Trending now

CVE-2025-49704 is a code injection vulnerability in Microsoft Office SharePoint. An authorized attacker could exploit this vulnerability to execute code over a network. To exploit this vulnerability, the attacker needs to be authenticated with at least Site Owner privileges. Successful exploitation of CVE-2025-49704 allows an attacker to write arbitrary code into a vulnerable SharePoint server to gain remote code execution. The attack complexity is low and can be exploited remotely from the internet, potentially leading to complete compromise of affected SharePoint servers.

CVE-2025-54309 is a vulnerability in CrushFTP versions before 10.8.5 and 11.3.4_23. It stems from improper validation of the AS2 (Applicability Statement 2) protocol over HTTPS when the DMZ proxy feature is not in use. This mishandling allows unauthenticated remote attackers to gain administrative access to the system. Specifically, the server fails to correctly validate remote requests made to AS2 endpoints, which allows attackers to forge requests that the system interprets as coming from a trusted source, bypassing authentication checks. By sending malicious AS2 payloads over HTTPS to the exposed CrushFTP endpoint, an attacker can send administrative commands and potentially escalate privileges to execute arbitrary commands.

CVE-2025-53770 involves a deserialization of untrusted data vulnerability within on-premises Microsoft SharePoint Server. This flaw allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for this vulnerability is currently in the wild. Microsoft is actively preparing and testing a comprehensive update to address CVE-2025-53770. In the meantime, it is recommended that organizations review and apply the mitigations specified in Microsoft's CVE documentation to protect against potential exploitation.

CVE-2025-23266, also known as #NVIDIAScape, is a vulnerability found in the NVIDIA Container Toolkit (NCT). This toolkit is a fundamental component for many AI services offered by cloud and SaaS providers. The vulnerability stems from a misconfiguration in how the toolkit handles OCI hooks. The vulnerability allows a malicious container to bypass isolation measures and gain full root access to the host machine. An attacker could execute arbitrary code with elevated permissions, potentially leading to privilege escalation, data tampering, information disclosure, and denial of service. It can be exploited using a simple three-line Dockerfile.

CVE-2025-20281 is a vulnerability in a specific API of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC). It allows an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker doesn't need any valid credentials to exploit this vulnerability. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit it by submitting a crafted API request. Cisco has released software updates to address this vulnerability, and there are no known workarounds. This affects Cisco ISE and ISE-PIC releases 3.3 and later, but not 3.2 or earlier.

CVE-2025-53771 is a spoofing vulnerability affecting Microsoft Office SharePoint. It stems from an improper limitation of a pathname to a restricted directory, also known as a 'path traversal'. This vulnerability allows an authorized attacker to perform spoofing over a network. The vulnerability exists in on-premises SharePoint Servers and does not impact SharePoint Online in Microsoft 365. Microsoft has released updates to address this vulnerability, with the update including more robust protections than previous updates for similar vulnerabilities. It is related to other SharePoint vulnerabilities like CVE-2025-49706, and can be chained with other vulnerabilities to achieve remote code execution.

CVE-2025-0133 is a reflected cross-site scripting (XSS) vulnerability found in the GlobalProtect gateway and portal features of Palo Alto Networks PAN-OS software. This vulnerability allows for the execution of malicious JavaScript within the browser of an authenticated Captive Portal user when they interact with a specially crafted link. The primary risk associated with this vulnerability is the potential for phishing attacks that could lead to the theft of user credentials, particularly if Clientless VPN is enabled. An attacker could create links that appear to be hosted on the GlobalProtect portal to steal credentials. Threat IDs 510003 and 510004 can be enabled to block attacks. Disabling Clientless VPN can also serve as mitigation.

CVE-2025-1974 is a vulnerability within the Ingress NGINX Controller for Kubernetes, specifically affecting the admission controller component. This flaw falls under a group of vulnerabilities collectively known as "IngressNightmare." The vulnerability arises because the admission controllers are accessible over the network without authentication. By sending a malicious ingress object directly to the admission controller, an attacker can inject arbitrary NGINX configurations. This results in code execution on the Ingress NGINX Controller's pod, potentially granting unauthorized access to all secrets stored across all namespaces in the Kubernetes cluster, which could lead to a complete cluster takeover.

CVE-2025-7624 is an SQL injection vulnerability found in the legacy (transparent) SMTP proxy of Sophos Firewall versions older than 21.0 MR2 (21.0.2). If exploited, this vulnerability can lead to remote code execution. The vulnerability can be exploited if a quarantining policy is active for Email and the Sophos Firewall was upgraded from a version older than 21.0 GA. It potentially impacts a small percentage of devices.

CVE-2025-6704 is an arbitrary file writing vulnerability found in the Secure PDF eXchange (SPX) feature of Sophos Firewall versions older than 21.0 MR2 (21.0.2). The vulnerability is triggered when a specific configuration of SPX is enabled and the firewall is running in High Availability (HA) mode. This vulnerability could allow an attacker to perform pre-authentication remote code execution. The vulnerability impacts approximately 0.05% of deployed devices.