CVE Trends

CVE-2025-26465 is a vulnerability in the OpenSSH client that can allow a man-in-the-middle (MitM) attack when the `VerifyHostKeyDNS` option is enabled. This option allows the client to verify the server's identity against DNS records. Due to a logic error in how the server's identity is verified when memory allocation errors occur, an attacker can potentially bypass these checks and impersonate the intended server. This could lead to the theft of sensitive information, such as credentials. While the `VerifyHostKeyDNS` option is currently disabled by default, it was previously enabled by default in certain environments like FreeBSD between September 2013 and March 2023. Administrators are encouraged to review their configurations to ensure this option is not enabled unless specifically required. The vulnerability has existed since late 2014 and highlights the importance of regularly reviewing and updating security configurations.

CVE-2024-53704 is an authentication bypass vulnerability found in the SSL VPN component of SonicWall firewalls running the SonicOS operating system. This flaw allows unauthorized remote attackers to bypass the authentication mechanism and gain access to the network. The vulnerability exists due to improper authentication within the SSLVPN component. Exploitation attempts targeting this vulnerability began shortly after the public release of proof-of-concept exploit code on February 10, 2025. Patches for CVE-2024-53704 have been available since January 7, 2024. Federal Civilian Executive Branch agencies are mandated to address this vulnerability by March 11, 2025.

CVE-2025-0108 is an authentication bypass vulnerability found in the web management interface of Palo Alto Networks' PAN-OS firewall software. This vulnerability allows unauthenticated network access to bypass authentication and execute certain PHP scripts on affected devices. While this flaw doesn't directly permit remote code execution, it can compromise the integrity and confidentiality of the PAN-OS system. This vulnerability has been actively exploited in the wild.

CVE-2024-12511 is a vulnerability related to improper privilege management in certain Xerox printer models. By accessing the user address book configuration, an attacker can modify the IP address of the SMB or FTP server. This modification redirects file scan operations to a server controlled by the attacker, potentially leading to the capture of SMB or FTP credentials. This attack requires that the scanning functionality is enabled on the printer and that the attacker has access to the printer's address book settings. It's important to note that this vulnerability leverages the trust placed in the printer's address book settings to redirect credentials to a malicious server.

CVE-2024-12510 describes a vulnerability where, if Lightweight Directory Access Protocol (LDAP) settings are accessed by an attacker, authentication could be redirected to a server controlled by the attacker. This redirection could potentially expose user credentials, allowing the attacker to intercept and compromise them. This vulnerability requires the attacker to have administrative access to the LDAP settings. Successful exploitation could lead to unauthorized access to systems and data, possibly enabling further compromise of the network. As of February 18, 2025, there is no evidence of a public exploit or known instances of this vulnerability being exploited.

CVE-2024-12754 is a vulnerability found in the AnyDesk remote administration software. It allows local attackers to escalate their privileges on affected Windows systems. The vulnerability exists due to how the AnyDesk service manages background images during remote sessions. More specifically, the service copies the user's background image to the `C:\Windows\Temp` directory with `NT AUTHORITY\SYSTEM` privileges, which can be exploited by an attacker. By manipulating this process, for example, by using a junction, an attacker who can run low-privileged code on the system can potentially read arbitrary files. This could lead to the disclosure of sensitive information, such as stored credentials, which could be used for further compromise. The vulnerability has been patched in AnyDesk version 9.0.1.

CVE-2025-26615 is a path traversal vulnerability found in WeGIA, an open-source web management application primarily used by Portuguese-speaking institutions. The vulnerability exists in the `examples.php` endpoint, allowing attackers to potentially access the `config.php` file. This file contains sensitive information, including database credentials, which could be leveraged for unauthorized access. The vulnerability has been addressed in WeGIA version 3.2.14. Users are strongly encouraged to update to this version to mitigate the risk. Currently, there are no known workarounds for this vulnerability other than upgrading to the patched version.

CVE-2025-26617 is a SQL injection vulnerability found in the WeGIA web application, an open-source web manager for institutions. Specifically, the vulnerability exists in the `historico_paciente.php` endpoint. Successful exploitation allows attackers to execute arbitrary SQL queries. This could lead to unauthorized access to sensitive data managed by the application. The vulnerability has been addressed in WeGIA version 3.2.14. Users are strongly encouraged to update to this version to mitigate the risk.

CVE-2025-1094 is an SQL injection vulnerability found in PostgreSQL's interactive tool, `psql`, and the `libpq` functions. The vulnerability allows attackers to inject malicious SQL code due to improper handling of escaped characters, specifically invalid UTF-8 characters within the PostgreSQL string escaping routines. This can lead to arbitrary code execution by leveraging `psql`'s ability to run meta-commands, potentially granting attackers control over the underlying operating system. This vulnerability affects PostgreSQL versions prior to 17.3, 16.7, 15.11, 14.16, and 13.19. It was discovered by Rapid7 during their research into CVE-2024-12356, a remote code execution vulnerability in BeyondTrust products. Exploitation of CVE-2024-12356 reportedly required the exploitation of CVE-2025-1094. PostgreSQL users are advised to update to the latest versions to mitigate this vulnerability. The functions affected in the `libpq` library include `PQescapeLiteral()`, `PQescapeIdentifier()`, `PQescapeString()`, and `PQescapeStringConn()`.