Discover Vulnerabilities Now!

Vulnerabilities

---

Vendors

---

Products

---

Vulnerability Media Exposure

These listed vulnerabilities have been referenced across multiple public sources, indicating high media attention and potential significance.

CVE-2025-2783

Severity

HIGH

Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file. (Chromium security severity: High)

[GERMAN] Jetzt updaten! Zero-Day-Sicherheitslücke in Chrome wird angegriffen
Google hat dem Webbrowser Chrome ein Update spendiert. Es schließt eine Zero-Day-Lücke, die bereits angegriffen wird.
[ENGLISH] Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks
Google has released out-of-band fixes to address a high-severity security flaw in its Chrome browser for Windows that has been exploited in the wild as part of attacks targeting organizations in Russia.  The vulnerability, tracked as CVE-2025-2783 (CVSS score: 8.3), has been described as a case of "incorrect handle provided in unspecified circumstances in Mojo on Windows." Mojo
[GERMAN] Dringend patchen: Gefährliche Zero-Day-Lücke in Chrome für Spionage ausgenutzt
Angreifer können aus der Chrome-Sandbox ausbrechen und Code auf dem Windows-System des Nutzers ausführen. Es reicht der Besuch einer bösartigen Webseite. (<a href="https://www.golem.de/specials/sicherheitsluecke/">Sicherheitslücke</a>, <a href="https://www.golem.de/specials/browser/">Browser</a>) <img alt="" height="1" src="https://cpx.golem.de/cpx.php?class=17&aid=194682&page=1&ts=1742976241" width="1" />
[GERMAN] Google Chrome/Microsoft Edge: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Google Chrome/Microsoft Edge ausnutzen, um Sicherheitsvorkehrungen zu umgehen.
[GERMAN] Notfallupdate: Kritische Sandbox-Lücke in Firefox und Tor-Browser entdeckt
Nicht nur Chrome-Nutzer sollten dieser Tage ihren Browser updaten. Eine aktiv ausgenutzte Sicherheitslücke betrifft auch die Windows-Version von Firefox. (<a href="https://www.golem.de/specials/sicherheitsluecke/">Sicherheitslücke</a>, <a href="https://www.golem.de/specials/firefox/">Firefox</a>) <img alt="" height="1" src="https://cpx.golem.de/cpx.php?class=17&aid=194773&page=1&ts=1743148082" width="1" />

CVE-2025-22230

Severity

HIGH

VMware Tools for Windows contains an authentication bypass vulnerability due to improper access control.A malicious actor with non-administrative privileges on a guest VM may gain ability to perform certain high privilege operations within that VM.

CVE-2025-1974

Severity

CRITICAL

A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)

CVE-2025-1098

Severity

HIGH

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `mirror-target` and `mirror-host` Ingress annotations can be used to inject arbitrary configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)

CVE-2025-1097

Severity

HIGH

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-cn` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)