The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. Older CVEs, trivially exploitable vulnerabilities (such as using hard-coded credentials) and those affecting open source projects with very small userbases aren’t listed. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2025-53770 Severity: 9.8 CRITICAL Impacted Products: Hosted Sharepoint Server Description: Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network.…

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. Older CVEs, trivially exploitable vulnerabilities (such as using hard-coded credentials) and those affecting open source projects with very small userbases aren’t listed. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2025-53770 Severity: 9.8 CRITICAL Impacted Products: Hosted Sharepoint Server Description: Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network.…

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. Older CVEs, trivially exploitable vulnerabilities (such as using hard-coded credentials) and those affecting open source projects with very small userbases aren’t listed. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2025-5777 Severity: 7.5 HIGH Impacted Products: NetScaler Description: Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server.…

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. Older CVEs, trivially exploitable vulnerabilities (such as using hard-coded credentials) and those affecting open source projects with very small userbases aren’t listed. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2025-6554 Severity: 7.5 HIGH Impacted Products: Google Chrome prior to 138.0.7204.96 Description: Type confusion in V8 in Google Chrome prior to 138.…

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. Older CVEs, trivially exploitable vulnerabilities (such as using hard-coded credentials) and those affecting open source projects with very small userbases aren’t listed. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2025-50201 Severity: 9.8 CRITICAL Impacted Products: WeGIA < 3.4.2 Description: WeGIA is a web manager for charitable institutions.…

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. Older CVEs, trivially exploitable vulnerabilities (such as using hard-coded credentials) and those affecting open source projects with very small userbases aren’t listed. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2025-2783 Severity: 8.3 HIGH Impacted Products: Google Chrome on Windows prior to 134.…

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. Older CVEs, trivially exploitable vulnerabilities (such as using hard-coded credentials) and those affecting open source projects with very small userbases aren’t listed. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2025-33073 Severity: 8.8 HIGH Impacted Products: Windows, various Description: Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network.…

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. Older CVEs, trivially exploitable vulnerabilities (such as using hard-coded credentials) and those affecting open source projects with very small userbases aren’t listed. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2025-49113 Severity: 9.9 CRITICAL Impacted Products: Roundcube Webmail before 1.5.10 and 1.…

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. Older CVEs, trivially exploitable vulnerabilities (such as using hard-coded credentials) and those affecting open source projects with very small userbases aren’t listed. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2025-48828 Severity: 9.0 CRITICAL Impacted Products: Vbulletin 6.0.3 Description: Certain vBulletin versions might allow attackers to execute arbitrary PHP code by abusing Template Conditionals in the template engine.…

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. Older CVEs, trivially exploitable vulnerabilities (such as using hard-coded credentials) and those affecting open source projects with very small userbases aren’t listed. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2025-31324 Severity: 9.8 CRITICAL Impacted Products: SAP NetWeaver Visual Composer Metadata Uploader Description: SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system.…