CVE Trends
BetaUpdated an hour ago
FeedsTop 10 CVEs trending on social media within the last 24 hours.
When the Hypemeter is low, rankings become less reliable due to limited online discussion.Trending
Hype score
Published
Description
Last 24 hours
- show more detail1CVE-2024-12754
medium 5.5
23
Dec 30, 2024
CVE-2024-12754 is a vulnerability found in the AnyDesk remote administration software. It allows local attackers to escalate their privileges on affected Windows systems. The vulnerability exists due to how the AnyDesk service manages background images during remote sessions. More specifically, the service copies the user's background image to the `C:\Windows\Temp` directory with `NT AUTHORITY\SYSTEM` privileges, which can be exploited by an attacker. By manipulating this process, for example, by using a junction, an attacker who can run low-privileged code on the system can potentially read arbitrary files. This could lead to the disclosure of sensitive information, such as stored credentials, which could be used for further compromise. The vulnerability has been patched in AnyDesk version 9.0.1.
- show more detail2CVE-2025-25064
critical 9.8
7
Feb 3, 2025
CVE-2025-25064 is an SQL injection vulnerability found in the ZimbraSync Service SOAP endpoint of Zimbra Collaboration. This vulnerability arises from insufficient sanitization of a user-supplied parameter. An attacker who has authenticated to the system can manipulate this parameter to inject arbitrary SQL queries. This manipulation could allow the attacker to retrieve email metadata. Zimbra Collaboration versions 10.0.x before 10.0.12 and 10.1.x before 10.1.4 are affected. Zimbra has addressed this vulnerability and released patches. Users of affected versions are strongly encouraged to update their installations to version 10.0.12 or 10.1.4, respectively, to mitigate the risk. This information is current as of February 10, 2025.
- show more detail3CVE-2024-57968
critical 9.9
5
Feb 3, 2025
CVE-2024-57968 is an unrestricted file upload vulnerability in Advantive VeraCore software prior to version 2024.4.2.1. It allows authenticated remote users to upload files of dangerous types to unintended folders within the application. These folders may then be accessible to other users browsing the web application. The vulnerability specifically involves the `upload.aspx` file. This vulnerability was exploited by the XE Group, a cybercriminal group, to upload web shells, granting them unauthorized access to compromised systems. The fix for this vulnerability is available in VeraCore version 2024.4.2.1 and later. It is recommended to update to the latest version to mitigate this risk.
- show more detail4CVE-2023-31122
high 7.5
5
Oct 23, 2023
Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57.
- show more detail5CVE-2023-43622
high 7.5
4
Oct 23, 2023
An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known "slow loris" attack pattern. This has been fixed in version 2.4.58, so that such connection are terminated properly after the configured connection timeout. This issue affects Apache HTTP Server: from 2.4.55 through 2.4.57. Users are recommended to upgrade to version 2.4.58, which fixes the issue.
- show more detail6CVE-2025-25065
medium 5.3
3
Feb 3, 2025
CVE-2025-25065 is a server-side request forgery (SSRF) vulnerability found in the RSS feed parser of Zimbra Collaboration. This vulnerability affects versions 9.0.0 before Patch 43, 10.0.x before 10.0.12, and 10.1.x before 10.1.4. Successful exploitation could allow unauthorized redirection to internal network endpoints. Zimbra has addressed this vulnerability in versions 9.0.0 Patch 43, 10.0.12, and 10.1.4, strengthening input sanitization and enhancing security. Users of affected Zimbra Collaboration versions are strongly advised to update to the patched versions as soon as possible. As of today, February 10, 2025, this information is current, but may change in the future.
- show more detail7CVE-2025-23369
high 7.6
2
Jan 21, 2025
CVE-2025-23369 refers to a vulnerability discovered in GitHub Enterprise Server. This flaw allows unauthorized internal users to spoof cryptographic signatures. This vulnerability stems from improper verification of these signatures. This vulnerability allows signature spoofing for unauthorized internal users. Exploit code targeting libxml2 vulnerabilities has been developed for this CVE.
- show more detail8
2
Feb 10, 2025
An authorization issue was addressed with improved state management. This issue is fixed in iPadOS 17.7.5, iOS 18.3.1 and iPadOS 18.3.1. A physical attack may disable USB Restricted Mode on a locked device. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.
- show more detail9CVE-2024-21413
critical 9.8
Exploit known
1
Feb 13, 2024
Microsoft Outlook Remote Code Execution Vulnerability
- show more detail10
1
Jan 14, 2025
CVE-2025-21298 is a critical vulnerability in Windows Object Linking and Embedding (OLE) that can lead to remote code execution. This flaw allows attackers to execute code on a victim's machine remotely, without requiring any interaction from the victim (zero-click). Exploitation can be achieved by sending a specially crafted email, often containing a malicious Rich Text Format (RTF) document, to a user of Microsoft Outlook. Simply opening or previewing the email can trigger the vulnerability. The technical root cause lies within the `ole32.dll` file, specifically in the `UtOlePresStmToContentsStm` function. A double-free error in this function, which handles embedded OLE objects within RTF files, allows for memory manipulation, enabling the execution of malicious code. Proof-of-concept exploits demonstrating memory corruption have been publicly released. This vulnerability has a CVSS score of 9.8, highlighting its severity.