CVE-2025-2749
Kentico Xperience Path Traversal Vulnerability - Active in CISA KEV catalog.
Critical vulnerabilities, curated daily for security professionals
See how vulnerabilities affect your specific environment
CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework
Thursday's disclosures center on networking equipment and developer infrastructure, with multiple Tenda router models, Jenkins GitHub Plugin, and cPanel/WHM hosting platforms exposed to remote compromise. Eight critical CVEs were disclosed yesterday, down 50% from the prior day, alongside 100 high-priority issues matching the previous day's volume. Notable entries include CVE-2026-41940 affecting cPanel/WHM login (CVSS 9.8), CVE-2026-42523 in Jenkins GitHub Plugin (CVSS 9.0), and CVE-2026-36841 in TOTOLINK N200RE V5 (CVSS 9.8). Attack patterns are dominated by remote code execution and authentication bypass affecting hosting platforms, CI/CD systems, and consumer-grade networking gear. No vendor patches were available at disclosure, requiring compensating controls and accelerated mitigation planning.
Immediate action: Prioritize isolation and access controls for cPanel/WHM hosting environments, Jenkins GitHub Plugin instances, and Tenda/TOTOLINK consumer routers exposed to untrusted networks. With no patches currently available for the critical disclosures, focus on network segmentation, WAF rules, and monitoring while tracking actively exploited issues in Microsoft Defender, ConnectWise ScreenConnect, and JetBrains TeamCity for immediate remediation.
Kentico Xperience Path Traversal Vulnerability - Active in CISA KEV catalog.
PaperCut NG/MF Improper Authentication Vulnerability - Active in CISA KEV catalog.
Quest KACE Systems Management Appliance (SMA) Improper Authentication Vulnerability - Active in CISA KEV catalog.
JetBrains TeamCity Relative Path Traversal Vulnerability - Active in CISA KEV catalog.
Microsoft Defender Insufficient Granularity of Access Control Vulnerability - Active in CISA KEV catalog.
Marimo Remote Code Execution Vulnerability - Active in CISA KEV catalog.
D-Link DIR-823X Command Injection Vulnerability - Active in CISA KEV catalog.
Samsung MagicINFO 9 Server Path Traversal Vulnerability - Active in CISA KEV catalog.
SimpleHelp Path Traversal Vulnerability - Active in CISA KEV catalog.
SimpleHelp Missing Authorization Vulnerability - Active in CISA KEV catalog.
ConnectWise ScreenConnect Path Traversal Vulnerability - Active in CISA KEV catalog.
Microsoft Windows Protection Mechanism Failure Vulnerability - Active in CISA KEV catalog.
The Jenkins GitHub Plugin contains a stored cross-site scripting (XSS) vulnerability due to improper URL processing during GitHub hook trigger validation.
Tenda wireless routers contain a cookie session weakness allowing unauthenticated attackers to modify DNS settings through insufficient session validation.
Tenda W308R v2 routers contain a cookie session weakness that allows unauthenticated attackers to modify DNS settings by exploiting insufficient session validation.
Tenda FH303/A300 routers contain a session weakness that allows unauthenticated attackers to modify DNS settings via insufficient cookie validation.
An authentication bypass vulnerability in the cPanel and WHM login flow allows unauthenticated remote attackers to gain unauthorized access to the control panel.
A path traversal vulnerability in Wazuh's cluster synchronization routine allows authenticated peers to write arbitrary files and potentially achieve remote code execution.
A path traversal vulnerability in the Pardus Software Center allows attackers to access or manipulate files outside the intended directory.
A command injection vulnerability in the TOTOLINK N200RE V5 router allows remote code execution via specifically crafted parameters in the formMapDelDevice function.
OpenCATS prior to commit 3002a29 contains a PHP code injection vulnerability in the installer AJAX endpoint that allows unauthenticated attackers to execute arbitrary code by injecting PHP statements into the databaseConnectivity action parameter
Cockpit CMS contains an authenticated remote code execution vulnerability in the /cockpit/collections/save_collection endpoint that allows authenticated attackers with collection management privileges to inject arbitrary PHP code into collection rules parameters
A use-after-free vulnerability in the Views component of Google Chrome on Mac allows for potential arbitrary code execution.
A use-after-free vulnerability in the media component of Google Chrome allows for potential arbitrary code execution.
A use-after-free vulnerability exists within the WebRTC component of Google Chrome, potentially allowing for arbitrary code execution.
A heap buffer overflow vulnerability in the WebRTC component of Google Chrome could allow an attacker to crash the application or execute arbitrary code.
A use-after-free vulnerability in the WebRTC component of Google Chrome could allow an unauthenticated attacker to trigger memory corruption.
A use-after-free vulnerability in the WebView component of Google Chrome on Android may allow for remote code execution.
A use-after-free vulnerability in the Accessibility component of Google Chrome on Windows could allow for arbitrary code execution.
Use after free in Codecs in Google Chrome prior to 147
Use after free in Media in Google Chrome prior to 147
Use after free in Navigation in Google Chrome prior to 147
Use after free in Animation in Google Chrome prior to 147
Use after free in ANGLE in Google Chrome prior to 147
Use after free in iOS in Google Chrome prior to 147
Use after free in Canvas in Google Chrome on Linux, ChromeOS prior to 147
Use after free in WebMIDI in Google Chrome prior to 147
Use after free in Media in Google Chrome on Android prior to 147
Heap buffer overflow in Skia in Google Chrome prior to 147
Use after free in Chromoting in Google Chrome prior to 147
Use after free in Cast in Google Chrome prior to 147
Use after free in Cast in Google Chrome prior to 147
Use after free in GPU in Google Chrome prior to 147
Type Confusion in V8 in Google Chrome prior to 147
Out of bounds read and write in Angle in Google Chrome prior to 147
Insufficient validation of untrusted input in Feedback in Google Chrome prior to 147
Inappropriate implementation in Tint in Google Chrome prior to 147
Mismatched Memory Management Routines vulnerability in Apache Thrift c_glib language bindings
OpenClaw before 2026
Jenkins Credentials Binding Plugin 719
Cockpit 2
Out-of-bounds Read vulnerability in Apache Thrift
An improper access control vulnerability exists in the Cisco Intersight Device Connector for Nutanix Prism Central
XATABoost CMS 1
Jenkins HTML Publisher Plugin 427 and earlier does not escape job name and URL in the legacy wrapper file, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission
Integer Overflow or Wraparound vulnerability in Apache Thrift TFramedTransport Go language implementation This issue affects Apache Thrift: before 0
Uncontrolled Recursion vulnerability in Apache Thrift Node
pgjdbc is an open source postgresql JDBC Driver
Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift
Integer Overflow or Wraparound vulnerability in Apache Thrift
AgentFlow contains an arbitrary code execution vulnerability that allows attackers to execute local Python pipeline files by supplying a user-controlled pipeline_path parameter to the POST /api/runs and POST /api/runs/validate endpoints
NVIDIA NeMoClaw contains a vulnerability in the sandbox environment initialization component, where a remote attacker could cause improper access control by sending prompt-injected content that causes the agent to read and exfiltrate host environment variables not properly restricted during sandbox creation
NVIDIA FLARE SDK contains a vulnerability in FOBS, where an attacker may cause deserialization of untrusted data by sending a malicious FOBS- encoded message
Improper neutralization of CRLF sequences ('CRLF injection') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus allows Authentication Bypass
TLS protocol dissector heap overflow in Wireshark 4
Local privilege escalation due to improper input validation
Local privilege escalation due to improper input validation
A vulnerability has been found in D-Link DIR-825M 1
A vulnerability was found in D-Link DIR-825M 1
Improper Privilege Management, Improper Access Control, Incorrect privilege assignment vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Software Center allows Hijacking a privileged process
Improper link resolution before file access ('link following') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus About allows Symlink Attack
Improper neutralization of special elements used in an OS command ('OS command injection') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus OS My Computer allows OS Command Injection
Insufficient validation of the prefix length field in IPv6 Router Advertisement processing in FreeRTOS-Plus-TCP before V4
SQL injection vulnerability in Spring AI's `CosmosDBVectorStore` allows attackers to execute arbitrary SQL queries via crafted document IDs
An unsecured configuration interface on affected devices allows unauthenticated remote attackers to access sensitive information, including hashed credentials and access codes
Authentication Bypass vulnerability exists in Netmaker versions prior to 1
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Steve Burge TaxoPress simple-tags allows Blind SQL Injection
OpenClaw before 2026
OpenClaw before 2026
OpenClaw before 2026
OpenClaw before 2026
BuddyPress Xprofile Custom Fields Type 2
A vulnerability was determined in UTT HiPER 1250GW up to 3
A vulnerability was identified in UTT HiPER 1250GW up to 3
A security flaw has been discovered in UTT HiPER 1250GW up to 3
A flaw has been found in Tenda 4G300 US_4G300V1
OpenClaw before 2026
Text::CSV_XS versions before 1
Prime95 29
Easy MPEG to DVD Burner 1
Allok Video to DVD Burner 2
Free Download Manager 2
SysGauge Pro 4
Allok soft WMV to AVI MPEG DVD WMV Converter 4
Alloksoft Video joiner 4
OpenClaw before 2026
OpenClaw before 2026
OpenClaw before 2026
mod_sql in ProFTPD before 1
Integer underflow in the DHCPv6 sub-option parser in FreeRTOS-Plus-TCP before V4
A vulnerability in the access control mechanism of SonicOS may allow certain management interface functions to be accessible under specific conditions
This vulnerability impacts all versions of IdentityIQ and allows an authenticated identity that is the requestor or assignee of a work item to edit the definition of a role without having an assigned capability that would allow role editing
AVACAST developed by eMPIA Technology, has a DLL Hijacking vulnerability, allowing authenticated local attackers to place a malicious DLL in a specific directory, resulting in arbitrary code execution with system privileges when the system loads the DLL
OpenClaw before 2026
OpenClaw before 2026
OpenClaw before 2026
OpenClaw before 2026
An issue in the TVicPort64
Allok AVI to DVD SVCD VCD Converter 4
Outline is a service that allows for collaborative documentation
OpenClaw before 2026
The Aranda File Server (AFS) component in Aranda Software Aranda Service Desk before 8
Information disclosure due to incorrect boundary conditions in the Audio/Video component
OpenClaw before 2026
OpenClaw before 2026
OpenClaw before 2026
Starman versions before 0
TOTOLINK A3002RU V3 <= V3
An issue was discovered in libsndfile 1
The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2