Activity

Vulnerability name

Web Distributed Authoring and Versioning (WebDAV) External Control of File Name or Path Vulnerability

Product

Web Distributed Authoring and Versioning Web Distributed Authoring and Versioning (WebDAV)

CVE-2025-33053 is a remote code execution vulnerability affecting the WebDAV client in Microsoft Windows. It stems from insufficient input validation in WebDAV file path handling, allowing an attacker to execute arbitrary code over a network. Successful exploitation requires a user to click on a specially crafted WebDAV URL, potentially leading to unauthorized access to sensitive system resources, compromise of system integrity and confidentiality, or even full control of the affected system. This vulnerability has been actively exploited in the wild.

Vulnerability name

Wazuh Server Deserialization of Untrusted Data Vulnerability

Product

Wazuh Wazuh Server

CVE-2025-24016 is a critical remote code execution (RCE) vulnerability found in the Wazuh security platform, versions 4.4.0 through 4.9.0. It allows attackers to execute arbitrary code on affected Wazuh servers. The vulnerability arises from unsafe deserialization of DistributedAPI (DAPI) parameters. These parameters are serialized as JSON and then deserialized using the `as_wazuh_object` function. Attackers can exploit this by injecting a malicious, unsanitized dictionary into a DAPI request or response, leading to the execution of arbitrary Python code. This vulnerability can be exploited by anyone with API access, potentially including compromised dashboards, other Wazuh servers within a cluster, or even compromised agents, depending on the configuration. Wazuh has addressed this vulnerability in version 4.9.1. Users are strongly encouraged to update to this version to mitigate the risk of exploitation.

Vulnerability name

Erlang Erlang/OTP SSH Server Missing Authentication for Critical Function Vulnerability

Product

Erlang Erlang/OTP

CVE-2025-32433 is a vulnerability found in the Erlang/OTP SSH server. It stems from a flaw in the SSH protocol message handling, which allows an attacker with network access to execute arbitrary code on the server without authentication. Specifically, the vulnerability enables a malicious actor to send connection protocol messages before authentication takes place. Successful exploitation could lead to full compromise of the host, unauthorized access, manipulation of sensitive data, or denial-of-service attacks.

Vulnerability name

RoundCube Webmail Cross-Site Scripting Vulnerability

Product

Roundcube Webmail

CVE-2024-42009 is a Cross-Site Scripting (XSS) vulnerability affecting Roundcube webmail software, specifically versions 1.5.7 and 1.6.x up to 1.6.7. It stems from a flaw in the `message_body()` function within the `program/actions/mail/show.php` file, where a desanitization issue can be exploited. This vulnerability allows a remote attacker to steal and send emails of a victim by sending a specially crafted email message. When a user views this malicious email in Roundcube, the attacker can execute arbitrary JavaScript in the victim's browser, potentially gaining persistent access to exfiltrate emails or steal passwords.

Vulnerability name

Google Chromium V8 Out-of-Bounds Read and Write Vulnerability

Product

Google Chromium V8

CVE-2025-5419 is an out-of-bounds read and write vulnerability found in the V8 JavaScript and WebAssembly engine of Google Chrome. Specifically, it affects Google Chrome versions prior to 137.0.7151.68. According to the NIST's National Vulnerability Database (NVD), this vulnerability could allow a remote attacker to potentially exploit heap corruption through a crafted HTML page. The vulnerability was reported to Google on May 27, 2025, by Clement Lecigne and Benoît Sevens of Google's Threat Analysis Group (TAG). Google has confirmed that an exploit for CVE-2025-5419 exists in the wild and has released a security update to address the issue. A configuration change was pushed to the Stable version of Chrome across all platforms on May 28, 2025, to mitigate the bug.

Vulnerability name

Qualcomm Multiple Chipsets Use-After-Free Vulnerability

Product

Qualcomm Multiple Chipsets

CVE-2025-27038 is a use-after-free vulnerability found in the Graphics component of Qualcomm's Adreno GPU drivers. This vulnerability can lead to memory corruption while rendering graphics, specifically when using the Adreno GPU drivers in Chrome. Qualcomm has released patches for this vulnerability, along with CVE-2025-21479 and CVE-2025-21480, and recommends that OEMs deploy the updates to affected devices as soon as possible. There are indications that CVE-2025-27038 may be under limited, targeted exploitation.

Vulnerability name

Qualcomm Multiple Chipsets Incorrect Authorization Vulnerability

Product

Qualcomm Multiple Chipsets

CVE-2025-21480 is an incorrect authorization vulnerability found in Qualcomm's Adreno GPU driver, specifically within the Graphics component. This flaw can lead to memory corruption due to unauthorized command execution in the GPU microcode when a specific sequence of commands is processed. The vulnerability is one of three zero-day flaws that were actively exploited in targeted attacks. Patches for this issue have been made available to OEMs, with a strong recommendation to deploy the update on affected devices as soon as possible.

Vulnerability name

Qualcomm Multiple Chipsets Incorrect Authorization Vulnerability

Product

Qualcomm Multiple Chipsets

CVE-2025-21479 is an incorrect authorization vulnerability found in the Graphics component of Qualcomm's Adreno GPU driver. This flaw can lead to memory corruption due to unauthorized command execution in the GPU microcode when a specific sequence of commands is processed. Successful exploitation of CVE-2025-21479 could allow attackers to execute unauthorized commands, potentially corrupting system memory. Qualcomm has released patches for this vulnerability and recommends that OEMs deploy the updates to affected devices as soon as possible. There are indications that this vulnerability may be under limited, targeted exploitation.

Vulnerability name

ConnectWise ScreenConnect Improper Authentication Vulnerability

Product

ConnectWise ScreenConnect

CVE-2025-3935 affects ScreenConnect versions 25.2.3 and earlier. It is a ViewState code injection vulnerability in ASP.NET Web Forms. The ViewState feature is used to preserve the state of pages and controls, with data encoded in Base64 and protected by machine keys. If an attacker gains privileged system-level access and compromises these machine keys, they could create and send malicious ViewState data to the website. This could potentially lead to remote code execution on the server. ScreenConnect version 25.2.4 disables ViewState to remove any dependency on it.

Vulnerability name

Craft CMS External Control of Assumed-Immutable Web Parameter Vulnerability

Product

Craft CMS Craft CMS

CVE-2025-35939 affects Craft CMS, where unauthenticated users can store arbitrary content in session files. This is due to the CMS storing return URLs without proper sanitization. When an unauthenticated request is redirected to the login page, Craft CMS generates a session file at `/var/lib/php/sessions` named `sess_[session_value]`, with the session value provided to the client via a Set-Cookie header. An unauthenticated attacker could inject arbitrary values, including potentially malicious PHP code, into a known local file location on the server. Craft CMS versions 5.7.5 and 4.15.3 have been released to address this vulnerability by implementing proper sanitization of return URLs before they are saved to the PHP session.

Vulnerability name

Craft CMS Code Injection Vulnerability

Product

Craft CMS Craft CMS

CVE-2024-56145 is a remote code execution (RCE) vulnerability affecting Craft CMS. It exists in versions 5.0.0-RC1 to 5.5.2 (excluding 5.5.2), 4.0.0-RC1 to 4.13.2 (excluding 4.13.2), and 3.0.0 to 3.9.14 (excluding 3.9.14). The vulnerability is triggered when the PHP configuration setting `register_argc_argv` is enabled, which is the default in the official Craft CMS docker image. An attacker can exploit this vulnerability to achieve unauthenticated remote code execution by manipulating paths such as `--templatesPath` or `--configPath`, forcing the CMS to load arbitrary files. A successful exploit could lead to complete system compromise, potentially through the use of template files loaded via FTP, bypassing the CMS's built-in sandboxing.

Vulnerability name

ASUS RT-AX55 Routers OS Command Injection Vulnerability

Product

ASUS RT-AX55 Routers

CVE-2023-39780 is a command injection vulnerability found in ASUS RT-AX55 routers, specifically version 3.0.0.4.386.51598. It allows authenticated attackers to execute arbitrary commands on the system. The vulnerability exists in the handling of user input, which enables attackers to inject and execute commands with elevated privileges. Successful exploitation of CVE-2023-39780 can lead to unauthorized actions and data breaches. Attackers have been observed exploiting this vulnerability, along with other authentication bypass techniques, to gain persistent access to ASUS routers, enabling SSH access and disabling logging to maintain a stealthy backdoor.

Vulnerability name

ASUS Routers Improper Authentication Vulnerability

Product

ASUS Routers

CVE-2021-32030 is an authentication bypass vulnerability affecting ASUS GT-AC2900 devices before version 3.0.0.4.386.42643 and Lyra Mini devices before version 3.0.0.4_384_46630. The vulnerability stems from how the administrator application processes remote input from unauthenticated users. Specifically, the vulnerability allows an attacker to gain unauthorized access to the administrator interface. This is because an attacker-supplied null byte ('\0') can match the device's default null byte value in certain situations during the authentication process. Successful exploitation could allow attackers to modify router settings, intercept network traffic, and potentially install malicious firmware.

Vulnerability name

Samsung MagicINFO 9 Server Path Traversal Vulnerability

Product

Samsung MagicINFO 9 Server

CVE-2025-4632 is a path traversal vulnerability affecting Samsung MagicINFO 9 Server versions before 21.1052. The vulnerability stems from an improper limitation of a pathname to a restricted directory, which allows attackers to write arbitrary files with system authority. This can lead to remote code execution if specially crafted JavaServer Pages (JSP) files are uploaded. The vulnerability has been actively exploited in the wild and is considered a patch bypass for CVE-2024-7399, another path traversal flaw in the same product. Exploitation of CVE-2025-4632 has been linked to the deployment of the Mirai botnet in some instances. Samsung has released software updates to address this vulnerability.

Vulnerability name

Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability

Product

Ivanti Endpoint Manager Mobile (EPMM)

CVE-2025-4428 is a remote code execution (RCE) vulnerability affecting Ivanti Endpoint Manager Mobile (EPMM). An authenticated attacker could exploit this vulnerability to execute arbitrary code on a vulnerable device. The vulnerability is associated with an open-source library integrated into EPMM. Ivanti released a security advisory on May 13, 2025, to address this vulnerability, along with an authentication bypass vulnerability (CVE-2025-4427). It was found that chaining the two vulnerabilities together could lead to unauthenticated remote code execution. Ivanti is aware of a limited number of customers whose systems have been exploited.

Vulnerability name

Ivanti Endpoint Manager Mobile (EPMM) Authentication Bypass Vulnerability

Product

Ivanti Endpoint Manager Mobile (EPMM)

CVE-2025-4427 is an authentication bypass vulnerability found in Ivanti Endpoint Manager Mobile (EPMM) version 12.5.0.0 and prior. It exists in the API component of the software. This vulnerability allows attackers to access protected resources without proper credentials via the API.

Vulnerability name

Srimax Output Messenger Directory Traversal Vulnerability

Product

Srimax Output Messenger

CVE-2025-27920 is a directory traversal vulnerability that affects Output Messenger version 2.0.62 and earlier. This vulnerability allows authenticated attackers to upload malicious files into the server's startup directory by using "../" sequences in parameters to access files outside the intended directory. Successful exploitation of this vulnerability could allow attackers to access sensitive files, potentially leading to configuration leakage or arbitrary file access. It was discovered that a threat actor named Marbled Dust exploited this vulnerability in a cyber espionage campaign, targeting the Kurdish military operating in Iraq. Output Messenger released version 2.0.63 in late December 2024 to address this vulnerability.

Vulnerability name

Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability

Product

Synacor Zimbra Collaboration Suite (ZCS)

CVE-2024-27443 is a Cross-Site Scripting (XSS) vulnerability found in the CalendarInvite feature of the Zimbra Collaboration Suite (ZCS) classic webmail interface. This vulnerability exists because of improper input validation when handling the calendar header in email messages. An attacker can exploit this flaw by sending a specially crafted email containing a malicious calendar header with an embedded XSS payload. When a user views the email in the Zimbra classic web interface, the malicious code is executed within their browser, potentially allowing the attacker to compromise the user's session and execute arbitrary JavaScript code.

Vulnerability name

MDaemon Email Server Cross-Site Scripting (XSS) Vulnerability

Product

MDaemon Email Server

CVE-2024-11182 is a cross-site scripting (XSS) vulnerability found in MDaemon Email Server versions prior to 24.5.1c. The vulnerability arises from insufficient sanitization of user-supplied data when handling IMG tags in email messages. An attacker can exploit this vulnerability by sending a specially crafted HTML email containing JavaScript code within an `<img>` tag. If the recipient opens the email, the malicious JavaScript code could execute within the context of their webmail browser window, potentially leading to unauthorized actions or information disclosure.

Vulnerability name

ZKTeco BioTime Path Traversal Vulnerability

Product

ZKTeco BioTime

A path traversal vulnerability in the iclock API of ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read arbitrary files via supplying a crafted payload.

Vulnerability name

Google Chromium Loader Insufficient Policy Enforcement Vulnerability

Product

Google Chromium

CVE-2025-4664 is a vulnerability affecting Google Chrome's Loader component. The vulnerability stems from insufficient policy enforcement, which allows a remote attacker to potentially leak cross-origin data by using a crafted HTML page. The vulnerability was discovered by security researcher Vsevolod Kokorin (@slonser_) and reported on May 5, 2025. Google has released updates to address this issue in Chrome versions 136.0.7103.113/.114 for Windows and Mac, and 136.0.7103.113 for Linux. It is recommended that users update their Chrome browsers to these versions to mitigate the risk.

Vulnerability name

SAP NetWeaver Deserialization Vulnerability

Product

SAP NetWeaver

SAP NetWeaver Visual Composer Metadata Uploader is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability of the host system.

Vulnerability name

DrayTek Vigor Routers OS Command Injection Vulnerability

Product

DrayTek Vigor Routers

A vulnerability, which was classified as critical, was found in DrayTek Vigor2960 and Vigor300B 1.5.1.4. Affected is an unknown function of the file /cgi-bin/mainfunction.cgi/apmcfgupload of the component Web Management Interface. The manipulation of the argument session leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.5.1.5 is able to address this issue. It is recommended to upgrade the affected component.

Vulnerability name

Fortinet Multiple Products Stack-Based Buffer Overflow Vulnerability

Product

Fortinet Multiple Products

CVE-2025-32756 is a stack-based buffer overflow vulnerability that affects multiple Fortinet products, including FortiVoice, FortiMail, FortiNDR, FortiRecorder, and FortiCamera. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary code or commands by sending specially crafted HTTP requests. Fortinet has observed active exploitation of this vulnerability in the wild, specifically targeting FortiVoice systems. During the exploitation of CVE-2025-32756, threat actors have been observed performing network scans, deleting system crash logs to conceal their activity, and enabling 'fcgi debugging' to log credentials. Additionally, they have been seen deploying malware, establishing cron jobs to harvest credentials, and using scripts to conduct network reconnaissance on compromised devices.

Vulnerability name

Microsoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow Vulnerability

Product

Microsoft Windows

Improper input validation in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

Vulnerability name

Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability

Product

Microsoft Windows

Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

Vulnerability name

Microsoft Windows DWM Core Library Use-After-Free Vulnerability

Product

Microsoft Windows

Use after free in Windows DWM allows an authorized attacker to elevate privileges locally.

Vulnerability name

Microsoft Windows Scripting Engine Type Confusion Vulnerability

Product

Microsoft Windows

CVE-2025-30397 is a memory corruption vulnerability within the Microsoft Scripting Engine. Exploitation of this vulnerability could allow an attacker to execute arbitrary code on an affected system. To successfully exploit this vulnerability, a user must click on a specially crafted link, often delivered through a malicious website or script. The vulnerability stems from the scripting engine misinterpreting object types, leading to memory corruption. Notably, successful exploitation requires the target to be running Microsoft Edge in Internet Explorer mode. This vulnerability has been actively exploited in the wild as a zero-day.

Vulnerability name

Microsoft Windows Ancillary Function Driver for WinSock Use-After-Free Vulnerability

Product

Microsoft Windows

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Vulnerability name

TeleMessage TM SGNL Hidden Functionality Vulnerability

Product

TeleMessage TM SGNL

CVE-2025-47729 is a vulnerability found in the TeleMessage TM SGNL application. The archiving backend of TeleMessage stores cleartext copies of messages from TM SGNL app users. This differs from the vendor's documentation, which describes "End-to-End encryption from the mobile phone through to the corporate archive". This vulnerability was exploited in the wild in May 2025. The vulnerability means that unauthorized individuals with high-privilege access could potentially view sensitive message contents in plaintext. This could compromise user privacy and corporate communication confidentiality because the messages were expected to be securely encrypted.

Vulnerability name

GeoVision Devices OS Command Injection Vulnerability

Product

GeoVision Multiple Devices

Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device.

Vulnerability name

GeoVision Devices OS Command Injection Vulnerability

Product

GeoVision Multiple Devices

Certain EOL GeoVision devices have an OS Command Injection vulnerability. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device. Moreover, this vulnerability has already been exploited by attackers, and we have received related reports.

Vulnerability name

FreeType Out-of-Bounds Write Vulnerability

Product

FreeType FreeType

CVE-2025-27363 is a vulnerability found in FreeType versions 2.13.0 and below. It occurs when parsing font subglyph structures related to TrueType GX and variable font files. The issue stems from assigning a signed short value to an unsigned long, followed by adding a static value. This causes a wrap-around, resulting in a heap buffer that is too small being allocated. The vulnerability allows writing up to 6 signed long integers out of bounds relative to the undersized buffer. This out-of-bounds write can potentially lead to arbitrary code execution. It has been reported that this vulnerability may have been exploited in the wild.

Vulnerability name

Langflow Missing Authentication Vulnerability

Product

Langflow Langflow

CVE-2025-3248 is a code injection vulnerability that affects Langflow versions prior to 1.3.0. It exists in the `/api/v1/validate/code` endpoint, where a remote, unauthenticated attacker can send crafted HTTP requests to execute arbitrary code on the server. This vulnerability allows attackers to gain control of vulnerable Langflow servers without needing authentication. To remediate this vulnerability, users are advised to upgrade to Langflow version 1.3.0 or restrict network access to the application.

Vulnerability name

Commvault Command Center Path Traversal Vulnerability

Product

Commvault Command Center

CVE-2025-34028 is a vulnerability in Commvault Command Center Innovation Release that allows an unauthenticated attacker to upload ZIP files. This path traversal vulnerability can lead to remote code execution when the server expands these files. The vulnerability affects Command Center Innovation Release versions 11.38.0 through 11.38.19 and has been patched in version 11.38.20. The vulnerability exists in the "deployWebpackage.do" and "deployServiceCommcell.do" endpoints, which are excluded from authentication requirements. An attacker can exploit this by sending an HTTP request to these endpoints, triggering a Server-Side Request Forgery (SSRF) vulnerability. This allows the attacker to force the Commvault server to download a ZIP file from an external server, use path traversal to place files in restricted directories, and ultimately execute malicious code via the web interface.

Vulnerability name

Yiiframework Yii Improper Protection of Alternate Path Vulnerability

Product

Yiiframework Yii

CVE-2024-58136 is a vulnerability in Yii 2, a PHP framework, affecting versions prior to 2.0.52. It involves mishandling the attaching of behavior that is defined by an `__class` array key. This vulnerability is a regression of a previously patched issue, CVE-2024-4990. The vulnerability allows attackers to manipulate the behavior of Yii 2 web applications. It stems from improper type and configuration checks in Yii's use of PHP's `__set()` magic method and the `Yii::createObject()` function, potentially leading to the instantiation of arbitrary PHP classes with malicious arguments. This vulnerability was actively exploited between February and April 2025.

Vulnerability name

Apache HTTP Server Improper Escaping of Output Vulnerability

Product

Apache HTTP Server

CVE-2024-38475 involves improper output escaping in the `mod_rewrite` module of the Apache HTTP Server, specifically in versions 2.4.59 and earlier. This flaw allows an attacker to map URLs to filesystem locations that the server is permitted to serve but are not intended to be directly accessible. This vulnerability can lead to code execution or source code disclosure. The issue arises when substitutions in the server context use backreferences or variables as the initial segment of the substitution. While the fix might break some existing RewriteRules, the "UnsafePrefixStat" flag can be used to revert to the previous behavior if the substitution is appropriately constrained.

Vulnerability name

SonicWall SMA100 Appliances OS Command Injection Vulnerability

Product

SonicWall SMA100 Appliances

CVE-2023-44221 is a command injection vulnerability found in the SMA100 SSL-VPN management interface. It allows a remote, authenticated attacker with administrative privileges to inject arbitrary commands. These commands are executed as the "nobody" user, potentially leading to OS command injection. This vulnerability exists due to improper neutralization of special elements within the SMA100 SSL-VPN management interface. It is often exploited in conjunction with other vulnerabilities, such as CVE-2024-38475, to bypass authentication and gain administrative control over affected systems.

Vulnerability name

SAP NetWeaver Unrestricted File Upload Vulnerability

Product

SAP NetWeaver

CVE-2025-31324 is a vulnerability affecting SAP NetWeaver Visual Composer Metadata Uploader. The core issue is a missing authorization check, which allows unauthenticated attackers to upload potentially malicious executable binaries to the system. This vulnerability can be exploited by crafting malicious POST requests to deliver webshells, enabling attackers to execute system commands, upload unauthorized files, seize control of compromised systems, execute remote code, and potentially steal sensitive data.

Vulnerability name

Qualitia Active! Mail Stack-Based Buffer Overflow Vulnerability

Product

Qualitia Active! Mail

CVE-2025-42599 is a stack-based buffer overflow vulnerability found in Active! mail 6 BuildInfo version 6.60.05008561 and earlier. This vulnerability can be exploited by a remote, unauthenticated attacker sending a specially crafted request. Successful exploitation could lead to arbitrary code execution or a denial-of-service (DoS) condition.

Vulnerability name

Commvault Web Server Unspecified Vulnerability

Product

Commvault Web Server

CVE-2025-3928 is an unspecified vulnerability in the Commvault Web Server. It allows a remote, authenticated attacker to create and execute webshells on the affected server. The vulnerability can be exploited by any authenticated remote user, without requiring administrative privileges. CISA has added CVE-2025-3928 to its Known Exploited Vulnerabilities (KEV) catalog and recommends applying available vendor mitigations. Patches are available for Windows and Linux platforms in versions 11.36.46, 11.32.89, 11.28.141, and 11.20.217.

Vulnerability name

Broadcom Brocade Fabric OS Code Injection Vulnerability

Product

Broadcom Brocade Fabric OS

CVE-2025-1976 is a code injection vulnerability affecting Broadcom Brocade Fabric OS. It exists in versions 9.1.0 through 9.1.1d6. The vulnerability allows a local user with administrative privileges to execute arbitrary code with full root privileges due to a flaw in IP Address validation. This vulnerability is actively being exploited. To mitigate the risk, it is recommended to update to Brocade Fabric OS version 9.1.1d7, which contains a security update to address the flaw.

Vulnerability name

Apple Multiple Products Arbitrary Read and Write Vulnerability

Product

Apple Multiple Products

CVE-2025-31201 is a vulnerability in RPAC (Return Pointer Authentication Code), a security feature designed to prevent return-oriented programming attacks. The vulnerability allows an attacker with arbitrary read and write capabilities to bypass Pointer Authentication. Apple addressed this issue by removing the vulnerable code in tvOS 18.4.1, visionOS 2.4.1, iOS 18.4.1 and iPadOS 18.4.1, and macOS Sequoia 15.4.1. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS.

Vulnerability name

Apple Multiple Products Memory Corruption Vulnerability

Product

Apple Multiple Products

CVE-2025-31200 is a memory corruption vulnerability that exists in Apple's CoreAudio framework. This vulnerability can be triggered when processing an audio stream within a maliciously crafted media file. Successful exploitation of this vulnerability could allow for arbitrary code execution on the affected device. Apple has addressed this issue with improved bounds checking in tvOS 18.4.1, visionOS 2.4.1, iOS and iPadOS 18.4.1, and macOS Sequoia 15.4.1. It was reported that this vulnerability may have been exploited in targeted attacks against specific individuals.

Vulnerability name

Microsoft Windows NTLM Hash Disclosure Spoofing Vulnerability

Product

Microsoft Windows

CVE-2025-24054 is a vulnerability in Windows NTLM that involves external control of the file name or path, potentially allowing an unauthorized attacker to perform spoofing over a network. The vulnerability can be exploited using a maliciously crafted .library-ms file. Active exploitation of CVE-2025-24054 has been observed in the wild since March 19, 2025. Attackers can potentially leak NTLM hashes or user passwords, compromising systems. Exploitation can be triggered with minimal user interaction, such as right-clicking, dragging and dropping, or simply navigating to a folder containing the malicious file.

Vulnerability name

SonicWall SMA100 Appliances OS Command Injection Vulnerability

Product

SonicWall SMA100 Appliances

Improper neutralization of special elements in the SMA100 management interface allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user which potentially leads to DoS.

Vulnerability name

Linux Kernel Out-of-Bounds Access Vulnerability

Product

Linux Kernel

CVE-2024-53197 is a privilege escalation vulnerability found in the USB sub-component of the Linux kernel. It stems from improper handling of the `bNumConfigurations` value in the ALSA USB audio subsystem, which can lead to out-of-bounds memory accesses. This vulnerability could allow an attacker with physical access to the system, through a malicious USB device, to manipulate system memory, potentially escalating privileges or executing arbitrary code. It has been identified as being exploited in targeted attacks, including being part of an exploit chain used to compromise an Android phone in December 2024.

Vulnerability name

Linux Kernel Out-of-Bounds Read Vulnerability

Product

Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix out of bounds reads when finding clock sources The current USB-audio driver code doesn't check bLength of each descriptor at traversing for clock descriptors. That is, when a device provides a bogus descriptor with a shorter bLength, the driver might hit out-of-bounds reads. For addressing it, this patch adds sanity checks to the validator functions for the clock descriptor traversal. When the descriptor length is shorter than expected, it's skipped in the loop. For the clock source and clock multiplier descriptors, we can just check bLength against the sizeof() of each descriptor type. OTOH, the clock selector descriptor of UAC2 and UAC3 has an array of bNrInPins elements and two more fields at its tail, hence those have to be checked in addition to the sizeof() check.

Vulnerability name

Gladinet CentreStack Use of Hard-coded Cryptographic Key Vulnerability

Product

Gladinet CentreStack

CVE-2025-30406 is a vulnerability affecting Gladinet CentreStack, a cloud-based enterprise file-sharing platform. It stems from the use of a hard-coded cryptographic key within the application's web configuration files (web.config). This key is used for ViewState integrity verification. Successful exploitation of this flaw allows an attacker to forge ViewState payloads. This enables server-side deserialization, ultimately leading to remote code execution. The vulnerability is classified as CWE-321, which highlights the risks associated with using hard-coded cryptographic keys.

Vulnerability name

CrushFTP Authentication Bypass Vulnerability

Product

CrushFTP CrushFTP

CVE-2025-31161 is a critical authentication bypass vulnerability found in CrushFTP versions 10.0.0 through 10.8.3 and 11.0.0 through 11.3.0. It stems from a flaw in the AWS4-HMAC authorization method within the HTTP component, allowing remote attackers to gain unauthorized access to systems running unpatched versions of the software via unauthenticated HTTP requests. The vulnerability allows attackers to impersonate any known or guessable user, including the "crushadmin" account, by sending a manipulated Authorization header. The server initially verifies user existence without requiring a password, enabling session authentication through HMAC verification before a subsequent user verification check. This bypass can lead to a full compromise of the system by obtaining an administrative account.