CVE-2025-30397: Access of resource using incompatible type ('type confusion') in Microsoft Scripting Engine allows an unauthorized attacker to execute code over a network. github.com/mbanyamer/CVE-…

⚠️ We’ve reproduced CVE-2025-49113 in Roundcube. This vulnerability allows authenticated users to execute arbitrary commands via PHP object deserialization. If you're running Roundcube — update immediately!

CVE-2025-2945: Remote Code Execution security vulnerability in pgAdmin 4 (Query Tool and Cloud Deployment modules). The vulnerability is associated with the 2 POST endpoints; /sqleditor/query_tool/download, where the query_commited parameter and /cloud/deploy endpoint, where the

CVE-2025-49113: Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization..

CVE-2025-31161: CrushFTP 10 before 10.8.4 and 11 before 11.3.1 allows authentication bypass and takeover of the crushadmin accountas exploited in the wild in March and April 2025, aka "Unauthenticated HTTP(S) port access." A race condition exploitfinder.com/dbexploit/expl…

CVE-2025-30208: Vite, vulnerability in versions prior to 6.2.3, 6.1.2, 6.0.12, 5.4.15, and 4.5.10. `Felipe Silva` denies access to files outside of Vite serving allow list. Adding `?raw??` or `?import&raw??` to the URL bypasses this limitation exploitfinder.com/dbexploit/expl…

CVE-2025-32756: Fortinet RCE PoC stack-based buffer overflow vulnerability. Type: Stack-based buffer overflow in AuthHash cookie Impact: Unauthenticated remote code execution Affected Products: FortiVoice, FortiMail, FortiNDR, FortiRecorder, FortiCamera. github.com/kn0x0x/CVE-202…

CVE-2025-21420: Windows Disk Cleanup Tool Elevation of Privilege Vulnerability github.com/moiz-2x/CVE-20…

CVE-2025-33053: External control of file name or path in WebDAV allows an unauthorized attacker to execute code over a network. github.com/DevBuiHieu/CVE…

CVE-2025-27817: A possible arbitrary file read and SSRF vulnerability has been identified in Apache Kafka Client. Apache Kafka Clients accept configuration data . github.com/kk12-30/CVE-20…

CVE-2025-24514:A security issue was discovered in ingress-nginx github.com/kubernetes/ing… where the `auth-url` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution github.com/KimJuhyeong95/…

Notepad++ Flaw Enables Privilege Escalation to NT AUTHORITY\SYSTEM

CVE-2025-6218: RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. github.com/CryingN/CVE-20…

CVE-2025-32463: Local Privilege Escalation via sudo -R NSS Injection github.com/Mikivirus0/sud…

CVE-2025-5777 : Citrix NetScaler Memory Leak Exploit (CitrixBleed 2) github.com/bughuntar/CVE-…

CVE-2025-53770: YARA Rules to detect critical vulnerabilities. Deserialization of untrusted data in Microsoft SharePoint Server allowing remote code execution. github.com/Neo23x0/signat…

Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild. github.com/kaizensecurity…

CVE-2025-49113 – Roundcube Webmail RCE Exploit exploitfinder.com/dbexploit/expl…