CVE Trends

CVE-2024-45332, also known as "Branch Privilege Injection," is a vulnerability affecting Intel CPUs. It stems from a race condition in the branch predictors, specifically the Branch Target Buffer (BTB) and Indirect Branch Predictor (IBP). These predictors, which are designed to optimize CPU performance by speculatively predicting the outcome of branch instructions, are updated asynchronously, leading to a potential security flaw. The vulnerability arises because branch predictor updates can occur during privilege switches, such as from user mode to kernel mode. This creates a window where the update is associated with the incorrect privilege level, potentially allowing a non-privileged user to access sensitive data from privileged processes. An attacker can exploit this by training the CPU to predict a specific branch target and then triggering a system call to execute code in the OS kernel, leading to the leakage of sensitive information like passwords and cryptographic keys.

CVE-2024-46982 is a cache poisoning vulnerability that affects Next.js, a popular React framework for web development. Specifically, versions 13.5.1 through 14.2.9 of Next.js utilizing the pages router with non-dynamic server-side rendered routes are susceptible. An attacker can exploit this vulnerability by sending a specially crafted HTTP request that manipulates the cache of these routes. This manipulation can lead to Next.js caching unintended content, potentially allowing upstream CDNs to also store this incorrect data. The vulnerability is patched in version 13.5.7 and later. This vulnerability allows attackers to potentially inject malicious code or incorrect information into the cache, which could then be served to unsuspecting users. It's important to note that this issue does not affect the app router within Next.js. Developers using affected versions of Next.js are strongly encouraged to update to the latest version to mitigate this vulnerability.

CVE-2025-32421 is a race condition vulnerability affecting the Next.js framework, specifically impacting the Pages Router under certain misconfigurations. This vulnerability can cause normal endpoints to serve `pageProps` data instead of standard HTML. The issue affects Next.js versions prior to 14.2.24 and 15.1.6. The vulnerability can be exploited when an attacker leverages a race condition between two requests: one containing the `?__nextDataRequest=1` query parameter and another with the `x-now-route-matches` header. Some CDN providers might cache a 200 OK response even without explicit cache-control headers, which could lead to a poisoned response being served to subsequent users. The vulnerability was patched in versions 15.1.6 and 14.2.24 by stripping the `x-now-route-matches` header from incoming requests.

CVE-2025-24495 involves an incorrect initialization of resources within the branch prediction unit of certain Intel Core Ultra Processors. This vulnerability could allow a user with local access and authentication to potentially enable information disclosure. The vulnerability stems from improper handling during the initialization phase, which can be exploited by an authenticated user. Successful exploitation could lead to the disclosure of sensitive information.

CVE-2024-28956 involves the exposure of sensitive information in shared microarchitectural structures during transient execution on some Intel processors. An authenticated local user could potentially extract sensitive information by exploiting microarchitectural weaknesses. This vulnerability affects the Linux kernel via cBPF, where direct branches may be predicted. Oracle has released security updates to address this vulnerability.

CVE-2025-30712 is a vulnerability in Oracle VM VirtualBox version 7.1.6, specifically within the Core component. It was discovered by CVR of Google and Juan José López Jaimez of Google and publicly disclosed on April 15, 2025. This vulnerability can be exploited by an attacker with high privileges who has logon access to the infrastructure where Oracle VM VirtualBox is running. Successful exploitation could lead to unauthorized creation, deletion, or modification of critical data, as well as unauthorized access to sensitive information within Oracle VM VirtualBox. Furthermore, it could allow an attacker to cause a partial denial of service (DoS). The scope of this vulnerability is broad, potentially impacting other products beyond VirtualBox. Oracle recommends applying the necessary patches as soon as possible and restricting access to the infrastructure where VirtualBox executes.

CVE-2025-47889 affects the WSO2 Oauth Plugin version 1.0 and earlier for Jenkins. The vulnerability stems from the plugin's security realm accepting authentication claims without proper validation. This lack of validation allows unauthenticated attackers to log in to Jenkins controllers using any username and password, even if those usernames don't actually exist. Successful exploitation could lead to unauthorized access to Jenkins controllers.

CVE-2025-4427 is an authentication bypass vulnerability found in Ivanti Endpoint Manager Mobile (EPMM) version 12.5.0.0 and prior. It exists in the API component of the software. This vulnerability allows attackers to access protected resources without proper credentials via the API.

CVE-2025-4428 is a remote code execution (RCE) vulnerability affecting Ivanti Endpoint Manager Mobile (EPMM). An authenticated attacker could exploit this vulnerability to execute arbitrary code on a vulnerable device. The vulnerability is associated with an open-source library integrated into EPMM. Ivanti released a security advisory on May 13, 2025, to address this vulnerability, along with an authentication bypass vulnerability (CVE-2025-4427). It was found that chaining the two vulnerabilities together could lead to unauthenticated remote code execution. Ivanti is aware of a limited number of customers whose systems have been exploited.

CVE-2025-4664 is a vulnerability affecting Google Chrome's Loader component. The vulnerability stems from insufficient policy enforcement, which allows a remote attacker to potentially leak cross-origin data by using a crafted HTML page. The vulnerability was discovered by security researcher Vsevolod Kokorin (@slonser_) and reported on May 5, 2025. Google has released updates to address this issue in Chrome versions 136.0.7103.113/.114 for Windows and Mac, and 136.0.7103.113 for Linux. It is recommended that users update their Chrome browsers to these versions to mitigate the risk.