CVE-2022-30190 (Follina) — MSDT RCE in Windows (what to know now)
CVE-2022-30190 commonly referred to as Follina grabbed headlines in 2022 because attackers could execute code simply by getting a victim to open a Word document (no macro required). The chain uses Word’s remote template / HTML features to invoke the Windows MSDT handler (ms-msdt:), which in turn runs attacker-controlled commands. Although patches and workarounds exist, […]
CVE-2025-57820: Prototype Pollution in Svelte devalue Library
CVE-2025-57820 is a high-severity prototype pollution vulnerability in the Svelte devalue library (versions before 5.3.2). A crafted input to devalue.parse can modify object prototypes by exploiting unchecked __proto__ properties, leading to serious application-level risks. This issue is resolved in version 5.3.2. Vulnerability Details of CVE-2025-57820 Exploitation Path An attacker can send a specially crafted string […]
CVE‑2025‑36630: Local Privilege Escalation in Tenable Nessus on Windows
CVE‑2025‑36630 is a newly identified high-severity vulnerability affecting Tenable Nessus on Windows systems (versions prior to 10.8.5). The flaw allows non-administrative users to overwrite arbitrary system files with data from application logs running as SYSTEM, potentially enabling full privilege escalation. Vulnerability Details < CVE ID CVE‑2025‑36630 Unique ID to track this vulnerability. Affected Software Tenable […]
CVE-2025-49127: Unauthenticated Remote Code Execution in Kafbat UI
CVE-2025-49127 is a recently disclosed high-severity vulnerability affecting Kafbat UI, a web interface for managing Apache Kafka clusters. The flaw allows unauthenticated attackers to execute arbitrary code on the server via unsafe deserialization in version 1.0.0. This vulnerability has been addressed in version 1.1.0. Vulnerability Details Exploitation Path The vulnerability arises from unsafe deserialization in […]
CVE-2025-5419: High-Severity Zero-Day Vulnerability in Google Chrome’s V8 Engine
CVE-2025-5419 is a recently disclosed high-severity vulnerability affecting Google Chrome’s V8 JavaScript engine. This out-of-bounds read and write flaw allows remote attackers to potentially exploit heap corruption via crafted HTML pages. The vulnerability has been actively exploited in the wild, prompting Google to release an emergency update to address the issue. Vulnerability Details Exploitation Path […]