CVE Trends

CVE-2025-24813 is a vulnerability affecting Apache Tomcat versions 9.0.0.M1 through 9.0.98, 10.1.0.M1 through 10.1.34, and 11.0.0.M1 through 11.0.2. It stems from an issue in how Tomcat handles partial PUT requests. Specifically, the vulnerability arises from the use of a temporary file based on user-supplied filenames and paths, where the path separator is replaced by a dot. This can potentially allow unauthorized access to sensitive files, injection of malicious content, or even remote code execution under certain conditions. Exploitation of this vulnerability requires a specific set of circumstances. For information disclosure or content injection, the default servlet must have write access enabled (it's disabled by default), partial PUT support must be enabled (which it is by default), and the target URL for sensitive uploads must be a subdirectory of a public upload URL. The attacker also needs to know the names of the sensitive files being uploaded via partial PUT. For remote code execution, the same conditions apply, with the addition of the application using Tomcat's file-based session persistence in the default location and including a library vulnerable to deserialization attacks.

CVE-2025-1316 is a command injection vulnerability found in Edimax IC-7100 IP cameras. It stems from improper neutralization of special elements within requests, allowing attackers to execute arbitrary code remotely. Exploitation involves crafting specific requests to gain control of the device. While authentication is typically required, attackers exploit the prevalence of default or weak credentials on internet-exposed cameras. Successful exploitation enables attackers to execute shell scripts, often downloading malware like Mirai. The vulnerability affects all versions of the IC-7100 and was reported to the vendor in October 2024. However, as of March 2025, no patch is available, and the vendor has been unresponsive to disclosure attempts, citing the product's end-of-life status. Multiple Mirai-based botnets are actively exploiting this vulnerability.

CVE-2024-13918 is a reflected cross-site scripting (XSS) vulnerability affecting the Laravel framework, specifically versions between 11.9.0 and 11.35.1. This vulnerability stems from the improper encoding of request parameters within the debug-mode error page. An attacker could exploit this by injecting malicious code into a website, which is then reflected back to the user's browser. If a user clicks a malicious link containing this injected code, their browser could execute it, potentially allowing the attacker to steal sensitive information like cookies or session tokens, or even take control of the user's account. A patch has been released in version 11.36.0 to address this vulnerability.

CVE-2025-24071 involves the exposure of sensitive information in Windows File Explorer, potentially allowing an attacker to perform spoofing over a network. This vulnerability arises from how Windows Explorer handles specially crafted .library-ms files within RAR/ZIP archives. When such an archive is extracted, Windows Explorer automatically parses the .library-ms file due to its indexing and preview mechanisms. If the .library-ms file contains a SimpleLocation tag pointing to an attacker-controlled SMB server, Windows Explorer attempts to resolve this path, triggering an NTLM authentication handshake and potentially sending the victim's NTLMv2 hash without explicit user interaction. This implicit trust and automatic processing of certain file types upon extraction can be exploited to leak credentials.

CVE-2024-57040 is a vulnerability found in TP-Link TL-WR845N routers. Specifically, it affects version 4 firmware releases, including versions 200909 and 190219. The vulnerability stems from a hardcoded password for the root account being present within the router's firmware. This hardcoded password can be obtained through methods such as a brute-force attack. If successful, an attacker could gain unauthorized root-level access to the device, potentially leading to a compromise of the entire system and the ability to intercept network traffic.

CVE-2024-13919 is a reflected cross-site scripting (XSS) vulnerability affecting the Laravel framework, specifically versions 11.9.0 through 11.35.1. It stems from the improper encoding of route parameters within the debug-mode error page. When Laravel's debug mode is enabled, detailed error messages are displayed, including the values of request and route parameters. If these values are not properly encoded, an attacker can inject malicious code, which is then reflected back to the user's browser, potentially leading to the execution of arbitrary JavaScript code. To exploit this, an attacker would need to trick a user into clicking a malicious link containing a crafted payload.

CVE-2024-6382 is a vulnerability affecting the MongoDB Rust Driver. Specifically, versions 2.0 prior to 2.8.2 are affected. The vulnerability stems from the incorrect handling of certain string inputs, which can lead the driver to construct unintended server commands. This mishandling of string inputs may result in unexpected application behavior. The vulnerability can be exploited over a network connection and requires minimal skill to exploit. To mitigate this vulnerability, it is recommended to upgrade to version 2.8.2 or later of the MongoDB Rust Driver.

CVE-2025-24016 is a critical remote code execution (RCE) vulnerability found in the Wazuh security platform, versions 4.4.0 through 4.9.0. It allows attackers to execute arbitrary code on affected Wazuh servers. The vulnerability arises from unsafe deserialization of DistributedAPI (DAPI) parameters. These parameters are serialized as JSON and then deserialized using the `as_wazuh_object` function. Attackers can exploit this by injecting a malicious, unsanitized dictionary into a DAPI request or response, leading to the execution of arbitrary Python code. This vulnerability can be exploited by anyone with API access, potentially including compromised dashboards, other Wazuh servers within a cluster, or even compromised agents, depending on the configuration. Wazuh has addressed this vulnerability in version 4.9.1. Users are strongly encouraged to update to this version to mitigate the risk of exploitation.

CVE-2024-36904 is a use-after-free vulnerability found in the Linux kernel's TCP protocol. It stems from a race condition that can occur during connection to a socket, specifically within the `tcp_twsk_unique()` function. The vulnerability arises because the `sk_refcnt` (socket reference count) of a TIME-WAIT socket can be set after the socket is placed in the ehash and the bucket lock is released. This creates a small window where other threads might attempt to reuse the port during a connect operation and call `sock_hold()` on the TIME-WAIT socket, potentially when its reference count is zero. If this happens, the reference count taken by `tcp_twsk_unique()` can be overwritten, leading to an underflow when `sock_put()` is called later, triggering a use-after-free condition. The fix involves using `refcount_inc_not_zero()` in `tcp_twsk_unique()` to avoid reusing the port if the reference count is not greater than zero.