CVE Trends

CVE-2025-32433 is a vulnerability found in the Erlang/OTP SSH server. It stems from a flaw in the SSH protocol message handling, which allows an attacker with network access to execute arbitrary code on the server without authentication. Specifically, the vulnerability enables a malicious actor to send connection protocol messages before authentication takes place. Successful exploitation could lead to full compromise of the host, unauthorized access, manipulation of sensitive data, or denial-of-service attacks.

CVE-2025-42599 is a stack-based buffer overflow vulnerability found in Active! mail 6 BuildInfo version 6.60.05008561 and earlier. This vulnerability can be exploited by a remote, unauthenticated attacker sending a specially crafted request. Successful exploitation could lead to arbitrary code execution or a denial-of-service (DoS) condition.

CVE-2024-10442 is an off-by-one error vulnerability found in the transmission component of Synology Replication Service and Synology Unified Controller (DSMUC). This vulnerability affects Synology Replication Service versions before 1.0.12-0066, 1.2.2-0353, and 1.3.0-0423, as well as Synology Unified Controller (DSMUC) versions before 3.1.4-23079. The flaw allows unauthenticated remote attackers to potentially execute arbitrary code on affected systems. This is due to improper bounds checking, which could permit an attacker to write data beyond the allocated buffer by sending a specially crafted input.

CVE-2025-24054 is a vulnerability in Windows NTLM that involves external control of the file name or path, potentially allowing an unauthorized attacker to perform spoofing over a network. The vulnerability can be exploited using a maliciously crafted .library-ms file. Active exploitation of CVE-2025-24054 has been observed in the wild since March 19, 2025. Attackers can potentially leak NTLM hashes or user passwords, compromising systems. Exploitation can be triggered with minimal user interaction, such as right-clicking, dragging and dropping, or simply navigating to a folder containing the malicious file.

CVE-2025-27158 is an Access of Uninitialized Pointer vulnerability affecting Adobe Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428, and earlier. The vulnerability can lead to arbitrary code execution within the context of the current user. Exploitation of this vulnerability requires user interaction, specifically, a victim must open a maliciously crafted file. An attacker could exploit this to execute arbitrary code within the application by enticing a user to open a specially crafted PDF file.

CVE-2025-31200 is a memory corruption vulnerability that exists in Apple's CoreAudio framework. This vulnerability can be triggered when processing an audio stream within a maliciously crafted media file. Successful exploitation of this vulnerability could allow for arbitrary code execution on the affected device. Apple has addressed this issue with improved bounds checking in tvOS 18.4.1, visionOS 2.4.1, iOS and iPadOS 18.4.1, and macOS Sequoia 15.4.1. It was reported that this vulnerability may have been exploited in targeted attacks against specific individuals.

CVE-2025-31201 is a vulnerability in RPAC (Return Pointer Authentication Code), a security feature designed to prevent return-oriented programming attacks. The vulnerability allows an attacker with arbitrary read and write capabilities to bypass Pointer Authentication. Apple addressed this issue by removing the vulnerable code in tvOS 18.4.1, visionOS 2.4.1, iOS 18.4.1 and iPadOS 18.4.1, and macOS Sequoia 15.4.1. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS.

CVE-2025-30406 is a vulnerability affecting Gladinet CentreStack, a cloud-based enterprise file-sharing platform. It stems from the use of a hard-coded cryptographic key within the application's web configuration files (web.config). This key is used for ViewState integrity verification. Successful exploitation of this flaw allows an attacker to forge ViewState payloads. This enables server-side deserialization, ultimately leading to remote code execution. The vulnerability is classified as CWE-321, which highlights the risks associated with using hard-coded cryptographic keys.

CVE-2025-21204 is a vulnerability in the Windows Update Stack. It stems from improper link resolution before file access, specifically a flaw known as "link following." This vulnerability allows an authorized attacker to elevate their privileges locally on a system.

CVE-2025-33028 is a Mark-of-the-Web (MotW) bypass vulnerability in WinZip (up to version 29.0 or 76.9, depending on the source). It stems from an incomplete fix for CVE-2024-8811. The vulnerability allows attackers to craft malicious archives that, when opened with WinZip, cause extracted files to lose the MotW tag. This tag is a Windows security feature that flags files downloaded from the internet, prompting a security warning before execution, especially for files containing macros or executables. Because WinZip strips the MotW tag, extracted malicious files are treated as trusted, local files. This allows malicious code within those files, such as macro-enabled Office documents or scripts, to execute without triggering the usual security alerts. An attacker could then execute arbitrary code within the context of the current user, potentially leading to malware installation, privilege escalation, or sensitive information disclosure. User interaction is required to exploit this vulnerability, as the target must open a malicious archive.