CVE-2022-30190 (Follina) — MSDT RCE in Windows (what to know now)
CVE-2022-30190 commonly referred to as Follina grabbed headlines in 2022 because attackers could execute code simply by getting a victim to open a Word document (no macro required). The chain uses Word’s remote template / HTML features to invoke the Windows MSDT handler (ms-msdt:), which in turn runs attacker-controlled commands. Although patches and workarounds exist, […]
CVE-2025-57820: Prototype Pollution in Svelte devalue Library
CVE-2025-57820 is a high-severity prototype pollution vulnerability in the Svelte devalue library (versions before 5.3.2). A crafted input to devalue.parse can modify object prototypes by exploiting unchecked __proto__ properties, leading to serious application-level risks. This issue is resolved in version 5.3.2. Vulnerability Details of CVE-2025-57820 Exploitation Path An attacker can send a specially crafted string […]
SUDO LPE Vulnerabilities: CVE-2025-32462 and CVE-2025-32463
Two privilege escalation vulnerabilities have been discovered in the Sudo utility, tracked as CVE-2025-32462 and CVE-2025-32463. If exploited, these flaws could allow local users to gain root-level access on Linux and macOS systems. The issues were reported by Rich Mirch of Stratascale Cyber Research Unit, and users are strongly advised to update Sudo to the […]
CVE‑2025‑53605: Denial-of-Service in Rust protobuf Crate
CVE‑2025‑53605 is a medium-severity vulnerability in the widely used Rust protobuf crate (versions before 3.7.2). An attacker exploiting uncontrolled recursion in parsing unknown fields can trigger excessive resource use, leading to a Denial-of-Service (DoS) attack. Vulnerability Details < CVE ID CVE‑2025‑53605 Unique ID for tracking the protobuf crate vulnerability. Affected Software Rust protobuf crate Impacts […]
CVE‑2025‑52842: Reflected XSS in Laundry Application
CVE‑2025‑52842 is a medium-severity reflected Cross-Site Scripting (XSS) vulnerability in Laundry 2.3.0, a desktop application for Linux and macOS. By injecting malicious scripts into specific inputs, an attacker can execute code to hijack user sessions or take over accounts. Vulnerability Details Exploitation Path An attacker can craft a malicious URL or input field that, when […]