The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. Older CVEs, trivially exploitable vulnerabilities (such as using hard-coded credentials) and those affecting open source projects with very small userbases aren’t listed. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2024-7399 Severity: 7.5 HIGH Impacted Products: Samsung MagicINFO 9 Server version <= 21.…

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. Older CVEs, trivially exploitable vulnerabilities (such as using hard-coded credentials) and those affecting open source projects with very small userbases aren’t listed. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2025-32433 Severity: 10 CRITICAL Impacted Products: OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20 Description: Erlang/OTP is a set of libraries for the Erlang programming language.…

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. Older CVEs, trivially exploitable vulnerabilities (such as using hard-coded credentials) and those affecting open source projects with very small userbases aren’t listed. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2025-32433 Severity: 10 CRITICAL Impacted Products: OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20 Description: Erlang/OTP is a set of libraries for the Erlang programming language.…

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. Older CVEs, trivially exploitable vulnerabilities (such as using hard-coded credentials) and those affecting open source projects with very small userbases aren’t listed. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2025-3248 Severity: 9.8 CRITICAL Impacted Products: Langflow versions prior to 1.3.0 Description: Code injection in the /api/v1/validate/code endpoint.…

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. Older CVEs, trivially exploitable vulnerabilities (such as using hard-coded credentials) and those affecting open source projects with very small userbases aren’t listed. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2025-29891 & CVE-2025-27636 Severity: Awaiting analysis Impacted Products: Apache Camel: from 4.…

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. Older CVEs, trivially exploitable vulnerabilities (such as using hard-coded credentials) and those affecting open source projects with very small userbases aren’t listed. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2025-1974 Severity: 9.3 CRITICAL Impacted Products: Kubernetes ingress-nginx, various versions Description: A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller.…

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. Older CVEs, trivially exploitable vulnerabilities (such as using hard-coded credentials) and those affecting open source projects with very small userbases aren’t listed. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2024-8999 Severity: 9.8 CRITICAL Impacted Products: lunary-ai/lunary version v1.4.25 Description: improper access control vulnerability in the POST /api/v1/data-warehouse/bigquery endpoint.…

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. Older CVEs, trivially exploitable vulnerabilities (such as using hard-coded credentials) and those affecting open source projects with very small userbases aren’t listed. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. Slow week; just 2 from last year. CVE-2024-30043 Severity: 7.…

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. Older CVEs, trivially exploitable vulnerabilities (such as using hard-coded credentials) and those affecting open source projects with very small userbases aren’t listed. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2025-27364 Severity: 10 CRITICAL Impacted Products: MITRE Caldera through 4.2.0 and 5.…

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. Older CVEs, trivially exploitable vulnerabilities (such as using hard-coded credentials) and those affecting open source projects with very small userbases aren’t listed. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2024-54820 Severity: 9.8 CRITICAL Impacted Products: XOne Web Monitor v02.10.2024.530 framework 1.…