CVE Trends

CVE-2025-32433 is a vulnerability found in the Erlang/OTP SSH server. It stems from a flaw in the SSH protocol message handling, which allows an attacker with network access to execute arbitrary code on the server without authentication. Specifically, the vulnerability enables a malicious actor to send connection protocol messages before authentication takes place. Successful exploitation could lead to full compromise of the host, unauthorized access, manipulation of sensitive data, or denial-of-service attacks.

CVE-2024-27876 is a race condition vulnerability that affects multiple Apple operating systems. It resides in the Archive Handler component of visionOS, but also impacts macOS Ventura, iOS, iPadOS, macOS Sonoma, and macOS Sequoia. The vulnerability occurs when unpacking a maliciously crafted archive, potentially allowing an attacker to write arbitrary files. This issue was resolved through improved locking mechanisms in the patched versions of the operating systems.

CVE-2024-10442 is an off-by-one error vulnerability found in the transmission component of Synology Replication Service and Synology Unified Controller (DSMUC). This vulnerability affects Synology Replication Service versions before 1.0.12-0066, 1.2.2-0353, and 1.3.0-0423, as well as Synology Unified Controller (DSMUC) versions before 3.1.4-23079. The flaw allows unauthenticated remote attackers to potentially execute arbitrary code on affected systems. This is due to improper bounds checking, which could permit an attacker to write data beyond the allocated buffer by sending a specially crafted input.

CVE-2025-42599 is a stack-based buffer overflow vulnerability found in Active! mail 6 BuildInfo version 6.60.05008561 and earlier. This vulnerability can be exploited by a remote, unauthenticated attacker sending a specially crafted request. Successful exploitation could lead to arbitrary code execution or a denial-of-service (DoS) condition.

CVE-2025-27158 is an Access of Uninitialized Pointer vulnerability affecting Adobe Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428, and earlier. The vulnerability can lead to arbitrary code execution within the context of the current user. Exploitation of this vulnerability requires user interaction, specifically, a victim must open a maliciously crafted file. An attacker could exploit this to execute arbitrary code within the application by enticing a user to open a specially crafted PDF file.

CVE-2025-34028 is a vulnerability in Commvault Command Center Innovation Release that allows an unauthenticated attacker to upload ZIP files. This path traversal vulnerability can lead to remote code execution when the server expands these files. The vulnerability affects Command Center Innovation Release versions 11.38.0 through 11.38.19 and has been patched in version 11.38.20. The vulnerability exists in the "deployWebpackage.do" and "deployServiceCommcell.do" endpoints, which are excluded from authentication requirements. An attacker can exploit this by sending an HTTP request to these endpoints, triggering a Server-Side Request Forgery (SSRF) vulnerability. This allows the attacker to force the Commvault server to download a ZIP file from an external server, use path traversal to place files in restricted directories, and ultimately execute malicious code via the web interface.

CVE-2025-30406 is a vulnerability affecting Gladinet CentreStack, a cloud-based enterprise file-sharing platform. It stems from the use of a hard-coded cryptographic key within the application's web configuration files (web.config). This key is used for ViewState integrity verification. Successful exploitation of this flaw allows an attacker to forge ViewState payloads. This enables server-side deserialization, ultimately leading to remote code execution. The vulnerability is classified as CWE-321, which highlights the risks associated with using hard-coded cryptographic keys.

CVE-2025-31201 is a vulnerability in RPAC (Return Pointer Authentication Code), a security feature designed to prevent return-oriented programming attacks. The vulnerability allows an attacker with arbitrary read and write capabilities to bypass Pointer Authentication. Apple addressed this issue by removing the vulnerable code in tvOS 18.4.1, visionOS 2.4.1, iOS 18.4.1 and iPadOS 18.4.1, and macOS Sequoia 15.4.1. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS.

CVE-2025-21204 is a vulnerability in the Windows Update Stack. It stems from improper link resolution before file access, specifically a flaw known as "link following." This vulnerability allows an authorized attacker to elevate their privileges locally on a system.

CVE-2025-24054 is a vulnerability in Windows NTLM that involves external control of the file name or path, potentially allowing an unauthorized attacker to perform spoofing over a network. The vulnerability can be exploited using a maliciously crafted .library-ms file. Active exploitation of CVE-2025-24054 has been observed in the wild since March 19, 2025. Attackers can potentially leak NTLM hashes or user passwords, compromising systems. Exploitation can be triggered with minimal user interaction, such as right-clicking, dragging and dropping, or simply navigating to a folder containing the malicious file.