CVE Trends

CVE-2025-27090 pertains to a stored cross-site scripting (XSS) vulnerability found in the Drivr Lite – Google Drive Plugin, impacting versions up to and including 1.0. This vulnerability stems from improper neutralization of user input during web page generation. An attacker could exploit this vulnerability by injecting malicious scripts into the plugin, which would then be stored and executed when other users access the affected pages. This vulnerability allows arbitrary JavaScript code execution in the context of other users interacting with the plugin. Successful exploitation could lead to various attacks, such as session hijacking, cookie theft, or redirection to malicious websites.

CVE-2024-12284 is a vulnerability found in NetScaler Console (formerly NetScaler ADM) and NetScaler Console Agent. It stems from insufficient privilege management, allowing authenticated attackers to execute commands without proper authorization. The vulnerability only affects authenticated users who already possess access to the NetScaler Console. Exploiting this vulnerability allows malicious actors to execute unauthorized commands. Cloud Software Group, having released builds to address this issue on February 18, 2025, recommends using external authentication for NetScaler Console as a security best practice. Upgrading to the latest builds is recommended for users of on-premises NetScaler Console and NetScaler Console Agent. Users of the Citrix-managed NetScaler Console Service do not need to take any action.

CVE-2025-21355 is a vulnerability found in Microsoft Bing. Due to missing authentication for a critical function, unauthorized attackers could execute code remotely over a network. This vulnerability has been categorized as CWE-306, Missing Authentication for Critical Function. Microsoft has addressed this vulnerability. Further details and potential remediation steps can be found on the Microsoft Security Response Center (MSRC) website. As of today, February 20, 2025, this information is current, but the situation may evolve.

CVE-2024-13159 is a credential coercion vulnerability found in Ivanti Endpoint Manager (EPM). It exists within the `GetHashForWildcardRecursive()` method of the `VulCore` class, located in the `WSVulnerabilityCore.dll` file. This method improperly validates user-supplied input, specifically the "wildcard" parameter. This oversight allows attackers to manipulate the wildcard parameter to construct a remote UNC path. Consequently, the EPM server is tricked into reading files from an attacker-specified directory. This vulnerability, along with three others (CVE-2024-10811, CVE-2024-13160, and CVE-2024-13161), can be exploited by unauthenticated attackers to potentially compromise the EPM server. Proof-of-concept exploit code has been publicly released, increasing the risk of attacks. These vulnerabilities were patched by Ivanti in January 2025. Users of affected EPM versions are strongly encouraged to apply the necessary updates.

CVE-2025-24989 is an improper access control vulnerability in Microsoft Power Pages, a low-code platform used to create and manage business websites. Exploitation of this flaw allows unauthorized actors to escalate privileges on the network and bypass user registration controls, potentially granting them access they shouldn't have. Microsoft has addressed this vulnerability at the service level and notified affected customers. Those who haven't received a notification are not considered affected. Microsoft has provided instructions to affected customers on how to check their sites for signs of compromise and steps to take for remediation. This vulnerability has been actively exploited in the wild.

CVE-2025-0108 is an authentication bypass vulnerability found in the web management interface of Palo Alto Networks' PAN-OS firewall software. This vulnerability allows unauthenticated network access to bypass authentication and execute certain PHP scripts on affected devices. While this flaw doesn't directly permit remote code execution, it can compromise the integrity and confidentiality of the PAN-OS system. This vulnerability has been actively exploited in the wild.

CVE-2024-53704 is an authentication bypass vulnerability found in the SSL VPN component of SonicWall firewalls running the SonicOS operating system. This flaw allows unauthorized remote attackers to bypass the authentication mechanism and gain access to the network. The vulnerability exists due to improper authentication within the SSLVPN component. Exploitation attempts targeting this vulnerability began shortly after the public release of proof-of-concept exploit code on February 10, 2025. Patches for CVE-2024-53704 have been available since January 7, 2024. Federal Civilian Executive Branch agencies are mandated to address this vulnerability by March 11, 2025.

CVE-2025-26465 is a vulnerability in the OpenSSH client that can allow a man-in-the-middle (MitM) attack when the `VerifyHostKeyDNS` option is enabled. This option allows the client to verify the server's identity against DNS records. Due to a logic error in how the server's identity is verified when memory allocation errors occur, an attacker can potentially bypass these checks and impersonate the intended server. This could lead to the theft of sensitive information, such as credentials. While the `VerifyHostKeyDNS` option is currently disabled by default, it was previously enabled by default in certain environments like FreeBSD between September 2013 and March 2023. Administrators are encouraged to review their configurations to ensure this option is not enabled unless specifically required. The vulnerability has existed since late 2014 and highlights the importance of regularly reviewing and updating security configurations.