The command injection vulnerability was discovered by Zoom's Offensive Security team within Zoom Node Multimedia Routers (MMRs) prior to version 5.2.1716.0.
Nearly half of the 100,000 WordPress sites with the ACF Extended plugin could still be impacted by the critical vulnerability, tracked as CVE-2025-14533, which could be leveraged to facilitate procurement of administrative permissions, according to BleepingComputer.
Cyber Press reports that a severe vulnerability in Microsoft's Azure Active Directory integration for Windows Admin Center allowed attackers with local admin access to bypass authentication and seize control of any machine in the same Azure tenant.
The vulnerabilities, discovered by the AI security startup Cyata, include a path validation bypass (CVE-2025-68145), an unrestricted git_init issue (CVE-2025-68143), and an argument injection in git_diff (CVE-2025-68144).
The vulnerabilities, CVE-2026-22218 (arbitrary file read) and CVE-2026-22219 (server-side request forgery), allow attackers to exfiltrate sensitive environment variables, including API keys, credentials, and cloud storage secrets.
