CVE Trends

CVE-2024-53197 is a privilege escalation vulnerability found in the USB sub-component of the Linux kernel. It stems from improper handling of the `bNumConfigurations` value in the ALSA USB audio subsystem, which can lead to out-of-bounds memory accesses. This vulnerability could allow an attacker with physical access to the system, through a malicious USB device, to manipulate system memory, potentially escalating privileges or executing arbitrary code. It has been identified as being exploited in targeted attacks, including being part of an exploit chain used to compromise an Android phone in December 2024.

CVE-2025-31115 affects XZ Utils versions 5.3.3alpha to 5.8.0. It is a heap use-after-free bug found in the multithreaded decoder within the liblzma library. This vulnerability can be triggered by invalid input, potentially leading to a crash due to memory corruption. Specifically, the vulnerability occurs in the `lzma_stream_decoder_mt` function. Exploitation could result in "heap use after free and writing to an address based on the null pointer plus an offset," which may allow attackers to corrupt memory and potentially execute arbitrary code. A fix is available in XZ Utils version 5.8.1.

CVE-2025-2704 affects OpenVPN versions 2.6.1 through 2.6.13 when running in server mode with TLS-crypt-v2 enabled. This vulnerability allows remote attackers to cause a denial of service. The denial of service is triggered by corrupting and replaying network packets during the early handshake phase. A patch is available to address this vulnerability, and affected organizations should update their OpenVPN installations.

CVE-2025-2945 is a Remote Code Execution (RCE) vulnerability affecting pgAdmin 4 versions prior to 9.2, specifically impacting the Query Tool and Cloud Deployment modules. The vulnerability stems from the insecure handling of user-supplied parameters in two POST endpoints: `/sqleditor/query_tool/download` and `/cloud/deploy`. In these endpoints, the `query_commited` and `high_availability` parameters are passed directly to Python's `eval()` function without proper sanitization. This allows attackers to inject and execute arbitrary code on the server, potentially leading to complete system compromise.

CVE-2025-22457 is a stack-based buffer overflow vulnerability affecting Ivanti Connect Secure, Ivanti Policy Secure, and Ivanti ZTA Gateways. It allows a remote, unauthenticated attacker to execute arbitrary code on the target device. The vulnerability is triggered by network access to the impacted appliances. Exploitation of CVE-2025-22457 has been observed in the wild, with attackers using a shell script dropper to inject the BRUSHFIRE passive backdoor into a running web process.

CVE-2025-27607 is a vulnerability in the 'python-json-logger' library, a popular Python tool used for creating JSON logs. Between December 30, 2024 and March 4, 2025, the library was susceptible to remote code execution (RCE) due to a missing optional dependency, 'msgspec-python313-pre'. This dependency was not available on the Python Package Index (PyPI), allowing a malicious actor to upload a counterfeit package with the same name. If a user installed 'python-json-logger' with optional dependencies in a Python 3.13.x environment, the malicious package could be installed automatically, potentially giving the attacker RCE capabilities. The vulnerability has been addressed in version 3.3.0 of 'python-json-logger'. Users are urged to update to this or a later version to mitigate the risk.

CVE-2023-22047 is a vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft, specifically affecting versions 8.59 and 8.60. The affected component is the Portal. This vulnerability allows an unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful exploitation can lead to unauthorized access to critical data or complete access to all accessible PeopleSoft Enterprise PeopleTools data.

CVE-2025-24813 is a vulnerability affecting Apache Tomcat versions 9.0.0.M1 through 9.0.98, 10.1.0.M1 through 10.1.34, and 11.0.0.M1 through 11.0.2. It stems from an issue in how Tomcat handles partial PUT requests. Specifically, the vulnerability arises from the use of a temporary file based on user-supplied filenames and paths, where the path separator is replaced by a dot. This can potentially allow unauthorized access to sensitive files, injection of malicious content, or even remote code execution under certain conditions. Exploitation of this vulnerability requires a specific set of circumstances. For information disclosure or content injection, the default servlet must have write access enabled (it's disabled by default), partial PUT support must be enabled (which it is by default), and the target URL for sensitive uploads must be a subdirectory of a public upload URL. The attacker also needs to know the names of the sensitive files being uploaded via partial PUT. For remote code execution, the same conditions apply, with the addition of the application using Tomcat's file-based session persistence in the default location and including a library vulnerable to deserialization attacks.