CVE-2025-49704

🚨 Multiple U.S. government agencies reportedly breached in major SharePoint vulnerability exploit, including the Department of Homeland Security, NIH, and possibly Qatari systems. 🚨 The U.S. Department of Homeland Security (DHS) is reportedly among the federal agencies compromised in the recent SharePoint exploit campaign. u/Microsoft has now confirmed the involvement …

Critical Zero-Day in Microsoft SharePoint Enables Unauthenticated Remote Code Execution CVE-2025-53770 (CVSS 9.8) is a critical zero-day vulnerability affecting **on-premises Microsoft SharePoint Server**. It is a variant of CVE-2025-49704 and stems from unsafe deserialization of untrusted data, allowing **unauthenticated remote code execution** over the network. Attackers exploit this flaw to …

🔥 Top 10 Trending CVEs (24/07/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2024-4947](https://nvd.nist.gov/vuln/detail/CVE-2024-4947)** - 📝 Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security …

Microsoft bleibt stabil - diesmal Sharepoint > CISA Orders Urgent Patching After Chinese Hackers Exploit SharePoint Flaws in Live Attacks > CVE-2025-49704 – SharePoint Remote Code Execution CVE-2025-49706 – SharePoint Post-auth Remote Code Execution CVE-2025-53770 – SharePoint ToolShell Authentication Bypass and Remote Code Execution CVE-2025-53771 – SharePoint ToolShell Path Traversal

Alert: ⚠️ NNSA Breached via SharePoint Zero-Days—Nation-State Attack Suspected The U.S. National Nuclear Security Administration was reportedly compromised using chained SharePoint vulnerabilities CVE-2025-49706 and CVE-2025-49704. 🔹 Exploited servers were on-prem 🔹 No classified data accessed, but dozens of servers impacted 🔹 Patches released; CISA added flaws tothe KEV list 🔗 …

🔥 Top 10 Trending CVEs (23/07/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2025-49113](https://nvd.nist.gov/vuln/detail/CVE-2025-49113)** - 📝 Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading …

🔥 Top 10 Trending CVEs (22/07/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2025-53816](https://nvd.nist.gov/vuln/detail/CVE-2025-53816)** - 📝 7-Zip is a file archiver with a high compression ratio. Zeroes written outside heap buffer in RAR5 handler may lead to memory corruption and denial of service in …

The "ToolShell" Zero-Day: How a Botched Patch Led to a Global SharePoint Meltdown In the world of cybersecurity, there are mistakes, and then there are **catastrophes**. In July 2025, we witnessed the latter. A botched patch for a critical vulnerability in Microsoft SharePoint Server didn't just fail to fix the …

Security Updates Sharepoint, Netscaler en Cisco ISE **Ernstig beveiligingslek in Microsoft SharePoint wordt misbruikt** Het Nationaal Cyber Security Centrum (NCSC), Microsoft en het Amerikaanse cyberagentschap CISA slaan alarm: er wordt actief misbruik gemaakt van een kritieke kwetsbaarheid in Microsoft SharePoint. Dit lek, aangeduid als CVE-2025-53770, stelt aanvallers in staat om …

🔥 Top 10 Trending CVEs (21/07/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2025-53771](https://nvd.nist.gov/vuln/detail/CVE-2025-53771)** - 📝 Microsoft SharePoint Server Spoofing Vulnerability - 📅 **Published:** 20/07/2025 - 📈 **CVSS:** 6.3 - 🧭 **Vector:** CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C - 📣 **Mentions:** 9 - 📝 **Analysis:** A SharePoint Server spoofing …