CVE Trends

CVE-2025-21204 is a vulnerability in the Windows Update Stack. It stems from improper link resolution before file access, specifically a flaw known as "link following." This vulnerability allows an authorized attacker to elevate their privileges locally on a system.

CVE-2024-56406 is a heap buffer overflow vulnerability found in Perl. It affects release branches 5.34, 5.36, 5.38, and 5.40, including development versions from 5.33.1 through 5.41.10. The vulnerability occurs in the `S_do_trans_invmap` function when the left-hand side of the `tr` operator contains non-ASCII bytes. This can cause the destination pointer `d` to overflow. Applying updates to version 5.38.4 or 5.40.2 eliminates this vulnerability.

CVE-2025-22457 is a stack-based buffer overflow vulnerability affecting Ivanti Connect Secure, Ivanti Policy Secure, and Ivanti ZTA Gateways. It allows a remote, unauthenticated attacker to execute arbitrary code on the target device. The vulnerability is triggered by network access to the impacted appliances. Exploitation of CVE-2025-22457 has been observed in the wild, with attackers using a shell script dropper to inject the BRUSHFIRE passive backdoor into a running web process.

CVE-2025-0282 is a stack-based buffer overflow vulnerability that affects several Ivanti network appliances, including Ivanti Connect Secure (versions prior to 22.7R2.5), Ivanti Policy Secure (versions prior to 22.7R1.2), and Ivanti Neurons for ZTA gateways (versions prior to 22.7R2.3). This vulnerability allows a remote, unauthenticated attacker to execute arbitrary code on affected systems. Exploitation of this vulnerability was first observed in mid-December 2024, and Ivanti disclosed the vulnerability on January 8, 2025. The vulnerability has been added to CISA's Known Exploited Vulnerabilities catalog. It appears the vulnerability is related to the handling of IFT (IF-T) connections.

CVE-2025-30406 is a vulnerability affecting Gladinet CentreStack, a cloud-based enterprise file-sharing platform. It stems from the use of a hard-coded cryptographic key within the application's web configuration files (web.config). This key is used for ViewState integrity verification. Successful exploitation of this flaw allows an attacker to forge ViewState payloads. This enables server-side deserialization, ultimately leading to remote code execution. The vulnerability is classified as CWE-321, which highlights the risks associated with using hard-coded cryptographic keys.

CVE-2025-32428 is a security vulnerability found in Jupyter Remote Desktop Proxy, a Jupyter extension that allows users to run a Linux desktop within a Jupyter notebook. The vulnerability occurs when the extension is used with TigerVNC. The problem is that when configured with TigerVNC, the VNC server inadvertently opens a TCP network port, allowing external network access, even though it was intended to be restricted to a UNIX socket accessible only to the current user. This vulnerability does not affect users who use TurboVNC.

CVE-2023-4966 is a vulnerability that allows unauthorized disclosure of sensitive information in Citrix NetScaler ADC and NetScaler Gateway appliances. When these appliances are configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server, a buffer overflow flaw can be exploited to leak sensitive data. This vulnerability allows attackers to read sections of memory beyond the intended buffer, potentially exposing session tokens and enabling impersonation of legitimate users. Exploitation has been observed in the wild, with some attackers using it to bypass multi-factor authentication and hijack user sessions. This vulnerability affects specific versions of NetScaler ADC and NetScaler Gateway, including versions 14.1 before 14.1-8.50, 13.1 before 13.1-49.15, and 13.0 before 13.0-92.19. Citrix-managed cloud services and Citrix-managed Adaptive Authentication are not affected. The vulnerability was publicly disclosed by Citrix on October 10, 2023, and has since been added to CISA's Known Exploited Vulnerabilities Catalog due to observed exploitation.

CVE-2023-46818 is a vulnerability affecting ISPConfig versions before 3.2.11p1. It involves PHP code injection within the language file editor. The vulnerability can be exploited by an admin user when the `admin_allow_langedit` setting is enabled, allowing them to inject arbitrary PHP code.

CVE-2025-32896 affects Apache SeaTunnel, a distributed data integration platform. Specifically, versions 2.3.1 through 2.3.10 are vulnerable. The vulnerability stems from unauthenticated access to the `/hazelcast/rest/maps/submit-job` REST API endpoint. Attackers can exploit this vulnerability by injecting malicious parameters into a MySQL connection URL via the REST API. This allows for arbitrary file read and deserialization attacks. To mitigate this issue, users are advised to upgrade to version 2.3.11 and enable restful API-v2 along with two-way HTTPS authentication.

CVE-2024-7971 is a type confusion vulnerability found in the V8 JavaScript and WebAssembly engine within Google Chrome versions prior to 128.0.6613.84. This flaw allows a remote attacker to potentially exploit heap corruption through a crafted HTML page. The vulnerability stems from the Liftoff compiler's handling of loop structures during WebAssembly (WASM) JIT compilation, where it doesn't enforce strict type checks, potentially leading to memory corruption. It has been reported that this vulnerability has been exploited in the wild.