CVE Trends

CVE-2024-38475 involves improper output escaping in the `mod_rewrite` module of the Apache HTTP Server, specifically in versions 2.4.59 and earlier. This flaw allows an attacker to map URLs to filesystem locations that the server is permitted to serve but are not intended to be directly accessible. This vulnerability can lead to code execution or source code disclosure. The issue arises when substitutions in the server context use backreferences or variables as the initial segment of the substitution. While the fix might break some existing RewriteRules, the "UnsafePrefixStat" flag can be used to revert to the previous behavior if the substitution is appropriately constrained.

CVE-2023-44221 is a command injection vulnerability found in the SMA100 SSL-VPN management interface. It allows a remote, authenticated attacker with administrative privileges to inject arbitrary commands. These commands are executed as the "nobody" user, potentially leading to OS command injection. This vulnerability exists due to improper neutralization of special elements within the SMA100 SSL-VPN management interface. It is often exploited in conjunction with other vulnerabilities, such as CVE-2024-38475, to bypass authentication and gain administrative control over affected systems.

CVE-2025-29927 is an authorization bypass vulnerability affecting Next.js, a React framework. It stems from the improper handling of the `x-middleware-subrequest` header. By exploiting this vulnerability, attackers can bypass authorization checks implemented in Next.js middleware. This flaw allows attackers to skip running the middleware, potentially allowing requests to bypass critical checks like authorization cookie validation before reaching routes. Self-hosted Next.js applications using Middleware are affected, specifically those relying on it for authentication or security checks. The vulnerability is fixed in Next.js versions 14.2.25 and 15.2.3.

CVE-2025-31191 is a vulnerability that affects multiple Apple operating systems, including macOS Ventura, tvOS, iOS, iPadOS, macOS Sequoia, and macOS Sonoma. It involves an issue where an app may be able to access sensitive user data due to state management issues. The vulnerability was addressed by Apple through improved state management in the security updates released on March 31, 2025. It was discovered that the exploit could allow an attacker to delete and replace a keychain entry used to sign security-scoped bookmarks to ultimately escape the App Sandbox without user interaction.

CVE-2025-3928 is an unspecified vulnerability in the Commvault Web Server. It allows a remote, authenticated attacker to create and execute webshells on the affected server. The vulnerability can be exploited by any authenticated remote user, without requiring administrative privileges. CISA has added CVE-2025-3928 to its Known Exploited Vulnerabilities (KEV) catalog and recommends applying available vendor mitigations. Patches are available for Windows and Linux platforms in versions 11.36.46, 11.32.89, 11.28.141, and 11.20.217.

CVE-2024-10442 is an off-by-one error vulnerability found in the transmission component of Synology Replication Service and Synology Unified Controller (DSMUC). This vulnerability affects Synology Replication Service versions before 1.0.12-0066, 1.2.2-0353, and 1.3.0-0423, as well as Synology Unified Controller (DSMUC) versions before 3.1.4-23079. The flaw allows unauthenticated remote attackers to potentially execute arbitrary code on affected systems. This is due to improper bounds checking, which could permit an attacker to write data beyond the allocated buffer by sending a specially crafted input.

CVE-2025-31650 is an improper input validation vulnerability in Apache Tomcat. The vulnerability arises from incorrect error handling of invalid HTTP priority headers, leading to incomplete cleanup of failed requests and a memory leak. By sending a large number of requests with malformed HTTP priority headers, an attacker can trigger an OutOfMemoryException, resulting in a denial-of-service (DoS) condition. This affects Apache Tomcat versions 9.0.76 through 9.0.102, 10.1.10 through 10.1.39, and 11.0.0-M2 through 11.0.5. Users are advised to upgrade to versions 9.0.104, 10.1.40, or 11.0.6 to mitigate the risk.

CVE-2025-2783 is a vulnerability in Google Chrome specifically affecting Windows users. It is described as an "incorrect handle provided in unspecified circumstances in Mojo on Windows." Mojo is a collection of runtime libraries that facilitates inter-process communication (IPC). This vulnerability allowed attackers to bypass Chrome's sandbox protection. The vulnerability was exploited in the wild as part of a targeted attack dubbed "Operation ForumTroll," which targeted media outlets, educational institutions, and government organizations in Russia. The attack involved phishing emails with malicious links that, when clicked in Chrome, led to immediate infection. The exploit was designed to work with another exploit that enabled remote code execution, although the second exploit was not obtained by researchers. Google has addressed this vulnerability in Chrome version 134.0.6998.177/.178 for Windows.

CVE-2025-23244 affects Progress MOVEit Transfer (SFTP module). It involves an Improper Privilege Management vulnerability. Specifically, users configured as Shared Accounts are susceptible to Privilege Escalation. The issue impacts MOVEit Transfer versions from 2023.1.0 before 2023.1.12, from 2024.0.0 before 2024.0.8, and from 2024.1.0 before 2024.1.2. Additionally, CVE-2025-23244 has been identified in the NVIDIA GPU Display Driver for Linux. This vulnerability could allow an unprivileged attacker to escalate permissions, potentially leading to code execution, denial of service, information disclosure, and data tampering.