the Zlib compressed protocol headers. Mismatched length fields in these headers can allow an unauthenticated client to read uninitialized heap memory. By sending a specially crafted request, a malicious client can trick the server into responding with data chunks from its internal memory. This vulnerability is present in a wide range of MongoDB Server versions, specifically all versions from 3.6 up to, but not including, the patched versions 7.0.28, 8.0.17, 8.2.3, 6.0.27, 5.0.32, and 4.4.30. This means an attacker doesn't need a username or password but needs network access to the database port to potentially harvest sensitive data residing in the server's RAM.

CVE-2024-4367 is a vulnerability in PDF.js, a JavaScript-based PDF viewer. It stems from a missing type check when handling fonts, specifically during glyph path compilation for Type 1 fonts. The issue occurs in the FontFaceObject.getPathGenerator method, where font matrix values from PDF dictionaries are not properly validated before being used in JavaScript code generation. Successful exploitation of this vulnerability allows an attacker to execute arbitrary JavaScript code within the PDF.js context. This could enable malicious actors to perform actions such as spying on user activity, triggering unauthorized downloads (including file:// URLs), and leaking PDF file paths. Web applications that utilize PDF.js may be susceptible to stored Cross-Site Scripting (XSS) attacks. The vulnerability affects Firefox versions prior to 126, Firefox ESR versions earlier than 115.11, and Thunderbird versions before 115.11.

CVE-2025-54068 is a remote command execution (RCE) vulnerability found in Livewire, a full-stack framework for Laravel. Specifically, it affects Livewire v3 versions up to and including v3.6.3. The vulnerability stems from how certain component property updates are handled during hydration, which could allow unauthenticated attackers to execute arbitrary code. Exploitation requires a component to be mounted and configured in a particular way but does not require authentication or user interaction. The vulnerability lies in the `hydrateForUpdate` method within the `Livewire\Mechanisms\HandleComponents\HandleComponents` class. A specially crafted update payload can bypass validation and sanitization during the hydration process, causing the framework to interpret untrusted input as executable code. This issue has been patched in Livewire v3.6.4, and users are strongly encouraged to upgrade to this version or later as soon as possible. There are no known workarounds.

CVE-2025-31201 is a vulnerability in RPAC (Return Pointer Authentication Code), a security feature designed to prevent return-oriented programming attacks. The vulnerability allows an attacker with arbitrary read and write capabilities to bypass Pointer Authentication. Apple addressed this issue by removing the vulnerable code in tvOS 18.4.1, visionOS 2.4.1, iOS 18.4.1 and iPadOS 18.4.1, and macOS Sequoia 15.4.1. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS.

CVE-2025-31200 is a memory corruption vulnerability that exists in Apple's CoreAudio framework. This vulnerability can be triggered when processing an audio stream within a maliciously crafted media file. Successful exploitation of this vulnerability could allow for arbitrary code execution on the affected device. Apple has addressed this issue with improved bounds checking in tvOS 18.4.1, visionOS 2.4.1, iOS and iPadOS 18.4.1, and macOS Sequoia 15.4.1. It was reported that this vulnerability may have been exploited in targeted attacks against specific individuals.

CVE-2025-66224 is an input-neutralization flaw found in OrangeHRM versions 5.0 to 5.7. The vulnerability lies within the application's mail configuration and delivery workflow. User-controlled values are not sanitized before being incorporated into the system's sendmail command. This flaw makes it possible for the application to write files on the server during mail handling. If these files end up in web-accessible locations, it can lead to the execution of attacker-controlled content. The vulnerability has been patched in version 5.8.

CVE-2025-14282 refers to a vulnerability in the Dropbear SSH server that can lead to privilege escalation. The vulnerability stems from incorrect permission handling within Dropbear. Specifically, when processing TCP or Unix domain socket forwardings requested by an authenticated SSH client, Dropbear executes the forwarding operations as root, and only switches to the logged-in user's UID/GID after establishing the session shell. A security update has been issued by Debian to address this vulnerability in its stable distribution (trixie). The issue is fixed in Dropbear version 2025.89-1~deb13u1. It was discovered by Turistu.

CVE-2025-14733 is a zero-day vulnerability affecting WatchGuard Firebox firewall appliances. It is an out-of-bounds write flaw in the `iked` process, which handles IKEv2 VPN negotiations. This vulnerability allows remote, unauthenticated attackers to execute arbitrary code and seize control of affected devices. The vulnerability impacts Firebox appliances configured for Mobile User VPNs using IKEv2 or Branch Office VPNs using IKEv2 with a dynamic gateway peer. By sending a specially crafted request to the firewall, an attacker can trigger a memory corruption error, leading to arbitrary code execution. Even if a vulnerable VPN configuration was previously deleted, the device may still be at risk if a static branch office VPN remains configured.

CVE-2025-38352 is a vulnerability that exists in the Linux kernel, specifically within the handling of POSIX CPU timers. The vulnerability stems from a race condition between `handle_posix_cpu_timers()` and `posix_cpu_timer_del()`. This race condition can occur when a non-autoreaping task that is exiting has already passed `exit_notify()` and calls `handle_posix_cpu_timers()` from an interrupt request (IRQ). If a concurrent `posix_cpu_timer_del()` runs at the same time, it might not detect that `timer->it.cpu.firing != 0`, which can cause `cpu_timer_task_rcu()` and/or `lock_task_sighand()` to fail. This vulnerability can be exploited to gain elevated privileges on Android devices.