{"uuid": "f0954a0d-0b7e-4b68-8f37-2ecc76276a0d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-8180", "type": "seen", "source": "https://t.me/bhhub/858", "content": "Vulnerabilities of the Week\n\n\u2623 SharePoint Under Siege\nCVE-2025-53770 \u2013 Microsoft SharePoint\u2019s zero-day lets unauthenticated attackers remotely execute code by deserializing untrusted data. Already exploited in the wild. No patch yet. If you\u2019re running it, you\u2019re probably already in someone\u2019s pentest report.\n\n\ud83c\udfaf Supply Chain Smoke Alarm\nCVE-2025-54415 \u2013 A misconfigured GitHub Actions workflow in dag-factory allows attackers to take over repos and exfiltrate secrets. Welcome to CI/CD hell.\n\n\ud83d\udd13 WordPress Gets Whacked\nCVE-2025-6895 \u2013 MelaPress Login Security plugin flaw lets attackers bypass authentication and escalate privileges. Another day, another backdoor into WordPress.\n\n\ud83d\udcdf Routers in the Crosshairs\nCVE-2025-8184 + CVE-2025-8180 \u2013 Stack and heap overflows in D-Link and Tenda routers scream botnet fodder. If it ships with a default password, it\u2019s already compromised.\n\n\u26a0 GitHub Action Turns Action Movie\nCVE-2025-54416 \u2013 tj-actions/branch-names lets shell commands fly unchecked. Classic command injection, in plain sight, used by thousands of repos.\n\nIf you\u2019re running SharePoint, GitHub Actions, or small-office routers \u2014 patch like you\u2019ve got ransomware breathing down your neck. Because you probably do.\n\n@bhhub", "creation_timestamp": "2025-08-03T07:31:35.000000Z"}