Trending now

CVE-2025-15566 is a vulnerability found in the Kubernetes ingress-nginx controller. It stems from improper input validation (CWE-20) concerning the `nginx.ingress.kubernetes.io/auth-proxy-set-headers` Ingress annotation. This annotation, intended for setting authentication proxying headers, can be manipulated due to insufficient validation. Exploiting this flaw allows an attacker to inject arbitrary configuration directives into the nginx configuration managed by the ingress controller. Given that the ingress-nginx controller typically operates with elevated privileges and often has cluster-wide access to Kubernetes Secrets, successful exploitation could lead to arbitrary code execution within the controller's context and the unauthorized disclosure of sensitive Secrets.

CVE-2025-3052 is an arbitrary write vulnerability found in Microsoft signed UEFI firmware. It allows for the execution of untrusted software by enabling an attacker to control its value, leading to arbitrary memory writes, including modification of critical firmware settings stored in NVRAM. This vulnerability stems from improper handling of a runtime NVRAM variable, allowing an arbitrary write primitive. Successful exploitation could bypass Secure Boot, enabling attackers to run unsigned code during the boot process and potentially install bootkits, undermining OS-level security defenses and compromising the system's chain of trust. Microsoft has addressed this vulnerability by adding new hashes to the Secure Boot dbx as a mitigation measure.

CVE-2025-30208 is a vulnerability affecting Vite, a frontend development tool. It exists in versions prior to 6.2.3, 6.1.2, 6.0.12, 5.4.15, and 4.5.10. The vulnerability allows bypassing file access restrictions, which are normally in place to prevent access to files outside of a specified allow list. The bypass is achieved by adding "?raw??" or "?import&raw??" to the URL, which circumvents the intended restrictions and returns the file content. This occurs because trailing separators, such as "?", are removed in certain parts of the code but are not properly accounted for in query string regexes. Only applications that explicitly expose the Vite development server to the network (using the `--host` or `server.host` configuration options) are affected.

CVE-2025-20393 is an improper input validation vulnerability that affects Cisco Secure Email Gateway and Cisco Secure Email and Web Manager appliances. Successful exploitation allows a remote, unauthenticated attacker to execute arbitrary commands with root privileges on the underlying operating system of the affected appliance. Specifically, the vulnerability is triggered when the Spam Quarantine feature is exposed to the internet. Attackers have been observed exploiting this vulnerability in the wild to install backdoors (like AquaShell and AquaTunnel) and tools for log manipulation (like AquaPurge) and traffic proxying (Chisel). CISA has added this vulnerability to its Known Exploited Vulnerabilities Catalog.

CVE-2025-11953 is a vulnerability in the `@react-native-community/cli` NPM package, specifically affecting versions 4.8.0 through 20.0.0-alpha.2. This flaw stems from the Metro development server, used by React Native, binding to external interfaces by default and exposing an "/open-url" endpoint susceptible to OS command injection. The vulnerability allows unauthenticated network attackers to send a POST request to the server, running arbitrary executables. On Windows, attackers can execute arbitrary shell commands with fully controlled arguments. While macOS and Linux systems have slightly more restricted exploitation paths, researchers believe arbitrary command execution is achievable. The package has been patched in version 20.0.0.

CVE-2025-68947 is a driver vulnerability found in NSecsoft's NSecKrnl Windows driver. This flaw allows a local, authenticated attacker to terminate processes belonging to other users, including those running as SYSTEM or designated as Protected Processes. This is achieved by sending specially crafted Input/Output Control (IOCTL) requests to the driver. The vulnerability is categorized under CWE-862 (Missing Authorization), indicating that the NSecKrnl driver fails to properly validate the authorization of requests to terminate processes. This issue presents a "Bring Your Own Vulnerable Driver" (BYOVD) attack surface, which can be leveraged by threat actors to disable endpoint security solutions and other critical system processes. For instance, the Black Basta ransomware has been observed utilizing this vulnerability.

CVE-2025-15469 describes a data truncation vulnerability within the OpenSSL `dgst` command-line tool. This flaw occurs when the tool is used with one-shot signing algorithms, such as Ed25519, Ed448, or ML-DSA variants, to process files exceeding 16MB in size. Instead of signaling an error, the `dgst` command silently truncates the input data to the first 16MB and proceeds as if the entire file was processed successfully. This silent truncation creates an integrity gap, meaning that any data in the file beyond the initial 16MB can be altered without detection. The vulnerability primarily impacts workflows where both the signing and verification of files are performed using the affected `openssl dgst` command. OpenSSL versions 3.5 and 3.6 are susceptible to this issue, while earlier versions are not.

CVE-2026-24423 is an unauthenticated remote code execution vulnerability found in SmarterTools SmarterMail versions prior to build 9511. The flaw resides within the `ConnectToHub` API method, which lacks proper authentication controls. An attacker can exploit this vulnerability by directing the vulnerable SmarterMail instance to connect to a malicious HTTP server. This malicious server then delivers operating system commands, which are subsequently executed by the SmarterMail application. This vulnerability has been added to CISA's Known Exploited Vulnerabilities Catalog and is reportedly being exploited in the wild, including in ransomware campaigns.

CVE-2025-40551 is a remote code execution (RCE) vulnerability identified in SolarWinds Web Help Desk (WHD) software. This flaw originates from an untrusted data deserialization weakness, which allows an attacker to execute commands on the host machine. Exploitation of CVE-2025-40551 can occur without requiring authentication. This vulnerability is often discussed alongside other related issues in SolarWinds WHD, forming potential attack chains.

CVE-2025-6978 describes a command injection vulnerability found in the Arista NG Firewall. This flaw stems from insufficient validation of user-supplied data within the diagnostics component of the firewall. A remote, authenticated attacker can exploit this vulnerability by sending specially crafted requests to the target server. Successful exploitation could enable the attacker to execute arbitrary commands with the privileges of the root user. The vulnerability is categorized under CWE-78, indicating an "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')".