CVE Top 10

The SOS Intelligence CVE Chatter Weekly Top Ten – 15 September 2025

by Amir Hadzipasic

September 15, 2025

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

1. CVE-2025-43300

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.7.8, macOS Ventura 13.7.8, iPadOS 17.7.10, macOS Sequoia 15.6.1, iOS 18.6.2 and iPadOS 18.6.2. Processing a malicious image file may result in memory corruption. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.

https://nvd.nist.gov/vuln/detail/CVE-2025-50154

2. CVE-2025-50154

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.

3. CVE-2025-53773

Improper neutralization of special elements used in a command (‘command injection’) in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code locally.

https://nvd.nist.gov/vuln/detail/CVE-2025-53773

4. CVE-2025-7775

Memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server

(OR)

NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type (HTTP, SSL or HTTP_QUIC) bound with IPv6 services or servicegroups bound with IPv6 servers

(OR)

NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type (HTTP, SSL or HTTP_QUIC) bound with DBS IPv6 services or servicegroups bound with IPv6 DBS servers

(OR)

CR virtual server with type HDX

https://nvd.nist.gov/vuln/detail/CVE-2025-7775

5. CVE-2025-8088

A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček
from ESET.

6. CVE-2024-38476

Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable.

Users are recommended to upgrade to version 2.4.60, which fixes this issue.

https://nvd.nist.gov/vuln/detail/CVE-2025-32433

7. CVE-2025-32433

Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround involves disabling the SSH server or to prevent access via firewall rules.

8. CVE-2025-23303

NVIDIA NeMo Framework for all platforms contains a vulnerability where a user could cause a deserialization of untrusted data by remote code execution. A successful exploit of this vulnerability might lead to code execution and data tampering.

https://nvd.nist.gov/vuln/detail/CVE-2025-23303

9. CVE-2018-0802

Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way objects are handled in memory, aka “Microsoft Office Memory Corruption Vulnerability”. This CVE is unique from CVE-2018-0797 and CVE-2018-0812.

https://nvd.nist.gov/vuln/detail/CVE-2018-0802

10. CVE-2017-11882

Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka “Microsoft Office Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-11884.

https://nvd.nist.gov/vuln/detail/CVE-2017-11882

The SOS Intelligence CVE Chatter Weekly Top Ten – 08 September 2025

by Amir Hadzipasic

September 8, 2025

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

1. CVE-2025-43300

https://nvd.nist.gov/vuln/detail/CVE-2025-5287

2. CVE-2025-5287

The Likes and Dislikes Plugin plugin for WordPress is vulnerable to SQL Injection via the ‘post’ parameter in all versions up to, and including, 1.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

3. CVE-2024-38476

Users are recommended to upgrade to version 2.4.60, which fixes this issue.

4. CVE-2025-8088

5. CVE-2025-21298

Windows OLE Remote Code Execution Vulnerability

https://nvd.nist.gov/vuln/detail/CVE-2025-55177

6. CVE-2025-55177

Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78 could have allowed an unrelated user to trigger processing of content from an arbitrary URL on a target’s device. We assess that this vulnerability, in combination with an OS-level vulnerability on Apple platforms (CVE-2025-43300), may have been exploited in a sophisticated attack against specific targeted users.

7. CVE-2023-5561

WordPress does not properly restrict which user fields are searchable via the REST API, allowing unauthenticated attackers to discern the email addresses of users who have published public posts on an affected website via an Oracle style attack

https://nvd.nist.gov/vuln/detail/CVE-2023-5561

8. CVE-2023-34960

A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name.

https://nvd.nist.gov/vuln/detail/CVE-2023-34960

9. CVE-2025-6554

Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)

https://nvd.nist.gov/vuln/detail/CVE-2024-6409

10. CVE-2024-6409

A race condition vulnerability was discovered in how signals are handled by OpenSSH’s server (sshd). If a remote attacker does not authenticate within a set time period, then sshd’s SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). As a consequence of a successful attack, in the worst case scenario, an attacker may be able to perform a remote code execution (RCE) as an unprivileged user running the sshd server.

The SOS Intelligence CVE Chatter Weekly Top Ten – 01 September 2025

by Amir Hadzipasic

September 1, 2025

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

1. CVE-2025-43300

2. CVE-2025-6554

Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)

https://nvd.nist.gov/vuln/detail/CVE-2017-0144

3. CVE-2017-0144

The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka “Windows SMB Remote Code Execution Vulnerability.” This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148.

4. CVE-2025-21298

Windows OLE Remote Code Execution Vulnerability

https://nvd.nist.gov/vuln/detail/CVE-2025-42999

5. CVE-2025-42999

SAP NetWeaver Visual Composer Metadata Uploader is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability of the host system.

6. CVE-2025-31324

SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availability of the targeted system.

https://nvd.nist.gov/vuln/detail/CVE-2025-31324

7. CVE-2025-8715

Improper neutralization of newlines in pg_dump in PostgreSQL allows a user of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands inside a purpose-crafted object name. The same attacks can achieve SQL injection as a superuser of the restore target server. pg_dumpall, pg_restore, and pg_upgrade are also affected. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected. Versions before 11.20 are unaffected. CVE-2012-0868 had fixed this class of problem, but version 11.20 reintroduced it.

https://nvd.nist.gov/vuln/detail/CVE-2025-8715

8. CVE-2025-32433

https://nvd.nist.gov/vuln/detail/CVE-2025-32433

9. CVE-2025-25256

An improper neutralization of special elements used in an OS command (‘OS Command Injection’) vulnerability [CWE-78] in Fortinet FortiSIEM version 7.3.0 through 7.3.1, 7.2.0 through 7.2.5, 7.1.0 through 7.1.7, 7.0.0 through 7.0.3 and before 6.7.9 allows an unauthenticated attacker to execute unauthorized code or commands via crafted CLI requests.

https://nvd.nist.gov/vuln/detail/CVE-2025-25256

10. CVE-2025-8088

The SOS Intelligence CVE Chatter Weekly Top Ten – 25 August 2025

by Amir Hadzipasic

August 25, 2025

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

1. CVE-2025-8088

2. CVE-2024-21762

A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specifically crafted requests

3. CVE-2024-21060

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Data Dictionary). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

4. CVE-2021-40539

Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution.

5. CVE-2017-8759

Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to execute code remotely via a malicious document or application, aka “.NET Framework Remote Code Execution Vulnerability.”

6. CVE-2024-10687

The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal, Social Share Buttons plugin for WordPress is vulnerable to time-based SQL Injection via the $collectedIds parameter in all versions up to, and including, 24.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

7. CVE-2016-10033

The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a ” (backslash double quote) in a crafted Sender property.

https://nvd.nist.gov/vuln/detail/CVE-2025-21204

8. CVE-2025-21204

Improper link resolution before file access (‘link following’) in Windows Update Stack allows an authorized attacker to elevate privileges locally.

9. CVE-2024-38476

Users are recommended to upgrade to version 2.4.60, which fixes this issue.

10. CVE-2025-43300

The SOS Intelligence CVE Chatter Weekly Top Ten – 18 August 2025

by Amir Hadzipasic

August 18, 2025

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

1. CVE-2025-8088

2. CVE-2024-38476

Users are recommended to upgrade to version 2.4.60, which fixes this issue.

https://nvd.nist.gov/vuln/detail/CVE-2025-21204

3. CVE-2025-21204

Improper link resolution before file access (‘link following’) in Windows Update Stack allows an authorized attacker to elevate privileges locally.

4. CVE-2024-21762

5. CVE-2024-21060

6. CVE-2021-40539

Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution.

7. CVE-2024-10687

8. CVE-2017-8759

9. CVE-2016-10033

https://nvd.nist.gov/vuln/detail/CVE-2025-32433

10. CVE-2025-32433

https://nvd.nist.gov/vuln/detail/CVE-2025-21204

The SOS Intelligence CVE Chatter Weekly Top Ten – 11 August 2025

by Amir Hadzipasic

August 11, 2025

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

1. CVE-2025-21204

Improper link resolution before file access (‘link following’) in Windows Update Stack allows an authorized attacker to elevate privileges locally.

2. CVE-2024-38476

Users are recommended to upgrade to version 2.4.60, which fixes this issue.

3. CVE-2024-21762

4. CVE-2017-8759

5. CVE-2024-21060

6. CVE-2021-40539

Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution.

7. CVE-2016-10033

8. CVE-2024-10687

9. CVE-2025-21298

Windows OLE Remote Code Execution Vulnerability

https://nvd.nist.gov/vuln/detail/CVE-2024-6409

10. CVE-2024-6409

The SOS Intelligence CVE Chatter Weekly Top Ten – 04 August 2025

by Amir Hadzipasic

August 4, 2025

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

1. CVE-2025-21298

Windows OLE Remote Code Execution Vulnerability

https://nvd.nist.gov/vuln/detail/CVE-2025-53770

2. CVE-2025-53770

Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network.
Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild.
Microsoft is preparing and fully testing a comprehensive update to address this vulnerability. In the meantime, please make sure that the mitigation provided in this CVE documentation is in place so that you are protected from exploitation.

3. CVE-2025-5287

https://nvd.nist.gov/vuln/detail/CVE-2025-5287

4. CVE-2025-49704

Improper control of generation of code (‘code injection’) in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

https://nvd.nist.gov/vuln/detail/CVE-2025-49704

5. CVE-2024-23660

The Binance Trust Wallet app for iOS in commit 3cd6e8f647fbba8b5d8844fcd144365a086b629f, git tag 0.0.4 misuses the trezor-crypto library and consequently generates mnemonic words for which the device time is the only entropy source, leading to economic losses, as exploited in the wild in July 2023. An attacker can systematically generate mnemonics for each timestamp within an applicable timeframe, and link them to specific wallet addresses in order to steal funds from those wallets.

https://nvd.nist.gov/vuln/detail/CVE-2024-23660

6. CVE-2025-49706

Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

https://nvd.nist.gov/vuln/detail/CVE-2025-49706

7. CVE-2025-53771

Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

https://nvd.nist.gov/vuln/detail/CVE-2025-53771

8. CVE-2024-38476

Users are recommended to upgrade to version 2.4.60, which fixes this issue.

https://nvd.nist.gov/vuln/detail/CVE-2025-20337

9. CVE-2025-20337

A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker does not require any valid credentials to exploit this vulnerability.

This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to obtain root privileges on an affected device.

10. CVE-2025-6554

Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)

https://nvd.nist.gov/vuln/detail/CVE-2017-5689

The SOS Intelligence CVE Chatter Weekly Top Ten – 28 July 2025

by Amir Hadzipasic

July 28, 2025

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

1. CVE-2017-5689

An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM). An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology (SBT).

2. CVE-2025-53770

https://nvd.nist.gov/vuln/detail/CVE-2025-53770

3. CVE-2025-49706

Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

https://nvd.nist.gov/vuln/detail/CVE-2025-49706

4. CVE-2025-49704

Improper control of generation of code (‘code injection’) in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

https://nvd.nist.gov/vuln/detail/CVE-2025-49704

5. CVE-2025-47165

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

https://nvd.nist.gov/vuln/detail/CVE-2025-47165

6. CVE-2025-27817

A possible arbitrary file read and SSRF vulnerability has been identified in Apache Kafka Client. Apache Kafka Clients accept configuration data for setting the SASL/OAUTHBEARER connection with the brokers, including “sasl.oauthbearer.token.endpoint.url” and “sasl.oauthbearer.jwks.endpoint.url”. Apache Kafka allows clients to read an arbitrary file and return the content in the error log, or sending requests to an unintended location. In applications where Apache Kafka Clients configurations can be specified by an untrusted party, attackers may use the “sasl.oauthbearer.token.endpoint.url” and “sasl.oauthbearer.jwks.endpoint.url” configuratin to read arbitrary contents of the disk and environment variables or make requests to an unintended location. In particular, this flaw may be used in Apache Kafka Connect to escalate from REST API access to filesystem/environment/URL access, which may be undesirable in certain environments, including SaaS products.

Since Apache Kafka 3.9.1/4.0.0, we have added a system property (“-Dorg.apache.kafka.sasl.oauthbearer.allowed.urls”) to set the allowed urls in SASL JAAS configuration. In 3.9.1, it accepts all urls by default for backward compatibility. However in 4.0.0 and newer, the default value is empty list and users have to set the allowed urls explicitly.

https://nvd.nist.gov/vuln/detail/CVE-2025-27817

7. CVE-2025-6554

Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)

https://nvd.nist.gov/vuln/detail/CVE-2025-48799

8. CVE-2025-48799

Improper link resolution before file access (‘link following’) in Windows Update Service allows an authorized attacker to elevate privileges locally.

9. CVE-2025-53771

Improper limitation of a pathname to a restricted directory (‘path traversal’) in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

https://nvd.nist.gov/vuln/detail/CVE-2025-53771

10. CVE-2024-6409

https://nvd.nist.gov/vuln/detail/CVE-2024-6409

The SOS Intelligence CVE Chatter Weekly Top Ten – 21 July 2025

by Amir Hadzipasic

July 21, 2025

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

1. CVE-2021-40539

Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution.

2. CVE-2025-6554

Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)

https://nvd.nist.gov/vuln/detail/CVE-2021-44228

3. CVE-2021-44228

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.

4. CVE-2025-5287

https://nvd.nist.gov/vuln/detail/CVE-2025-5287

5. CVE-2024-21762

6. CVE-2024-21060

7. CVE-2017-8759

8. CVE-2016-10033

9. CVE-2024-10687