Trending now

CVE-2025-49113 is a remote code execution vulnerability affecting Roundcube Webmail versions before 1.5.10 and 1.6.x before 1.6.11. It stems from the insufficient validation of the `_from` parameter in the `program/actions/settings/upload.php` file. This lack of validation allows for PHP Object Deserialization, potentially enabling authenticated users to execute arbitrary code on the Roundcube Webmail server. The vulnerability has been addressed in Roundcube Webmail versions 1.5.10 and 1.6.11.

CVE-2025-49144 is a privilege escalation vulnerability found in Notepad++ version 8.8.1 and prior. It stems from the installer's insecure handling of executable search paths, which could allow an attacker to gain SYSTEM-level privileges. The vulnerability exists because the installer searches for executable dependencies in the current working directory without proper validation. An attacker could exploit this by using social engineering or clickjacking to trick a user into downloading both the legitimate Notepad++ installer and a malicious executable into the same directory (often the Downloads folder). When the user runs the installer, the malicious executable would be loaded and executed with SYSTEM privileges, granting the attacker control over the system. This issue has been addressed in Notepad++ version 8.8.2 by enforcing absolute paths for critical operations.

CVE-2025-6019 is a local privilege escalation (LPE) vulnerability found in the libblockdev library. It can be exploited by accessing the udisks2 daemon, which manages storage devices, if an attacker gains the privileges of an active user (allow_active). This vulnerability exists because udisks mounts user-provided filesystem images with security flags to prevent privilege escalation. A local attacker can create a specially crafted XFS image containing a SUID-root shell and trick udisks into resizing it. This action mounts the malicious filesystem with root privileges, allowing the attacker to execute their SUID-root shell and gain complete control of the system. The vulnerability is triggered because the mount is performed without enforcing `nosuid` or `nodev` options.

CVE-2023-25690 is a vulnerability in Apache HTTP Server versions 2.4.0 through 2.4.55. It involves a HTTP Request Smuggling attack that can occur in certain `mod_proxy` configurations. These configurations are affected when `mod_proxy` is enabled alongside some form of `RewriteRule` or `ProxyPassMatch` where a non-specific pattern matches a portion of the user-supplied request-target (URL) data, which is then re-inserted into the proxied request-target using variable substitution. This vulnerability can lead to request splitting or smuggling, potentially allowing attackers to bypass access controls on the proxy server. It can also result in unintended proxying of URLs to existing origin servers and cache poisoning. To mitigate this vulnerability, it is recommended to update to Apache version 2.4.56 or later.

CVE-2025-49384 affects Trend Micro Security 17.8 (Consumer). It is a link following local privilege escalation vulnerability. A local attacker could exploit this vulnerability to unintentionally delete privileged Trend Micro files, potentially including the application itself.

CVE-2025-49385 is a local privilege escalation vulnerability affecting Trend Micro Security 17.8 (Consumer). It stems from a link following issue within the Platinum Host Service. A local attacker can exploit this vulnerability by creating a symbolic link, which the service then follows, leading to the deletion of privileged Trend Micro files. This could allow the attacker to escalate their privileges and execute arbitrary code within the SYSTEM context.

CVE-2024-25600 is a Remote Code Execution (RCE) vulnerability affecting the Bricks Builder plugin for WordPress. This vulnerability exists in versions up to and including 1.9.6. The vulnerability stems from improper handling of user input within the Bricks Builder plugin, which allows unauthenticated attackers to inject and execute arbitrary PHP code remotely on the server. Exploitation could lead to full site compromise, data theft, and potential malware distribution. A patch addressing this vulnerability has been released in Bricks Builder plugin version 1.9.6.1 or higher.

CVE-2025-0133 is a reflected cross-site scripting (XSS) vulnerability found in the GlobalProtect gateway and portal features of Palo Alto Networks PAN-OS software. This vulnerability allows for the execution of malicious JavaScript within the browser of an authenticated Captive Portal user when they interact with a specially crafted link. The primary risk associated with this vulnerability is the potential for phishing attacks that could lead to the theft of user credentials, particularly if Clientless VPN is enabled. An attacker could create links that appear to be hosted on the GlobalProtect portal to steal credentials. Threat IDs 510003 and 510004 can be enabled to block attacks. Disabling Clientless VPN can also serve as mitigation.

CVE-2025-24201 is a zero-day vulnerability found in Apple's WebKit browser engine. This vulnerability allows attackers to bypass the Web Content sandbox using maliciously crafted web content. It affects various Apple devices and operating systems, including iOS, macOS, iPadOS, visionOS, and Safari, as well as Linux and Windows systems where WebKit is utilized. The vulnerability is an out-of-bounds write issue, and Apple has addressed it with improved checks in updates iOS 18.3.2, iPadOS 18.3.2, macOS Sequoia 15.3.2, visionOS 2.3.2, and Safari 18.3.1. This zero-day vulnerability was reportedly exploited in highly sophisticated attacks targeting specific individuals before the release of iOS 17.2, which contained a partial mitigation. While the attacks were not widespread, Apple urges users to install the latest security updates to prevent further exploitation attempts. The vulnerability was discovered by Bill Marczak of The Citizen Lab at the University of Toronto. It affects a wide range of Apple devices, including iPhone XS and later, several iPad models, Macs running macOS Sequoia, and Apple Vision Pro.

CVE-2023-48022 is a vulnerability affecting Anyscale Ray versions 2.6.3 and 2.8.0. It exists within the job submission API of the Ray framework, a tool used for Python-based AI and machine learning applications. This vulnerability allows a remote attacker to execute arbitrary code on the system. The flaw stems from a lack of authentication or verification in the job submission API, potentially leading to unauthorized access and control over the system.