The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. Older CVEs, trivially exploitable vulnerabilities (such as using hard-coded credentials) and those affecting open source projects with very small userbases aren’t listed. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2025-3248 Severity: 9.8 CRITICAL Impacted Products: Langflow versions prior to 1.3.0 Description: Code injection in the /api/v1/validate/code endpoint.…

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. Older CVEs, trivially exploitable vulnerabilities (such as using hard-coded credentials) and those affecting open source projects with very small userbases aren’t listed. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2025-29891 & CVE-2025-27636 Severity: Awaiting analysis Impacted Products: Apache Camel: from 4.…

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. Older CVEs, trivially exploitable vulnerabilities (such as using hard-coded credentials) and those affecting open source projects with very small userbases aren’t listed. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2025-1974 Severity: 9.3 CRITICAL Impacted Products: Kubernetes ingress-nginx, various versions Description: A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller.…

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. Older CVEs, trivially exploitable vulnerabilities (such as using hard-coded credentials) and those affecting open source projects with very small userbases aren’t listed. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2024-8999 Severity: 9.8 CRITICAL Impacted Products: lunary-ai/lunary version v1.4.25 Description: improper access control vulnerability in the POST /api/v1/data-warehouse/bigquery endpoint.…

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. Older CVEs, trivially exploitable vulnerabilities (such as using hard-coded credentials) and those affecting open source projects with very small userbases aren’t listed. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. Slow week; just 2 from last year. CVE-2024-30043 Severity: 7.…

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. Older CVEs, trivially exploitable vulnerabilities (such as using hard-coded credentials) and those affecting open source projects with very small userbases aren’t listed. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2025-27364 Severity: 10 CRITICAL Impacted Products: MITRE Caldera through 4.2.0 and 5.…

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. Older CVEs, trivially exploitable vulnerabilities (such as using hard-coded credentials) and those affecting open source projects with very small userbases aren’t listed. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2024-54820 Severity: 9.8 CRITICAL Impacted Products: XOne Web Monitor v02.10.2024.530 framework 1.…

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. Older CVEs, trivially exploitable vulnerabilities (such as using hard-coded credentials) and those affecting open source projects with very small userbases aren’t listed. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. This one’s going out a few days late so will have some more recent CVEs.…

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. Older CVEs, trivially exploitable vulnerabilities (such as using hard-coded credentials) and those affecting open source projects with very small userbases aren’t listed. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2024-21413 Severity: 9.8 CRITICAL Impacted Products: Microsoft Outlook Description: Microsoft Outlook Remote Code Execution Vulnerability.…

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. Older CVEs, trivially exploitable vulnerabilities (such as using hard-coded credentials) and those affecting open source projects with very small userbases aren’t listed. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2024-55591 Severity: 9.8 CRITICAL Impacted Products: FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.…