Vulnerability intelligence

CVE-2025-53892 describes a DOM-based Cross-Site Scripting (XSS) vulnerability found in Vue I18n, an internationalization plugin for Vue.js. The vulnerability arises because the `escapeParameterHtml: true` option, which is designed to prevent HTML/script injection by escaping interpolated parameters, fails to adequately sanitize specific tag-based payloads. This flaw allows for the execution of malicious JavaScript code if an interpolated value containing such a payload is inserted into an HTML context using `v-html`, even when the `escapeParameterHtml` setting is enabled.

CVE-2026-42897 is a spoofing vulnerability impacting on-premises versions of Microsoft Exchange Server, including Exchange Server 2016, 2019, and Subscription Edition. This flaw, identified as an improper neutralization of input during web page generation (cross-site scripting or XSS), specifically affects Outlook Web Access (OWA). An attacker can exploit CVE-2026-42897 by sending a specially crafted email to a user. If the user opens this malicious email in Outlook Web Access, arbitrary JavaScript can be executed within the context of their browser, enabling spoofing over the network. Microsoft has confirmed that this vulnerability is under active exploitation.

CVE-2025-54957 is a buffer overflow vulnerability affecting Dolby Universal Decoder Core (UDC) versions 4.5 through 4.13. The flaw resides within the Dolby Digital Plus (DD+) decoder process and can be triggered by processing specially crafted, malformed DD+ bitstreams. Specifically, an integer overflow occurs during the length calculation when the `evo_priv.c` component parses "Evolution data" from the DD+ bitstream. This results in an undersized buffer being allocated, which then renders subsequent out-of-bounds checks ineffective and leads to an out-of-bounds write condition. Google Project Zero researchers discovered this vulnerability, highlighting its potential for zero-click exploitation on mobile devices, as audio attachments and voice messages are often decoded automatically.

CVE-2026-42897 is a spoofing vulnerability impacting on-premises versions of Microsoft Exchange Server, including Exchange Server 2016, 2019, and Subscription Edition. This flaw, identified as an improper neutralization of input during web page generation (cross-site scripting or XSS), specifically affects Outlook Web Access (OWA). An attacker can exploit CVE-2026-42897 by sending a specially crafted email to a user. If the user opens this malicious email in Outlook Web Access, arbitrary JavaScript can be executed within the context of their browser, enabling spoofing over the network. Microsoft has confirmed that this vulnerability is under active exploitation.

LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.81.16 to before version 1.83.7, a database query used during proxy API key checks mixed the caller-supplied key value into the query text instead of passing it as a separate parameter. An unauthenticated attacker could send a specially crafted Authorization header to any LLM API route (for example POST /chat/completions) and reach this query through the proxy's error-handling path. An attacker could read data from the proxy's database and may be able to modify it, leading to unauthorised access to the proxy and the credentials it manages. This issue has been patched in version 1.83.7.

CVE-2026-31431, dubbed "Copy Fail," is a local privilege escalation (LPE) vulnerability found within the Linux kernel's cryptographic subsystem. Specifically, it stems from a logic flaw in the `algif_aead` module of the `AF_ALG` (userspace crypto API), which leads to improper memory handling during in-place operations. This flaw allows an unprivileged local user to perform a deterministic, controlled 4-byte write into the page cache of any readable file on the system, including setuid binaries. This vulnerability has been present in Linux kernels since 2017 and impacts a wide range of major distributions, including Red Hat, SUSE, Ubuntu, and Amazon Linux. Exploitation is described as reliable, not requiring race conditions or kernel-specific offsets, and can be achieved with a small Python script. The in-memory corruption means the file on disk remains unchanged, and typical on-disk checksums would not detect the modification.