GLOBAL SITUATIONMONITORING
517 published briefsUTCWed, Apr 15 09:06:08
-
Critical Quest KACE SMA RCE (CVE-2025-32975) Under Attack
Threat actors are actively exploiting CVE-2025-32975, a critical path traversal vulnerability in Quest KACE Systems Management Appliance (SMA) with a CVSS score of 10.0, to achieve unauthenticated remote code execution. Patches were released on March 18, 2026.
-
Researcher Discovers Critical RCE (CVE-2025-12735) in expr-eval JavaScript Library
Security researcher Jangwoo Choe discovered a critical remote code execution (RCE) vulnerability, CVE-2025-12735, in the popular JavaScript library expr-eval. The flaw lets attackers execute arbitrary code and seize full control over hundreds of affected projects.