Trending now

CVE-2025-12480 is an improper access control vulnerability affecting Triofox versions prior to 16.7.10368.56560. It allows unauthorized access to the initial setup pages even after the setup is complete. Attackers can bypass authentication and access configuration pages, potentially uploading and executing arbitrary payloads. In one observed case, a threat actor (UNC6485) exploited this vulnerability to create a new admin account and then used the built-in antivirus feature to execute malicious files. To remediate this vulnerability, it is recommended to upgrade to Triofox version 16.7.10368.56560 or later.

CVE-2025-9961 is a remote code execution (RCE) vulnerability found in TP-Link routers, specifically affecting the CWMP (CPE WAN Management Protocol) binary. An authenticated attacker can exploit this flaw to remotely execute arbitrary code on the affected devices. The vulnerability can be triggered by sending malformed SOAP requests. The vulnerability is a stack-based buffer overflow within the cwmp process. Security researchers bypassed Address Space Layout Randomization (ASLR) by brute-forcing the base address of the standard C library. Successful exploitation allows an attacker to gain full control of the router, potentially intercepting traffic, launching attacks on the local network, or adding the device to a botnet. The exploit often involves using a return-to-libc (ret2libc) technique to call the system() function with a command to download and execute a malicious binary from an attacker-controlled server.

CVE-2025-61882 is a vulnerability in the Oracle E-Business Suite, specifically within the Oracle Concurrent Processing component. It can be exploited remotely without authentication, meaning an attacker doesn't need a username or password to exploit it. The vulnerability affects versions 12.2.3 through 12.2.14 of the Oracle E-Business Suite. Successful exploitation of CVE-2025-61882 can lead to remote code execution. Oracle recommends applying the updates provided in the security alert as soon as possible and emphasizes the importance of maintaining actively supported versions and installing all critical security patches promptly. Applying the October 2023 Critical Patch Update is a prerequisite for implementing the fixes.

CVE-2025-64459 is an SQL injection vulnerability affecting Django, a widely-used Python web framework. The vulnerability resides in the `QuerySet` methods (`filter()`, `exclude()`, `get()`) and the `Q()` class. It occurs when a crafted dictionary with dictionary expansion is used as the `_connector` argument. Attackers can exploit this vulnerability by injecting malicious SQL commands through manipulating the `_connector` argument in `QuerySet` methods. This can lead to unauthorized database access, data manipulation, or exposure of sensitive information. Django versions 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8 are affected. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) might also be affected.

CVE-2025-21042 is an out-of-bounds write vulnerability found in Samsung's libimagecodec.quram.so library. This library is responsible for handling image parsing and decoding on Samsung Galaxy devices. The vulnerability is triggered when processing a specially crafted image file, leading to a write operation outside the allocated memory boundaries. Successful exploitation of this vulnerability allows remote attackers to execute arbitrary code on affected devices. This can be achieved through various channels such as email attachments, messaging apps, or web browsing, where the device processes an attacker-supplied image. A patch has been released in the SMR Apr-2025 Release 1 security update to address this vulnerability.

CVE-2025-64495 affects Open WebUI, a self-hosted AI platform, specifically versions 0.6.34 and below. The vulnerability is a Stored DOM-based Cross-Site Scripting (XSS) issue that occurs when the "Insert Prompt as Rich Text" feature is enabled. The application doesn't sanitize the prompt body when inserting custom prompts into the chat window, which allows the injection of malicious code. An attacker with permission to create prompts can inject a malicious JavaScript payload that could be triggered when other users run the corresponding command to insert the prompt. Successful exploitation could lead to account takeover or even remote code execution. Version 0.6.35 addresses this vulnerability.

CVE-2025-41253 affects Spring Cloud Gateway Server Webflux applications. It involves the potential exposure of environment variables and system properties through the use of Spring Expression Language (SpEL) in application routes. The vulnerability arises when an admin or an untrusted third party uses SpEL to access these variables and properties via routes. Specifically, the vulnerability can be triggered if the Spring Cloud Gateway Server Webflux actuator web endpoint is enabled and accessible without authentication. An attacker could then create or modify routes via the actuator endpoint, injecting SpEL expressions to access sensitive beans like `@systemProperties` and `@systemEnvironment`. This could allow the attacker to read sensitive information, including authentication tokens, API keys, and database credentials, from the application's runtime environment.

CVE-2025-6218 is a directory traversal remote code execution vulnerability that affects RARLAB WinRAR. It allows remote attackers to execute arbitrary code on affected installations. Exploitation of this vulnerability requires user interaction, as the target must visit a malicious page or open a malicious file. The vulnerability lies in how WinRAR handles file paths within archive files, where a specially crafted file path can cause the process to traverse to unintended directories. By leveraging this vulnerability, an attacker can execute code within the security context of the current user.

CVE-2025-59253 is a vulnerability in the Microsoft Windows Search Component. Disclosed on October 14, 2025, it stems from improper access control. The vulnerability affects multiple Windows versions, including Windows 10 and 11, as well as Windows Server versions from 2012 to 2025. An authorized local attacker can exploit this vulnerability to cause a denial of service. This could disrupt the search functionality on the affected systems. To address this vulnerability, Microsoft released security updates as part of the October 2025 Patch Tuesday.

CVE-2025-49844 is a vulnerability in Redis that stems from improper memory management within its embedded Lua interpreter. The core issue is a use-after-free bug that can be triggered via a specially crafted Lua script. An authenticated user can manipulate the garbage collection process, exploiting freed memory pointers to potentially execute arbitrary code within the Redis server's process. This vulnerability exists in all Redis versions that include Lua scripting support. Redis has released patches to address this vulnerability. For more information on remediation, see the security advisory from Redis.