CVE Trends

CVE-2025-20188 is a vulnerability in the Out-of-Band Access Point (AP) Image Download feature of Cisco IOS XE Software for Wireless LAN Controllers (WLCs). It could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system. The vulnerability exists because of a hard-coded JSON Web Token (JWT) on an affected system. An attacker could exploit this vulnerability by sending crafted HTTPS requests to the AP image download interface. A successful exploit could allow the attacker to upload files, perform path traversal, and execute arbitrary commands with root privileges. The Out-of-Band AP Image Download feature must be enabled on the device for a successful exploit.

CVE-2025-3248 is a code injection vulnerability that affects Langflow versions prior to 1.3.0. It exists in the `/api/v1/validate/code` endpoint, where a remote, unauthenticated attacker can send crafted HTTP requests to execute arbitrary code on the server. This vulnerability allows attackers to gain control of vulnerable Langflow servers without needing authentication. To remediate this vulnerability, users are advised to upgrade to Langflow version 1.3.0 or restrict network access to the application.

CVE-2024-21413 is a critical remote code execution (RCE) vulnerability affecting Microsoft Outlook. It is classified as an "Improper Input Validation Vulnerability". The vulnerability arises from how Outlook processes certain URLs, especially those using the file:// protocol and crafted URL structures. This "MonikerLink" bug allows attackers to bypass the Office Protected View feature and execute arbitrary code on a victim's machine, potentially leading to system compromise, data exfiltration, or malware installation. This can be achieved by sending a malicious email, and in some cases, simply previewing the email is enough to trigger the exploit.

CVE-2025-22873 refers to a vulnerability in the tokenizer that incorrectly interprets tags. Specifically, it affects tags with unquoted attribute values ending with a solidus character (/). This can lead to the tags being incorrectly marked as self-closing. When using the Parse functions, content following such tags might be placed in the wrong scope during DOM construction. However, this only occurs when the tags are in foreign content contexts such as `<math>` or `<svg>`.

CVE-2025-29824 is a use-after-free vulnerability in the Windows Common Log File System (CLFS) driver. Successful exploitation of this vulnerability allows an attacker to elevate their privileges to SYSTEM, meaning they can gain complete control over the affected system. This vulnerability has been exploited in the wild as a zero-day, meaning attackers were actively using it before a patch was available. It has been associated with ransomware attacks, where attackers use the elevated privileges to deploy ransomware. The vulnerability was addressed in Microsoft's April 2025 Patch Tuesday update.

CVE-2025-27363 is a vulnerability found in FreeType versions 2.13.0 and below. It occurs when parsing font subglyph structures related to TrueType GX and variable font files. The issue stems from assigning a signed short value to an unsigned long, followed by adding a static value. This causes a wrap-around, resulting in a heap buffer that is too small being allocated. The vulnerability allows writing up to 6 signed long integers out of bounds relative to the undersized buffer. This out-of-bounds write can potentially lead to arbitrary code execution. It has been reported that this vulnerability may have been exploited in the wild.

CVE-2025-34028 is a vulnerability in Commvault Command Center Innovation Release that allows an unauthenticated attacker to upload ZIP files. This path traversal vulnerability can lead to remote code execution when the server expands these files. The vulnerability affects Command Center Innovation Release versions 11.38.0 through 11.38.19 and has been patched in version 11.38.20. The vulnerability exists in the "deployWebpackage.do" and "deployServiceCommcell.do" endpoints, which are excluded from authentication requirements. An attacker can exploit this by sending an HTTP request to these endpoints, triggering a Server-Side Request Forgery (SSRF) vulnerability. This allows the attacker to force the Commvault server to download a ZIP file from an external server, use path traversal to place files in restricted directories, and ultimately execute malicious code via the web interface.

CVE-2025-46731 is a potential remote code execution vulnerability found in Craft CMS. The vulnerability exists in versions of Craft CMS on the 4.x branch prior to 4.14.13 and on the 5.x branch prior to 5.6.16. It is related to Twig Server-Side Template Injection (SSTI). To exploit this vulnerability, an attacker must have administrator access and the `ALLOW_ADMIN_CHANGES` setting must be enabled. Users are advised to update to patched versions 4.14.13 or 5.6.15 to mitigate the issue.

CVE-2025-24132 is a stack-based buffer overflow vulnerability that exists in Apple's AirPlay SDK. Successful exploitation could allow a local attacker to perform zero-click remote code execution on vulnerable AirPlay SDK devices. It can also potentially lead to sensitive information disclosure through eavesdropping on devices with microphones. The vulnerability can be triggered by sending malformed pairing packets over TCP port 7000. It affects AirPlay audio SDK, AirPlay video SDK, and CarPlay Communication Plug-in. Updates have been released to address this issue in AirPlay audio SDK 2.7.1, AirPlay video SDK 3.6.0.126, and CarPlay Communication Plug-in R18.1.

CVE-2025-24252 is a use-after-free (UAF) vulnerability in Apple's AirPlay protocol. It stems from a memory management issue. A successful exploit could allow a remote attacker to execute arbitrary code. This vulnerability is part of a set of vulnerabilities known as "AirBorne". When CVE-2025-24252 is combined with CVE-2025-24206 (an authentication bypass vulnerability), it can lead to zero-click remote code execution (RCE) on vulnerable devices within the same network. This combination allows an attacker to execute code remotely on MacOS devices. It has been fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, and visionOS 2.4.