CVE Trends

CVE-2025-21204 is a vulnerability in the Windows Update Stack. It stems from improper link resolution before file access, specifically a flaw known as "link following." This vulnerability allows an authorized attacker to elevate their privileges locally on a system.

CVE-2024-50264 is a vulnerability in the Linux kernel, specifically within the vsock/virtio subsystem. It arises from a dangling pointer issue during loopback communication. A dangling pointer can be created in `vsk->trans`, potentially leading to a Use-After-Free condition. The vulnerability occurs because the `vsk->trans` pointer is not properly initialized. The fix involves initializing `vsk->trans` to NULL, which prevents the use of the dangling pointer and resolves the Use-After-Free condition.

CVE-2025-22457 is a stack-based buffer overflow vulnerability affecting Ivanti Connect Secure, Ivanti Policy Secure, and Ivanti ZTA Gateways. It allows a remote, unauthenticated attacker to execute arbitrary code on the target device. The vulnerability is triggered by network access to the impacted appliances. Exploitation of CVE-2025-22457 has been observed in the wild, with attackers using a shell script dropper to inject the BRUSHFIRE passive backdoor into a running web process.

CVE-2025-0282 is a stack-based buffer overflow vulnerability that affects several Ivanti network appliances, including Ivanti Connect Secure (versions prior to 22.7R2.5), Ivanti Policy Secure (versions prior to 22.7R1.2), and Ivanti Neurons for ZTA gateways (versions prior to 22.7R2.3). This vulnerability allows a remote, unauthenticated attacker to execute arbitrary code on affected systems. Exploitation of this vulnerability was first observed in mid-December 2024, and Ivanti disclosed the vulnerability on January 8, 2025. The vulnerability has been added to CISA's Known Exploited Vulnerabilities catalog. It appears the vulnerability is related to the handling of IFT (IF-T) connections.

CVE-2025-30406 is a vulnerability affecting Gladinet CentreStack, a cloud-based enterprise file-sharing platform. It stems from the use of a hard-coded cryptographic key within the application's web configuration files (web.config). This key is used for ViewState integrity verification. Successful exploitation of this flaw allows an attacker to forge ViewState payloads. This enables server-side deserialization, ultimately leading to remote code execution. The vulnerability is classified as CWE-321, which highlights the risks associated with using hard-coded cryptographic keys.

CVE-2025-32428 is a security vulnerability found in Jupyter Remote Desktop Proxy, a Jupyter extension that allows users to run a Linux desktop within a Jupyter notebook. The vulnerability occurs when the extension is used with TigerVNC. The problem is that when configured with TigerVNC, the VNC server inadvertently opens a TCP network port, allowing external network access, even though it was intended to be restricted to a UNIX socket accessible only to the current user. This vulnerability does not affect users who use TurboVNC.

CVE-2023-4966 is a vulnerability that allows unauthorized disclosure of sensitive information in Citrix NetScaler ADC and NetScaler Gateway appliances. When these appliances are configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server, a buffer overflow flaw can be exploited to leak sensitive data. This vulnerability allows attackers to read sections of memory beyond the intended buffer, potentially exposing session tokens and enabling impersonation of legitimate users. Exploitation has been observed in the wild, with some attackers using it to bypass multi-factor authentication and hijack user sessions. This vulnerability affects specific versions of NetScaler ADC and NetScaler Gateway, including versions 14.1 before 14.1-8.50, 13.1 before 13.1-49.15, and 13.0 before 13.0-92.19. Citrix-managed cloud services and Citrix-managed Adaptive Authentication are not affected. The vulnerability was publicly disclosed by Citrix on October 10, 2023, and has since been added to CISA's Known Exploited Vulnerabilities Catalog due to observed exploitation.

CVE-2024-56406 is a heap buffer overflow vulnerability found in Perl. It affects release branches 5.34, 5.36, 5.38, and 5.40, including development versions from 5.33.1 through 5.41.10. The vulnerability occurs in the `S_do_trans_invmap` function when the left-hand side of the `tr` operator contains non-ASCII bytes. This can cause the destination pointer `d` to overflow. Applying updates to version 5.38.4 or 5.40.2 eliminates this vulnerability.

CVE-2024-7971 is a type confusion vulnerability found in the V8 JavaScript and WebAssembly engine within Google Chrome versions prior to 128.0.6613.84. This flaw allows a remote attacker to potentially exploit heap corruption through a crafted HTML page. The vulnerability stems from the Liftoff compiler's handling of loop structures during WebAssembly (WASM) JIT compilation, where it doesn't enforce strict type checks, potentially leading to memory corruption. It has been reported that this vulnerability has been exploited in the wild.