The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. Follow links with caution. CVE-2025-59718 Severity: 9.8 CRITICAL Impacted Products: Fortinet FortiOS, Fortinet FortiProxy, Fortinet FortiSwitchManager Description: Fortinet FortiOS, FortiProxy, and FortiSwitchManager contain an improper verification of cryptographic signature vulnerability that allows an unauthenticated attacker to bypass FortiCloud SSO login authentication.…

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. Follow links with caution. CVE-2025-55182 Severity: 10.0 CRITICAL Impacted Products: React Server Components (RSC) versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 Description: A deserialization of untrusted data vulnerability. This flaw allows an unauthenticated, remote attacker to achieve arbitrary code execution on affected systems.…

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. Follow links with caution. CVE-2025-53770 Severity: 8.8 HIGH Impacted Products: On-premises SharePoint servers Description: Starting in mid-July 2025, threat actors began actively exploiting two path traversal vulnerabilities affecting on-premises SharePoint servers: CVE-2025-53770 and CVE-2025-53771.…

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. Follow links with caution. CVE-2025-64446 Severity: 9.8 CRITICAL Impacted Products: Fortinet FortiWeb 8.0.0 through 8.0.1, Fortinet FortiWeb 7.6.0 through 7.6.4, Fortinet FortiWeb 7.4.0 through 7.4.9, Fortinet FortiWeb 7.2.0 through 7.2.11, Fortinet FortiWeb 7.0.0 through 7.…

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. Older CVEs, trivially exploitable vulnerabilities (such as using hard-coded credentials) and those affecting open source projects with very small userbases aren’t listed. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2025-64446 & CVE-2025-58034 Severity: 9.8 CRITICAL Impacted Products: Fortinet FortiWeb 8.0.0 through 8.…

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. Older CVEs, trivially exploitable vulnerabilities (such as using hard-coded credentials) and those affecting open source projects with very small userbases aren’t listed. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2025-59287 Severity: 9.8 CRITICAL Impacted Products: Windows Server - various versions Description: Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.…

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. Older CVEs, trivially exploitable vulnerabilities (such as using hard-coded credentials) and those affecting open source projects with very small userbases aren’t listed. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2025-59287 Severity: 9.8 CRITICAL Impacted Products: Windows Server - various versions Description: Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.…

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. Older CVEs, trivially exploitable vulnerabilities (such as using hard-coded credentials) and those affecting open source projects with very small userbases aren’t listed. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2025-27363 Severity: 8.1 HIGH Impacted Products: FreeType versions 2.13.0 and below Description: An out of bounds write exists in FreeType versions 2.…

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. Older CVEs, trivially exploitable vulnerabilities (such as using hard-coded credentials) and those affecting open source projects with very small userbases aren’t listed. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2025-59834 Severity: 9.8 CRITICAL Impacted Products: adb-mcp MCP Server < 0.1.0 Description: ADB MCP Server is a MCP (Model Context Protocol) server for interacting with Android devices through ADB.…

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. Older CVEs, trivially exploitable vulnerabilities (such as using hard-coded credentials) and those affecting open source projects with very small userbases aren’t listed. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2025-9083 Severity: 9.8 CRITICAL Impacted Products: Ninja Forms WordPress plugin before 3.…