CVE-2022-30190 (Follina) — MSDT RCE in Windows (what to know now)
CVE-2022-30190 commonly referred to as Follina grabbed headlines in 2022 because attackers could execute code simply by getting a victim to open a Word document (no macro required). The chain uses Word’s remote template / HTML features to invoke the Windows MSDT handler (ms-msdt:), which in turn runs attacker-controlled commands. Although patches and workarounds exist, […]
CVE-2025-57820: Prototype Pollution in Svelte devalue Library
CVE-2025-57820 is a high-severity prototype pollution vulnerability in the Svelte devalue library (versions before 5.3.2). A crafted input to devalue.parse can modify object prototypes by exploiting unchecked __proto__ properties, leading to serious application-level risks. This issue is resolved in version 5.3.2. Vulnerability Details of CVE-2025-57820 Exploitation Path An attacker can send a specially crafted string […]
CVE‑2025‑53605: Denial-of-Service in Rust protobuf Crate
CVE‑2025‑53605 is a medium-severity vulnerability in the widely used Rust protobuf crate (versions before 3.7.2). An attacker exploiting uncontrolled recursion in parsing unknown fields can trigger excessive resource use, leading to a Denial-of-Service (DoS) attack. Vulnerability Details < CVE ID CVE‑2025‑53605 Unique ID for tracking the protobuf crate vulnerability. Affected Software Rust protobuf crate Impacts […]
CVE‑2025‑52842: Reflected XSS in Laundry Application
CVE‑2025‑52842 is a medium-severity reflected Cross-Site Scripting (XSS) vulnerability in Laundry 2.3.0, a desktop application for Linux and macOS. By injecting malicious scripts into specific inputs, an attacker can execute code to hijack user sessions or take over accounts. Vulnerability Details Exploitation Path An attacker can craft a malicious URL or input field that, when […]
CVE‑2025‑36630: Local Privilege Escalation in Tenable Nessus on Windows
CVE‑2025‑36630 is a newly identified high-severity vulnerability affecting Tenable Nessus on Windows systems (versions prior to 10.8.5). The flaw allows non-administrative users to overwrite arbitrary system files with data from application logs running as SYSTEM, potentially enabling full privilege escalation. Vulnerability Details < CVE ID CVE‑2025‑36630 Unique ID to track this vulnerability. Affected Software Tenable […]