Trending now

CVE-2025-66032 describes a vulnerability found in Claude Code, an agentic coding tool, affecting versions prior to 1.0.93. The flaw arises from errors in how the tool parses shell commands, specifically those related to `$IFS` and short command-line interface (CLI) flags. This parsing vulnerability allows an attacker to bypass the read-only validation within Claude Code, potentially leading to arbitrary code execution. Successful exploitation of this issue requires the ability to introduce untrusted content into a Claude Code context window. The vulnerability has since been addressed and fixed in version 1.0.93 of Claude Code.

CVE-2025-68493 is an XML External Entity (XXE) injection vulnerability found in the XWork component of Apache Struts 2. This flaw arises from the improper validation of XML configurations during parsing within the XWork component, which is the command-pattern framework powering Struts. The lack of proper XML validation allows attackers to inject malicious external entities into XML files. When an application processes a specially crafted XML file, it can be tricked into fetching external resources. This vulnerability could potentially lead to the disclosure of data, denial-of-service attacks, or server-side request forgery. The issue affects various versions of Apache Struts, including Struts 2.0.0 through 2.3.37 (EOL), Struts 2.5.0 through 2.5.33 (EOL), and Struts 6.0.0 through 6.1.0. Users are advised to upgrade to Struts 6.1.1 or later to address this security gap.

CVE-2025-68668 is a vulnerability that affects n8n, an open-source workflow automation platform. Specifically, it is a sandbox bypass vulnerability found in the Python Code Node that utilizes Pyodide. This vulnerability exists in n8n versions from 1.0.0 to before 2.0.0. An authenticated user with the permission to create or modify workflows can exploit this vulnerability to execute arbitrary commands on the host system running n8n. The attacker can execute commands with the same privileges as the n8n process. This issue has been patched in version 2.0.0. Workarounds include disabling the Code Node or Python support, or configuring n8n to use the task runner-based Python sandbox.

CVE-2025-46285 involves an integer overflow that was addressed by adopting 64-bit timestamps. The vulnerability is fixed in multiple Apple operating systems, including macOS Sonoma 14.8.3, macOS Sequoia 15.7.3, watchOS 26.2, iOS 18.7.3, iPadOS 18.7.3, iOS 26.2, iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, and tvOS 26.2. Successful exploitation of this vulnerability could allow an application to gain root privileges on the affected system.

CVE-2025-8110 is a vulnerability affecting Gogs, a self-hosted Git service. It involves improper handling of symbolic links in the PutContents API, which allows for local code execution. This flaw is a bypass of a previously patched remote code execution vulnerability, CVE-2024-55947. The vulnerability can be exploited by creating a symbolic link within a Git repository that points to a sensitive target outside the repository. By using the PutContents API to write data to the symlink, an attacker can overwrite files outside the repository. This can be leveraged to overwrite the ".git/config" file and execute arbitrary commands.

CVE-2025-4275 is a vulnerability in Insyde H2O UEFI firmware that allows attackers to bypass Secure Boot protections. This is achieved by injecting rogue digital certificates into a poorly protected NVRAM variable named SecureFlashCertData. The firmware then mistakenly trusts the attacker's certificate, which allows the execution of malicious UEFI modules. Attackers with administrative OS-level access can write their own certificate to the SecureFlashCertData variable. During the next boot cycle, this injected certificate is used by the firmware to verify and execute unsigned or tampered UEFI code during early boot. This enables attackers to load pre-boot malware, rootkits, or firmware-level persistence mechanisms before the OS and its security tools initialize.

CVE-2025-68615 describes a buffer overflow vulnerability found in the `snmptrapd` daemon of Net-SNMP, a widely used SNMP application library, tools, and daemon. This flaw allows a remote attacker to trigger a buffer overflow by sending a specially crafted SNMP packet to a vulnerable `snmptrapd` instance. The improper handling of incoming packets can cause the daemon to crash, leading to a denial of service. The vulnerability affects Net-SNMP versions prior to 5.9.5 and 5.10.pre2. Exploitation of this issue does not require authentication or user interaction, as it can be triggered by a network-based attack. While primarily leading to a daemon crash, the nature of a buffer overflow also introduces the possibility of memory corruption and, in some scenarios, arbitrary code execution.

CVE-2025-29927 is an authorization bypass vulnerability affecting Next.js, a React framework. It stems from the improper handling of the `x-middleware-subrequest` header. By exploiting this vulnerability, attackers can bypass authorization checks implemented in Next.js middleware. This flaw allows attackers to skip running the middleware, potentially allowing requests to bypass critical checks like authorization cookie validation before reaching routes. Self-hosted Next.js applications using Middleware are affected, specifically those relying on it for authentication or security checks. The vulnerability is fixed in Next.js versions 14.2.25 and 15.2.3.