Trending now

CVE-2024-3721 is a command injection vulnerability affecting TBK DVR-4104 and DVR-4216 devices up to version 20240412. The vulnerability exists in the processing of the `/device.rsp` file, where manipulation of the `mdb/mdc` argument allows for remote attackers to execute arbitrary operating system commands. The vulnerability is triggered by constructing an OS command using externally influenced input without proper neutralization of special elements. An attacker can exploit this vulnerability remotely, meaning they don't need physical access to the device.

CVE-2025-0520 describes an unrestricted file upload vulnerability found in ShowDoc, an open-source documentation tool. This flaw stems from inadequate validation of file extensions during the upload process. The vulnerability, categorized under CWE-434 (Unrestricted Upload of File with Dangerous Type), allows an attacker to upload and execute arbitrary PHP files on the server. This can lead to remote code execution (RCE) on the affected system. ShowDoc versions prior to 2.8.7 are impacted by this issue.

CVE-2023-33538 is a command injection vulnerability found in TP-Link routers, specifically the TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 models. The vulnerability exists within the `/userRpm/WlanNetworkRpm` component. This vulnerability allows an attacker to inject arbitrary commands into the system by manipulating an unknown input. Successful exploitation could lead to a compromise of confidentiality, integrity, and availability of the affected device. CISA has added this vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, indicating active exploitation in the wild.

CVE-2017-17215 is a remote code execution vulnerability affecting specific customized versions of Huawei HG532 home routers. An authenticated attacker can exploit this flaw by sending specially crafted malicious packets to port 37215. This vulnerability stems from the exposure of the TR-064 technical report standard, typically used for local network configuration, to the Wide Area Network (WAN) through port 37215. Attackers can inject shell meta-characters into the `NewStatusURL` and `NewDownloadURL` parameters during a firmware upgrade action, leading to the execution of arbitrary code on the device. This vulnerability has been actively exploited in the wild, notably to spread variants of the Mirai botnet, such as OKIRU/SATORI. Researchers observed numerous attack attempts targeting Huawei HG532 devices across various countries, including the USA, Italy, Germany, and Egypt. The successful exploitation allows attackers to gain control of the router and incorporate it into a botnet, which can then be used to launch Distributed Denial of Service (DDoS) attacks.

CVE-2025-47985 is a vulnerability identified as an untrusted pointer dereference within Windows Event Tracing. This flaw allows an authorized attacker to elevate their privileges locally on an affected system. The vulnerability is rooted in CWE-822 and can be exploited by crafting malicious local procedure call (LPC) messages containing unvalidated pointers. When processed, these pointers enable arbitrary read/write operations in kernel memory space, facilitating privilege escalation from a standard user context to SYSTEM-level authority.

CVE-2025-54987 is a command injection vulnerability affecting the on-premise version of Trend Micro Apex One. It exists within the Apex One management console and could allow a pre-authenticated, remote attacker to upload malicious code and execute commands on affected installations. The vulnerability arises from the lack of proper validation of a user-supplied string before using it to execute a system call. This vulnerability is essentially the same as CVE-2025-54948 but targets a different CPU architecture. An attacker must have access to the Trend Micro Apex One Management Console to leverage this vulnerability. Trend Micro has observed at least one instance of an attempt to actively exploit one of these vulnerabilities in the wild.

CVE-2025-55182 is a critical unauthenticated remote code execution (RCE) vulnerability found in React Server Components (RSC) versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0. This vulnerability affects packages including `react-server-dom-parcel`, `react-server-dom-turbopack`, and `react-server-dom-webpack`. The flaw stems from insecure deserialization in the RSC payload handling logic, allowing attacker-controlled data to influence server-side execution. Exploitation requires only a crafted HTTP request. Patches are available for React and Next.js. It is recommended to upgrade to patched React versions such as 19.0.1, 19.1.2, or 19.2.1, and to update frameworks like Next.js to their corresponding patched versions.

CVE-2025-66570 describes an authentication bypass vulnerability found in `cpp-httplib`, a C++11 single-file header-only HTTP/HTTPS library, affecting versions prior to 0.27.0. The flaw stems from the library's improper handling of specific attacker-controlled HTTP headers, including `REMOTE_ADDR`, `REMOTE_PORT`, `LOCAL_ADDR`, and `LOCAL_PORT`. These headers are parsed into a multimap, and due to the `Request::get_header_value` function returning the first entry for a given header key, client-supplied values can override legitimate server-generated metadata. This "header shadowing" technique allows attackers to inject malicious HTTP headers that can influence server-visible metadata, logging, and authorization decisions. Consequently, this can lead to outcomes such as IP spoofing, log poisoning, and the bypassing of authorization controls.

CVE-2025-60710 is an elevation-of-privilege vulnerability affecting the Host Process for Windows Tasks. The vulnerability stems from improper link resolution before file access, also known as a "link following" issue. An authorized attacker with local access could exploit this vulnerability to gain elevated privileges. Specifically, a low-privileged user could manipulate file system reparse points (like symbolic links) to cause the Host Process for Windows Tasks to operate on attacker-controlled file system targets, potentially achieving SYSTEM-level effects. A patch has been released by Microsoft for Windows 11 versions 2H2 and 25H2.

CVE-2025-15621 describes a vulnerability found in Sparx Systems Sparx Enterprise Architect, specifically concerning "Insufficiently Protected Credentials". The core issue lies in the client's failure to verify the intended receiver of OAuth2 credentials during the OpenID authentication process. This flaw means that the client does not confirm that the OAuth2 credentials are being sent to the legitimate recipient, potentially allowing them to be directed to an unauthorized entity. This could result in unauthorized access to user accounts and systems that rely on these compromised credentials.